Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. 2020/07/25 10:13:15 parsed 1 programs 2020/07/25 10:13:15 executed programs: 0 syzkaller login: [ 537.981285] audit: type=1400 audit(1595671995.838:8): avc: denied { execmem } for pid=6368 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 538.311011] IPVS: ftp: loaded support on port[0] = 21 [ 539.192184] chnl_net:caif_netlink_parms(): no params data found [ 539.278708] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.285488] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.293020] device bridge_slave_0 entered promiscuous mode [ 539.301611] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.307960] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.315384] device bridge_slave_1 entered promiscuous mode [ 539.330867] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 539.339633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 539.356798] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 539.364192] team0: Port device team_slave_0 added [ 539.369708] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 539.376718] team0: Port device team_slave_1 added [ 539.391173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.397574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.422951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.434859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.441230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.466538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.477329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 539.484923] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 539.551741] device hsr_slave_0 entered promiscuous mode [ 539.589651] device hsr_slave_1 entered promiscuous mode [ 539.649971] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 539.656956] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 539.716538] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.723012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 539.729920] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.736270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.764236] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 539.771120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 539.778827] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 539.788144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 539.807175] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.814358] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.825727] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 539.831906] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.840180] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 539.847732] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.854110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 539.863459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 539.871095] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.877412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 539.897196] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 539.907087] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 539.918008] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 539.925463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 539.933346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 539.941269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 539.948888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 539.956630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 539.963437] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 539.974645] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 539.982878] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 539.989869] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 540.001504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 540.051784] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 540.062534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 540.090477] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 540.097360] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 540.104472] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 540.113895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 540.121412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 540.128309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 540.137286] device veth0_vlan entered promiscuous mode [ 540.145569] device veth1_vlan entered promiscuous mode [ 540.151723] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 540.160565] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 540.171361] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 540.180696] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 540.187648] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 540.195376] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 540.203216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 540.213295] device veth0_macvtap entered promiscuous mode [ 540.222260] device veth1_macvtap entered promiscuous mode [ 540.230763] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 540.240268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 540.248882] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 540.256944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.263963] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 540.271797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 540.282305] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 540.289147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 540.296300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 540.304475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 541.468415] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.477957] tunl0: Master is either lo or non-ether device [ 541.494402] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.503238] gre0: Master is either lo or non-ether device [ 541.521678] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.533221] device ipvlan2 entered promiscuous mode [ 541.548864] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.563367] device ipvlan3 entered promiscuous mode [ 541.579605] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.588256] ip_vti0: Master is either lo or non-ether device [ 541.607995] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.616743] ip6_vti0: Master is either lo or non-ether device [ 541.636143] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.645736] sit0: Master is either lo or non-ether device [ 541.665049] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.674258] ip6tnl0: Master is either lo or non-ether device [ 541.692565] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.702179] ip6gre0: Master is either lo or non-ether device [ 541.721442] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 541.734390] device ipvlan4 entered promiscuous mode [ 541.774734] syz-executor.0 (6631) used greatest stack depth: 24144 bytes left [ 541.791458] device ipvlan5 entered promiscuous mode [ 541.819024] device ipvlan6 entered promiscuous mode [ 541.844714] vcan0: Master is either lo or non-ether device [ 541.895166] device ipvlan7 entered promiscuous mode [ 541.927552] device ipvlan8 entered promiscuous mode [ 541.954637] device ipvlan9 entered promiscuous mode [ 541.980494] nlmon0: Master is either lo or non-ether device [ 542.056077] caif0: Master is either lo or non-ether device [ 542.147698] device ipvlan10 entered promiscuous mode [ 542.173392] vxcan0: Master is either lo or non-ether device [ 542.242939] vxcan1: Master is either lo or non-ether device [ 542.347099] device ipvlan11 entered promiscuous mode [ 542.420041] device ipvlan12 entered promiscuous mode [ 542.498143] device ipvlan13 entered promiscuous mode [ 542.541709] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.552841] bridge_slave_0: Device is already in use. [ 542.564847] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.573665] device bridge_slave_0 left promiscuous mode [ 542.579199] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.685497] device ipvlan14 entered promiscuous mode [ 542.762846] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.783460] bridge_slave_1: Device is already in use. [ 542.798033] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.808170] device bridge_slave_1 left promiscuous mode [ 542.815375] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.913683] device ipvlan15 entered promiscuous mode 2020/07/25 10:13:20 executed programs: 28 [ 543.010241] bond_slave_0: Device is already in use. [ 543.018659] bond0: Releasing backup interface bond_slave_0 [ 543.132778] device ipvlan16 entered promiscuous mode [ 543.203112] bond_slave_1: Device is already in use. [ 543.210791] bond0: Releasing backup interface bond_slave_1 [ 543.322628] device ipvlan17 entered promiscuous mode [ 543.396702] team_slave_0: Device is already in use. [ 543.408688] team0: Port device team_slave_0 removed [ 543.468990] device ipvlan18 entered promiscuous mode [ 543.544794] team_slave_1: Device is already in use. [ 543.559273] team0: Port device team_slave_1 removed [ 543.629620] device ipvlan19 entered promiscuous mode [ 543.709799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 543.723971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.734102] device ipvlan20 entered promiscuous mode [ 543.742160] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.751337] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 543.831670] device ipvlan21 entered promiscuous mode [ 543.905026] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 543.920234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.930749] device ipvlan22 entered promiscuous mode [ 543.936606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 543.947194] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 544.040367] device ipvlan23 entered promiscuous mode [ 544.112668] hsr_slave_0: Device is already in use. [ 544.128708] device hsr_slave_0 left promiscuous mode [ 544.219024] device ipvlan24 entered promiscuous mode [ 544.284820] hsr_slave_1: Device is already in use. [ 544.303466] device hsr_slave_1 left promiscuous mode [ 544.404644] device ipvlan25 entered promiscuous mode [ 544.451100] device ipvlan26 entered promiscuous mode [ 544.506502] device ipvlan27 entered promiscuous mode [ 544.576131] veth1_vlan: Device is already in use. [ 544.670942] ------------[ cut here ]------------ [ 544.675852] WARNING: CPU: 1 PID: 6983 at drivers/net/ipvlan/ipvlan_main.c:63 ipvlan_unregister_nf_hook+0x230/0x260 [ 544.686593] Kernel panic - not syncing: panic_on_warn set ... [ 544.686593] [ 544.693955] CPU: 1 PID: 6983 Comm: syz-executor.0 Not tainted 4.14.189-syzkaller #0 [ 544.701742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.711090] Call Trace: [ 544.713744] dump_stack+0x1b2/0x283 [ 544.717415] panic+0x1f9/0x42d [ 544.720605] ? add_taint.cold+0x16/0x16 [ 544.724560] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 544.729640] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 544.734714] __warn.cold+0x20/0x4b [ 544.738226] ? ist_end_non_atomic+0x10/0x10 [ 544.742520] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 544.747596] report_bug+0x208/0x249 [ 544.751222] do_error_trap+0x195/0x2d0 [ 544.755120] ? math_error+0x2d0/0x2d0 [ 544.758932] ? trace_hardirqs_on+0x10/0x10 [ 544.763178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.768050] invalid_op+0x1b/0x40 [ 544.771481] RIP: 0010:ipvlan_unregister_nf_hook+0x230/0x260 [ 544.777162] RSP: 0018:ffff888086a8f3e8 EFLAGS: 00010297 [ 544.782497] RAX: ffff8880a42ae540 RBX: 0000000000000000 RCX: 1ffff11014855dbe [ 544.789796] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000282 [ 544.797039] RBP: ffff888097bcc040 R08: 0000000000000000 R09: 0000000000000001 [ 544.804287] R10: 0000000000000000 R11: ffff8880a42ae540 R12: ffff8880a0e26180 [ 544.811647] R13: ffff888095e86780 R14: 0000000000000000 R15: ffff888095fe49c0 [ 544.818912] ? ipvlan_unregister_nf_hook+0x230/0x260 [ 544.823994] ipvlan_set_port_mode+0x491/0x5a0 [ 544.828465] ipvlan_link_new+0xba2/0xfa0 [ 544.832582] rtnl_newlink+0xf88/0x1810 [ 544.836447] ? __lock_acquire+0x5fc/0x3f20 [ 544.840669] ? ipvlan_port_destroy+0x3f0/0x3f0 [ 544.845236] ? trace_hardirqs_on+0x10/0x10 [ 544.849446] ? rtnl_dellink+0x6a0/0x6a0 [ 544.853392] ? trace_hardirqs_on+0x10/0x10 [ 544.857642] ? lock_acquire+0x170/0x3f0 [ 544.861616] ? lock_acquire+0x170/0x3f0 [ 544.865737] ? lock_downgrade+0x740/0x740 [ 544.869856] ? rtnl_dellink+0x6a0/0x6a0 [ 544.873803] rtnetlink_rcv_msg+0x3be/0xb10 [ 544.878013] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 544.882549] ? __netlink_lookup+0x345/0x5d0 [ 544.886848] netlink_rcv_skb+0x125/0x390 [ 544.890883] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 544.895350] ? netlink_ack+0x9a0/0x9a0 [ 544.899212] netlink_unicast+0x437/0x610 [ 544.903260] ? netlink_sendskb+0xd0/0xd0 [ 544.907296] netlink_sendmsg+0x62e/0xb80 [ 544.911332] ? nlmsg_notify+0x170/0x170 [ 544.915305] ? kernel_recvmsg+0x210/0x210 [ 544.919456] ? security_socket_sendmsg+0x83/0xb0 [ 544.924184] ? nlmsg_notify+0x170/0x170 [ 544.928153] sock_sendmsg+0xb5/0x100 [ 544.931841] ___sys_sendmsg+0x6c8/0x800 [ 544.935789] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 544.940517] ? __lock_acquire+0x5fc/0x3f20 [ 544.944791] ? do_futex+0x12b/0x1930 [ 544.948490] ? trace_hardirqs_on+0x10/0x10 [ 544.952723] ? __might_fault+0x104/0x1b0 [ 544.956758] ? trace_hardirqs_on+0x10/0x10 [ 544.960964] ? lock_acquire+0x170/0x3f0 [ 544.964912] ? lock_downgrade+0x740/0x740 [ 544.969032] ? futex_exit_release+0x220/0x220 [ 544.973586] ? __might_fault+0x104/0x1b0 [ 544.977620] ? lock_acquire+0x170/0x3f0 [ 544.981566] ? lock_downgrade+0x740/0x740 [ 544.985702] ? __fdget+0x167/0x1f0 [ 544.989217] ? sockfd_lookup_light+0xb2/0x160 [ 544.994641] __sys_sendmsg+0xa3/0x120 [ 544.998416] ? SyS_shutdown+0x160/0x160 [ 545.002380] ? SyS_clock_gettime+0xf5/0x180 [ 545.006693] ? SyS_clock_settime+0x1a0/0x1a0 [ 545.011086] SyS_sendmsg+0x27/0x40 [ 545.014619] ? __sys_sendmsg+0x120/0x120 [ 545.018663] do_syscall_64+0x1d5/0x640 [ 545.022578] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 545.027745] RIP: 0033:0x45c369 [ 545.030908] RSP: 002b:00007ffc8c88b2c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 545.038590] RAX: ffffffffffffffda RBX: 000000000002b700 RCX: 000000000045c369 [ 545.045845] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 545.053176] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 545.060435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000790730 [ 545.067680] R13: 0000000000000000 R14: 0000000000000adc R15: 000000000078bf0c [ 545.076565] Kernel Offset: disabled [ 545.080197] Rebooting in 86400 seconds..