Starting Permit User Sessions... [ OK ] Started Regular background program processing daemon. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ 60.200414][ T8152] sshd (8152) used greatest stack depth: 22920 bytes left [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.72' (ECDSA) to the list of known hosts. 2021/01/02 21:12:01 parsed 1 programs 2021/01/02 21:12:01 executed programs: 0 syzkaller login: [ 79.053704][ T36] audit: type=1400 audit(1609621921.652:8): avc: denied { execmem } for pid=8493 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 80.188188][ T8494] IPVS: ftp: loaded support on port[0] = 21 [ 80.334533][ T8494] chnl_net:caif_netlink_parms(): no params data found [ 80.394792][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.402563][ T8494] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.410958][ T8494] device bridge_slave_0 entered promiscuous mode [ 80.421182][ T8494] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.428778][ T8494] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.429858][ T8494] device bridge_slave_1 entered promiscuous mode [ 80.460147][ T8494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.471257][ T8494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.496017][ T8494] team0: Port device team_slave_0 added [ 80.505282][ T8494] team0: Port device team_slave_1 added [ 80.526127][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.533338][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.559717][ T8494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.573270][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.580656][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.607079][ T8494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.636247][ T8494] device hsr_slave_0 entered promiscuous mode [ 80.643087][ T8494] device hsr_slave_1 entered promiscuous mode [ 80.760952][ T8494] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.772066][ T8494] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.782380][ T8494] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.793062][ T8494] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.821833][ T8494] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.829046][ T8494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.836807][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.843953][ T8494] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.896096][ T8494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.911968][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.923654][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.932259][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.940687][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.955939][ T8494] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.968356][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.976778][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.983912][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.009514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 81.018925][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.025978][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.035528][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.048355][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 81.056349][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.075035][ T8494] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 81.087084][ T8494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.102073][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 81.111249][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.120467][ T8169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.144110][ T8494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.152878][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 81.163097][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 81.183982][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 81.207044][ T8494] device veth0_vlan entered promiscuous mode [ 81.214556][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 81.225065][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 81.232950][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 81.248981][ T8494] device veth1_vlan entered promiscuous mode [ 81.272953][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 81.281714][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 81.290821][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 81.303639][ T8494] device veth0_macvtap entered promiscuous mode [ 81.314896][ T8494] device veth1_macvtap entered promiscuous mode [ 81.323461][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 81.344657][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.352551][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 81.361861][ T2997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 81.375105][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.382797][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 81.392154][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 81.405388][ T8494] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.416774][ T8494] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.425932][ T8494] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.435256][ T8494] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.540464][ T366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.553285][ T366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.580532][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 81.600256][ T366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.608391][ T366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.622988][ T3856] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 81.682927][ T8733] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 81.689923][ T8733] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 81.715696][ T8733] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 81.722246][ T8733] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 81.750567][ T8734] vhci_hcd: connection closed [ 81.751957][ T8738] vhci_hcd: connection closed [ 81.752890][ T366] vhci_hcd: stop threads [ 81.769891][ T366] vhci_hcd: release socket [ 81.774448][ T366] vhci_hcd: disconnect device [ 81.781770][ T366] vhci_hcd: stop threads [ 81.786059][ T366] vhci_hcd: release socket [ 81.791635][ T366] vhci_hcd: disconnect device [ 82.178820][ T2997] Bluetooth: hci0: command 0x0409 tx timeout [ 82.252617][ T8733] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(3) [ 82.259159][ T8733] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 82.266827][ T8740] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(6) [ 82.273379][ T8740] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 82.288411][ T8741] vhci_hcd: connection closed [ 82.289240][ T8743] vhci_hcd: connection closed [ 82.294270][ T471] vhci_hcd: stop threads [ 82.304157][ T471] vhci_hcd: release socket [ 82.323835][ T471] vhci_hcd: disconnect device [ 82.330588][ T471] ================================================================== [ 82.338886][ T471] BUG: KASAN: null-ptr-deref in kthread_stop+0x90/0x720 [ 82.345860][ T471] Write of size 4 at addr 0000000000000024 by task kworker/u4:11/471 [ 82.353936][ T471] [ 82.356263][ T471] CPU: 0 PID: 471 Comm: kworker/u4:11 Not tainted 5.11.0-rc1-syzkaller #0 [ 82.364772][ T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.374842][ T471] Workqueue: usbip_event event_handler [ 82.380323][ T471] Call Trace: [ 82.383613][ T471] dump_stack+0x107/0x163 [ 82.387966][ T471] ? kthread_stop+0x90/0x720 [ 82.392712][ T471] ? kthread_stop+0x90/0x720 [ 82.397293][ T471] kasan_report.cold+0x5f/0xd5 [ 82.402069][