[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. syzkaller login: [ 28.476830] IPVS: ftp: loaded support on port[0] = 21 [ 28.542461] chnl_net:caif_netlink_parms(): no params data found [ 28.636196] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.643026] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.650718] device bridge_slave_0 entered promiscuous mode [ 28.657963] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.664342] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.671665] device bridge_slave_1 entered promiscuous mode [ 28.687742] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.696346] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.714461] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.721695] team0: Port device team_slave_0 added [ 28.727403] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.734483] team0: Port device team_slave_1 added [ 28.749540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.755787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.781023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.792238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.798559] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.823842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.834549] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.842146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.860821] device hsr_slave_0 entered promiscuous mode [ 28.866430] device hsr_slave_1 entered promiscuous mode [ 28.872602] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.879721] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.940417] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.946856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.953638] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.960208] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.987744] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.993825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.002904] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.011878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.031036] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.038727] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.048540] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.054623] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.065043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.073118] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.079524] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.089349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.097398] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.103729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.122675] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.132737] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.143683] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.152591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.160424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.168163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.175709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.183382] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.190238] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.202667] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.209889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.217202] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.228451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.278627] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.288994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.318017] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.324930] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.332133] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.341899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.349539] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.356593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.365363] device veth0_vlan entered promiscuous mode [ 29.373696] device veth1_vlan entered promiscuous mode [ 29.379920] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.388904] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.399539] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.409129] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.416351] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.423500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.432915] device veth0_macvtap entered promiscuous mode [ 29.439904] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.448066] device veth1_macvtap entered promiscuous mode [ 29.456820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.466027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.475460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.483081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.491429] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.501237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.508163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.526297] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready executing program [ 29.594547] HSR: VLAN not yet supported [ 29.594733] ------------[ cut here ]------------ [ 29.603498] WARNING: CPU: 1 PID: 7978 at net/hsr/hsr_forward.c:336 hsr_forward_skb.cold+0x18/0xef [ 29.612529] Kernel panic - not syncing: panic_on_warn set ... [ 29.612529] [ 29.619875] CPU: 1 PID: 7978 Comm: syz-executor985 Not tainted 4.14.264-syzkaller #0 [ 29.627729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.637060] Call Trace: [ 29.639625] dump_stack+0x1b2/0x281 [ 29.643241] panic+0x1f9/0x42d [ 29.646411] ? add_taint.cold+0x16/0x16 [ 29.650361] ? hsr_forward_skb.cold+0x18/0xef [ 29.654832] ? hsr_forward_skb.cold+0x18/0xef [ 29.659303] __warn.cold+0x20/0x44 [ 29.662822] ? ist_end_non_atomic+0x10/0x10 [ 29.667133] ? hsr_forward_skb.cold+0x18/0xef [ 29.671619] report_bug+0x208/0x250 [ 29.675227] do_error_trap+0x195/0x2d0 [ 29.679091] ? math_error+0x2d0/0x2d0 [ 29.682879] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.687705] invalid_op+0x1b/0x40 [ 29.691136] RIP: 0010:hsr_forward_skb.cold+0x18/0xef [ 29.696210] RSP: 0018:ffff88809bcbf708 EFLAGS: 00010286 [ 29.701551] RAX: 000000000000001b RBX: ffff8880b39ed002 RCX: 0000000000000000 [ 29.708797] RDX: 0000000000000000 RSI: ffff8880979d8c08 RDI: ffffed1013797ed7 [ 29.716048] RBP: ffff8880a9724080 R08: 000000000000001b R09: 0000000000000000 [ 29.723301] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a9724146 [ 29.730549] R13: ffff8880a9869d80 R14: ffff8880b39ed00e R15: ffff8880a9724150 [ 29.737807] ? hsr_forward_skb.cold+0x18/0xef [ 29.742278] ? dev_queue_xmit_nit+0x6ef/0x950 [ 29.746749] hsr_dev_xmit+0x6b/0xa0 [ 29.750355] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 29.755349] dev_hard_start_xmit+0x188/0x890 [ 29.759735] __dev_queue_xmit+0x1d7f/0x2480 [ 29.764032] ? __kernel_text_address+0x9/0x30 [ 29.768505] ? page_fault+0x45/0x50 [ 29.772105] ? netdev_pick_tx+0x2e0/0x2e0 [ 29.776231] ? sock_kzfree_s+0x50/0x50 [ 29.780097] ? lock_acquire+0x170/0x3f0 [ 29.784046] ? skb_copy_datagram_from_iter+0x3c1/0x5f0 [ 29.789304] ? memcpy+0x35/0x50 [ 29.792588] packet_snd+0x13c9/0x2720 [ 29.796379] ? __lock_acquire+0x5fc/0x3f20 [ 29.800604] ? prb_retire_rx_blk_timer_expired+0x630/0x630 [ 29.806223] ? __lock_acquire+0x5fc/0x3f20 [ 29.810448] ? release_pages+0x828/0xbf0 [ 29.814488] packet_sendmsg+0x12f4/0x3370 [ 29.818632] ? lock_acquire+0x170/0x3f0 [ 29.822597] ? lock_downgrade+0x740/0x740 [ 29.826725] ? __might_fault+0x177/0x1b0 [ 29.830762] ? __might_fault+0x104/0x1b0 [ 29.834803] ? compat_packet_setsockopt+0x140/0x140 [ 29.839953] ? lock_acquire+0x170/0x3f0 [ 29.843989] ? lock_downgrade+0x740/0x740 [ 29.848127] ? __might_fault+0x177/0x1b0 [ 29.852203] ? security_socket_sendmsg+0x83/0xb0 [ 29.856951] ? compat_packet_setsockopt+0x140/0x140 [ 29.861944] sock_sendmsg+0xb5/0x100 [ 29.865632] SyS_sendto+0x1c7/0x2c0 [ 29.869233] ? SyS_getpeername+0x220/0x220 [ 29.873446] ? do_vfs_ioctl+0xe2/0xff0 [ 29.877325] ? security_file_ioctl+0x83/0xb0 [ 29.881713] ? do_syscall_64+0x4c/0x640 [ 29.885663] ? SyS_getpeername+0x220/0x220 [ 29.889876] do_syscall_64+0x1d5/0x640 [ 29.893742] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.898913] RIP: 0033:0x7f4bed93d389 [ 29.902598] RSP: 002b:00007ffe657bd768 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 29.910286] RAX: ffffffffffffffda RBX: 00007ffe657bd788 RCX: 00007f4bed93d389 [ 29.917566] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 29.924827] RBP: 0000000000000003 R08: 0000000020000080 R09: 0000000000000014 [ 29.932072] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe657bd790 [ 29.939326] R13: 00007ffe657bd7b0 R14: 0000000000000000 R15: 0000000000000000 [ 29.946874] Kernel Offset: disabled [ 29.950525] Rebooting in 86400 seconds..