Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. 2021/04/03 16:34:07 parsed 1 programs 2021/04/03 16:34:07 executed programs: 0 syzkaller login: [ 38.946482] IPVS: ftp: loaded support on port[0] = 21 [ 39.059063] chnl_net:caif_netlink_parms(): no params data found [ 39.137615] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.144921] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.152143] device bridge_slave_0 entered promiscuous mode [ 39.160721] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.167630] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.175727] device bridge_slave_1 entered promiscuous mode [ 39.193591] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.202477] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.221292] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.229296] team0: Port device team_slave_0 added [ 39.235390] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.243243] team0: Port device team_slave_1 added [ 39.259626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.266116] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.291387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.303459] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.309821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.335534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.346735] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.354562] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.374685] device hsr_slave_0 entered promiscuous mode [ 39.380638] device hsr_slave_1 entered promiscuous mode [ 39.387244] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.394752] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.461923] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.468700] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.475855] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.482255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.515988] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 39.523147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.531366] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.540855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.550679] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.558860] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.566743] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.578608] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.585146] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.595553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.603231] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.609728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.620128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.629816] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.636267] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.653318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.661540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.670012] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.679574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.691169] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.703896] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.710216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.718384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.731306] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.739975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.747599] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.759317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.772259] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 39.781954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.817908] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 39.825534] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 39.834138] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 39.843872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.851610] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.860110] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.868853] device veth0_vlan entered promiscuous mode [ 39.878449] device veth1_vlan entered promiscuous mode [ 39.884792] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 39.891485] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.902700] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 39.915750] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 39.926064] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.934002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.944554] device veth0_macvtap entered promiscuous mode [ 39.951095] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 39.960041] device veth1_macvtap entered promiscuous mode [ 39.970520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 39.980737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 39.991389] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.999887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.008752] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.019290] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.026857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.136819] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 40.143988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.157574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.164359] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 40.170752] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.182942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.190409] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.198684] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.982686] Bluetooth: hci0: command 0x0409 tx timeout 2021/04/03 16:34:12 executed programs: 150 [ 43.059971] Bluetooth: hci0: command 0x041b tx timeout [ 45.138743] Bluetooth: hci0: command 0x040f tx timeout [ 47.217810] Bluetooth: hci0: command 0x0419 tx timeout 2021/04/03 16:34:17 executed programs: 469 2021/04/03 16:34:22 executed programs: 1001 [ 52.858252] kasan: CONFIG_KASAN_INLINE enabled [ 52.863338] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 52.871897] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 52.878328] CPU: 0 PID: 11971 Comm: syz-executor.0 Not tainted 4.19.184-syzkaller #0 [ 52.886194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.895595] RIP: 0010:vgem_fence_attach_ioctl+0x27d/0x640 [ 52.901171] Code: 03 80 3c 02 00 0f 85 9b 03 00 00 4c 8b b5 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d be e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 03 00 00 4c 89 ea 4d 8b b6 e0 00 00 00 48 b8 [ 52.920368] RSP: 0018:ffff88809d847af0 EFLAGS: 00010202 [ 52.926159] RAX: dffffc0000000000 RBX: ffff8880a8517500 RCX: 1ffff11013b08f4b [ 52.933612] RDX: 000000000000001c RSI: ffffffff8153a42f RDI: 00000000000000e0 [ 52.940873] RBP: ffff8880a8517a00 R08: 0000000000000000 R09: 0000000000000000 [ 52.948137] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809d413a80 [ 52.956326] R13: ffff8880a8517504 R14: 0000000000000000 R15: ffff88809d413b18 [ 52.963696] FS: 00007f898c72e700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 52.972134] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.978023] CR2: 00007f898c70d718 CR3: 000000009d969000 CR4: 00000000001406f0 [ 52.985838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.993624] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.002972] Call Trace: [ 53.005559] drm_ioctl_kernel+0x208/0x2a0 [ 53.009700] ? __vgem_fence_idr_fini+0x60/0x60 [ 53.014303] ? drm_ioctl_permit+0x210/0x210 [ 53.018618] ? __might_fault+0x192/0x1d0 [ 53.022896] drm_ioctl+0x507/0x9c0 [ 53.026637] ? __vgem_fence_idr_fini+0x60/0x60 [ 53.031281] ? drm_getstats+0x20/0x20 [ 53.035335] ? cmp_ex_sort+0xc0/0xc0 [ 53.039159] ? __might_fault+0x11f/0x1d0 [ 53.043219] ? futex_exit_release+0x220/0x220 [ 53.048023] ? lock_downgrade+0x720/0x720 [ 53.052280] ? lock_acquire+0x170/0x3c0 [ 53.056335] ? drm_getstats+0x20/0x20 [ 53.060144] do_vfs_ioctl+0xcdb/0x12e0 [ 53.064029] ? lock_downgrade+0x720/0x720 [ 53.068165] ? check_preemption_disabled+0x41/0x280 [ 53.073273] ? ioctl_preallocate+0x200/0x200 [ 53.077669] ? __fget+0x356/0x510 [ 53.081119] ? do_dup2+0x450/0x450 [ 53.084649] ? __se_sys_futex+0x298/0x3b0 [ 53.088797] ksys_ioctl+0x9b/0xc0 [ 53.092242] __x64_sys_ioctl+0x6f/0xb0 [ 53.096201] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 53.100769] do_syscall_64+0xf9/0x620 [ 53.104667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.110034] RIP: 0033:0x466459 [ 53.113384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 53.132864] RSP: 002b:00007f898c72e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 53.140949] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459 [ 53.148532] RDX: 0000000020000140 RSI: 00000000c10c5541 RDI: 0000000000000003 [ 53.156442] RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 [ 53.163803] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 53.171076] R13: 00007ffd8ca61eaf R14: 00007f898c72e300 R15: 0000000000022000 [ 53.178676] Modules linked in: [ 53.184746] ---[ end trace ea9a9d0c4d20cc8d ]--- [ 53.189821] RIP: 0010:vgem_fence_attach_ioctl+0x27d/0x640 [ 53.195905] Code: 03 80 3c 02 00 0f 85 9b 03 00 00 4c 8b b5 10 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d be e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 03 00 00 4c 89 ea 4d 8b b6 e0 00 00 00 48 b8 [ 53.215246] RSP: 0018:ffff88809d847af0 EFLAGS: 00010202 [ 53.220859] RAX: dffffc0000000000 RBX: ffff8880a8517500 RCX: 1ffff11013b08f4b [ 53.228347] RDX: 000000000000001c RSI: ffffffff8153a42f RDI: 00000000000000e0 [ 53.236458] RBP: ffff8880a8517a00 R08: 0000000000000000 R09: 0000000000000000 [ 53.244039] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88809d413a80 [ 53.251684] R13: ffff8880a8517504 R14: 0000000000000000 R15: ffff88809d413b18 [ 53.259031] FS: 00007f898c72e700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 53.267504] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.273505] CR2: 00007f898c70d718 CR3: 000000009d969000 CR4: 00000000001406f0 [ 53.280867] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.288892] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.296262] Kernel panic - not syncing: Fatal exception [ 53.302826] Kernel Offset: disabled [ 53.306458] Rebooting in 86400 seconds..