[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2021/04/24 21:23:43 parsed 1 programs 2021/04/24 21:23:44 executed programs: 0 syzkaller login: [ 1585.252050] IPVS: ftp: loaded support on port[0] = 21 [ 1585.342477] chnl_net:caif_netlink_parms(): no params data found [ 1585.435427] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.442276] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.450320] device bridge_slave_0 entered promiscuous mode [ 1585.457395] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.464353] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.472131] device bridge_slave_1 entered promiscuous mode [ 1585.489499] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1585.499318] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1585.516537] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1585.523898] team0: Port device team_slave_0 added [ 1585.529885] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1585.537028] team0: Port device team_slave_1 added [ 1585.552310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1585.558675] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.584550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1585.596288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1585.602968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1585.628576] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1585.639544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1585.646829] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1585.666928] device hsr_slave_0 entered promiscuous mode [ 1585.672686] device hsr_slave_1 entered promiscuous mode [ 1585.680114] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1585.687036] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1585.752358] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.758824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.765573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.771969] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.801261] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1585.807342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1585.816783] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1585.825239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1585.834312] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.841662] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.849022] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1585.859456] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1585.865525] 8021q: adding VLAN 0 to HW filter on device team0 [ 1585.879443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1585.887069] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.893468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.900299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1585.908427] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.914765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.927031] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1585.934795] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1585.944398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1585.956689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1585.966416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1585.975564] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1585.981627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1585.994391] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 1586.002001] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1586.009155] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1586.019331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1586.031384] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 1586.040870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1586.074742] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 1586.082334] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 1586.089700] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 1586.100592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1586.108721] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1586.115511] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1586.124415] device veth0_vlan entered promiscuous mode [ 1586.133047] device veth1_vlan entered promiscuous mode [ 1586.139073] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 1586.147248] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 1586.158585] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 1586.167506] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1586.175307] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1586.182932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1586.192269] device veth0_macvtap entered promiscuous mode [ 1586.198802] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 1586.206530] device veth1_macvtap entered promiscuous mode [ 1586.216158] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 1586.225597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 1586.235464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1586.243418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1586.251970] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1586.262361] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1586.269541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1586.379189] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 1586.385980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1586.401724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1586.404364] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 1586.415829] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1586.416626] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1586.430594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1586.437589] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1586.471489] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.509593] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.544548] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.572908] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.605133] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.633057] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1586.660374] page:ffffea00024c7a00 count:0 mapcount:-128 mapping:0000000000000000 index:0x0 [ 1586.668921] flags: 0xfff00000000000() [ 1586.672708] raw: 00fff00000000000 ffffea00024fa608 ffff88813fffb8f8 0000000000000000 [ 1586.680630] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000 [ 1586.688555] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 1586.695852] ------------[ cut here ]------------ [ 1586.700595] kernel BUG at include/linux/mm.h:519! [ 1586.705486] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 1586.710845] CPU: 1 PID: 8374 Comm: syz-executor.0 Not tainted 4.19.188-syzkaller #0 [ 1586.718615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1586.727957] RIP: 0010:skb_release_data+0x3bf/0x920 [ 1586.732882] Code: 4d 0b fb e9 2a fe ff ff e8 fe 73 f2 fa 48 8d 6b ff e9 b5 fe ff ff e8 f0 73 f2 fa 48 c7 c6 a0 fd 4b 89 48 89 ef e8 41 f5 19 fb <0f> 0b 4c 8b 34 24 e8 d6 73 f2 fa 49 8d 7e 08 48 b8 00 00 00 00 00 [ 1586.751779] RSP: 0018:ffff8880ba1075e8 EFLAGS: 00010206 [ 1586.757122] RAX: ffff8880aa3e21c0 RBX: ffffea00024c7a34 RCX: 0000000000000000 [ 1586.764370] RDX: 0000000000000100 RSI: ffffffff866fe9df RDI: ffffea00024c7a38 [ 1586.771621] RBP: ffffea00024c7a00 R08: 000000000000003e R09: 0000000000000000 [ 1586.778891] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1586.786139] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880aa5ad530 [ 1586.793388] FS: 000000000237a400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 1586.801592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1586.807473] CR2: 0000000000000000 CR3: 00000000b3162000 CR4: 00000000001406e0 [ 1586.814741] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1586.822017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1586.829262] Call Trace: [ 1586.831824] [ 1586.833958] __kfree_skb+0x46/0x60 [ 1586.837477] tcp_write_queue_purge+0x24d/0x800 [ 1586.842039] tcp_reset+0xfe/0x490 [ 1586.845475] tcp_validate_incoming+0x117d/0x1670 [ 1586.850212] tcp_rcv_state_process+0xb7a/0x4c50 [ 1586.854862] ? tcp_finish_connect+0x500/0x500 [ 1586.859368] ? check_preemption_disabled+0x41/0x280 [ 1586.864362] ? check_preemption_disabled+0x41/0x280 [ 1586.869361] ? sk_filter_trim_cap+0x4c3/0x7d0 [ 1586.873836] tcp_v6_do_rcv+0x47c/0x1370 [ 1586.877802] tcp_v6_rcv+0x26b8/0x3990 [ 1586.881585] ? tcp_v6_syn_recv_sock+0x2310/0x2310 [ 1586.886425] ? check_preemption_disabled+0x41/0x280 [ 1586.891422] ip6_input_finish+0x46a/0x17a0 [ 1586.895637] ip6_input+0xcf/0x3c0 [ 1586.899066] ? ip6_input_finish+0x17a0/0x17a0 [ 1586.903539] ? ip6_sublist_rcv_finish+0x2c0/0x2c0 [ 1586.908366] ? lock_downgrade+0x720/0x720 [ 1586.912504] ip6_rcv_finish+0x1d9/0x2f0 [ 1586.916456] ipv6_rcv+0xf2/0x3f0 [ 1586.919816] ? ip6_sublist_rcv+0xbf0/0xbf0 [ 1586.924045] ? lock_downgrade+0x720/0x720 [ 1586.928169] ? lock_downgrade+0x720/0x720 [ 1586.932294] ? ip6_rcv_finish_core.constprop.0.isra.0+0x550/0x550 [ 1586.938513] ? mark_held_locks+0xf0/0xf0 [ 1586.942558] ? ip6_sublist_rcv+0xbf0/0xbf0 [ 1586.946775] __netif_receive_skb_one_core+0x114/0x180 [ 1586.951970] ? __netif_receive_skb_core+0x3270/0x3270 [ 1586.957141] ? lock_acquire+0x170/0x3c0 [ 1586.961120] ? process_backlog+0x1d0/0x700 [ 1586.965355] __netif_receive_skb+0x27/0x1c0 [ 1586.969666] process_backlog+0x241/0x700 [ 1586.973707] ? net_rx_action+0x260/0xfb0 [ 1586.977747] net_rx_action+0x4ac/0xfb0 [ 1586.981615] ? napi_complete_done+0x570/0x570 [ 1586.986092] ? check_preemption_disabled+0x41/0x280 [ 1586.991088] __do_softirq+0x265/0x980 [ 1586.994872] do_softirq_own_stack+0x2a/0x40 [ 1586.999191] [ 1587.001410] do_softirq.part.0+0x160/0x1c0 [ 1587.005628] ? inet_csk_listen_stop+0x1c4/0x8a0 [ 1587.010285] __local_bh_enable_ip+0x20e/0x270 [ 1587.014764] inet_csk_listen_stop+0x1e7/0x8a0 [ 1587.019252] tcp_close+0xca3/0xfd0 [ 1587.022777] ? ip_mc_drop_socket+0x16/0x260 [ 1587.027078] inet_release+0xd7/0x1e0 [ 1587.030802] inet6_release+0x4c/0x70 [ 1587.034495] __sock_release+0xcd/0x2a0 [ 1587.038360] ? __sock_release+0x2a0/0x2a0 [ 1587.042485] sock_close+0x15/0x20 [ 1587.045918] __fput+0x2ce/0x890 [ 1587.049177] task_work_run+0x148/0x1c0 [ 1587.053042] exit_to_usermode_loop+0x251/0x2a0 [ 1587.057617] do_syscall_64+0x538/0x620 [ 1587.061497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1587.066671] RIP: 0033:0x41940b [ 1587.069848] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 1587.088733] RSP: 002b:00007ffd06436730 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1587.096427] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000041940b [ 1587.103676] RDX: 0000000000570a18 RSI: 0000000000000080 RDI: 0000000000000004 [ 1587.111078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000570828 [ 1587.118331] R10: 00007ffd06436820 R11: 0000000000000293 R12: 0000000000183654 [ 1587.125581] R13: 00000000000003e8 R14: 000000000056bf60 R15: 0000000000183624 [ 1587.132838] Modules linked in: [ 1587.136082] ---[ end trace 45765a68fba5a1f8 ]--- [ 1587.140855] RIP: 0010:skb_release_data+0x3bf/0x920 [ 1587.145778] Code: 4d 0b fb e9 2a fe ff ff e8 fe 73 f2 fa 48 8d 6b ff e9 b5 fe ff ff e8 f0 73 f2 fa 48 c7 c6 a0 fd 4b 89 48 89 ef e8 41 f5 19 fb <0f> 0b 4c 8b 34 24 e8 d6 73 f2 fa 49 8d 7e 08 48 b8 00 00 00 00 00 [ 1587.164790] RSP: 0018:ffff8880ba1075e8 EFLAGS: 00010206 [ 1587.170159] RAX: ffff8880aa3e21c0 RBX: ffffea00024c7a34 RCX: 0000000000000000 [ 1587.177409] RDX: 0000000000000100 RSI: ffffffff866fe9df RDI: ffffea00024c7a38 [ 1587.184675] RBP: ffffea00024c7a00 R08: 000000000000003e R09: 0000000000000000 [ 1587.191938] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1587.199200] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880aa5ad530 [ 1587.206452] FS: 000000000237a400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 1587.214685] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1587.220557] CR2: 0000000000000000 CR3: 00000000b3162000 CR4: 00000000001406e0 [ 1587.227824] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1587.235073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1587.242333] Kernel panic - not syncing: Fatal exception in interrupt [ 1587.249425] Kernel Offset: disabled [ 1587.253039] Rebooting in 86400 seconds..