Starting Update UTMP about System Runlevel Changes... [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.22' (ECDSA) to the list of known hosts. 2020/05/23 12:37:30 parsed 1 programs 2020/05/23 12:37:30 executed programs: 0 syzkaller login: [ 55.905484][ T7048] IPVS: ftp: loaded support on port[0] = 21 [ 56.001253][ T7048] chnl_net:caif_netlink_parms(): no params data found [ 56.050994][ T7048] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.058363][ T7048] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.067210][ T7048] device bridge_slave_0 entered promiscuous mode [ 56.076115][ T7048] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.083812][ T7048] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.091941][ T7048] device bridge_slave_1 entered promiscuous mode [ 56.112444][ T7048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.123248][ T7048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.145069][ T7048] team0: Port device team_slave_0 added [ 56.152447][ T7048] team0: Port device team_slave_1 added [ 56.171571][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.178551][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.205273][ T7048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.217972][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.225417][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.252432][ T7048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.311885][ T7048] device hsr_slave_0 entered promiscuous mode [ 56.379128][ T7048] device hsr_slave_1 entered promiscuous mode [ 56.493457][ T7048] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.541655][ T7048] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.611316][ T7048] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.660811][ T7048] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.724126][ T7048] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.731498][ T7048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.739440][ T7048] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.746501][ T7048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.792737][ T7048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.805722][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.817375][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.826758][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.835177][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.848253][ T7048] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.859913][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.869248][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.876283][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.887636][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.897350][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.904453][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.924229][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.933133][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.945100][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.962274][ T7048] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.973775][ T7048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.988058][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.996694][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.005307][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.024501][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.032435][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.045231][ T7048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.065234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 57.074218][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.094485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 57.103559][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.115960][ T7048] device veth0_vlan entered promiscuous mode [ 57.124101][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 57.132389][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.146326][ T7048] device veth1_vlan entered promiscuous mode [ 57.166293][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 57.174690][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 57.183219][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.192013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.202964][ T7048] device veth0_macvtap entered promiscuous mode [ 57.213852][ T7048] device veth1_macvtap entered promiscuous mode [ 57.231590][ T7048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.240391][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.249484][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.257323][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.266672][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.278118][ T7048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.287075][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.296036][ T7256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.539795][ T7259] ------------[ cut here ]------------ [ 57.545276][ T7259] WARNING: CPU: 1 PID: 7259 at drivers/android/binder.c:2348 binder_transaction_buffer_release+0x601/0x8a0 [ 57.556612][ T7259] Kernel panic - not syncing: panic_on_warn set ... [ 57.563175][ T7259] CPU: 1 PID: 7259 Comm: syz-executor.0 Not tainted 5.7.0-rc6-syzkaller #0 [ 57.571729][ T7259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.581756][ T7259] Call Trace: [ 57.585033][ T7259] dump_stack+0x188/0x20d [ 57.589351][ T7259] ? binder_transaction_buffer_release+0x510/0x8a0 [ 57.595852][ T7259] panic+0x2e3/0x75c [ 57.599728][ T7259] ? add_taint.cold+0x16/0x16 [ 57.604380][ T7259] ? printk+0xba/0xed [ 57.608440][ T7259] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 57.613874][ T7259] ? __warn.cold+0x14/0x35 [ 57.618262][ T7259] ? __warn+0xd5/0x1c8 [ 57.622307][ T7259] ? binder_transaction_buffer_release+0x601/0x8a0 [ 57.628778][ T7259] __warn.cold+0x2f/0x35 [ 57.633013][ T7259] ? binder_transaction_buffer_release+0x601/0x8a0 [ 57.639504][ T7259] report_bug+0x27b/0x2f0 [ 57.643832][ T7259] do_error_trap+0x12b/0x220 [ 57.648397][ T7259] ? binder_transaction_buffer_release+0x601/0x8a0 [ 57.654871][ T7259] do_invalid_op+0x32/0x40 [ 57.659262][ T7259] ? binder_transaction_buffer_release+0x601/0x8a0 [ 57.665753][ T7259] invalid_op+0x23/0x30 [ 57.669884][ T7259] RIP: 0010:binder_transaction_buffer_release+0x601/0x8a0 [ 57.676978][ T7259] Code: bb fd 31 ff 41 89 c5 89 c6 e8 bb ff 81 fb 45 85 ed 0f 85 f9 4b 01 00 48 8d 45 40 48 89 44 24 28 e9 fa fa ff ff e8 2f fe 81 fb <0f> 0b e9 87 fc ff ff e8 23 fe 81 fb 4c 8b 44 24 20 48 89 d8 45 31 [ 57.696555][ T7259] RSP: 0018:ffffc900061a7620 EFLAGS: 00010293 [ 57.702611][ T7259] RAX: ffff888088724340 RBX: 0000000000000058 RCX: 1ffff110110e490b [ 57.710556][ T7259] RDX: 0000000000000000 RSI: ffffffff85f136f1 RDI: ffff88808871b048 [ 57.718500][ T7259] RBP: ffff88809f08d000 R08: ffff888088724340 R09: fffff52000c34ee7 [ 57.726445][ T7259] R10: ffffc900061a7737 R11: fffff52000c34ee6 R12: ffff888092ebe300 [ 57.734404][ T7259] R13: 0000000000000060 R14: ffff88808871b000 R15: 0000000000000060 [ 57.742364][ T7259] ? binder_transaction_buffer_release+0x601/0x8a0 [ 57.748869][ T7259] ? binder_update_ref_for_handle+0x490/0x490 [ 57.754914][ T7259] ? binder_translate_fd.isra.0+0x175/0x7b0 [ 57.760799][ T7259] ? trace_hardirqs_off+0x50/0x220 [ 57.765898][ T7259] ? trace_hardirqs_off+0x50/0x220 [ 57.771026][ T7259] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.776562][ T7259] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.782524][ T7259] ? binder_free_txn_fixups+0x15a/0x230 [ 57.788055][ T7259] binder_transaction+0x146d/0x6500 [ 57.793251][ T7259] ? mark_held_locks+0xe0/0xe0 [ 57.797992][ T7259] ? binder_deferred_func+0xfc0/0xfc0 [ 57.803374][ T7259] ? stack_trace_consume_entry+0x160/0x160 [ 57.809168][ T7259] ? find_held_lock+0x2d/0x110 [ 57.813919][ T7259] ? __might_fault+0x11f/0x1d0 [ 57.818680][ T7259] ? lock_downgrade+0x840/0x840 [ 57.823522][ T7259] ? __might_fault+0x190/0x1d0 [ 57.828280][ T7259] binder_thread_write+0x818/0x2560 [ 57.833481][ T7259] ? binder_transaction+0x6500/0x6500 [ 57.838839][ T7259] ? __might_fault+0x11f/0x1d0 [ 57.843585][ T7259] ? lock_downgrade+0x840/0x840 [ 57.848417][ T7259] ? do_raw_spin_lock+0x129/0x2e0 [ 57.853466][ T7259] ? __might_fault+0x190/0x1d0 [ 57.858222][ T7259] binder_ioctl+0x1008/0x1862 [ 57.862892][ T7259] ? do_vfs_ioctl+0x50c/0x1360 [ 57.867657][ T7259] ? binder_thread_read+0x3bd0/0x3bd0 [ 57.873023][ T7259] ? ioctl_file_clone+0x180/0x180 [ 57.878028][ T7259] ? __fget_files+0x32f/0x500 [ 57.882710][ T7259] ? ksys_dup3+0x3c0/0x3c0 [ 57.887116][ T7259] ? binder_thread_read+0x3bd0/0x3bd0 [ 57.892488][ T7259] ksys_ioctl+0x11a/0x180 [ 57.896795][ T7259] __x64_sys_ioctl+0x6f/0xb0 [ 57.901360][ T7259] ? lockdep_hardirqs_on+0x463/0x620 [ 57.906626][ T7259] do_syscall_64+0xf6/0x7d0 [ 57.911108][ T7259] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 57.916978][ T7259] RIP: 0033:0x45ca29 [ 57.920846][ T7259] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.950245][ T7259] RSP: 002b:00007f247fc26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 57.958634][ T7259] RAX: ffffffffffffffda RBX: 00000000004e1340 RCX: 000000000045ca29 [ 57.966591][ T7259] RDX: 0000000020000540 RSI: 00000000c0306201 RDI: 0000000000000003 [ 57.974535][ T7259] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 57.982485][ T7259] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 57.990440][ T7259] R13: 0000000000000214 R14: 00000000004c458f R15: 00007f247fc276d4 [ 57.999594][ T7259] Kernel Offset: disabled [ 58.003984][ T7259] Rebooting in 86400 seconds..