Warning: Permanently added '10.128.0.169' (ECDSA) to the list of known hosts. syzkaller login: [ 39.103329] IPVS: ftp: loaded support on port[0] = 21 [ 39.179213] chnl_net:caif_netlink_parms(): no params data found [ 39.240874] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.248277] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.257040] device bridge_slave_0 entered promiscuous mode [ 39.264525] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.271463] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.278829] device bridge_slave_1 entered promiscuous mode [ 39.297154] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.306885] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.324578] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.332062] team0: Port device team_slave_0 added [ 39.337955] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.345202] team0: Port device team_slave_1 added [ 39.360751] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.368280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.401856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.422967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.431933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.459463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.470469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 39.478765] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.498286] device hsr_slave_0 entered promiscuous mode [ 39.505701] device hsr_slave_1 entered promiscuous mode [ 39.512889] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.520623] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.590293] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.596845] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.603647] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.610084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.642356] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 39.649886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.658500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.668847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.678193] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.685960] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.694011] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 39.705607] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.712388] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.722149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.730674] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.737315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.747283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.755508] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.762023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.778534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.787490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.799703] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.808401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.820856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.833841] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.840452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.848573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.861505] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.869849] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.877933] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.889432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.903059] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 39.914241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.952723] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 39.961778] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 39.970078] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 39.979636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.987902] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.994798] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.003902] device veth0_vlan entered promiscuous mode [ 40.013987] device veth1_vlan entered promiscuous mode [ 40.020243] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 40.029569] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 40.041896] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 40.052585] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.062377] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.071993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.082677] device veth0_macvtap entered promiscuous mode [ 40.090646] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 40.099559] device veth1_macvtap entered promiscuous mode [ 40.109050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 40.118473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 40.130268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.138188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.147944] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.158803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.173120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program [ 40.265207] device batadv0 entered promiscuous mode [ 40.271155] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 40.279127] device batadv0 left promiscuous mode [ 40.284826] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.301273] device batadv0 entered promiscuous mode [ 40.307146] lo: Cannot use loopback or non-ethernet device as HSR slave. executing program executing program [ 40.314236] device batadv0 left promiscuous mode [ 40.320792] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.336657] device batadv0 entered promiscuous mode [ 40.342479] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 40.349979] device batadv0 left promiscuous mode [ 40.356310] netlink: 'syz-executor146': attribute type 10 has an invalid length. executing program [ 40.371098] device batadv0 entered promiscuous mode [ 40.377127] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 40.384046] device batadv0 left promiscuous mode [ 40.391064] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.405701] device batadv0 entered promiscuous mode [ 40.411231] lo: Cannot use loopback or non-ethernet device as HSR slave. executing program executing program [ 40.419239] device batadv0 left promiscuous mode [ 40.424827] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.439009] device batadv0 entered promiscuous mode [ 40.444888] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 40.452676] device batadv0 left promiscuous mode [ 40.458287] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.472914] device batadv0 entered promiscuous mode [ 40.479527] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 40.488149] device batadv0 left promiscuous mode [ 40.493722] netlink: 'syz-executor146': attribute type 10 has an invalid length. [ 40.502462] kasan: CONFIG_KASAN_INLINE enabled [ 40.508562] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 40.519474] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 40.525781] CPU: 0 PID: 8367 Comm: syz-executor146 Not tainted 4.19.168-syzkaller #0 [ 40.533759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.543389] RIP: 0010:hsr_dev_change_mtu+0xa2/0xd0 [ 40.548532] Code: 89 e0 5b 5d 41 5c 41 5d c3 e8 2a 5d b0 f9 eb e1 e8 f3 a4 7a f9 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1d 49 8b 7d 10 ba 06 00 00 00 48 c7 c6 c0 4f 70 89 [ 40.568134] RSP: 0018:ffff88809572eb60 EFLAGS: 00010202 [ 40.573496] RAX: dffffc0000000000 RBX: 00000000000005dc RCX: ffffffff87e7b50b [ 40.580845] RDX: 0000000000000002 RSI: ffffffff87e7b55d RDI: 0000000000000010 [ 40.588851] RBP: ffff8880af5ce600 R08: 0000000000000000 R09: 00000000000005d6 [ 40.596148] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000000005d6 [ 40.603700] R13: 0000000000000000 R14: ffff8880af5ce848 R15: 0000000000000001 [ 40.611058] FS: 00000000016c9880(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 40.619416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.625646] CR2: 00007f3d9003b058 CR3: 0000000097512000 CR4: 00000000001406f0 [ 40.633203] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.641072] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.648613] Call Trace: [ 40.651195] ? hsr_get_max_mtu+0x2a0/0x2a0 [ 40.655413] dev_set_mtu_ext+0x339/0x580 [ 40.659545] ? dev_validate_mtu+0x170/0x170 [ 40.663890] ? lock_downgrade+0x720/0x720 [ 40.668872] ? lock_acquire+0x170/0x3c0 [ 40.673034] ? cache_alloc_refill+0x95/0x340 [ 40.677439] dev_set_mtu+0x95/0x120 [ 40.681239] ? dev_set_mtu_ext+0x580/0x580 [ 40.685484] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 40.690575] ? __kmalloc+0x38e/0x3c0 [ 40.694273] ? team_add_slave+0x887/0x1fa0 [ 40.698488] team_add_slave+0x9cb/0x1fa0 [ 40.702545] ? team_options_register+0x50/0x50 [ 40.707128] ? lock_downgrade+0x720/0x720 [ 40.711623] ? team_options_register+0x50/0x50 [ 40.716861] do_set_master+0x1c8/0x220 [ 40.720923] do_setlink+0x7ec/0x3540 [ 40.724645] ? __irq_work_queue_local+0x101/0x160 [ 40.729813] ? rtnl_fdb_add+0xa10/0xa10 [ 40.735253] ? wake_up_klogd.part.0+0x8c/0xc0 [ 40.739795] ? vprintk_emit+0x1d0/0x740 [ 40.744017] ? vprintk_func+0x81/0x180 [ 40.748520] ? printk+0xba/0xed [ 40.751908] ? log_store.cold+0x16/0x16 [ 40.756022] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 40.760615] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 40.765944] ? ___ratelimit+0x319/0x590 [ 40.769948] ? validate_nla+0x1a1/0x820 [ 40.774781] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 40.781183] ? validate_nla+0x270/0x820 [ 40.785257] ? nla_parse+0x1b2/0x290 [ 40.788954] rtnl_newlink+0xda0/0x15b0 [ 40.792840] ? rtnl_getlink+0x620/0x620 [ 40.797593] ? deref_stack_reg+0x134/0x1d0 [ 40.802996] ? __kasan_slab_free+0x186/0x1f0 [ 40.807414] ? mark_held_locks+0xf0/0xf0 [ 40.811558] ? consume_skb+0x120/0x3d0 [ 40.815927] ? nlmon_xmit+0xdb/0x120 [ 40.819696] ? dev_hard_start_xmit+0x1a8/0x920 [ 40.824809] ? __dev_queue_xmit+0x269d/0x2e00 [ 40.829336] ? netlink_deliver_tap+0x8fb/0xb00 [ 40.833917] ? netlink_sendskb+0x6c/0x110 [ 40.838056] ? unwind_next_frame+0x10a9/0x1c60 [ 40.842630] ? __save_stack_trace+0x72/0x190 [ 40.847047] ? deref_stack_reg+0x134/0x1d0 [ 40.851662] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 40.857910] ? is_bpf_text_address+0xd5/0x1b0 [ 40.862396] ? lock_downgrade+0x720/0x720 [ 40.866641] ? lock_acquire+0x170/0x3c0 [ 40.870646] ? __bpf_address_lookup+0x330/0x330 [ 40.875312] ? check_preemption_disabled+0x41/0x280 [ 40.880337] ? is_bpf_text_address+0xfc/0x1b0 [ 40.884826] ? kernel_text_address+0xbd/0xf0 [ 40.890178] ? __kernel_text_address+0x9/0x30 [ 40.895358] ? unwind_get_return_address+0x51/0x90 [ 40.900316] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.905810] ? __lock_acquire+0x6de/0x3ff0 [ 40.910034] ? __kasan_slab_free+0x186/0x1f0 [ 40.914513] ? kmem_cache_free+0x7f/0x260 [ 40.918774] ? kfree_skbmem+0xc1/0x140 [ 40.922819] ? mark_held_locks+0xf0/0xf0 [ 40.926956] ? __dev_queue_xmit+0x269d/0x2e00 [ 40.931450] ? netlink_deliver_tap+0x8fb/0xb00 [ 40.936020] ? netlink_unicast+0x545/0x690 [ 40.940322] ? netlink_sendmsg+0x6bb/0xc40 [ 40.944537] ? sock_sendmsg+0xc3/0x120 [ 40.948438] ? ___sys_sendmsg+0x7bb/0x8e0 [ 40.953407] ? __x64_sys_sendmsg+0x132/0x220 [ 40.957827] ? do_syscall_64+0xf9/0x620 [ 40.961968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.967381] ? __mutex_add_waiter+0x160/0x160 [ 40.972124] ? check_preemption_disabled+0x41/0x280 [ 40.977362] ? rtnetlink_rcv_msg+0x3c3/0xb80 [ 40.981917] ? rtnl_getlink+0x620/0x620 [ 40.986431] rtnetlink_rcv_msg+0x453/0xb80 [ 40.991223] ? rtnl_calcit.isra.0+0x430/0x430 [ 40.995819] ? memcpy+0x35/0x50 [ 41.000127] ? netdev_pick_tx+0x2f0/0x2f0 [ 41.004802] ? __copy_skb_header+0x414/0x500 [ 41.010128] ? kfree_skbmem+0x140/0x140 [ 41.014247] netlink_rcv_skb+0x160/0x440 [ 41.018314] ? rtnl_calcit.isra.0+0x430/0x430 [ 41.022921] ? netlink_ack+0xae0/0xae0 [ 41.026821] netlink_unicast+0x4d5/0x690 [ 41.030979] ? netlink_sendskb+0x110/0x110 [ 41.036104] ? _copy_from_iter_full+0x229/0x7c0 [ 41.040963] ? __phys_addr_symbol+0x2c/0x70 [ 41.045363] ? __check_object_size+0x17b/0x3e0 [ 41.050289] netlink_sendmsg+0x6bb/0xc40 [ 41.054445] ? aa_af_perm+0x230/0x230 [ 41.058967] ? nlmsg_notify+0x1a0/0x1a0 [ 41.063395] ? kernel_recvmsg+0x220/0x220 [ 41.067549] ? nlmsg_notify+0x1a0/0x1a0 [ 41.071532] sock_sendmsg+0xc3/0x120 [ 41.075400] ___sys_sendmsg+0x7bb/0x8e0 [ 41.079361] ? copy_msghdr_from_user+0x440/0x440 [ 41.084617] ? apparmor_file_receive+0x160/0x160 [ 41.089436] ? __lockdep_init_map+0x100/0x5a0 [ 41.094586] ? check_preemption_disabled+0x41/0x280 [ 41.100063] ? mark_held_locks+0xf0/0xf0 [ 41.104119] ? percpu_counter_add_batch+0x126/0x180 [ 41.109132] ? alloc_empty_file+0xd7/0x170 [ 41.113352] ? errseq_sample+0x56/0x70 [ 41.117224] ? alloc_file+0x326/0x4d0 [ 41.121007] ? __fd_install+0x1b4/0x610 [ 41.124961] ? __fdget+0x1a0/0x230 [ 41.128502] __x64_sys_sendmsg+0x132/0x220 [ 41.132829] ? __sys_sendmsg+0x1b0/0x1b0 [ 41.136889] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.142940] ? trace_hardirqs_off_caller+0x6e/0x210 [ 41.148160] ? do_syscall_64+0x21/0x620 [ 41.152131] do_syscall_64+0xf9/0x620 [ 41.156016] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.161240] RIP: 0033:0x444149 [ 41.164524] Code: e8 6c 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.183876] RSP: 002b:00007ffecd926348 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.191583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444149 [ 41.199463] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000005 [ 41.207142] RBP: 00007ffecd926350 R08: 0000000000000000 R09: 0000000000000000 [ 41.214570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009df1 [ 41.221843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.229105] Modules linked in: [ 41.234766] ---[ end trace 6a0bb17e8ada62b6 ]--- [ 41.239566] RIP: 0010:hsr_dev_change_mtu+0xa2/0xd0 [ 41.244545] Code: 89 e0 5b 5d 41 5c 41 5d c3 e8 2a 5d b0 f9 eb e1 e8 f3 a4 7a f9 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1d 49 8b 7d 10 ba 06 00 00 00 48 c7 c6 c0 4f 70 89 [ 41.264132] RSP: 0018:ffff88809572eb60 EFLAGS: 00010202 [ 41.269825] RAX: dffffc0000000000 RBX: 00000000000005dc RCX: ffffffff87e7b50b [ 41.277502] RDX: 0000000000000002 RSI: ffffffff87e7b55d RDI: 0000000000000010 [ 41.284938] RBP: ffff8880af5ce600 R08: 0000000000000000 R09: 00000000000005d6 [ 41.292399] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000000005d6 [ 41.299822] R13: 0000000000000000 R14: ffff8880af5ce848 R15: 0000000000000001 [ 41.307161] FS: 00000000016c9880(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 41.315448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.321370] CR2: 00007f3d9003b058 CR3: 0000000097512000 CR4: 00000000001406f0 [ 41.328809] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.336572] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.344379] Kernel panic - not syncing: Fatal exception [ 41.351051] Kernel Offset: disabled [ 41.354684] Rebooting in 86400 seconds..