[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. 2020/08/18 07:45:46 parsed 1 programs 2020/08/18 07:45:46 executed programs: 0 syzkaller login: [ 672.075044][ T6857] IPVS: ftp: loaded support on port[0] = 21 [ 672.237366][ T6857] chnl_net:caif_netlink_parms(): no params data found [ 672.287068][ T6857] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.295815][ T6857] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.304671][ T6857] device bridge_slave_0 entered promiscuous mode [ 672.313453][ T6857] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.321156][ T6857] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.328778][ T6857] device bridge_slave_1 entered promiscuous mode [ 672.348019][ T6857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 672.359182][ T6857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 672.380735][ T6857] team0: Port device team_slave_0 added [ 672.387859][ T6857] team0: Port device team_slave_1 added [ 672.404663][ T6857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 672.411946][ T6857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 672.438736][ T6857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 672.451672][ T6857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 672.458599][ T6857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 672.485265][ T6857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 672.511815][ T6857] device hsr_slave_0 entered promiscuous mode [ 672.518414][ T6857] device hsr_slave_1 entered promiscuous mode [ 672.608269][ T6857] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 672.617846][ T6857] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 672.634259][ T6857] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 672.644893][ T6857] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 672.668688][ T6857] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.675852][ T6857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 672.683554][ T6857] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.690667][ T6857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 672.733603][ T6857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 672.746434][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 672.757960][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state [ 672.766270][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.774306][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 672.787377][ T6857] 8021q: adding VLAN 0 to HW filter on device team0 [ 672.798676][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 672.807158][ T2671] bridge0: port 1(bridge_slave_0) entered blocking state [ 672.814267][ T2671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 672.831408][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 672.839786][ T6835] bridge0: port 2(bridge_slave_1) entered blocking state [ 672.846805][ T6835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 672.868604][ T6857] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 672.879198][ T6857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 672.893705][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 672.902797][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 672.911603][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 672.922013][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 672.930326][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 672.937870][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 672.955918][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 672.963727][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 672.976254][ T6857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.994400][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 673.014096][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 673.022267][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 673.030918][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 673.042086][ T6857] device veth0_vlan entered promiscuous mode [ 673.053700][ T6857] device veth1_vlan entered promiscuous mode [ 673.073400][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 673.081598][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 673.091187][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 673.102116][ T6857] device veth0_macvtap entered promiscuous mode [ 673.111789][ T6857] device veth1_macvtap entered promiscuous mode [ 673.128075][ T6857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 673.136327][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 673.146511][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 673.159010][ T6857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 673.166600][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 673.177848][ T6857] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.187858][ T6857] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.196608][ T6857] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 673.205366][ T6857] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.100261][ T6998] Bluetooth: hci0: command 0x0409 tx timeout 2020/08/18 07:45:51 executed programs: 95 [ 676.179619][ T7078] Bluetooth: hci0: command 0x041b tx timeout [ 678.259502][ T12] Bluetooth: hci0: command 0x040f tx timeout [ 680.339141][ T2671] Bluetooth: hci0: command 0x0419 tx timeout 2020/08/18 07:45:56 executed programs: 302 2020/08/18 07:46:01 executed programs: 493 2020/08/18 07:46:06 executed programs: 685 2020/08/18 07:46:11 executed programs: 881 2020/08/18 07:46:16 executed programs: 1077 2020/08/18 07:46:21 executed programs: 1282 2020/08/18 07:46:26 executed programs: 1480 2020/08/18 07:46:31 executed programs: 1675 2020/08/18 07:46:36 executed programs: 1865 2020/08/18 07:46:41 executed programs: 2061 2020/08/18 07:46:46 executed programs: 2240 2020/08/18 07:46:51 executed programs: 2426 2020/08/18 07:46:56 executed programs: 2619 2020/08/18 07:47:01 executed programs: 2799 2020/08/18 07:47:06 executed programs: 2995 2020/08/18 07:47:11 executed programs: 3183 2020/08/18 07:47:16 executed programs: 3367 2020/08/18 07:47:21 executed programs: 3553 2020/08/18 07:47:26 executed programs: 3743 2020/08/18 07:47:31 executed programs: 3937 2020/08/18 07:47:36 executed programs: 4116 2020/08/18 07:47:41 executed programs: 4316 2020/08/18 07:47:46 executed programs: 4503 [ 795.212236][ T6998] Bluetooth: hci0: command 0x0406 tx timeout 2020/08/18 07:47:51 executed programs: 4688 2020/08/18 07:47:56 executed programs: 4875 2020/08/18 07:48:01 executed programs: 5062 [ 806.842236][T25000] mm ffff88808f2d4200 mmap ffff8880a45de000 seqnum 0 task_size 4294959104 [ 806.842236][T25000] get_unmapped_area ffffffff8129caa0 [ 806.842236][T25000] mmap_base 140035228065792 mmap_legacy_base 47597567102976 highest_vm_end 4292427776 [ 806.842236][T25000] pgd ffff88809544b000 mm_users 2 mm_count 2 pgtables_bytes 49152 map_count 17 [ 806.842236][T25000] hiwater_rss 17 hiwater_vm 38ba total_vm 38db locked_vm 0 [ 806.842236][T25000] pinned_vm 0 data_vm 23a2 exec_vm 110 stack_vm 21 [ 806.842236][T25000] start_code 8048000 end_code 8155d4a start_data 8160000 end_data 8160000 [ 806.842236][T25000] start_brk aad6000 brk aaf8000 start_stack ffd92e00 [ 806.842236][T25000] arg_start ffd93e9e arg_end ffd93eb3 env_start ffd93eb3 env_end ffd93fe3 [ 806.842236][T25000] binfmt ffffffff89cdcb80 flags cd core_state ffffc900042c7bd0 [ 806.842236][T25000] ioctx_table 0000000000000000 [ 806.842236][T25000] owner ffff888097ee4340 exe_file ffff8880a32edd40 [ 806.935051][T25000] ------------[ cut here ]------------ [ 806.940599][T25000] kernel BUG at mm/khugepaged.c:469! [ 806.961422][T25000] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 806.967511][T25000] CPU: 0 PID: 25000 Comm: syz-executor.0 Not tainted 5.9.0-rc1-syzkaller #0 [ 806.976160][T25000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.986336][T25000] RIP: 0010:__khugepaged_enter+0x306/0x3d0 [ 806.992156][T25000] Code: e4 49 81 fe c0 b3 c9 89 74 2a e8 c5 75 bb ff 44 89 e0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 b2 75 bb ff 48 89 ef e8 ea d5 e9 ff <0f> 0b 41 bc f4 ff ff ff eb d6 e8 9b 75 bb ff 31 c9 ba 01 00 00 00 [ 807.011734][T25000] RSP: 0018:ffffc90004187cc0 EFLAGS: 00010286 [ 807.017788][T25000] RAX: 000000000000034d RBX: 0000000000000002 RCX: 0000000000000000 [ 807.025732][T25000] RDX: ffff888097ee4340 RSI: ffffffff815dafc7 RDI: fffff52000830f37 [ 807.033681][T25000] RBP: ffff88808f2d4200 R08: 000000000000034d R09: ffff8880ae6318e7 [ 807.041623][T25000] R10: 0000000000000000 R11: 000000000009ed38 R12: ffff888095c52b00 [ 807.049567][T25000] R13: ffff88808f2d425c R14: 0000000020000000 R15: ffffc90004187df8 [ 807.057512][T25000] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:000000000aad6900 [ 807.066429][T25000] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 807.072983][T25000] CR2: 0000000020001240 CR3: 000000009544b000 CR4: 00000000001506f0 [ 807.080930][T25000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 807.088872][T25000] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 807.096813][T25000] Call Trace: [ 807.100083][T25000] do_huge_pmd_anonymous_page+0xaa1/0x2230 [ 807.105931][T25000] handle_mm_fault+0x369d/0x4590 [ 807.110845][T25000] ? apply_to_existing_page_range+0x40/0x40 [ 807.116711][T25000] ? vmacache_update+0xce/0x140 [ 807.121598][T25000] do_user_addr_fault+0x598/0xbf0 [ 807.126670][T25000] exc_page_fault+0xa8/0x160 [ 807.131264][T25000] ? asm_exc_page_fault+0x8/0x30 [ 807.136176][T25000] asm_exc_page_fault+0x1e/0x30 [ 807.141002][T25000] RIP: 0023:0x8070c86 [ 807.144957][T25000] Code: 03 76 37 f7 c6 03 00 00 00 74 16 a4 49 f7 c6 03 00 00 00 74 0c a4 49 f7 c6 03 00 00 00 74 02 a4 49 50 89 c8 c1 e9 02 83 e0 03 a5 89 c1 f3 a4 58 89 c7 89 d6 8b 44 24 04 c3 d1 e9 73 01 a4 d1 [ 807.164550][T25000] RSP: 002b:00000000ffd928a8 EFLAGS: 00010206 [ 807.170606][T25000] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000001 [ 807.178552][T25000] RDX: 0000000000000000 RSI: 0000000008ba00b0 RDI: 0000000020001240 [ 807.186495][T25000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 807.194437][T25000] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 807.202380][T25000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 807.210324][T25000] Modules linked in: [ 807.221277][T25000] ---[ end trace 5cee1b81f1c3e279 ]--- [ 807.226958][T25000] RIP: 0010:__khugepaged_enter+0x306/0x3d0 [ 807.233268][T25000] Code: e4 49 81 fe c0 b3 c9 89 74 2a e8 c5 75 bb ff 44 89 e0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 b2 75 bb ff 48 89 ef e8 ea d5 e9 ff <0f> 0b 41 bc f4 ff ff ff eb d6 e8 9b 75 bb ff 31 c9 ba 01 00 00 00 [ 807.253214][T25000] RSP: 0018:ffffc90004187cc0 EFLAGS: 00010286 [ 807.259308][T25000] RAX: 000000000000034d RBX: 0000000000000002 RCX: 0000000000000000 [ 807.267894][T25000] RDX: ffff888097ee4340 RSI: ffffffff815dafc7 RDI: fffff52000830f37 [ 807.276168][T25000] RBP: ffff88808f2d4200 R08: 000000000000034d R09: ffff8880ae6318e7 [ 807.284767][T25000] R10: 0000000000000000 R11: 000000000009ed38 R12: ffff888095c52b00 [ 807.293070][T25000] R13: ffff88808f2d425c R14: 0000000020000000 R15: ffffc90004187df8 [ 807.301025][T25000] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:000000000aad6900 [ 807.310435][T25000] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 807.317305][T25000] CR2: 00007f593110c000 CR3: 000000009544b000 CR4: 00000000001506f0 [ 807.325569][T25000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 807.333863][T25000] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 807.342342][T25000] Kernel panic - not syncing: Fatal exception [ 807.349643][T25000] Kernel Offset: disabled [ 807.353950][T25000] Rebooting in 86400 seconds..