[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.48' (ECDSA) to the list of known hosts. syzkaller login: [ 566.093083] audit: type=1400 audit(1590746298.642:8): avc: denied { execmem } for pid=6467 comm="syz-executor570" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 566.114510] IPVS: ftp: loaded support on port[0] = 21 [ 566.202997] chnl_net:caif_netlink_parms(): no params data found [ 566.314219] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.321789] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.329173] device bridge_slave_0 entered promiscuous mode [ 566.337851] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.344666] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.352094] device bridge_slave_1 entered promiscuous mode [ 566.371424] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 566.381077] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 566.400269] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 566.407954] team0: Port device team_slave_0 added [ 566.414287] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 566.422153] team0: Port device team_slave_1 added [ 566.438896] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 566.445280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.470750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 566.482899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 566.489200] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.514578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 566.525568] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 566.533558] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 566.603523] device hsr_slave_0 entered promiscuous mode [ 566.650551] device hsr_slave_1 entered promiscuous mode [ 566.691008] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 566.698294] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 566.777198] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.783880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.791107] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.797511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.837731] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 566.844818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 566.853779] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 566.864423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 566.883489] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.891933] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.899529] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 566.912031] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 566.918280] 8021q: adding VLAN 0 to HW filter on device team0 [ 566.928896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 566.937174] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.943655] bridge0: port 1(bridge_slave_0) entered forwarding state [ 566.954622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 566.963182] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.969564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 566.988593] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 566.997481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 567.009104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 567.020987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 567.032998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 567.043161] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 567.049238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 567.064065] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 567.072429] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 567.079159] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 567.091866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 567.106516] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 567.117177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 567.155145] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 567.162760] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 567.169510] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 567.180857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 567.188613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 567.196932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 567.206745] device veth0_vlan entered promiscuous mode [ 567.217478] device veth1_vlan entered promiscuous mode [ 567.234443] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 567.244950] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 567.253149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 567.261965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 567.273765] device veth0_macvtap entered promiscuous mode [ 567.280677] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 567.289303] device veth1_macvtap entered promiscuous mode [ 567.296715] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 567.306356] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 567.316177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 567.326815] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 567.334460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 567.341914] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 567.349383] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 567.357089] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 567.365302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 567.378099] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 567.385703] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 567.393205] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 567.401882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program executing program executing program [ 567.507835] tunl0: Master is either lo or non-ether device [ 567.518832] gre0: Master is either lo or non-ether device executing program executing program executing program executing program [ 567.548499] ip_vti0: Master is either lo or non-ether device [ 567.559352] ip6_vti0: Master is either lo or non-ether device [ 567.571483] sit0: Master is either lo or non-ether device [ 567.582781] ip6tnl0: Master is either lo or non-ether device executing program [ 567.593536] ip6gre0: Master is either lo or non-ether device executing program executing program [ 567.822302] vcan0: Master is either lo or non-ether device executing program executing program executing program executing program [ 568.028429] nlmon0: Master is either lo or non-ether device executing program [ 568.233687] syz-executor570 (6733) used greatest stack depth: 22936 bytes left [ 568.246181] caif0: Master is either lo or non-ether device executing program executing program [ 568.362127] vxcan0: Master is either lo or non-ether device executing program [ 568.532001] vxcan1: Master is either lo or non-ether device executing program executing program executing program executing program [ 569.435277] xfrm0: Master is either lo or non-ether device executing program executing program [ 569.825468] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.836129] bridge_slave_0: Device is already in use. [ 569.999500] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.008472] device bridge_slave_0 left promiscuous mode [ 570.014947] bridge0: port 1(bridge_slave_0) entered disabled state executing program executing program [ 570.303156] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.323055] bridge_slave_1: Device is already in use. [ 570.533812] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.541840] device bridge_slave_1 left promiscuous mode [ 570.547389] bridge0: port 2(bridge_slave_1) entered disabled state executing program executing program [ 570.861070] bond_slave_0: Device is already in use. [ 571.018125] bond0: Releasing backup interface bond_slave_0 executing program executing program [ 571.332119] bond_slave_1: Device is already in use. [ 571.454698] bond0: Releasing backup interface bond_slave_1 executing program executing program [ 571.818275] team_slave_0: Device is already in use. [ 572.021483] team0: Port device team_slave_0 removed executing program executing program [ 572.273342] team_slave_1: Device is already in use. [ 572.487110] team0: Port device team_slave_1 removed executing program executing program [ 572.759063] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 572.769467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.788528] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 573.013628] batman_adv: batadv0: Removing interface: batadv_slave_0 executing program executing program [ 573.304433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 573.314692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.327006] batman_adv: batadv0: Interface deactivated: batadv_slave_1 executing program [ 573.506798] batman_adv: batadv0: Removing interface: batadv_slave_1 executing program [ 573.829063] hsr_slave_0: Device is already in use. [ 573.947723] device hsr_slave_0 left promiscuous mode executing program executing program [ 574.317497] hsr_slave_1: Device is already in use. [ 574.514941] device hsr_slave_1 left promiscuous mode executing program executing program executing program executing program [ 575.052640] veth1_vlan: Device is already in use. executing program [ 575.335526] ------------[ cut here ]------------ [ 575.340807] WARNING: CPU: 0 PID: 7014 at drivers/net/ipvlan/ipvlan_main.c:65 ipvlan_unregister_nf_hook.cold+0x11/0x25 [ 575.351572] Kernel panic - not syncing: panic_on_warn set ... [ 575.351572] [ 575.358994] CPU: 0 PID: 7014 Comm: syz-executor570 Not tainted 4.19.125-syzkaller #0 [ 575.366998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.376455] Call Trace: [ 575.379118] dump_stack+0x1fc/0x2fe [ 575.382809] panic+0x26a/0x50e [ 575.386010] ? __warn_printk+0xf3/0xf3 [ 575.389908] ? ipvlan_unregister_nf_hook.cold+0x11/0x25 [ 575.395278] ? __probe_kernel_read+0x16c/0x1b0 [ 575.399886] ? __warn.cold+0x5/0x46 [ 575.403511] ? __warn+0xe4/0x1c0 [ 575.406945] ? ipvlan_unregister_nf_hook.cold+0x11/0x25 [ 575.412340] __warn.cold+0x20/0x46 [ 575.415895] ? mark_held_locks+0xa6/0xf0 [ 575.420016] ? ipvlan_unregister_nf_hook.cold+0x11/0x25 [ 575.425394] report_bug+0x262/0x2a0 [ 575.429026] do_error_trap+0x1d7/0x310 [ 575.432909] ? math_error+0x310/0x310 [ 575.436823] ? irq_work_queue+0x2b/0x80 [ 575.440799] ? wake_up_klogd+0x8c/0xc0 [ 575.444689] ? vprintk_emit+0x1d0/0x6e0 [ 575.448660] ? trace_hardirqs_off_caller+0x69/0x210 [ 575.453748] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.458622] invalid_op+0x14/0x20 [ 575.462077] RIP: 0010:ipvlan_unregister_nf_hook.cold+0x11/0x25 [ 575.468046] Code: d7 52 fd e9 1b ff ff ff 48 89 df e8 4e d8 52 fd eb b9 e8 c7 d7 52 fd eb 83 e8 e0 2c 1d fd 48 c7 c7 60 7b d4 87 e8 0d d2 08 fd <0f> 0b e9 50 a4 ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 53 48 [ 575.486949] RSP: 0018:ffff88809d896ff0 EFLAGS: 00010282 [ 575.492352] RAX: 0000000000000024 RBX: 0000000000000000 RCX: 0000000000000000 [ 575.499629] RDX: 0000000000000000 RSI: ffffffff81534121 RDI: ffffed1013b12df0 [ 575.506900] RBP: ffff888085b4c040 R08: 0000000000000024 R09: ffffed1015cc5081 [ 575.514218] R10: ffffed1015cc5080 R11: ffff8880ae628407 R12: ffff8880a56b4980 [ 575.521490] R13: ffff88808eecc000 R14: 0000000000000001 R15: 0000000000001002 [ 575.528790] ? vprintk_func+0x81/0x17e [ 575.532691] ipvlan_set_port_mode+0x538/0x650 [ 575.537190] ipvlan_link_new+0x68d/0xc40 [ 575.541250] ? ipvlan_add_addr+0x450/0x450 [ 575.545510] rtnl_newlink+0xf03/0x1440 [ 575.550038] ? rtnl_link_unregister+0x230/0x230 [ 575.554738] ? mark_held_locks+0xf0/0xf0 [ 575.558816] ? __lock_acquire+0x6b9/0x4380 [ 575.563065] ? unwind_next_frame+0x106d/0x1b10 [ 575.567646] ? __save_stack_trace+0x5c/0x100 [ 575.572068] ? deref_stack_reg+0xaa/0xe0 [ 575.576128] ? __lock_acquire+0x6b9/0x4380 [ 575.580369] ? mark_held_locks+0xf0/0xf0 [ 575.584457] ? lock_downgrade+0x740/0x740 [ 575.588608] ? __lock_acquire+0x6b9/0x4380 [ 575.592839] ? mark_held_locks+0xf0/0xf0 [ 575.596909] ? mark_held_locks+0xf0/0xf0 [ 575.600987] ? __lock_acquire+0x6b9/0x4380 [ 575.605221] ? __lock_acquire+0x6b9/0x4380 [ 575.610082] ? mark_held_locks+0xf0/0xf0 [ 575.614162] ? lock_downgrade+0x740/0x740 [ 575.618315] ? lock_acquire+0x170/0x3c0 [ 575.622293] ? avc_has_perm_noaudit+0xa2/0x390 [ 575.626883] ? check_preemption_disabled+0x41/0x280 [ 575.631939] ? __mutex_add_waiter+0x160/0x160 [ 575.636439] ? __save_stack_trace+0x99/0x100 [ 575.640864] ? rtnl_link_unregister+0x230/0x230 [ 575.645611] rtnetlink_rcv_msg+0x453/0xb80 [ 575.649901] ? rtnl_calcit.isra.0+0x430/0x430 [ 575.654912] ? __netlink_lookup+0x3f1/0x720 [ 575.659475] ? lock_downgrade+0x740/0x740 [ 575.663920] netlink_rcv_skb+0x160/0x410 [ 575.668013] ? rtnl_calcit.isra.0+0x430/0x430 [ 575.672514] ? netlink_ack+0xa50/0xa50 [ 575.676418] netlink_unicast+0x4d7/0x6a0 [ 575.680505] ? netlink_sendskb+0x70/0x70 [ 575.684613] netlink_sendmsg+0x6e3/0xcc0 [ 575.688692] ? nlmsg_notify+0x190/0x190 [ 575.692675] ? move_addr_to_kernel.part.0+0x110/0x110 [ 575.697910] ? nlmsg_notify+0x190/0x190 [ 575.701927] sock_sendmsg+0xc3/0x120 [ 575.705744] ___sys_sendmsg+0x803/0x920 [ 575.709758] ? copy_msghdr_from_user+0x410/0x410 [ 575.714579] ? selinux_file_alloc_security+0xaf/0x190 [ 575.719921] ? __might_fault+0x11f/0x1d0 [ 575.723997] ? lock_downgrade+0x740/0x740 [ 575.728148] ? lock_acquire+0x170/0x3c0 [ 575.732143] ? __might_fault+0xef/0x1d0 [ 575.736151] ? __might_fault+0x192/0x1d0 [ 575.740212] ? _copy_to_user+0xb8/0x100 [ 575.744194] ? move_addr_to_user+0x190/0x1d0 [ 575.748626] ? __fget_light+0x1a2/0x230 [ 575.752630] __sys_sendmsg+0xec/0x1b0 [ 575.756436] ? __ia32_sys_shutdown+0x70/0x70 [ 575.760856] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 575.765632] ? trace_hardirqs_off_caller+0x69/0x210 [ 575.770657] ? do_syscall_64+0x21/0x620 [ 575.774639] do_syscall_64+0xf9/0x620 [ 575.778452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 575.783647] RIP: 0033:0x4441b9 [ 575.786841] Code: e8 ac 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 575.805747] RSP: 002b:00007fff8b676c98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 575.813480] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004441b9 [ 575.820790] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 575.828065] RBP: 00007fff8b676ca0 R08: 0000000000000000 R09: 0000000000000000 [ 575.835349] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000008c643 [ 575.842641] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 575.851473] Kernel Offset: disabled [ 575.855122] Rebooting in 86400 seconds..