Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.113' (ECDSA) to the list of known hosts. 2021/04/27 22:52:29 fuzzer started 2021/04/27 22:52:30 connecting to host at 10.128.0.169:38219 2021/04/27 22:52:30 checking machine... 2021/04/27 22:52:30 checking revisions... 2021/04/27 22:52:30 testing simple program... syzkaller login: [ 71.900417][ T8400] chnl_net:caif_netlink_parms(): no params data found [ 71.968619][ T8400] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.978199][ T8400] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.987380][ T8400] device bridge_slave_0 entered promiscuous mode [ 71.998322][ T8400] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.006415][ T8400] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.015111][ T8400] device bridge_slave_1 entered promiscuous mode [ 72.037165][ T8400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.049797][ T8400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.073314][ T8400] team0: Port device team_slave_0 added [ 72.082433][ T8400] team0: Port device team_slave_1 added [ 72.101503][ T8400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.109167][ T8400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.137338][ T8400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.152854][ T8400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.160677][ T8400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.192244][ T8400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.220307][ T8400] device hsr_slave_0 entered promiscuous mode [ 72.228024][ T8400] device hsr_slave_1 entered promiscuous mode [ 72.336790][ T8400] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.348569][ T8400] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.366659][ T8400] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.378049][ T8400] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.410046][ T8400] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.417612][ T8400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.426338][ T8400] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.433768][ T8400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.482420][ T8400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.498583][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.510029][ T3813] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.520921][ T3813] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.530921][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.547662][ T8400] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.559109][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.569815][ T3813] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.578521][ T3813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.592441][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.603301][ T4834] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.611352][ T4834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.635253][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.657255][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.667880][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.678865][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.688500][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.701920][ T8400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.724170][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.732673][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.749597][ T8400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.770521][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.793542][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.806373][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.816456][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.828564][ T8400] device veth0_vlan entered promiscuous mode [ 72.845110][ T8400] device veth1_vlan entered promiscuous mode [ 72.870916][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 72.881994][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 72.895136][ T3813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.908441][ T8400] device veth0_macvtap entered promiscuous mode [ 72.926676][ T8400] device veth1_macvtap entered promiscuous mode [ 72.950879][ T8400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.962223][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 72.976649][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.992122][ T8400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.006428][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.017330][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.032538][ T8400] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.043321][ T8400] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.055266][ T8400] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.064666][ T8400] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.170051][ T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.200051][ T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 73.221274][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.234171][ T295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.242757][ T295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.256957][ T4834] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/04/27 22:52:33 building call list... [ 73.959322][ T295] ------------[ cut here ]------------ [ 73.974754][ T295] hook not found, pf 3 num 0 [ 73.975376][ T295] WARNING: CPU: 1 PID: 295 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x1eb/0x610 [ 74.008728][ T295] Modules linked in: [ 74.012776][ T295] CPU: 1 PID: 295 Comm: kworker/u4:6 Not tainted 5.12.0-rc7-syzkaller #0 [ 74.023402][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.035691][ T295] Workqueue: netns cleanup_net [ 74.040854][ T295] RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 [ 74.049470][ T295] Code: 0f b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 04 00 00 8b 53 1c 89 ee 48 c7 c7 00 68 6c 8a e8 2e 37 8a 01 <0f> 0b e9 e5 00 00 00 e8 f9 34 35 fa 44 8b 3c 24 4c 89 f8 48 c1 e0 [ 74.072336][ T295] RSP: 0018:ffffc90001d1fbc0 EFLAGS: 00010286 [ 74.079887][ T295] RAX: 0000000000000000 RBX: ffff8881475bc700 RCX: 0000000000000000 [ 74.090942][ T295] RDX: ffff88801232b880 RSI: ffffffff815c5205 RDI: fffff520003a3f6a [ 74.101204][ T295] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 74.113377][ T295] R10: ffffffff815bdf9e R11: 0000000000000000 R12: ffff888027e30f20 [ 74.123128][ T295] R13: 0000000000000000 R14: ffff8880129fa000 R15: 0000000000000001 [ 74.135774][ T295] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 74.150912][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.161506][ T295] CR2: 00007fb40bf9b000 CR3: 00000000125af000 CR4: 00000000001506e0 [ 74.171668][ T295] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.183591][ T295] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.195938][ T295] Call Trace: [ 74.199338][ T295] nf_unregister_net_hooks+0x117/0x160 [ 74.206809][ T295] arpt_unregister_table_pre_exit+0x67/0x80 [ 74.213370][ T295] ? arptable_filter_net_exit+0x20/0x20 [ 74.224215][ T295] cleanup_net+0x451/0xb10 [ 74.229291][ T295] ? ops_free_list.part.0+0x3d0/0x3d0 [ 74.238154][ T295] process_one_work+0x98d/0x1600 [ 74.243338][ T295] ? pwq_dec_nr_in_flight+0x320/0x320 [ 74.250638][ T295] ? rwlock_bug.part.0+0x90/0x90 [ 74.259016][ T295] ? _raw_spin_lock_irq+0x41/0x50 [ 74.265575][ T295] worker_thread+0x64c/0x1120 [ 74.270409][ T295] ? __kthread_parkme+0x13f/0x1e0 [ 74.278587][ T295] ? process_one_work+0x1600/0x1600 [ 74.285547][ T295] kthread+0x3b1/0x4a0 [ 74.290039][ T295] ? __kthread_bind_mask+0xc0/0xc0 [ 74.300087][ T295] ret_from_fork+0x1f/0x30 [ 74.306159][ T295] Kernel panic - not syncing: panic_on_warn set ... [ 74.314673][ T295] CPU: 1 PID: 295 Comm: kworker/u4:6 Not tainted 5.12.0-rc7-syzkaller #0 [ 74.324338][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.335174][ T295] Workqueue: netns cleanup_net [ 74.340058][ T295] Call Trace: [ 74.343391][ T295] dump_stack+0x141/0x1d7 [ 74.347927][ T295] panic+0x306/0x73d [ 74.352366][ T295] ? __warn_printk+0xf3/0xf3 [ 74.357357][ T295] ? __warn.cold+0x1a/0x44 [ 74.362018][ T295] ? __nf_unregister_net_hook+0x1eb/0x610 [ 74.368124][ T295] __warn.cold+0x35/0x44 [ 74.372809][ T295] ? __nf_unregister_net_hook+0x1eb/0x610 [ 74.379321][ T295] report_bug+0x1bd/0x210 [ 74.384011][ T295] handle_bug+0x3c/0x60 [ 74.388265][ T295] exc_invalid_op+0x14/0x40 [ 74.393434][ T295] asm_exc_invalid_op+0x12/0x20 [ 74.398407][ T295] RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 [ 74.404923][ T295] Code: 0f b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 04 00 00 8b 53 1c 89 ee 48 c7 c7 00 68 6c 8a e8 2e 37 8a 01 <0f> 0b e9 e5 00 00 00 e8 f9 34 35 fa 44 8b 3c 24 4c 89 f8 48 c1 e0 [ 74.425772][ T295] RSP: 0018:ffffc90001d1fbc0 EFLAGS: 00010286 [ 74.432132][ T295] RAX: 0000000000000000 RBX: ffff8881475bc700 RCX: 0000000000000000 [ 74.440715][ T295] RDX: ffff88801232b880 RSI: ffffffff815c5205 RDI: fffff520003a3f6a [ 74.449342][ T295] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 74.457968][ T295] R10: ffffffff815bdf9e R11: 0000000000000000 R12: ffff888027e30f20 [ 74.467698][ T295] R13: 0000000000000000 R14: ffff8880129fa000 R15: 0000000000000001 [ 74.477065][ T295] ? wake_up_klogd.part.0+0x8e/0xd0 [ 74.483699][ T295] ? vprintk_func+0x95/0x1e0 [ 74.488936][ T295] nf_unregister_net_hooks+0x117/0x160 [ 74.495215][ T295] arpt_unregister_table_pre_exit+0x67/0x80 [ 74.502738][ T295] ? arptable_filter_net_exit+0x20/0x20 [ 74.509199][ T295] cleanup_net+0x451/0xb10 [ 74.515202][ T295] ? ops_free_list.part.0+0x3d0/0x3d0 [ 74.521564][ T295] process_one_work+0x98d/0x1600 [ 74.528019][ T295] ? pwq_dec_nr_in_flight+0x320/0x320 [ 74.534754][ T295] ? rwlock_bug.part.0+0x90/0x90 [ 74.541054][ T295] ? _raw_spin_lock_irq+0x41/0x50 [ 74.547130][ T295] worker_thread+0x64c/0x1120 [ 74.552464][ T295] ? __kthread_parkme+0x13f/0x1e0 [ 74.558106][ T295] ? process_one_work+0x1600/0x1600 [ 74.566027][ T295] kthread+0x3b1/0x4a0 [ 74.571263][ T295] ? __kthread_bind_mask+0xc0/0xc0 [ 74.577366][ T295] ret_from_fork+0x1f/0x30 [ 74.584987][ T295] Kernel Offset: disabled [ 74.590831][ T295] Rebooting in 86400 seconds..