[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. syzkaller login: [ 36.170473] IPVS: ftp: loaded support on port[0] = 21 [ 36.243200] chnl_net:caif_netlink_parms(): no params data found [ 36.305018] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.311573] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.319489] device bridge_slave_0 entered promiscuous mode [ 36.328344] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.335208] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.342162] device bridge_slave_1 entered promiscuous mode [ 36.359848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.368801] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.388029] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.395432] team0: Port device team_slave_0 added [ 36.400853] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.408708] team0: Port device team_slave_1 added [ 36.424333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.430564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.455877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.467282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.473625] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.498865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.509850] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.517550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.537461] device hsr_slave_0 entered promiscuous mode [ 36.543149] device hsr_slave_1 entered promiscuous mode [ 36.549549] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.556687] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.624543] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.630968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.637900] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.644344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.677119] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.683522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.691318] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 36.700434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.710310] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.717541] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.724933] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.736446] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 36.742520] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.751563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.760167] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.766590] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.777248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.784922] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.791245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.814344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.822392] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.830615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.838714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.846674] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.854492] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 36.860499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.875342] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 36.882523] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.889274] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.901083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.913602] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.922890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.956135] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.963677] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.970188] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.980198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.987911] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.994985] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.004674] device veth0_vlan entered promiscuous mode [ 37.012810] device veth1_vlan entered promiscuous mode [ 37.019496] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 37.028682] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 37.039895] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 37.049455] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.057819] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.065665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.075534] device veth0_macvtap entered promiscuous mode [ 37.081782] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 37.090614] device veth1_macvtap entered promiscuous mode [ 37.099437] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 37.109529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 37.119497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.126825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.135321] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 37.145668] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.152631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program [ 37.248512] device batadv0 entered promiscuous mode [ 37.254325] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.261251] device batadv0 left promiscuous mode [ 37.268609] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.290021] device batadv0 entered promiscuous mode executing program executing program [ 37.295644] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.302569] device batadv0 left promiscuous mode [ 37.308200] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.321647] device batadv0 entered promiscuous mode [ 37.327271] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.335227] device batadv0 left promiscuous mode [ 37.340721] netlink: 'syz-executor430': attribute type 10 has an invalid length. executing program [ 37.356679] device batadv0 entered promiscuous mode [ 37.362019] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.369130] device batadv0 left promiscuous mode [ 37.374589] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.388508] device batadv0 entered promiscuous mode [ 37.394275] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.401438] device batadv0 left promiscuous mode executing program [ 37.408550] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.422671] device batadv0 entered promiscuous mode [ 37.435625] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.442540] device batadv0 left promiscuous mode [ 37.448291] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.461904] device batadv0 entered promiscuous mode [ 37.467552] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 37.474842] device batadv0 left promiscuous mode [ 37.480071] netlink: 'syz-executor430': attribute type 10 has an invalid length. [ 37.487762] kasan: CONFIG_KASAN_INLINE enabled [ 37.492428] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 37.500955] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 37.507199] CPU: 0 PID: 8357 Comm: syz-executor430 Not tainted 4.19.171-syzkaller #0 [ 37.515083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.524446] RIP: 0010:hsr_dev_change_mtu+0xa2/0xd0 [ 37.529363] Code: 89 e0 5b 5d 41 5c 41 5d c3 e8 7a 48 b0 f9 eb e1 e8 43 90 7a f9 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1d 49 8b 7d 10 ba 06 00 00 00 48 c7 c6 00 50 70 89 [ 37.548248] RSP: 0018:ffff8880938beb60 EFLAGS: 00010202 [ 37.553591] RAX: dffffc0000000000 RBX: 00000000000005dc RCX: ffffffff87e7c9bb [ 37.560841] RDX: 0000000000000002 RSI: ffffffff87e7ca0d RDI: 0000000000000010 [ 37.568093] RBP: ffff88809385e180 R08: 0000000000000000 R09: 00000000000005d6 [ 37.575357] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000000005d6 [ 37.582605] R13: 0000000000000000 R14: ffff88809385e3c8 R15: 0000000000000001 [ 37.589877] FS: 00000000012fd880(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 37.598097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.603958] CR2: 0000000020000040 CR3: 00000000aae65000 CR4: 00000000001406f0 [ 37.611210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.618466] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.625715] Call Trace: [ 37.628301] ? hsr_get_max_mtu+0x2a0/0x2a0 [ 37.632538] dev_set_mtu_ext+0x339/0x580 [ 37.636589] ? dev_validate_mtu+0x170/0x170 [ 37.640894] ? netdev_upper_get_next_dev_rcu+0x110/0x110 [ 37.646342] ? __lock_acquire+0x6de/0x3ff0 [ 37.650559] ? fs_reclaim_release+0xd0/0x110 [ 37.654960] dev_set_mtu+0x95/0x120 [ 37.658582] ? dev_set_mtu_ext+0x580/0x580 [ 37.662800] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 37.667796] ? __kmalloc+0x38e/0x3c0 [ 37.671491] ? team_add_slave+0x887/0x1fa0 [ 37.675706] team_add_slave+0x9cb/0x1fa0 [ 37.679750] ? team_options_register+0x50/0x50 [ 37.684344] ? lock_downgrade+0x720/0x720 [ 37.688474] ? team_options_register+0x50/0x50 [ 37.693038] do_set_master+0x1c8/0x220 [ 37.696920] do_setlink+0x7ec/0x3540 [ 37.700631] ? __irq_work_queue_local+0x101/0x160 [ 37.705459] ? rtnl_fdb_add+0xa10/0xa10 [ 37.709412] ? wake_up_klogd.part.0+0x8c/0xc0 [ 37.713887] ? vprintk_emit+0x1d0/0x740 [ 37.717841] ? vprintk_func+0x81/0x180 [ 37.721737] ? printk+0xba/0xed [ 37.725014] ? log_store.cold+0x16/0x16 [ 37.728973] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.733551] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 37.738638] ? ___ratelimit+0x319/0x590 [ 37.742617] ? validate_nla+0x1a1/0x820 [ 37.746688] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 37.751863] ? validate_nla+0x270/0x820 [ 37.755818] ? nla_parse+0x1b2/0x290 [ 37.759513] rtnl_newlink+0xda0/0x15b0 [ 37.763398] ? rtnl_getlink+0x620/0x620 [ 37.767360] ? deref_stack_reg+0x134/0x1d0 [ 37.771610] ? __kasan_slab_free+0x186/0x1f0 [ 37.776029] ? mark_held_locks+0xf0/0xf0 [ 37.780179] ? consume_skb+0x120/0x3d0 [ 37.784066] ? nlmon_xmit+0xdb/0x120 [ 37.787788] ? dev_hard_start_xmit+0x1a8/0x920 [ 37.792361] ? __dev_queue_xmit+0x269d/0x2e00 [ 37.796851] ? netlink_deliver_tap+0x8fb/0xb00 [ 37.801415] ? netlink_sendskb+0x6c/0x110 [ 37.805548] ? unwind_next_frame+0x10a9/0x1c60 [ 37.810111] ? __save_stack_trace+0x72/0x190 [ 37.814499] ? deref_stack_reg+0x134/0x1d0 [ 37.818715] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 37.824581] ? is_bpf_text_address+0xd5/0x1b0 [ 37.829081] ? lock_downgrade+0x720/0x720 [ 37.833234] ? lock_acquire+0x170/0x3c0 [ 37.837190] ? __bpf_address_lookup+0x330/0x330 [ 37.841855] ? check_preemption_disabled+0x41/0x280 [ 37.846872] ? is_bpf_text_address+0xfc/0x1b0 [ 37.851795] ? kernel_text_address+0xbd/0xf0 [ 37.856211] ? __kernel_text_address+0x9/0x30 [ 37.860702] ? unwind_get_return_address+0x51/0x90 [ 37.865630] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.871023] ? __lock_acquire+0x6de/0x3ff0 [ 37.875287] ? __kasan_slab_free+0x186/0x1f0 [ 37.879702] ? kmem_cache_free+0x7f/0x260 [ 37.883837] ? kfree_skbmem+0xc1/0x140 [ 37.887706] ? mark_held_locks+0xf0/0xf0 [ 37.891751] ? __dev_queue_xmit+0x269d/0x2e00 [ 37.896226] ? netlink_deliver_tap+0x8fb/0xb00 [ 37.900804] ? netlink_unicast+0x545/0x690 [ 37.905023] ? netlink_sendmsg+0x6bb/0xc40 [ 37.909251] ? sock_sendmsg+0xc3/0x120 [ 37.913118] ? ___sys_sendmsg+0x7bb/0x8e0 [ 37.917261] ? __x64_sys_sendmsg+0x132/0x220 [ 37.921655] ? do_syscall_64+0xf9/0x620 [ 37.926084] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.931447] ? __mutex_add_waiter+0x160/0x160 [ 37.935960] ? check_preemption_disabled+0x41/0x280 [ 37.940960] ? rtnetlink_rcv_msg+0x3c3/0xb80 [ 37.945354] ? rtnl_getlink+0x620/0x620 [ 37.949315] rtnetlink_rcv_msg+0x453/0xb80 [ 37.953557] ? rtnl_calcit.isra.0+0x430/0x430 [ 37.958053] ? memcpy+0x35/0x50 [ 37.961327] ? netdev_pick_tx+0x2f0/0x2f0 [ 37.965463] ? __copy_skb_header+0x414/0x500 [ 37.969854] ? kfree_skbmem+0x140/0x140 [ 37.973812] netlink_rcv_skb+0x160/0x440 [ 37.977871] ? rtnl_calcit.isra.0+0x430/0x430 [ 37.982349] ? netlink_ack+0xae0/0xae0 [ 37.986221] netlink_unicast+0x4d5/0x690 [ 37.990283] ? netlink_sendskb+0x110/0x110 [ 37.994515] ? _copy_from_iter_full+0x229/0x7c0 [ 37.999190] ? __phys_addr_symbol+0x2c/0x70 [ 38.003522] ? __check_object_size+0x17b/0x3e0 [ 38.008091] netlink_sendmsg+0x6bb/0xc40 [ 38.012139] ? aa_af_perm+0x230/0x230 [ 38.015941] ? nlmsg_notify+0x1a0/0x1a0 [ 38.019898] ? kernel_recvmsg+0x220/0x220 [ 38.024041] ? nlmsg_notify+0x1a0/0x1a0 [ 38.028005] sock_sendmsg+0xc3/0x120 [ 38.031699] ___sys_sendmsg+0x7bb/0x8e0 [ 38.035664] ? copy_msghdr_from_user+0x440/0x440 [ 38.040419] ? apparmor_file_receive+0x160/0x160 [ 38.045181] ? __lockdep_init_map+0x100/0x5a0 [ 38.049667] ? check_preemption_disabled+0x41/0x280 [ 38.054667] ? mark_held_locks+0xf0/0xf0 [ 38.058798] ? percpu_counter_add_batch+0x126/0x180 [ 38.063799] ? alloc_empty_file+0xd7/0x170 [ 38.068037] ? errseq_sample+0x56/0x70 [ 38.071910] ? alloc_file+0x326/0x4d0 [ 38.075723] ? __fd_install+0x1b4/0x610 [ 38.079678] ? __fdget+0x1a0/0x230 [ 38.083216] __x64_sys_sendmsg+0x132/0x220 [ 38.087440] ? __sys_sendmsg+0x1b0/0x1b0 [ 38.091486] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 38.096834] ? trace_hardirqs_off_caller+0x6e/0x210 [ 38.101832] ? do_syscall_64+0x21/0x620 [ 38.105806] do_syscall_64+0xf9/0x620 [ 38.109706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.114896] RIP: 0033:0x444149 [ 38.118075] Code: e8 6c 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.137061] RSP: 002b:00007ffcb65358c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.144755] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444149 [ 38.153239] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000005 [ 38.160508] RBP: 00007ffcb65358d0 R08: 0000000000000000 R09: 0000000000000000 [ 38.167783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009223 [ 38.175044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 38.182320] Modules linked in: [ 38.188527] ---[ end trace 47e41a212a1c6f97 ]--- [ 38.193362] RIP: 0010:hsr_dev_change_mtu+0xa2/0xd0 [ 38.198300] Code: 89 e0 5b 5d 41 5c 41 5d c3 e8 7a 48 b0 f9 eb e1 e8 43 90 7a f9 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1d 49 8b 7d 10 ba 06 00 00 00 48 c7 c6 00 50 70 89 [ 38.217398] RSP: 0018:ffff8880938beb60 EFLAGS: 00010202 [ 38.222813] RAX: dffffc0000000000 RBX: 00000000000005dc RCX: ffffffff87e7c9bb [ 38.230199] RDX: 0000000000000002 RSI: ffffffff87e7ca0d RDI: 0000000000000010 [ 38.237897] RBP: ffff88809385e180 R08: 0000000000000000 R09: 00000000000005d6 [ 38.245256] R10: 0000000000000004 R11: 0000000000000000 R12: 00000000000005d6 [ 38.252583] R13: 0000000000000000 R14: ffff88809385e3c8 R15: 0000000000000001 [ 38.259860] FS: 00000000012fd880(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 [ 38.268243] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.274332] CR2: 0000000020000040 CR3: 00000000aae65000 CR4: 00000000001406f0 [ 38.281654] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.288967] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.296338] Kernel panic - not syncing: Fatal exception [ 38.302346] Kernel Offset: disabled [ 38.306020] Rebooting in 86400 seconds..