Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2020/12/21 16:38:36 parsed 1 programs 2020/12/21 16:38:37 executed programs: 0 syzkaller login: [ 67.380378][ T8517] IPVS: ftp: loaded support on port[0] = 21 [ 67.575791][ T8517] chnl_net:caif_netlink_parms(): no params data found [ 67.629768][ T8517] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.637256][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.645570][ T8517] device bridge_slave_0 entered promiscuous mode [ 67.654511][ T8517] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.661744][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.670178][ T8517] device bridge_slave_1 entered promiscuous mode [ 67.691431][ T8517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.702036][ T8517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.724142][ T8517] team0: Port device team_slave_0 added [ 67.731541][ T8517] team0: Port device team_slave_1 added [ 67.749449][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.756384][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.782363][ T8517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.795084][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.802246][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.828314][ T8517] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.854951][ T8517] device hsr_slave_0 entered promiscuous mode [ 67.861741][ T8517] device hsr_slave_1 entered promiscuous mode [ 67.961245][ T8517] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.971403][ T8517] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.986928][ T8517] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.998694][ T8517] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.024302][ T8517] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.031446][ T8517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.039420][ T8517] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.046488][ T8517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.091334][ T8517] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.105582][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.116744][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.125151][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.133706][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.147017][ T8517] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.157701][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.166767][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.173867][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.190155][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.199446][ T3082] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.206487][ T3082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.223860][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.232422][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.245066][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.256674][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.270894][ T8517] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.282333][ T8517] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.292449][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.311609][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.319617][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.331991][ T8517] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.352703][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.372922][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.382122][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.391351][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.402059][ T8517] device veth0_vlan entered promiscuous mode [ 68.416430][ T8517] device veth1_vlan entered promiscuous mode [ 68.439062][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.447017][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.456363][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.468419][ T8517] device veth0_macvtap entered promiscuous mode [ 68.477397][ T8517] device veth1_macvtap entered promiscuous mode [ 68.495795][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.503232][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.513381][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.525569][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.534608][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.545899][ T8517] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.555812][ T8517] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.564580][ T8517] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.573361][ T8517] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.665652][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.687632][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.703300][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.717221][ T196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.726794][ T196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.740286][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.419065][ T3082] Bluetooth: hci0: command 0x0409 tx timeout 2020/12/21 16:38:42 executed programs: 49 [ 71.498037][ T3082] Bluetooth: hci0: command 0x041b tx timeout [ 73.577152][ T4087] Bluetooth: hci0: command 0x040f tx timeout [ 75.658915][ T4087] Bluetooth: hci0: command 0x0419 tx timeout 2020/12/21 16:38:47 executed programs: 143 [ 79.574603][ T9561] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1351 [ 79.584497][ T9561] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9561, name: syz-executor.0 [ 79.594459][ T9561] 2 locks held by syz-executor.0/9561: [ 79.600029][ T9561] #0: ffffffff8b33a020 (rcu_read_lock){....}-{1:2}, at: bpf_test_run+0x116/0xcc0 [ 79.610146][ T9561] #1: ffff8880297ac158 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x25f/0xc50 [ 79.621631][ T9561] Preemption disabled at: [ 79.621665][ T9561] [] migrate_disable+0x5e/0x160 [ 79.632486][ T9561] CPU: 0 PID: 9561 Comm: syz-executor.0 Not tainted 5.10.0-syzkaller #0 [ 79.640836][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.650869][ T9561] Call Trace: [ 79.654149][ T9561] dump_stack+0x107/0x163 [ 79.658479][ T9561] ? migrate_disable+0x5e/0x160 [ 79.663311][ T9561] ___might_sleep.cold+0x1f1/0x237 [ 79.668406][ T9561] do_user_addr_fault+0x29c/0xc50 [ 79.673424][ T9561] ? irqentry_enter+0x26/0x50 [ 79.678089][ T9561] exc_page_fault+0x9e/0x180 [ 79.682666][ T9561] asm_exc_page_fault+0x1e/0x30 [ 79.687501][ T9561] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0x71c [ 79.693818][ T9561] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 00 01 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 79.713529][ T9561] RSP: 0018:ffffc900016efb30 EFLAGS: 00010246 [ 79.719581][ T9561] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff87314b68 [ 79.727541][ T9561] RDX: ffff888026c75040 RSI: ffffc90000e7e038 RDI: ffffc900016efcb0 [ 79.735505][ T9561] RBP: ffffc900016efb30 R08: 0000000000000001 R09: 0000000000000001 [ 79.743458][ T9561] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 79.751411][ T9561] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc90000e7e000 [ 79.759398][ T9561] ? bpf_test_run+0x3a8/0xcc0 [ 79.764069][ T9561] bpf_test_run+0x21c/0xcc0 [ 79.768561][ T9561] ? bpf_ctx_init+0x1c0/0x1c0 [ 79.773222][ T9561] ? bpf_dispatcher_change_prog+0x2e6/0x8f0 [ 79.779102][ T9561] bpf_prog_test_run_xdp+0x2ca/0x510 [ 79.784379][ T9561] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 79.790011][ T9561] ? __fget_files+0x294/0x400 [ 79.794676][ T9561] ? fput_many+0x2f/0x1a0 [ 79.798987][ T9561] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 79.804600][ T9561] __do_sys_bpf+0x2174/0x5130 [ 79.809260][ T9561] ? bpf_link_get_from_fd+0x110/0x110 [ 79.814631][ T9561] ? _copy_to_user+0xdc/0x150 [ 79.819315][ T9561] ? put_timespec64+0xcb/0x120 [ 79.824062][ T9561] ? ns_to_timespec64+0xc0/0xc0 [ 79.828923][ T9561] ? syscall_enter_from_user_mode+0x1d/0x50 [ 79.834804][ T9561] do_syscall_64+0x2d/0x70 [ 79.839202][ T9561] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 79.845075][ T9561] RIP: 0033:0x45e149 [ 79.848950][ T9561] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.868552][ T9561] RSP: 002b:00007fe816852c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 79.876957][ T9561] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e149 [ 79.884920][ T9561] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 79.892874][ T9561] RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 79.900835][ T9561] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c [ 79.908789][ T9561] R13: 00007ffedd28909f R14: 00007fe8168539c0 R15: 000000000119bf8c [ 79.919605][ T9561] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 79.927409][ T9561] #PF: supervisor read access in kernel mode [ 79.933431][ T9561] #PF: error_code(0x0000) - not-present page [ 79.939385][ T9561] PGD 14b1d067 P4D 14b1d067 PUD 242bf067 PMD 0 [ 79.945625][ T9561] Oops: 0000 [#1] PREEMPT SMP KASAN [ 79.950804][ T9561] CPU: 0 PID: 9561 Comm: syz-executor.0 Tainted: G W 5.10.0-syzkaller #0 [ 79.960506][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.970547][ T9561] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0x71c [ 79.976973][ T9561] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 00 01 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 79.996556][ T9561] RSP: 0018:ffffc900016efb30 EFLAGS: 00010246 [ 80.002596][ T9561] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff87314b68 [ 80.010552][ T9561] RDX: ffff888026c75040 RSI: ffffc90000e7e038 RDI: ffffc900016efcb0 [ 80.018506][ T9561] RBP: ffffc900016efb30 R08: 0000000000000001 R09: 0000000000000001 [ 80.026462][ T9561] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 80.034419][ T9561] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc90000e7e000 [ 80.042366][ T9561] FS: 00007fe816853700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 80.051388][ T9561] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.057965][ T9561] CR2: 0000000000000000 CR3: 0000000012278000 CR4: 00000000001506f0 [ 80.065922][ T9561] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.073868][ T9561] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.081812][ T9561] Call Trace: [ 80.085096][ T9561] bpf_test_run+0x21c/0xcc0 [ 80.089577][ T9561] ? bpf_ctx_init+0x1c0/0x1c0 [ 80.094234][ T9561] ? bpf_dispatcher_change_prog+0x2e6/0x8f0 [ 80.100104][ T9561] bpf_prog_test_run_xdp+0x2ca/0x510 [ 80.105371][ T9561] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 80.110981][ T9561] ? __fget_files+0x294/0x400 [ 80.115668][ T9561] ? fput_many+0x2f/0x1a0 [ 80.119988][ T9561] ? bpf_prog_test_run_skb+0x1c50/0x1c50 [ 80.125596][ T9561] __do_sys_bpf+0x2174/0x5130 [ 80.130252][ T9561] ? bpf_link_get_from_fd+0x110/0x110 [ 80.135597][ T9561] ? _copy_to_user+0xdc/0x150 [ 80.140255][ T9561] ? put_timespec64+0xcb/0x120 [ 80.145008][ T9561] ? ns_to_timespec64+0xc0/0xc0 [ 80.149847][ T9561] ? syscall_enter_from_user_mode+0x1d/0x50 [ 80.155727][ T9561] do_syscall_64+0x2d/0x70 [ 80.160133][ T9561] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.166004][ T9561] RIP: 0033:0x45e149 [ 80.169880][ T9561] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.189471][ T9561] RSP: 002b:00007fe816852c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 80.197890][ T9561] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e149 [ 80.205842][ T9561] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 80.213797][ T9561] RBP: 000000000119bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 80.221762][ T9561] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c [ 80.229723][ T9561] R13: 00007ffedd28909f R14: 00007fe8168539c0 R15: 000000000119bf8c [ 80.237690][ T9561] Modules linked in: [ 80.241664][ T9561] CR2: 0000000000000000 [ 80.247259][ T9561] ---[ end trace 647e5d0e41621896 ]--- [ 80.252728][ T9561] RIP: 0010:bpf_prog_e48ebe87b99394c4+0x11/0x71c [ 80.259099][ T9561] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f 1f 44 00 00 66 90 55 48 89 e5 31 c0 48 8b 47 28 <48> 8b 40 00 8b 80 00 01 00 00 c9 c3 cc cc cc cc cc cc cc cc cc cc [ 80.278781][ T9561] RSP: 0018:ffffc900016efb30 EFLAGS: 00010246 [ 80.284826][ T9561] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff87314b68 [ 80.292816][ T9561] RDX: ffff888026c75040 RSI: ffffc90000e7e038 RDI: ffffc900016efcb0 [ 80.300897][ T9561] RBP: ffffc900016efb30 R08: 0000000000000001 R09: 0000000000000001 [ 80.308910][ T9561] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 80.316948][ T9561] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc90000e7e000 [ 80.324990][ T9561] FS: 00007fe816853700(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 [ 80.334026][ T9561] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.340681][ T9561] CR2: 0000000000000000 CR3: 0000000012278000 CR4: 00000000001506f0 [ 80.348715][ T9561] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.357058][ T9561] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.365017][ T9561] Kernel panic - not syncing: Fatal exception [ 80.371755][ T9561] Kernel Offset: disabled [ 80.376067][ T9561] Rebooting in 86400 seconds..