Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. syzkaller login: [ 29.164700] IPVS: ftp: loaded support on port[0] = 21 [ 29.240400] chnl_net:caif_netlink_parms(): no params data found [ 29.330739] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.337783] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.345654] device bridge_slave_0 entered promiscuous mode [ 29.353759] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.360292] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.367892] device bridge_slave_1 entered promiscuous mode [ 29.384503] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.393344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.410969] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.418445] team0: Port device team_slave_0 added [ 29.424352] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.431739] team0: Port device team_slave_1 added [ 29.446192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.452640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.478602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.489848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.496145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.521924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.533559] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 29.540971] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 29.559220] device hsr_slave_0 entered promiscuous mode [ 29.564827] device hsr_slave_1 entered promiscuous mode [ 29.570722] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 29.578109] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 29.640038] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.646506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.653319] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.659922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.687610] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.694313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.702784] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.713340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.732497] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.739814] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.750106] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.756516] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.765411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.773559] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.780342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.790397] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.798482] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.805114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.825180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.833246] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.847216] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.857231] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.867916] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.874584] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.882329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.889786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.899121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.910882] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.921455] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.928263] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.938176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.988681] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.998849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.026075] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.033947] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.040823] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.050113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.057996] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.065642] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.074310] device veth0_vlan entered promiscuous mode [ 30.083937] device veth1_vlan entered promiscuous mode [ 30.090078] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.099105] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.110433] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.119753] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.127499] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.135049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.144375] device veth0_macvtap entered promiscuous mode [ 30.150852] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.159643] device veth1_macvtap entered promiscuous mode [ 30.167994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.177146] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.187608] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.194959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.203119] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.213638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.221781] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.228789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 30.310733] hsr_addr_subst_dest: Unknown node [ 30.315766] ------------[ cut here ]------------ [ 30.320596] WARNING: CPU: 1 PID: 7999 at net/hsr/hsr_framereg.c:313 hsr_addr_subst_dest.cold+0x45/0x4e [ 30.330105] Kernel panic - not syncing: panic_on_warn set ... [ 30.330105] [ 30.337509] CPU: 1 PID: 7999 Comm: syz-executor038 Not tainted 4.14.212-syzkaller #0 [ 30.345382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.354924] Call Trace: [ 30.357557] dump_stack+0x1b2/0x283 [ 30.361183] panic+0x1f9/0x42d [ 30.364456] ? add_taint.cold+0x16/0x16 [ 30.368549] ? hsr_addr_subst_dest.cold+0x45/0x4e [ 30.373386] ? hsr_addr_subst_dest.cold+0x45/0x4e [ 30.378221] __warn.cold+0x20/0x4b [ 30.381752] ? ist_end_non_atomic+0x10/0x10 [ 30.386198] ? hsr_addr_subst_dest.cold+0x45/0x4e [ 30.391040] report_bug+0x208/0x249 [ 30.394835] do_error_trap+0x195/0x2d0 [ 30.398718] ? math_error+0x2d0/0x2d0 [ 30.402517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.407404] invalid_op+0x1b/0x40 [ 30.410877] RIP: 0010:hsr_addr_subst_dest.cold+0x45/0x4e [ 30.416325] RSP: 0018:ffff88809725f6d8 EFLAGS: 00010286 [ 30.421908] RAX: 0000000000000021 RBX: dffffc0000000000 RCX: 0000000000000000 [ 30.429290] RDX: 0000000000000000 RSI: ffffffff878bbac0 RDI: ffffed1012e4bed1 [ 30.436549] RBP: ffff8880aad0b2ce R08: 0000000000000021 R09: 0000000000000000 [ 30.443811] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000203b86c4 [ 30.451171] R13: ffff8880b1317460 R14: ffff8880b1317460 R15: 000000000000cd63 [ 30.458700] ? hsr_addr_subst_dest.cold+0x45/0x4e [ 30.463589] hsr_forward_skb+0x103d/0x19b1 [ 30.468002] hsr_dev_xmit+0x6b/0xa0 [ 30.471682] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 30.476690] dev_hard_start_xmit+0x188/0x890 [ 30.481093] __dev_queue_xmit+0x1d7f/0x2480 [ 30.485411] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 30.491113] ? netdev_pick_tx+0x2e0/0x2e0 [ 30.495254] ? __kmalloc_node_track_caller+0x38/0x70 [ 30.500351] ? skb_release_data+0xf3/0x820 [ 30.504581] ? skb_headers_offset_update+0x110/0x240 [ 30.510020] ? pskb_expand_head+0x4cc/0xd30 [ 30.514603] ? check_preemption_disabled+0x35/0x240 [ 30.519612] __bpf_redirect+0x5cf/0x9c0 [ 30.523586] bpf_clone_redirect+0x1e1/0x2c0 [ 30.527898] bpf_prog_1d8f0bf87cf9b5db+0x9f9/0x1000 [ 30.532911] ? mutex_remove_waiter+0x2a0/0x440 [ 30.537695] ? __fd_install+0x1ec/0x5c0 [ 30.541684] ? trace_hardirqs_on+0x10/0x10 [ 30.545911] ? trace_hardirqs_on+0x10/0x10 [ 30.550263] ? trace_hardirqs_on+0x10/0x10 [ 30.554489] ? __lock_acquire+0x5fc/0x3f20 [ 30.558721] ? bpf_test_run+0x4c/0x330 [ 30.562600] ? lock_downgrade+0x740/0x740 [ 30.566739] ? lock_acquire+0x170/0x3f0 [ 30.570708] ? bpf_test_run+0x133/0x330 [ 30.574686] ? check_preemption_disabled+0x35/0x240 [ 30.580040] ? bpf_test_run+0xa5/0x330 [ 30.583994] ? bpf_prog_test_run_skb+0x629/0x8c0 [ 30.588839] ? bpf_test_finish.isra.0+0x140/0x140 [ 30.593790] ? bpf_prog_add+0x43/0xa0 [ 30.597755] ? SyS_bpf+0x547/0x35e0 [ 30.601376] ? bpf_test_finish.isra.0+0x140/0x140 [ 30.606330] ? bpf_prog_get+0x20/0x20 [ 30.610123] ? __do_page_fault+0x571/0xad0 [ 30.614531] ? lock_downgrade+0x740/0x740 [ 30.618678] ? do_syscall_64+0x4c/0x640 [ 30.622653] ? bpf_prog_get+0x20/0x20 [ 30.626447] ? do_syscall_64+0x1d5/0x640 [ 30.630635] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.636866] Kernel Offset: disabled [ 30.640557] Rebooting in 86400 seconds..