[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts. syzkaller login: [ 59.607126][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 59.704170][ T6867] chnl_net:caif_netlink_parms(): no params data found [ 59.754493][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.763529][ T6867] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.772090][ T6867] device bridge_slave_0 entered promiscuous mode [ 59.780858][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.788246][ T6867] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.795814][ T6867] device bridge_slave_1 entered promiscuous mode [ 59.817344][ T6867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.828207][ T6867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.850211][ T6867] team0: Port device team_slave_0 added [ 59.858317][ T6867] team0: Port device team_slave_1 added [ 59.874866][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.881857][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.908883][ T6867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.921338][ T6867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.928567][ T6867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.958318][ T6867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.994505][ T6867] device hsr_slave_0 entered promiscuous mode [ 60.003052][ T6867] device hsr_slave_1 entered promiscuous mode [ 60.120867][ T6867] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.130598][ T6867] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.140607][ T6867] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.151093][ T6867] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.176305][ T6867] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.183492][ T6867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.191285][ T6867] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.198413][ T6867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.245775][ T6867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.259745][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.269622][ T2525] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.278549][ T2525] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.287499][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.301587][ T6867] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.313067][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.323024][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.330129][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.347663][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.355956][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.363099][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.389101][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.398337][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.406926][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.415034][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.426644][ T6867] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.436228][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.453883][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 60.461360][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 60.474923][ T6867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.494910][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 60.514602][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.523697][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 60.531956][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 60.542683][ T6867] device veth0_vlan entered promiscuous mode [ 60.555327][ T6867] device veth1_vlan entered promiscuous mode [ 60.577518][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 60.585377][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 60.594348][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.605178][ T6867] device veth0_macvtap entered promiscuous mode [ 60.616166][ T6867] device veth1_macvtap entered promiscuous mode [ 60.635033][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.642716][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.653324][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 60.665204][ T6867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.673401][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program executing program executing program executing program [ 60.684909][ T6867] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.694157][ T6867] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.702911][ T6867] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.712038][ T6867] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 60.815245][ T7092] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 60.826954][ T7092] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 60.835338][ T7092] CPU: 0 PID: 7092 Comm: syz-executor859 Not tainted 5.9.0-rc2-syzkaller #0 [ 60.843975][ T7092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.854028][ T7092] RIP: 0010:fq_codel_enqueue+0x8a3/0x10c0 [ 60.859721][ T7092] Code: f3 15 0b fb 45 39 ec 0f 83 cb 00 00 00 e8 e5 19 0b fb 48 8b 44 24 10 80 38 00 0f 85 32 06 00 00 49 8b 07 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 06 06 00 00 48 8b 10 48 8d 78 28 49 89 17 48 [ 60.879295][ T7092] RSP: 0018:ffffc90006087668 EFLAGS: 00010246 [ 60.885331][ T7092] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8669248b [ 60.893286][ T7092] RDX: 0000000000000000 RSI: ffffffff8669252b RDI: 0000000000000004 [ 60.901229][ T7092] RBP: ffffc90006087808 R08: 0000000000000001 R09: ffffffff8c5f3aaf [ 60.909522][ T7092] R10: 0000000000000400 R11: 0000000000086bc8 R12: 0000000000000400 [ 60.917492][ T7092] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888084ca0000 [ 60.925439][ T7092] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:00000000096bb840 [ 60.934352][ T7092] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 60.940908][ T7092] CR2: 00000000200001c0 CR3: 00000000a65d0000 CR4: 00000000001506f0 [ 60.948856][ T7092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.956809][ T7092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.964755][ T7092] Call Trace: [ 60.968038][ T7092] ? do_raw_spin_lock+0x120/0x2b0 [ 60.973056][ T7092] ? INET_ECN_set_ce+0x780/0x780 [ 60.977965][ T7092] ? rwlock_bug.part.0+0x90/0x90 [ 60.982878][ T7092] __dev_queue_xmit+0x1878/0x2d60 [ 60.987877][ T7092] ? lock_acquire+0x1f1/0xad0 [ 60.992527][ T7092] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 60.997785][ T7092] ? memcpy+0x39/0x60 [ 61.001768][ T7092] ? memcpy+0x39/0x60 [ 61.005729][ T7092] ? __skb_clone+0x586/0x770 [ 61.010293][ T7092] netlink_deliver_tap+0x92e/0xb70 [ 61.015379][ T7092] netlink_unicast+0x5e5/0x7d0 [ 61.020119][ T7092] ? netlink_attachskb+0x810/0x810 [ 61.025203][ T7092] ? _copy_from_iter_full+0x247/0x890 [ 61.030559][ T7092] ? memset+0x20/0x40 [ 61.034538][ T7092] ? __check_object_size+0x30/0x3e4 [ 61.039723][ T7092] netlink_sendmsg+0x856/0xd90 [ 61.044460][ T7092] ? netlink_unicast+0x7d0/0x7d0 [ 61.049385][ T7092] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 61.054649][ T7092] ? netlink_unicast+0x7d0/0x7d0 [ 61.059571][ T7092] sock_sendmsg+0xcf/0x120 [ 61.063961][ T7092] ____sys_sendmsg+0x6e8/0x810 [ 61.068698][ T7092] ? kernel_sendmsg+0x50/0x50 [ 61.073362][ T7092] ? do_recvmmsg+0x6d0/0x6d0 [ 61.077939][ T7092] ? lock_acquire+0x1f1/0xad0 [ 61.082590][ T7092] ? do_huge_pmd_anonymous_page+0x120d/0x2230 [ 61.088629][ T7092] ? find_held_lock+0x2d/0x110 [ 61.093376][ T7092] ___sys_sendmsg+0xf3/0x170 [ 61.097944][ T7092] ? sendmsg_copy_msghdr+0x160/0x160 [ 61.103206][ T7092] ? do_huge_pmd_anonymous_page+0x1b94/0x2230 [ 61.109246][ T7092] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 61.115200][ T7092] ? do_huge_pmd_anonymous_page+0x8ef/0x2230 [ 61.121158][ T7092] ? handle_mm_fault+0xb78/0x4590 [ 61.126195][ T7092] ? __fget_light+0x215/0x280 [ 61.130886][ T7092] __sys_sendmsg+0xe5/0x1b0 [ 61.135370][ T7092] ? __sys_sendmsg_sock+0xb0/0xb0 [ 61.140370][ T7092] ? vmacache_update+0xce/0x140 [ 61.145199][ T7092] ? trace_hardirqs_on+0x5f/0x220 [ 61.150202][ T7092] ? lockdep_hardirqs_on+0x76/0xf0 [ 61.155289][ T7092] __do_fast_syscall_32+0x57/0x80 [ 61.160324][ T7092] do_fast_syscall_32+0x2f/0x70 [ 61.165150][ T7092] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 61.171450][ T7092] RIP: 0023:0xf7f14549 [ 61.175493][ T7092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 61.195090][ T7092] RSP: 002b:00000000ffb2bbfc EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 61.203485][ T7092] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 61.211427][ T7092] RDX: 0000000000000000 RSI: 00000000f7f1428c RDI: 0000000000000004 [ 61.219371][ T7092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.227315][ T7092] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 61.235267][ T7092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.243224][ T7092] Modules linked in: [ 61.247174][ T7092] ---[ end trace e39108877a1e547d ]--- [ 61.252643][ T7092] RIP: 0010:fq_codel_enqueue+0x8a3/0x10c0 [ 61.258381][ T7092] Code: f3 15 0b fb 45 39 ec 0f 83 cb 00 00 00 e8 e5 19 0b fb 48 8b 44 24 10 80 38 00 0f 85 32 06 00 00 49 8b 07 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 06 06 00 00 48 8b 10 48 8d 78 28 49 89 17 48 [ 61.278021][ T7092] RSP: 0018:ffffc90006087668 EFLAGS: 00010246 [ 61.284101][ T7092] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8669248b [ 61.292113][ T7092] RDX: 0000000000000000 RSI: ffffffff8669252b RDI: 0000000000000004 [ 61.300149][ T7092] RBP: ffffc90006087808 R08: 0000000000000001 R09: ffffffff8c5f3aaf [ 61.308227][ T7092] R10: 0000000000000400 R11: 0000000000086bc8 R12: 0000000000000400 [ 61.316232][ T7092] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff888084ca0000 [ 61.324228][ T7092] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:00000000096bb840 [ 61.333172][ T7092] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 61.339788][ T7092] CR2: 00000000200001c0 CR3: 00000000a65d0000 CR4: 00000000001506f0 [ 61.347826][ T7092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.355872][ T7092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.363841][ T7092] Kernel panic - not syncing: Fatal exception in interrupt [ 61.372016][ T7092] Kernel Offset: disabled [ 61.376327][ T7092] Rebooting in 86400 seconds..