[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. 2020/08/08 09:08:51 parsed 1 programs 2020/08/08 09:08:52 executed programs: 0 syzkaller login: [ 1046.126543][ T6839] IPVS: ftp: loaded support on port[0] = 21 [ 1046.223400][ T6839] chnl_net:caif_netlink_parms(): no params data found [ 1046.270239][ T6839] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.278320][ T6839] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.287193][ T6839] device bridge_slave_0 entered promiscuous mode [ 1046.295658][ T6839] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.302735][ T6839] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.311008][ T6839] device bridge_slave_1 entered promiscuous mode [ 1046.329725][ T6839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1046.340260][ T6839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1046.361363][ T6839] team0: Port device team_slave_0 added [ 1046.368405][ T6839] team0: Port device team_slave_1 added [ 1046.384421][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1046.391358][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.418351][ T6839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1046.430842][ T6839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1046.438331][ T6839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.464752][ T6839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1046.489773][ T6839] device hsr_slave_0 entered promiscuous mode [ 1046.496391][ T6839] device hsr_slave_1 entered promiscuous mode [ 1046.579889][ T6839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1046.589459][ T6839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1046.600530][ T6839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1046.609755][ T6839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1046.630224][ T6839] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.637341][ T6839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.645029][ T6839] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.652070][ T6839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.691439][ T6839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1046.703267][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1046.713452][ T6809] bridge0: port 1(bridge_slave_0) entered disabled state [ 1046.722799][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.730865][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1046.743362][ T6839] 8021q: adding VLAN 0 to HW filter on device team0 [ 1046.755208][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1046.763488][ T2544] bridge0: port 1(bridge_slave_0) entered blocking state [ 1046.770602][ T2544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1046.796197][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1046.805543][ T2544] bridge0: port 2(bridge_slave_1) entered blocking state [ 1046.812613][ T2544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1046.820901][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1046.830173][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1046.838635][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1046.849283][ T6839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1046.861468][ T6839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1046.870455][ T7051] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1046.878208][ T7051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1046.895634][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1046.902975][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1046.918690][ T6839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1046.935497][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1046.953251][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1046.962188][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1046.970337][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1046.980735][ T6839] device veth0_vlan entered promiscuous mode [ 1046.991726][ T6839] device veth1_vlan entered promiscuous mode [ 1047.010398][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1047.018977][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1047.027598][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1047.038074][ T6839] device veth0_macvtap entered promiscuous mode [ 1047.047981][ T6839] device veth1_macvtap entered promiscuous mode [ 1047.064008][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1047.071484][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1047.081080][ T6809] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1047.092421][ T6839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1047.100696][ T2544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1047.112351][ T6839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1047.121564][ T6839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1047.130349][ T6839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1047.139560][ T6839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1050.284636][ T2544] Bluetooth: hci0: command 0x0409 tx timeout 2020/08/08 09:08:57 executed programs: 4 [ 1052.355148][ T2544] Bluetooth: hci0: command 0x041b tx timeout [ 1054.434270][ T2544] Bluetooth: hci0: command 0x040f tx timeout [ 1056.514438][ T6969] Bluetooth: hci0: command 0x0419 tx timeout 2020/08/08 09:09:03 executed programs: 11 [ 1058.594301][ T7051] Bluetooth: hci0: command 0x0405 tx timeout 2020/08/08 09:09:09 executed programs: 18 2020/08/08 09:09:14 executed programs: 25 2020/08/08 09:09:20 executed programs: 32 [ 1077.076235][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:09:26 executed programs: 39 2020/08/08 09:09:32 executed programs: 46 2020/08/08 09:09:37 executed programs: 53 [ 1094.365060][ T7051] ================================================================== [ 1094.373400][ T7051] BUG: KASAN: null-ptr-deref in l2cap_chan_put+0x23/0x1a0 [ 1094.380528][ T7051] Write of size 4 at addr 0000000000000018 by task kworker/0:3/7051 [ 1094.388494][ T7051] [ 1094.390838][ T7051] CPU: 0 PID: 7051 Comm: kworker/0:3 Not tainted 5.8.0-syzkaller #0 [ 1094.398805][ T7051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1094.408883][ T7051] Workqueue: events l2cap_chan_timeout [ 1094.414337][ T7051] Call Trace: [ 1094.417681][ T7051] dump_stack+0x1f0/0x31e [ 1094.422042][ T7051] kasan_report+0x151/0x1d0 [ 1094.426546][ T7051] ? l2cap_chan_put+0x23/0x1a0 [ 1094.431308][ T7051] ? lockdep_hardirqs_on_prepare+0x445/0x6a0 [ 1094.437268][ T7051] check_memory_region+0x2b5/0x2f0 [ 1094.442357][ T7051] l2cap_chan_put+0x23/0x1a0 [ 1094.446925][ T7051] l2cap_sock_kill+0xbd/0x160 [ 1094.451723][ T7051] l2cap_chan_timeout+0x165/0x1e0 [ 1094.456832][ T7051] process_one_work+0x789/0xfc0 [ 1094.461671][ T7051] worker_thread+0xaa4/0x1460 [ 1094.466407][ T7051] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 1094.472205][ T7051] kthread+0x37e/0x3a0 [ 1094.476253][ T7051] ? rcu_lock_release+0x20/0x20 [ 1094.481082][ T7051] ? kthread_blkcg+0xd0/0xd0 [ 1094.485747][ T7051] ret_from_fork+0x1f/0x30 [ 1094.490157][ T7051] ================================================================== [ 1094.498190][ T7051] Disabling lock debugging due to kernel taint [ 1094.504708][ T7051] Kernel panic - not syncing: panic_on_warn set ... [ 1094.511296][ T7051] CPU: 0 PID: 7051 Comm: kworker/0:3 Tainted: G B 5.8.0-syzkaller #0 [ 1094.520656][ T7051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1094.530705][ T7051] Workqueue: events l2cap_chan_timeout [ 1094.536132][ T7051] Call Trace: [ 1094.539398][ T7051] dump_stack+0x1f0/0x31e [ 1094.543768][ T7051] panic+0x264/0x7a0 [ 1094.547699][ T7051] ? trace_hardirqs_on+0x30/0x80 [ 1094.552613][ T7051] kasan_report+0x1c9/0x1d0 [ 1094.557108][ T7051] ? l2cap_chan_put+0x23/0x1a0 [ 1094.561849][ T7051] ? lockdep_hardirqs_on_prepare+0x445/0x6a0 [ 1094.567812][ T7051] check_memory_region+0x2b5/0x2f0 [ 1094.572904][ T7051] l2cap_chan_put+0x23/0x1a0 [ 1094.577480][ T7051] l2cap_sock_kill+0xbd/0x160 [ 1094.582144][ T7051] l2cap_chan_timeout+0x165/0x1e0 [ 1094.587150][ T7051] process_one_work+0x789/0xfc0 [ 1094.591985][ T7051] worker_thread+0xaa4/0x1460 [ 1094.596638][ T7051] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 1094.602418][ T7051] kthread+0x37e/0x3a0 [ 1094.606476][ T7051] ? rcu_lock_release+0x20/0x20 [ 1094.611299][ T7051] ? kthread_blkcg+0xd0/0xd0 [ 1094.615868][ T7051] ret_from_fork+0x1f/0x30 [ 1094.621345][ T7051] Kernel Offset: disabled [ 1094.625656][ T7051] Rebooting in 86400 seconds..