[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.82' (ECDSA) to the list of known hosts. 2021/06/20 17:52:29 parsed 1 programs 2021/06/20 17:52:29 executed programs: 0 syzkaller login: [ 32.965230] IPVS: ftp: loaded support on port[0] = 21 [ 33.058012] chnl_net:caif_netlink_parms(): no params data found [ 33.130698] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.137719] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.145431] device bridge_slave_0 entered promiscuous mode [ 33.153089] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.159592] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.167288] device bridge_slave_1 entered promiscuous mode [ 33.188777] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 33.197468] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 33.215721] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 33.223483] team0: Port device team_slave_0 added [ 33.228792] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 33.236324] team0: Port device team_slave_1 added [ 33.250280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.256580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.281953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.293464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.299719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.325394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.336351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 33.343929] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 33.363077] device hsr_slave_0 entered promiscuous mode [ 33.368862] device hsr_slave_1 entered promiscuous mode [ 33.375213] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 33.382444] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 33.446552] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.452968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.459669] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.466181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.493914] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.499973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.509769] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.517934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.527378] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.534649] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.541930] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.552328] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 33.558371] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.567474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.576050] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.582429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.592192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.599984] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.606501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.624148] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.634291] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.645663] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.653175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.661286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.668668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.676813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.685106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.692017] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.704481] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.712545] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.719272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.729594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.742114] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.752494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.784998] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.792883] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.799285] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.809384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.818054] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.825227] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.834199] device veth0_vlan entered promiscuous mode [ 33.843692] device veth1_vlan entered promiscuous mode [ 33.849468] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.858400] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.869275] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.879800] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.888184] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.895868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.905052] device veth0_macvtap entered promiscuous mode [ 33.911743] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.919397] device veth1_macvtap entered promiscuous mode [ 33.928101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.937604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.948276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.955831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.964554] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.974199] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.981593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.078644] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 34.086121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.094232] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.108350] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 34.122389] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 34.129423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.137354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.144914] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.002235] Bluetooth: hci0: command 0x0409 tx timeout [ 35.550954] ------------[ cut here ]------------ [ 35.558410] Trying to vfree() nonexistent vm area (000000000c7258c2) [ 35.566320] WARNING: CPU: 0 PID: 8581 at mm/vmalloc.c:1515 __vunmap+0x332/0x3f0 [ 35.573826] Kernel panic - not syncing: panic_on_warn set ... [ 35.573826] [ 35.581266] CPU: 0 PID: 8581 Comm: syz-executor.0 Not tainted 4.19.195-syzkaller #0 [ 35.589030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.598446] Call Trace: [ 35.601048] dump_stack+0x1fc/0x2ef [ 35.604708] panic+0x26a/0x50e [ 35.607919] ? __warn_printk+0xf3/0xf3 [ 35.611811] ? __vunmap+0x332/0x3f0 [ 35.615425] ? __probe_kernel_read+0x130/0x1b0 [ 35.619986] ? __warn.cold+0x5/0x5a [ 35.623602] ? __warn+0xe4/0x200 [ 35.626943] ? __vunmap+0x332/0x3f0 [ 35.630550] __warn.cold+0x20/0x5a [ 35.634085] ? io_schedule_timeout+0x140/0x140 [ 35.638650] ? __vunmap+0x332/0x3f0 [ 35.642251] report_bug+0x262/0x2b0 [ 35.645859] do_error_trap+0x1d7/0x310 [ 35.649743] ? math_error+0x310/0x310 [ 35.653520] ? __irq_work_queue_local+0x101/0x160 [ 35.658344] ? irq_work_queue+0x29/0x80 [ 35.662875] ? error_entry+0x72/0xd0 [ 35.666915] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.671910] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.676825] invalid_op+0x14/0x20 [ 35.680264] RIP: 0010:__vunmap+0x332/0x3f0 [ 35.684473] Code: a9 d1 ff 4c 89 e6 48 c7 c7 c0 de 72 88 e8 66 07 61 06 0f 0b eb 94 e8 1d a9 d1 ff 4c 89 e6 48 c7 c7 20 df 72 88 e8 4e 07 61 06 <0f> 0b e9 79 ff ff ff 4c 89 ff e8 bf 75 07 00 e9 25 ff ff ff 48 8b [ 35.703353] RSP: 0018:ffff8880a93373b8 EFLAGS: 00010282 [ 35.708705] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 35.715946] RDX: 0000000000000000 RSI: ffffffff814dfc91 RDI: ffffed1015266e69 [ 35.723187] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 35.730450] R10: 0000000000000005 R11: 0000000000000000 R12: ffffc90001a31000 [ 35.737792] R13: fffffbfff164d906 R14: 0000607f45c74490 R15: ffffe8ffffc74490 [ 35.745049] ? vprintk_func+0x81/0x180 [ 35.748945] ? __vunmap+0x332/0x3f0 [ 35.752644] vfree+0x65/0x100 [ 35.755812] ipcomp_free_scratches+0xba/0x140 [ 35.760300] ipcomp_init_state+0x768/0xa00 [ 35.764520] ? check_preemption_disabled+0x41/0x280 [ 35.769511] ? lock_downgrade+0x720/0x720 [ 35.773641] ipcomp6_init_state+0xc2/0x5b0 [ 35.777858] __xfrm_init_state+0x555/0xd30 [ 35.782164] xfrm_add_sa+0x1db2/0x33f0 [ 35.786029] ? xfrm_send_migrate+0x920/0x920 [ 35.790416] ? nla_parse+0x1b2/0x290 [ 35.794106] ? xfrm_send_migrate+0x920/0x920 [ 35.798486] xfrm_user_rcv_msg+0x411/0x6b0 [ 35.802696] ? xfrm_dump_sa_done+0xe0/0xe0 [ 35.806907] ? mark_held_locks+0xf0/0xf0 [ 35.811032] ? kmem_cache_free+0x226/0x260 [ 35.815246] ? check_preemption_disabled+0x41/0x280 [ 35.820245] ? __dev_queue_xmit+0x15f5/0x2e00 [ 35.824768] ? __mutex_lock+0x365/0x1200 [ 35.828819] ? kfree_skbmem+0x140/0x140 [ 35.832779] netlink_rcv_skb+0x160/0x440 [ 35.836833] ? xfrm_dump_sa_done+0xe0/0xe0 [ 35.841064] ? netlink_ack+0xae0/0xae0 [ 35.844927] ? netlink_deliver_tap+0x22d/0xb00 [ 35.849489] ? lock_downgrade+0x720/0x720 [ 35.853613] xfrm_netlink_rcv+0x6b/0x90 [ 35.857560] netlink_unicast+0x4d5/0x690 [ 35.861594] ? netlink_sendskb+0x110/0x110 [ 35.865816] ? _copy_from_iter_full+0x229/0x7c0 [ 35.870460] ? __phys_addr_symbol+0x2c/0x70 [ 35.874769] ? __check_object_size+0x17b/0x3e0 [ 35.879328] netlink_sendmsg+0x6bb/0xc40 [ 35.883365] ? aa_af_perm+0x230/0x230 [ 35.887142] ? nlmsg_notify+0x1a0/0x1a0 [ 35.891111] ? kernel_recvmsg+0x220/0x220 [ 35.895336] ? nlmsg_notify+0x1a0/0x1a0 [ 35.899289] sock_sendmsg+0xc3/0x120 [ 35.902987] ___sys_sendmsg+0x7bb/0x8e0 [ 35.906960] ? copy_msghdr_from_user+0x440/0x440 [ 35.911705] ? __fget+0x32f/0x510 [ 35.915148] ? lock_downgrade+0x720/0x720 [ 35.919277] ? check_preemption_disabled+0x41/0x280 [ 35.924269] ? check_preemption_disabled+0x41/0x280 [ 35.929271] ? __fget+0x356/0x510 [ 35.932709] ? do_dup2+0x450/0x450 [ 35.936231] ? __fd_install+0x1b4/0x610 [ 35.940195] ? __fdget+0x1d0/0x230 [ 35.943712] __x64_sys_sendmsg+0x132/0x220 [ 35.947952] ? __sys_sendmsg+0x1b0/0x1b0 [ 35.951987] ? __se_sys_futex+0x298/0x3b0 [ 35.956114] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.961454] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.966457] ? do_syscall_64+0x21/0x620 [ 35.970409] do_syscall_64+0xf9/0x620 [ 35.974188] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.979368] RIP: 0033:0x4665d9 [ 35.982547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 36.001424] RSP: 002b:00007faf675da188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 36.009274] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 36.016525] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000003 [ 36.023777] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 36.031028] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 36.038362] R13: 00007fffd7b8da2f R14: 00007faf675da300 R15: 0000000000022000 [ 36.047029] Kernel Offset: disabled [ 36.050712] Rebooting in 86400 seconds..