[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. syzkaller login: [ 70.681694][ T8513] IPVS: ftp: loaded support on port[0] = 21 [ 70.782628][ T8513] chnl_net:caif_netlink_parms(): no params data found [ 70.842499][ T8513] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.851056][ T8513] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.859983][ T8513] device bridge_slave_0 entered promiscuous mode [ 70.870769][ T8513] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.878051][ T8513] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.886665][ T8513] device bridge_slave_1 entered promiscuous mode [ 70.908586][ T8513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.919639][ T8513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.942243][ T8513] team0: Port device team_slave_0 added [ 70.949861][ T8513] team0: Port device team_slave_1 added [ 70.968346][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.975353][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.001345][ T8513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.014542][ T8513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.021480][ T8513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.050173][ T8513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.080934][ T8513] device hsr_slave_0 entered promiscuous mode [ 71.087874][ T8513] device hsr_slave_1 entered promiscuous mode [ 71.200892][ T8513] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.211333][ T8513] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.228455][ T8513] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.239312][ T8513] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.266860][ T8513] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.274170][ T8513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.281767][ T8513] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.288921][ T8513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.338701][ T8513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.351764][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.364686][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.372992][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.381726][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 71.396854][ T8513] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.409636][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.418377][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.425566][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.454757][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.466068][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.473198][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.481604][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 71.491904][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 71.503616][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 71.511927][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.529004][ T8513] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.540472][ T8513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 71.550234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.571695][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 71.579752][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 71.594477][ T8513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.615835][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 71.637134][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 71.646452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 71.655726][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 71.668265][ T8513] device veth0_vlan entered promiscuous mode [ 71.680225][ T8513] device veth1_vlan entered promiscuous mode [ 71.704455][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 71.712490][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 71.724415][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 71.737981][ T8513] device veth0_macvtap entered promiscuous mode [ 71.748454][ T8513] device veth1_macvtap entered promiscuous mode [ 71.756776][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 71.777026][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.785272][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 71.796919][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 71.810163][ T8513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.818463][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 71.828306][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 71.840884][ T8513] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.850191][ T8513] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.859038][ T8513] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.868393][ T8513] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 71.916543][ T8513] ================================================================================ [ 71.926106][ T8513] UBSAN: shift-out-of-bounds in ./include/net/red.h:252:22 [ 71.933541][ T8513] shift exponent 96 is too large for 32-bit type 'int' [ 71.940399][ T8513] CPU: 0 PID: 8513 Comm: syz-executor800 Not tainted 5.10.0-syzkaller #0 [ 71.948829][ T8513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.959330][ T8513] Call Trace: [ 71.962617][ T8513] dump_stack+0x107/0x163 [ 71.966952][ T8513] ubsan_epilogue+0xb/0x5a [ 71.971406][ T8513] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 71.978217][ T8513] ? rwlock_bug.part.0+0x90/0x90 [ 71.983156][ T8513] choke_change.cold+0xce/0x115 [ 71.988010][ T8513] ? choke_enqueue+0x1b60/0x1b60 [ 71.992951][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.999187][ T8513] ? choke_change+0x1410/0x1410 [ 72.004041][ T8513] qdisc_create+0x4ba/0x13a0 [ 72.008628][ T8513] ? apparmor_capable+0x1d8/0x460 [ 72.013653][ T8513] ? tc_get_qdisc+0xb20/0xb20 [ 72.018323][ T8513] ? __nla_parse+0x3d/0x50 [ 72.022727][ T8513] tc_modify_qdisc+0x4c8/0x1a30 [ 72.027586][ T8513] ? rtnetlink_rcv_msg+0x443/0xb80 [ 72.032701][ T8513] ? qdisc_create+0x13a0/0x13a0 [ 72.037555][ T8513] ? qdisc_create+0x13a0/0x13a0 [ 72.042404][ T8513] rtnetlink_rcv_msg+0x498/0xb80 [ 72.047332][ T8513] ? rtnl_fdb_dump+0xa00/0xa00 [ 72.052089][ T8513] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 72.057376][ T8513] netlink_rcv_skb+0x153/0x420 [ 72.062150][ T8513] ? rtnl_fdb_dump+0xa00/0xa00 [ 72.066903][ T8513] ? netlink_ack+0xab0/0xab0 [ 72.071502][ T8513] ? netlink_deliver_tap+0x2c4/0xc00 [ 72.076789][ T8513] netlink_unicast+0x533/0x7d0 [ 72.081560][ T8513] ? netlink_attachskb+0x870/0x870 [ 72.086658][ T8513] ? _copy_from_iter_full+0x275/0x850 [ 72.092022][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.098272][ T8513] ? __phys_addr_symbol+0x2c/0x70 [ 72.103287][ T8513] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.108994][ T8513] ? __check_object_size+0x171/0x3f0 [ 72.114282][ T8513] netlink_sendmsg+0x907/0xe40 [ 72.119052][ T8513] ? netlink_unicast+0x7d0/0x7d0 [ 72.123995][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.130229][ T8513] ? netlink_unicast+0x7d0/0x7d0 [ 72.135168][ T8513] sock_sendmsg+0xcf/0x120 [ 72.139578][ T8513] ____sys_sendmsg+0x6e8/0x810 [ 72.144341][ T8513] ? kernel_sendmsg+0x50/0x50 [ 72.149005][ T8513] ? do_recvmmsg+0x6c0/0x6c0 [ 72.153584][ T8513] ? find_held_lock+0x2d/0x110 [ 72.158341][ T8513] ___sys_sendmsg+0xf3/0x170 [ 72.162934][ T8513] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.168217][ T8513] ? _copy_to_user+0xdc/0x150 [ 72.172896][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.179139][ T8513] ? sock_do_ioctl+0x1cd/0x2f0 [ 72.183893][ T8513] ? kernel_sendpage_locked+0x100/0x100 [ 72.189427][ T8513] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 72.195318][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.201556][ T8513] ? __fget_light+0x215/0x280 [ 72.206223][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.212477][ T8513] __sys_sendmsg+0xe5/0x1b0 [ 72.216993][ T8513] ? __sys_sendmsg_sock+0xb0/0xb0 [ 72.222038][ T8513] ? syscall_enter_from_user_mode+0x1d/0x50 [ 72.227933][ T8513] do_syscall_64+0x2d/0x70 [ 72.232348][ T8513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.238229][ T8513] RIP: 0033:0x4437b9 [ 72.242112][ T8513] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.261720][ T8513] RSP: 002b:00007fff205ca1d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.270133][ T8513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004437b9 [ 72.278105][ T8513] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 72.286084][ T8513] RBP: 00007fff205ca1e0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 72.294062][ T8513] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007fff205ca1f0 [ 72.302022][ T8513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.310130][ T8513] ================================================================================ [ 72.319481][ T8513] Kernel panic - not syncing: panic_on_warn set ... [ 72.326079][ T8513] CPU: 0 PID: 8513 Comm: syz-executor800 Not tainted 5.10.0-syzkaller #0 [ 72.334512][ T8513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.344579][ T8513] Call Trace: [ 72.347870][ T8513] dump_stack+0x107/0x163 [ 72.352194][ T8513] panic+0x343/0x77f [ 72.356080][ T8513] ? __warn_printk+0xf3/0xf3 [ 72.360662][ T8513] ? ubsan_epilogue+0x3e/0x5a [ 72.365344][ T8513] ubsan_epilogue+0x54/0x5a [ 72.369838][ T8513] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 72.376592][ T8513] ? rwlock_bug.part.0+0x90/0x90 [ 72.381535][ T8513] choke_change.cold+0xce/0x115 [ 72.386393][ T8513] ? choke_enqueue+0x1b60/0x1b60 [ 72.391325][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.397558][ T8513] ? choke_change+0x1410/0x1410 [ 72.402400][ T8513] qdisc_create+0x4ba/0x13a0 [ 72.406994][ T8513] ? apparmor_capable+0x1d8/0x460 [ 72.412024][ T8513] ? tc_get_qdisc+0xb20/0xb20 [ 72.416709][ T8513] ? __nla_parse+0x3d/0x50 [ 72.421133][ T8513] tc_modify_qdisc+0x4c8/0x1a30 [ 72.425986][ T8513] ? rtnetlink_rcv_msg+0x443/0xb80 [ 72.431146][ T8513] ? qdisc_create+0x13a0/0x13a0 [ 72.436031][ T8513] ? qdisc_create+0x13a0/0x13a0 [ 72.440874][ T8513] rtnetlink_rcv_msg+0x498/0xb80 [ 72.445812][ T8513] ? rtnl_fdb_dump+0xa00/0xa00 [ 72.450577][ T8513] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 72.455856][ T8513] netlink_rcv_skb+0x153/0x420 [ 72.460624][ T8513] ? rtnl_fdb_dump+0xa00/0xa00 [ 72.465381][ T8513] ? netlink_ack+0xab0/0xab0 [ 72.469968][ T8513] ? netlink_deliver_tap+0x2c4/0xc00 [ 72.475290][ T8513] netlink_unicast+0x533/0x7d0 [ 72.480078][ T8513] ? netlink_attachskb+0x870/0x870 [ 72.485210][ T8513] ? _copy_from_iter_full+0x275/0x850 [ 72.490574][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.496812][ T8513] ? __phys_addr_symbol+0x2c/0x70 [ 72.501833][ T8513] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 72.507536][ T8513] ? __check_object_size+0x171/0x3f0 [ 72.512820][ T8513] netlink_sendmsg+0x907/0xe40 [ 72.517581][ T8513] ? netlink_unicast+0x7d0/0x7d0 [ 72.522534][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.528790][ T8513] ? netlink_unicast+0x7d0/0x7d0 [ 72.533719][ T8513] sock_sendmsg+0xcf/0x120 [ 72.538139][ T8513] ____sys_sendmsg+0x6e8/0x810 [ 72.542898][ T8513] ? kernel_sendmsg+0x50/0x50 [ 72.547568][ T8513] ? do_recvmmsg+0x6c0/0x6c0 [ 72.552156][ T8513] ? find_held_lock+0x2d/0x110 [ 72.556913][ T8513] ___sys_sendmsg+0xf3/0x170 [ 72.561500][ T8513] ? sendmsg_copy_msghdr+0x160/0x160 [ 72.566781][ T8513] ? _copy_to_user+0xdc/0x150 [ 72.571451][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.577692][ T8513] ? sock_do_ioctl+0x1cd/0x2f0 [ 72.582466][ T8513] ? kernel_sendpage_locked+0x100/0x100 [ 72.588007][ T8513] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 72.593914][ T8513] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.600158][ T8513] ? __fget_light+0x215/0x280 [ 72.604844][ T8513] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.611082][ T8513] __sys_sendmsg+0xe5/0x1b0 [ 72.615590][ T8513] ? __sys_sendmsg_sock+0xb0/0xb0 [ 72.620621][ T8513] ? syscall_enter_from_user_mode+0x1d/0x50 [ 72.626539][ T8513] do_syscall_64+0x2d/0x70 [ 72.630984][ T8513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.636897][ T8513] RIP: 0033:0x4437b9 [ 72.640785][ T8513] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.660403][ T8513] RSP: 002b:00007fff205ca1d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.669095][ T8513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004437b9 [ 72.677181][ T8513] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 72.685213][ T8513] RBP: 00007fff205ca1e0 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 72.693201][ T8513] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007fff205ca1f0 [ 72.701171][ T8513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.710032][ T8513] Kernel Offset: disabled [ 72.714505][ T8513] Rebooting in 86400 seconds..