[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. syzkaller login: [ 79.382102][ T8469] IPVS: ftp: loaded support on port[0] = 21 [ 79.492485][ T8469] chnl_net:caif_netlink_parms(): no params data found [ 79.545942][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.554441][ T8469] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.563107][ T8469] device bridge_slave_0 entered promiscuous mode [ 79.572344][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.580435][ T8469] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.588117][ T8469] device bridge_slave_1 entered promiscuous mode [ 79.610672][ T8469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.621671][ T8469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.644929][ T8469] team0: Port device team_slave_0 added [ 79.653013][ T8469] team0: Port device team_slave_1 added [ 79.671122][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.678068][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.704408][ T8469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.717041][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.725445][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.752514][ T8469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.780960][ T8469] device hsr_slave_0 entered promiscuous mode [ 79.787663][ T8469] device hsr_slave_1 entered promiscuous mode [ 79.895385][ T8469] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.905469][ T8469] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.916255][ T8469] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.927322][ T8469] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.953460][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.960703][ T8469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.968592][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.975680][ T8469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.028182][ T8469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.041956][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.053179][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.062187][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.071117][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 80.085185][ T8469] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.096724][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.107010][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.114149][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.141100][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.150747][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.157803][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.166454][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.175975][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.185342][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.202348][ T8469] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.212999][ T8469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.229010][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.237640][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.246705][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.264773][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 80.272372][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 80.285926][ T8469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.307083][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 80.329984][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 80.338231][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 80.347673][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.355763][ T8469] device veth0_vlan entered promiscuous mode [ 80.368299][ T8469] device veth1_vlan entered promiscuous mode [ 80.391258][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 80.400536][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 80.409081][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 80.422008][ T8469] device veth0_macvtap entered promiscuous mode [ 80.432604][ T8469] device veth1_macvtap entered promiscuous mode [ 80.453856][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.461446][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.471814][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 80.483953][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.491756][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.500548][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.513265][ T8469] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.524669][ T8469] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.533445][ T8469] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.542709][ T8469] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 80.805724][ T7] ================================================================================ [ 80.815623][ T7] UBSAN: shift-out-of-bounds in ./include/net/red.h:312:18 [ 80.822994][ T7] shift exponent 65 is too large for 64-bit type 'long unsigned int' [ 80.831134][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.11.0-rc5-syzkaller #0 [ 80.839305][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.849368][ T7] Workqueue: ipv6_addrconf addrconf_dad_work [ 80.855360][ T7] Call Trace: [ 80.858636][ T7] dump_stack+0x107/0x163 [ 80.862961][ T7] ubsan_epilogue+0xb/0x5a [ 80.867376][ T7] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 80.874129][ T7] ? ktime_get+0x1bf/0x1e0 [ 80.878539][ T7] ? populate_out_iter.cold+0x2f/0x32 [ 80.883911][ T7] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 80.889630][ T7] ? ktime_get+0x167/0x1e0 [ 80.894039][ T7] red_enqueue.cold+0x64/0x452 [ 80.898813][ T7] ? red_destroy+0x70/0x70 [ 80.903227][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 80.908163][ T7] __dev_queue_xmit+0x1913/0x2dd0 [ 80.913188][ T7] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 80.918474][ T7] ? __ip_finish_output+0x396/0x640 [ 80.923677][ T7] ? mark_held_locks+0x9f/0xe0 [ 80.928444][ T7] ? ip_finish_output2+0x15b3/0x21b0 [ 80.933745][ T7] ip_finish_output2+0xeb6/0x21b0 [ 80.938766][ T7] ? ip_fragment.constprop.0+0x240/0x240 [ 80.944390][ T7] ? __ip_finish_output+0x640/0x640 [ 80.949593][ T7] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 80.956434][ T7] ? debug_object_init_on_stack+0x20/0x20 [ 80.962160][ T7] __ip_finish_output+0x396/0x640 [ 80.967189][ T7] ip_finish_output+0x35/0x200 [ 80.971959][ T7] ip_output+0x196/0x310 [ 80.976199][ T7] ip_local_out+0xaf/0x1a0 [ 80.980631][ T7] iptunnel_xmit+0x5a3/0x9c0 [ 80.985222][ T7] geneve_xmit+0xde1/0x2f60 [ 80.989744][ T7] ? geneve_fill_metadata_dst+0xb70/0xb70 [ 80.995464][ T7] ? skb_crc32c_csum_help+0x70/0x70 [ 81.000674][ T7] ? dev_hard_start_xmit+0x66a/0x920 [ 81.005952][ T7] dev_hard_start_xmit+0x1eb/0x920 [ 81.011074][ T7] __dev_queue_xmit+0x21db/0x2dd0 [ 81.016098][ T7] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 81.021381][ T7] ? ip6_finish_output2+0x6b8/0x16c0 [ 81.026663][ T7] ? mark_held_locks+0x9f/0xe0 [ 81.031420][ T7] ? memcpy+0x39/0x60 [ 81.035398][ T7] neigh_resolve_output+0x4d8/0x7e0 [ 81.040597][ T7] ip6_finish_output2+0x6b8/0x16c0 [ 81.045723][ T7] __ip6_finish_output+0x4c1/0xe10 [ 81.050843][ T7] ip6_finish_output+0x35/0x200 [ 81.055699][ T7] ip6_output+0x1db/0x520 [ 81.060037][ T7] ndisc_send_skb+0xa90/0x1750 [ 81.064799][ T7] ? ndisc_ifinfo_sysctl_change+0x5f0/0x5f0 [ 81.070691][ T7] ? ndisc_parse_options.part.0+0x510/0x510 [ 81.076576][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 81.082112][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.088368][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.094608][ T7] ? skb_set_owner_w+0x270/0x420 [ 81.099554][ T7] ndisc_send_ns+0x3a9/0x850 [ 81.104162][ T7] ? pndisc_redo+0x20/0x20 [ 81.108570][ T7] ? mark_held_locks+0x9f/0xe0 [ 81.113343][ T7] ? __local_bh_enable_ip+0xa0/0x110 [ 81.118623][ T7] addrconf_dad_work+0xc1c/0x1280 [ 81.123669][ T7] ? addrconf_dad_completed+0xc60/0xc60 [ 81.130007][ T7] process_one_work+0x98d/0x15f0 [ 81.134956][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 81.140323][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 81.145266][ T7] ? _raw_spin_lock_irq+0x41/0x50 [ 81.150298][ T7] worker_thread+0x64c/0x1120 [ 81.154977][ T7] ? process_one_work+0x15f0/0x15f0 [ 81.160180][ T7] kthread+0x3b1/0x4a0 [ 81.164238][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 81.169351][ T7] ret_from_fork+0x1f/0x30 [ 81.173875][ T7] ================================================================================ [ 81.183242][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 81.189839][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.11.0-rc5-syzkaller #0 [ 81.198008][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.208071][ T7] Workqueue: ipv6_addrconf addrconf_dad_work [ 81.214054][ T7] Call Trace: [ 81.217374][ T7] dump_stack+0x107/0x163 [ 81.221710][ T7] panic+0x306/0x73d [ 81.225614][ T7] ? __warn_printk+0xf3/0xf3 [ 81.230258][ T7] ? ubsan_epilogue+0x3e/0x5a [ 81.234934][ T7] ubsan_epilogue+0x54/0x5a [ 81.239431][ T7] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 81.246204][ T7] ? ktime_get+0x1bf/0x1e0 [ 81.250612][ T7] ? populate_out_iter.cold+0x2f/0x32 [ 81.255975][ T7] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 81.261695][ T7] ? ktime_get+0x167/0x1e0 [ 81.266114][ T7] red_enqueue.cold+0x64/0x452 [ 81.270875][ T7] ? red_destroy+0x70/0x70 [ 81.275278][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 81.280216][ T7] __dev_queue_xmit+0x1913/0x2dd0 [ 81.285240][ T7] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 81.290521][ T7] ? __ip_finish_output+0x396/0x640 [ 81.295745][ T7] ? mark_held_locks+0x9f/0xe0 [ 81.300518][ T7] ? ip_finish_output2+0x15b3/0x21b0 [ 81.305806][ T7] ip_finish_output2+0xeb6/0x21b0 [ 81.310838][ T7] ? ip_fragment.constprop.0+0x240/0x240 [ 81.316460][ T7] ? __ip_finish_output+0x640/0x640 [ 81.321669][ T7] ? __ip_flush_pending_frames.constprop.0+0x2c0/0x2c0 [ 81.328519][ T7] ? debug_object_init_on_stack+0x20/0x20 [ 81.334245][ T7] __ip_finish_output+0x396/0x640 [ 81.339265][ T7] ip_finish_output+0x35/0x200 [ 81.344034][ T7] ip_output+0x196/0x310 [ 81.348267][ T7] ip_local_out+0xaf/0x1a0 [ 81.352676][ T7] iptunnel_xmit+0x5a3/0x9c0 [ 81.357276][ T7] geneve_xmit+0xde1/0x2f60 [ 81.361778][ T7] ? geneve_fill_metadata_dst+0xb70/0xb70 [ 81.367494][ T7] ? skb_crc32c_csum_help+0x70/0x70 [ 81.372701][ T7] ? dev_hard_start_xmit+0x66a/0x920 [ 81.377991][ T7] dev_hard_start_xmit+0x1eb/0x920 [ 81.383111][ T7] __dev_queue_xmit+0x21db/0x2dd0 [ 81.388131][ T7] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 81.393422][ T7] ? ip6_finish_output2+0x6b8/0x16c0 [ 81.398706][ T7] ? mark_held_locks+0x9f/0xe0 [ 81.403461][ T7] ? memcpy+0x39/0x60 [ 81.407457][ T7] neigh_resolve_output+0x4d8/0x7e0 [ 81.412665][ T7] ip6_finish_output2+0x6b8/0x16c0 [ 81.417787][ T7] __ip6_finish_output+0x4c1/0xe10 [ 81.422895][ T7] ip6_finish_output+0x35/0x200 [ 81.427751][ T7] ip6_output+0x1db/0x520 [ 81.432078][ T7] ndisc_send_skb+0xa90/0x1750 [ 81.436838][ T7] ? ndisc_ifinfo_sysctl_change+0x5f0/0x5f0 [ 81.442733][ T7] ? ndisc_parse_options.part.0+0x510/0x510 [ 81.448615][ T7] ? rcu_read_lock_sched_held+0x3a/0x70 [ 81.454160][ T7] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 81.460404][ T7] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 81.466633][ T7] ? skb_set_owner_w+0x270/0x420 [ 81.471568][ T7] ndisc_send_ns+0x3a9/0x850 [ 81.476153][ T7] ? pndisc_redo+0x20/0x20 [ 81.480560][ T7] ? mark_held_locks+0x9f/0xe0 [ 81.485317][ T7] ? __local_bh_enable_ip+0xa0/0x110 [ 81.490607][ T7] addrconf_dad_work+0xc1c/0x1280 [ 81.495624][ T7] ? addrconf_dad_completed+0xc60/0xc60 [ 81.501168][ T7] process_one_work+0x98d/0x15f0 [ 81.506105][ T7] ? pwq_dec_nr_in_flight+0x320/0x320 [ 81.511489][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 81.516428][ T7] ? _raw_spin_lock_irq+0x41/0x50 [ 81.521462][ T7] worker_thread+0x64c/0x1120 [ 81.526147][ T7] ? process_one_work+0x15f0/0x15f0 [ 81.531337][ T7] kthread+0x3b1/0x4a0 [ 81.535393][ T7] ? __kthread_bind_mask+0xc0/0xc0 [ 81.540493][ T7] ret_from_fork+0x1f/0x30 [ 81.545454][ T7] Kernel Offset: disabled [ 81.549897][ T7] Rebooting in 86400 seconds..