[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2021/05/03 22:25:16 fuzzer started 2021/05/03 22:25:17 connecting to host at 10.128.0.169:35367 2021/05/03 22:25:17 checking machine... 2021/05/03 22:25:17 checking revisions... 2021/05/03 22:25:17 testing simple program... syzkaller login: [ 78.448610][ T8427] chnl_net:caif_netlink_parms(): no params data found [ 78.521285][ T8427] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.528702][ T8427] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.541519][ T8427] device bridge_slave_0 entered promiscuous mode [ 78.553189][ T8427] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.561785][ T8427] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.570061][ T8427] device bridge_slave_1 entered promiscuous mode [ 78.596570][ T8427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.609004][ T8427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.634599][ T8427] team0: Port device team_slave_0 added [ 78.643515][ T8427] team0: Port device team_slave_1 added [ 78.663874][ T8427] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.673953][ T8427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.703623][ T8427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.718793][ T8427] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.727586][ T8427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.758330][ T8427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.787981][ T8427] device hsr_slave_0 entered promiscuous mode [ 78.795735][ T8427] device hsr_slave_1 entered promiscuous mode [ 78.906418][ T8427] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.917587][ T8427] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.930459][ T8427] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.940248][ T8427] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.969611][ T8427] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.977550][ T8427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.987177][ T8427] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.995193][ T8427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.046770][ T8427] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.062579][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.075806][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.085933][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.095510][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.110020][ T8427] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.124188][ T3794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.133612][ T3794] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.141413][ T3794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.162643][ T3794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.173027][ T3794] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.182784][ T3794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.206515][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.216098][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.226176][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.237103][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.252721][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.264535][ T8427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.285677][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.295284][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.310310][ T8427] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.329856][ T4854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.353118][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.362739][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.373173][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.384363][ T8427] device veth0_vlan entered promiscuous mode [ 79.399366][ T8427] device veth1_vlan entered promiscuous mode [ 79.427850][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.438624][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.449013][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.460787][ T8427] device veth0_macvtap entered promiscuous mode [ 79.475198][ T8427] device veth1_macvtap entered promiscuous mode [ 79.496568][ T8427] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.505332][ T8648] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.515552][ T8648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.529854][ T8427] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.545022][ T8427] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.556621][ T8427] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.573676][ T8427] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.584237][ T8427] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.595333][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.605976][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 79.697155][ T264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.712912][ T264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 79.759748][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 79.770501][ T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.783329][ T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.794815][ T4808] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2021/05/03 22:25:20 building call list... [ 80.458756][ T264] ------------[ cut here ]------------ [ 80.472233][ T264] hook not found, pf 3 num 0 [ 80.472887][ T264] WARNING: CPU: 0 PID: 264 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x1eb/0x610 [ 80.489135][ T264] Modules linked in: [ 80.496999][ T264] CPU: 0 PID: 264 Comm: kworker/u4:6 Not tainted 5.12.0-syzkaller #0 [ 80.506021][ T264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.519087][ T264] Workqueue: netns cleanup_net [ 80.524741][ T264] RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 [ 80.533902][ T264] Code: 0f b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 04 00 00 8b 53 1c 89 ee 48 c7 c7 c0 78 6d 8a e8 40 4c 8a 01 <0f> 0b e9 e5 00 00 00 e8 59 48 30 fa 44 8b 3c 24 4c 89 f8 48 c1 e0 [ 80.559102][ T264] RSP: 0018:ffffc90001b3fbc0 EFLAGS: 00010286 [ 80.567029][ T264] RAX: 0000000000000000 RBX: ffff888022492500 RCX: 0000000000000000 [ 80.577424][ T264] RDX: ffff888012b30000 RSI: ffffffff815c8ba5 RDI: fffff52000367f6a [ 80.586349][ T264] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 80.598034][ T264] R10: ffffffff815c2a0e R11: 0000000000000000 R12: ffff888028e40f20 [ 80.607431][ T264] R13: 0000000000000000 R14: ffff888013cb9c00 R15: 0000000000000001 [ 80.617396][ T264] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 80.627418][ T264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.636586][ T264] CR2: 000055697b82d160 CR3: 0000000028bd7000 CR4: 00000000001506f0 [ 80.646269][ T264] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.657010][ T264] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.668458][ T264] Call Trace: [ 80.678697][ T264] nf_unregister_net_hooks+0x117/0x160 [ 80.686247][ T264] arpt_unregister_table_pre_exit+0x67/0x80 [ 80.695123][ T264] ? arptable_filter_net_exit+0x20/0x20 [ 80.701541][ T264] cleanup_net+0x451/0xb10 [ 80.706028][ T264] ? ops_free_list.part.0+0x3d0/0x3d0 [ 80.713674][ T264] process_one_work+0x98d/0x1600 [ 80.719289][ T264] ? pwq_dec_nr_in_flight+0x320/0x320 [ 80.725793][ T264] ? rwlock_bug.part.0+0x90/0x90 [ 80.732729][ T264] ? _raw_spin_lock_irq+0x41/0x50 [ 80.738702][ T264] worker_thread+0x64c/0x1120 [ 80.744046][ T264] ? __kthread_parkme+0x13f/0x1e0 [ 80.749667][ T264] ? process_one_work+0x1600/0x1600 [ 80.759340][ T264] kthread+0x3b1/0x4a0 [ 80.764368][ T264] ? __kthread_bind_mask+0xc0/0xc0 [ 80.772610][ T264] ret_from_fork+0x1f/0x30 [ 80.777201][ T264] Kernel panic - not syncing: panic_on_warn set ... [ 80.784271][ T264] CPU: 0 PID: 264 Comm: kworker/u4:6 Not tainted 5.12.0-syzkaller #0 [ 80.793114][ T264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.805348][ T264] Workqueue: netns cleanup_net [ 80.810577][ T264] Call Trace: [ 80.815006][ T264] dump_stack+0x141/0x1d7 [ 80.820792][ T264] panic+0x306/0x73d [ 80.825502][ T264] ? __warn_printk+0xf3/0xf3 [ 80.830675][ T264] ? __warn.cold+0x1a/0x44 [ 80.836386][ T264] ? __nf_unregister_net_hook+0x1eb/0x610 [ 80.842577][ T264] __warn.cold+0x35/0x44 [ 80.847033][ T264] ? __nf_unregister_net_hook+0x1eb/0x610 [ 80.854007][ T264] report_bug+0x1bd/0x210 [ 80.858456][ T264] handle_bug+0x3c/0x60 [ 80.862806][ T264] exc_invalid_op+0x14/0x40 [ 80.868122][ T264] asm_exc_invalid_op+0x12/0x20 [ 80.873218][ T264] RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 [ 80.879760][ T264] Code: 0f b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 04 00 00 8b 53 1c 89 ee 48 c7 c7 c0 78 6d 8a e8 40 4c 8a 01 <0f> 0b e9 e5 00 00 00 e8 59 48 30 fa 44 8b 3c 24 4c 89 f8 48 c1 e0 [ 80.900941][ T264] RSP: 0018:ffffc90001b3fbc0 EFLAGS: 00010286 [ 80.907056][ T264] RAX: 0000000000000000 RBX: ffff888022492500 RCX: 0000000000000000 [ 80.915754][ T264] RDX: ffff888012b30000 RSI: ffffffff815c8ba5 RDI: fffff52000367f6a [ 80.924313][ T264] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 80.932498][ T264] R10: ffffffff815c2a0e R11: 0000000000000000 R12: ffff888028e40f20 [ 80.940574][ T264] R13: 0000000000000000 R14: ffff888013cb9c00 R15: 0000000000000001 [ 80.949196][ T264] ? wake_up_klogd.part.0+0x8e/0xd0 [ 80.954694][ T264] ? vprintk+0x95/0x260 [ 80.959060][ T264] nf_unregister_net_hooks+0x117/0x160 [ 80.964990][ T264] arpt_unregister_table_pre_exit+0x67/0x80 [ 80.971776][ T264] ? arptable_filter_net_exit+0x20/0x20 [ 80.978208][ T264] cleanup_net+0x451/0xb10 [ 80.982912][ T264] ? ops_free_list.part.0+0x3d0/0x3d0 [ 80.988659][ T264] process_one_work+0x98d/0x1600 [ 80.994178][ T264] ? pwq_dec_nr_in_flight+0x320/0x320 [ 81.000813][ T264] ? rwlock_bug.part.0+0x90/0x90 [ 81.006034][ T264] ? _raw_spin_lock_irq+0x41/0x50 [ 81.011295][ T264] worker_thread+0x64c/0x1120 [ 81.017168][ T264] ? __kthread_parkme+0x13f/0x1e0 [ 81.022324][ T264] ? process_one_work+0x1600/0x1600 [ 81.028263][ T264] kthread+0x3b1/0x4a0 [ 81.033097][ T264] ? __kthread_bind_mask+0xc0/0xc0 [ 81.038943][ T264] ret_from_fork+0x1f/0x30 [ 81.045755][ T264] Kernel Offset: disabled [ 81.051858][ T264] Rebooting in 86400 seconds..