[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. syzkaller login: [ 74.515663][ T37] audit: type=1400 audit(1626144682.094:8): avc: denied { execmem } for pid=8436 comm="syz-executor677" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 74.613467][ T8437] chnl_net:caif_netlink_parms(): no params data found [ 74.654905][ T8437] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.663201][ T8437] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.671223][ T8437] device bridge_slave_0 entered promiscuous mode [ 74.678939][ T8437] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.687016][ T8437] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.694957][ T8437] device bridge_slave_1 entered promiscuous mode [ 74.712301][ T8437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.723573][ T8437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.742321][ T8437] team0: Port device team_slave_0 added [ 74.749404][ T8437] team0: Port device team_slave_1 added [ 74.773300][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.780272][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.806314][ T8437] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.818873][ T8437] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.827101][ T8437] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.854396][ T8437] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.877083][ T8437] device hsr_slave_0 entered promiscuous mode [ 74.883972][ T8437] device hsr_slave_1 entered promiscuous mode [ 74.960435][ T8437] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.970504][ T8437] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.980344][ T8437] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.991646][ T8437] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.010014][ T8437] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.017278][ T8437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.024735][ T8437] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.031875][ T8437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.064316][ T8437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.076138][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.085022][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.093676][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.103379][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.114386][ T8437] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.128613][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.138573][ T3161] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.145759][ T3161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.163237][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.171737][ T3161] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.178811][ T3161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.187840][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.202142][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.212137][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.224593][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.235418][ T8645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.245764][ T8437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.260444][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.268238][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.280043][ T8437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.297955][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.315388][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.323669][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.332226][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.342615][ T8437] device veth0_vlan entered promiscuous mode [ 75.353513][ T8437] device veth1_vlan entered promiscuous mode [ 75.370144][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.378338][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.387553][ T8646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.399543][ T8437] device veth0_macvtap entered promiscuous mode [ 75.409180][ T8437] device veth1_macvtap entered promiscuous mode [ 75.424098][ T8437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.431799][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.441024][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.451973][ T8437] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.461645][ T3161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 75.472185][ T8437] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.481445][ T8437] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.490161][ T8437] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.499569][ T8437] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.551486][ T8646] ================================================================================ [ 75.560824][ T8646] UBSAN: shift-out-of-bounds in net/sched/sch_api.c:572:7 [ 75.568169][ T8646] shift exponent 144 is too large for 32-bit type 'int' [ 75.575379][ T8646] CPU: 1 PID: 8646 Comm: kworker/1:4 Tainted: G W 5.14.0-rc1-syzkaller #0 [ 75.585284][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.595448][ T8646] Workqueue: mld mld_ifc_work [ 75.600150][ T8646] Call Trace: [ 75.603518][ T8646] dump_stack_lvl+0xcd/0x134 [ 75.608124][ T8646] ubsan_epilogue+0xb/0x5a [ 75.612551][ T8646] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 75.619327][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.624800][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.630401][ T8646] __qdisc_calculate_pkt_len.cold+0x62/0xcf [ 75.636317][ T8646] __dev_queue_xmit+0x1166/0x36c0 [ 75.641384][ T8646] ? nf_ct_deliver_cached_events+0x1ae/0x690 [ 75.647376][ T8646] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 75.652671][ T8646] ? lock_acquire+0x3b0/0x510 [ 75.657359][ T8646] ? lock_release+0x720/0x720 [ 75.662039][ T8646] ? __ip_finish_output+0x396/0x640 [ 75.667279][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 75.672154][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.677633][ T8646] ? lock_release+0x522/0x720 [ 75.682320][ T8646] ? nf_hook+0x1eb/0x5b0 [ 75.686603][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 75.691640][ T8646] ip_finish_output2+0xef0/0x2220 [ 75.696785][ T8646] ? ip_fragment.constprop.0+0x240/0x240 [ 75.702435][ T8646] ? __ip_finish_output+0x640/0x640 [ 75.707644][ T8646] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 75.714512][ T8646] ? pci_iomap_wc_range+0x4/0x310 [ 75.719551][ T8646] __ip_finish_output+0x396/0x640 [ 75.724589][ T8646] ip_finish_output+0x32/0x200 [ 75.729363][ T8646] ip_output+0x196/0x310 [ 75.733620][ T8646] ip_local_out+0xaf/0x1a0 [ 75.738060][ T8646] iptunnel_xmit+0x5a3/0x9c0 [ 75.742709][ T8646] geneve_xmit+0x1186/0x3440 [ 75.747335][ T8646] ? geneve_fill_metadata_dst+0xb70/0xb70 [ 75.753071][ T8646] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 75.758996][ T8646] ? kasan_save_stack+0x32/0x40 [ 75.763866][ T8646] ? kasan_save_stack+0x1b/0x40 [ 75.768730][ T8646] ? __kasan_kmalloc+0x98/0xc0 [ 75.773504][ T8646] ? ___neigh_create+0x13fe/0x26a0 [ 75.778639][ T8646] ? ip6_finish_output2+0xe32/0x1700 [ 75.783949][ T8646] ? skb_crc32c_csum_help+0x70/0x70 [ 75.789344][ T8646] ? lock_acquire+0x442/0x510 [ 75.794039][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.799543][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.805029][ T8646] ? lock_acquire+0x442/0x510 [ 75.809723][ T8646] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 75.815985][ T8646] ? validate_xmit_xfrm+0x498/0x1050 [ 75.821302][ T8646] ? dev_hard_start_xmit+0x64e/0x920 [ 75.826631][ T8646] dev_hard_start_xmit+0x1eb/0x920 [ 75.831760][ T8646] ? netdev_core_pick_tx+0x1cb/0x2e0 [ 75.837053][ T8646] __dev_queue_xmit+0x29ee/0x36c0 [ 75.842091][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 75.847569][ T8646] ? lock_release+0x522/0x720 [ 75.852263][ T8646] ? ___neigh_create+0x16e7/0x26a0 [ 75.857400][ T8646] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 75.862705][ T8646] ? lock_acquire+0x3b0/0x510 [ 75.867403][ T8646] ? lock_release+0x522/0x720 [ 75.872098][ T8646] ? lock_release+0x720/0x720 [ 75.876793][ T8646] ? ip6_finish_output2+0x686/0x1700 [ 75.882123][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 75.887065][ T8646] ? do_raw_write_lock+0x11a/0x280 [ 75.892196][ T8646] ? do_raw_read_unlock+0x70/0x70 [ 75.897411][ T8646] ? memcpy+0x39/0x60 [ 75.901419][ T8646] neigh_resolve_output+0x50e/0x820 [ 75.906644][ T8646] ip6_finish_output2+0x686/0x1700 [ 75.911773][ T8646] __ip6_finish_output+0x4c1/0x1050 [ 75.917003][ T8646] ? in6_dev_get+0x2c0/0x2c0 [ 75.921617][ T8646] ip6_finish_output+0x32/0x200 [ 75.926488][ T8646] ip6_output+0x1e4/0x530 [ 75.930833][ T8646] mld_sendpack+0x8d4/0xdc0 [ 75.935376][ T8646] ? igmp6_mcf_seq_next+0x550/0x550 [ 75.940630][ T8646] ? lock_acquire+0x442/0x510 [ 75.945320][ T8646] ? lock_release+0x720/0x720 [ 75.950005][ T8646] mld_ifc_work+0x71c/0xdc0 [ 75.954612][ T8646] process_one_work+0x98d/0x1630 [ 75.959571][ T8646] ? pwq_dec_nr_in_flight+0x320/0x320 [ 75.964973][ T8646] ? rwlock_bug.part.0+0x90/0x90 [ 75.970009][ T8646] worker_thread+0x658/0x11f0 [ 75.974703][ T8646] ? process_one_work+0x1630/0x1630 [ 75.980017][ T8646] kthread+0x3e5/0x4d0 [ 75.984113][ T8646] ? _raw_spin_unlock_irq+0x1f/0x40 [ 75.989412][ T8646] ? set_kthread_struct+0x130/0x130 [ 75.994707][ T8646] ret_from_fork+0x1f/0x30 [ 75.999282][ T8646] ================================================================================ [ 76.008698][ T8646] Kernel panic - not syncing: panic_on_warn set ... [ 76.015388][ T8646] CPU: 1 PID: 8646 Comm: kworker/1:4 Tainted: G W 5.14.0-rc1-syzkaller #0 [ 76.025217][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.035331][ T8646] Workqueue: mld mld_ifc_work [ 76.040040][ T8646] Call Trace: [ 76.043632][ T8646] dump_stack_lvl+0xcd/0x134 [ 76.048354][ T8646] panic+0x306/0x73d [ 76.052256][ T8646] ? __warn_printk+0xf3/0xf3 [ 76.056856][ T8646] ? dump_stack_lvl+0x120/0x134 [ 76.061736][ T8646] ? ubsan_epilogue+0x3e/0x5a [ 76.066435][ T8646] ubsan_epilogue+0x54/0x5a [ 76.070960][ T8646] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 76.077772][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.083407][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.088884][ T8646] __qdisc_calculate_pkt_len.cold+0x62/0xcf [ 76.094799][ T8646] __dev_queue_xmit+0x1166/0x36c0 [ 76.099867][ T8646] ? nf_ct_deliver_cached_events+0x1ae/0x690 [ 76.105889][ T8646] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 76.111193][ T8646] ? lock_acquire+0x3b0/0x510 [ 76.115878][ T8646] ? lock_release+0x720/0x720 [ 76.120559][ T8646] ? __ip_finish_output+0x396/0x640 [ 76.125868][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 76.130731][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.136200][ T8646] ? lock_release+0x522/0x720 [ 76.140890][ T8646] ? nf_hook+0x1eb/0x5b0 [ 76.145144][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 76.150085][ T8646] ip_finish_output2+0xef0/0x2220 [ 76.155149][ T8646] ? ip_fragment.constprop.0+0x240/0x240 [ 76.160794][ T8646] ? __ip_finish_output+0x640/0x640 [ 76.166093][ T8646] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 76.173126][ T8646] ? pci_iomap_wc_range+0x4/0x310 [ 76.178163][ T8646] __ip_finish_output+0x396/0x640 [ 76.183225][ T8646] ip_finish_output+0x32/0x200 [ 76.188003][ T8646] ip_output+0x196/0x310 [ 76.192259][ T8646] ip_local_out+0xaf/0x1a0 [ 76.196684][ T8646] iptunnel_xmit+0x5a3/0x9c0 [ 76.201290][ T8646] geneve_xmit+0x1186/0x3440 [ 76.205888][ T8646] ? geneve_fill_metadata_dst+0xb70/0xb70 [ 76.211615][ T8646] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.217605][ T8646] ? kasan_save_stack+0x32/0x40 [ 76.222459][ T8646] ? kasan_save_stack+0x1b/0x40 [ 76.227330][ T8646] ? __kasan_kmalloc+0x98/0xc0 [ 76.232128][ T8646] ? ___neigh_create+0x13fe/0x26a0 [ 76.237252][ T8646] ? ip6_finish_output2+0xe32/0x1700 [ 76.242547][ T8646] ? skb_crc32c_csum_help+0x70/0x70 [ 76.247762][ T8646] ? lock_acquire+0x442/0x510 [ 76.252459][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.257939][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.263427][ T8646] ? lock_acquire+0x442/0x510 [ 76.268114][ T8646] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 76.274375][ T8646] ? validate_xmit_xfrm+0x498/0x1050 [ 76.279680][ T8646] ? dev_hard_start_xmit+0x64e/0x920 [ 76.284992][ T8646] dev_hard_start_xmit+0x1eb/0x920 [ 76.290113][ T8646] ? netdev_core_pick_tx+0x1cb/0x2e0 [ 76.295406][ T8646] __dev_queue_xmit+0x29ee/0x36c0 [ 76.300610][ T8646] ? rcu_read_lock_sched_held+0xd/0x70 [ 76.306166][ T8646] ? lock_release+0x522/0x720 [ 76.310847][ T8646] ? ___neigh_create+0x16e7/0x26a0 [ 76.315973][ T8646] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 76.321283][ T8646] ? lock_acquire+0x3b0/0x510 [ 76.325976][ T8646] ? lock_release+0x522/0x720 [ 76.330661][ T8646] ? lock_release+0x720/0x720 [ 76.335351][ T8646] ? ip6_finish_output2+0x686/0x1700 [ 76.340653][ T8646] ? lock_downgrade+0x6e0/0x6e0 [ 76.345509][ T8646] ? do_raw_write_lock+0x11a/0x280 [ 76.350656][ T8646] ? do_raw_read_unlock+0x70/0x70 [ 76.356042][ T8646] ? memcpy+0x39/0x60 [ 76.360056][ T8646] neigh_resolve_output+0x50e/0x820 [ 76.365382][ T8646] ip6_finish_output2+0x686/0x1700 [ 76.370515][ T8646] __ip6_finish_output+0x4c1/0x1050 [ 76.375913][ T8646] ? in6_dev_get+0x2c0/0x2c0 [ 76.380523][ T8646] ip6_finish_output+0x32/0x200 [ 76.385386][ T8646] ip6_output+0x1e4/0x530 [ 76.389899][ T8646] mld_sendpack+0x8d4/0xdc0 [ 76.395212][ T8646] ? igmp6_mcf_seq_next+0x550/0x550 [ 76.400438][ T8646] ? lock_acquire+0x442/0x510 [ 76.405431][ T8646] ? lock_release+0x720/0x720 [ 76.410192][ T8646] mld_ifc_work+0x71c/0xdc0 [ 76.414719][ T8646] process_one_work+0x98d/0x1630 [ 76.419679][ T8646] ? pwq_dec_nr_in_flight+0x320/0x320 [ 76.425418][ T8646] ? rwlock_bug.part.0+0x90/0x90 [ 76.430474][ T8646] worker_thread+0x658/0x11f0 [ 76.435172][ T8646] ? process_one_work+0x1630/0x1630 [ 76.440398][ T8646] kthread+0x3e5/0x4d0 [ 76.444498][ T8646] ? _raw_spin_unlock_irq+0x1f/0x40 [ 76.449706][ T8646] ? set_kthread_struct+0x130/0x130 [ 76.454942][ T8646] ret_from_fork+0x1f/0x30 [ 76.460451][ T8646] Kernel Offset: disabled [ 76.464873][ T8646] Rebooting in 86400 seconds..