Compiling Execprog on Pi Zero for bug reproducing
40 views
Skip to first unread message
Darrion Ramos
Jun 18, 2024, 2:46:38 AMJun 18
to syzkaller
Hello, I have been trying to setup a pi zero w to reproduce USB bugs. I have followed the guide but have an issue with cross compiling execprog. I am specifying the target arch as arm and have tried other flags such as setting GOARM=5 but I always get an illegal instruction error when running on the pi zero. It is from the VMOV instruction using floating points. I would appreciate any help on how to properly compile it without floating point usage, thanks.
Dmitry Vyukov
Jun 18, 2024, 5:14:25 AMJun 18
to Darrion Ramos, syzkaller
On Tue, 18 Jun 2024 at 08:46, Darrion Ramos <darrio...@gmail.com> wrote:
>
> Hello, I have been trying to setup a pi zero w to reproduce USB bugs. I have followed the guide but have an issue with cross compiling execprog. I am specifying the target arch as arm and have tried other flags such as setting GOARM=5 but I always get an illegal instruction error when running on the pi zero. It is from the VMOV instruction using floating points. I would appreciate any help on how to properly compile it without floating point usage, thanks.
Hi Darrion,
>
> Hello, I have been trying to setup a pi zero w to reproduce USB bugs. I have followed the guide but have an issue with cross compiling execprog. I am specifying the target arch as arm and have tried other flags such as setting GOARM=5 but I always get an illegal instruction error when running on the pi zero. It is from the VMOV instruction using floating points. I would appreciate any help on how to properly compile it without floating point usage, thanks.
We did not use it with Pi Zero. May be if you search/ask for generic
Go/Pi Zero instructions, it will be more helpful. This does not look
much syzkaller-related.
As a side note: we are moving towards removing Go code from the
target and running only C++ on the target.
https://github.com/google/syzkaller/pull/4905 gets us almost there,
but syz-execprog needs additional work.
Darrion Ramos
Jun 28, 2024, 1:00:43 PMJun 28
to syzkaller
Hi Dmitry, I was able to fix my compilation issue. However, now when I try to run syzkaller programs (steps 11 and 17 in https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md) I get a fatal error: unknown target: linux/arm (supported: []) which seems to be thrown from prog/target.go. This seems to mean that the Pi Zero is not supported at all by the current syzkaller. If so what hardware are you using for reproducing USB bugs? The above link does say that you used a Pi Zero W.
Dmitry Vyukov
Jun 28, 2024, 1:13:16 PMJun 28
to Darrion Ramos, syzkaller
n Fri, 28 Jun 2024 at 19:00, Darrion Ramos <darrio...@gmail.com> wrote:
>
> Hi Dmitry, I was able to fix my compilation issue. However, now when I try to run syzkaller programs (steps 11 and 17 in https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md) I get a fatal error: unknown target: linux/arm (supported: []) which seems to be thrown from prog/target.go. This seems to mean that the Pi Zero is not supported at all by the current syzkaller. If so what hardware are you using for reproducing USB bugs? The above link does say that you used a Pi Zero W.
This means some inconsistent build of syzkaller binaries.
>
> Hi Dmitry, I was able to fix my compilation issue. However, now when I try to run syzkaller programs (steps 11 and 17 in https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md) I get a fatal error: unknown target: linux/arm (supported: []) which seems to be thrown from prog/target.go. This seems to mean that the Pi Zero is not supported at all by the current syzkaller. If so what hardware are you using for reproducing USB bugs? The above link does say that you used a Pi Zero W.
(supported: []) means the binary you built does not support _any_
targets at all.
> On Tuesday, June 18, 2024 at 5:14:25 AM UTC-4 Dmitry Vyukov wrote:
>>
>> On Tue, 18 Jun 2024 at 08:46, Darrion Ramos <darrio...@gmail.com> wrote:
>> >
>> > Hello, I have been trying to setup a pi zero w to reproduce USB bugs. I have followed the guide but have an issue with cross compiling execprog. I am specifying the target arch as arm and have tried other flags such as setting GOARM=5 but I always get an illegal instruction error when running on the pi zero. It is from the VMOV instruction using floating points. I would appreciate any help on how to properly compile it without floating point usage, thanks.
>>
>> Hi Darrion,
>>
>> We did not use it with Pi Zero. May be if you search/ask for generic
>> Go/Pi Zero instructions, it will be more helpful. This does not look
>> much syzkaller-related.
>>
>> As a side note: we are moving towards removing Go code from the
>> target and running only C++ on the target.
>> https://github.com/google/syzkaller/pull/4905 gets us almost there,
>> but syz-execprog needs additional work.
>
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/5f03f5be-4d97-4d17-ac71-fb7935d3daffn%40googlegroups.com.
Andrey Konovalov
Jun 28, 2024, 2:08:02 PMJun 28
to Darrion Ramos, syzkaller
Hi Darrion,
Try running "make generate" before cross-compiling syz-execprog: this
helped someone else in a similar circumstance to fix the "unknown
target" failure. Somehow this step used not to be required.
On a related note, how did you resolve the compilation issue? I've
been meaning to update the instructions
(https://github.com/xairy/raw-gadget/issues/36), but still didn't get
around to it.
Thanks!
Try running "make generate" before cross-compiling syz-execprog: this
helped someone else in a similar circumstance to fix the "unknown
target" failure. Somehow this step used not to be required.
On a related note, how did you resolve the compilation issue? I've
been meaning to update the instructions
(https://github.com/xairy/raw-gadget/issues/36), but still didn't get
around to it.
Thanks!
Darrion Ramos
Jun 28, 2024, 4:05:17 PMJun 28
to syzkaller
Hi Andrey and Dmitry, I was able to fix the problem once I knew it was on my side, I had made some modifications to the makefile. I am able to run the syzkaller programs but it does not look like everything is working nominally. I have attached an image of the last portion of output after running step 17 from the github. I can send the entire files somewhere if you would like but I don't think I can upload them here. It just looks like most operations fail and the device does not connect. Not sure what the problem is here or if this is expected.
With regards to the instructions on the github I think the following could be updated:
1. The image should now be raspbian-bookworm-lite.img
8. The go version is outdated and should be 1.21.4 or whatever version is currently used. Also the exporting of different GO variables is not necessary anymore to my knowledge, just exporting the go/bin into path was sufficient.
9. I am not really sure if I missed it but I did not see a patch file to use so I just changed the lines manually. I also needed to compile this on a different machine.
10. To fix the compilation issue one should export GOARM=5 in the shell before running the make command. This will properly specify the floating point instructions for arm6l.
12. the /boot/config.txt is outdated. It is now /boot/firmware/config.txt
Andrey Konovalov
Jun 28, 2024, 4:53:16 PMJun 28
to Darrion Ramos, syzkaller
Hi Darrion,
Just checked on Raspberry Pi 4B: running USB programs works as expected. I cross-compiled both syz-execprog and syz-executor on my x64-64 host via syz-env make TARGETARCH=arm execprog/executor.
Does the USB emulation via Raw Gadget keyboard work for you?
The image that you sent, is that the end of the output?
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/9f9ac53e-02db-43aa-80d7-1d1df0c23619n%40googlegroups.com.
Darrion Ramos
Jun 28, 2024, 5:38:57 PMJun 28
to syzkaller
Yes the raw_gadget keyboard works as expected on my device. Also the export GOARM=5 should only be necessary on the pi zero since the zero does not support the floating point instructions. The image I sent is the end of the output after running the following:
$ cat usb.log
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x8e, 0x32, 0xf7, 0x20, 0xaf0, 0xd257, 0x4e87, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xa5, 0x2c}}]}}]}}, 0x0)
$ sudo ./syz-bin/syz-execprog -slowdown 3 -executor ./syz-bin/syz-executor -threaded=0 -collide=0 -procs=1 -enable='' -debug usb.log
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x8e, 0x32, 0xf7, 0x20, 0xaf0, 0xd257, 0x4e87, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xa5, 0x2c}}]}}]}}, 0x0)
$ sudo ./syz-bin/syz-execprog -slowdown 3 -executor ./syz-bin/syz-executor -threaded=0 -collide=0 -procs=1 -enable='' -debug usb.log
Andrey Konovalov
Jul 1, 2024, 2:58:49 PMJul 1
to Darrion Ramos, syzkaller
Just checked on Raspberry Pi Zero W, everything works as expected for me.
Pushed the instructions to here:
Please check if these work for you.
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/33ae1b85-d2b0-414b-a12d-3d81445c78c4n%40googlegroups.com.
Darrion Ramos
Jul 1, 2024, 9:38:35 PMJul 1
to syzkaller
Hi Andrey, I double checked everything in the instructions and this time tried compiling with syz-env and make generate. But running syzkaller programs still results in failure outputs from fusectl and others. Do you know if these problems related to my linux installation or with my syzkaller setup?
Andrey Konovalov
Jul 2, 2024, 9:53:28 AMJul 2
to Darrion Ramos, syzkaller
I'm not sure what the issue is. The fusectl failure is not a problem, syz-execprog ignores it.
Could you enable debug output for Raw Gadget as described in step 2 here https://github.com/xairy/raw-gadget?tab=readme-ov-file#troubleshooting and send the kernel log messages that it prints while you run syz-execprog.
Also please send the full syz-execprog output. For both socket.log and usb.log.
Thanks!
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/7fa3ce74-a81f-4760-958c-a96f712395e1n%40googlegroups.com.
Darrion Ramos
Jul 2, 2024, 2:44:53 PMJul 2
to syzkaller
Luckily I left a shell running today and it ended up running the expected syzkaller commands after about 3 minutes of hanging after hci dev # was output. Is this expected? I was terminating the shell during the hang before since I thought all the errors meant something was wrong. Here are the outputs if you still want to look at them:
Darrion@LinuxPM:~/syzkaller $ cat usb.log
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x8e, 0x32, 0xf7, 0x20, 0xaf0, 0xd257, 0x4e87, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xa5, 0x2c}}]}}]}}, 0x0)
Darrion@LinuxPM:~/syzkaller $ cat socket.log
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
Darrion@LinuxPM:~/syzkaller $ sudo ./linux_arm/syz-execprog -executor ./linux_arm/syz-executor -threaded=0 -collide=0 -procs=1 -enable='' -debug socket.log
2024/07/02 19:23:50 parsed 1 programs
spawned loop pid 962
mount(fusectl) failed: 16
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[431ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [441ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [441ms] <- mmap=0x1ffff000
#0 [441ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [442ms] <- mmap=0x20000000
#0 [444ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [444ms] <- mmap=0x21000000
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 975
mount(fusectl) failed: 16
netlink: failed to get family id for devlink: No such file or directory
netlink: failed to get family id for devlink: No such file or directory
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[249ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [255ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [260ms] <- mmap=0x1ffff000
#0 [264ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [271ms] <- mmap=0x20000000
#0 [272ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [273ms] <- mmap=0x21000000
spawned loop pid 985
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[88ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [94ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [99ms] <- mmap=0x1ffff000
#0 [102ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [104ms] <- mmap=0x20000000
#0 [109ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [110ms] <- mmap=0x21000000
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 993
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[163ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [168ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [186ms] <- mmap=0x1ffff000
#0 [186ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [189ms] <- mmap=0x20000000
#0 [192ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [198ms] <- mmap=0x21000000
spawned loop pid 1000
mount(fusectl) failed: 16
hci dev id: 1 // HANGS HERE
mount(fusectl) failed: 16
spawned loop pid 1046
netlink: failed to get family id for MAC80211_HWSIM: No such file or directory
hwsim80211_create_device failed: No such file or directory
SYZFAIL: initialize_wifi_devices: failed to create device
device=0 (errno 2: No such file or directory)
loop exited with status 67
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
mount(fusectl) failed: 16
spawned loop pid 1050
netlink: add addr 172.30.0.1 dev nr0: No such device
netlink: device nr0 up master NULL: No such device
netlink: add addr 172.30.1.1 dev rose0: No such device
netlink: device rose0 up master NULL: No such device
netlink: adding device team0 type team: Operation not supported
netlink: adding device nicvf0 type nicvf: Operation not supported
netlink: adding device nlmon0 type nlmon: Operation not supported
netlink: adding device caif0 type caif: Operation not supported
netlink: adding device vxcan1 type vxcan: Operation not supported
netlink: adding device hsr0 type hsr slave1 hsr_slave_0 slave2 hsr_slave_1: Operation not supported
netlink: adding device virt_wifi0 type virt_wifi link veth1_virt_wifi: Operation not supported
netlink: adding device macvtap0 type macvtap link veth0_macvtap: Operation not supported
netlink: adding device macsec0 type macsec link veth1_macvtap: Operation not supported
netlink: add geneve0 type geneve vni 0: Operation not supported
netlink: add geneve1 type geneve vni 1: Operation not supported
netlink: add addr 172.20.20.26 dev team0: No such device
netlink: add addr fe80::1a dev team0: No such device
netlink: device team0 up master NULL: No such device
netlink: add addr 172.20.20.35 dev hsr0: No such device
netlink: add addr fe80::23 dev hsr0: No such device
netlink: device hsr0 up master NULL: No such device
netlink: add addr 172.20.20.37 dev nicvf0: No such device
netlink: device nicvf0 up master NULL: No such device
netlink: add addr 172.20.20.38 dev nlmon0: No such device
netlink: add addr fe80::26 dev nlmon0: No such device
netlink: device nlmon0 up master NULL: No such device
netlink: add addr 172.20.20.39 dev vxcan0: No such device
netlink: device vxcan0 up master NULL: No such device
netlink: add addr 172.20.20.40 dev vxcan1: No such device
netlink: device vxcan1 up master NULL: No such device
netlink: add addr 172.20.20.41 dev caif0: No such device
netlink: add addr fe80::29 dev caif0: No such device
netlink: device caif0 up master NULL: No such device
netlink: add addr 172.20.20.43 dev netdevsim0: No such device
netlink: add addr fe80::2b dev netdevsim0: No such device
netlink: device netdevsim0 up master NULL: No such device
netlink: device xfrm0 up master NULL: Operation not supported
netlink: add addr 172.20.20.47 dev virt_wifi0: No such device
netlink: add addr fe80::2f dev virt_wifi0: No such device
netlink: device virt_wifi0 up master NULL: No such device
netlink: device ipvlan0 up master NULL: Operation not supported
netlink: device ipvlan1 up master NULL: Operation not supported
netlink: add addr 172.20.20.58 dev macvtap0: No such device
netlink: add addr fe80::3a dev macvtap0: No such device
netlink: device macvtap0 up master NULL: No such device
netlink: add addr 172.20.20.59 dev macsec0: No such device
netlink: add addr fe80::3b dev macsec0: No such device
netlink: device macsec0 up master NULL: No such device
netlink: add addr 172.20.20.64 dev geneve0: No such device
netlink: add addr fe80::40 dev geneve0: No such device
netlink: device geneve0 up master NULL: No such device
netlink: add addr 172.20.20.65 dev geneve1: No such device
netlink: add addr fe80::41 dev geneve1: No such device
netlink: device geneve1 up master NULL: No such device
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[7357ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [7363ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [7371ms] <- mmap=0x1ffff000
#0 [7371ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [7372ms] <- mmap=0x20000000
#0 [7373ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [7376ms] <- mmap=0x21000000
2024/07/02 19:25:01 executed programs: 0
spawned loop pid 1244
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
[129ms] exec opts: procid=0 threaded=0 cover=0 comps=0 dedup=1 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [148ms] -> socket$inet_tcp(0x2, 0x1, 0x0)
#0 [149ms] <- socket$inet_tcp=0x3
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
Darrion@LinuxPM:~/syzkaller $ sudo ./linux_arm/syz-execprog -executor ./linux_arm/syz-executor -threaded=0 -collide=0 -procs=1 -enable='' -debug socket.log
2024/07/02 19:23:50 parsed 1 programs
spawned loop pid 962
mount(fusectl) failed: 16
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[431ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [441ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [441ms] <- mmap=0x1ffff000
#0 [441ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [442ms] <- mmap=0x20000000
#0 [444ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [444ms] <- mmap=0x21000000
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 975
mount(fusectl) failed: 16
netlink: failed to get family id for devlink: No such file or directory
netlink: failed to get family id for devlink: No such file or directory
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[249ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [255ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [260ms] <- mmap=0x1ffff000
#0 [264ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [271ms] <- mmap=0x20000000
#0 [272ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [273ms] <- mmap=0x21000000
spawned loop pid 985
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[88ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [94ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [99ms] <- mmap=0x1ffff000
#0 [102ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [104ms] <- mmap=0x20000000
#0 [109ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [110ms] <- mmap=0x21000000
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 993
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[163ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [168ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [186ms] <- mmap=0x1ffff000
#0 [186ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [189ms] <- mmap=0x20000000
#0 [192ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [198ms] <- mmap=0x21000000
spawned loop pid 1000
mount(fusectl) failed: 16
hci dev id: 1 // HANGS HERE
mount(fusectl) failed: 16
spawned loop pid 1046
netlink: failed to get family id for MAC80211_HWSIM: No such file or directory
hwsim80211_create_device failed: No such file or directory
SYZFAIL: initialize_wifi_devices: failed to create device
device=0 (errno 2: No such file or directory)
loop exited with status 67
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
mount(fusectl) failed: 16
spawned loop pid 1050
netlink: add addr 172.30.0.1 dev nr0: No such device
netlink: device nr0 up master NULL: No such device
netlink: add addr 172.30.1.1 dev rose0: No such device
netlink: device rose0 up master NULL: No such device
netlink: adding device team0 type team: Operation not supported
netlink: adding device nicvf0 type nicvf: Operation not supported
netlink: adding device nlmon0 type nlmon: Operation not supported
netlink: adding device caif0 type caif: Operation not supported
netlink: adding device vxcan1 type vxcan: Operation not supported
netlink: adding device hsr0 type hsr slave1 hsr_slave_0 slave2 hsr_slave_1: Operation not supported
netlink: adding device virt_wifi0 type virt_wifi link veth1_virt_wifi: Operation not supported
netlink: adding device macvtap0 type macvtap link veth0_macvtap: Operation not supported
netlink: adding device macsec0 type macsec link veth1_macvtap: Operation not supported
netlink: add geneve0 type geneve vni 0: Operation not supported
netlink: add geneve1 type geneve vni 1: Operation not supported
netlink: add addr 172.20.20.26 dev team0: No such device
netlink: add addr fe80::1a dev team0: No such device
netlink: device team0 up master NULL: No such device
netlink: add addr 172.20.20.35 dev hsr0: No such device
netlink: add addr fe80::23 dev hsr0: No such device
netlink: device hsr0 up master NULL: No such device
netlink: add addr 172.20.20.37 dev nicvf0: No such device
netlink: device nicvf0 up master NULL: No such device
netlink: add addr 172.20.20.38 dev nlmon0: No such device
netlink: add addr fe80::26 dev nlmon0: No such device
netlink: device nlmon0 up master NULL: No such device
netlink: add addr 172.20.20.39 dev vxcan0: No such device
netlink: device vxcan0 up master NULL: No such device
netlink: add addr 172.20.20.40 dev vxcan1: No such device
netlink: device vxcan1 up master NULL: No such device
netlink: add addr 172.20.20.41 dev caif0: No such device
netlink: add addr fe80::29 dev caif0: No such device
netlink: device caif0 up master NULL: No such device
netlink: add addr 172.20.20.43 dev netdevsim0: No such device
netlink: add addr fe80::2b dev netdevsim0: No such device
netlink: device netdevsim0 up master NULL: No such device
netlink: device xfrm0 up master NULL: Operation not supported
netlink: add addr 172.20.20.47 dev virt_wifi0: No such device
netlink: add addr fe80::2f dev virt_wifi0: No such device
netlink: device virt_wifi0 up master NULL: No such device
netlink: device ipvlan0 up master NULL: Operation not supported
netlink: device ipvlan1 up master NULL: Operation not supported
netlink: add addr 172.20.20.58 dev macvtap0: No such device
netlink: add addr fe80::3a dev macvtap0: No such device
netlink: device macvtap0 up master NULL: No such device
netlink: add addr 172.20.20.59 dev macsec0: No such device
netlink: add addr fe80::3b dev macsec0: No such device
netlink: device macsec0 up master NULL: No such device
netlink: add addr 172.20.20.64 dev geneve0: No such device
netlink: add addr fe80::40 dev geneve0: No such device
netlink: device geneve0 up master NULL: No such device
netlink: add addr 172.20.20.65 dev geneve1: No such device
netlink: add addr fe80::41 dev geneve1: No such device
netlink: device geneve1 up master NULL: No such device
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[7357ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [7363ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [7371ms] <- mmap=0x1ffff000
#0 [7371ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [7372ms] <- mmap=0x20000000
#0 [7373ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [7376ms] <- mmap=0x21000000
2024/07/02 19:25:01 executed programs: 0
spawned loop pid 1244
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
[129ms] exec opts: procid=0 threaded=0 cover=0 comps=0 dedup=1 signal=0 timeouts=50/5000/1 filter=0
spawned worker pid 2
#0 [148ms] -> socket$inet_tcp(0x2, 0x1, 0x0)
#0 [149ms] <- socket$inet_tcp=0x3
Darrion@LinuxPM:~/syzkaller $ cat usb.log
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x8e, 0x32, 0xf7, 0x20, 0xaf0, 0xd257, 0x4e87, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xa5, 0x2c}}]}}]}}, 0x0)
Darrion@LinuxPM:~/syzkaller $ sudo ./linux_arm/syz-execprog -slowdown 3 -executor ./linux_arm/syz-executor -threaded=0 -
collide=0 -procs=1 -enable='' -debug usb.log
2024/07/02 19:26:52 parsed 1 programs
spawned loop pid 1292
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[144ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [152ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [154ms] <- mmap=0x1ffff000
#0 [163ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [163ms] <- mmap=0x20000000
#0 [164ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [164ms] <- mmap=0x21000000
spawned loop pid 1298
mount(fusectl) failed: 16
netlink: add addr 172.30.0.1 dev nr0: No such device
netlink: device nr0 up master NULL: No such device
netlink: add addr 172.30.1.1 dev rose0: No such device
netlink: device rose0 up master NULL: No such device
netlink: adding device team0 type team: Operation not supported
netlink: adding device nicvf0 type nicvf: Operation not supported
netlink: adding device nlmon0 type nlmon: Operation not supported
netlink: adding device caif0 type caif: Operation not supported
netlink: adding device vxcan1 type vxcan: Operation not supported
netlink: adding device hsr0 type hsr slave1 hsr_slave_0 slave2 hsr_slave_1: Operation not supported
netlink: adding device virt_wifi0 type virt_wifi link veth1_virt_wifi: Operation not supported
netlink: adding device macvtap0 type macvtap link veth0_macvtap: Operation not supported
netlink: adding device macsec0 type macsec link veth1_macvtap: Operation not supported
netlink: add geneve0 type geneve vni 0: Operation not supported
netlink: add geneve1 type geneve vni 1: Operation not supported
netlink: add addr 172.20.20.26 dev team0: No such device
netlink: add addr fe80::1a dev team0: No such device
netlink: device team0 up master NULL: No such device
netlink: add addr 172.20.20.35 dev hsr0: No such device
netlink: add addr fe80::23 dev hsr0: No such device
netlink: device hsr0 up master NULL: No such device
netlink: add addr 172.20.20.37 dev nicvf0: No such device
netlink: device nicvf0 up master NULL: No such device
netlink: add addr 172.20.20.38 dev nlmon0: No such device
netlink: add addr fe80::26 dev nlmon0: No such device
netlink: device nlmon0 up master NULL: No such device
netlink: add addr 172.20.20.39 dev vxcan0: No such device
netlink: device vxcan0 up master NULL: No such device
netlink: add addr 172.20.20.40 dev vxcan1: No such device
netlink: device vxcan1 up master NULL: No such device
netlink: add addr 172.20.20.41 dev caif0: No such device
netlink: add addr fe80::29 dev caif0: No such device
netlink: device caif0 up master NULL: No such device
netlink: add addr 172.20.20.43 dev netdevsim0: No such device
netlink: add addr fe80::2b dev netdevsim0: No such device
netlink: device netdevsim0 up master NULL: No such device
netlink: device xfrm0 up master NULL: Operation not supported
netlink: add addr 172.20.20.47 dev virt_wifi0: No such device
netlink: add addr fe80::2f dev virt_wifi0: No such device
netlink: device virt_wifi0 up master NULL: No such device
netlink: device ipvlan0 up master NULL: Operation not supported
netlink: device ipvlan1 up master NULL: Operation not supported
netlink: add addr 172.20.20.58 dev macvtap0: No such device
netlink: add addr fe80::3a dev macvtap0: No such device
netlink: device macvtap0 up master NULL: No such device
netlink: add addr 172.20.20.59 dev macsec0: No such device
netlink: add addr fe80::3b dev macsec0: No such device
netlink: device macsec0 up master NULL: No such device
netlink: add addr 172.20.20.64 dev geneve0: No such device
netlink: add addr fe80::40 dev geneve0: No such device
netlink: device geneve0 up master NULL: No such device
netlink: add addr 172.20.20.65 dev geneve1: No such device
netlink: add addr fe80::41 dev geneve1: No such device
netlink: device geneve1 up master NULL: No such device
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[3450ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [3463ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [3464ms] <- mmap=0x1ffff000
#0 [3465ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [3471ms] <- mmap=0x20000000
#0 [3476ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [3480ms] <- mmap=0x21000000
spawned loop pid 1407
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[427ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [449ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [450ms] <- mmap=0x1ffff000
#0 [450ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [450ms] <- mmap=0x20000000
#0 [451ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [452ms] <- mmap=0x21000000
spawned loop pid 1414
mount(fusectl) failed: 16
hci dev id: 2 // HANGS HERE ~3m
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 1466
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[164ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [180ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [180ms] <- mmap=0x1ffff000
#0 [180ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [181ms] <- mmap=0x20000000
#0 [181ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [181ms] <- mmap=0x21000000
spawned loop pid 1472
mount(fusectl) failed: 16
netlink: failed to get family id for MAC80211_HWSIM: No such file or directory
hwsim80211_create_device failed: No such file or directory
SYZFAIL: initialize_wifi_devices: failed to create device
device=0 (errno 2: No such file or directory)
loop exited with status 67
spawned loop pid 1475
mount(fusectl) failed: 16
netlink: failed to get family id for devlink: No such file or directory
netlink: failed to get family id for devlink: No such file or directory
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[251ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [263ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [263ms] <- mmap=0x1ffff000
#0 [270ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [270ms] <- mmap=0x20000000
#0 [271ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [271ms] <- mmap=0x21000000
2024/07/02 19:29:58 executed programs: 0
spawned loop pid 1486
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
[83ms] exec opts: procid=0 threaded=0 cover=0 comps=0 dedup=1 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [88ms] -> syz_usb_connect(0x0, 0x24, 0x200001c0, 0x0)
syz_usb_connect: dev: 0x200001c0
syz_usb_connect: device data:
12 01 00 00 8e 32 f7 20 f0 0a 57 d2 87 4e 00 00
00 01 09 02 12 00 01 00 00 00 00 09 04 0f 00 00
ff a5 2c 00
syz_usb_connect: usb_raw_open success
parse_usb_descriptor: found interface #0 (15, 0) at 0x200001db
syz_usb_connect: add_usb_index success
syz_usb_connect: usb_raw_init success
syz_usb_connect: usb_raw_run success
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x100, wIdx: 0x0, wLen: 64
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x100, wIdx: 0x0, wLen: 18
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x200, wIdx: 0x0, wLen: 9
syz_usb_connect: writing 9 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x200, wIdx: 0x0, wLen: 18
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x0 (OUT), bReq: 0x9, wVal: 0x0, wIdx: 0x0, wLen: 0
syz_usb_connect: read 0 bytes
syz_usb_connect: configured
#0 [839ms] <- syz_usb_connect=0x3
Darrion@LinuxPM:~/syzkaller $
collide=0 -procs=1 -enable='' -debug usb.log
2024/07/02 19:26:52 parsed 1 programs
spawned loop pid 1292
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[144ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [152ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [154ms] <- mmap=0x1ffff000
#0 [163ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [163ms] <- mmap=0x20000000
#0 [164ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [164ms] <- mmap=0x21000000
spawned loop pid 1298
mount(fusectl) failed: 16
netlink: add addr 172.30.0.1 dev nr0: No such device
netlink: device nr0 up master NULL: No such device
netlink: add addr 172.30.1.1 dev rose0: No such device
netlink: device rose0 up master NULL: No such device
netlink: adding device team0 type team: Operation not supported
netlink: adding device nicvf0 type nicvf: Operation not supported
netlink: adding device nlmon0 type nlmon: Operation not supported
netlink: adding device caif0 type caif: Operation not supported
netlink: adding device vxcan1 type vxcan: Operation not supported
netlink: adding device hsr0 type hsr slave1 hsr_slave_0 slave2 hsr_slave_1: Operation not supported
netlink: adding device virt_wifi0 type virt_wifi link veth1_virt_wifi: Operation not supported
netlink: adding device macvtap0 type macvtap link veth0_macvtap: Operation not supported
netlink: adding device macsec0 type macsec link veth1_macvtap: Operation not supported
netlink: add geneve0 type geneve vni 0: Operation not supported
netlink: add geneve1 type geneve vni 1: Operation not supported
netlink: add addr 172.20.20.26 dev team0: No such device
netlink: add addr fe80::1a dev team0: No such device
netlink: device team0 up master NULL: No such device
netlink: add addr 172.20.20.35 dev hsr0: No such device
netlink: add addr fe80::23 dev hsr0: No such device
netlink: device hsr0 up master NULL: No such device
netlink: add addr 172.20.20.37 dev nicvf0: No such device
netlink: device nicvf0 up master NULL: No such device
netlink: add addr 172.20.20.38 dev nlmon0: No such device
netlink: add addr fe80::26 dev nlmon0: No such device
netlink: device nlmon0 up master NULL: No such device
netlink: add addr 172.20.20.39 dev vxcan0: No such device
netlink: device vxcan0 up master NULL: No such device
netlink: add addr 172.20.20.40 dev vxcan1: No such device
netlink: device vxcan1 up master NULL: No such device
netlink: add addr 172.20.20.41 dev caif0: No such device
netlink: add addr fe80::29 dev caif0: No such device
netlink: device caif0 up master NULL: No such device
netlink: add addr 172.20.20.43 dev netdevsim0: No such device
netlink: add addr fe80::2b dev netdevsim0: No such device
netlink: device netdevsim0 up master NULL: No such device
netlink: device xfrm0 up master NULL: Operation not supported
netlink: add addr 172.20.20.47 dev virt_wifi0: No such device
netlink: add addr fe80::2f dev virt_wifi0: No such device
netlink: device virt_wifi0 up master NULL: No such device
netlink: device ipvlan0 up master NULL: Operation not supported
netlink: device ipvlan1 up master NULL: Operation not supported
netlink: add addr 172.20.20.58 dev macvtap0: No such device
netlink: add addr fe80::3a dev macvtap0: No such device
netlink: device macvtap0 up master NULL: No such device
netlink: add addr 172.20.20.59 dev macsec0: No such device
netlink: add addr fe80::3b dev macsec0: No such device
netlink: device macsec0 up master NULL: No such device
netlink: add addr 172.20.20.64 dev geneve0: No such device
netlink: add addr fe80::40 dev geneve0: No such device
netlink: device geneve0 up master NULL: No such device
netlink: add addr 172.20.20.65 dev geneve1: No such device
netlink: add addr fe80::41 dev geneve1: No such device
netlink: device geneve1 up master NULL: No such device
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[3450ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [3463ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [3464ms] <- mmap=0x1ffff000
#0 [3465ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [3471ms] <- mmap=0x20000000
#0 [3476ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [3480ms] <- mmap=0x21000000
spawned loop pid 1407
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[427ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [449ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [450ms] <- mmap=0x1ffff000
#0 [450ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [450ms] <- mmap=0x20000000
#0 [451ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [452ms] <- mmap=0x21000000
spawned loop pid 1414
mount(fusectl) failed: 16
hci dev id: 2 // HANGS HERE ~3m
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
SYZFAIL: open of /sys/kernel/debug/kcov failed
(errno 2: No such file or directory)
spawned loop pid 1466
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[164ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [180ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [180ms] <- mmap=0x1ffff000
#0 [180ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [181ms] <- mmap=0x20000000
#0 [181ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [181ms] <- mmap=0x21000000
spawned loop pid 1472
mount(fusectl) failed: 16
netlink: failed to get family id for MAC80211_HWSIM: No such file or directory
hwsim80211_create_device failed: No such file or directory
SYZFAIL: initialize_wifi_devices: failed to create device
device=0 (errno 2: No such file or directory)
loop exited with status 67
spawned loop pid 1475
mount(fusectl) failed: 16
netlink: failed to get family id for devlink: No such file or directory
netlink: failed to get family id for devlink: No such file or directory
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
mkdir(/syzcgroup/unified/syz0) failed: 17
mkdir(/syzcgroup/cpu/syz0) failed: 17
mkdir(/syzcgroup/net/syz0) failed: 17
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
[251ms] exec opts: procid=0 threaded=1 cover=0 comps=0 dedup=0 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [263ms] -> mmap(0x1ffff000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [263ms] <- mmap=0x1ffff000
#0 [270ms] -> mmap(0x20000000, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
#0 [270ms] <- mmap=0x20000000
#0 [271ms] -> mmap(0x21000000, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
#0 [271ms] <- mmap=0x21000000
2024/07/02 19:29:58 executed programs: 0
spawned loop pid 1486
mount(fusectl) failed: 16
mkdir(/dev/binderfs) failed: 17
mount of binder at /dev/binderfs failed: 19
[83ms] exec opts: procid=0 threaded=0 cover=0 comps=0 dedup=1 signal=0 timeouts=150/15000/3 filter=0
spawned worker pid 2
#0 [88ms] -> syz_usb_connect(0x0, 0x24, 0x200001c0, 0x0)
syz_usb_connect: dev: 0x200001c0
syz_usb_connect: device data:
12 01 00 00 8e 32 f7 20 f0 0a 57 d2 87 4e 00 00
00 01 09 02 12 00 01 00 00 00 00 09 04 0f 00 00
ff a5 2c 00
syz_usb_connect: usb_raw_open success
parse_usb_descriptor: found interface #0 (15, 0) at 0x200001db
syz_usb_connect: add_usb_index success
syz_usb_connect: usb_raw_init success
syz_usb_connect: usb_raw_run success
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x100, wIdx: 0x0, wLen: 64
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x100, wIdx: 0x0, wLen: 18
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x200, wIdx: 0x0, wLen: 9
syz_usb_connect: writing 9 bytes
syz_usb_connect: bReqType: 0x80 (IN), bReq: 0x6, wVal: 0x200, wIdx: 0x0, wLen: 18
syz_usb_connect: writing 18 bytes
syz_usb_connect: bReqType: 0x0 (OUT), bReq: 0x9, wVal: 0x0, wIdx: 0x0, wLen: 0
syz_usb_connect: read 0 bytes
syz_usb_connect: configured
#0 [839ms] <- syz_usb_connect=0x3
Darrion@LinuxPM:~/syzkaller $
Dmesg Log:
[Tue Jul 2 19:23:53 2024] 8<--- cut here ---
[Tue Jul 2 19:23:53 2024] Unable to handle kernel NULL pointer dereference at virtual address 00000164 when read
[Tue Jul 2 19:23:53 2024] [00000164] *pgd=00000000
[Tue Jul 2 19:23:53 2024] Internal error: Oops: 17 [#1] ARM
[Tue Jul 2 19:23:53 2024] Modules linked in: hci_vhci tun iptable_raw iptable_mangle iptable_nat iptable_filter raw_gadget(O) cmac algif_hash aes_arm aes_generic ecb algif_skcipher af_alg bnep xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc brcmfmac_wcc brcmfmac vc4 brcmutil cfg80211 hci_uart btbcm snd_soc_hdmi_codec drm_display_helper cec bluetooth drm_dma_helper drm_kms_helper snd_soc_core ecdh_generic ecc snd_compress raspberrypi_hwmon snd_pcm_dmaengine libaes i2c_bcm2835 bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem bcm2835_isp(C) bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 rfkill videodev snd_bcm2835(C) snd_pcm snd_timer snd videobuf2_common vc_sm_cma(C) mc overlay raspberrypi_gpiomem binfmt_misc fixed uio_pdrv_genirq uio drm fuse dm_mod dwc2 drm_panel_orientation_quirks backlight roles ip_tables x_tables ipv6
[Tue Jul 2 19:23:53 2024] CPU: 0 PID: 41 Comm: kworker/u3:0 Tainted: G C O 6.6.33+ #1770
[Tue Jul 2 19:23:53 2024] Hardware name: BCM2835
[Tue Jul 2 19:23:53 2024] Workqueue: hci1 hci_power_on [bluetooth]
[Tue Jul 2 19:23:53 2024] PC is at __dev_fwnode+0x8/0x1c
[Tue Jul 2 19:23:53 2024] LR is at hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:23:53 2024] pc : [<c067b8e4>] lr : [<bf445dbc>] psr: 20000013
[Tue Jul 2 19:23:53 2024] sp : dcf55ec8 ip : 00000000 fp : c1bf2058
[Tue Jul 2 19:23:53 2024] r10: c1bf201c r9 : c2a113a8 r8 : 00000000
[Tue Jul 2 19:23:53 2024] r7 : c2a11000 r6 : 00000060 r5 : c2a115a8 r4 : c2a11000
[Tue Jul 2 19:23:53 2024] r3 : 20000013 r2 : 20000013 r1 : 00000007 r0 : 00000000
[Tue Jul 2 19:23:53 2024] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[Tue Jul 2 19:23:53 2024] Control: 00c5387d Table: 028c4008 DAC: 00000055
[Tue Jul 2 19:23:53 2024] Register r0 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Register r1 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r2 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r3 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r4 information: slab kmalloc-4k start c2a11000 pointer offset 0 size 4096
[Tue Jul 2 19:23:53 2024] Register r5 information: slab kmalloc-4k start c2a11000 pointer offset 1448 size 4096
[Tue Jul 2 19:23:53 2024] Register r6 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r7 information: slab kmalloc-4k start c2a11000 pointer offset 0 size 4096
[Tue Jul 2 19:23:53 2024] Register r8 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Register r9 information: slab kmalloc-4k start c2a11000 pointer offset 936 size 4096
[Tue Jul 2 19:23:53 2024] Register r10 information: slab kmalloc-512 start c1bf2000 pointer offset 28 size 512
[Tue Jul 2 19:23:53 2024] Register r11 information: slab kmalloc-512 start c1bf2000 pointer offset 88 size 512
[Tue Jul 2 19:23:53 2024] Register r12 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Process kworker/u3:0 (pid: 41, stack limit = 0xb46e5d8d)
[Tue Jul 2 19:23:53 2024] Stack: (0xdcf55ec8 to 0xdcf56000)
[Tue Jul 2 19:23:53 2024] 5ec0: ffffffff c09b6f98 c3671000 c0d8b5e0 c3a69000 c0d7f02c
[Tue Jul 2 19:23:53 2024] 5ee0: 570a3ffc 11473552 c3671000 c2a113a4 c2a115a8 00000060 c2a11000 c3537605
[Tue Jul 2 19:23:53 2024] 5f00: c2a113a8 c1bf201c c1bf2058 bf3f590c c09b75d4 00000000 c1c9be10 11473552
[Tue Jul 2 19:23:53 2024] 5f20: c3737780 c3737780 c2a113a4 00000060 c3537600 c003d018 c0df1a40 c1bf201c
[Tue Jul 2 19:23:53 2024] 5f40: 61c88647 c3737780 c37377ac c1bf2000 c0df1a40 c1bf201c 61c88647 c003d4fc
[Tue Jul 2 19:23:53 2024] 5f60: c3737780 c3671000 dc80ddd8 c37e0c80 c3671000 c003d208 c3737780 c12d8cc0
[Tue Jul 2 19:23:53 2024] 5f80: dc80ddd8 00000000 00000000 c00440e4 c37e0c80 c0044018 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fa0: 00000000 00000000 00000000 c000833c 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] __dev_fwnode from hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:23:53 2024] hci_dev_open_sync [bluetooth] from hci_power_on+0x48/0x2e4 [bluetooth]
[Tue Jul 2 19:23:53 2024] hci_power_on [bluetooth] from process_one_work+0x160/0x350
[Tue Jul 2 19:23:53 2024] process_one_work from worker_thread+0x2f4/0x4ac
[Tue Jul 2 19:23:53 2024] worker_thread from kthread+0xcc/0xf0
[Tue Jul 2 19:23:54 2024] kthread from ret_from_fork+0x14/0x38
[Tue Jul 2 19:23:54 2024] Exception stack(0xdcf55fb0 to 0xdcf55ff8)
[Tue Jul 2 19:23:54 2024] 5fa0: 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:54 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:54 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[Tue Jul 2 19:23:54 2024] Code: e8bd8010 c0c29ca4 e52de004 e28dd004 (e5903164)
[Tue Jul 2 19:23:54 2024] ---[ end trace 0000000000000000 ]---
[Tue Jul 2 19:24:54 2024] gre: GRE over IPv4 demultiplexor driver
[Tue Jul 2 19:24:54 2024] ip6_gre: GRE over IPv6 tunneling driver
[Tue Jul 2 19:24:54 2024] CAN device driver interface
[Tue Jul 2 19:24:54 2024] vcan: Virtual CAN interface driver
[Tue Jul 2 19:24:55 2024] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[Tue Jul 2 19:24:55 2024] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[Tue Jul 2 19:24:55 2024] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Ja...@zx2c4.com>. All Rights Reserved.
[Tue Jul 2 19:24:55 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:24:55 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:24:55 2024] bridge_slave_0: entered allmulticast mode
[Tue Jul 2 19:24:55 2024] bridge_slave_0: entered promiscuous mode
[Tue Jul 2 19:24:55 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:24:55 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:24:55 2024] bridge_slave_1: entered allmulticast mode
[Tue Jul 2 19:24:55 2024] bridge_slave_1: entered promiscuous mode
[Tue Jul 2 19:24:55 2024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[Tue Jul 2 19:24:55 2024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Adding interface: batadv_slave_0
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Adding interface: batadv_slave_1
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[Tue Jul 2 19:24:55 2024] IPsec XFRM device driver
[Tue Jul 2 19:24:56 2024] 8021q: 802.1Q VLAN Support v1.8
[Tue Jul 2 19:24:56 2024] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] ipip: IPv4 and MPLS over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] ip_gre: GRE over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] IPv4 over IPsec tunneling driver
[Tue Jul 2 19:24:56 2024] 8021q: adding VLAN 0 to HW filter on device bond0
[Tue Jul 2 19:24:57 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:24:57 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:24:57 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:24:57 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:24:58 2024] 8021q: adding VLAN 0 to HW filter on device batadv0
[Tue Jul 2 19:24:59 2024] veth0_vlan: entered promiscuous mode
[Tue Jul 2 19:24:59 2024] veth1_vlan: entered promiscuous mode
[Tue Jul 2 19:25:00 2024] batman_adv: batadv0: Interface activated: batadv_slave_0
[Tue Jul 2 19:25:00 2024] batman_adv: batadv0: Interface activated: batadv_slave_1
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Removing interface: batadv_slave_0
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Removing interface: batadv_slave_1
[Tue Jul 2 19:25:01 2024] bridge_slave_1: left allmulticast mode
[Tue Jul 2 19:25:01 2024] bridge_slave_1: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:25:01 2024] bridge_slave_0: left allmulticast mode
[Tue Jul 2 19:25:01 2024] bridge_slave_0: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:25:01 2024] veth1_vlan: left promiscuous mode
[Tue Jul 2 19:25:01 2024] veth0_vlan: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): Released all slaves
[Tue Jul 2 19:26:53 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:53 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:53 2024] bridge_slave_0: entered allmulticast mode
[Tue Jul 2 19:26:53 2024] bridge_slave_0: entered promiscuous mode
[Tue Jul 2 19:26:53 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:53 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:53 2024] bridge_slave_1: entered allmulticast mode
[Tue Jul 2 19:26:53 2024] bridge_slave_1: entered promiscuous mode
[Tue Jul 2 19:26:53 2024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[Tue Jul 2 19:26:53 2024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Adding interface: batadv_slave_0
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Adding interface: batadv_slave_1
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:26:54 2024] 8021q: adding VLAN 0 to HW filter on device bond0
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:26:55 2024] 8021q: adding VLAN 0 to HW filter on device batadv0
[Tue Jul 2 19:26:55 2024] veth0_vlan: entered promiscuous mode
[Tue Jul 2 19:26:55 2024] veth1_vlan: entered promiscuous mode
[Tue Jul 2 19:26:55 2024] batman_adv: batadv0: Interface activated: batadv_slave_0
[Tue Jul 2 19:26:55 2024] batman_adv: batadv0: Interface activated: batadv_slave_1
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Removing interface: batadv_slave_0
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Removing interface: batadv_slave_1
[Tue Jul 2 19:26:56 2024] bridge_slave_1: left allmulticast mode
[Tue Jul 2 19:26:56 2024] bridge_slave_1: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:56 2024] bridge_slave_0: left allmulticast mode
[Tue Jul 2 19:26:56 2024] bridge_slave_0: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:56 2024] veth1_vlan: left promiscuous mode
[Tue Jul 2 19:26:56 2024] veth0_vlan: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): Released all slaves
[Tue Jul 2 19:26:57 2024] 8<--- cut here ---
[Tue Jul 2 19:26:57 2024] Unable to handle kernel NULL pointer dereference at virtual address 00000164 when read
[Tue Jul 2 19:26:57 2024] [00000164] *pgd=00000000
[Tue Jul 2 19:26:57 2024] Internal error: Oops: 17 [#2] ARM
[Tue Jul 2 19:26:57 2024] Modules linked in: ip6_vti ip_vti ip_gre ipip sit ip_tunnel ipvlan macvlan 8021q garp xfrm_interface xfrm6_tunnel tunnel4 wireguard libchacha20poly1305 chacha_neon poly1305_arm ip6_udp_tunnel udp_tunnel libcurve25519_generic veth batman_adv dummy bonding vcan can_dev ip6_gre gre ip6_tunnel tunnel6 hci_vhci tun iptable_raw iptable_mangle iptable_nat iptable_filter raw_gadget(O) cmac algif_hash aes_arm aes_generic ecb algif_skcipher af_alg bnep xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc brcmfmac_wcc brcmfmac vc4 brcmutil cfg80211 hci_uart btbcm snd_soc_hdmi_codec drm_display_helper cec bluetooth drm_dma_helper drm_kms_helper snd_soc_core ecdh_generic ecc snd_compress raspberrypi_hwmon snd_pcm_dmaengine libaes i2c_bcm2835 bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem bcm2835_isp(C) bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops
[Tue Jul 2 19:26:57 2024] videobuf2_v4l2 rfkill videodev snd_bcm2835(C) snd_pcm snd_timer snd videobuf2_common vc_sm_cma(C) mc overlay raspberrypi_gpiomem binfmt_misc fixed uio_pdrv_genirq uio drm fuse dm_mod dwc2 drm_panel_orientation_quirks backlight roles ip_tables x_tables ipv6
[Tue Jul 2 19:26:57 2024] CPU: 0 PID: 488 Comm: kworker/u3:2 Tainted: G D C O 6.6.33+ #1770
[Tue Jul 2 19:26:57 2024] Hardware name: BCM2835
[Tue Jul 2 19:26:57 2024] Workqueue: hci2 hci_power_on [bluetooth]
[Tue Jul 2 19:26:57 2024] PC is at __dev_fwnode+0x8/0x1c
[Tue Jul 2 19:26:57 2024] LR is at hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:26:57 2024] pc : [<c067b8e4>] lr : [<bf445dbc>] psr: 20000013
[Tue Jul 2 19:26:57 2024] sp : dca15ec8 ip : 00000000 fp : 00000000
[Tue Jul 2 19:26:57 2024] r10: 00000000 r9 : c288f3a8 r8 : 00000000
[Tue Jul 2 19:26:57 2024] r7 : c288f000 r6 : 00000060 r5 : c288f5a8 r4 : c288f000
[Tue Jul 2 19:26:57 2024] r3 : 20000013 r2 : 20000013 r1 : 00000007 r0 : 00000000
[Tue Jul 2 19:26:57 2024] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[Tue Jul 2 19:26:57 2024] Control: 00c5387d Table: 01f1c008 DAC: 00000055
[Tue Jul 2 19:26:57 2024] Register r0 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r1 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r2 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r3 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r4 information: slab kmalloc-4k start c288f000 pointer offset 0 size 4096
[Tue Jul 2 19:26:57 2024] Register r5 information: slab kmalloc-4k start c288f000 pointer offset 1448 size 4096
[Tue Jul 2 19:26:57 2024] Register r6 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r7 information: slab kmalloc-4k start c288f000 pointer offset 0 size 4096
[Tue Jul 2 19:26:57 2024] Register r8 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r9 information: slab kmalloc-4k start c288f000 pointer offset 936 size 4096
[Tue Jul 2 19:26:57 2024] Register r10 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r11 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r12 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Process kworker/u3:2 (pid: 488, stack limit = 0x522a295d)
[Tue Jul 2 19:26:57 2024] Stack: (0xdca15ec8 to 0xdca16000)
[Tue Jul 2 19:26:57 2024] 5ec0: ffffffff c09b6f98 c2a24000 c0d8b5e0 c98e2000 c0d7f02c
[Tue Jul 2 19:26:57 2024] 5ee0: 6d051509 15a241c4 c2a24000 c288f3a4 c288f5a8 00000060 c288f000 db9ecd05
[Tue Jul 2 19:26:57 2024] 5f00: c288f3a8 00000000 00000000 bf3f590c c09b75d4 00000000 c1c9be10 15a241c4
[Tue Jul 2 19:26:57 2024] 5f20: c2b42f80 c2b42f80 c288f3a4 00000060 db9ecd00 c003d018 c0df1a40 c1bf201c
[Tue Jul 2 19:26:57 2024] 5f40: 61c88647 c2b42f80 c2b42fac c1bf2000 c0df1a40 c1bf201c 61c88647 c003d4fc
[Tue Jul 2 19:26:57 2024] 5f60: c2b42f80 c2a24000 dca2ded0 dbb46e60 c2a24000 c003d208 c2b42f80 c21325c0
[Tue Jul 2 19:26:57 2024] 5f80: dca2ded0 00000000 00000000 c00440e4 dbb46e60 c0044018 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fa0: 00000000 00000000 00000000 c000833c 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] __dev_fwnode from hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:26:57 2024] hci_dev_open_sync [bluetooth] from hci_power_on+0x48/0x2e4 [bluetooth]
[Tue Jul 2 19:26:57 2024] hci_power_on [bluetooth] from process_one_work+0x160/0x350
[Tue Jul 2 19:26:57 2024] process_one_work from worker_thread+0x2f4/0x4ac
[Tue Jul 2 19:26:57 2024] worker_thread from kthread+0xcc/0xf0
[Tue Jul 2 19:26:57 2024] kthread from ret_from_fork+0x14/0x38
[Tue Jul 2 19:26:57 2024] Exception stack(0xdca15fb0 to 0xdca15ff8)
[Tue Jul 2 19:26:57 2024] 5fa0: 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[Tue Jul 2 19:26:57 2024] Code: e8bd8010 c0c29ca4 e52de004 e28dd004 (e5903164)
[Tue Jul 2 19:26:57 2024] ---[ end trace 0000000000000000 ]---
[Tue Jul 2 19:29:57 2024] dwc2 20980000.usb: bound driver raw-gadget.0
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new device is high-speed
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new device is high-speed
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new address 8
[Tue Jul 2 19:23:53 2024] Unable to handle kernel NULL pointer dereference at virtual address 00000164 when read
[Tue Jul 2 19:23:53 2024] [00000164] *pgd=00000000
[Tue Jul 2 19:23:53 2024] Internal error: Oops: 17 [#1] ARM
[Tue Jul 2 19:23:53 2024] Modules linked in: hci_vhci tun iptable_raw iptable_mangle iptable_nat iptable_filter raw_gadget(O) cmac algif_hash aes_arm aes_generic ecb algif_skcipher af_alg bnep xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc brcmfmac_wcc brcmfmac vc4 brcmutil cfg80211 hci_uart btbcm snd_soc_hdmi_codec drm_display_helper cec bluetooth drm_dma_helper drm_kms_helper snd_soc_core ecdh_generic ecc snd_compress raspberrypi_hwmon snd_pcm_dmaengine libaes i2c_bcm2835 bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem bcm2835_isp(C) bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 rfkill videodev snd_bcm2835(C) snd_pcm snd_timer snd videobuf2_common vc_sm_cma(C) mc overlay raspberrypi_gpiomem binfmt_misc fixed uio_pdrv_genirq uio drm fuse dm_mod dwc2 drm_panel_orientation_quirks backlight roles ip_tables x_tables ipv6
[Tue Jul 2 19:23:53 2024] CPU: 0 PID: 41 Comm: kworker/u3:0 Tainted: G C O 6.6.33+ #1770
[Tue Jul 2 19:23:53 2024] Hardware name: BCM2835
[Tue Jul 2 19:23:53 2024] Workqueue: hci1 hci_power_on [bluetooth]
[Tue Jul 2 19:23:53 2024] PC is at __dev_fwnode+0x8/0x1c
[Tue Jul 2 19:23:53 2024] LR is at hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:23:53 2024] pc : [<c067b8e4>] lr : [<bf445dbc>] psr: 20000013
[Tue Jul 2 19:23:53 2024] sp : dcf55ec8 ip : 00000000 fp : c1bf2058
[Tue Jul 2 19:23:53 2024] r10: c1bf201c r9 : c2a113a8 r8 : 00000000
[Tue Jul 2 19:23:53 2024] r7 : c2a11000 r6 : 00000060 r5 : c2a115a8 r4 : c2a11000
[Tue Jul 2 19:23:53 2024] r3 : 20000013 r2 : 20000013 r1 : 00000007 r0 : 00000000
[Tue Jul 2 19:23:53 2024] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[Tue Jul 2 19:23:53 2024] Control: 00c5387d Table: 028c4008 DAC: 00000055
[Tue Jul 2 19:23:53 2024] Register r0 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Register r1 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r2 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r3 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r4 information: slab kmalloc-4k start c2a11000 pointer offset 0 size 4096
[Tue Jul 2 19:23:53 2024] Register r5 information: slab kmalloc-4k start c2a11000 pointer offset 1448 size 4096
[Tue Jul 2 19:23:53 2024] Register r6 information: non-paged memory
[Tue Jul 2 19:23:53 2024] Register r7 information: slab kmalloc-4k start c2a11000 pointer offset 0 size 4096
[Tue Jul 2 19:23:53 2024] Register r8 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Register r9 information: slab kmalloc-4k start c2a11000 pointer offset 936 size 4096
[Tue Jul 2 19:23:53 2024] Register r10 information: slab kmalloc-512 start c1bf2000 pointer offset 28 size 512
[Tue Jul 2 19:23:53 2024] Register r11 information: slab kmalloc-512 start c1bf2000 pointer offset 88 size 512
[Tue Jul 2 19:23:53 2024] Register r12 information: NULL pointer
[Tue Jul 2 19:23:53 2024] Process kworker/u3:0 (pid: 41, stack limit = 0xb46e5d8d)
[Tue Jul 2 19:23:53 2024] Stack: (0xdcf55ec8 to 0xdcf56000)
[Tue Jul 2 19:23:53 2024] 5ec0: ffffffff c09b6f98 c3671000 c0d8b5e0 c3a69000 c0d7f02c
[Tue Jul 2 19:23:53 2024] 5ee0: 570a3ffc 11473552 c3671000 c2a113a4 c2a115a8 00000060 c2a11000 c3537605
[Tue Jul 2 19:23:53 2024] 5f00: c2a113a8 c1bf201c c1bf2058 bf3f590c c09b75d4 00000000 c1c9be10 11473552
[Tue Jul 2 19:23:53 2024] 5f20: c3737780 c3737780 c2a113a4 00000060 c3537600 c003d018 c0df1a40 c1bf201c
[Tue Jul 2 19:23:53 2024] 5f40: 61c88647 c3737780 c37377ac c1bf2000 c0df1a40 c1bf201c 61c88647 c003d4fc
[Tue Jul 2 19:23:53 2024] 5f60: c3737780 c3671000 dc80ddd8 c37e0c80 c3671000 c003d208 c3737780 c12d8cc0
[Tue Jul 2 19:23:53 2024] 5f80: dc80ddd8 00000000 00000000 c00440e4 c37e0c80 c0044018 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fa0: 00000000 00000000 00000000 c000833c 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[Tue Jul 2 19:23:53 2024] __dev_fwnode from hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:23:53 2024] hci_dev_open_sync [bluetooth] from hci_power_on+0x48/0x2e4 [bluetooth]
[Tue Jul 2 19:23:53 2024] hci_power_on [bluetooth] from process_one_work+0x160/0x350
[Tue Jul 2 19:23:53 2024] process_one_work from worker_thread+0x2f4/0x4ac
[Tue Jul 2 19:23:53 2024] worker_thread from kthread+0xcc/0xf0
[Tue Jul 2 19:23:54 2024] kthread from ret_from_fork+0x14/0x38
[Tue Jul 2 19:23:54 2024] Exception stack(0xdcf55fb0 to 0xdcf55ff8)
[Tue Jul 2 19:23:54 2024] 5fa0: 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:54 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:23:54 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[Tue Jul 2 19:23:54 2024] Code: e8bd8010 c0c29ca4 e52de004 e28dd004 (e5903164)
[Tue Jul 2 19:23:54 2024] ---[ end trace 0000000000000000 ]---
[Tue Jul 2 19:24:54 2024] gre: GRE over IPv4 demultiplexor driver
[Tue Jul 2 19:24:54 2024] ip6_gre: GRE over IPv6 tunneling driver
[Tue Jul 2 19:24:54 2024] CAN device driver interface
[Tue Jul 2 19:24:54 2024] vcan: Virtual CAN interface driver
[Tue Jul 2 19:24:55 2024] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[Tue Jul 2 19:24:55 2024] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[Tue Jul 2 19:24:55 2024] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Ja...@zx2c4.com>. All Rights Reserved.
[Tue Jul 2 19:24:55 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:24:55 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:24:55 2024] bridge_slave_0: entered allmulticast mode
[Tue Jul 2 19:24:55 2024] bridge_slave_0: entered promiscuous mode
[Tue Jul 2 19:24:55 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:24:55 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:24:55 2024] bridge_slave_1: entered allmulticast mode
[Tue Jul 2 19:24:55 2024] bridge_slave_1: entered promiscuous mode
[Tue Jul 2 19:24:55 2024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[Tue Jul 2 19:24:55 2024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Adding interface: batadv_slave_0
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Adding interface: batadv_slave_1
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:24:55 2024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[Tue Jul 2 19:24:55 2024] IPsec XFRM device driver
[Tue Jul 2 19:24:56 2024] 8021q: 802.1Q VLAN Support v1.8
[Tue Jul 2 19:24:56 2024] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] ipip: IPv4 and MPLS over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] ip_gre: GRE over IPv4 tunneling driver
[Tue Jul 2 19:24:56 2024] IPv4 over IPsec tunneling driver
[Tue Jul 2 19:24:56 2024] 8021q: adding VLAN 0 to HW filter on device bond0
[Tue Jul 2 19:24:57 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:24:57 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:24:57 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:24:57 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:24:58 2024] 8021q: adding VLAN 0 to HW filter on device batadv0
[Tue Jul 2 19:24:59 2024] veth0_vlan: entered promiscuous mode
[Tue Jul 2 19:24:59 2024] veth1_vlan: entered promiscuous mode
[Tue Jul 2 19:25:00 2024] batman_adv: batadv0: Interface activated: batadv_slave_0
[Tue Jul 2 19:25:00 2024] batman_adv: batadv0: Interface activated: batadv_slave_1
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Removing interface: batadv_slave_0
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[Tue Jul 2 19:25:01 2024] batman_adv: batadv0: Removing interface: batadv_slave_1
[Tue Jul 2 19:25:01 2024] bridge_slave_1: left allmulticast mode
[Tue Jul 2 19:25:01 2024] bridge_slave_1: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:25:01 2024] bridge_slave_0: left allmulticast mode
[Tue Jul 2 19:25:01 2024] bridge_slave_0: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:25:01 2024] veth1_vlan: left promiscuous mode
[Tue Jul 2 19:25:01 2024] veth0_vlan: left promiscuous mode
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[Tue Jul 2 19:25:01 2024] bond0 (unregistering): Released all slaves
[Tue Jul 2 19:26:53 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:53 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:53 2024] bridge_slave_0: entered allmulticast mode
[Tue Jul 2 19:26:53 2024] bridge_slave_0: entered promiscuous mode
[Tue Jul 2 19:26:53 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:53 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:53 2024] bridge_slave_1: entered allmulticast mode
[Tue Jul 2 19:26:53 2024] bridge_slave_1: entered promiscuous mode
[Tue Jul 2 19:26:53 2024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[Tue Jul 2 19:26:53 2024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Adding interface: batadv_slave_0
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Adding interface: batadv_slave_1
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[Tue Jul 2 19:26:53 2024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:26:54 2024] 8021q: adding VLAN 0 to HW filter on device bond0
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 1(bridge_slave_0) entered forwarding state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered blocking state
[Tue Jul 2 19:26:54 2024] bridge0: port 2(bridge_slave_1) entered forwarding state
[Tue Jul 2 19:26:55 2024] 8021q: adding VLAN 0 to HW filter on device batadv0
[Tue Jul 2 19:26:55 2024] veth0_vlan: entered promiscuous mode
[Tue Jul 2 19:26:55 2024] veth1_vlan: entered promiscuous mode
[Tue Jul 2 19:26:55 2024] batman_adv: batadv0: Interface activated: batadv_slave_0
[Tue Jul 2 19:26:55 2024] batman_adv: batadv0: Interface activated: batadv_slave_1
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Removing interface: batadv_slave_0
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[Tue Jul 2 19:26:56 2024] batman_adv: batadv0: Removing interface: batadv_slave_1
[Tue Jul 2 19:26:56 2024] bridge_slave_1: left allmulticast mode
[Tue Jul 2 19:26:56 2024] bridge_slave_1: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bridge0: port 2(bridge_slave_1) entered disabled state
[Tue Jul 2 19:26:56 2024] bridge_slave_0: left allmulticast mode
[Tue Jul 2 19:26:56 2024] bridge_slave_0: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bridge0: port 1(bridge_slave_0) entered disabled state
[Tue Jul 2 19:26:56 2024] veth1_vlan: left promiscuous mode
[Tue Jul 2 19:26:56 2024] veth0_vlan: left promiscuous mode
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[Tue Jul 2 19:26:56 2024] bond0 (unregistering): Released all slaves
[Tue Jul 2 19:26:57 2024] 8<--- cut here ---
[Tue Jul 2 19:26:57 2024] Unable to handle kernel NULL pointer dereference at virtual address 00000164 when read
[Tue Jul 2 19:26:57 2024] [00000164] *pgd=00000000
[Tue Jul 2 19:26:57 2024] Internal error: Oops: 17 [#2] ARM
[Tue Jul 2 19:26:57 2024] Modules linked in: ip6_vti ip_vti ip_gre ipip sit ip_tunnel ipvlan macvlan 8021q garp xfrm_interface xfrm6_tunnel tunnel4 wireguard libchacha20poly1305 chacha_neon poly1305_arm ip6_udp_tunnel udp_tunnel libcurve25519_generic veth batman_adv dummy bonding vcan can_dev ip6_gre gre ip6_tunnel tunnel6 hci_vhci tun iptable_raw iptable_mangle iptable_nat iptable_filter raw_gadget(O) cmac algif_hash aes_arm aes_generic ecb algif_skcipher af_alg bnep xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc brcmfmac_wcc brcmfmac vc4 brcmutil cfg80211 hci_uart btbcm snd_soc_hdmi_codec drm_display_helper cec bluetooth drm_dma_helper drm_kms_helper snd_soc_core ecdh_generic ecc snd_compress raspberrypi_hwmon snd_pcm_dmaengine libaes i2c_bcm2835 bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem bcm2835_isp(C) bcm2835_mmal_vchiq(C) videobuf2_dma_contig videobuf2_vmalloc videobuf2_memops
[Tue Jul 2 19:26:57 2024] videobuf2_v4l2 rfkill videodev snd_bcm2835(C) snd_pcm snd_timer snd videobuf2_common vc_sm_cma(C) mc overlay raspberrypi_gpiomem binfmt_misc fixed uio_pdrv_genirq uio drm fuse dm_mod dwc2 drm_panel_orientation_quirks backlight roles ip_tables x_tables ipv6
[Tue Jul 2 19:26:57 2024] CPU: 0 PID: 488 Comm: kworker/u3:2 Tainted: G D C O 6.6.33+ #1770
[Tue Jul 2 19:26:57 2024] Hardware name: BCM2835
[Tue Jul 2 19:26:57 2024] Workqueue: hci2 hci_power_on [bluetooth]
[Tue Jul 2 19:26:57 2024] PC is at __dev_fwnode+0x8/0x1c
[Tue Jul 2 19:26:57 2024] LR is at hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:26:57 2024] pc : [<c067b8e4>] lr : [<bf445dbc>] psr: 20000013
[Tue Jul 2 19:26:57 2024] sp : dca15ec8 ip : 00000000 fp : 00000000
[Tue Jul 2 19:26:57 2024] r10: 00000000 r9 : c288f3a8 r8 : 00000000
[Tue Jul 2 19:26:57 2024] r7 : c288f000 r6 : 00000060 r5 : c288f5a8 r4 : c288f000
[Tue Jul 2 19:26:57 2024] r3 : 20000013 r2 : 20000013 r1 : 00000007 r0 : 00000000
[Tue Jul 2 19:26:57 2024] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[Tue Jul 2 19:26:57 2024] Control: 00c5387d Table: 01f1c008 DAC: 00000055
[Tue Jul 2 19:26:57 2024] Register r0 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r1 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r2 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r3 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r4 information: slab kmalloc-4k start c288f000 pointer offset 0 size 4096
[Tue Jul 2 19:26:57 2024] Register r5 information: slab kmalloc-4k start c288f000 pointer offset 1448 size 4096
[Tue Jul 2 19:26:57 2024] Register r6 information: non-paged memory
[Tue Jul 2 19:26:57 2024] Register r7 information: slab kmalloc-4k start c288f000 pointer offset 0 size 4096
[Tue Jul 2 19:26:57 2024] Register r8 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r9 information: slab kmalloc-4k start c288f000 pointer offset 936 size 4096
[Tue Jul 2 19:26:57 2024] Register r10 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r11 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Register r12 information: NULL pointer
[Tue Jul 2 19:26:57 2024] Process kworker/u3:2 (pid: 488, stack limit = 0x522a295d)
[Tue Jul 2 19:26:57 2024] Stack: (0xdca15ec8 to 0xdca16000)
[Tue Jul 2 19:26:57 2024] 5ec0: ffffffff c09b6f98 c2a24000 c0d8b5e0 c98e2000 c0d7f02c
[Tue Jul 2 19:26:57 2024] 5ee0: 6d051509 15a241c4 c2a24000 c288f3a4 c288f5a8 00000060 c288f000 db9ecd05
[Tue Jul 2 19:26:57 2024] 5f00: c288f3a8 00000000 00000000 bf3f590c c09b75d4 00000000 c1c9be10 15a241c4
[Tue Jul 2 19:26:57 2024] 5f20: c2b42f80 c2b42f80 c288f3a4 00000060 db9ecd00 c003d018 c0df1a40 c1bf201c
[Tue Jul 2 19:26:57 2024] 5f40: 61c88647 c2b42f80 c2b42fac c1bf2000 c0df1a40 c1bf201c 61c88647 c003d4fc
[Tue Jul 2 19:26:57 2024] 5f60: c2b42f80 c2a24000 dca2ded0 dbb46e60 c2a24000 c003d208 c2b42f80 c21325c0
[Tue Jul 2 19:26:57 2024] 5f80: dca2ded0 00000000 00000000 c00440e4 dbb46e60 c0044018 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fa0: 00000000 00000000 00000000 c000833c 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] __dev_fwnode from hci_dev_open_sync+0xd4/0xa48 [bluetooth]
[Tue Jul 2 19:26:57 2024] hci_dev_open_sync [bluetooth] from hci_power_on+0x48/0x2e4 [bluetooth]
[Tue Jul 2 19:26:57 2024] hci_power_on [bluetooth] from process_one_work+0x160/0x350
[Tue Jul 2 19:26:57 2024] process_one_work from worker_thread+0x2f4/0x4ac
[Tue Jul 2 19:26:57 2024] worker_thread from kthread+0xcc/0xf0
[Tue Jul 2 19:26:57 2024] kthread from ret_from_fork+0x14/0x38
[Tue Jul 2 19:26:57 2024] Exception stack(0xdca15fb0 to 0xdca15ff8)
[Tue Jul 2 19:26:57 2024] 5fa0: 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[Tue Jul 2 19:26:57 2024] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[Tue Jul 2 19:26:57 2024] Code: e8bd8010 c0c29ca4 e52de004 e28dd004 (e5903164)
[Tue Jul 2 19:26:57 2024] ---[ end trace 0000000000000000 ]---
[Tue Jul 2 19:29:57 2024] dwc2 20980000.usb: bound driver raw-gadget.0
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new device is high-speed
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new device is high-speed
[Tue Jul 2 19:29:58 2024] dwc2 20980000.usb: new address 8
Darrion Ramos
Jul 2, 2024, 4:16:23 PMJul 2
to Andrey Konovalov, syzkaller
Probably just something with the old hardware on the Pi. Thanks for
your help on this!
On Tue, Jul 2, 2024 at 3:20 PM Andrey Konovalov <andre...@gmail.com> wrote:
>
> Ah, so it works, great!
>
> Not sure why it hangs after hci dev though.
--
-Thanks, Darrion
your help on this!
On Tue, Jul 2, 2024 at 3:20 PM Andrey Konovalov <andre...@gmail.com> wrote:
>
> Ah, so it works, great!
>
> Not sure why it hangs after hci dev though.
> > --
> > You received this message because you are subscribed to the Google Groups "syzkaller" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/3dbbf23b-9137-426b-a8a3-6c468bb44daan%40googlegroups.com.
> > You received this message because you are subscribed to the Google Groups "syzkaller" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
--
-Thanks, Darrion
Andrey Konovalov
Jul 4, 2024, 4:12:07 AMJul 4
to Darrion Ramos, syzkaller
Ah, so it works, great!
Not sure why it hangs after hci dev though.
Not sure why it hangs after hci dev though.
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/3dbbf23b-9137-426b-a8a3-6c468bb44daan%40googlegroups.com.
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages