[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. syzkaller login: [ 35.865732] audit: type=1400 audit(1597639355.399:8): avc: denied { execmem } for pid=6342 comm="syz-executor142" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 35.887390] IPVS: ftp: loaded support on port[0] = 21 [ 35.961420] chnl_net:caif_netlink_parms(): no params data found [ 36.015000] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.022117] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.030072] device bridge_slave_0 entered promiscuous mode [ 36.036719] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.043969] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.051436] device bridge_slave_1 entered promiscuous mode [ 36.067483] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.076291] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.094024] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.101208] team0: Port device team_slave_0 added [ 36.106588] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.114137] team0: Port device team_slave_1 added [ 36.128590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.134976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.160198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.171337] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.177553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.202761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.213289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.220882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.238983] device hsr_slave_0 entered promiscuous mode [ 36.244554] device hsr_slave_1 entered promiscuous mode [ 36.251303] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.258197] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.318784] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.325231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.332489] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.338931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.368460] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.375129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.384025] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 36.393173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.411226] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.418068] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.428339] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 36.434819] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.443079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.451059] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.457377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.467018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.475076] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.481473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.495492] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.503048] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.513085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.525347] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 36.535602] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.546459] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 36.552908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.560461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.567818] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.579142] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 36.589373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.596106] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.603706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.650644] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.660659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.691717] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.698565] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.706365] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.715769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.723741] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.730741] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.739626] device veth0_vlan entered promiscuous mode [ 36.747937] device veth1_vlan entered promiscuous mode [ 36.754347] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.763072] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.774131] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.783527] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.791173] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.798276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.807919] device veth0_macvtap entered promiscuous mode [ 36.813957] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.822549] device veth1_macvtap entered promiscuous mode [ 36.831032] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.840232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.849605] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.856180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.864702] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.874388] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.881345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 36.948843] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.966869] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 36.977706] bond0: tunl0 ether type (768) is different from other slaves (1), can not enslave it executing program executing program [ 37.040832] syz-executor142 (6574) used greatest stack depth: 25000 bytes left [ 37.051654] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.063560] bond0: Enslaving erspan0 as an active interface with an up link executing program [ 37.103155] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.113763] bond0: ip6_vti0 ether type (769) is different from other slaves (1), can not enslave it executing program [ 37.163624] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.174214] bond0: ip6tnl0 ether type (769) is different from other slaves (1), can not enslave it [ 37.213365] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.224713] bond0: Enslaving syz_tun as an active interface with an up link [ 37.281034] bond0: Releasing backup interface syz_tun executing program [ 37.333986] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.343841] bond0: vcan0 ether type (280) is different from other slaves (1), can not enslave it executing program [ 37.444503] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.455643] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.463408] bond0: Enslaving team0 as an active interface with an up link [ 37.473675] team0: Device vcan0 is of different type executing program [ 37.510014] bond0: Releasing backup interface team0 [ 37.517969] team0 (unregistering): Port device team_slave_0 removed [ 37.526817] team0 (unregistering): Port device team_slave_1 removed [ 37.575546] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.585370] bond0: nlmon0 ether type (824) is different from other slaves (1), can not enslave it executing program [ 37.693910] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.703887] bond0: vxcan0 ether type (280) is different from other slaves (1), can not enslave it executing program [ 37.782906] netlink: 12 bytes leftover after parsing attributes in process `syz-executor142'. [ 37.794617] bond0: Enslaving veth0 as an active interface with an up link [ 37.851374] bond0: Releasing backup interface veth0 executing program [ 37.905580] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.912495] device bridge_slave_0 left promiscuous mode [ 37.917939] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.928926] bond0: Enslaving bridge_slave_0 as an active interface with an up link executing program [ 37.980743] bond0: Releasing backup interface bridge_slave_0 [ 38.025411] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.032323] device bridge_slave_1 left promiscuous mode [ 38.037813] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.046235] bond0: Enslaving bridge_slave_1 as an active interface with an up link executing program [ 38.100538] bond0: Releasing backup interface bridge_slave_1 executing program [ 38.212286] bond0: Releasing backup interface bond_slave_0 [ 38.310301] bond0: Releasing backup interface bond_slave_1 executing program [ 38.385969] bond0: Enslaving team_slave_0 as an active interface with an up link [ 38.420633] bond0: Releasing backup interface team_slave_0 executing program [ 38.495129] bond0: Enslaving team_slave_1 as an active interface with an up link executing program [ 38.541148] bond0: Releasing backup interface team_slave_1 [ 38.603388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 38.611849] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 38.621619] bond0: Enslaving batadv_slave_0 as an active interface with an up link executing program [ 38.679709] bond0: Releasing backup interface batadv_slave_0 [ 38.737201] bond0: Enslaving veth0_to_hsr as an active interface with an up link [ 38.780345] bond0: Releasing backup interface veth0_to_hsr [ 38.788426] device hsr_slave_0 left promiscuous mode executing program [ 38.856387] bond0: Enslaving veth1_to_hsr as an active interface with an up link executing program [ 38.910002] bond0: Releasing backup interface veth1_to_hsr [ 38.918452] device hsr_slave_1 left promiscuous mode [ 38.965715] bond0: enslaved VLAN challenged slave hsr0. Adding VLANs will be blocked as long as hsr0 is part of bond bond0 [ 38.976933] bond0: The slave device specified does not support setting the MAC address [ 38.985706] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). executing program [ 39.075571] bond0: Enslaving veth0_virt_wifi as an active interface with an up link executing program [ 39.120858] bond0: Releasing backup interface veth0_virt_wifi [ 39.177177] bond0: Error: Device is in use and cannot be enslaved executing program [ 39.310198] syz-executor142 (6794) used greatest stack depth: 24184 bytes left [ 39.337699] 8021q: adding VLAN 0 to HW filter on device bond1 [ 39.344297] bond0: Enslaving bond1 as an active interface with an up link [ 39.354572] bond1: The slave device specified does not support setting the MAC address [ 39.398692] bond1 (unregistering): Released all slaves [ 39.404129] ------------[ cut here ]------------ [ 39.408877] WARNING: CPU: 0 PID: 6816 at net/core/dev.c:7222 rollback_registered_many+0x90d/0xb30 [ 39.417858] Kernel panic - not syncing: panic_on_warn set ... [ 39.417858] [ 39.425231] CPU: 0 PID: 6816 Comm: syz-executor142 Not tainted 4.14.193-syzkaller #0 [ 39.433421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.442747] Call Trace: [ 39.445315] dump_stack+0x1b2/0x283 [ 39.448920] panic+0x1f9/0x42d [ 39.452089] ? add_taint.cold+0x16/0x16 [ 39.456072] ? rollback_registered_many+0x90d/0xb30 [ 39.461095] ? rollback_registered_many+0x90d/0xb30 [ 39.466087] __warn.cold+0x20/0x4b [ 39.469642] ? ist_end_non_atomic+0x10/0x10 [ 39.473938] ? rollback_registered_many+0x90d/0xb30 [ 39.478928] report_bug+0x208/0x249 [ 39.482544] do_error_trap+0x195/0x2d0 [ 39.486453] ? math_error+0x2d0/0x2d0 [ 39.490232] ? __wake_up_common+0x5d0/0x5d0 [ 39.494543] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 39.500015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.504834] invalid_op+0x1b/0x40 [ 39.508264] RIP: 0010:rollback_registered_many+0x90d/0xb30 [ 39.513863] RSP: 0018:ffff8880948c74f8 EFLAGS: 00010297 [ 39.519210] RAX: ffff888093de0680 RBX: ffff8880948c7630 RCX: 0000000000000000 [ 39.526455] RDX: 0000000000000000 RSI: ffff888093de0f08 RDI: 0000000000000000 [ 39.533700] RBP: ffff8880862c1b40 R08: ffffffff887226a0 R09: 0000000000000000 [ 39.540943] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 39.548200] R13: ffff8880948c7530 R14: ffff8880862c1bf0 R15: ffffffff83dce310 [ 39.555462] ? bond_do_ioctl+0x790/0x790 [ 39.559505] ? rollback_registered_many+0x90d/0xb30 [ 39.564495] ? dev_set_mac_address+0x2d0/0x2d0 [ 39.569051] ? rollback_registered+0x170/0x170 [ 39.573605] unregister_netdevice_many.part.0+0x18/0x2e0 [ 39.579030] ? rollback_registered+0x170/0x170 [ 39.583585] unregister_netdevice_many+0x36/0x50 [ 39.588430] rtnl_dellink+0x25b/0x6a0 [ 39.592207] ? rtnl_link_register+0x30/0x30 [ 39.596515] ? __lock_acquire+0x5fc/0x3f20 [ 39.600737] ? lock_acquire+0x170/0x3f0 [ 39.604686] ? lock_downgrade+0x740/0x740 [ 39.608809] ? rtnl_link_register+0x30/0x30 [ 39.613106] rtnetlink_rcv_msg+0x3be/0xb10 [ 39.617316] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 39.621786] ? __netlink_lookup+0x345/0x5d0 [ 39.626086] netlink_rcv_skb+0x125/0x390 [ 39.630122] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 39.634590] ? netlink_ack+0x9a0/0x9a0 [ 39.638467] netlink_unicast+0x437/0x610 [ 39.642506] ? netlink_sendskb+0xd0/0xd0 [ 39.646544] netlink_sendmsg+0x62e/0xb80 [ 39.650581] ? nlmsg_notify+0x170/0x170 [ 39.654531] ? kernel_recvmsg+0x210/0x210 [ 39.658654] ? security_socket_sendmsg+0x83/0xb0 [ 39.663383] ? nlmsg_notify+0x170/0x170 [ 39.667346] sock_sendmsg+0xb5/0x100 [ 39.671048] ___sys_sendmsg+0x6c8/0x800 [ 39.675013] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 39.679743] ? trace_hardirqs_on+0x10/0x10 [ 39.683952] ? do_futex+0x12b/0x1930 [ 39.687697] ? __fget+0x1fe/0x360 [ 39.691127] ? lock_acquire+0x170/0x3f0 [ 39.695075] ? lock_downgrade+0x740/0x740 [ 39.699199] ? __fget+0x225/0x360 [ 39.702631] ? __fdget+0x196/0x1f0 [ 39.706146] ? sockfd_lookup_light+0xb2/0x160 [ 39.710617] __sys_sendmsg+0xa3/0x120 [ 39.714406] ? SyS_shutdown+0x160/0x160 [ 39.718364] ? move_addr_to_kernel+0x60/0x60 [ 39.722746] ? __do_page_fault+0x19a/0xb50 [ 39.726954] SyS_sendmsg+0x27/0x40 [ 39.730468] ? __sys_sendmsg+0x120/0x120 [ 39.734507] do_syscall_64+0x1d5/0x640 [ 39.738390] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.743555] RIP: 0033:0x449dc9 [ 39.746719] RSP: 002b:00007f3535b26d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 39.754402] RAX: ffffffffffffffda RBX: 00000000006dfc88 RCX: 0000000000449dc9 [ 39.761657] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000009 [ 39.768913] RBP: 00000000006dfc80 R08: 0000000000000000 R09: 0000000000000000 [ 39.776156] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc8c [ 39.783410] R13: 0000000000000000 R14: 0000000000000000 R15: 068500100000003c [ 39.791985] Kernel Offset: disabled [ 39.795610] Rebooting in 86400 seconds..