[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2020/08/20 19:08:08 parsed 1 programs 2020/08/20 19:08:09 executed programs: 0 syzkaller login: [ 560.406358][ T6859] IPVS: ftp: loaded support on port[0] = 21 [ 560.581446][ T6859] chnl_net:caif_netlink_parms(): no params data found [ 560.635749][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.644920][ T6859] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.653638][ T6859] device bridge_slave_0 entered promiscuous mode [ 560.663840][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.670924][ T6859] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.679479][ T6859] device bridge_slave_1 entered promiscuous mode [ 560.700592][ T6859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.713351][ T6859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.736597][ T6859] team0: Port device team_slave_0 added [ 560.744749][ T6859] team0: Port device team_slave_1 added [ 560.762861][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.769823][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.796091][ T6859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 560.808551][ T6859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 560.815582][ T6859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.841968][ T6859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 560.869282][ T6859] device hsr_slave_0 entered promiscuous mode [ 560.876384][ T6859] device hsr_slave_1 entered promiscuous mode [ 560.973785][ T6859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 560.985143][ T6859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 560.995975][ T6859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 561.005481][ T6859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 561.030883][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.038122][ T6859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.046248][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.053422][ T6859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.100595][ T6859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.115364][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 561.125743][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.134608][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.143402][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 561.156427][ T6859] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.167992][ T6836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 561.177544][ T6836] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.184663][ T6836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.202733][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 561.212389][ T6999] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.219524][ T6999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.242431][ T6836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 561.251639][ T6836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 561.260601][ T6836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 561.269168][ T6836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.279766][ T6859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 561.289750][ T7082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 561.312874][ T6859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.324272][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 561.332609][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 561.358504][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 561.394488][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 561.403476][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 561.413002][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 561.423354][ T6859] device veth0_vlan entered promiscuous mode [ 561.435783][ T6859] device veth1_vlan entered promiscuous mode [ 561.457523][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 561.466576][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 561.475017][ T7083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 561.486609][ T6859] device veth0_macvtap entered promiscuous mode [ 561.496093][ T6859] device veth1_macvtap entered promiscuous mode [ 561.516204][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.525110][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 561.535632][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 561.547925][ T6859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.556811][ T7082] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 561.566271][ T7082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 561.577669][ T6859] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.586728][ T6859] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.596002][ T6859] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.605461][ T6859] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.668189][ T7084] gre0: Master is either lo or non-ether device [ 561.768227][ T7093] ip_vti0: Master is either lo or non-ether device [ 561.806890][ T7095] ip6_vti0: Master is either lo or non-ether device [ 561.841621][ T7096] sit0: Master is either lo or non-ether device [ 561.897126][ T7098] ip6tnl0: Master is either lo or non-ether device [ 561.942544][ T7100] ip6gre0: Master is either lo or non-ether device [ 562.432047][ T7083] Bluetooth: hci0: command 0x0409 tx timeout [ 562.626273][ T7125] vcan0: Master is either lo or non-ether device [ 562.956466][ T7151] nlmon0: Master is either lo or non-ether device [ 563.205890][ T7156] caif0: Master is either lo or non-ether device [ 563.278994][ T7156] syz-executor.0 (7156) used greatest stack depth: 22944 bytes left [ 563.386709][ T7168] vxcan0: Master is either lo or non-ether device [ 563.626744][ T7179] vxcan1: Master is either lo or non-ether device 2020/08/20 19:08:14 executed programs: 22 [ 564.466332][ T7212] xfrm0: Master is either lo or non-ether device [ 564.522069][ T7083] Bluetooth: hci0: command 0x041b tx timeout [ 564.657794][ T7221] wg0: Master is either lo or non-ether device [ 564.926227][ T7230] wg1: Master is either lo or non-ether device [ 565.176349][ T7240] wg2: Master is either lo or non-ether device [ 565.776343][ T7083] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.810748][ T7263] bridge_slave_0: Device is already in use. [ 565.911160][ T7263] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.953732][ T7263] device bridge_slave_0 left promiscuous mode [ 565.959942][ T7263] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.397473][ T7083] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.426458][ T7284] bridge_slave_1: Device is already in use. [ 566.561197][ T7284] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.629668][ T17] Bluetooth: hci0: command 0x040f tx timeout [ 566.637440][ T7284] device bridge_slave_1 left promiscuous mode [ 566.644587][ T7284] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.007991][ T7303] bond_slave_0: Device is already in use. [ 567.198961][ T7303] bond0: (slave bond_slave_0): Releasing backup interface [ 567.520364][ T7322] bond_slave_1: Device is already in use. [ 567.700926][ T7322] bond0: (slave bond_slave_1): Releasing backup interface [ 568.060995][ T7346] team_slave_0: Device is already in use. [ 568.313103][ T7346] team0: Port device team_slave_0 removed [ 568.643374][ T7364] team_slave_1: Device is already in use. [ 568.671267][ T17] Bluetooth: hci0: command 0x0419 tx timeout [ 568.902881][ T7364] team0: Port device team_slave_1 removed [ 569.287465][ T7390] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 569.299061][ T7390] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.311814][ T7390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 2020/08/20 19:08:19 executed programs: 40 [ 569.485969][ T7390] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 569.889780][ T7409] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 569.902887][ T7409] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 569.915300][ T7409] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 570.146130][ T7409] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 570.616766][ T7434] hsr_slave_0: Device is already in use. [ 570.769840][ T7434] device hsr_slave_0 left promiscuous mode [ 571.157712][ T7456] hsr_slave_1: Device is already in use. [ 571.295533][ T7456] device hsr_slave_1 left promiscuous mode [ 571.559795][ T7456] syz-executor.0 (7456) used greatest stack depth: 22928 bytes left [ 571.655998][ T7472] veth1_virt_wifi: Device is already in use. [ 572.359686][ T7496] veth1_vlan: Device is already in use. [ 572.714335][ T7504] ------------[ cut here ]------------ [ 572.720020][ T7504] WARNING: CPU: 0 PID: 7504 at drivers/net/ipvlan/ipvlan_l3s.c:148 ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 572.745791][ T7504] Kernel panic - not syncing: panic_on_warn set ... [ 572.752433][ T7504] CPU: 0 PID: 7504 Comm: syz-executor.0 Not tainted 5.9.0-rc1-syzkaller #0 [ 572.761015][ T7504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.771941][ T7504] Call Trace: [ 572.775239][ T7504] dump_stack+0x18f/0x20d [ 572.779587][ T7504] panic+0x2e3/0x75c [ 572.783485][ T7504] ? __warn_printk+0xf3/0xf3 [ 572.788106][ T7504] ? printk+0xba/0xed [ 572.792088][ T7504] ? log_store.cold+0x16/0x16 [ 572.796774][ T7504] ? __warn.cold+0x5/0x4a [ 572.801130][ T7504] ? __warn+0xd6/0x1f2 [ 572.805207][ T7504] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 572.811021][ T7504] __warn.cold+0x20/0x4a [ 572.815278][ T7504] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 572.821188][ T7504] report_bug+0x1bd/0x210 [ 572.825630][ T7504] handle_bug+0x38/0x90 [ 572.829791][ T7504] exc_invalid_op+0x14/0x40 [ 572.834371][ T7504] asm_exc_invalid_op+0x12/0x20 [ 572.839233][ T7504] RIP: 0010:ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 572.845646][ T7504] Code: fc 48 c7 c2 80 d7 c2 88 be 2d 00 00 00 48 c7 c7 c0 d8 c2 88 c6 05 32 80 f0 05 01 e8 37 25 9e fc e9 26 fe ff ff e8 18 a7 b7 fc <0f> 0b 5b 5d 41 5c 41 5d e9 0b a7 b7 fc 4c 89 e7 e8 43 bb f7 fc e9 [ 572.865281][ T7504] RSP: 0018:ffffc90007cff0f0 EFLAGS: 00010293 [ 572.871393][ T7504] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84bc993d [ 572.879370][ T7504] RDX: ffff88808f1fe040 RSI: ffffffff84bc9a68 RDI: 0000000000000005 [ 572.887334][ T7504] RBP: ffff888093030040 R08: 0000000000000001 R09: ffff88808f1fe920 [ 572.895803][ T7504] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88809abffbc0 [ 572.903778][ T7504] R13: ffff88809b8b6000 R14: 0000000000000000 R15: 0000000000000001 [ 572.911756][ T7504] ? ipvlan_unregister_nf_hook+0x18d/0x2f0 [ 572.917559][ T7504] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 572.923373][ T7504] ipvlan_l3s_unregister+0xac/0x150 [ 572.928563][ T7504] ipvlan_set_port_mode+0x41f/0x4b0 [ 572.933746][ T7504] ipvlan_link_new+0x697/0xc04 [ 572.938494][ T7504] ? ipvlan_init+0xdb0/0xdb0 [ 572.943124][ T7504] __rtnl_newlink+0x108b/0x1740 [ 572.947963][ T7504] ? rtnl_setlink+0x3b0/0x3b0 [ 572.952630][ T7504] ? unwind_next_frame+0xe3b/0x1f90 [ 572.957806][ T7504] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 572.963857][ T7504] ? is_bpf_text_address+0xcb/0x160 [ 572.969033][ T7504] ? kernel_text_address+0xbd/0xf0 [ 572.974139][ T7504] ? __kernel_text_address+0x9/0x30 [ 572.979333][ T7504] ? unwind_get_return_address+0x51/0x90 [ 572.984988][ T7504] ? profile_setup.cold+0xc1/0xc1 [ 572.989996][ T7504] ? arch_stack_walk+0x97/0xf0 [ 572.994759][ T7504] ? stack_trace_save+0x8c/0xc0 [ 572.999604][ T7504] ? stack_trace_consume_entry+0x160/0x160 [ 573.005405][ T7504] ? __lock_acquire+0x16cb/0x5640 [ 573.010440][ T7504] ? lock_is_held_type+0xbb/0xf0 [ 573.015624][ T7504] ? kmem_cache_alloc_trace+0x188/0x2c0 [ 573.021164][ T7504] rtnl_newlink+0x64/0xa0 [ 573.025478][ T7504] ? __rtnl_newlink+0x1740/0x1740 [ 573.030547][ T7504] rtnetlink_rcv_msg+0x44e/0xad0 [ 573.035492][ T7504] ? rtnetlink_put_metrics+0x510/0x510 [ 573.040936][ T7504] ? lock_acquire+0x1f1/0xad0 [ 573.045667][ T7504] ? netlink_deliver_tap+0x146/0xb70 [ 573.050945][ T7504] netlink_rcv_skb+0x15a/0x430 [ 573.055704][ T7504] ? rtnetlink_put_metrics+0x510/0x510 [ 573.061146][ T7504] ? netlink_ack+0xa10/0xa10 [ 573.065736][ T7504] ? lock_is_held_type+0xbb/0xf0 [ 573.070657][ T7504] netlink_unicast+0x533/0x7d0 [ 573.075403][ T7504] ? netlink_attachskb+0x810/0x810 [ 573.080493][ T7504] ? _copy_from_iter_full+0x247/0x890 [ 573.085858][ T7504] ? __phys_addr+0x9a/0x110 [ 573.090350][ T7504] ? __phys_addr_symbol+0x2c/0x70 [ 573.095351][ T7504] ? __check_object_size+0x171/0x3e4 [ 573.100617][ T7504] netlink_sendmsg+0x856/0xd90 [ 573.105378][ T7504] ? netlink_unicast+0x7d0/0x7d0 [ 573.110313][ T7504] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 573.115584][ T7504] ? netlink_unicast+0x7d0/0x7d0 [ 573.120589][ T7504] sock_sendmsg+0xcf/0x120 [ 573.124992][ T7504] ____sys_sendmsg+0x6e8/0x810 [ 573.129773][ T7504] ? kernel_sendmsg+0x50/0x50 [ 573.134477][ T7504] ? do_recvmmsg+0x6d0/0x6d0 [ 573.139088][ T7504] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 573.145058][ T7504] ___sys_sendmsg+0xf3/0x170 [ 573.149722][ T7504] ? sendmsg_copy_msghdr+0x160/0x160 [ 573.155018][ T7504] ? lock_acquire+0x1f1/0xad0 [ 573.159675][ T7504] ? __might_fault+0xef/0x1d0 [ 573.164329][ T7504] ? find_held_lock+0x2d/0x110 [ 573.169091][ T7504] ? __might_fault+0x11f/0x1d0 [ 573.173861][ T7504] ? lock_downgrade+0x830/0x830 [ 573.178709][ T7504] ? read_seqcount_t_begin.constprop.0+0xd9/0x1f0 [ 573.185284][ T7504] ? trace_hardirqs_on+0x5f/0x220 [ 573.190307][ T7504] ? __fget_light+0x215/0x280 [ 573.194980][ T7504] __sys_sendmsg+0xe5/0x1b0 [ 573.199471][ T7504] ? __sys_sendmsg_sock+0xb0/0xb0 [ 573.204492][ T7504] ? __x64_sys_futex+0x382/0x4e0 [ 573.209414][ T7504] ? trace_hardirqs_on+0x5f/0x220 [ 573.214430][ T7504] ? lockdep_hardirqs_on+0x76/0xf0 [ 573.219525][ T7504] do_syscall_64+0x2d/0x70 [ 573.223939][ T7504] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 573.229823][ T7504] RIP: 0033:0x45d4d9 [ 573.233720][ T7504] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 573.253321][ T7504] RSP: 002b:00007ffc542e0928 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.261725][ T7504] RAX: ffffffffffffffda RBX: 000000000002cd80 RCX: 000000000045d4d9 [ 573.269691][ T7504] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 573.277667][ T7504] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 573.285628][ T7504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001190a50 [ 573.293592][ T7504] R13: 0000000000000000 R14: 0000000000000b36 R15: 000000000118cf4c [ 573.302864][ T7504] Kernel Offset: disabled [ 573.307208][ T7504] Rebooting in 86400 seconds..