[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.108' (ECDSA) to the list of known hosts. syzkaller login: [ 34.118405] IPVS: ftp: loaded support on port[0] = 21 [ 34.213588] chnl_net:caif_netlink_parms(): no params data found [ 34.305837] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.312483] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.320043] device bridge_slave_0 entered promiscuous mode [ 34.327300] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.333766] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.341679] device bridge_slave_1 entered promiscuous mode [ 34.358445] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.367361] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.385616] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.393193] team0: Port device team_slave_0 added [ 34.398654] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.407356] team0: Port device team_slave_1 added [ 34.423223] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.429530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.455664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.467225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.473592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.498988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.512976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.520397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.539630] device hsr_slave_0 entered promiscuous mode [ 34.545326] device hsr_slave_1 entered promiscuous mode [ 34.551731] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.558731] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.622945] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.629429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.636228] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.642644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.674146] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.681414] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.690185] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.698428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.707150] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.715019] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.722443] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.733643] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.740221] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.749266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.756851] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.763251] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.773399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.781040] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.787366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.802661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 34.810873] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 34.826271] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.836181] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.847016] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 34.854360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 34.862141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.870425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.878405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 34.891365] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 34.898516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 34.905401] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 34.915352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.950028] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 34.960786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.994372] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.002368] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.009966] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.018419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.028073] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.035170] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.044216] device veth0_vlan entered promiscuous mode [ 35.053515] device veth1_vlan entered promiscuous mode [ 35.060186] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.068812] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.080887] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.090384] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.097641] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.105560] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.115151] device veth0_macvtap entered promiscuous mode [ 35.121849] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.130738] device veth1_macvtap entered promiscuous mode [ 35.140182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.149622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.160576] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.167279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.175787] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.186363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.193437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.304775] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 35.312174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.320202] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.334932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 35.346181] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready executing program [ 35.357444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 35.365027] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.372669] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 35.404436] ------------[ cut here ]------------ [ 35.409274] VFS: brelse: Trying to free free buffer [ 35.414452] WARNING: CPU: 0 PID: 8124 at fs/buffer.c:1144 __brelse+0x67/0xa0 [ 35.421724] Kernel panic - not syncing: panic_on_warn set ... [ 35.421724] [ 35.429083] CPU: 0 PID: 8124 Comm: syz-executor278 Not tainted 4.19.211-syzkaller #0 [ 35.436950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.446297] Call Trace: [ 35.448882] dump_stack+0x1fc/0x2ef [ 35.452517] panic+0x26a/0x50e [ 35.455702] ? __warn_printk+0xf3/0xf3 [ 35.459578] ? __brelse+0x67/0xa0 [ 35.463022] ? __probe_kernel_read+0x130/0x1b0 [ 35.467604] ? __warn.cold+0x5/0x5a [ 35.471218] ? __warn+0xe4/0x200 [ 35.474575] ? __brelse+0x67/0xa0 [ 35.478015] __warn.cold+0x20/0x5a [ 35.481549] ? __brelse+0x67/0xa0 [ 35.484988] report_bug+0x262/0x2b0 [ 35.488602] do_error_trap+0x1d7/0x310 [ 35.492474] ? math_error+0x310/0x310 [ 35.496261] ? irq_work_claim+0xa6/0xc0 [ 35.500219] ? irq_work_queue+0x29/0x80 [ 35.504177] ? error_entry+0x72/0xd0 [ 35.507875] ? trace_hardirqs_off_caller+0x2c/0x210 [ 35.512887] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 35.517737] invalid_op+0x14/0x20 [ 35.521191] RIP: 0010:__brelse+0x67/0xa0 [ 35.525246] Code: 7c 04 84 d2 75 4e 44 8b 63 60 31 ff 44 89 e6 e8 bf 16 b2 ff 45 85 e4 75 1c e8 45 15 b2 ff 48 c7 c7 e0 1c 75 88 e8 1e 4d 42 06 <0f> 0b 5b 5d 41 5c e9 2e 15 b2 ff e8 29 15 b2 ff be 04 00 00 00 48 [ 35.544130] RSP: 0018:ffff8880b143fa38 EFLAGS: 00010086 [ 35.549478] RAX: 0000000000000000 RBX: ffff88808acea498 RCX: 0000000000000000 [ 35.556731] RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed1016287f39 [ 35.563980] RBP: ffff88808acea4f8 R08: 0000000000000001 R09: 0000000000000000 [ 35.571233] R10: 0000000000000005 R11: ffffffff8c66501b R12: 0000000000000000 [ 35.578484] R13: dffffc0000000000 R14: ffff8880ba0287e0 R15: ffffffff81b08270 [ 35.585745] ? __find_get_block+0xde0/0xde0 [ 35.590058] ? vprintk_func+0x81/0x180 [ 35.593933] ? __brelse+0x67/0xa0 [ 35.597368] invalidate_bh_lru+0x90/0x140 [ 35.601505] ? __find_get_block+0xde0/0xde0 [ 35.605815] on_each_cpu_mask+0xf7/0x240 [ 35.609858] ? touch_buffer+0x2f0/0x2f0 [ 35.613815] on_each_cpu_cond+0x12d/0x1c0 [ 35.617944] ? on_each_cpu_mask+0x240/0x240 [ 35.622248] ? lock_downgrade+0x720/0x720 [ 35.626378] ? blkdev_put+0x30/0x520 [ 35.630075] __blkdev_put+0x29e/0x870 [ 35.633861] ? fsync_bdev+0xc0/0xc0 [ 35.637471] ? blkdev_put+0x85/0x520 [ 35.641173] deactivate_locked_super+0x94/0x160 [ 35.645824] deactivate_super+0x174/0x1a0 [ 35.649953] ? deactivate_locked_super+0x160/0x160 [ 35.654867] ? dput+0x31/0x640 [ 35.658043] cleanup_mnt+0x1a8/0x290 [ 35.661743] task_work_run+0x148/0x1c0 [ 35.665616] do_exit+0xbf3/0x2be0 [ 35.669053] ? lock_downgrade+0x720/0x720 [ 35.673183] ? mm_update_next_owner+0x650/0x650 [ 35.677834] ? up_read+0x17/0x110 [ 35.681273] ? __do_page_fault+0x180/0xd60 [ 35.685495] do_group_exit+0x125/0x310 [ 35.689367] __x64_sys_exit_group+0x3a/0x50 [ 35.693669] do_syscall_64+0xf9/0x620 [ 35.697458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.702630] RIP: 0033:0x7f92726f8319 [ 35.706324] Code: Bad RIP value. [ 35.709667] RSP: 002b:00007ffc2fc27688 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.717355] RAX: ffffffffffffffda RBX: 00007f9272779430 RCX: 00007f92726f8319 [ 35.724607] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 35.731862] RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 0000000000000000 [ 35.739114] R10: 00000000200000c0 R11: 0000000000000246 R12: 00007f9272779430 [ 35.746362] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 35.753959] Kernel Offset: disabled [ 35.757625] Rebooting in 86400 seconds..