[ OK ] Started Getty on tty5. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. 2021/02/20 16:55:22 parsed 1 programs 2021/02/20 16:55:22 executed programs: 0 syzkaller login: [ 29.240083] IPVS: ftp: loaded support on port[0] = 21 [ 29.313363] chnl_net:caif_netlink_parms(): no params data found [ 29.403652] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.410577] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.417587] device bridge_slave_0 entered promiscuous mode [ 29.424567] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.431542] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.438661] device bridge_slave_1 entered promiscuous mode [ 29.454668] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.463278] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.480646] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.488251] team0: Port device team_slave_0 added [ 29.493639] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.500936] team0: Port device team_slave_1 added [ 29.515698] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.522072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.547292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.559100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.565340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.590826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.601423] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 29.608944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 29.626663] device hsr_slave_0 entered promiscuous mode [ 29.632365] device hsr_slave_1 entered promiscuous mode [ 29.638552] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 29.645527] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 29.704209] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.710769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.717673] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.724019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.751610] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.758867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.766962] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.775874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.795395] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.803012] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.813346] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.820088] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.828663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.836180] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.842569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.852098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.860098] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.866455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.883831] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.893722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.905178] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.913095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.921206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.928852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.936335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.944709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.951556] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.962607] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.970386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.977007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.989369] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.035013] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.045252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.075170] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.082865] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.089474] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.098545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.105948] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.113228] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.121827] device veth0_vlan entered promiscuous mode [ 30.130731] device veth1_vlan entered promiscuous mode [ 30.136778] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.145581] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.156166] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.165943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.173525] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.181466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.191242] device veth0_macvtap entered promiscuous mode [ 30.197913] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.205783] device veth1_macvtap entered promiscuous mode [ 30.214354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.223940] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.233764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.240997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.249602] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.259715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.267844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.297038] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.376040] gre0: Master is either lo or non-ether device [ 30.438418] ip_vti0: Master is either lo or non-ether device [ 30.453847] ip6_vti0: Master is either lo or non-ether device [ 30.475245] sit0: Master is either lo or non-ether device [ 30.495609] ip6tnl0: Master is either lo or non-ether device [ 30.512391] ip6gre0: Master is either lo or non-ether device [ 30.619657] vcan0: Master is either lo or non-ether device [ 30.729064] nlmon0: Master is either lo or non-ether device [ 30.795255] caif0: Master is either lo or non-ether device [ 30.876083] vxcan0: Master is either lo or non-ether device [ 30.946346] vxcan1: Master is either lo or non-ether device [ 31.131024] syz-executor.0 (8347) used greatest stack depth: 24632 bytes left [ 31.199727] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.224531] bridge_slave_0: Device is already in use. [ 31.235144] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.245750] device bridge_slave_0 left promiscuous mode [ 31.252503] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.260528] Bluetooth: hci0 command 0x0409 tx timeout [ 31.381980] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.398991] bridge_slave_1: Device is already in use. [ 31.405552] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.414012] device bridge_slave_1 left promiscuous mode [ 31.419724] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.573663] bond_slave_0: Device is already in use. [ 31.591339] bond0: Releasing backup interface bond_slave_0 [ 31.735172] bond_slave_1: Device is already in use. [ 31.749311] bond0: Releasing backup interface bond_slave_1 [ 31.868112] team_slave_0: Device is already in use. [ 31.885066] team0: Port device team_slave_0 removed [ 32.022912] team_slave_1: Device is already in use. [ 32.031497] team0: Port device team_slave_1 removed [ 32.159463] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 32.169449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.180409] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 32.196804] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 32.331212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 32.343461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.353949] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 32.363365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 32.510044] hsr_slave_0: Device is already in use. [ 32.520925] device hsr_slave_0 left promiscuous mode [ 32.658370] hsr_slave_1: Device is already in use. [ 32.673320] device hsr_slave_1 left promiscuous mode [ 32.896359] veth1_vlan: Device is already in use. [ 32.993589] ------------[ cut here ]------------ [ 32.998383] WARNING: CPU: 0 PID: 8616 at drivers/net/ipvlan/ipvlan_main.c:63 ipvlan_unregister_nf_hook+0x230/0x260 [ 33.008867] Kernel panic - not syncing: panic_on_warn set ... [ 33.008867] [ 33.016241] CPU: 0 PID: 8616 Comm: syz-executor.0 Not tainted 4.14.221-syzkaller #0 [ 33.024033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.033388] Call Trace: [ 33.035976] dump_stack+0x1b2/0x281 [ 33.039609] panic+0x1f9/0x42d [ 33.042802] ? add_taint.cold+0x16/0x16 [ 33.046781] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 33.051880] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 33.056975] __warn.cold+0x20/0x44 [ 33.060507] ? ist_end_non_atomic+0x10/0x10 [ 33.064814] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 33.069897] report_bug+0x208/0x250 [ 33.073512] do_error_trap+0x195/0x2d0 [ 33.077468] ? math_error+0x2d0/0x2d0 [ 33.081259] ? trace_hardirqs_on+0x10/0x10 [ 33.085486] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.090312] invalid_op+0x1b/0x40 [ 33.093815] RIP: 0010:ipvlan_unregister_nf_hook+0x230/0x260 [ 33.099498] RSP: 0018:ffff88809d4873e8 EFLAGS: 00010297 [ 33.104861] RAX: ffff88809dd303c0 RBX: 0000000000000000 RCX: 1ffff11013ba618e [ 33.112111] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000286 [ 33.119364] RBP: ffff8880b1a7c040 R08: 0000000000000000 R09: 0000000000000001 [ 33.126628] R10: 0000000000000000 R11: ffff88809dd303c0 R12: ffff8880b4db9dc0 [ 33.133911] R13: ffff8880b07b8c80 R14: 0000000000000000 R15: ffff8880b187eec0 [ 33.141172] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 33.146263] ipvlan_set_port_mode+0x491/0x5a0 [ 33.150746] ipvlan_link_new+0xba2/0xfa0 [ 33.154788] rtnl_newlink+0xf88/0x1830 [ 33.158659] ? __lock_acquire+0x5fc/0x3f20 [ 33.162875] ? ipvlan_port_destroy+0x3f0/0x3f0 [ 33.167433] ? trace_hardirqs_on+0x10/0x10 [ 33.171661] ? rtnl_dellink+0x6a0/0x6a0 [ 33.175621] ? trace_hardirqs_on+0x10/0x10 [ 33.179835] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 33.185698] ? deref_stack_reg+0x124/0x1a0 [ 33.189929] ? lock_acquire+0x170/0x3f0 [ 33.193880] ? lock_downgrade+0x740/0x740 [ 33.198006] ? rtnl_dellink+0x6a0/0x6a0 [ 33.201959] rtnetlink_rcv_msg+0x3be/0xb10 [ 33.206173] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 33.210647] ? __netlink_lookup+0x345/0x5d0 [ 33.214974] netlink_rcv_skb+0x125/0x390 [ 33.219015] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 33.223496] ? netlink_ack+0x9a0/0x9a0 [ 33.227363] netlink_unicast+0x437/0x610 [ 33.231401] ? netlink_sendskb+0xd0/0xd0 [ 33.235463] ? __check_object_size+0x179/0x230 [ 33.240025] netlink_sendmsg+0x62e/0xb80 [ 33.244073] ? nlmsg_notify+0x170/0x170 [ 33.248032] ? kernel_recvmsg+0x210/0x210 [ 33.252176] ? security_socket_sendmsg+0x83/0xb0 [ 33.256910] ? nlmsg_notify+0x170/0x170 [ 33.260862] sock_sendmsg+0xb5/0x100 [ 33.264564] ___sys_sendmsg+0x6c8/0x800 [ 33.268517] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 33.273249] ? trace_hardirqs_on+0x10/0x10 [ 33.277476] ? trace_hardirqs_on+0x10/0x10 [ 33.281691] ? do_futex+0x12b/0x1570 [ 33.285391] ? __might_fault+0x104/0x1b0 [ 33.289437] ? lock_acquire+0x170/0x3f0 [ 33.293389] ? lock_downgrade+0x740/0x740 [ 33.297515] ? futex_exit_release+0x220/0x220 [ 33.301986] ? __might_fault+0x177/0x1b0 [ 33.306044] ? _copy_to_user+0x82/0xd0 [ 33.309934] ? move_addr_to_user+0x13f/0x180 [ 33.314320] ? __fdget+0x167/0x1f0 [ 33.317853] ? sockfd_lookup_light+0xb2/0x160 [ 33.322328] __sys_sendmsg+0xa3/0x120 [ 33.326107] ? SyS_shutdown+0x160/0x160 [ 33.330071] ? move_addr_to_kernel+0x60/0x60 [ 33.334457] ? __do_page_fault+0x159/0xad0 [ 33.338679] SyS_sendmsg+0x27/0x40 [ 33.342646] ? __sys_sendmsg+0x120/0x120 [ 33.346946] do_syscall_64+0x1d5/0x640 [ 33.350833] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.356005] RIP: 0033:0x466019 [ 33.359175] RSP: 002b:00007ffe28dea458 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 33.366870] RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466019 [ 33.374117] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 33.381364] RBP: 00000000004bd067 R08: 0000000000000000 R09: 0000000000000000 [ 33.388610] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 [ 33.395977] R13: 00000000000080f6 R14: 000000000056bf60 R15: 000000000056bf60 [ 33.404134] Kernel Offset: disabled [ 33.407761] Rebooting in 86400 seconds..