[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. 2020/11/10 15:19:30 parsed 1 programs 2020/11/10 15:19:31 executed programs: 0 syzkaller login: [ 36.400695] IPVS: ftp: loaded support on port[0] = 21 [ 36.514825] chnl_net:caif_netlink_parms(): no params data found [ 36.616389] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.623197] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.630777] device bridge_slave_0 entered promiscuous mode [ 36.639595] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.646296] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.653738] device bridge_slave_1 entered promiscuous mode [ 36.670680] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.679496] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.698156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.705581] team0: Port device team_slave_0 added [ 36.710935] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.718596] team0: Port device team_slave_1 added [ 36.733796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.740025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.767192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.778505] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.784847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.810125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.821014] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.828778] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.849116] device hsr_slave_0 entered promiscuous mode [ 36.854834] device hsr_slave_1 entered promiscuous mode [ 36.860744] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.867991] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.934770] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.941193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.948055] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.954480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.987835] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.995033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.005191] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.016597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.024824] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.031755] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.039758] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.049933] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 37.056601] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.065646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.073760] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.080130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.101883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.111921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.123576] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 37.131168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.139038] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.145434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.153557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.161206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.169289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.177045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.184810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 37.191748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 37.204975] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 37.212143] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 37.220039] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 37.231037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.245870] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 37.256192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.291207] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 37.299146] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 37.306466] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 37.316602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.324965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.331768] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.346208] device veth0_vlan entered promiscuous mode [ 37.356091] device veth1_vlan entered promiscuous mode [ 37.361901] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 37.371364] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 37.382878] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 37.391827] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.399968] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.407737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.417007] device veth0_macvtap entered promiscuous mode [ 37.424065] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 37.432367] device veth1_macvtap entered promiscuous mode [ 37.442016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 37.451231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 37.460972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.468287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.477015] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 37.487355] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.494173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.606521] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 37.613942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.627119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.637372] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 37.644161] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.653493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.660625] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.668558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 37.709438] IPVS: ftp: loaded support on port[0] = 21 [ 37.746650] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 37.752538] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 37.765227] vhci_hcd: connection closed [ 37.765952] vhci_hcd: stop threads [ 37.774653] vhci_hcd: release socket [ 37.778478] vhci_hcd: disconnect device [ 38.269510] IPVS: ftp: loaded support on port[0] = 21 [ 38.275068] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 38.280886] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 38.294016] vhci_hcd: connection closed [ 38.295414] vhci_hcd: stop threads [ 38.303032] vhci_hcd: release socket [ 38.306751] vhci_hcd: disconnect device [ 38.349006] IPVS: ftp: loaded support on port[0] = 21 [ 38.390605] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 38.396440] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 38.409025] vhci_hcd: connection closed [ 38.409226] vhci_hcd: stop threads [ 38.417203] vhci_hcd: release socket [ 38.421011] vhci_hcd: disconnect device [ 38.433146] Bluetooth: hci0: command 0x0409 tx timeout [ 38.910423] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 38.916265] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 38.928940] IPVS: ftp: loaded support on port[0] = 21 [ 38.954528] vhci_hcd: connection closed [ 38.955887] vhci_hcd: stop threads [ 38.965716] vhci_hcd: release socket [ 38.975207] vhci_hcd: disconnect device [ 39.971279] IPVS: ftp: loaded support on port[0] = 21 [ 40.010729] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 40.016563] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 40.029287] vhci_hcd: connection closed [ 40.029849] vhci_hcd: stop threads [ 40.037869] vhci_hcd: release socket [ 40.043513] vhci_hcd: disconnect device [ 40.511692] Bluetooth: hci0: command 0x041b tx timeout [ 40.534345] IPVS: ftp: loaded support on port[0] = 21 [ 40.540957] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 40.546778] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) 2020/11/10 15:19:36 executed programs: 3 [ 40.572052] vhci_hcd: connection closed [ 40.572256] vhci_hcd: stop threads [ 40.580097] vhci_hcd: release socket [ 40.594034] vhci_hcd: disconnect device [ 40.610482] IPVS: ftp: loaded support on port[0] = 21 [ 40.644265] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 40.650075] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 40.658049] vhci_hcd: connection closed [ 40.659652] vhci_hcd: stop threads [ 40.668098] vhci_hcd: release socket [ 40.673132] vhci_hcd: disconnect device [ 41.165410] IPVS: ftp: loaded support on port[0] = 21 [ 41.173224] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(4) [ 41.179054] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 41.211282] vhci_hcd: connection closed [ 41.211502] ================================================================== [ 41.222929] BUG: KASAN: null-ptr-deref in kthread_stop+0x72/0x6b0 [ 41.229155] Write of size 4 at addr 000000000000001c by task kworker/u4:3/126 [ 41.236412] [ 41.238039] CPU: 0 PID: 126 Comm: kworker/u4:3 Not tainted 4.19.156-syzkaller #0 [ 41.245565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.254921] Workqueue: usbip_event event_handler [ 41.259669] Call Trace: [ 41.262262] dump_stack+0x1fc/0x2fe [ 41.265899] kasan_report_error.cold+0x15b/0x1c7 [ 41.270655] ? kthread_stop+0x72/0x6b0 [ 41.274539] kasan_report+0x8f/0x96 [ 41.278163] ? kthread_stop+0x72/0x6b0 [ 41.282054] kthread_stop+0x72/0x6b0 [ 41.285771] vhci_shutdown_connection+0x14e/0x280 [ 41.290612] ? mark_held_locks+0xa6/0xf0 [ 41.294670] ? kfree+0x110/0x210 [ 41.298032] ? event_handler+0x14c/0x4f0 [ 41.302093] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 41.306674] event_handler+0x1f0/0x4f0 [ 41.310565] process_one_work+0x864/0x1570 [ 41.314807] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 41.319484] worker_thread+0x64c/0x1130 [ 41.323466] ? __kthread_parkme+0x133/0x1e0 [ 41.327826] ? process_one_work+0x1570/0x1570 [ 41.332322] kthread+0x33f/0x460 [ 41.335685] ? kthread_park+0x180/0x180 [ 41.339655] ret_from_fork+0x24/0x30 [ 41.343373] ================================================================== [ 41.350718] Disabling lock debugging due to kernel taint [ 41.378883] Kernel panic - not syncing: panic_on_warn set ... [ 41.378883] [ 41.386278] CPU: 0 PID: 126 Comm: kworker/u4:3 Tainted: G B 4.19.156-syzkaller #0 [ 41.395191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.404549] Workqueue: usbip_event event_handler [ 41.409293] Call Trace: [ 41.411884] dump_stack+0x1fc/0x2fe [ 41.415509] panic+0x26a/0x50e [ 41.418696] ? __warn_printk+0xf3/0xf3 [ 41.422584] ? preempt_schedule_common+0x45/0xc0 [ 41.427336] ? ___preempt_schedule+0x16/0x18 [ 41.431738] ? trace_hardirqs_on+0x55/0x210 [ 41.436059] kasan_end_report+0x43/0x49 [ 41.440028] kasan_report_error.cold+0xa7/0x1c7 [ 41.444711] ? kthread_stop+0x72/0x6b0 [ 41.448594] kasan_report+0x8f/0x96 [ 41.452216] ? kthread_stop+0x72/0x6b0 [ 41.456097] kthread_stop+0x72/0x6b0 [ 41.459824] vhci_shutdown_connection+0x14e/0x280 [ 41.464666] ? mark_held_locks+0xa6/0xf0 [ 41.468735] ? kfree+0x110/0x210 [ 41.472096] ? event_handler+0x14c/0x4f0 [ 41.476159] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 41.480736] event_handler+0x1f0/0x4f0 [ 41.484621] process_one_work+0x864/0x1570 [ 41.488855] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 41.493523] worker_thread+0x64c/0x1130 [ 41.497496] ? __kthread_parkme+0x133/0x1e0 [ 41.501829] ? process_one_work+0x1570/0x1570 [ 41.506318] kthread+0x33f/0x460 [ 41.509675] ? kthread_park+0x180/0x180 [ 41.513642] ret_from_fork+0x24/0x30 [ 41.517741] Kernel Offset: disabled [ 41.521357] Rebooting in 86400 seconds..