[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts. 2021/02/26 04:03:11 parsed 1 programs 2021/02/26 04:03:11 executed programs: 0 syzkaller login: [ 414.620153][ T8455] IPVS: ftp: loaded support on port[0] = 21 [ 414.831354][ T8455] chnl_net:caif_netlink_parms(): no params data found [ 414.888680][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.896844][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.906875][ T8455] device bridge_slave_0 entered promiscuous mode [ 414.917137][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.924734][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.933039][ T8455] device bridge_slave_1 entered promiscuous mode [ 414.955028][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.966130][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.991456][ T8455] team0: Port device team_slave_0 added [ 414.999101][ T8455] team0: Port device team_slave_1 added [ 415.018035][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.025165][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.051611][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 415.064425][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 415.071383][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.097747][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.127216][ T8455] device hsr_slave_0 entered promiscuous mode [ 415.134067][ T8455] device hsr_slave_1 entered promiscuous mode [ 415.247430][ T8455] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 415.258498][ T8455] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 415.269855][ T8455] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 415.282760][ T8455] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 415.309160][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.316565][ T8455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.325008][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.332196][ T8455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.379628][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 415.398525][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 415.410177][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.421005][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.430118][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 415.444928][ T8455] 8021q: adding VLAN 0 to HW filter on device team0 [ 415.457248][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 415.466010][ T8596] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.473610][ T8596] bridge0: port 1(bridge_slave_0) entered forwarding state [ 415.488155][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 415.496734][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.503922][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.524833][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 415.534246][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 415.554980][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 415.564063][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 415.574929][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 415.587429][ T8455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 415.606409][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 415.614804][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 415.628491][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.649403][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 415.671355][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 415.682097][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 415.690322][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 415.702117][ T8455] device veth0_vlan entered promiscuous mode [ 415.716850][ T8455] device veth1_vlan entered promiscuous mode [ 415.739683][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 415.750471][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 415.759612][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 415.772040][ T8455] device veth0_macvtap entered promiscuous mode [ 415.784349][ T8455] device veth1_macvtap entered promiscuous mode [ 415.804923][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.813288][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 415.823958][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 415.837038][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 415.845179][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 415.854738][ T8596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 415.868721][ T8455] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.878779][ T8455] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.888087][ T8455] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.897643][ T8455] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.000861][ T8503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.018491][ T8503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.045636][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 416.066545][ T8503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.075182][ T8503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.086157][ T8676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 416.623737][ T8676] Bluetooth: hci0: command 0x0409 tx timeout [ 417.883083][ T8814] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1342 [ 417.901953][ T8814] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8814, name: syz-executor.0 [ 417.911613][ T8814] 2 locks held by syz-executor.0/8814: [ 417.918240][ T8814] #0: ffffffff8bf73be0 (rcu_read_lock){....}-{1:2}, at: bpf_test_run+0x119/0xc50 [ 417.928570][ T8814] #1: ffff88801eaa7158 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x285/0x1210 [ 417.939823][ T8814] Preemption disabled at: [ 417.939852][ T8814] [] migrate_disable+0x5e/0x160 [ 417.952396][ T8814] CPU: 1 PID: 8814 Comm: syz-executor.0 Not tainted 5.11.0-syzkaller #0 [ 417.960939][ T8814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.971018][ T8814] Call Trace: [ 417.974390][ T8814] dump_stack+0xfa/0x151 [ 417.978727][ T8814] ? migrate_disable+0x5e/0x160 [ 417.983583][ T8814] ___might_sleep.cold+0x1f1/0x237 [ 417.988773][ T8814] do_user_addr_fault+0x2c2/0x1210 [ 417.993941][ T8814] exc_page_fault+0x9e/0x180 [ 417.998570][ T8814] asm_exc_page_fault+0x1e/0x30 [ 418.003494][ T8814] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0xa30 [ 418.009873][ T8814] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 d0 00 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 418.029906][ T8814] RSP: 0018:ffffc90001a4fb38 EFLAGS: 00010246 [ 418.035989][ T8814] RAX: 0000000000000000 RBX: ffffc90000ca2000 RCX: 0000000000000000 [ 418.043959][ T8814] RDX: ffff8880225a8000 RSI: ffffc90000ca2048 RDI: ffffc90001a4fcb0 [ 418.051938][ T8814] RBP: ffffc90001a4fb38 R08: 0000000000000001 R09: 0000000000000001 [ 418.059943][ T8814] R10: ffffffff8736c3c7 R11: 0000000000000000 R12: ffff8880225a8000 [ 418.067911][ T8814] R13: ffffc90000ca2000 R14: 0000000000000001 R15: 0000000000000000 [ 418.075899][ T8814] ? bpf_test_run+0x3a7/0xc50 [ 418.080598][ T8814] bpf_test_run+0x222/0xc50 [ 418.085122][ T8814] ? __bpf_prog_test_run_raw_tp+0x420/0x420 [ 418.091026][ T8814] ? bpf_dispatcher_change_prog+0x2e6/0x8f0 [ 418.097020][ T8814] bpf_prog_test_run_xdp+0x2c2/0x4d0 [ 418.102329][ T8814] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 418.108013][ T8814] ? __fget_files+0x288/0x3d0 [ 418.112783][ T8814] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 418.119103][ T8814] ? fput+0x2a/0x50 [ 418.122967][ T8814] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 418.128627][ T8814] __do_sys_bpf+0x1ea9/0x4f00 [ 418.133393][ T8814] ? bpf_link_get_from_fd+0x110/0x110 [ 418.138786][ T8814] ? lock_is_held_type+0xd5/0x130 [ 418.143842][ T8814] ? lock_is_held_type+0xd5/0x130 [ 418.148893][ T8814] ? find_held_lock+0x2d/0x110 [ 418.153705][ T8814] ? syscall_enter_from_user_mode+0x1d/0x50 [ 418.159702][ T8814] do_syscall_64+0x2d/0x70 [ 418.164199][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 418.170249][ T8814] RIP: 0033:0x465ef9 [ 418.174155][ T8814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 418.194118][ T8814] RSP: 002b:00007f87e563f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 418.202539][ T8814] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465ef9 [ 418.210546][ T8814] RDX: 0000000000000028 RSI: 0000000020000440 RDI: 000000000000000a [ 418.218556][ T8814] RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000 [ 418.226536][ T8814] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 418.234522][ T8814] R13: 00007ffcf598b7bf R14: 00007f87e563f300 R15: 0000000000022000 [ 418.248200][ T8814] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 418.256034][ T8814] #PF: supervisor read access in kernel mode [ 418.262020][ T8814] #PF: error_code(0x0000) - not-present page [ 418.268009][ T8814] PGD 14ba4067 P4D 14ba4067 PUD 152aa067 PMD 0 [ 418.274268][ T8814] Oops: 0000 [#1] PREEMPT SMP KASAN [ 418.279488][ T8814] CPU: 1 PID: 8814 Comm: syz-executor.0 Tainted: G W 5.11.0-syzkaller #0 [ 418.289217][ T8814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.299292][ T8814] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0xa30 [ 418.305659][ T8814] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 d0 00 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 418.325278][ T8814] RSP: 0018:ffffc90001a4fb38 EFLAGS: 00010246 [ 418.331338][ T8814] RAX: 0000000000000000 RBX: ffffc90000ca2000 RCX: 0000000000000000 [ 418.339342][ T8814] RDX: ffff8880225a8000 RSI: ffffc90000ca2048 RDI: ffffc90001a4fcb0 [ 418.347365][ T8814] RBP: ffffc90001a4fb38 R08: 0000000000000001 R09: 0000000000000001 [ 418.355428][ T8814] R10: ffffffff8736c3c7 R11: 0000000000000000 R12: ffff8880225a8000 [ 418.363481][ T8814] R13: ffffc90000ca2000 R14: 0000000000000001 R15: 0000000000000000 [ 418.371449][ T8814] FS: 00007f87e563f700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 418.380388][ T8814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 418.386988][ T8814] CR2: 000055c2a3fd9ee8 CR3: 0000000018531000 CR4: 00000000001506e0 [ 418.394954][ T8814] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 418.402921][ T8814] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 418.410891][ T8814] Call Trace: [ 418.414162][ T8814] bpf_test_run+0x222/0xc50 [ 418.418687][ T8814] ? __bpf_prog_test_run_raw_tp+0x420/0x420 [ 418.424630][ T8814] ? bpf_dispatcher_change_prog+0x2e6/0x8f0 [ 418.430657][ T8814] bpf_prog_test_run_xdp+0x2c2/0x4d0 [ 418.435957][ T8814] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 418.441612][ T8814] ? __fget_files+0x288/0x3d0 [ 418.446291][ T8814] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 418.452556][ T8814] ? fput+0x2a/0x50 [ 418.456417][ T8814] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 418.462212][ T8814] __do_sys_bpf+0x1ea9/0x4f00 [ 418.466907][ T8814] ? bpf_link_get_from_fd+0x110/0x110 [ 418.472335][ T8814] ? lock_is_held_type+0xd5/0x130 [ 418.477377][ T8814] ? lock_is_held_type+0xd5/0x130 [ 418.482398][ T8814] ? find_held_lock+0x2d/0x110 [ 418.487164][ T8814] ? syscall_enter_from_user_mode+0x1d/0x50 [ 418.493075][ T8814] do_syscall_64+0x2d/0x70 [ 418.497497][ T8814] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 418.503394][ T8814] RIP: 0033:0x465ef9 [ 418.507291][ T8814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 418.527832][ T8814] RSP: 002b:00007f87e563f188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 418.536244][ T8814] RAX: ffffffffffffffda RBX: 000000000056c0b0 RCX: 0000000000465ef9 [ 418.544212][ T8814] RDX: 0000000000000028 RSI: 0000000020000440 RDI: 000000000000000a [ 418.552185][ T8814] RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000 [ 418.560173][ T8814] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c0b0 [ 418.568139][ T8814] R13: 00007ffcf598b7bf R14: 00007f87e563f300 R15: 0000000000022000 [ 418.576129][ T8814] Modules linked in: [ 418.580034][ T8814] CR2: 0000000000000000 [ 418.584853][ T8814] ---[ end trace e77324a6fae54e5a ]--- [ 418.590322][ T8814] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0xa30 [ 418.596712][ T8814] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 d0 00 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 418.616403][ T8814] RSP: 0018:ffffc90001a4fb38 EFLAGS: 00010246 [ 418.623153][ T8814] RAX: 0000000000000000 RBX: ffffc90000ca2000 RCX: 0000000000000000 [ 418.631163][ T8814] RDX: ffff8880225a8000 RSI: ffffc90000ca2048 RDI: ffffc90001a4fcb0 [ 418.639240][ T8814] RBP: ffffc90001a4fb38 R08: 0000000000000001 R09: 0000000000000001 [ 418.647509][ T8814] R10: ffffffff8736c3c7 R11: 0000000000000000 R12: ffff8880225a8000 [ 418.655576][ T8814] R13: ffffc90000ca2000 R14: 0000000000000001 R15: 0000000000000000 [ 418.663644][ T8814] FS: 00007f87e563f700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 418.672680][ T8814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 418.679294][ T8814] CR2: 000055c2a3fd9ee8 CR3: 0000000018531000 CR4: 00000000001506e0 [ 418.687321][ T8814] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 418.695740][ T8814] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 418.701933][ T7] Bluetooth: hci0: command 0x041b tx timeout [ 418.703808][ T8814] Kernel panic - not syncing: Fatal exception [ 418.716455][ T8814] Kernel Offset: disabled [ 418.720795][ T8814] Rebooting in 86400 seconds..