[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. 2020/12/22 02:03:34 parsed 1 programs 2020/12/22 02:03:34 executed programs: 0 syzkaller login: [ 30.834610] IPVS: ftp: loaded support on port[0] = 21 [ 30.909863] chnl_net:caif_netlink_parms(): no params data found [ 30.987933] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.994500] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.003119] device bridge_slave_0 entered promiscuous mode [ 31.010471] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.017297] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.024139] device bridge_slave_1 entered promiscuous mode [ 31.042203] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 31.050964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 31.068645] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 31.075779] team0: Port device team_slave_0 added [ 31.081896] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 31.089403] team0: Port device team_slave_1 added [ 31.104005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.110405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.136474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.147664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.153887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.180277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.191640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.199431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.218013] device hsr_slave_0 entered promiscuous mode [ 31.223613] device hsr_slave_1 entered promiscuous mode [ 31.230161] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 31.237571] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 31.298181] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.304574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.311424] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.317842] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.344714] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 31.350857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.360145] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 31.368734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.378351] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.385282] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.395338] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 31.402275] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.410611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.418567] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.424899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.436743] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.444267] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.450680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.462138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.471818] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.481093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.494233] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.504398] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.515168] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 31.522330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.530597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.538533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.549846] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.557510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.564139] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.574785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.626863] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 31.637042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.666599] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 31.673495] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 31.680500] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 31.689710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.697428] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.704248] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.712997] device veth0_vlan entered promiscuous mode [ 31.722307] device veth1_vlan entered promiscuous mode [ 31.728695] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.738557] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.749088] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.758148] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.765193] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.773508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.782527] device veth0_macvtap entered promiscuous mode [ 31.789052] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.797215] device veth1_macvtap entered promiscuous mode [ 31.805087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.814226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.824401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.832043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.840367] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.850294] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.857439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.896460] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.959773] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 31.966753] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 31.979497] vhci_hcd: connection closed [ 31.979894] vhci_hcd: stop threads [ 31.988471] vhci_hcd: release socket [ 31.992284] vhci_hcd: disconnect device [ 32.479876] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 32.485898] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 32.496125] vhci_hcd: connection closed [ 32.496451] vhci_hcd: stop threads [ 32.503987] vhci_hcd: release socket [ 32.508836] vhci_hcd: disconnect device [ 32.522743] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 32.528566] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 32.538086] vhci_hcd: connection closed [ 32.538883] vhci_hcd: stop threads [ 32.547523] vhci_hcd: release socket [ 32.551279] vhci_hcd: disconnect device [ 32.855611] Bluetooth: hci0 command 0x0409 tx timeout [ 33.039062] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 33.044891] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 33.052472] vhci_hcd: connection closed [ 33.052617] vhci_hcd: stop threads [ 33.061733] vhci_hcd: release socket [ 33.066088] vhci_hcd: disconnect device [ 33.073956] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 33.079775] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 33.088006] vhci_hcd: connection closed [ 33.089030] vhci_hcd: stop threads [ 33.098847] vhci_hcd: release socket [ 33.102605] vhci_hcd: disconnect device [ 33.588828] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 33.594751] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 33.605073] vhci_hcd: connection closed [ 33.605302] vhci_hcd: stop threads [ 33.620183] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 33.624555] vhci_hcd: release socket [ 33.626022] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 33.641453] vhci_hcd: connection closed [ 33.641698] vhci_hcd: disconnect device [ 33.649948] vhci_hcd: stop threads [ 33.653517] vhci_hcd: release socket [ 33.658844] vhci_hcd: disconnect device [ 34.142430] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 34.148415] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 34.158081] vhci_hcd: connection closed [ 34.158978] BUG: unable to handle kernel NULL pointer dereference at 000000000000001c [ 34.170915] IP: kthread_stop+0x47/0x640 [ 34.174864] PGD 9a6b8067 P4D 9a6b8067 PUD a97a7067 PMD 0 [ 34.180385] Oops: 0002 [#1] PREEMPT SMP KASAN [ 34.184859] Modules linked in: [ 34.188038] CPU: 0 PID: 2887 Comm: kworker/u4:4 Not tainted 4.14.212-syzkaller #0 [ 34.195640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.204982] Workqueue: usbip_event event_handler [ 34.209715] task: ffff8880ac0c6100 task.stack: ffff8880ac0d0000 [ 34.215754] RIP: 0010:kthread_stop+0x47/0x640 [ 34.220227] RSP: 0018:ffff8880ac0d7c70 EFLAGS: 00010297 [ 34.225570] RAX: ffff8880ac0c6100 RBX: 0000000000000000 RCX: 0000000000000000 [ 34.232819] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286 [ 34.240071] RBP: fffffffffffffffc R08: ffffffff8b9aec80 R09: 0000000000000000 [ 34.247323] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888237d38998 [ 34.254657] R13: ffff888237d38988 R14: fffffbfff1924130 R15: ffffffff89857f80 [ 34.261913] FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 34.270116] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.275989] CR2: 000000000000001c CR3: 000000009ee94000 CR4: 00000000001406f0 [ 34.283255] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.290517] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.297879] Call Trace: [ 34.300497] vhci_shutdown_connection+0x12a/0x240 [ 34.305318] ? mark_held_locks+0xa6/0xf0 [ 34.309385] ? kfree+0x14a/0x250 [ 34.312727] ? event_handler+0x141/0x4a0 [ 34.316787] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 34.321780] event_handler+0x1c3/0x4a0 [ 34.325644] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 34.331072] process_one_work+0x793/0x14a0 [ 34.335303] ? work_busy+0x320/0x320 [ 34.338997] ? worker_thread+0x158/0xff0 [ 34.343048] ? _raw_spin_unlock_irq+0x24/0x80 [ 34.347868] worker_thread+0x5cc/0xff0 [ 34.351739] ? rescuer_thread+0xc80/0xc80 [ 34.355871] kthread+0x30d/0x420 [ 34.359215] ? kthread_create_on_node+0xd0/0xd0 [ 34.363864] ret_from_fork+0x24/0x30 [ 34.367557] Code: 00 65 8b 1d bc 17 c9 7e 83 fb 07 0f 87 5b 04 00 00 e8 be d5 1e 00 89 db 48 0f a3 1d 0c 44 d0 08 0f 82 a2 03 00 00 e8 a9 d5 1e 00 ff 45 20 48 8d 7d 24 48 b8 00 00 00 00 00 fc ff df 48 89 fa [ 34.386659] RIP: kthread_stop+0x47/0x640 RSP: ffff8880ac0d7c70 [ 34.392611] CR2: 000000000000001c [ 34.396048] ---[ end trace 015dd5a0dcb15ea5 ]--- [ 34.400778] Kernel panic - not syncing: Fatal exception [ 34.406161] Kernel Offset: disabled [ 34.409766] Rebooting in 86400 seconds..