[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. syzkaller login: [ 40.294299] audit: type=1400 audit(1601429019.694:8): avc: denied { execmem } for pid=6499 comm="syz-executor548" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.314653] IPVS: ftp: loaded support on port[0] = 21 [ 40.389534] chnl_net:caif_netlink_parms(): no params data found [ 40.500700] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.507434] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.515839] device bridge_slave_0 entered promiscuous mode [ 40.523495] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.529848] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.537483] device bridge_slave_1 entered promiscuous mode [ 40.555772] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.564708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.584570] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.592929] team0: Port device team_slave_0 added [ 40.598485] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.606861] team0: Port device team_slave_1 added [ 40.623286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.629649] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.655640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.667399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.673934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.699353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.710232] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.717674] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.737488] device hsr_slave_0 entered promiscuous mode [ 40.743274] device hsr_slave_1 entered promiscuous mode [ 40.749306] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.756611] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.825696] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.832131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.838920] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.845332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.878352] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 40.885766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.895555] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.905239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.914189] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.921989] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.928871] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 40.940395] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.946465] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.956208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.963949] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.970352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.979565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.988169] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.994590] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.012682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.020612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.028225] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.038592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.052125] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.063856] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.071636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.078928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.093524] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 41.100912] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.107541] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 41.119126] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.132962] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 41.142876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.177931] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 41.185909] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 41.193480] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 41.203407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.211241] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.219219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.228176] device veth0_vlan entered promiscuous mode [ 41.237991] device veth1_vlan entered promiscuous mode [ 41.244805] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 41.253944] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 41.266570] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 41.276868] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.284560] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.292569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.302379] device veth0_macvtap entered promiscuous mode [ 41.308540] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 41.319660] device veth1_macvtap entered promiscuous mode [ 41.328265] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 41.337913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 41.348867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.356149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.364778] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.375221] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 41.382175] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.388701] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.396639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 41.488492] ------------[ cut here ]------------ [ 41.493367] HSR: VLAN not yet supported [ 41.493761] WARNING: CPU: 1 PID: 6500 at net/hsr/hsr_forward.c:336 hsr_forward_skb+0x182d/0x1cc4 [ 41.506618] Kernel panic - not syncing: panic_on_warn set ... [ 41.506618] [ 41.513967] CPU: 1 PID: 6500 Comm: syz-executor548 Not tainted 4.19.148-syzkaller #0 [ 41.521826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.531158] Call Trace: [ 41.533731] dump_stack+0x22c/0x33e [ 41.537340] panic+0x2ac/0x565 [ 41.540557] ? __warn_printk+0xf3/0xf3 [ 41.544513] ? hsr_forward_skb+0x182d/0x1cc4 [ 41.548900] ? __probe_kernel_read+0x130/0x1b0 [ 41.553460] ? __warn.cold+0x5/0x5a [ 41.557066] ? __warn+0xe4/0x200 [ 41.560415] ? hsr_forward_skb+0x182d/0x1cc4 [ 41.564800] __warn.cold+0x20/0x5a [ 41.568318] ? find_held_lock+0x2d/0x110 [ 41.572393] ? hsr_forward_skb+0x182d/0x1cc4 [ 41.576783] report_bug+0x262/0x2b0 [ 41.580392] do_error_trap+0x1e1/0x330 [ 41.584322] ? math_error+0x320/0x320 [ 41.588098] ? vprintk_store+0x1fd/0x440 [ 41.592145] ? vprintk_emit+0x214/0x7c0 [ 41.596100] ? lockdep_hardirqs_on+0x29f/0x5e0 [ 41.600667] ? vprintk_emit+0x1d0/0x7c0 [ 41.604621] ? trace_hardirqs_off_caller+0x69/0x210 [ 41.609669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.614495] invalid_op+0x14/0x20 [ 41.617969] RIP: 0010:hsr_forward_skb+0x182d/0x1cc4 [ 41.622963] Code: 4c 89 fa 48 8b 7c 24 20 e8 e0 4d ff ff e9 3b f5 ff ff e8 a6 02 cb f9 48 c7 c7 c0 48 d5 88 c6 05 7c 30 8d 03 01 e8 49 ae 9b f9 <0f> 0b 48 ba 00 00 00 00 00 fc ff df 48 8b 7c 24 10 48 89 f8 48 c1 [ 41.641888] RSP: 0018:ffff8880a0f4f7f0 EFLAGS: 00010282 [ 41.647229] RAX: 0000000000000000 RBX: ffff8880a0367802 RCX: 0000000000000000 [ 41.654490] RDX: 0000000000000000 RSI: ffffffff815b523f RDI: ffffed10141e9ef0 [ 41.661740] RBP: ffff888093cccbc0 R08: 0000000000000000 R09: 0000000000000612 [ 41.668990] R10: 0000000000000006 R11: 0000000000000000 R12: ffff888093cccc86 [ 41.676237] R13: ffff888093cccc90 R14: 0000000000000000 R15: ffff888099384300 [ 41.683519] ? vprintk_func+0x7f/0x224 [ 41.687406] hsr_dev_xmit+0x6b/0xa0 [ 41.691025] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.696019] dev_hard_start_xmit+0x1a8/0x960 [ 41.700438] __dev_queue_xmit+0x276a/0x2ec0 [ 41.704744] ? netdev_pick_tx+0x350/0x350 [ 41.708873] ? find_held_lock+0x2d/0x110 [ 41.712918] ? sock_kzfree_s+0x60/0x60 [ 41.716803] ? lock_downgrade+0x750/0x750 [ 41.720928] ? lock_acquire+0x170/0x3f0 [ 41.724881] ? netif_device_attach+0x1c0/0x1c0 [ 41.729441] ? skb_copy_datagram_from_iter+0x45f/0x680 [ 41.734694] ? memcpy+0x35/0x50 [ 41.737956] packet_sendmsg+0x241d/0x6bcd [ 41.742094] ? perf_trace_lock_acquire+0x4d1/0x580 [ 41.747007] ? sock_has_perm+0x203/0x2c0 [ 41.751055] ? selinux_tun_dev_attach_queue+0x140/0x140 [ 41.756396] ? __might_fault+0x11f/0x1d0 [ 41.760440] ? compat_packet_setsockopt+0x160/0x160 [ 41.765441] ? compat_packet_setsockopt+0x160/0x160 [ 41.770449] sock_sendmsg+0xc7/0x130 [ 41.774142] __sys_sendto+0x21a/0x320 [ 41.777930] ? __ia32_sys_getpeername+0xb0/0xb0 [ 41.782583] ? selinux_file_ioctl+0x44f/0x5e0 [ 41.787071] ? mark_lock+0xf13/0x13b0 [ 41.790857] ? lock_downgrade+0x750/0x750 [ 41.795006] __x64_sys_sendto+0xdd/0x1b0 [ 41.799162] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 41.803722] do_syscall_64+0xf9/0x670 [ 41.807514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.812693] RIP: 0033:0x443689 [ 41.816124] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.835012] RSP: 002b:00007fff6e5b71d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 41.842699] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443689 [ 41.849948] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 41.857205] RBP: 00007fff6e5b71f0 R08: 0000000020000000 R09: 0000000000000014 [ 41.864467] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6e5b7200 [ 41.871715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.880356] Kernel Offset: disabled [ 41.884016] Rebooting in 86400 seconds..