[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. 2021/06/01 04:30:49 parsed 1 programs 2021/06/01 04:30:50 executed programs: 0 syzkaller login: [ 411.388972] IPVS: ftp: loaded support on port[0] = 21 [ 411.517511] chnl_net:caif_netlink_parms(): no params data found [ 411.598929] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.605921] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.616044] device bridge_slave_0 entered promiscuous mode [ 411.625238] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.631811] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.639970] device bridge_slave_1 entered promiscuous mode [ 411.659576] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 411.670182] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 411.692396] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 411.700377] team0: Port device team_slave_0 added [ 411.706656] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 411.714816] team0: Port device team_slave_1 added [ 411.731944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.739102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.771467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 411.784316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.792836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.822328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.833329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 411.841332] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 411.861995] device hsr_slave_0 entered promiscuous mode [ 411.868278] device hsr_slave_1 entered promiscuous mode [ 411.875246] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 411.882740] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 411.956172] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.962841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.970736] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.978011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.015505] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 412.022092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.031298] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 412.041252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 412.051649] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.059371] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.067133] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 412.079475] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 412.086491] 8021q: adding VLAN 0 to HW filter on device team0 [ 412.097246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 412.106332] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.112907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.135115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 412.145830] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.153007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 412.162340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 412.171089] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 412.180497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 412.190177] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 412.200960] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 412.212251] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 412.220328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 412.238447] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 412.246786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 412.255434] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 412.268980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 412.287130] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 412.307528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 412.342772] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 412.351510] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 412.360030] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 412.370926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 412.380454] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 412.389303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 412.401088] device veth0_vlan entered promiscuous mode [ 412.411958] device veth1_vlan entered promiscuous mode [ 412.420584] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 412.431705] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 412.445950] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 412.457024] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 412.467312] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 412.476274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 412.488140] device veth0_macvtap entered promiscuous mode [ 412.498857] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 412.511623] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 412.527825] device veth1_macvtap entered promiscuous mode [ 412.541246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 412.552941] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 412.564730] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 412.575998] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.585129] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 412.595151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 412.609873] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 412.622535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 412.638494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 412.652191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 412.786155] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 412.795091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.810489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.825772] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 412.837340] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 412.845410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.855858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.863262] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 413.415091] Bluetooth: hci0: command 0x0409 tx timeout 2021/06/01 04:30:55 executed programs: 47 [ 415.494811] Bluetooth: hci0: command 0x041b tx timeout [ 417.574112] Bluetooth: hci0: command 0x040f tx timeout [ 419.653867] Bluetooth: hci0: command 0x0419 tx timeout 2021/06/01 04:31:00 executed programs: 150 2021/06/01 04:31:05 executed programs: 256 2021/06/01 04:31:10 executed programs: 361 2021/06/01 04:31:15 executed programs: 467 2021/06/01 04:31:20 executed programs: 573 [ 441.336490] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.342610] ieee802154 phy1 wpan1: encryption failed: -22 2021/06/01 04:31:25 executed programs: 678 2021/06/01 04:31:30 executed programs: 784 [ 452.224349] ------------[ cut here ]------------ [ 452.235083] Trying to vfree() nonexistent vm area (000000006dfb3c7a) [ 452.260292] WARNING: CPU: 0 PID: 14103 at mm/vmalloc.c:1515 __vunmap+0x332/0x3f0 [ 452.283824] Kernel panic - not syncing: panic_on_warn set ... [ 452.283824] [ 452.305686] CPU: 0 PID: 14103 Comm: syz-executor.0 Not tainted 4.19.192-syzkaller #0 [ 452.322653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.344066] Call Trace: [ 452.348386] dump_stack+0x1fc/0x2ef [ 452.355397] panic+0x26a/0x50e [ 452.364235] ? __warn_printk+0xf3/0xf3 [ 452.372947] ? __vunmap+0x332/0x3f0 [ 452.380376] ? __probe_kernel_read+0x130/0x1b0 [ 452.393343] ? __warn.cold+0x5/0x5a [ 452.402277] ? __warn+0xe4/0x200 [ 452.409107] ? __vunmap+0x332/0x3f0 [ 452.418167] __warn.cold+0x20/0x5a [ 452.426788] ? io_schedule_timeout+0x140/0x140 [ 452.435628] ? __vunmap+0x332/0x3f0 [ 452.444004] report_bug+0x262/0x2b0 [ 452.450528] do_error_trap+0x1d7/0x310 [ 452.456501] ? math_error+0x310/0x310 [ 452.462920] ? __irq_work_queue_local+0x101/0x160 [ 452.470797] ? irq_work_queue+0x29/0x80 [ 452.479980] ? error_entry+0x72/0xd0 [ 452.491322] ? trace_hardirqs_off_caller+0x6e/0x210 [ 452.504263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.520594] invalid_op+0x14/0x20 [ 452.534326] RIP: 0010:__vunmap+0x332/0x3f0 [ 452.545189] Code: b0 d1 ff 4c 89 e6 48 c7 c7 80 dd 72 88 e8 a6 d0 60 06 0f 0b eb 94 e8 4d b0 d1 ff 4c 89 e6 48 c7 c7 e0 dd 72 88 e8 8e d0 60 06 <0f> 0b e9 79 ff ff ff 4c 89 ff e8 ff 74 07 00 e9 25 ff ff ff 48 8b [ 452.589466] RSP: 0018:ffff8880b459f3b8 EFLAGS: 00010282 [ 452.605140] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 452.618801] RDX: 0000000000000000 RSI: ffffffff814df6b1 RDI: ffffed10168b3e69 [ 452.633855] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 452.645068] R10: 0000000000000005 R11: 0000000000000000 R12: ffffc90005eb5000 [ 452.654596] R13: fffffbfff164d7ce R14: 0000607f42c03000 R15: ffffe8fffcc03000 [ 452.664709] ? vprintk_func+0x81/0x180 [ 452.669614] ? __vunmap+0x332/0x3f0 [ 452.674814] vfree+0x65/0x100 [ 452.679819] ipcomp_free_scratches+0xba/0x140 [ 452.685999] ipcomp_init_state+0x768/0xa00 [ 452.693193] ? check_preemption_disabled+0x41/0x280 [ 452.701795] ? lock_downgrade+0x720/0x720 [ 452.711046] ipcomp6_init_state+0xc2/0x5b0 [ 452.722881] __xfrm_init_state+0x555/0xd30 [ 452.728513] xfrm_add_sa+0x1db2/0x33f0 [ 452.734562] ? xfrm_send_migrate+0x920/0x920 [ 452.743065] ? nla_parse+0x1b2/0x290 [ 452.748517] ? xfrm_send_migrate+0x920/0x920 [ 452.756868] xfrm_user_rcv_msg+0x411/0x6b0 [ 452.766674] ? xfrm_dump_sa_done+0xe0/0xe0 [ 452.775361] ? mark_held_locks+0xf0/0xf0 [ 452.780696] ? kmem_cache_free+0x226/0x260 [ 452.793704] ? check_preemption_disabled+0x41/0x280 [ 452.805101] ? __dev_queue_xmit+0x15f5/0x2e00 [ 452.810306] ? __mutex_lock+0x365/0x1200 [ 452.818039] ? kfree_skbmem+0x140/0x140 [ 452.831527] netlink_rcv_skb+0x160/0x440 [ 452.838420] ? xfrm_dump_sa_done+0xe0/0xe0 [ 452.844552] ? netlink_ack+0xae0/0xae0 [ 452.848728] ? netlink_deliver_tap+0x22d/0xb00 [ 452.854635] ? lock_downgrade+0x720/0x720 [ 452.861560] xfrm_netlink_rcv+0x6b/0x90 [ 452.867145] netlink_unicast+0x4d5/0x690 [ 452.872804] ? netlink_sendskb+0x110/0x110 [ 452.880856] ? _copy_from_iter_full+0x229/0x7c0 [ 452.887054] ? __phys_addr_symbol+0x2c/0x70 [ 452.893206] ? __check_object_size+0x17b/0x3e0 [ 452.899969] netlink_sendmsg+0x6bb/0xc40 [ 452.912608] ? aa_af_perm+0x230/0x230 [ 452.919386] ? nlmsg_notify+0x1a0/0x1a0 [ 452.923401] ? kernel_recvmsg+0x220/0x220 [ 452.929158] ? nlmsg_notify+0x1a0/0x1a0 [ 452.937291] sock_sendmsg+0xc3/0x120 [ 452.946787] ___sys_sendmsg+0x7bb/0x8e0 [ 452.952828] ? copy_msghdr_from_user+0x440/0x440 [ 452.962469] ? __fget+0x32f/0x510 [ 452.971075] ? lock_downgrade+0x720/0x720 [ 452.981082] ? check_preemption_disabled+0x41/0x280 [ 452.991316] ? check_preemption_disabled+0x41/0x280 [ 453.004340] ? __fget+0x356/0x510 [ 453.010540] ? do_dup2+0x450/0x450 [ 453.016303] ? __fd_install+0x1b4/0x610 [ 453.020816] ? __fdget+0x1d0/0x230 [ 453.025121] __x64_sys_sendmsg+0x132/0x220 [ 453.030967] ? __sys_sendmsg+0x1b0/0x1b0 [ 453.037077] ? __se_sys_futex+0x298/0x3b0 [ 453.044155] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 453.056814] ? trace_hardirqs_off_caller+0x6e/0x210 [ 453.068190] ? do_syscall_64+0x21/0x620 [ 453.076602] do_syscall_64+0xf9/0x620 [ 453.084705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 453.095229] RIP: 0033:0x4665d9 [ 453.103152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 453.140775] RSP: 002b:00007f0270492188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.160391] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 [ 453.170917] RDX: 0000000000000000 RSI: 0000000020000800 RDI: 0000000000000003 [ 453.180102] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 [ 453.188950] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 [ 453.198147] R13: 00007ffc58749e5f R14: 00007f0270492300 R15: 0000000000022000 [ 453.212157] Kernel Offset: disabled [ 453.217133] Rebooting in 86400 seconds..