Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. 2020/08/08 09:13:16 parsed 1 programs 2020/08/08 09:13:16 executed programs: 0 syzkaller login: [ 1051.424623][ T28] audit: type=1400 audit(1596877996.898:8): avc: denied { execmem } for pid=6867 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 1051.463217][ T6868] IPVS: ftp: loaded support on port[0] = 21 [ 1051.584513][ T6868] chnl_net:caif_netlink_parms(): no params data found [ 1051.639357][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.647226][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state [ 1051.655826][ T6868] device bridge_slave_0 entered promiscuous mode [ 1051.665767][ T6868] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.672968][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state [ 1051.680746][ T6868] device bridge_slave_1 entered promiscuous mode [ 1051.702550][ T6868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1051.713514][ T6868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1051.736517][ T6868] team0: Port device team_slave_0 added [ 1051.744486][ T6868] team0: Port device team_slave_1 added [ 1051.763324][ T6868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1051.770459][ T6868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.797734][ T6868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1051.810502][ T6868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1051.818651][ T6868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.845582][ T6868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1051.874703][ T6868] device hsr_slave_0 entered promiscuous mode [ 1051.882088][ T6868] device hsr_slave_1 entered promiscuous mode [ 1051.985683][ T6868] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1051.996011][ T6868] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1052.007019][ T6868] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1052.017774][ T6868] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1052.045596][ T6868] bridge0: port 2(bridge_slave_1) entered blocking state [ 1052.052865][ T6868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1052.060770][ T6868] bridge0: port 1(bridge_slave_0) entered blocking state [ 1052.067870][ T6868] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1052.115655][ T6868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1052.129414][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1052.141790][ T2585] bridge0: port 1(bridge_slave_0) entered disabled state [ 1052.149937][ T2585] bridge0: port 2(bridge_slave_1) entered disabled state [ 1052.158820][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1052.172687][ T6868] 8021q: adding VLAN 0 to HW filter on device team0 [ 1052.185073][ T6758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1052.193541][ T6758] bridge0: port 1(bridge_slave_0) entered blocking state [ 1052.200587][ T6758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1052.221828][ T6758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1052.230254][ T6758] bridge0: port 2(bridge_slave_1) entered blocking state [ 1052.237399][ T6758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1052.247989][ T6758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1052.268046][ T6868] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1052.279061][ T6868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1052.294730][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1052.303125][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1052.311859][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1052.320550][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1052.331927][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1052.351547][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1052.359026][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1052.373621][ T6868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1052.393817][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1052.414846][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1052.424307][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1052.433008][ T2585] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1052.443675][ T6868] device veth0_vlan entered promiscuous mode [ 1052.457268][ T6868] device veth1_vlan entered promiscuous mode [ 1052.478712][ T7077] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1052.487740][ T7077] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1052.497147][ T7077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1052.508953][ T6868] device veth0_macvtap entered promiscuous mode [ 1052.518752][ T6868] device veth1_macvtap entered promiscuous mode [ 1052.537451][ T6868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1052.545348][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1052.556173][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1052.568230][ T6868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1052.576630][ T6837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1052.588165][ T6868] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.597851][ T6868] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.608556][ T6868] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.618072][ T6868] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1055.781660][ T7077] Bluetooth: hci0: command 0x0409 tx timeout 2020/08/08 09:13:22 executed programs: 4 [ 1057.861072][ T6837] Bluetooth: hci0: command 0x041b tx timeout [ 1059.940803][ T6838] Bluetooth: hci0: command 0x040f tx timeout [ 1061.783501][ T0] NOHZ: local_softirq_pending 08 [ 1062.020801][ T6838] Bluetooth: hci0: command 0x0419 tx timeout 2020/08/08 09:13:28 executed programs: 11 [ 1064.100765][ T2585] Bluetooth: hci0: command 0x0405 tx timeout 2020/08/08 09:13:34 executed programs: 18 2020/08/08 09:13:39 executed programs: 25 2020/08/08 09:13:45 executed programs: 32 [ 1082.261835][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:13:51 executed programs: 39 2020/08/08 09:13:57 executed programs: 46 2020/08/08 09:14:02 executed programs: 53 [ 1102.742431][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:14:08 executed programs: 60 2020/08/08 09:14:14 executed programs: 67 2020/08/08 09:14:20 executed programs: 74 2020/08/08 09:14:26 executed programs: 81 [ 1123.233423][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:14:31 executed programs: 88 2020/08/08 09:14:37 executed programs: 95 2020/08/08 09:14:43 executed programs: 102 2020/08/08 09:14:49 executed programs: 109 [ 1143.702358][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:14:54 executed programs: 116 2020/08/08 09:15:00 executed programs: 123 2020/08/08 09:15:06 executed programs: 130 2020/08/08 09:15:12 executed programs: 137 2020/08/08 09:15:17 executed programs: 144 2020/08/08 09:15:23 executed programs: 151 [ 1179.060965][ T2585] Bluetooth: hci0: command 0x0406 tx timeout 2020/08/08 09:15:29 executed programs: 158 [ 1184.662871][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:15:35 executed programs: 165 2020/08/08 09:15:40 executed programs: 172 2020/08/08 09:15:46 executed programs: 179 [ 1205.141836][ T0] NOHZ: local_softirq_pending 08 2020/08/08 09:15:52 executed programs: 186 [ 1211.542011][ T7077] ================================================================== [ 1211.550633][ T7077] BUG: KASAN: null-ptr-deref in l2cap_chan_put+0x28/0x230 [ 1211.559081][ T7077] Write of size 4 at addr 0000000000000018 by task kworker/0:1/7077 [ 1211.567480][ T7077] [ 1211.570028][ T7077] CPU: 0 PID: 7077 Comm: kworker/0:1 Not tainted 5.8.0-syzkaller #0 [ 1211.578359][ T7077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.589031][ T7077] Workqueue: events l2cap_chan_timeout [ 1211.595094][ T7077] Call Trace: [ 1211.598879][ T7077] dump_stack+0x18f/0x20d [ 1211.604210][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.609151][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.614110][ T7077] kasan_report.cold+0x5/0x37 [ 1211.619277][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.624148][ T7077] check_memory_region+0x13d/0x180 [ 1211.629706][ T7077] l2cap_chan_put+0x28/0x230 [ 1211.634355][ T7077] l2cap_sock_kill+0xbd/0x180 [ 1211.639036][ T7077] l2cap_chan_timeout+0x1c1/0x450 [ 1211.644382][ T7077] process_one_work+0x94c/0x1670 [ 1211.649398][ T7077] ? lock_release+0x8e0/0x8e0 [ 1211.654082][ T7077] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 1211.659697][ T7077] ? rwlock_bug.part.0+0x90/0x90 [ 1211.664636][ T7077] worker_thread+0x64c/0x1120 [ 1211.669449][ T7077] ? __kthread_parkme+0x13f/0x1e0 [ 1211.674845][ T7077] ? process_one_work+0x1670/0x1670 [ 1211.680049][ T7077] kthread+0x3b5/0x4a0 [ 1211.684205][ T7077] ? __kthread_bind_mask+0xc0/0xc0 [ 1211.689449][ T7077] ? __kthread_bind_mask+0xc0/0xc0 [ 1211.694709][ T7077] ret_from_fork+0x1f/0x30 [ 1211.700042][ T7077] ================================================================== [ 1211.708277][ T7077] Disabling lock debugging due to kernel taint [ 1211.720964][ T7077] Kernel panic - not syncing: panic_on_warn set ... [ 1211.727926][ T7077] CPU: 0 PID: 7077 Comm: kworker/0:1 Tainted: G B 5.8.0-syzkaller #0 [ 1211.737414][ T7077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1211.747722][ T7077] Workqueue: events l2cap_chan_timeout [ 1211.753395][ T7077] Call Trace: [ 1211.757069][ T7077] dump_stack+0x18f/0x20d [ 1211.770904][ T7077] ? l2cap_add_psm+0x2a0/0x2c0 [ 1211.775846][ T7077] panic+0x2e3/0x75c [ 1211.780383][ T7077] ? __warn_printk+0xf3/0xf3 [ 1211.785303][ T7077] ? preempt_schedule_common+0x59/0xc0 [ 1211.791143][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.795921][ T7077] ? preempt_schedule_thunk+0x16/0x18 [ 1211.802009][ T7077] ? trace_hardirqs_on+0x55/0x220 [ 1211.807359][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.812295][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.817209][ T7077] end_report+0x4d/0x53 [ 1211.821606][ T7077] kasan_report.cold+0xd/0x37 [ 1211.832993][ T7077] ? l2cap_chan_put+0x28/0x230 [ 1211.838142][ T7077] check_memory_region+0x13d/0x180 [ 1211.844275][ T7077] l2cap_chan_put+0x28/0x230 [ 1211.850099][ T7077] l2cap_sock_kill+0xbd/0x180 [ 1211.855131][ T7077] l2cap_chan_timeout+0x1c1/0x450 [ 1211.860561][ T7077] process_one_work+0x94c/0x1670 [ 1211.866541][ T7077] ? lock_release+0x8e0/0x8e0 [ 1211.871228][ T7077] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 1211.877519][ T7077] ? rwlock_bug.part.0+0x90/0x90 [ 1211.882641][ T7077] worker_thread+0x64c/0x1120 [ 1211.888064][ T7077] ? __kthread_parkme+0x13f/0x1e0 [ 1211.893347][ T7077] ? process_one_work+0x1670/0x1670 [ 1211.898689][ T7077] kthread+0x3b5/0x4a0 [ 1211.902948][ T7077] ? __kthread_bind_mask+0xc0/0xc0 [ 1211.912209][ T7077] ? __kthread_bind_mask+0xc0/0xc0 [ 1211.917549][ T7077] ret_from_fork+0x1f/0x30 [ 1211.923587][ T7077] Kernel Offset: disabled [ 1211.927965][ T7077] Rebooting in 86400 seconds..