Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. syzkaller login: [ 30.283687] IPVS: ftp: loaded support on port[0] = 21 [ 30.351846] chnl_net:caif_netlink_parms(): no params data found [ 30.425062] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.431932] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.441245] device bridge_slave_0 entered promiscuous mode [ 30.450451] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.457513] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.465105] device bridge_slave_1 entered promiscuous mode [ 30.481828] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.490521] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.508513] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.515721] team0: Port device team_slave_0 added [ 30.521809] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.529449] team0: Port device team_slave_1 added [ 30.544492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.551001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.577061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.590064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.599805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.625980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.638005] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.645765] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.665182] device hsr_slave_0 entered promiscuous mode [ 30.671084] device hsr_slave_1 entered promiscuous mode [ 30.677582] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.685025] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.745380] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.751844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.758772] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.765137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.794186] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.801387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.810032] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.820146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.829081] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.836472] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.846707] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.853875] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.863310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.871571] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.878086] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.887470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.895591] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.902000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.919764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.928304] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.936245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.944484] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.955507] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.967521] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.973752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.981582] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.993999] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.002157] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.009694] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.020348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.070260] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 31.081448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.110796] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 31.118906] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 31.125635] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 31.135257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.143407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.150621] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.160225] device veth0_vlan entered promiscuous mode [ 31.169932] device veth1_vlan entered promiscuous mode [ 31.175983] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.185265] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.195957] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.205513] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.213601] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.220931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.231527] device veth0_macvtap entered promiscuous mode [ 31.238452] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.247709] device veth1_macvtap entered promiscuous mode [ 31.255949] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.266503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.277283] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.284381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.293317] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.303376] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.310792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.336947] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready executing program executing program executing program [ 31.399914] device batadv0 entered promiscuous mode [ 31.405584] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.413895] device batadv0 left promiscuous mode [ 31.426110] device batadv0 entered promiscuous mode [ 31.432426] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.439464] device batadv0 left promiscuous mode executing program executing program [ 31.450646] device batadv0 entered promiscuous mode [ 31.456088] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.463927] device batadv0 left promiscuous mode [ 31.475373] device batadv0 entered promiscuous mode [ 31.481432] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.488589] device batadv0 left promiscuous mode executing program executing program [ 31.499490] device batadv0 entered promiscuous mode [ 31.504966] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.512202] device batadv0 left promiscuous mode [ 31.523915] device batadv0 entered promiscuous mode [ 31.529723] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.537036] device batadv0 left promiscuous mode executing program executing program [ 31.548402] device batadv0 entered promiscuous mode [ 31.553969] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.561514] device batadv0 left promiscuous mode [ 31.573133] device batadv0 entered promiscuous mode [ 31.578783] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.585980] device batadv0 left promiscuous mode [ 31.597511] device batadv0 entered promiscuous mode [ 31.603158] lo: Cannot use loopback or non-ethernet device as HSR slave. [ 31.610516] device batadv0 left promiscuous mode [ 31.616020] kasan: CONFIG_KASAN_INLINE enabled [ 31.621010] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 31.628841] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 31.635199] Modules linked in: [ 31.638388] CPU: 1 PID: 8263 Comm: syz-executor087 Not tainted 4.14.216-syzkaller #0 [ 31.646340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.655837] task: ffff8880b0488040 task.stack: ffff8880afe30000 [ 31.661910] RIP: 0010:hsr_dev_change_mtu+0x95/0xc0 [ 31.666884] RSP: 0018:ffff8880afe37060 EFLAGS: 00010202 [ 31.672510] RAX: dffffc0000000000 RBX: ffff8880af056600 RCX: 1ffff11016091123 [ 31.680314] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 0000000000000010 [ 31.687772] RBP: 00000000000005dc R08: 0000000000000000 R09: 0000000000000002 [ 31.695027] R10: 0000000000000000 R11: ffff8880b0488040 R12: ffff8880af0570c0 [ 31.702659] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff86f85550 [ 31.709914] FS: 0000000001a7b880(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 31.718143] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.724010] CR2: 0000000020000040 CR3: 000000009d751000 CR4: 00000000001406e0 [ 31.731385] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.738652] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.745913] Call Trace: [ 31.748491] dev_set_mtu+0x1f0/0x3c0 [ 31.752205] ? dev_validate_mtu+0xf0/0xf0 [ 31.756440] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 31.761438] ? __kmalloc+0x3a4/0x400 [ 31.765153] ? team_add_slave+0x79b/0x1bc0 [ 31.769374] team_add_slave+0x8de/0x1bc0 [ 31.773432] ? team_options_register+0x50/0x50 [ 31.778006] ? lock_acquire+0x170/0x3f0 [ 31.782153] ? team_options_register+0x50/0x50 [ 31.786948] do_set_master+0x19e/0x200 [ 31.792302] do_setlink+0x8b8/0x2bf0 [ 31.796022] ? __save_stack_trace+0xa0/0x160 [ 31.800508] ? rtnl_fdb_add+0x770/0x770 [ 31.804471] ? check_preemption_disabled+0x35/0x240 [ 31.809468] ? trace_hardirqs_on+0x10/0x10 [ 31.813686] ? deref_stack_reg+0x124/0x1a0 [ 31.817902] ? kasan_slab_free+0x12d/0x1a0 [ 31.822140] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 31.828100] ? kasan_slab_free+0xc3/0x1a0 [ 31.832237] ? kfree_skbmem+0x98/0x100 [ 31.836443] ? consume_skb+0xed/0x380 [ 31.840260] ? unwind_next_frame+0xe54/0x17d0 [ 31.844836] ? __save_stack_trace+0x63/0x160 [ 31.849239] ? deref_stack_reg+0x124/0x1a0 [ 31.853468] ? is_bpf_text_address+0x91/0x150 [ 31.858102] ? lock_acquire+0x170/0x3f0 [ 31.862066] ? lock_downgrade+0x740/0x740 [ 31.866266] ? validate_nla+0x192/0x5e0 [ 31.870317] ? nla_parse+0x157/0x1f0 [ 31.874023] ? validate_linkmsg+0x3a1/0x460 [ 31.878609] rtnl_newlink+0x1267/0x1830 [ 31.882675] ? __lock_acquire+0x5fc/0x3f20 [ 31.886922] ? kmem_cache_free+0x7c/0x2b0 [ 31.891055] ? rtnl_dellink+0x6a0/0x6a0 [ 31.895196] ? trace_hardirqs_on+0x10/0x10 [ 31.899833] ? netlink_deliver_tap+0x60c/0x7d0 [ 31.904493] ? netlink_unicast+0x485/0x610 [ 31.908827] ? netlink_sendmsg+0x62e/0xb80 [ 31.913284] ? sock_sendmsg+0x40/0x100 [ 31.917159] ? ___sys_sendmsg+0x6c8/0x800 [ 31.921283] ? __sys_sendmsg+0xa3/0x120 [ 31.925538] ? SyS_sendmsg+0x27/0x40 [ 31.929234] ? mutex_spin_on_owner+0x1c3/0x420 [ 31.934162] ? lock_acquire+0x170/0x3f0 [ 31.938295] ? lock_downgrade+0x740/0x740 [ 31.942445] ? lock_acquire+0x170/0x3f0 [ 31.946416] ? lock_downgrade+0x740/0x740 [ 31.950544] ? rtnl_dellink+0x6a0/0x6a0 [ 31.954508] rtnetlink_rcv_msg+0x3be/0xb10 [ 31.960774] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 31.965254] ? __netlink_lookup+0x345/0x5d0 [ 31.969557] ? netdev_pick_tx+0x2e0/0x2e0 [ 31.973699] netlink_rcv_skb+0x125/0x390 [ 31.977838] ? memcpy+0x35/0x50 [ 31.981117] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 31.985603] ? netlink_ack+0x9a0/0x9a0 [ 31.989473] netlink_unicast+0x437/0x610 [ 31.993516] ? netlink_sendskb+0xd0/0xd0 [ 31.997648] ? __check_object_size+0x179/0x230 [ 32.002394] netlink_sendmsg+0x62e/0xb80 [ 32.006874] ? nlmsg_notify+0x170/0x170 [ 32.010839] ? kernel_recvmsg+0x210/0x210 [ 32.015147] ? security_socket_sendmsg+0x83/0xb0 [ 32.020323] ? nlmsg_notify+0x170/0x170 [ 32.024520] sock_sendmsg+0xb5/0x100 [ 32.028318] ___sys_sendmsg+0x6c8/0x800 [ 32.032459] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 32.037222] ? trace_hardirqs_on+0x10/0x10 [ 32.041731] ? trace_hardirqs_on+0x10/0x10 [ 32.045975] ? apparmor_file_alloc_security+0x129/0x800 [ 32.051437] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 32.056995] ? __lockdep_init_map+0x100/0x560 [ 32.061565] ? __fd_install+0x1ec/0x5c0 [ 32.065611] ? lock_acquire+0x170/0x3f0 [ 32.069567] ? lock_downgrade+0x740/0x740 [ 32.073693] ? __fdget+0x167/0x1f0 [ 32.077263] ? sockfd_lookup_light+0xb2/0x160 [ 32.081840] __sys_sendmsg+0xa3/0x120 [ 32.085717] ? SyS_shutdown+0x160/0x160 [ 32.089686] ? move_addr_to_kernel+0x60/0x60 [ 32.094091] SyS_sendmsg+0x27/0x40 [ 32.097612] ? __sys_sendmsg+0x120/0x120 [ 32.101745] do_syscall_64+0x1d5/0x640 [ 32.105633] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 32.110963] RIP: 0033:0x444149 [ 32.114235] RSP: 002b:00007ffc3ec79678 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 32.122130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444149 [ 32.129557] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000005 [ 32.136833] RBP: 00007ffc3ec79680 R08: 0000000000000000 R09: 0000000000000000 [ 32.144213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000007b7d [ 32.151764] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.159022] Code: 44 89 e0 5b 5d 41 5c 41 5d c3 e8 27 4c 86 fa eb e1 e8 90 cf 5c fa 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1d 49 8b 7d 10 ba 06 00 00 00 48 c7 c6 e0 93 73 [ 32.178547] RIP: hsr_dev_change_mtu+0x95/0xc0 RSP: ffff8880afe37060 [ 32.186287] ---[ end trace ecda4bfeca2968e8 ]--- [ 32.191169] Kernel panic - not syncing: Fatal exception [ 32.197934] Kernel Offset: disabled [ 32.201550] Rebooting in 86400 seconds..