[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 87.745186][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 87.745198][ T27] audit: type=1800 audit(1583256618.620:29): pid=10395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 87.773961][ T27] audit: type=1800 audit(1583256618.620:30): pid=10395 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.244' (ECDSA) to the list of known hosts. 2020/03/03 17:30:27 parsed 1 programs 2020/03/03 17:30:29 executed programs: 0 syzkaller login: [ 99.062680][T10570] IPVS: ftp: loaded support on port[0] = 21 [ 99.123209][T10570] chnl_net:caif_netlink_parms(): no params data found [ 99.162351][T10570] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.170333][T10570] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.178664][T10570] device bridge_slave_0 entered promiscuous mode [ 99.188583][T10570] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.196118][T10570] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.204207][T10570] device bridge_slave_1 entered promiscuous mode [ 99.222435][T10570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.233740][T10570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.254008][T10570] team0: Port device team_slave_0 added [ 99.261446][T10570] team0: Port device team_slave_1 added [ 99.277173][T10570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.284440][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.310473][T10570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.323086][T10570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.330325][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.356511][T10570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.460018][T10570] device hsr_slave_0 entered promiscuous mode [ 99.518127][T10570] device hsr_slave_1 entered promiscuous mode [ 99.646258][T10570] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.681188][T10570] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.751033][T10570] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.810816][T10570] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.905199][T10570] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.912652][T10570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.920834][T10570] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.928032][T10570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.979213][T10570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.992444][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.003607][ T2903] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.013877][ T2903] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.022751][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 100.036750][T10570] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.048383][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.057027][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.064338][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.077296][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.086922][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.094104][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.119739][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.129662][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.146009][T10570] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 100.157947][T10570] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.171072][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.179720][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 100.189194][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.198481][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 100.207126][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.218772][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 100.236965][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 100.244726][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 100.259964][T10570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.280029][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 100.290118][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 100.312415][T10570] device veth0_vlan entered promiscuous mode [ 100.320151][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 100.329506][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 100.340178][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 100.349000][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 100.362279][T10570] device veth1_vlan entered promiscuous mode [ 100.385764][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 100.394635][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 100.403731][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 100.412511][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 100.423671][T10570] device veth0_macvtap entered promiscuous mode [ 100.436142][T10570] device veth1_macvtap entered promiscuous mode [ 100.455388][T10570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.464845][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 100.474047][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 100.482664][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 100.491683][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 100.504219][T10570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.512352][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 100.521910][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/03/03 17:30:34 executed programs: 101 2020/03/03 17:30:39 executed programs: 262 [ 109.420705][ T0] NOHZ: local_softirq_pending 08 2020/03/03 17:30:44 executed programs: 430 2020/03/03 17:30:49 executed programs: 596 2020/03/03 17:30:54 executed programs: 763 2020/03/03 17:30:59 executed programs: 925 2020/03/03 17:31:05 executed programs: 1090 2020/03/03 17:31:10 executed programs: 1261 2020/03/03 17:31:15 executed programs: 1423 2020/03/03 17:31:20 executed programs: 1593 2020/03/03 17:31:25 executed programs: 1761 2020/03/03 17:31:30 executed programs: 1928 [ 161.867637][T18500] ------------[ cut here ]------------ [ 161.873480][T18500] kernel BUG at drivers/dma-buf/dma-buf.c:99! [ 161.882028][T18500] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 161.888562][T18500] CPU: 1 PID: 18500 Comm: syz-executor.0 Not tainted 5.6.0-rc3-syzkaller #0 [ 161.898152][T18500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.908236][T18500] RIP: 0010:dma_buf_release+0x35b/0x420 [ 161.913780][T18500] Code: 00 00 e8 f8 d3 ec fc 4c 89 e7 45 31 e4 e8 ed 7a 35 fd e8 38 25 f7 fc 44 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 25 25 f7 fc <0f> 0b e8 1e 25 f7 fc 4c 89 ef e8 46 eb 00 00 eb 97 e8 0f 25 f7 fc [ 161.933381][T18500] RSP: 0018:ffffc9000296fdc8 EFLAGS: 00010293 [ 161.939448][T18500] RAX: ffff888094086300 RBX: 0000000000000004 RCX: ffffffff847e6fc5 [ 161.947435][T18500] RDX: 0000000000000000 RSI: ffffffff847e722b RDI: 0000000000000005 [ 161.955427][T18500] RBP: ffffc9000296fdf0 R08: ffff888094086300 R09: 0000000000000000 [ 161.963407][T18500] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808c6ec800 [ 161.971391][T18500] R13: ffff88808e6ecd7c R14: ffff88808e6ecd28 R15: ffff888097011940 [ 161.979500][T18500] FS: 0000000002b7b940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 161.988629][T18500] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 161.995216][T18500] CR2: 00000000008a9e80 CR3: 00000000916f0000 CR4: 00000000001406e0 [ 162.003193][T18500] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 162.011546][T18500] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 162.019638][T18500] Call Trace: [ 162.022961][T18500] __fput+0x2ff/0x890 [ 162.026964][T18500] ? dma_buf_vunmap+0x220/0x220 [ 162.031823][T18500] ____fput+0x16/0x20 [ 162.035822][T18500] task_work_run+0x145/0x1c0 [ 162.040486][T18500] exit_to_usermode_loop+0x316/0x380 [ 162.045947][T18500] do_syscall_64+0x676/0x790 [ 162.050672][T18500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 162.056575][T18500] RIP: 0033:0x416011 [ 162.060485][T18500] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 162.080845][T18500] RSP: 002b:00007fff23e39030 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 162.089846][T18500] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000416011 [ 162.098059][T18500] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000008 [ 162.106201][T18500] RBP: 0000000000000000 R08: 0000000000000000 R09: 01ffffffffffffff [ 162.114334][T18500] R10: 0000000000770938 R11: 0000000000000293 R12: 000000000076bf20 [ 162.122325][T18500] R13: 0000000000770948 R14: 0000000000000000 R15: 000000000076bf2c [ 162.130305][T18500] Modules linked in: [ 162.134930][T18500] ---[ end trace 432bc1955550b75d ]--- [ 162.140621][T18500] RIP: 0010:dma_buf_release+0x35b/0x420 [ 162.146174][T18500] Code: 00 00 e8 f8 d3 ec fc 4c 89 e7 45 31 e4 e8 ed 7a 35 fd e8 38 25 f7 fc 44 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 25 25 f7 fc <0f> 0b e8 1e 25 f7 fc 4c 89 ef e8 46 eb 00 00 eb 97 e8 0f 25 f7 fc [ 162.166694][T18500] RSP: 0018:ffffc9000296fdc8 EFLAGS: 00010293 [ 162.173078][T18500] RAX: ffff888094086300 RBX: 0000000000000004 RCX: ffffffff847e6fc5 [ 162.181221][T18500] RDX: 0000000000000000 RSI: ffffffff847e722b RDI: 0000000000000005 [ 162.189248][T18500] RBP: ffffc9000296fdf0 R08: ffff888094086300 R09: 0000000000000000 [ 162.197235][T18500] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808c6ec800 [ 162.205264][T18500] R13: ffff88808e6ecd7c R14: ffff88808e6ecd28 R15: ffff888097011940 [ 162.213836][T18500] FS: 0000000002b7b940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 162.222883][T18500] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.229542][T18500] CR2: 00000000008a9e80 CR3: 00000000916f0000 CR4: 00000000001406e0 [ 162.237766][T18500] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 162.245944][T18500] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 162.254186][T18500] Kernel panic - not syncing: Fatal exception [ 162.262008][T18500] Kernel Offset: disabled [ 162.266367][T18500] Rebooting in 86400 seconds..