[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts. syzkaller login: [ 32.472051] IPVS: ftp: loaded support on port[0] = 21 [ 32.539013] chnl_net:caif_netlink_parms(): no params data found [ 32.619941] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.627141] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.635028] device bridge_slave_0 entered promiscuous mode [ 32.641924] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.649007] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.656453] device bridge_slave_1 entered promiscuous mode [ 32.673120] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 32.681735] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 32.699556] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 32.706907] team0: Port device team_slave_0 added [ 32.712257] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 32.720365] team0: Port device team_slave_1 added [ 32.735822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 32.742057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.767923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.780150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.786837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.812635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.823676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 32.830961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 32.849924] device hsr_slave_0 entered promiscuous mode [ 32.855668] device hsr_slave_1 entered promiscuous mode [ 32.861584] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 32.869405] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 32.932160] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.938575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.945317] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.951639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.980592] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 32.988289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.996787] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.005692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.014522] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.021424] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.028777] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.038795] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 33.045766] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.055507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.063258] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.069578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.090969] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 33.100822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 33.113077] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.119838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.127541] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.133951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.141752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.149803] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.157751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.165586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.173858] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.180609] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.194110] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.201277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.208423] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.218691] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.230372] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.240106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.274005] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.280937] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.288465] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.298275] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.306418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.313690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.322039] device veth0_vlan entered promiscuous mode [ 33.330417] device veth1_vlan entered promiscuous mode [ 33.336536] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.345404] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.356390] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.365568] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.373181] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.380386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.389960] device veth0_macvtap entered promiscuous mode [ 33.396194] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.405032] device veth1_macvtap entered promiscuous mode [ 33.413986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.423501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.434079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.440728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.450034] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.459654] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.466658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 33.553384] FAULT_INJECTION: forcing a failure. [ 33.553384] name failslab, interval 1, probability 0, space 0, times 1 [ 33.564962] CPU: 1 PID: 8105 Comm: syz-executor264 Not tainted 4.19.211-syzkaller #0 [ 33.572849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 33.582184] Call Trace: [ 33.584765] dump_stack+0x1fc/0x2ef [ 33.588378] should_fail.cold+0xa/0xf [ 33.592162] ? setup_fault_attr+0x200/0x200 [ 33.596504] ? lock_acquire+0x170/0x3c0 [ 33.600464] __should_failslab+0x115/0x180 [ 33.604683] should_failslab+0x5/0x10 [ 33.608552] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 33.613650] __kmalloc_node+0x38/0x70 [ 33.617451] qdisc_alloc+0xb2/0xa40 [ 33.621060] ? __lockdep_init_map+0x100/0x5a0 [ 33.625538] qdisc_create_dflt+0x70/0x1d0 [ 33.629668] cbs_init+0xa2/0x420 [ 33.633013] ? cbs_destroy+0x280/0x280 [ 33.636880] qdisc_create+0x579/0x1130 [ 33.640750] ? qdisc_tree_reduce_backlog+0x5d0/0x5d0 [ 33.645837] ? nla_parse+0x1b2/0x290 [ 33.649535] tc_modify_qdisc+0x50d/0x1a80 [ 33.653695] ? apparmor_capable+0x147/0x750 [ 33.658002] ? tc_get_qdisc+0xb60/0xb60 [ 33.661964] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 33.666384] ? tc_get_qdisc+0xb60/0xb60 [ 33.670362] rtnetlink_rcv_msg+0x453/0xb80 [ 33.674603] ? rtnl_calcit.isra.0+0x430/0x430 [ 33.679091] ? memcpy+0x35/0x50 [ 33.682363] ? netdev_pick_tx+0x2f0/0x2f0 [ 33.686523] ? __copy_skb_header+0x414/0x500 [ 33.690911] ? kfree_skbmem+0x140/0x140 [ 33.694882] netlink_rcv_skb+0x160/0x440 [ 33.698926] ? rtnl_calcit.isra.0+0x430/0x430 [ 33.703410] ? netlink_ack+0xae0/0xae0 [ 33.707287] netlink_unicast+0x4d5/0x690 [ 33.711332] ? netlink_sendskb+0x110/0x110 [ 33.715551] ? _copy_from_iter_full+0x229/0x7c0 [ 33.720203] ? __phys_addr_symbol+0x2c/0x70 [ 33.724518] ? __check_object_size+0x17b/0x3e0 [ 33.729090] netlink_sendmsg+0x6c3/0xc50 [ 33.733138] ? aa_af_perm+0x230/0x230 [ 33.736941] ? nlmsg_notify+0x1f0/0x1f0 [ 33.740891] ? kernel_recvmsg+0x220/0x220 [ 33.745023] ? nlmsg_notify+0x1f0/0x1f0 [ 33.748996] sock_sendmsg+0xc3/0x120 [ 33.752706] ___sys_sendmsg+0x7bb/0x8e0 [ 33.756674] ? check_preemption_disabled+0x41/0x280 [ 33.761671] ? copy_msghdr_from_user+0x440/0x440 [ 33.766412] ? proc_fail_nth_write+0x95/0x1d0 [ 33.770885] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 33.775797] ? debug_check_no_obj_freed+0x201/0x490 [ 33.780806] ? __vfs_write+0xff/0x770 [ 33.784587] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 33.789500] ? common_file_perm+0x4e5/0x850 [ 33.793820] ? kernel_read+0x110/0x110 [ 33.797693] ? trace_hardirqs_off+0x64/0x200 [ 33.802092] ? fsnotify+0x84e/0xe10 [ 33.805711] ? vfs_write+0x3d7/0x540 [ 33.809406] ? __fdget+0x1a0/0x230 [ 33.812929] __x64_sys_sendmsg+0x132/0x220 [ 33.817165] ? __sys_sendmsg+0x1b0/0x1b0 [ 33.821205] ? vfs_write+0x393/0x540 [ 33.824905] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 33.830253] ? trace_hardirqs_off_caller+0x6e/0x210 [ 33.835262] ? do_syscall_64+0x21/0x620 [ 33.839253] do_syscall_64+0xf9/0x620 [ 33.843038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 33.848226] RIP: 0033:0x7fd98087c5c9 [ 33.851936] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 33.870821] RSP: 002b:00007ffe372fe6d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 33.878516] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd98087c5c9 [ 33.885763] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 33.893010] RBP: 00007ffe372fe6f0 R08: 0000000000000001 R09: 0000000000000000 [ 33.900274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 33.907525] R13: 00007ffe372fe710 R14: 0000000000000003 R15: 0000000000000000 [ 33.916241] kasan: CONFIG_KASAN_INLINE enabled [ 33.920937] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 33.928377] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 33.934604] CPU: 1 PID: 8105 Comm: syz-executor264 Not tainted 4.19.211-syzkaller #0 [ 33.942472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 33.951845] RIP: 0010:__list_del_entry_valid+0x81/0xf0 [ 33.957120] Code: 0f 84 30 52 85 04 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 31 52 85 04 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 e8 51 85 04 49 8d 7d [ 33.975999] RSP: 0018:ffff8880956f74e8 EFLAGS: 00010246 [ 33.981429] RAX: dffffc0000000000 RBX: ffff8880b29ae900 RCX: ffffffff814bdebb [ 33.988695] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880b29aec28 [ 33.995950] RBP: ffff8880b29aec20 R08: 0000000000000001 R09: fffffbfff15cead8 [ 34.003625] R10: ffffffff8ae756c3 R11: 0000000000000000 R12: 0000000000000000 [ 34.010872] R13: 0000000000000000 R14: ffff8880b29aeb80 R15: ffff8880b29aec28 [ 34.018120] FS: 00005555570ec300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 34.026503] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.032388] CR2: 0000000020000080 CR3: 000000009b9f8000 CR4: 00000000003406e0 [ 34.039640] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.046891] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.054137] Call Trace: [ 34.056708] cbs_destroy+0x81/0x280 [ 34.060315] ? cbs_init+0x244/0x420 [ 34.063921] ? cbs_dequeue_soft+0x810/0x810 [ 34.068219] qdisc_create+0xb70/0x1130 [ 34.072091] ? qdisc_tree_reduce_backlog+0x5d0/0x5d0 [ 34.077204] ? nla_parse+0x1b2/0x290 [ 34.080898] tc_modify_qdisc+0x50d/0x1a80 [ 34.085046] ? apparmor_capable+0x147/0x750 [ 34.089368] ? tc_get_qdisc+0xb60/0xb60 [ 34.093330] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 34.097723] ? tc_get_qdisc+0xb60/0xb60 [ 34.101677] rtnetlink_rcv_msg+0x453/0xb80 [ 34.105899] ? rtnl_calcit.isra.0+0x430/0x430 [ 34.110378] ? memcpy+0x35/0x50 [ 34.113648] ? netdev_pick_tx+0x2f0/0x2f0 [ 34.117779] ? __copy_skb_header+0x414/0x500 [ 34.122169] ? kfree_skbmem+0x140/0x140 [ 34.126128] netlink_rcv_skb+0x160/0x440 [ 34.130186] ? rtnl_calcit.isra.0+0x430/0x430 [ 34.134661] ? netlink_ack+0xae0/0xae0 [ 34.138528] netlink_unicast+0x4d5/0x690 [ 34.142570] ? netlink_sendskb+0x110/0x110 [ 34.146780] ? _copy_from_iter_full+0x229/0x7c0 [ 34.151427] ? __phys_addr_symbol+0x2c/0x70 [ 34.155744] ? __check_object_size+0x17b/0x3e0 [ 34.160306] netlink_sendmsg+0x6c3/0xc50 [ 34.164347] ? aa_af_perm+0x230/0x230 [ 34.168125] ? nlmsg_notify+0x1f0/0x1f0 [ 34.172075] ? kernel_recvmsg+0x220/0x220 [ 34.176200] ? nlmsg_notify+0x1f0/0x1f0 [ 34.180151] sock_sendmsg+0xc3/0x120 [ 34.183840] ___sys_sendmsg+0x7bb/0x8e0 [ 34.187793] ? check_preemption_disabled+0x41/0x280 [ 34.192787] ? copy_msghdr_from_user+0x440/0x440 [ 34.197522] ? proc_fail_nth_write+0x95/0x1d0 [ 34.201997] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 34.206905] ? debug_check_no_obj_freed+0x201/0x490 [ 34.211912] ? __vfs_write+0xff/0x770 [ 34.215689] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 34.220593] ? common_file_perm+0x4e5/0x850 [ 34.224893] ? kernel_read+0x110/0x110 [ 34.228757] ? trace_hardirqs_off+0x64/0x200 [ 34.233141] ? fsnotify+0x84e/0xe10 [ 34.236760] ? vfs_write+0x3d7/0x540 [ 34.240450] ? __fdget+0x1a0/0x230 [ 34.243990] __x64_sys_sendmsg+0x132/0x220 [ 34.248205] ? __sys_sendmsg+0x1b0/0x1b0 [ 34.252241] ? vfs_write+0x393/0x540 [ 34.255935] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 34.261275] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.266272] ? do_syscall_64+0x21/0x620 [ 34.270244] do_syscall_64+0xf9/0x620 [ 34.274050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.279218] RIP: 0033:0x7fd98087c5c9 [ 34.282907] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 34.301793] RSP: 002b:00007ffe372fe6d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 34.309483] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fd98087c5c9 [ 34.316731] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 34.323978] RBP: 00007ffe372fe6f0 R08: 0000000000000001 R09: 0000000000000000 [ 34.331232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 34.338494] R13: 00007ffe372fe710 R14: 0000000000000003 R15: 0000000000000000 [ 34.345740] Modules linked in: [ 34.349385] ---[ end trace f44895ec7fe7bdf9 ]--- [ 34.354172] RIP: 0010:__list_del_entry_valid+0x81/0xf0 [ 34.359447] Code: 0f 84 30 52 85 04 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 31 52 85 04 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 e8 51 85 04 49 8d 7d [ 34.378374] RSP: 0018:ffff8880956f74e8 EFLAGS: 00010246 [ 34.383758] RAX: dffffc0000000000 RBX: ffff8880b29ae900 RCX: ffffffff814bdebb [ 34.391014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880b29aec28 [ 34.398307] RBP: ffff8880b29aec20 R08: 0000000000000001 R09: fffffbfff15cead8 [ 34.405593] R10: ffffffff8ae756c3 R11: 0000000000000000 R12: 0000000000000000 [ 34.412878] R13: 0000000000000000 R14: ffff8880b29aeb80 R15: ffff8880b29aec28 [ 34.420148] FS: 00005555570ec300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 [ 34.428382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.434281] CR2: 0000000020000080 CR3: 000000009b9f8000 CR4: 00000000003406e0 [ 34.441568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.448823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.456103] Kernel panic - not syncing: Fatal exception [ 34.461648] Kernel Offset: disabled [ 34.465258] Rebooting in 86400 seconds..