[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. syzkaller login: [ 74.654179][ T8487] IPVS: ftp: loaded support on port[0] = 21 [ 74.748124][ T8487] chnl_net:caif_netlink_parms(): no params data found [ 74.801221][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.808414][ T8487] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.817492][ T8487] device bridge_slave_0 entered promiscuous mode [ 74.826338][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.833608][ T8487] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.841244][ T8487] device bridge_slave_1 entered promiscuous mode [ 74.862224][ T8487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.873573][ T8487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.895575][ T8487] team0: Port device team_slave_0 added [ 74.903361][ T8487] team0: Port device team_slave_1 added [ 74.920390][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.927478][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.953529][ T8487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.966528][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.973729][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.999885][ T8487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.027934][ T8487] device hsr_slave_0 entered promiscuous mode [ 75.034732][ T8487] device hsr_slave_1 entered promiscuous mode [ 75.137779][ T8487] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.147727][ T8487] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.157864][ T8487] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.168041][ T8487] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.193885][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.201046][ T8487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.208805][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.215935][ T8487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.261854][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.276919][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.287146][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.296558][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.304988][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.318190][ T8487] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.329945][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.339300][ T3658] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.346432][ T3658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.358411][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.367590][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.374837][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.395601][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.404710][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.416500][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.433327][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.441583][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.453641][ T8487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.473397][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.480792][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.494706][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.515208][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.535912][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.544135][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.553098][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.563977][ T8487] device veth0_vlan entered promiscuous mode [ 75.576863][ T8487] device veth1_vlan entered promiscuous mode [ 75.598637][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 75.607470][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 75.616445][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 75.627813][ T8487] device veth0_macvtap entered promiscuous mode [ 75.638119][ T8487] device veth1_macvtap entered promiscuous mode [ 75.657698][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.665180][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 75.675304][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 75.686959][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.696074][ T3658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 75.707100][ T8487] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.716849][ T8487] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.726451][ T8487] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.736547][ T8487] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.779612][ T8487] ================================================================================ [ 75.789087][ T8487] UBSAN: shift-out-of-bounds in ./include/net/red.h:252:22 [ 75.796333][ T8487] shift exponent 96 is too large for 32-bit type 'int' [ 75.803240][ T8487] CPU: 1 PID: 8487 Comm: syz-executor972 Not tainted 5.10.0-syzkaller #0 [ 75.811682][ T8487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.821725][ T8487] Call Trace: [ 75.824990][ T8487] dump_stack+0x107/0x163 [ 75.829321][ T8487] ubsan_epilogue+0xb/0x5a [ 75.833721][ T8487] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 75.840468][ T8487] ? rwlock_bug.part.0+0x90/0x90 [ 75.845410][ T8487] choke_change.cold+0xce/0x115 [ 75.850294][ T8487] ? choke_enqueue+0x1b60/0x1b60 [ 75.855352][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.861581][ T8487] ? choke_change+0x1410/0x1410 [ 75.866416][ T8487] qdisc_create+0x4ba/0x13a0 [ 75.871078][ T8487] ? apparmor_capable+0x1d8/0x460 [ 75.876090][ T8487] ? tc_get_qdisc+0xb20/0xb20 [ 75.880751][ T8487] ? __nla_parse+0x3d/0x50 [ 75.885152][ T8487] tc_modify_qdisc+0x4c8/0x1a30 [ 75.889987][ T8487] ? rtnetlink_rcv_msg+0x443/0xb80 [ 75.895083][ T8487] ? qdisc_create+0x13a0/0x13a0 [ 75.899940][ T8487] ? qdisc_create+0x13a0/0x13a0 [ 75.904777][ T8487] rtnetlink_rcv_msg+0x498/0xb80 [ 75.909801][ T8487] ? rtnl_fdb_dump+0xa00/0xa00 [ 75.914556][ T8487] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 75.919834][ T8487] netlink_rcv_skb+0x153/0x420 [ 75.924591][ T8487] ? rtnl_fdb_dump+0xa00/0xa00 [ 75.929344][ T8487] ? netlink_ack+0xab0/0xab0 [ 75.933914][ T8487] ? netlink_deliver_tap+0x2c4/0xc00 [ 75.939191][ T8487] netlink_unicast+0x533/0x7d0 [ 75.943941][ T8487] ? netlink_attachskb+0x870/0x870 [ 75.949032][ T8487] ? _copy_from_iter_full+0x275/0x850 [ 75.954388][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 75.960612][ T8487] ? __phys_addr_symbol+0x2c/0x70 [ 75.965618][ T8487] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 75.971318][ T8487] ? __check_object_size+0x171/0x3f0 [ 75.976589][ T8487] netlink_sendmsg+0x907/0xe40 [ 75.981338][ T8487] ? netlink_unicast+0x7d0/0x7d0 [ 75.986263][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 75.992493][ T8487] ? netlink_unicast+0x7d0/0x7d0 [ 75.997429][ T8487] sock_sendmsg+0xcf/0x120 [ 76.001850][ T8487] ____sys_sendmsg+0x6e8/0x810 [ 76.006621][ T8487] ? kernel_sendmsg+0x50/0x50 [ 76.011311][ T8487] ? do_recvmmsg+0x6c0/0x6c0 [ 76.015892][ T8487] ? find_held_lock+0x2d/0x110 [ 76.020645][ T8487] ___sys_sendmsg+0xf3/0x170 [ 76.025225][ T8487] ? sendmsg_copy_msghdr+0x160/0x160 [ 76.030501][ T8487] ? _copy_to_user+0xdc/0x150 [ 76.035168][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.041392][ T8487] ? sock_do_ioctl+0x1cd/0x2f0 [ 76.046193][ T8487] ? kernel_sendpage_locked+0x100/0x100 [ 76.051726][ T8487] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.057606][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.063832][ T8487] ? __fget_light+0x215/0x280 [ 76.068494][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.074723][ T8487] __sys_sendmsg+0xe5/0x1b0 [ 76.079211][ T8487] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.084228][ T8487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.090112][ T8487] do_syscall_64+0x2d/0x70 [ 76.094510][ T8487] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.100391][ T8487] RIP: 0033:0x4437b9 [ 76.104271][ T8487] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.123868][ T8487] RSP: 002b:00007fffde8f3258 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.132276][ T8487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004437b9 [ 76.140273][ T8487] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 76.148265][ T8487] RBP: 00007fffde8f3260 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 76.156247][ T8487] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007fffde8f3270 [ 76.164204][ T8487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.172282][ T8487] ================================================================================ [ 76.181560][ T8487] Kernel panic - not syncing: panic_on_warn set ... [ 76.188156][ T8487] CPU: 1 PID: 8487 Comm: syz-executor972 Not tainted 5.10.0-syzkaller #0 [ 76.196579][ T8487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.206640][ T8487] Call Trace: [ 76.209907][ T8487] dump_stack+0x107/0x163 [ 76.214227][ T8487] panic+0x343/0x77f [ 76.218141][ T8487] ? __warn_printk+0xf3/0xf3 [ 76.222746][ T8487] ? ubsan_epilogue+0x3e/0x5a [ 76.227481][ T8487] ubsan_epilogue+0x54/0x5a [ 76.231971][ T8487] __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 [ 76.238724][ T8487] ? rwlock_bug.part.0+0x90/0x90 [ 76.243686][ T8487] choke_change.cold+0xce/0x115 [ 76.248564][ T8487] ? choke_enqueue+0x1b60/0x1b60 [ 76.253492][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.259728][ T8487] ? choke_change+0x1410/0x1410 [ 76.264564][ T8487] qdisc_create+0x4ba/0x13a0 [ 76.269227][ T8487] ? apparmor_capable+0x1d8/0x460 [ 76.274270][ T8487] ? tc_get_qdisc+0xb20/0xb20 [ 76.278985][ T8487] ? __nla_parse+0x3d/0x50 [ 76.283400][ T8487] tc_modify_qdisc+0x4c8/0x1a30 [ 76.288247][ T8487] ? rtnetlink_rcv_msg+0x443/0xb80 [ 76.293347][ T8487] ? qdisc_create+0x13a0/0x13a0 [ 76.298198][ T8487] ? qdisc_create+0x13a0/0x13a0 [ 76.303040][ T8487] rtnetlink_rcv_msg+0x498/0xb80 [ 76.308112][ T8487] ? rtnl_fdb_dump+0xa00/0xa00 [ 76.312902][ T8487] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 76.318178][ T8487] netlink_rcv_skb+0x153/0x420 [ 76.322938][ T8487] ? rtnl_fdb_dump+0xa00/0xa00 [ 76.327711][ T8487] ? netlink_ack+0xab0/0xab0 [ 76.332283][ T8487] ? netlink_deliver_tap+0x2c4/0xc00 [ 76.337563][ T8487] netlink_unicast+0x533/0x7d0 [ 76.342327][ T8487] ? netlink_attachskb+0x870/0x870 [ 76.347445][ T8487] ? _copy_from_iter_full+0x275/0x850 [ 76.352804][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.359029][ T8487] ? __phys_addr_symbol+0x2c/0x70 [ 76.364036][ T8487] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 76.369738][ T8487] ? __check_object_size+0x171/0x3f0 [ 76.375017][ T8487] netlink_sendmsg+0x907/0xe40 [ 76.379771][ T8487] ? netlink_unicast+0x7d0/0x7d0 [ 76.384695][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.390973][ T8487] ? netlink_unicast+0x7d0/0x7d0 [ 76.395893][ T8487] sock_sendmsg+0xcf/0x120 [ 76.400295][ T8487] ____sys_sendmsg+0x6e8/0x810 [ 76.405044][ T8487] ? kernel_sendmsg+0x50/0x50 [ 76.409704][ T8487] ? do_recvmmsg+0x6c0/0x6c0 [ 76.414280][ T8487] ? find_held_lock+0x2d/0x110 [ 76.419030][ T8487] ___sys_sendmsg+0xf3/0x170 [ 76.423607][ T8487] ? sendmsg_copy_msghdr+0x160/0x160 [ 76.428917][ T8487] ? _copy_to_user+0xdc/0x150 [ 76.433620][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.439844][ T8487] ? sock_do_ioctl+0x1cd/0x2f0 [ 76.444593][ T8487] ? kernel_sendpage_locked+0x100/0x100 [ 76.450125][ T8487] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.456121][ T8487] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.462348][ T8487] ? __fget_light+0x215/0x280 [ 76.467031][ T8487] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 76.473258][ T8487] __sys_sendmsg+0xe5/0x1b0 [ 76.477742][ T8487] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.482772][ T8487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 76.488676][ T8487] do_syscall_64+0x2d/0x70 [ 76.493073][ T8487] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.498949][ T8487] RIP: 0033:0x4437b9 [ 76.502831][ T8487] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.522442][ T8487] RSP: 002b:00007fffde8f3258 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.530859][ T8487] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004437b9 [ 76.538812][ T8487] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 76.546764][ T8487] RBP: 00007fffde8f3260 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 76.554717][ T8487] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 00007fffde8f3270 [ 76.562679][ T8487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.571596][ T8487] Kernel Offset: disabled [ 76.576016][ T8487] Rebooting in 86400 seconds..