[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. syzkaller login: [ 34.267027] audit: type=1400 audit(1595482182.477:8): avc: denied { execmem } for pid=6361 comm="syz-executor338" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.515061] IPVS: ftp: loaded support on port[0] = 21 [ 35.388291] chnl_net:caif_netlink_parms(): no params data found [ 35.468195] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.475036] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.482054] device bridge_slave_0 entered promiscuous mode [ 35.489660] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.496823] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.503907] device bridge_slave_1 entered promiscuous mode [ 35.519388] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.528216] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.545924] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.555672] team0: Port device team_slave_0 added [ 35.561195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.568746] team0: Port device team_slave_1 added [ 35.583218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.589597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.614830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.626514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.632749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.657975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.668770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.676382] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.715719] device hsr_slave_0 entered promiscuous mode [ 35.753767] device hsr_slave_1 entered promiscuous mode [ 35.794086] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.801113] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.861740] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.868196] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.875085] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.881475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.911192] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.918688] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.927689] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.937579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.946277] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.963922] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.973875] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.979978] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.988737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.996812] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.003436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.012338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.020070] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.026629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.045165] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.052967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.061380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.069928] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.079382] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.090335] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 36.096543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.104274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.117828] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 36.125312] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.131965] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.143030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.195341] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.205461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.235591] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.242521] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.250076] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.259137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.267382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.274411] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.282843] device veth0_vlan entered promiscuous mode [ 36.293126] device veth1_vlan entered promiscuous mode [ 36.299440] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.308091] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.319346] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.328784] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.336651] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.344694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.355408] device veth0_macvtap entered promiscuous mode [ 36.361437] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.370641] device veth1_macvtap entered promiscuous mode [ 36.379215] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.387470] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.395837] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.404671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.414198] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 36.421371] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.428527] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.436513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.446640] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 36.453780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.460334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.468058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 36.547644] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready [ 36.663388] kasan: CONFIG_KASAN_INLINE enabled [ 36.668107] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 36.675507] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 36.681734] Modules linked in: [ 36.685041] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.14.189-syzkaller #0 [ 36.692227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.701590] task: ffff8880a987e340 task.stack: ffff8880a9888000 [ 36.707637] RIP: 0010:rose_send_frame+0x17e/0x250 [ 36.712452] RSP: 0018:ffff8880aeb07b50 EFLAGS: 00010202 [ 36.717794] RAX: dffffc0000000000 RBX: ffff888215e60840 RCX: 0000000000000006 [ 36.725042] RDX: 000000000000006b RSI: ffffffff874393e0 RDI: 0000000000000358 [ 36.732300] RBP: ffff8880a09c7bc0 R08: 0000000000000001 R09: ffff8880a59e4340 [ 36.739752] R10: ffff8880a59e4363 R11: 0000000000000000 R12: ffff888215e60840 [ 36.747007] R13: 0000000000000078 R14: 0000000000000000 R15: 0000000000000010 [ 36.754258] FS: 0000000000000000(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 36.762461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.768341] CR2: 0000000020000190 CR3: 00000000a7c6a000 CR4: 00000000001406e0 [ 36.775591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.782839] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.790088] Call Trace: [ 36.792646] [ 36.794781] rose_transmit_clear_request+0x1d1/0x280 [ 36.799861] rose_rx_call_request+0x3c8/0x1813 [ 36.804422] ? rose_release+0x390/0x390 [ 36.808377] rose_loopback_timer+0x13e/0x420 [ 36.812767] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 36.818197] call_timer_fn+0x14a/0x650 [ 36.822065] ? rose_link_rx_restart.cold+0xa5/0xa5 [ 36.828277] ? collect_expired_timers+0x250/0x250 [ 36.833102] ? _raw_spin_unlock_irq+0x24/0x80 [ 36.837578] ? rose_link_rx_restart.cold+0xa5/0xa5 [ 36.842488] expire_timers+0x232/0x4d0 [ 36.846356] run_timer_softirq+0x1d5/0x5a0 [ 36.850572] ? expire_timers+0x4d0/0x4d0 [ 36.854697] ? kvm_clock_read+0x1f/0x30 [ 36.858675] ? kvm_sched_clock_read+0x5/0x10 [ 36.863065] ? sched_clock+0x2a/0x40 [ 36.866757] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 36.872189] __do_softirq+0x254/0xa1d [ 36.875978] ? check_preemption_disabled+0x35/0x240 [ 36.880976] irq_exit+0x193/0x240 [ 36.884411] smp_apic_timer_interrupt+0x141/0x5e0 [ 36.889233] apic_timer_interrupt+0x93/0xa0 [ 36.893528] [ 36.895744] RIP: 0010:native_safe_halt+0xe/0x10 [ 36.900398] RSP: 0018:ffff8880a988fea8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff10 [ 36.908196] RAX: 1ffffffff0fa2d24 RBX: dffffc0000000000 RCX: 0000000000000000 [ 36.915534] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a987ebc4 [ 36.922780] RBP: ffffffff87d16910 R08: 0000000000000000 R09: 0000000000000000 [ 36.930025] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed101530fc68 [ 36.937270] R13: ffff8880a987e340 R14: 0000000000000000 R15: 0000000000000000 [ 36.944533] default_idle+0x47/0x370 [ 36.948243] do_idle+0x250/0x3c0 [ 36.951595] cpu_startup_entry+0x14/0x20 [ 36.955638] start_secondary+0x488/0x5f0 [ 36.959677] secondary_startup_64+0xa5/0xb0 [ 36.963989] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 9e 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 73 20 49 8d be 58 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 75 4d 8b be 58 03 00 00 e9 cf fe ff ff e8 6b 89 [ 36.983067] RIP: rose_send_frame+0x17e/0x250 RSP: ffff8880aeb07b50 [ 36.989407] ---[ end trace 1e66e418c23e38a1 ]--- [ 36.994185] Kernel panic - not syncing: Fatal exception in interrupt [ 37.001878] Kernel Offset: disabled [ 37.005493] Rebooting in 86400 seconds..