[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. 2021/01/28 22:29:34 parsed 1 programs 2021/01/28 22:29:34 executed programs: 0 syzkaller login: [ 76.194134][ T8452] IPVS: ftp: loaded support on port[0] = 21 [ 76.373357][ T8452] chnl_net:caif_netlink_parms(): no params data found [ 76.431012][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.439601][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.447601][ T8452] device bridge_slave_0 entered promiscuous mode [ 76.457644][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.465208][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.473277][ T8452] device bridge_slave_1 entered promiscuous mode [ 76.496770][ T8452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.508091][ T8452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.532648][ T8452] team0: Port device team_slave_0 added [ 76.541459][ T8452] team0: Port device team_slave_1 added [ 76.560040][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.567024][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.596789][ T8452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.615091][ T8452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.623507][ T8452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.650581][ T8452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.680290][ T8452] device hsr_slave_0 entered promiscuous mode [ 76.688708][ T8452] device hsr_slave_1 entered promiscuous mode [ 76.804960][ T8452] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.816114][ T8452] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.826971][ T8452] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.837821][ T8452] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.865815][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.873226][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.882923][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.890999][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.942904][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.956963][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.971415][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.982001][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.991439][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 77.007629][ T8452] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.019334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.029209][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.036323][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.047946][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.058557][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.065793][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.089653][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.101809][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.119412][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.130735][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.145162][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.158138][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.180488][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.189711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.205118][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.228476][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 77.251275][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 77.260957][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 77.270292][ T3159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.281625][ T8452] device veth0_vlan entered promiscuous mode [ 77.296886][ T8452] device veth1_vlan entered promiscuous mode [ 77.325316][ T8452] device veth0_macvtap entered promiscuous mode [ 77.335521][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 77.345514][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 77.360684][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.370208][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 77.383386][ T8452] device veth1_macvtap entered promiscuous mode [ 77.403992][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.412612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 77.423285][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.436707][ T8452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.445953][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.455540][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.469796][ T8452] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.479194][ T8452] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.487908][ T8452] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.497644][ T8452] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.602164][ T221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.628657][ T221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.638086][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.659797][ T221] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.667966][ T221] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.682679][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.169558][ T3159] Bluetooth: hci0: command 0x0409 tx timeout 2021/01/28 22:29:39 executed programs: 18 [ 80.239017][ T3159] Bluetooth: hci0: command 0x041b tx timeout [ 82.319198][ T3159] Bluetooth: hci0: command 0x040f tx timeout [ 84.398134][ T3159] Bluetooth: hci0: command 0x0419 tx timeout 2021/01/28 22:29:44 executed programs: 62 2021/01/28 22:29:50 executed programs: 105 2021/01/28 22:29:55 executed programs: 149 [ 95.413123][T10539] ------------[ cut here ]------------ [ 95.426844][T10539] WARNING: CPU: 1 PID: 10539 at fs/io_uring.c:9042 io_uring_cancel_task_requests+0xe55/0x10c0 [ 95.448085][T10539] Modules linked in: [ 95.452663][T10539] CPU: 1 PID: 10539 Comm: syz-executor.0 Not tainted 5.11.0-rc5-next-20210128-syzkaller #0 [ 95.477594][T10539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.490767][T10539] RIP: 0010:io_uring_cancel_task_requests+0xe55/0x10c0 [ 95.498419][T10539] Code: 00 00 e9 1c fe ff ff 48 8b 7c 24 18 e8 f4 b4 da ff e9 f2 fc ff ff 48 8b 7c 24 18 e8 e5 b4 da ff e9 64 f2 ff ff e8 eb 16 97 ff <0f> 0b e9 ed f2 ff ff e8 df b4 da ff e9 c8 f5 ff ff 4c 89 ef e8 52 [ 95.526860][T10539] RSP: 0018:ffffc9000bc87950 EFLAGS: 00010293 [ 95.534189][T10539] RAX: 0000000000000000 RBX: ffff888022c39000 RCX: 0000000000000000 [ 95.544200][T10539] RDX: ffff888143a43800 RSI: ffffffff81dbfe65 RDI: ffff888022c390d0 [ 95.552660][T10539] RBP: ffff888022c390e8 R08: 0000000000000000 R09: ffff888143a43807 [ 95.562700][T10539] R10: ffffffff81dbf0df R11: 0000000000000000 R12: ffff888022c39000 [ 95.571506][T10539] R13: ffff888143a43800 R14: ffff88801acae000 R15: ffff888022c3d018 [ 95.581489][T10539] FS: 0000000000000000(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 [ 95.591148][T10539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.598593][T10539] CR2: 000055f29f073180 CR3: 00000000248cc000 CR4: 00000000001506e0 [ 95.607151][T10539] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.617644][T10539] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.626272][T10539] Call Trace: [ 95.631697][T10539] ? io_ring_exit_work+0x6d0/0x6d0 [ 95.636857][T10539] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 95.643107][T10539] io_uring_flush+0x47b/0x6e0 [ 95.647819][T10539] ? io_uring_cancel_task_requests+0x10c0/0x10c0 [ 95.654656][T10539] filp_close+0xb4/0x170 [ 95.659460][T10539] put_files_struct+0x1cc/0x350 [ 95.666714][T10539] exit_files+0x7e/0xa0 [ 95.671077][T10539] do_exit+0xc22/0x2ae0 [ 95.675563][T10539] ? find_held_lock+0x2d/0x110 [ 95.680450][T10539] ? mm_update_next_owner+0x7a0/0x7a0 [ 95.686295][T10539] ? get_signal+0x332/0x20f0 [ 95.690993][T10539] ? lock_downgrade+0x6d0/0x6d0 [ 95.696398][T10539] do_group_exit+0x125/0x310 [ 95.701389][T10539] get_signal+0x427/0x20f0 [ 95.705923][T10539] ? futex_exit_release+0x220/0x220 [ 95.712272][T10539] ? __might_fault+0xd3/0x180 [ 95.717272][T10539] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 95.723176][T10539] ? _copy_to_user+0xdc/0x150 [ 95.728874][T10539] ? copy_siginfo_to_user32+0xa0/0xa0 [ 95.734292][T10539] ? __do_sys_futex+0x2a2/0x470 [ 95.740009][T10539] ? __do_sys_futex+0x2ab/0x470 [ 95.744924][T10539] ? do_futex+0x1960/0x1960 [ 95.749732][T10539] exit_to_user_mode_prepare+0x148/0x250 [ 95.755461][T10539] syscall_exit_to_user_mode+0x19/0x50 [ 95.761370][T10539] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 95.767334][T10539] RIP: 0033:0x45e219 [ 95.772023][T10539] Code: Unable to access opcode bytes at RIP 0x45e1ef. [ 95.779838][T10539] RSP: 002b:00007f48a367dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 95.789336][T10539] RAX: fffffffffffffe00 RBX: 000000000119bf88 RCX: 000000000045e219 [ 95.797874][T10539] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000119bf88 [ 95.806103][T10539] RBP: 000000000119bf80 R08: 0000000000000000 R09: 0000000000000000 [ 95.814241][T10539] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c [ 95.823016][T10539] R13: 00007fff10f7757f R14: 00007f48a367e9c0 R15: 000000000119bf8c [ 95.831165][T10539] Kernel panic - not syncing: panic_on_warn set ... [ 95.837771][T10539] CPU: 0 PID: 10539 Comm: syz-executor.0 Not tainted 5.11.0-rc5-next-20210128-syzkaller #0 [ 95.848101][T10539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.861543][T10539] Call Trace: [ 95.865108][T10539] dump_stack+0x107/0x163 [ 95.869580][T10539] panic+0x306/0x73d [ 95.873931][T10539] ? __warn_printk+0xf3/0xf3 [ 95.878911][T10539] ? __warn.cold+0x1a/0x44 [ 95.884054][T10539] ? io_uring_cancel_task_requests+0xe55/0x10c0 [ 95.890421][T10539] __warn.cold+0x35/0x44 [ 95.894756][T10539] ? io_uring_cancel_task_requests+0xe55/0x10c0 [ 95.901034][T10539] report_bug+0x1bd/0x210 [ 95.905514][T10539] handle_bug+0x3c/0x60 [ 95.909733][T10539] exc_invalid_op+0x14/0x40 [ 95.914308][T10539] asm_exc_invalid_op+0x12/0x20 [ 95.919426][T10539] RIP: 0010:io_uring_cancel_task_requests+0xe55/0x10c0 [ 95.926327][T10539] Code: 00 00 e9 1c fe ff ff 48 8b 7c 24 18 e8 f4 b4 da ff e9 f2 fc ff ff 48 8b 7c 24 18 e8 e5 b4 da ff e9 64 f2 ff ff e8 eb 16 97 ff <0f> 0b e9 ed f2 ff ff e8 df b4 da ff e9 c8 f5 ff ff 4c 89 ef e8 52 [ 95.946965][T10539] RSP: 0018:ffffc9000bc87950 EFLAGS: 00010293 [ 95.953140][T10539] RAX: 0000000000000000 RBX: ffff888022c39000 RCX: 0000000000000000 [ 95.961677][T10539] RDX: ffff888143a43800 RSI: ffffffff81dbfe65 RDI: ffff888022c390d0 [ 95.969666][T10539] RBP: ffff888022c390e8 R08: 0000000000000000 R09: ffff888143a43807 [ 95.977651][T10539] R10: ffffffff81dbf0df R11: 0000000000000000 R12: ffff888022c39000 [ 95.988419][T10539] R13: ffff888143a43800 R14: ffff88801acae000 R15: ffff888022c3d018 [ 95.998014][T10539] ? io_uring_cancel_task_requests+0xcf/0x10c0 [ 96.006944][T10539] ? io_uring_cancel_task_requests+0xe55/0x10c0 [ 96.014036][T10539] ? io_ring_exit_work+0x6d0/0x6d0 [ 96.019166][T10539] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 96.025486][T10539] io_uring_flush+0x47b/0x6e0 [ 96.030397][T10539] ? io_uring_cancel_task_requests+0x10c0/0x10c0 [ 96.036895][T10539] filp_close+0xb4/0x170 [ 96.041264][T10539] put_files_struct+0x1cc/0x350 [ 96.046130][T10539] exit_files+0x7e/0xa0 [ 96.050312][T10539] do_exit+0xc22/0x2ae0 [ 96.054575][T10539] ? find_held_lock+0x2d/0x110 [ 96.059692][T10539] ? mm_update_next_owner+0x7a0/0x7a0 [ 96.065621][T10539] ? get_signal+0x332/0x20f0 [ 96.070489][T10539] ? lock_downgrade+0x6d0/0x6d0 [ 96.075609][T10539] do_group_exit+0x125/0x310 [ 96.080214][T10539] get_signal+0x427/0x20f0 [ 96.085110][T10539] ? futex_exit_release+0x220/0x220 [ 96.090419][T10539] ? __might_fault+0xd3/0x180 [ 96.095769][T10539] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 96.101870][T10539] ? _copy_to_user+0xdc/0x150 [ 96.106565][T10539] ? copy_siginfo_to_user32+0xa0/0xa0 [ 96.111988][T10539] ? __do_sys_futex+0x2a2/0x470 [ 96.116953][T10539] ? __do_sys_futex+0x2ab/0x470 [ 96.122013][T10539] ? do_futex+0x1960/0x1960 [ 96.126880][T10539] exit_to_user_mode_prepare+0x148/0x250 [ 96.132707][T10539] syscall_exit_to_user_mode+0x19/0x50 [ 96.138201][T10539] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 96.144206][T10539] RIP: 0033:0x45e219 [ 96.148496][T10539] Code: Unable to access opcode bytes at RIP 0x45e1ef. [ 96.155669][T10539] RSP: 002b:00007f48a367dcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 96.164266][T10539] RAX: fffffffffffffe00 RBX: 000000000119bf88 RCX: 000000000045e219 [ 96.173721][T10539] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000119bf88 [ 96.181716][T10539] RBP: 000000000119bf80 R08: 0000000000000000 R09: 0000000000000000 [ 96.189706][T10539] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c [ 96.197680][T10539] R13: 00007fff10f7757f R14: 00007f48a367e9c0 R15: 000000000119bf8c [ 96.206359][T10539] Kernel Offset: disabled [ 96.211096][T10539] Rebooting in 86400 seconds..