[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.24' (ECDSA) to the list of known hosts. 2020/08/28 06:33:40 parsed 1 programs 2020/08/28 06:33:40 executed programs: 0 syzkaller login: [ 147.274405][ T6846] IPVS: ftp: loaded support on port[0] = 21 [ 147.386184][ T6846] chnl_net:caif_netlink_parms(): no params data found [ 147.433931][ T6846] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.441707][ T6846] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.449610][ T6846] device bridge_slave_0 entered promiscuous mode [ 147.460430][ T6846] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.467542][ T6846] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.476224][ T6846] device bridge_slave_1 entered promiscuous mode [ 147.495022][ T6846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.505807][ T6846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.527037][ T6846] team0: Port device team_slave_0 added [ 147.534256][ T6846] team0: Port device team_slave_1 added [ 147.549748][ T6846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.556851][ T6846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.583688][ T6846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.597199][ T6846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.604840][ T6846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.631708][ T6846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.659071][ T6846] device hsr_slave_0 entered promiscuous mode [ 147.666546][ T6846] device hsr_slave_1 entered promiscuous mode [ 147.746526][ T6846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 147.757327][ T6846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 147.770751][ T6846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 147.779231][ T6846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 147.803532][ T6846] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.810730][ T6846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.818421][ T6846] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.825555][ T6846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.866431][ T6846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.878600][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 147.892240][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.900635][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.908329][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 147.921400][ T6846] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.932748][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 147.941652][ T2586] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.948814][ T2586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.971361][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 147.979906][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.987018][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.995803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 148.004663][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 148.019653][ T6846] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 148.030619][ T6846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 148.044008][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 148.052593][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.061916][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 148.071348][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 148.087223][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 148.095297][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 148.107518][ T6846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.126082][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 148.144967][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 148.153722][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 148.162383][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 148.173272][ T6846] device veth0_vlan entered promiscuous mode [ 148.184578][ T6846] device veth1_vlan entered promiscuous mode [ 148.203596][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 148.212667][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 148.221915][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 148.233460][ T6846] device veth0_macvtap entered promiscuous mode [ 148.243099][ T6846] device veth1_macvtap entered promiscuous mode [ 148.258847][ T6846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.266490][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 148.276758][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 148.288633][ T6846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 148.296400][ T2586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 148.308589][ T6846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.318858][ T6846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.327832][ T6846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.336656][ T6846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.290687][ T2586] Bluetooth: hci0: command 0x0409 tx timeout 2020/08/28 06:33:45 executed programs: 115 [ 151.370539][ T3922] Bluetooth: hci0: command 0x041b tx timeout [ 153.450259][ T5] Bluetooth: hci0: command 0x040f tx timeout [ 155.529664][ T3922] Bluetooth: hci0: command 0x0419 tx timeout 2020/08/28 06:33:50 executed programs: 337 2020/08/28 06:33:55 executed programs: 554 2020/08/28 06:34:00 executed programs: 941 [ 167.389903][T10799] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN [ 167.402156][T10799] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 167.410651][T10799] CPU: 1 PID: 10799 Comm: syz-executor.0 Not tainted 5.9.0-rc2-syzkaller #0 [ 167.419299][T10799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.429355][T10799] RIP: 0010:sock_close+0xc5/0x260 [ 167.434356][T10799] Code: fc ff df 41 80 3c 04 00 74 08 4c 89 ff e8 e3 cf 49 fb 49 8b 1f 48 83 c3 10 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 bd cf 49 fb 4c 89 f7 ff 13 49 8d 5e [ 167.454061][T10799] RSP: 0018:ffffc90008c0fe10 EFLAGS: 00010202 [ 167.460100][T10799] RAX: 0000000000000002 RBX: 0000000000000010 RCX: dffffc0000000000 [ 167.468072][T10799] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001 [ 167.476034][T10799] RBP: ffffffff88b9ad58 R08: dffffc0000000000 R09: ffffed10102ae0df [ 167.484309][T10799] R10: ffffed10102ae0df R11: 0000000000000000 R12: 1ffff110102ae0ac [ 167.492257][T10799] R13: ffff8880815706e0 R14: ffff888081570540 R15: ffff888081570560 [ 167.500308][T10799] FS: 00007fca8527d700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 167.509332][T10799] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.515893][T10799] CR2: 0000000000000000 CR3: 000000009e6da000 CR4: 00000000001506e0 [ 167.523844][T10799] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.531805][T10799] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.539757][T10799] Call Trace: [ 167.543070][T10799] ? sock_mmap+0x90/0x90 [ 167.547285][T10799] __fput+0x34f/0x7b0 [ 167.551241][T10799] task_work_run+0x137/0x1c0 [ 167.555819][T10799] exit_to_user_mode_prepare+0xfa/0x1b0 [ 167.561359][T10799] syscall_exit_to_user_mode+0x5e/0x1a0 [ 167.566877][T10799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 167.572753][T10799] RIP: 0033:0x45d5b9 [ 167.576625][T10799] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.596226][T10799] RSP: 002b:00007fca8527cc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 167.604622][T10799] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9 [ 167.612568][T10799] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000005 [ 167.620511][T10799] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000 [ 167.628467][T10799] R10: 0000000020000000 R11: 0000000000000246 R12: 000000000118cf4c [ 167.636596][T10799] R13: 00007ffc398ecebf R14: 00007fca8527d9c0 R15: 000000000118cf4c [ 167.644557][T10799] Modules linked in: [ 167.656476][T10799] ---[ end trace ab5a9dad69a71650 ]--- [ 167.662278][T10799] RIP: 0010:sock_close+0xc5/0x260 [ 167.667276][T10799] Code: fc ff df 41 80 3c 04 00 74 08 4c 89 ff e8 e3 cf 49 fb 49 8b 1f 48 83 c3 10 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 bd cf 49 fb 4c 89 f7 ff 13 49 8d 5e [ 167.687647][T10799] RSP: 0018:ffffc90008c0fe10 EFLAGS: 00010202 [ 167.694483][T10799] RAX: 0000000000000002 RBX: 0000000000000010 RCX: dffffc0000000000 [ 167.702581][T10799] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001 [ 167.711385][T10799] RBP: ffffffff88b9ad58 R08: dffffc0000000000 R09: ffffed10102ae0df [ 167.719489][T10799] R10: ffffed10102ae0df R11: 0000000000000000 R12: 1ffff110102ae0ac [ 167.728127][T10799] R13: ffff8880815706e0 R14: ffff888081570540 R15: ffff888081570560 [ 167.736899][T10799] FS: 00007fca8527d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 167.746443][T10799] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 167.753585][T10799] CR2: 00007f62fc03b028 CR3: 000000009e6da000 CR4: 00000000001506f0 [ 167.762044][T10799] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 167.770174][T10799] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 167.778174][T10799] Kernel panic - not syncing: Fatal exception [ 167.785886][T10799] Kernel Offset: disabled [ 167.790227][T10799] Rebooting in 86400 seconds..