[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. syzkaller login: [ 45.744897][ T6830] IPVS: ftp: loaded support on port[0] = 21 [ 45.828565][ T6830] chnl_net:caif_netlink_parms(): no params data found [ 45.876605][ T6830] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.884478][ T6830] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.894748][ T6830] device bridge_slave_0 entered promiscuous mode [ 45.903848][ T6830] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.911686][ T6830] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.919315][ T6830] device bridge_slave_1 entered promiscuous mode [ 45.939400][ T6830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.950015][ T6830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.971701][ T6830] team0: Port device team_slave_0 added [ 45.980899][ T6830] team0: Port device team_slave_1 added [ 45.997448][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.004469][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.031568][ T6830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.044239][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.052065][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.078635][ T6830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.103587][ T6830] device hsr_slave_0 entered promiscuous mode [ 46.111009][ T6830] device hsr_slave_1 entered promiscuous mode [ 46.196062][ T6830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 46.205360][ T6830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 46.219207][ T6830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 46.229805][ T6830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 46.252531][ T6830] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.259734][ T6830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.267563][ T6830] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.274682][ T6830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.314562][ T6830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.326380][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.338270][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.347371][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.355404][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 46.367691][ T6830] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.379472][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.388705][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.395835][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.421052][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.430988][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.438155][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.446530][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.455788][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.464347][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.476042][ T6830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.488045][ T6830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.496957][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.505011][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.524398][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 46.532275][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 46.545302][ T6830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.562795][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.580672][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.588982][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.597611][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.608564][ T6830] device veth0_vlan entered promiscuous mode [ 46.621141][ T6830] device veth1_vlan entered promiscuous mode [ 46.639683][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 46.647978][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 46.656352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.666931][ T6830] device veth0_macvtap entered promiscuous mode [ 46.676854][ T6830] device veth1_macvtap entered promiscuous mode [ 46.693118][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.701392][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.713065][ T2628] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 46.724718][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.732605][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 46.744358][ T6830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.753428][ T6830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.762228][ T6830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.771774][ T6830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.852437][ T7050] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 46.859776][ T7050] IPv6: NLM_F_CREATE should be set when creating new route [ 46.867047][ T7050] IPv6: NLM_F_CREATE should be set when creating new route [ 46.874377][ T7050] general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN [ 46.886077][ T7050] KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] [ 46.894463][ T7050] CPU: 0 PID: 7050 Comm: syz-executor320 Not tainted 5.9.0-rc1-syzkaller #0 [ 46.903105][ T7050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.913150][ T7050] RIP: 0010:nexthop_is_blackhole+0x145/0x250 [ 46.919115][ T7050] Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 [ 46.938726][ T7050] RSP: 0018:ffffc900061172b8 EFLAGS: 00010202 [ 46.944774][ T7050] RAX: 0000000000000010 RBX: 0000000000000080 RCX: ffff888091444300 [ 46.952776][ T7050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 46.960747][ T7050] RBP: 0000000000000001 R08: ffffffff8727dfc7 R09: ffffed1012299e09 [ 46.968706][ T7050] R10: ffffed1012299e09 R11: 0000000000000000 R12: dffffc0000000000 [ 46.976658][ T7050] R13: ffff8880919da280 R14: ffff8880a9576610 R15: dffffc0000000000 [ 46.984610][ T7050] FS: 0000000001a89880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 46.993521][ T7050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.000082][ T7050] CR2: 0000000020000300 CR3: 00000000a7555000 CR4: 00000000001506f0 [ 47.008036][ T7050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.016012][ T7050] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.023986][ T7050] Call Trace: [ 47.027261][ T7050] rt6_fill_node+0xfe9/0x1f90 [ 47.031921][ T7050] inet6_rt_notify+0x2ab/0x500 [ 47.036665][ T7050] fib6_add+0x203b/0x3bd0 [ 47.040996][ T7050] ? do_raw_spin_lock+0xfe/0x800 [ 47.045907][ T7050] ip6_route_add+0x84/0x120 [ 47.050384][ T7050] inet6_rtm_newroute+0x22f/0x2150 [ 47.055481][ T7050] ? lock_acquire+0x160/0x730 [ 47.060139][ T7050] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 47.065248][ T7050] ? trace_lock_release+0x137/0x1a0 [ 47.070427][ T7050] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 47.075512][ T7050] ? lock_is_held_type+0xb3/0xe0 [ 47.080427][ T7050] ? ipv6_route_sysctl_init+0x270/0x270 [ 47.085958][ T7050] rtnetlink_rcv_msg+0x889/0xd40 [ 47.090883][ T7050] ? trace_lock_release+0x137/0x1a0 [ 47.096079][ T7050] ? __local_bh_enable_ip+0xe7/0x180 [ 47.101335][ T7050] ? local_bh_enable+0x5/0x20 [ 47.106001][ T7050] ? lockdep_hardirqs_on+0x49/0xf0 [ 47.111082][ T7050] ? local_bh_enable+0x5/0x20 [ 47.115730][ T7050] ? __local_bh_enable_ip+0xe7/0x180 [ 47.120986][ T7050] ? __dev_queue_xmit+0x1846/0x2940 [ 47.126158][ T7050] netlink_rcv_skb+0x190/0x3a0 [ 47.130897][ T7050] ? rtnetlink_bind+0x80/0x80 [ 47.135565][ T7050] netlink_unicast+0x786/0x940 [ 47.140306][ T7050] netlink_sendmsg+0xa57/0xd70 [ 47.145055][ T7050] ? netlink_getsockopt+0x9e0/0x9e0 [ 47.150224][ T7050] ____sys_sendmsg+0x519/0x800 [ 47.154960][ T7050] ? import_iovec+0x12a/0x2c0 [ 47.159620][ T7050] __sys_sendmsg+0x2b1/0x360 [ 47.164189][ T7050] ? __might_fault+0xf5/0x150 [ 47.168859][ T7050] ? _copy_to_user+0x100/0x140 [ 47.173606][ T7050] ? sock_do_ioctl+0x210/0x260 [ 47.178349][ T7050] ? lock_is_held_type+0xb3/0xe0 [ 47.183265][ T7050] ? syscall_enter_from_user_mode+0x24/0x190 [ 47.189233][ T7050] ? lockdep_hardirqs_on+0x49/0xf0 [ 47.194317][ T7050] ? syscall_enter_from_user_mode+0x24/0x190 [ 47.200275][ T7050] do_syscall_64+0x31/0x70 [ 47.204706][ T7050] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.210574][ T7050] RIP: 0033:0x443ef9 [ 47.214445][ T7050] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 47.234028][ T7050] RSP: 002b:00007ffd64ccd428 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 47.242444][ T7050] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443ef9 [ 47.250402][ T7050] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 47.258351][ T7050] RBP: 00007ffd64ccd430 R08: 0000000000000000 R09: 0000000000000000 [ 47.266301][ T7050] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000b6f1 [ 47.274247][ T7050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 47.282195][ T7050] Modules linked in: [ 47.286126][ T7050] ---[ end trace e62dc7d3de715e59 ]--- [ 47.291607][ T7050] RIP: 0010:nexthop_is_blackhole+0x145/0x250 [ 47.297578][ T7050] Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 [ 47.317216][ T7050] RSP: 0018:ffffc900061172b8 EFLAGS: 00010202 [ 47.323311][ T7050] RAX: 0000000000000010 RBX: 0000000000000080 RCX: ffff888091444300 [ 47.331321][ T7050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 47.339283][ T7050] RBP: 0000000000000001 R08: ffffffff8727dfc7 R09: ffffed1012299e09 [ 47.347277][ T7050] R10: ffffed1012299e09 R11: 0000000000000000 R12: dffffc0000000000 [ 47.355281][ T7050] R13: ffff8880919da280 R14: ffff8880a9576610 R15: dffffc0000000000 [ 47.363292][ T7050] FS: 0000000001a89880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 47.372279][ T7050] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.378850][ T7050] CR2: 0000000020000300 CR3: 00000000a7555000 CR4: 00000000001506f0 [ 47.386842][ T7050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.394842][ T7050] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 47.402862][ T7050] Kernel panic - not syncing: Fatal exception in interrupt [ 47.411148][ T7050] Kernel Offset: disabled [ 47.415472][ T7050] Rebooting in 86400 seconds..