[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. syzkaller login: [ 62.735331][ T8444] chnl_net:caif_netlink_parms(): no params data found [ 62.780402][ T8444] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.787759][ T8444] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.795517][ T8444] device bridge_slave_0 entered promiscuous mode [ 62.803787][ T8444] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.811289][ T8444] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.819009][ T8444] device bridge_slave_1 entered promiscuous mode [ 62.841504][ T8444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.852578][ T8444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.878795][ T8444] team0: Port device team_slave_0 added [ 62.886403][ T8444] team0: Port device team_slave_1 added [ 62.907237][ T8444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.914810][ T8444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.942179][ T8444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.954563][ T8444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.963154][ T8444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.991572][ T8444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.019022][ T8444] device hsr_slave_0 entered promiscuous mode [ 63.025647][ T8444] device hsr_slave_1 entered promiscuous mode [ 63.099122][ T8444] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.108164][ T8444] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.117524][ T8444] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.126866][ T8444] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.144475][ T8444] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.151697][ T8444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.159104][ T8444] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.166274][ T8444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.195169][ T8444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.206609][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.214406][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.223434][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.231624][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 63.242692][ T8444] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.252101][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.261103][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.268355][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.279276][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.288047][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.295191][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.316417][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.324771][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.333848][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.342624][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.352785][ T8444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.361567][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.379311][ T8444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.386610][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.393981][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.416013][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.427762][ T8154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.437875][ T8444] device veth0_vlan entered promiscuous mode [ 63.446886][ T8154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.454432][ T8154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.463970][ T8444] device veth1_vlan entered promiscuous mode [ 63.480687][ T8444] device veth0_macvtap entered promiscuous mode [ 63.488083][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.497135][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.505303][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.514131][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.523855][ T8444] device veth1_macvtap entered promiscuous mode [ 63.538160][ T8444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.545418][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.557636][ T8444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.565060][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.576442][ T8444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.585146][ T8444] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 63.594226][ T8444] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.603694][ T8444] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.632607][ T8444] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 63.644525][ T8444] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 63.653007][ T8444] CPU: 1 PID: 8444 Comm: syz-executor078 Tainted: G W 5.14.0-rc1-syzkaller #0 [ 63.663167][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.673211][ T8444] RIP: 0010:br_multicast_rcv+0x1a88/0x61a0 [ 63.679036][ T8444] Code: 8b 53 10 48 8b 43 08 48 89 95 68 ff ff ff 48 8b 95 d8 fe ff ff 48 89 85 60 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 92 41 00 00 48 8b 85 d8 fe ff ff 48 8b 18 48 8b [ 63.698644][ T8444] RSP: 0018:ffffc9000103f158 EFLAGS: 00010246 [ 63.704708][ T8444] RAX: dffffc0000000000 RBX: ffff88802750c818 RCX: 0000000000000001 [ 63.712661][ T8444] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88802750c820 [ 63.720632][ T8444] RBP: ffffc9000103f318 R08: 0000000000000000 R09: 0000000000000001 [ 63.728599][ T8444] R10: ffffffff87f98b83 R11: 0000000000000002 R12: 0000000000000001 [ 63.736648][ T8444] R13: ffff888036a1f000 R14: 0000000000000000 R15: ffff888036a1f0b4 [ 63.744602][ T8444] FS: 0000000000c74300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 63.753516][ T8444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.760088][ T8444] CR2: 00007f3903acb6c0 CR3: 0000000024d1d000 CR4: 00000000001506e0 [ 63.768235][ T8444] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.776498][ T8444] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.784552][ T8444] Call Trace: [ 63.787903][ T8444] ? lock_acquire+0x442/0x510 [ 63.792582][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 63.798148][ T8444] ? lock_release+0x522/0x720 [ 63.802808][ T8444] ? lock_downgrade+0x6e0/0x6e0 [ 63.807927][ T8444] ? br_ip6_multicast_leave_group+0x270/0x270 [ 63.813991][ T8444] ? lock_release+0x720/0x720 [ 63.818663][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 63.824458][ T8444] ? seccomp_cache_prepare_bitmap.constprop.0.isra.0+0x296/0x4d0 [ 63.832254][ T8444] ? br_allowed_ingress+0xe6/0x11c0 [ 63.837533][ T8444] ? br_dev_xmit+0x6be/0x1760 [ 63.843151][ T8444] br_dev_xmit+0x6f6/0x1760 [ 63.847647][ T8444] ? br_netpoll_setup+0x1b0/0x1b0 [ 63.852767][ T8444] ? skb_network_protocol+0x148/0x580 [ 63.858472][ T8444] ? skb_crc32c_csum_help+0x70/0x70 [ 63.863835][ T8444] ? lock_acquire+0x442/0x510 [ 63.868495][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 63.874306][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 63.880459][ T8444] ? lock_acquire+0x442/0x510 [ 63.885208][ T8444] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 63.891530][ T8444] ? validate_xmit_xfrm+0x498/0x1050 [ 63.897285][ T8444] ? netif_skb_features+0x38d/0xb90 [ 63.902752][ T8444] dev_hard_start_xmit+0x1eb/0x920 [ 63.908022][ T8444] ? netdev_core_pick_tx+0x1cb/0x2e0 [ 63.913289][ T8444] __dev_queue_xmit+0x29ee/0x36c0 [ 63.918312][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 63.923755][ T8444] ? lock_release+0x522/0x720 [ 63.928420][ T8444] ? ___neigh_create+0x16e7/0x26a0 [ 63.933555][ T8444] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 63.938829][ T8444] ? lock_acquire+0x420/0x510 [ 63.943675][ T8444] ? lock_release+0x522/0x720 [ 63.948331][ T8444] ? lock_release+0x720/0x720 [ 63.952992][ T8444] ? ip6_finish_output2+0x764/0x19d0 [ 63.958351][ T8444] ? lock_downgrade+0x6e0/0x6e0 [ 63.963186][ T8444] ? do_raw_write_lock+0x11a/0x280 [ 63.968425][ T8444] ? do_raw_read_unlock+0x70/0x70 [ 63.973885][ T8444] ? memcpy+0x39/0x60 [ 63.978213][ T8444] neigh_resolve_output+0x50e/0x820 [ 63.983606][ T8444] ip6_finish_output2+0x764/0x19d0 [ 63.989070][ T8444] __ip6_finish_output+0x4c1/0x1050 [ 63.994265][ T8444] ? dst_output+0x170/0x170 [ 63.998936][ T8444] ip6_finish_output+0x32/0x200 [ 64.003781][ T8444] ip6_output+0x1e4/0x530 [ 64.008352][ T8444] ip6_local_out+0xaf/0x1a0 [ 64.012845][ T8444] ip6_send_skb+0xb7/0x340 [ 64.017268][ T8444] ip6_push_pending_frames+0xdd/0x100 [ 64.022643][ T8444] rawv6_sendmsg+0x2a87/0x3990 [ 64.027503][ T8444] ? rawv6_bind+0xa10/0xa10 [ 64.031990][ T8444] ? aa_profile_af_perm+0x2e0/0x2e0 [ 64.037175][ T8444] ? audit_actions_logged+0x16f/0x240 [ 64.042648][ T8444] ? inet_send_prepare+0x4e0/0x4e0 [ 64.047987][ T8444] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 64.054224][ T8444] ? sock_sendmsg+0x55/0x120 [ 64.058805][ T8444] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 64.065135][ T8444] ? ____sys_sendmsg+0x423/0x810 [ 64.070271][ T8444] ? kernel_sendmsg+0x50/0x50 [ 64.075354][ T8444] ? do_recvmmsg+0x6d0/0x6d0 [ 64.080032][ T8444] ? lock_downgrade+0x6e0/0x6e0 [ 64.084875][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 64.090498][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 64.096398][ T8444] ? lock_acquire+0x442/0x510 [ 64.101160][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 64.106699][ T8444] ? inet_sendmsg+0x4a/0xe0 [ 64.111217][ T8444] inet_sendmsg+0x99/0xe0 [ 64.115534][ T8444] ? inet_send_prepare+0x4e0/0x4e0 [ 64.120659][ T8444] sock_sendmsg+0xcf/0x120 [ 64.125092][ T8444] sock_write_iter+0x289/0x3c0 [ 64.129941][ T8444] ? sock_sendmsg+0x120/0x120 [ 64.134801][ T8444] ? aa_path_link+0x2f0/0x2f0 [ 64.139468][ T8444] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 64.145696][ T8444] new_sync_write+0x426/0x650 [ 64.150359][ T8444] ? new_sync_read+0x6e0/0x6e0 [ 64.155105][ T8444] ? aa_af_perm+0x230/0x230 [ 64.159590][ T8444] ? rcu_read_lock_sched_held+0xd/0x70 [ 64.165040][ T8444] ? apparmor_file_permission+0x264/0x4e0 [ 64.170754][ T8444] vfs_write+0x75a/0xa40 [ 64.174992][ T8444] ksys_write+0x1ee/0x250 [ 64.179307][ T8444] ? __ia32_sys_read+0xb0/0xb0 [ 64.184055][ T8444] ? syscall_enter_from_user_mode+0x21/0x70 [ 64.189934][ T8444] do_syscall_64+0x35/0xb0 [ 64.194358][ T8444] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 64.200243][ T8444] RIP: 0033:0x443229 [ 64.204127][ T8444] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 64.223721][ T8444] RSP: 002b:00007ffd3c0040e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 64.232122][ T8444] RAX: ffffffffffffffda RBX: 00007ffd3c0040f8 RCX: 0000000000443229 [ 64.240077][ T8444] RDX: 0000000000000035 RSI: 00000000200001c0 RDI: 0000000000000003 [ 64.248218][ T8444] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 64.256188][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd3c004100 [ 64.264168][ T8444] R13: 00007ffd3c004120 R14: 00000000004b8018 R15: 00000000004004b8 [ 64.272140][ T8444] Modules linked in: [ 64.276093][ T8444] ---[ end trace 09ff5fbb81fa2fac ]--- [ 64.281530][ T8444] RIP: 0010:br_multicast_rcv+0x1a88/0x61a0 [ 64.287432][ T8444] Code: 8b 53 10 48 8b 43 08 48 89 95 68 ff ff ff 48 8b 95 d8 fe ff ff 48 89 85 60 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 92 41 00 00 48 8b 85 d8 fe ff ff 48 8b 18 48 8b [ 64.307264][ T8444] RSP: 0018:ffffc9000103f158 EFLAGS: 00010246 [ 64.313317][ T8444] RAX: dffffc0000000000 RBX: ffff88802750c818 RCX: 0000000000000001 [ 64.321289][ T8444] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88802750c820 [ 64.329519][ T8444] RBP: ffffc9000103f318 R08: 0000000000000000 R09: 0000000000000001 [ 64.337501][ T8444] R10: ffffffff87f98b83 R11: 0000000000000002 R12: 0000000000000001 [ 64.345490][ T8444] R13: ffff888036a1f000 R14: 0000000000000000 R15: ffff888036a1f0b4 [ 64.353517][ T8444] FS: 0000000000c74300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 64.362673][ T8444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.369289][ T8444] CR2: 00007f3903acb6c0 CR3: 0000000024d1d000 CR4: 00000000001506e0 [ 64.377397][ T8444] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.385513][ T8444] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.393657][ T8444] Kernel panic - not syncing: Fatal exception in interrupt [ 64.402386][ T8444] Kernel Offset: disabled [ 64.406731][ T8444] Rebooting in 86400 seconds..