[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. 2020/07/25 11:23:47 parsed 1 programs 2020/07/25 11:23:47 executed programs: 0 syzkaller login: [ 1584.116147][ T6824] IPVS: ftp: loaded support on port[0] = 21 [ 1584.204538][ T6824] chnl_net:caif_netlink_parms(): no params data found [ 1584.247763][ T6824] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.257825][ T6824] bridge0: port 1(bridge_slave_0) entered disabled state [ 1584.266646][ T6824] device bridge_slave_0 entered promiscuous mode [ 1584.275535][ T6824] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.283127][ T6824] bridge0: port 2(bridge_slave_1) entered disabled state [ 1584.290696][ T6824] device bridge_slave_1 entered promiscuous mode [ 1584.310238][ T6824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1584.321509][ T6824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1584.341603][ T6824] team0: Port device team_slave_0 added [ 1584.348734][ T6824] team0: Port device team_slave_1 added [ 1584.364641][ T6824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1584.371762][ T6824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1584.399034][ T6824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1584.412177][ T6824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1584.419123][ T6824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1584.446430][ T6824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1584.513417][ T6824] device hsr_slave_0 entered promiscuous mode [ 1584.561328][ T6824] device hsr_slave_1 entered promiscuous mode [ 1584.683545][ T6824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1584.754077][ T6824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1584.823201][ T6824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1584.893241][ T6824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1584.954436][ T6824] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.961779][ T6824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1584.969581][ T6824] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.976722][ T6824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.013297][ T6824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1585.027822][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1585.037714][ T7034] bridge0: port 1(bridge_slave_0) entered disabled state [ 1585.046020][ T7034] bridge0: port 2(bridge_slave_1) entered disabled state [ 1585.054059][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1585.067413][ T6824] 8021q: adding VLAN 0 to HW filter on device team0 [ 1585.077981][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1585.087547][ T6791] bridge0: port 1(bridge_slave_0) entered blocking state [ 1585.094688][ T6791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1585.106372][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1585.115460][ T7034] bridge0: port 2(bridge_slave_1) entered blocking state [ 1585.122918][ T7034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1585.143052][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1585.152121][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1585.164658][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1585.172491][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1585.184877][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1585.195538][ T6824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1585.212335][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1585.219705][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1585.233387][ T6824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1585.249703][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1585.258357][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1585.280574][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1585.289353][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1585.300251][ T6824] device veth0_vlan entered promiscuous mode [ 1585.307036][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1585.315694][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1585.327700][ T6824] device veth1_vlan entered promiscuous mode [ 1585.345134][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1585.353625][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1585.361975][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1585.370420][ T6791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1585.381267][ T6824] device veth0_macvtap entered promiscuous mode [ 1585.390729][ T6824] device veth1_macvtap entered promiscuous mode [ 1585.406659][ T6824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1585.414355][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1585.424211][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1585.432417][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1585.441272][ T2495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1585.452886][ T6824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1585.461958][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1585.470581][ T7034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1614.790378][ T0] NOHZ: local_softirq_pending 08 [ 1635.268646][ T0] NOHZ: local_softirq_pending 08 [ 1655.747477][ T0] NOHZ: local_softirq_pending 08 [ 1676.225859][ T0] NOHZ: local_softirq_pending 08 [ 1690.613662][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 1690.620613][ C0] rcu: 0-....: (10499 ticks this GP) idle=0fa/1/0x4000000000000000 softirq=8018/8018 fqs=5234 [ 1690.631295][ C0] (t=10500 jiffies g=6429 q=525) [ 1690.636311][ C0] NMI backtrace for cpu 0 [ 1690.641538][ C0] CPU: 0 PID: 7039 Comm: syz-executor.0 Not tainted 5.8.0-rc6-syzkaller #0 [ 1690.650093][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1690.660189][ C0] Call Trace: [ 1690.663464][ C0] [ 1690.666413][ C0] dump_stack+0x1f0/0x31e [ 1690.670748][ C0] nmi_cpu_backtrace+0x9f/0x180 [ 1690.675650][ C0] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1690.681757][ C0] nmi_trigger_cpumask_backtrace+0x16a/0x280 [ 1690.688112][ C0] rcu_dump_cpu_stacks+0x199/0x2a0 [ 1690.693209][ C0] rcu_sched_clock_irq+0x1928/0x1eb0 [ 1690.698521][ C0] ? lock_is_held_type+0x87/0xe0 [ 1690.703487][ C0] update_process_times+0x12c/0x180 [ 1690.708732][ C0] tick_sched_timer+0x254/0x410 [ 1690.713570][ C0] ? tick_setup_sched_timer+0x3e0/0x3e0 [ 1690.719094][ C0] __hrtimer_run_queues+0x42d/0x930 [ 1690.724294][ C0] hrtimer_interrupt+0x373/0xd60 [ 1690.729283][ C0] __sysvec_apic_timer_interrupt+0xf0/0x260 [ 1690.735453][ C0] asm_call_on_stack+0xf/0x20 [ 1690.740098][ C0] [ 1690.743008][ C0] sysvec_apic_timer_interrupt+0xb9/0x130 [ 1690.748696][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1690.754750][ C0] RIP: 0010:iov_iter_copy_from_user_atomic+0x980/0xda0 [ 1690.761579][ C0] Code: 3d 8b 5c 24 10 ff c3 e8 ce b7 d8 fd eb af 44 89 f1 80 e1 07 80 c1 03 38 c1 7c cf 4c 89 f7 e8 17 c6 17 fe eb c5 e8 b0 b7 d8 fd <45> 31 e4 eb 23 e8 a6 b7 d8 fd 48 8b 5c 24 08 49 89 ee eb 14 49 89 [ 1690.781154][ C0] RSP: 0018:ffffc90001be7838 EFLAGS: 00000293 [ 1690.787241][ C0] RAX: ffffffff839bda50 RBX: 1ffff1101226ef41 RCX: ffff8880913765c0 [ 1690.795198][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1690.803139][ C0] RBP: 0000000000000000 R08: ffffffff839bd9d7 R09: ffffffff839bd2e8 [ 1690.811093][ C0] R10: 0000000000000002 R11: ffff8880913765c0 R12: 0000000000000000 [ 1690.819035][ C0] R13: ffffc90001be7d10 R14: ffff888085453000 R15: 0005088000000000 [ 1690.827007][ C0] ? iov_iter_copy_from_user_atomic+0x218/0xda0 [ 1690.833312][ C0] ? iov_iter_copy_from_user_atomic+0x907/0xda0 [ 1690.839543][ C0] ? iov_iter_copy_from_user_atomic+0x980/0xda0 [ 1690.846084][ C0] ? iov_iter_copy_from_user_atomic+0x980/0xda0 [ 1690.852467][ C0] generic_perform_write+0x2ba/0x4e0 [ 1690.857869][ C0] ext4_buffered_write_iter+0x44d/0x5d0 [ 1690.863415][ C0] ext4_file_write_iter+0x88d/0x1930 [ 1690.868812][ C0] ? lock_acquire+0x160/0x720 [ 1690.873518][ C0] ? iter_file_splice_write+0x1b4/0xdf0 [ 1690.879094][ C0] do_iter_readv_writev+0x5b7/0x820 [ 1690.884268][ C0] do_iter_write+0x16a/0x540 [ 1690.888869][ C0] ? __kmalloc+0x263/0x330 [ 1690.893264][ C0] ? kmalloc_array+0x2d/0x50 [ 1690.897825][ C0] ? vfs_iter_write+0x69/0xa0 [ 1690.902472][ C0] iter_file_splice_write+0x6ca/0xdf0 [ 1690.907837][ C0] ? splice_from_pipe+0x180/0x180 [ 1690.912835][ C0] do_splice+0xdd1/0x1a50 [ 1690.917209][ C0] ? rcu_lock_release+0x9/0x20 [ 1690.921945][ C0] ? __fget_files+0x388/0x3c0 [ 1690.926594][ C0] ? __fdget+0x18f/0x210 [ 1690.930808][ C0] __x64_sys_splice+0x14f/0x1f0 [ 1690.935631][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1690.941668][ C0] do_syscall_64+0x73/0xe0 [ 1690.946057][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1690.951957][ C0] RIP: 0033:0x45c369 [ 1690.955819][ C0] Code: Bad RIP value. [ 1690.959866][ C0] RSP: 002b:00007f0ef7fffc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 1690.968244][ C0] RAX: ffffffffffffffda RBX: 0000000000032240 RCX: 000000000045c369 [ 1690.976185][ C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000006 [ 1690.984126][ C0] RBP: 000000000078bf58 R08: 000000000000ffe0 R09: 0000000000000000 [ 1690.992069][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 1691.000028][ C0] R13: 00007ffda584464f R14: 00007f0ef80009c0 R15: 000000000078bf0c