[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. syzkaller login: [ 34.412795] IPVS: ftp: loaded support on port[0] = 21 [ 34.481756] chnl_net:caif_netlink_parms(): no params data found [ 34.568397] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.575206] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.582260] device bridge_slave_0 entered promiscuous mode [ 34.590340] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.597017] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.604624] device bridge_slave_1 entered promiscuous mode [ 34.621563] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.631401] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.649773] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.657875] team0: Port device team_slave_0 added [ 34.663296] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.671917] team0: Port device team_slave_1 added [ 34.687123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.693354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.719162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.730595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.738122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.764127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.775078] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.782366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.801119] device hsr_slave_0 entered promiscuous mode [ 34.806818] device hsr_slave_1 entered promiscuous mode [ 34.812747] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 34.820544] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 34.884140] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.890571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.897309] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.903951] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.933859] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 34.939933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.949048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 34.958119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.966290] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.973269] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.981061] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 34.991954] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 34.998403] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.007819] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.015632] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.021995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.031496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.039785] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.046214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.065591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.073184] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.081671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.089270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.097375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.105912] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.111896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.124777] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.131883] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.138666] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.148980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.161573] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.171708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.199481] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.207156] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.214544] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.223053] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.231739] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.238992] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.248141] device veth0_vlan entered promiscuous mode [ 35.256970] device veth1_vlan entered promiscuous mode [ 35.262795] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.271356] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.281950] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.291851] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.299484] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.307022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.316929] device veth0_macvtap entered promiscuous mode [ 35.322964] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.331402] device veth1_macvtap entered promiscuous mode [ 35.339885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.348934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.358428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.365693] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.374987] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.384525] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.394751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 35.479767] netlink: 28 bytes leftover after parsing attributes in process `syz-executor404'. [ 35.489182] kasan: CONFIG_KASAN_INLINE enabled [ 35.494094] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 35.501473] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 35.507686] CPU: 0 PID: 8107 Comm: syz-executor404 Not tainted 4.19.211-syzkaller #0 [ 35.515543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 35.524881] RIP: 0010:__list_del_entry_valid+0x81/0xf0 [ 35.530133] Code: 0f 84 30 52 85 04 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 31 52 85 04 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 e8 51 85 04 49 8d 7d [ 35.549012] RSP: 0018:ffff8880b0c674e8 EFLAGS: 00010246 [ 35.554351] RAX: dffffc0000000000 RBX: ffff8880af7a0040 RCX: ffffffff814bdebb [ 35.561599] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880af7a0368 [ 35.568848] RBP: ffff8880af7a0360 R08: 0000000000000001 R09: fffffbfff15cead8 [ 35.576095] R10: ffffffff8ae756c3 R11: 0000000000000000 R12: 0000000000000000 [ 35.583341] R13: 0000000000000000 R14: ffff8880af7a02c0 R15: ffff8880af7a0368 [ 35.590588] FS: 000055555606e300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 35.599050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.605008] CR2: 0000000020000080 CR3: 00000000a4ba7000 CR4: 00000000003406f0 [ 35.612257] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.619511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.626773] Call Trace: [ 35.629342] cbs_destroy+0x81/0x280 [ 35.632952] ? cbs_init+0x244/0x420 [ 35.636556] ? cbs_dequeue_soft+0x810/0x810 [ 35.640855] qdisc_create+0xb70/0x1130 [ 35.644723] ? qdisc_tree_reduce_backlog+0x5d0/0x5d0 [ 35.649823] ? nla_parse+0x1e7/0x290 [ 35.653519] ? nla_parse+0x1b2/0x290 [ 35.657209] tc_modify_qdisc+0x50d/0x1a80 [ 35.661339] ? apparmor_capable+0x147/0x750 [ 35.665637] ? tc_get_qdisc+0xb60/0xb60 [ 35.669589] ? rtnetlink_rcv_msg+0x3fe/0xb80 [ 35.673978] ? tc_get_qdisc+0xb60/0xb60 [ 35.677943] rtnetlink_rcv_msg+0x453/0xb80 [ 35.682158] ? rtnl_calcit.isra.0+0x430/0x430 [ 35.686643] ? memcpy+0x35/0x50 [ 35.689903] ? netdev_pick_tx+0x2f0/0x2f0 [ 35.694030] ? __copy_skb_header+0x414/0x500 [ 35.698415] ? kfree_skbmem+0x140/0x140 [ 35.702368] netlink_rcv_skb+0x160/0x440 [ 35.706407] ? rtnl_calcit.isra.0+0x430/0x430 [ 35.710892] ? netlink_ack+0xae0/0xae0 [ 35.714762] netlink_unicast+0x4d5/0x690 [ 35.718800] ? netlink_sendskb+0x110/0x110 [ 35.723015] ? _copy_from_iter_full+0x229/0x7c0 [ 35.727661] ? __phys_addr_symbol+0x2c/0x70 [ 35.731974] ? __check_object_size+0x17b/0x3e0 [ 35.736535] netlink_sendmsg+0x6c3/0xc50 [ 35.740577] ? aa_af_perm+0x230/0x230 [ 35.744360] ? nlmsg_notify+0x1f0/0x1f0 [ 35.748338] ? kernel_recvmsg+0x220/0x220 [ 35.752469] ? nlmsg_notify+0x1f0/0x1f0 [ 35.756421] sock_sendmsg+0xc3/0x120 [ 35.760114] ___sys_sendmsg+0x7bb/0x8e0 [ 35.764066] ? copy_msghdr_from_user+0x440/0x440 [ 35.768798] ? do_huge_pmd_anonymous_page+0x935/0x1e60 [ 35.774053] ? sock_ioctl+0x30e/0x5d0 [ 35.777831] ? dlci_ioctl_set+0x30/0x30 [ 35.781782] ? _raw_spin_unlock+0x29/0x40 [ 35.785909] ? __handle_mm_fault+0xf34/0x41c0 [ 35.790383] ? dlci_ioctl_set+0x30/0x30 [ 35.794336] ? do_vfs_ioctl+0x110/0x12e0 [ 35.798390] ? ioctl_preallocate+0x200/0x200 [ 35.802787] ? __do_page_fault+0x6d1/0xd60 [ 35.807004] ? __fdget+0x1a0/0x230 [ 35.810532] __x64_sys_sendmsg+0x132/0x220 [ 35.814743] ? __sys_sendmsg+0x1b0/0x1b0 [ 35.818786] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 35.824131] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.829124] ? do_syscall_64+0x21/0x620 [ 35.833085] do_syscall_64+0xf9/0x620 [ 35.836871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.842040] RIP: 0033:0x7f537fd36409 [ 35.845735] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 35.864615] RSP: 002b:00007ffd6d542058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 35.872300] RAX: ffffffffffffffda RBX: 00007ffd6d542068 RCX: 00007f537fd36409 [ 35.879564] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 35.886810] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 35.894057] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6d542070 [ 35.901305] R13: 00007ffd6d542090 R14: 0000000000000000 R15: 0000000000000000 [ 35.908575] Modules linked in: [ 35.911808] ---[ end trace 703a28ed37b267dc ]--- [ 35.916596] RIP: 0010:__list_del_entry_valid+0x81/0xf0 [ 35.921869] Code: 0f 84 30 52 85 04 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 31 52 85 04 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 51 49 8b 14 24 48 39 ea 0f 85 e8 51 85 04 49 8d 7d [ 35.940803] RSP: 0018:ffff8880b0c674e8 EFLAGS: 00010246 [ 35.946187] RAX: dffffc0000000000 RBX: ffff8880af7a0040 RCX: ffffffff814bdebb [ 35.953479] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880af7a0368 [ 35.960737] RBP: ffff8880af7a0360 R08: 0000000000000001 R09: fffffbfff15cead8 [ 35.968017] R10: ffffffff8ae756c3 R11: 0000000000000000 R12: 0000000000000000 [ 35.975314] R13: 0000000000000000 R14: ffff8880af7a02c0 R15: ffff8880af7a0368 [ 35.982572] FS: 000055555606e300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 35.990802] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.996700] CR2: 0000000020000080 CR3: 00000000a4ba7000 CR4: 00000000003406f0 [ 36.004004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.011298] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.018581] Kernel panic - not syncing: Fatal exception [ 36.024224] Kernel Offset: disabled [ 36.027834] Rebooting in 86400 seconds..