[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. 2020/08/18 04:02:49 parsed 1 programs 2020/08/18 04:02:49 executed programs: 0 syzkaller login: [ 553.534471][ T6858] IPVS: ftp: loaded support on port[0] = 21 [ 553.703512][ T6858] chnl_net:caif_netlink_parms(): no params data found [ 553.756002][ T6858] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.763686][ T6858] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.771603][ T6858] device bridge_slave_0 entered promiscuous mode [ 553.781275][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.788503][ T6858] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.796321][ T6858] device bridge_slave_1 entered promiscuous mode [ 553.816225][ T6858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 553.827379][ T6858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 553.849898][ T6858] team0: Port device team_slave_0 added [ 553.857380][ T6858] team0: Port device team_slave_1 added [ 553.876123][ T6858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.883220][ T6858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 553.909222][ T6858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.921538][ T6858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.928668][ T6858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 553.954620][ T6858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 553.980619][ T6858] device hsr_slave_0 entered promiscuous mode [ 553.987300][ T6858] device hsr_slave_1 entered promiscuous mode [ 554.080662][ T6858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 554.090149][ T6858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 554.101486][ T6858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 554.111478][ T6858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 554.134656][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.141781][ T6858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.149515][ T6858] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.156729][ T6858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.202030][ T6858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 554.216197][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 554.226734][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.235025][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.244341][ T6999] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 554.257173][ T6858] 8021q: adding VLAN 0 to HW filter on device team0 [ 554.268697][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 554.278245][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.285378][ T6835] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.304140][ T7079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 554.313256][ T7079] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.320301][ T7079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 554.341708][ T6858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 554.352772][ T6858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 554.368481][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 554.377648][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 554.386561][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 554.396938][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 554.405340][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 554.413208][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 554.430763][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 554.438767][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 554.452117][ T6858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 554.471574][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 554.491432][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 554.500090][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 554.508229][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 554.518664][ T6858] device veth0_vlan entered promiscuous mode [ 554.530636][ T6858] device veth1_vlan entered promiscuous mode [ 554.551285][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 554.561405][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 554.569765][ T6835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 554.580888][ T6858] device veth0_macvtap entered promiscuous mode [ 554.591401][ T6858] device veth1_macvtap entered promiscuous mode [ 554.609058][ T6858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 554.616876][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 554.627297][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 554.639206][ T6858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 554.647701][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 554.659813][ T6858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.669187][ T6858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.678316][ T6858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.687495][ T6858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.756550][ T7083] gre0: Master is either lo or non-ether device [ 554.848345][ T7092] ip_vti0: Master is either lo or non-ether device [ 554.903861][ T7094] ip6_vti0: Master is either lo or non-ether device [ 554.933835][ T7095] sit0: Master is either lo or non-ether device [ 554.977907][ T7097] ip6tnl0: Master is either lo or non-ether device [ 555.017161][ T7098] ip6gre0: Master is either lo or non-ether device [ 555.550573][ T17] Bluetooth: hci0: command 0x0409 tx timeout [ 555.677715][ T7118] vcan0: Master is either lo or non-ether device [ 556.067329][ T7145] nlmon0: Master is either lo or non-ether device [ 556.238485][ T7149] caif0: Master is either lo or non-ether device [ 556.448748][ T7165] vxcan0: Master is either lo or non-ether device [ 556.668333][ T7171] vxcan1: Master is either lo or non-ether device 2020/08/18 04:02:54 executed programs: 22 [ 557.523473][ T7205] xfrm0: Master is either lo or non-ether device [ 557.622704][ T17] Bluetooth: hci0: command 0x041b tx timeout [ 557.723561][ T7216] wg0: Master is either lo or non-ether device [ 557.960048][ T7224] wg1: Master is either lo or non-ether device [ 558.218466][ T7235] wg2: Master is either lo or non-ether device [ 558.769107][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.787393][ T7257] bridge_slave_0: Device is already in use. [ 558.892543][ T7257] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.945375][ T7257] device bridge_slave_0 left promiscuous mode [ 558.951869][ T7257] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.400882][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.416230][ T7278] bridge_slave_1: Device is already in use. [ 559.508499][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.518573][ T7278] device bridge_slave_1 left promiscuous mode [ 559.526264][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.702979][ T6999] Bluetooth: hci0: command 0x040f tx timeout [ 559.917479][ T7296] bond_slave_0: Device is already in use. [ 560.054847][ T7296] bond0: (slave bond_slave_0): Releasing backup interface [ 560.474402][ T7317] bond_slave_1: Device is already in use. [ 560.665539][ T7317] bond0: (slave bond_slave_1): Releasing backup interface [ 560.977593][ T7334] team_slave_0: Device is already in use. [ 561.248245][ T7334] team0: Port device team_slave_0 removed [ 561.561755][ T7355] team_slave_1: Device is already in use. [ 561.761642][ T7355] team0: Port device team_slave_1 removed [ 561.782518][ T6999] Bluetooth: hci0: command 0x0419 tx timeout [ 562.248701][ T7379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 562.259656][ T7379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.271910][ T7379] batman_adv: batadv0: Interface deactivated: batadv_slave_0 2020/08/18 04:03:00 executed programs: 40 [ 562.508125][ T7379] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 562.884416][ T7399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 562.896549][ T7399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.919363][ T7399] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 563.184949][ T7399] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 563.556108][ T7424] hsr_slave_0: Device is already in use. [ 563.789405][ T7424] device hsr_slave_0 left promiscuous mode [ 564.189557][ T7447] hsr_slave_1: Device is already in use. [ 564.294120][ T7447] device hsr_slave_1 left promiscuous mode [ 564.574946][ T7447] syz-executor.0 (7447) used greatest stack depth: 22928 bytes left [ 564.645453][ T7462] veth1_virt_wifi: Device is already in use. [ 565.408692][ T7485] veth1_vlan: Device is already in use. [ 565.774402][ T7496] ------------[ cut here ]------------ [ 565.780076][ T7496] WARNING: CPU: 0 PID: 7496 at drivers/net/ipvlan/ipvlan_l3s.c:148 ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 565.796631][ T7496] Kernel panic - not syncing: panic_on_warn set ... [ 565.803234][ T7496] CPU: 0 PID: 7496 Comm: syz-executor.0 Not tainted 5.8.0-syzkaller #0 [ 565.811466][ T7496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.821572][ T7496] Call Trace: [ 565.824959][ T7496] dump_stack+0x18f/0x20d [ 565.829420][ T7496] panic+0x2e3/0x75c [ 565.833327][ T7496] ? __warn_printk+0xf3/0xf3 [ 565.837981][ T7496] ? printk+0xba/0xed [ 565.841965][ T7496] ? log_store.cold+0x16/0x16 [ 565.846641][ T7496] ? __warn.cold+0x5/0x4a [ 565.850969][ T7496] ? __warn+0xd6/0x1f2 [ 565.855039][ T7496] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 565.860847][ T7496] __warn.cold+0x20/0x4a [ 565.865097][ T7496] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 565.870905][ T7496] report_bug+0x1bd/0x210 [ 565.875319][ T7496] handle_bug+0x38/0x90 [ 565.879487][ T7496] exc_invalid_op+0x14/0x40 [ 565.884047][ T7496] asm_exc_invalid_op+0x12/0x20 [ 565.888902][ T7496] RIP: 0010:ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 565.895344][ T7496] Code: fc 48 c7 c2 00 c6 c2 88 be 2d 00 00 00 48 c7 c7 40 c7 c2 88 c6 05 e0 52 f1 05 01 e8 37 21 9f fc e9 26 fe ff ff e8 88 a1 b8 fc <0f> 0b 5b 5d 41 5c 41 5d e9 7b a1 b8 fc 4c 89 e7 e8 f3 b1 f8 fc e9 [ 565.914961][ T7496] RSP: 0018:ffffc90007b6f0f0 EFLAGS: 00010293 [ 565.921026][ T7496] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff84bba9cd [ 565.928997][ T7496] RDX: ffff8880a73a8300 RSI: ffffffff84bbaaf8 RDI: 0000000000000005 [ 565.936967][ T7496] RBP: ffff8880977f8040 R08: 0000000000000001 R09: ffff8880a73a8bc8 [ 565.944964][ T7496] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880a1687880 [ 565.952929][ T7496] R13: ffff888095059800 R14: 0000000000000000 R15: 0000000000000001 [ 565.960894][ T7496] ? ipvlan_unregister_nf_hook+0x18d/0x2f0 [ 565.966697][ T7496] ? ipvlan_unregister_nf_hook+0x2b8/0x2f0 [ 565.972500][ T7496] ipvlan_l3s_unregister+0xac/0x150 [ 565.977694][ T7496] ipvlan_set_port_mode+0x41f/0x4b0 [ 565.982886][ T7496] ipvlan_link_new+0x697/0xc04 [ 565.987629][ T7496] ? ipvlan_init+0xd20/0xd20 [ 565.992560][ T7496] __rtnl_newlink+0x108b/0x1740 [ 565.997398][ T7496] ? rtnl_setlink+0x3b0/0x3b0 [ 566.002093][ T7496] ? unwind_next_frame+0xe3b/0x1f90 [ 566.007291][ T7496] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.013421][ T7496] ? is_bpf_text_address+0xcb/0x160 [ 566.018630][ T7496] ? kernel_text_address+0xbd/0xf0 [ 566.023728][ T7496] ? __kernel_text_address+0x9/0x30 [ 566.028913][ T7496] ? unwind_get_return_address+0x51/0x90 [ 566.034568][ T7496] ? profile_setup.cold+0xc1/0xc1 [ 566.039602][ T7496] ? arch_stack_walk+0x97/0xf0 [ 566.044362][ T7496] ? stack_trace_save+0x8c/0xc0 [ 566.049189][ T7496] ? stack_trace_consume_entry+0x160/0x160 [ 566.055034][ T7496] ? __lock_acquire+0x16cb/0x5640 [ 566.060104][ T7496] ? lock_is_held_type+0xbb/0xf0 [ 566.065065][ T7496] ? kmem_cache_alloc_trace+0x188/0x2c0 [ 566.070593][ T7496] rtnl_newlink+0x64/0xa0 [ 566.074900][ T7496] ? __rtnl_newlink+0x1740/0x1740 [ 566.079926][ T7496] rtnetlink_rcv_msg+0x44e/0xad0 [ 566.084848][ T7496] ? rtnetlink_put_metrics+0x510/0x510 [ 566.090289][ T7496] ? lock_acquire+0x1f1/0xad0 [ 566.095006][ T7496] ? netlink_deliver_tap+0x146/0xb70 [ 566.100287][ T7496] netlink_rcv_skb+0x15a/0x430 [ 566.105033][ T7496] ? rtnetlink_put_metrics+0x510/0x510 [ 566.110565][ T7496] ? netlink_ack+0xa10/0xa10 [ 566.115150][ T7496] ? lock_is_held_type+0xbb/0xf0 [ 566.120066][ T7496] netlink_unicast+0x533/0x7d0 [ 566.124894][ T7496] ? netlink_attachskb+0x810/0x810 [ 566.130039][ T7496] ? _copy_from_iter_full+0x247/0x890 [ 566.135425][ T7496] ? __phys_addr+0x9a/0x110 [ 566.139908][ T7496] ? __phys_addr_symbol+0x2c/0x70 [ 566.144961][ T7496] ? __check_object_size+0x171/0x3e4 [ 566.150242][ T7496] netlink_sendmsg+0x856/0xd90 [ 566.155002][ T7496] ? netlink_unicast+0x7d0/0x7d0 [ 566.160079][ T7496] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 566.165371][ T7496] ? netlink_unicast+0x7d0/0x7d0 [ 566.170353][ T7496] sock_sendmsg+0xcf/0x120 [ 566.174801][ T7496] ____sys_sendmsg+0x6e8/0x810 [ 566.179561][ T7496] ? kernel_sendmsg+0x50/0x50 [ 566.184232][ T7496] ? do_recvmmsg+0x6d0/0x6d0 [ 566.188809][ T7496] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 566.194772][ T7496] ___sys_sendmsg+0xf3/0x170 [ 566.199371][ T7496] ? sendmsg_copy_msghdr+0x160/0x160 [ 566.204636][ T7496] ? lock_acquire+0x1f1/0xad0 [ 566.209359][ T7496] ? __might_fault+0xef/0x1d0 [ 566.214016][ T7496] ? find_held_lock+0x2d/0x110 [ 566.218757][ T7496] ? __might_fault+0x11f/0x1d0 [ 566.223501][ T7496] ? lock_downgrade+0x830/0x830 [ 566.228380][ T7496] ? read_seqcount_t_begin.constprop.0+0xd9/0x1f0 [ 566.234810][ T7496] ? trace_hardirqs_on+0x5f/0x220 [ 566.239827][ T7496] ? __fget_light+0x215/0x280 [ 566.244504][ T7496] __sys_sendmsg+0xe5/0x1b0 [ 566.248993][ T7496] ? __sys_sendmsg_sock+0xb0/0xb0 [ 566.254040][ T7496] ? __x64_sys_futex+0x382/0x4e0 [ 566.259063][ T7496] ? trace_hardirqs_on+0x5f/0x220 [ 566.264080][ T7496] ? lockdep_hardirqs_on+0x76/0xf0 [ 566.269182][ T7496] do_syscall_64+0x2d/0x70 [ 566.273613][ T7496] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 566.279493][ T7496] RIP: 0033:0x45d239 [ 566.283374][ T7496] Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 566.303394][ T7496] RSP: 002b:00007ffce28bb438 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 566.311815][ T7496] RAX: ffffffffffffffda RBX: 000000000002c0c0 RCX: 000000000045d239 [ 566.319767][ T7496] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 566.327718][ T7496] RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 [ 566.335824][ T7496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000001190a50 [ 566.343783][ T7496] R13: 0000000000000000 R14: 0000000000000b03 R15: 000000000118cf4c [ 566.353096][ T7496] Kernel Offset: disabled [ 566.357416][ T7496] Rebooting in 86400 seconds..