[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.65' (ECDSA) to the list of known hosts. 2021/10/17 23:07:06 parsed 1 programs syzkaller login: [ 67.152444][ T6539] cgroup: Unknown subsys name 'net' [ 67.164350][ T6539] cgroup: Unknown subsys name 'rlimit' 2021/10/17 23:07:06 executed programs: 0 [ 68.733939][ T6552] chnl_net:caif_netlink_parms(): no params data found [ 68.824847][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.833056][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.841486][ T6552] device bridge_slave_0 entered promiscuous mode [ 68.851944][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.859278][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.866965][ T6552] device bridge_slave_1 entered promiscuous mode [ 68.899783][ T6552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.910641][ T6552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.943571][ T6552] team0: Port device team_slave_0 added [ 68.951650][ T6552] team0: Port device team_slave_1 added [ 68.978611][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.985668][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.013296][ T6552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.026415][ T6552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.034037][ T6552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.060735][ T6552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.097945][ T6552] device hsr_slave_0 entered promiscuous mode [ 69.105083][ T6552] device hsr_slave_1 entered promiscuous mode [ 69.225744][ T6552] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.235886][ T6552] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.249621][ T6552] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.260645][ T6552] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.282637][ T6552] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.289808][ T6552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.297564][ T6552] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.304615][ T6552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.350359][ T6552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.364430][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.375554][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.384798][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.393613][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 69.406405][ T6552] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.429228][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.438019][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.445719][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.454042][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.462960][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.470053][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.481510][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.490147][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.510631][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.519224][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.529041][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.541813][ T6552] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.559565][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.566945][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.581724][ T6552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.600754][ T2967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.620412][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.629847][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.638687][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.649311][ T6552] device veth0_vlan entered promiscuous mode [ 69.662243][ T6552] device veth1_vlan entered promiscuous mode [ 69.682590][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.690970][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.699889][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.712899][ T6552] device veth0_macvtap entered promiscuous mode [ 69.726647][ T6552] device veth1_macvtap entered promiscuous mode [ 69.744365][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.753868][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.763759][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.776531][ T6552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.784175][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.793716][ T1265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.804780][ T6552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.813882][ T6552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.822895][ T6552] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.832277][ T6552] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.914944][ T158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.934941][ T158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.944448][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.982299][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.991327][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.002472][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.047969][ T6906] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 70.589159][ T2967] Bluetooth: hci0: command 0x0409 tx timeout [ 71.000214][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.006771][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.762318][ T7033] ------------[ cut here ]------------ [ 71.768036][ T7033] jump label: negative count! [ 71.772883][ T7033] WARNING: CPU: 1 PID: 7033 at kernel/jump_label.c:235 static_key_slow_try_dec+0xca/0xe0 [ 71.784295][ T7033] Modules linked in: [ 71.788588][ T7033] CPU: 0 PID: 7033 Comm: syz-executor.0 Not tainted 5.15.0-rc5-syzkaller #0 [ 71.798905][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.809722][ T7033] RIP: 0010:static_key_slow_try_dec+0xca/0xe0 [ 71.815869][ T7033] Code: 5d c3 e8 79 57 dc ff 45 31 ed 5b 44 89 e8 5d 41 5c 41 5d c3 44 89 e5 eb 8e e8 62 57 dc ff 48 c7 c7 60 fb 94 89 e8 f2 10 59 07 <0f> 0b eb c5 48 89 df e8 1a ae 23 00 e9 6a ff ff ff 0f 1f 44 00 00 [ 71.837194][ T7033] RSP: 0018:ffffc90003d3f960 EFLAGS: 00010282 [ 71.843330][ T7033] RAX: 0000000000000000 RBX: ffffffff8d6e6ee0 RCX: 0000000000000000 [ 71.852147][ T7033] RDX: ffff8880149db900 RSI: ffffffff815e88a8 RDI: fffff520007a7f1e [ 71.860759][ T7033] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 71.869536][ T7033] R10: ffffffff815e264e R11: 0000000000000000 R12: 00000000ffffffff [ 71.879183][ T7033] R13: 0000000000000001 R14: ffff888069079118 R15: 0000000000000040 [ 71.887682][ T7033] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0063) knlGS:00000000f667fb40 [ 71.896698][ T7033] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 71.903845][ T7033] CR2: 00000000f665edb0 CR3: 000000007298c000 CR4: 00000000003526e0 [ 71.912171][ T7033] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.920661][ T7033] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.929461][ T7033] Call Trace: [ 71.929476][ T7033] __static_key_slow_dec_deferred+0x60/0x100 [ 71.929511][ T7033] kvm_free_lapic+0x144/0x1a0 [ 71.929538][ T7033] kvm_arch_vcpu_create+0x8fd/0xc70 [ 71.929570][ T7033] kvm_vm_ioctl+0x137f/0x23d0 [ 71.954072][ T7033] ? kvm_unregister_device_ops+0x90/0x90 [ 71.961548][ T7033] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 71.968057][ T7033] ? lockdep_hardirqs_on+0x79/0x100 [ 71.973313][ T7033] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 71.980777][ T7033] ? find_held_lock+0x2d/0x110 [ 71.985595][ T7033] ? tomoyo_path_number_perm+0x204/0x590 [ 71.992077][ T7033] ? lock_downgrade+0x6e0/0x6e0 [ 71.996986][ T7033] ? tomoyo_path_number_perm+0x441/0x590 [ 72.003166][ T7033] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.010113][ T7033] ? tomoyo_path_number_perm+0x24e/0x590 [ 72.015761][ T7033] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 72.021726][ T7033] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 72.028021][ T7033] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.034281][ T7033] ? do_vfs_ioctl+0x132/0x15d0 [ 72.039124][ T7033] ? vfs_fileattr_set+0xbe0/0xbe0 [ 72.044168][ T7033] kvm_vm_compat_ioctl+0x288/0x350 [ 72.049443][ T7033] ? kvm_vm_ioctl+0x23d0/0x23d0 [ 72.054308][ T7033] ? find_held_lock+0x2d/0x110 [ 72.060057][ T7033] ? __fget_files+0x23d/0x3e0 [ 72.064758][ T7033] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.071412][ T7033] ? kvm_vm_ioctl+0x23d0/0x23d0 [ 72.076279][ T7033] __do_compat_sys_ioctl+0x1c7/0x290 [ 72.082197][ T7033] __do_fast_syscall_32+0x65/0xf0 [ 72.087636][ T7033] do_fast_syscall_32+0x2f/0x70 [ 72.092503][ T7033] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 72.099671][ T7033] RIP: 0023:0xf6e85549 [ 72.103804][ T7033] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 72.124871][ T7033] RSP: 002b:00000000f667f5fc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 72.134141][ T7033] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000ae41 [ 72.142334][ T7033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 72.150455][ T7033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 72.158670][ T7033] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 72.166653][ T7033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.174717][ T7033] Kernel panic - not syncing: panic_on_warn set ... [ 72.181295][ T7033] CPU: 1 PID: 7033 Comm: syz-executor.0 Not tainted 5.15.0-rc5-syzkaller #0 [ 72.189959][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.200002][ T7033] Call Trace: [ 72.203271][ T7033] dump_stack_lvl+0xcd/0x134 [ 72.207861][ T7033] panic+0x2b0/0x6dd [ 72.211747][ T7033] ? __warn_printk+0xf3/0xf3 [ 72.216335][ T7033] ? __warn.cold+0x1a/0x44 [ 72.220749][ T7033] ? static_key_slow_try_dec+0xca/0xe0 [ 72.226199][ T7033] __warn.cold+0x35/0x44 [ 72.230436][ T7033] ? wake_up_klogd.part.0+0x8e/0xd0 [ 72.235626][ T7033] ? static_key_slow_try_dec+0xca/0xe0 [ 72.241078][ T7033] report_bug+0x1bd/0x210 [ 72.245407][ T7033] handle_bug+0x3c/0x60 [ 72.249556][ T7033] exc_invalid_op+0x14/0x40 [ 72.254082][ T7033] asm_exc_invalid_op+0x12/0x20 [ 72.258934][ T7033] RIP: 0010:static_key_slow_try_dec+0xca/0xe0 [ 72.264996][ T7033] Code: 5d c3 e8 79 57 dc ff 45 31 ed 5b 44 89 e8 5d 41 5c 41 5d c3 44 89 e5 eb 8e e8 62 57 dc ff 48 c7 c7 60 fb 94 89 e8 f2 10 59 07 <0f> 0b eb c5 48 89 df e8 1a ae 23 00 e9 6a ff ff ff 0f 1f 44 00 00 [ 72.284602][ T7033] RSP: 0018:ffffc90003d3f960 EFLAGS: 00010282 [ 72.290661][ T7033] RAX: 0000000000000000 RBX: ffffffff8d6e6ee0 RCX: 0000000000000000 [ 72.298620][ T7033] RDX: ffff8880149db900 RSI: ffffffff815e88a8 RDI: fffff520007a7f1e [ 72.306581][ T7033] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 72.314549][ T7033] R10: ffffffff815e264e R11: 0000000000000000 R12: 00000000ffffffff [ 72.322506][ T7033] R13: 0000000000000001 R14: ffff888069079118 R15: 0000000000000040 [ 72.330471][ T7033] ? wake_up_klogd.part.0+0x8e/0xd0 [ 72.335669][ T7033] ? vprintk+0x88/0x90 [ 72.339738][ T7033] __static_key_slow_dec_deferred+0x60/0x100 [ 72.345716][ T7033] kvm_free_lapic+0x144/0x1a0 [ 72.350382][ T7033] kvm_arch_vcpu_create+0x8fd/0xc70 [ 72.355580][ T7033] kvm_vm_ioctl+0x137f/0x23d0 [ 72.360255][ T7033] ? kvm_unregister_device_ops+0x90/0x90 [ 72.365884][ T7033] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 72.371688][ T7033] ? lockdep_hardirqs_on+0x79/0x100 [ 72.376877][ T7033] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 72.382686][ T7033] ? find_held_lock+0x2d/0x110 [ 72.387444][ T7033] ? tomoyo_path_number_perm+0x204/0x590 [ 72.393069][ T7033] ? lock_downgrade+0x6e0/0x6e0 [ 72.397916][ T7033] ? tomoyo_path_number_perm+0x441/0x590 [ 72.403544][ T7033] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 72.409776][ T7033] ? tomoyo_path_number_perm+0x24e/0x590 [ 72.415401][ T7033] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 72.421207][ T7033] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 72.427093][ T7033] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 72.433342][ T7033] ? do_vfs_ioctl+0x132/0x15d0 [ 72.438101][ T7033] ? vfs_fileattr_set+0xbe0/0xbe0 [ 72.443121][ T7033] kvm_vm_compat_ioctl+0x288/0x350 [ 72.448226][ T7033] ? kvm_vm_ioctl+0x23d0/0x23d0 [ 72.453068][ T7033] ? find_held_lock+0x2d/0x110 [ 72.457834][ T7033] ? __fget_files+0x23d/0x3e0 [ 72.462505][ T7033] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.468739][ T7033] ? kvm_vm_ioctl+0x23d0/0x23d0 [ 72.473585][ T7033] __do_compat_sys_ioctl+0x1c7/0x290 [ 72.478869][ T7033] __do_fast_syscall_32+0x65/0xf0 [ 72.483902][ T7033] do_fast_syscall_32+0x2f/0x70 [ 72.488747][ T7033] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 72.495069][ T7033] RIP: 0023:0xf6e85549 [ 72.499124][ T7033] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 72.518724][ T7033] RSP: 002b:00000000f667f5fc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 72.527126][ T7033] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000ae41 [ 72.535084][ T7033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 72.543043][ T7033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 72.550998][ T7033] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 72.558954][ T7033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.567342][ T7033] Kernel Offset: disabled [ 72.571735][ T7033] Rebooting in 86400 seconds..