[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2021/08/02 01:42:23 parsed 1 programs 2021/08/02 01:42:23 executed programs: 0 syzkaller login: [ 37.327902] IPVS: ftp: loaded support on port[0] = 21 [ 37.437625] chnl_net:caif_netlink_parms(): no params data found [ 37.522841] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.529634] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.537643] device bridge_slave_0 entered promiscuous mode [ 37.546063] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.552457] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.560334] device bridge_slave_1 entered promiscuous mode [ 37.578863] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.588914] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.609856] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.617564] team0: Port device team_slave_0 added [ 37.625073] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.632467] team0: Port device team_slave_1 added [ 37.649406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.655746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.682627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.695691] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.703869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.730635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.741983] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.750286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.770316] device hsr_slave_0 entered promiscuous mode [ 37.776762] device hsr_slave_1 entered promiscuous mode [ 37.782912] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 37.790993] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 37.858208] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.864875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.871829] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.878313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.909747] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 37.918134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.926891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.936606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.945564] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.952624] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.960559] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.971611] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 37.978340] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.987783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.996040] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.002656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.012957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.020987] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.027439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.042327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.050199] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.065700] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 38.076289] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.087850] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 38.096575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.104601] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.113392] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.121840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 38.136045] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 38.143870] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 38.150575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 38.161450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.175682] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 38.186123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.220698] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 38.228320] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 38.236513] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 38.247527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.255814] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.262990] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.273264] device veth0_vlan entered promiscuous mode [ 38.282545] device veth1_vlan entered promiscuous mode [ 38.288758] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 38.298039] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 38.310848] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 38.321166] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 38.329624] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 38.337699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.347881] device veth0_macvtap entered promiscuous mode [ 38.355229] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 38.364481] device veth1_macvtap entered promiscuous mode [ 38.373001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 38.383171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 38.394534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.401656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.411237] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 38.426434] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 38.434023] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.440727] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.449697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.575321] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 38.582453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.592988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.612057] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 38.620024] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 38.628247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 38.635870] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 38.642847] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 39.373970] Bluetooth: hci0: command 0x0409 tx timeout 2021/08/02 01:42:28 executed programs: 56 [ 41.452342] Bluetooth: hci0: command 0x041b tx timeout [ 43.521740] Bluetooth: hci0: command 0x040f tx timeout [ 44.487601] BUG: unable to handle kernel paging request at ffffc90006f64000 [ 44.494738] PGD 13be43067 P4D 13be43067 PUD 23b831067 PMD b1528067 PTE 0 [ 44.501588] Oops: 0002 [#1] PREEMPT SMP KASAN [ 44.506388] CPU: 0 PID: 9322 Comm: vivid-002-vid-c Not tainted 4.19.200-syzkaller #0 [ 44.516281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.526542] RIP: 0010:memcpy_erms+0x6/0x10 [ 44.530915] Code: eb 88 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 44.550881] RSP: 0018:ffff8880b2e1f838 EFLAGS: 00010246 [ 44.557206] RAX: ffffc90006f63fe0 RBX: 0000000000000280 RCX: 0000000000000260 [ 44.565672] RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc90006f64000 [ 44.573528] RBP: ffffc900026d3000 R08: 0000000000000001 R09: fffff52000dec84b [ 44.582285] R10: ffffc90006f6425f R11: 0000000000000000 R12: ffffc900026d3000 [ 44.589988] R13: dffffc0000000000 R14: ffffc90006f63fe0 R15: ffff888237ad5558 [ 44.603700] FS: 0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 44.613333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.619780] CR2: ffffc90006f64000 CR3: 00000000aab0f000 CR4: 00000000001406f0 [ 44.627293] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.634903] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.642383] Call Trace: [ 44.645269] tpg_fill_plane_buffer+0x11a0/0x2ff0 [ 44.650568] vivid_fillbuff+0x17b8/0x6560 [ 44.655058] ? __lock_acquire+0x6de/0x3ff0 [ 44.659616] ? mark_held_locks+0xf0/0xf0 [ 44.663677] ? mark_held_locks+0xf0/0xf0 [ 44.667746] ? ret_from_fork+0x24/0x30 [ 44.671707] ? __lock_acquire+0x6de/0x3ff0 [ 44.675930] ? scale_line+0xd0/0xd0 [ 44.679552] ? vivid_thread_vid_cap+0x968/0x2140 [ 44.684383] ? lock_downgrade+0x720/0x720 [ 44.688684] ? lock_acquire+0x170/0x3c0 [ 44.692656] ? vivid_thread_vid_cap+0x7a7/0x2140 [ 44.697587] vivid_thread_vid_cap+0x98f/0x2140 [ 44.702177] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 44.707278] ? __kthread_parkme+0x4c/0x1e0 [ 44.711496] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 44.716058] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 44.721151] ? __kthread_parkme+0x133/0x1e0 [ 44.725564] ? vivid_fillbuff+0x6560/0x6560 [ 44.729976] kthread+0x33f/0x460 [ 44.733377] ? kthread_park+0x180/0x180 [ 44.737362] ret_from_fork+0x24/0x30 [ 44.741143] Modules linked in: [ 44.744349] CR2: ffffc90006f64000 [ 44.747785] ---[ end trace d2d13475e007ccda ]--- [ 44.752709] RIP: 0010:memcpy_erms+0x6/0x10 [ 44.757129] Code: eb 88 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [ 44.777494] RSP: 0018:ffff8880b2e1f838 EFLAGS: 00010246 [ 44.782967] RAX: ffffc90006f63fe0 RBX: 0000000000000280 RCX: 0000000000000260 [ 44.790496] RDX: 0000000000000280 RSI: ffffc900026d3020 RDI: ffffc90006f64000 [ 44.799779] RBP: ffffc900026d3000 R08: 0000000000000001 R09: fffff52000dec84b [ 44.807033] R10: ffffc90006f6425f R11: 0000000000000000 R12: ffffc900026d3000 [ 44.814457] R13: dffffc0000000000 R14: ffffc90006f63fe0 R15: ffff888237ad5558 [ 44.822420] FS: 0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 44.830642] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.836604] CR2: ffffc90006f64000 CR3: 00000000aab0f000 CR4: 00000000001406f0 [ 44.843870] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.851306] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.858905] Kernel panic - not syncing: Fatal exception [ 44.865881] Kernel Offset: disabled [ 44.869694] Rebooting in 86400 seconds..