[ OK ] Started Getty on tty5. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. syzkaller login: [ 35.042416] IPVS: ftp: loaded support on port[0] = 21 [ 35.116535] chnl_net:caif_netlink_parms(): no params data found [ 35.200076] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.206649] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.215184] device bridge_slave_0 entered promiscuous mode [ 35.223347] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.230204] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.237240] device bridge_slave_1 entered promiscuous mode [ 35.257514] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.266308] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.285587] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.293049] team0: Port device team_slave_0 added [ 35.298489] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.306525] team0: Port device team_slave_1 added [ 35.323557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.329886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.355227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.366743] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.373120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.398412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.409528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.416931] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.436651] device hsr_slave_0 entered promiscuous mode [ 35.442420] device hsr_slave_1 entered promiscuous mode [ 35.448399] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.455662] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.524289] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.530726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.537532] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.543975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.575739] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.582851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.592401] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.601362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.610611] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.617602] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.625094] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 35.635985] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.643357] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.652497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.661286] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.667666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.690333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.697999] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.704473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.712320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.720355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.727856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.736674] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.746618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.757345] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.764422] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.778285] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.787133] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.794681] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.805974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.818401] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.828559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.861146] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.868385] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.875982] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.886356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.894722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.902174] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.911827] device veth0_vlan entered promiscuous mode [ 35.921103] device veth1_vlan entered promiscuous mode [ 35.926978] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.936854] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.948484] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.958355] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.965972] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.973559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.983337] device veth0_macvtap entered promiscuous mode [ 35.990729] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.998647] device veth1_macvtap entered promiscuous mode [ 36.008811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.018468] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.028437] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.035902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.044777] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.054614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.061935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 36.153487] ------------[ cut here ]------------ [ 36.158435] net/hsr/hsr_forward.c:366: Malformed frame (port_src hsr0) [ 36.165699] WARNING: CPU: 1 PID: 8109 at net/hsr/hsr_forward.c:365 hsr_forward_skb+0x1238/0x1c30 [ 36.174626] Kernel panic - not syncing: panic_on_warn set ... [ 36.174626] [ 36.182005] CPU: 1 PID: 8109 Comm: syz-executor243 Not tainted 4.19.177-syzkaller #0 [ 36.189864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.199199] Call Trace: [ 36.201779] dump_stack+0x1fc/0x2ef [ 36.205402] panic+0x26a/0x50e [ 36.208583] ? __warn_printk+0xf3/0xf3 [ 36.212456] ? hsr_forward_skb+0x1238/0x1c30 [ 36.216844] ? __probe_kernel_read+0x130/0x1b0 [ 36.221407] ? __warn.cold+0x5/0x5a [ 36.225012] ? __warn+0xe4/0x200 [ 36.228363] ? hsr_forward_skb+0x1238/0x1c30 [ 36.232752] __warn.cold+0x20/0x5a [ 36.236273] ? hsr_forward_skb+0x1238/0x1c30 [ 36.240685] report_bug+0x262/0x2b0 [ 36.244308] do_error_trap+0x1d7/0x310 [ 36.248188] ? math_error+0x310/0x310 [ 36.251973] ? __irq_work_queue_local+0x101/0x160 [ 36.256810] ? irq_work_queue+0x29/0x80 [ 36.260781] ? error_entry+0x72/0xd0 [ 36.264479] ? trace_hardirqs_off_caller+0x6e/0x210 [ 36.269503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.274342] invalid_op+0x14/0x20 [ 36.277791] RIP: 0010:hsr_forward_skb+0x1238/0x1c30 [ 36.282790] Code: fb ff ff e8 1a 12 7a f9 4c 89 e1 ba 6e 01 00 00 48 c7 c6 e0 62 70 89 48 c7 c7 20 63 70 89 c6 05 44 3b 26 03 01 e8 4d 7b 07 00 <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 80 3c 02 [ 36.301687] RSP: 0018:ffff888095197938 EFLAGS: 00010286 [ 36.307042] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 36.314295] RDX: 0000000000000000 RSI: ffffffff814de301 RDI: ffffed1012a32f19 [ 36.321555] RBP: ffff8880aad3d340 R08: 0000000000000001 R09: 0000000000000000 [ 36.328808] R10: 0000000000000005 R11: 0000000000000000 R12: ffff8880b0d1a740 [ 36.336060] R13: ffff8880aa47be00 R14: ffff8880aa47be10 R15: ffff8880aad3d340 [ 36.343331] ? vprintk_func+0x81/0x180 [ 36.347215] ? hsr_forward_skb+0x1238/0x1c30 [ 36.351619] ? skb_set_owner_w+0x1fd/0x340 [ 36.355862] ? sock_alloc_send_pskb+0x609/0x830 [ 36.360524] ? validate_xmit_skb+0x764/0xd50 [ 36.364917] hsr_dev_xmit+0x6b/0xa0 [ 36.368549] dev_direct_xmit+0x3f9/0x6d0 [ 36.372599] ? validate_xmit_skb_list+0x120/0x120 [ 36.377429] ? memcpy+0x35/0x50 [ 36.380716] ? dev_pick_tx_cpu_id+0xd/0x70 [ 36.384957] packet_sendmsg+0x2474/0x6b00 [ 36.389096] ? sugov_start+0x480/0x4f0 [ 36.392981] ? aa_sk_perm+0x534/0x930 [ 36.396765] ? compat_packet_setsockopt+0x160/0x160 [ 36.401762] ? aa_af_perm+0x230/0x230 [ 36.405548] ? compat_packet_setsockopt+0x160/0x160 [ 36.410567] sock_sendmsg+0xc3/0x120 [ 36.414265] __sys_sendto+0x21a/0x320 [ 36.418055] ? __ia32_sys_getpeername+0xb0/0xb0 [ 36.422710] ? aa_af_perm+0x230/0x230 [ 36.426497] ? __sys_setsockopt+0x179/0x240 [ 36.430798] ? kernel_accept+0x310/0x310 [ 36.434842] ? up_read+0x17/0x110 [ 36.438289] __x64_sys_sendto+0xdd/0x1b0 [ 36.442335] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 36.446918] do_syscall_64+0xf9/0x620 [ 36.450712] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.455888] RIP: 0033:0x4431a9 [ 36.459162] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 36.478052] RSP: 002b:00007ffd81596698 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 36.485759] RAX: ffffffffffffffda RBX: 00007ffd815966b8 RCX: 00000000004431a9 [ 36.493026] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 36.500291] RBP: 0000000000000003 R08: 0000000020000100 R09: 0000000000000014 [ 36.507561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd815966c0 [ 36.514828] R13: 00007ffd815966e0 R14: 00000000004b8018 R15: 00000000004004b8 [ 36.522730] Kernel Offset: disabled [ 36.526389] Rebooting in 86400 seconds..