[ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. syzkaller login: [ 56.115219][ T8413] chnl_net:caif_netlink_parms(): no params data found [ 56.159093][ T8413] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.167247][ T8413] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.175639][ T8413] device bridge_slave_0 entered promiscuous mode [ 56.184746][ T8413] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.192429][ T8413] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.201793][ T8413] device bridge_slave_1 entered promiscuous mode [ 56.219467][ T8413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.230259][ T8413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.258844][ T8413] team0: Port device team_slave_0 added [ 56.270912][ T8413] team0: Port device team_slave_1 added [ 56.285271][ T8413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.294163][ T8413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.320526][ T8413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.334132][ T8413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.341118][ T8413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.367416][ T8413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.391523][ T8413] device hsr_slave_0 entered promiscuous mode [ 56.398161][ T8413] device hsr_slave_1 entered promiscuous mode [ 56.474707][ T8413] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.485016][ T8413] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.494702][ T8413] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.508899][ T8413] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.527883][ T8413] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.535151][ T8413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.542993][ T8413] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.550118][ T8413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.586567][ T8413] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.601586][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.613266][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.621682][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.630288][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.643158][ T8413] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.653271][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.663369][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.671005][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.682652][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.691884][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.699283][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.719444][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.728075][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.737172][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.749392][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.760205][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.770600][ T8413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.786886][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.794508][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.808755][ T8413] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.827005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.847494][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.857353][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.865380][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.874998][ T8413] device veth0_vlan entered promiscuous mode [ 56.886927][ T8413] device veth1_vlan entered promiscuous mode [ 56.905931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.913833][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.922640][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.932698][ T8413] device veth0_macvtap entered promiscuous mode [ 56.944117][ T8413] device veth1_macvtap entered promiscuous mode [ 56.959733][ T8413] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.968360][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.978202][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.989942][ T8413] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.997807][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 57.009127][ T8413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.018650][ T8413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.027799][ T8413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.037047][ T8413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.290269][ T8413] syz-executor908 (8413) used greatest stack depth: 22496 bytes left [ 57.547712][ T8623] BUG: unable to handle page fault for address: ffff8880bfffd000 [ 57.555767][ T8623] #PF: supervisor read access in kernel mode [ 57.562268][ T8623] #PF: error_code(0x0000) - not-present page [ 57.568216][ T8623] PGD 10c01067 P4D 10c01067 PUD 23ffff067 PMD 23fffe067 PTE 0 [ 57.575856][ T8623] Oops: 0000 [#1] PREEMPT SMP KASAN [ 57.581604][ T8623] CPU: 0 PID: 8623 Comm: syz-executor908 Not tainted 5.13.0-rc7-syzkaller #0 [ 57.590705][ T8623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.600820][ T8623] RIP: 0010:do_csum+0x177/0x400 [ 57.605659][ T8623] Code: 89 ee 44 89 6c 24 04 89 04 24 e8 d4 d6 87 fd 45 85 ed 74 4e 4d 89 e6 e8 17 cf 87 fd 41 83 ed 01 31 ff 31 c0 44 89 ee 49 03 1e <49> 13 5e 08 49 13 5e 10 49 13 5e 18 49 13 5e 20 49 13 5e 28 49 13 [ 57.625328][ T8623] RSP: 0018:ffffc90001a3f410 EFLAGS: 00010206 [ 57.631369][ T8623] RAX: 0000000000000000 RBX: 7c762b0edd49a2d2 RCX: 0000000000000000 [ 57.639315][ T8623] RDX: ffff888016789c40 RSI: 0000000001bbc461 RDI: 0000000000000000 [ 57.647260][ T8623] RBP: 00000000ffffffec R08: 0000000000000000 R09: 0000000000000060 [ 57.655205][ T8623] R10: ffffffff83ed0cfb R11: 0000000000000060 R12: ffff88802ef0e8b8 [ 57.663159][ T8623] R13: 0000000001bbc461 R14: ffff8880bfffcff8 R15: 0000000000000000 [ 57.671108][ T8623] FS: 00007f71f3c47700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 57.680013][ T8623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.686571][ T8623] CR2: ffff8880bfffd000 CR3: 0000000027be7000 CR4: 0000000000350ef0 [ 57.694518][ T8623] Call Trace: [ 57.697785][ T8623] csum_partial+0x1c/0x30 [ 57.702097][ T8623] __gre_xmit+0x879/0x970 [ 57.706409][ T8623] ipgre_xmit+0x679/0x830 [ 57.710716][ T8623] dev_hard_start_xmit+0x1eb/0x920 [ 57.715802][ T8623] __dev_queue_xmit+0x2133/0x3130 [ 57.720815][ T8623] ? _copy_from_iter_full+0x2ea/0x11b0 [ 57.726524][ T8623] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.732225][ T8623] ? skb_partial_csum_set+0x21b/0x2b0 [ 57.737584][ T8623] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 57.742928][ T8623] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 57.748623][ T8623] ? virtio_net_hdr_to_skb.constprop.0+0xf1/0xfc0 [ 57.755028][ T8623] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 57.761244][ T8623] ? packet_parse_headers+0x11d/0x490 [ 57.766604][ T8623] ? packet_poll+0x600/0x600 [ 57.771168][ T8623] packet_sendmsg+0x22ee/0x5310 [ 57.776117][ T8623] ? aa_sk_perm+0x31b/0xab0 [ 57.780620][ T8623] ? packet_create+0xac0/0xac0 [ 57.785379][ T8623] ? aa_af_perm+0x230/0x230 [ 57.789870][ T8623] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.796090][ T8623] ? packet_create+0xac0/0xac0 [ 57.800831][ T8623] sock_sendmsg+0xcf/0x120 [ 57.805220][ T8623] sock_no_sendpage+0xf3/0x130 [ 57.809961][ T8623] ? sk_page_frag_refill+0x1d0/0x1d0 [ 57.815488][ T8623] ? lock_release+0x720/0x720 [ 57.820143][ T8623] ? find_held_lock+0x2d/0x110 [ 57.824880][ T8623] kernel_sendpage.part.0+0x1ab/0x350 [ 57.830240][ T8623] sock_sendpage+0xe5/0x140 [ 57.834729][ T8623] ? __sock_recv_ts_and_drops+0x430/0x430 [ 57.840520][ T8623] pipe_to_sendpage+0x2ad/0x380 [ 57.845349][ T8623] ? propagate_umount+0x19f0/0x19f0 [ 57.850522][ T8623] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 57.856742][ T8623] ? splice_from_pipe_next.part.0+0x167/0x520 [ 57.862786][ T8623] __splice_from_pipe+0x43e/0x8a0 [ 57.867783][ T8623] ? propagate_umount+0x19f0/0x19f0 [ 57.872955][ T8623] generic_splice_sendpage+0xd4/0x140 [ 57.878304][ T8623] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 57.883388][ T8623] ? security_file_permission+0x248/0x560 [ 57.889084][ T8623] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 57.894180][ T8623] do_splice+0xb7e/0x1940 [ 57.898484][ T8623] ? find_held_lock+0x2d/0x110 [ 57.903312][ T8623] ? splice_file_to_pipe+0x120/0x120 [ 57.908572][ T8623] ? find_held_lock+0x2d/0x110 [ 57.913313][ T8623] __do_splice+0x134/0x250 [ 57.917704][ T8623] ? do_splice+0x1940/0x1940 [ 57.922269][ T8623] __x64_sys_splice+0x198/0x250 [ 57.927096][ T8623] do_syscall_64+0x3a/0xb0 [ 57.931663][ T8623] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.937528][ T8623] RIP: 0033:0x449009 [ 57.941394][ T8623] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.960972][ T8623] RSP: 002b:00007f71f3c472e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 57.969372][ T8623] RAX: ffffffffffffffda RBX: 00000000004cf510 RCX: 0000000000449009 [ 57.977320][ T8623] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 57.985827][ T8623] RBP: 00000000004cf51c R08: 00000000ffffffff R09: 0000000000000000 [ 57.993778][ T8623] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049e004 [ 58.002186][ T8623] R13: 78902f0000000000 R14: 6d32cc5e8ead0600 R15: 00000000004cf518 [ 58.010592][ T8623] Modules linked in: [ 58.014457][ T8623] CR2: ffff8880bfffd000 [ 58.018768][ T8623] ---[ end trace e5a75b5c3c112f40 ]--- [ 58.024195][ T8623] RIP: 0010:do_csum+0x177/0x400 [ 58.029201][ T8623] Code: 89 ee 44 89 6c 24 04 89 04 24 e8 d4 d6 87 fd 45 85 ed 74 4e 4d 89 e6 e8 17 cf 87 fd 41 83 ed 01 31 ff 31 c0 44 89 ee 49 03 1e <49> 13 5e 08 49 13 5e 10 49 13 5e 18 49 13 5e 20 49 13 5e 28 49 13 [ 58.048869][ T8623] RSP: 0018:ffffc90001a3f410 EFLAGS: 00010206 [ 58.055220][ T8623] RAX: 0000000000000000 RBX: 7c762b0edd49a2d2 RCX: 0000000000000000 [ 58.063165][ T8623] RDX: ffff888016789c40 RSI: 0000000001bbc461 RDI: 0000000000000000 [ 58.071112][ T8623] RBP: 00000000ffffffec R08: 0000000000000000 R09: 0000000000000060 [ 58.079056][ T8623] R10: ffffffff83ed0cfb R11: 0000000000000060 R12: ffff88802ef0e8b8 [ 58.087003][ T8623] R13: 0000000001bbc461 R14: ffff8880bfffcff8 R15: 0000000000000000 [ 58.094947][ T8623] FS: 00007f71f3c47700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 58.104029][ T8623] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.110590][ T8623] CR2: ffff8880bfffd000 CR3: 0000000027be7000 CR4: 0000000000350ef0 [ 58.118542][ T8623] Kernel panic - not syncing: Fatal exception in interrupt [ 58.131140][ T8623] Kernel Offset: disabled [ 58.135531][ T8623] Rebooting in 86400 seconds..