[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 67.878679][ T27] audit: type=1800 audit(1583644043.202:25): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 67.899778][ T27] audit: type=1800 audit(1583644043.212:26): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 67.988189][ T27] audit: type=1800 audit(1583644043.212:27): pid=9443 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts. syzkaller login: [ 79.156182][ T9599] IPVS: ftp: loaded support on port[0] = 21 [ 79.212077][ T9599] chnl_net:caif_netlink_parms(): no params data found [ 79.253224][ T9599] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.260756][ T9599] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.268660][ T9599] device bridge_slave_0 entered promiscuous mode [ 79.277528][ T9599] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.284925][ T9599] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.292988][ T9599] device bridge_slave_1 entered promiscuous mode [ 79.311964][ T9599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.323208][ T9599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.344008][ T9599] team0: Port device team_slave_0 added [ 79.351633][ T9599] team0: Port device team_slave_1 added [ 79.367535][ T9599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.374574][ T9599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.400858][ T9599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.413571][ T9599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.420670][ T9599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.447225][ T9599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.522339][ T9599] device hsr_slave_0 entered promiscuous mode [ 79.560001][ T9599] device hsr_slave_1 entered promiscuous mode [ 79.697591][ T9599] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.763024][ T9599] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.821968][ T9599] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.861877][ T9599] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.925328][ T9599] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.932660][ T9599] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.940632][ T9599] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.947697][ T9599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.994913][ T9599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.009024][ T3415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.018828][ T3415] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.027831][ T3415] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.035985][ T3415] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.049028][ T9599] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.060968][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.069402][ T2827] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.076521][ T2827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.087409][ T3415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.096621][ T3415] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.103718][ T3415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.123023][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.132848][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.143814][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.160964][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.169205][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.180628][ T9599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.200057][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.207631][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.222013][ T9599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.242435][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 80.251948][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.276043][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 80.284996][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.294391][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.302852][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.313803][ T9599] device veth0_vlan entered promiscuous mode [ 80.326173][ T9599] device veth1_vlan entered promiscuous mode [ 80.347412][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 80.356194][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 80.365231][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 80.373803][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 80.384383][ T9599] device veth0_macvtap entered promiscuous mode [ 80.395068][ T9599] device veth1_macvtap entered promiscuous mode [ 80.412821][ T9599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.421597][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 80.430168][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 80.438132][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 80.447159][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.459439][ T9599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.467465][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.476783][ T2827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 80.748334][ T9599] infiniband syz1: set active [ 80.753813][ T9599] infiniband syz1: added vlan0 [ 80.785724][ T9599] general protection fault, probably for non-canonical address 0xdffffc0000000086: 0000 [#1] PREEMPT SMP KASAN [ 80.798957][ T9599] KASAN: null-ptr-deref in range [0x0000000000000430-0x0000000000000437] [ 80.807347][ T9599] CPU: 1 PID: 9599 Comm: syz-executor583 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 80.817207][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.827507][ T9599] RIP: 0010:rds_ib_add_one+0xbb/0xc80 [ 80.832864][ T9599] Code: 80 3c 02 00 0f 85 3a 0a 00 00 49 8b 9c 24 a8 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 30 04 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 4f [ 80.852449][ T9599] RSP: 0018:ffffc90002036fe0 EFLAGS: 00010202 [ 80.858493][ T9599] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff873e8c5a [ 80.866500][ T9599] RDX: 0000000000000086 RSI: ffffffff873e8c78 RDI: 0000000000000430 [ 80.874638][ T9599] RBP: 0000000000000001 R08: ffff88809fa6c200 R09: ffffed1012d1309c [ 80.883561][ T9599] R10: ffffed1012d1309b R11: ffff8880968984df R12: ffff888096898000 [ 80.891525][ T9599] R13: ffff888096898558 R14: ffff8880968984d0 R15: ffffffff873e8c00 [ 80.899504][ T9599] FS: 000000000205b880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 80.908432][ T9599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.915002][ T9599] CR2: 00007f0e0b394000 CR3: 00000000a8894000 CR4: 00000000001406e0 [ 80.922966][ T9599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.930977][ T9599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.938963][ T9599] Call Trace: [ 80.942239][ T9599] ? rds_ib_remove_one+0x280/0x280 [ 80.947328][ T9599] add_client_context+0x400/0x560 [ 80.952341][ T9599] ? ib_device_get_by_netdev+0x510/0x510 [ 80.957950][ T9599] ? rxe_enable_driver+0x63/0x90 [ 80.962955][ T9599] enable_device_and_get+0x1cd/0x3b0 [ 80.968220][ T9599] ? add_one_compat_dev+0x7e0/0x7e0 [ 80.973399][ T9599] ? rxe_ib_alloc_hw_stats+0xf9/0x130 [ 80.978762][ T9599] ib_register_device+0xa12/0xda0 [ 80.983772][ T9599] ? enable_device_and_get+0x3b0/0x3b0 [ 80.989206][ T9599] ? crypto_create_tfm+0x118/0x2f0 [ 80.994295][ T9599] ? crypto_alloc_tfm+0x124/0x340 [ 80.999293][ T9599] ? ib_device_set_netdev+0x499/0x680 [ 81.004645][ T9599] rxe_register_device+0x4fa/0x621 [ 81.009746][ T9599] rxe_add+0x1227/0x1664 [ 81.013987][ T9599] rxe_net_add+0x8c/0xe0 [ 81.018204][ T9599] rxe_newlink+0x34/0x90 [ 81.022428][ T9599] nldev_newlink+0x27f/0x400 [ 81.027016][ T9599] ? nldev_set_doit+0x3e0/0x3e0 [ 81.031886][ T9599] ? apparmor_capable+0x49c/0x8a0 [ 81.036892][ T9599] ? apparmor_capable+0x49c/0x8a0 [ 81.041902][ T9599] ? apparmor_cred_prepare+0x760/0x760 [ 81.047338][ T9599] ? apparmor_cred_prepare+0x760/0x760 [ 81.052786][ T9599] ? cap_capable+0x1eb/0x250 [ 81.057361][ T9599] ? ns_capable_common+0xe2/0x100 [ 81.062362][ T9599] ? nldev_set_doit+0x3e0/0x3e0 [ 81.067186][ T9599] rdma_nl_rcv+0x586/0x900 [ 81.071587][ T9599] ? rdma_nl_multicast+0x310/0x310 [ 81.076689][ T9599] ? netlink_deliver_tap+0x227/0xb50 [ 81.081991][ T9599] netlink_unicast+0x537/0x740 [ 81.086777][ T9599] ? netlink_attachskb+0x810/0x810 [ 81.092302][ T9599] ? _copy_from_iter_full+0x25c/0x870 [ 81.097677][ T9599] ? __phys_addr_symbol+0x2c/0x70 [ 81.102691][ T9599] ? __check_object_size+0x171/0x437 [ 81.107958][ T9599] netlink_sendmsg+0x882/0xe10 [ 81.112713][ T9599] ? aa_af_perm+0x260/0x260 [ 81.117197][ T9599] ? netlink_unicast+0x740/0x740 [ 81.122120][ T9599] ? netlink_unicast+0x740/0x740 [ 81.127050][ T9599] sock_sendmsg+0xcf/0x120 [ 81.131477][ T9599] ____sys_sendmsg+0x6b9/0x7d0 [ 81.136222][ T9599] ? kernel_sendmsg+0x50/0x50 [ 81.140877][ T9599] ? mark_lock+0xbc/0x1220 [ 81.145281][ T9599] ___sys_sendmsg+0x100/0x170 [ 81.149947][ T9599] ? lockdep_hardirqs_on+0x417/0x5d0 [ 81.155209][ T9599] ? sendmsg_copy_msghdr+0x70/0x70 [ 81.160302][ T9599] ? prep_transhuge_page+0xa0/0xa0 [ 81.165385][ T9599] ? pud_val+0x7c/0xf0 [ 81.169429][ T9599] ? pmd_val+0xf0/0xf0 [ 81.173480][ T9599] ? __lock_acquire+0x827/0x5270 [ 81.178396][ T9599] ? find_held_lock+0x2d/0x110 [ 81.183139][ T9599] ? do_page_fault+0x58b/0x12da [ 81.187967][ T9599] ? vm_insert_pages+0x6a0/0x6a0 [ 81.192880][ T9599] ? lock_downgrade+0x7f0/0x7f0 [ 81.197718][ T9599] ? __fget_light+0x1a5/0x270 [ 81.202375][ T9599] __sys_sendmsg+0xec/0x1b0 [ 81.206867][ T9599] ? __sys_sendmsg_sock+0xb0/0xb0 [ 81.211879][ T9599] ? trace_hardirqs_off_caller+0x55/0x230 [ 81.217587][ T9599] ? do_syscall_64+0x21/0x790 [ 81.222242][ T9599] do_syscall_64+0xf6/0x790 [ 81.227158][ T9599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.233031][ T9599] RIP: 0033:0x443499 [ 81.236901][ T9599] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.256496][ T9599] RSP: 002b:00007ffc34ba7298 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.264889][ T9599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443499 [ 81.272844][ T9599] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 81.280792][ T9599] RBP: 00007ffc34ba72b0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 81.288737][ T9599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.296692][ T9599] R13: 0000000000404a30 R14: 0000000000000000 R15: 0000000000000000 [ 81.304664][ T9599] Modules linked in: [ 81.314858][ T9599] ---[ end trace 592108792bfec2ba ]--- [ 81.320456][ T9599] RIP: 0010:rds_ib_add_one+0xbb/0xc80 [ 81.325829][ T9599] Code: 80 3c 02 00 0f 85 3a 0a 00 00 49 8b 9c 24 a8 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 30 04 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 4f [ 81.345466][ T9599] RSP: 0018:ffffc90002036fe0 EFLAGS: 00010202 [ 81.351609][ T9599] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff873e8c5a [ 81.359632][ T9599] RDX: 0000000000000086 RSI: ffffffff873e8c78 RDI: 0000000000000430 [ 81.367588][ T9599] RBP: 0000000000000001 R08: ffff88809fa6c200 R09: ffffed1012d1309c [ 81.376859][ T9599] R10: ffffed1012d1309b R11: ffff8880968984df R12: ffff888096898000 [ 81.384925][ T9599] R13: ffff888096898558 R14: ffff8880968984d0 R15: ffffffff873e8c00 [ 81.393578][ T9599] FS: 000000000205b880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 81.402546][ T9599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.409132][ T9599] CR2: 00007f0e0b394000 CR3: 00000000a8894000 CR4: 00000000001406e0 [ 81.417431][ T9599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.425432][ T9599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.433436][ T9599] Kernel panic - not syncing: Fatal exception [ 81.440729][ T9599] Kernel Offset: disabled [ 81.445057][ T9599] Rebooting in 86400 seconds..