[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. syzkaller login: [ 587.757082][ T6875] IPVS: ftp: loaded support on port[0] = 21 [ 587.886931][ T6875] chnl_net:caif_netlink_parms(): no params data found [ 587.940765][ T6875] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.948619][ T6875] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.958234][ T6875] device bridge_slave_0 entered promiscuous mode [ 587.968607][ T6875] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.976185][ T6875] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.984990][ T6875] device bridge_slave_1 entered promiscuous mode [ 588.005258][ T6875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 588.016366][ T6875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.040198][ T6875] team0: Port device team_slave_0 added [ 588.047450][ T6875] team0: Port device team_slave_1 added [ 588.065790][ T6875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.073042][ T6875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.099954][ T6875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.112892][ T6875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.120610][ T6875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.147311][ T6875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.175228][ T6875] device hsr_slave_0 entered promiscuous mode [ 588.182265][ T6875] device hsr_slave_1 entered promiscuous mode [ 588.277316][ T6875] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 588.287409][ T6875] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 588.303557][ T6875] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 588.315164][ T6875] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 588.341751][ T6875] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.348891][ T6875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.356999][ T6875] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.364184][ T6875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.410416][ T6875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 588.424356][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 588.435763][ T7007] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.445023][ T7007] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.453863][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 588.467196][ T6875] 8021q: adding VLAN 0 to HW filter on device team0 [ 588.479375][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 588.487739][ T7007] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.494845][ T7007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 588.511774][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 588.521176][ T6858] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.528207][ T6858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.550799][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 588.560138][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 588.568499][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 588.581805][ T6875] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 588.593391][ T6875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 588.604332][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 588.612526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 588.630677][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 588.638188][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 588.653039][ T6875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 588.672711][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 588.693036][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 588.701481][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 588.711285][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 588.722238][ T6875] device veth0_vlan entered promiscuous mode [ 588.735139][ T6875] device veth1_vlan entered promiscuous mode [ 588.757139][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 588.765864][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 588.774854][ T7007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 588.786475][ T6875] device veth0_macvtap entered promiscuous mode [ 588.796799][ T6875] device veth1_macvtap entered promiscuous mode [ 588.814577][ T6875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 588.822207][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 588.832709][ T6858] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 588.844682][ T6875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 588.853352][ T7087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 588.865131][ T6875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.874272][ T6875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.883442][ T6875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.892604][ T6875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 588.943185][ T7092] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 589.019520][ T7092] bond0: (slave tunl0): ether type (768) is different from other slaves (1), can not enslave it executing program [ 589.113111][ T7092] syz-executor007 (7092) used greatest stack depth: 23616 bytes left [ 589.127210][ T7099] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 589.203136][ T7099] bond0: (slave erspan0): Enslaving as an active interface with an up link executing program [ 589.348126][ T7106] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 589.420171][ T7106] bond0: (slave sit0): ether type (776) is different from other slaves (1), can not enslave it executing program [ 589.655891][ T7113] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 589.731186][ T7113] bond0: (slave syz_tun): Enslaving as an active interface with an up link executing program [ 589.856436][ T7113] bond0: (slave syz_tun): Releasing backup interface [ 589.876580][ T7007] Bluetooth: hci0: command 0x0409 tx timeout [ 589.909460][ T7122] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 589.964349][ T7122] bond0: (slave vcan0): ether type (280) is different from other slaves (1), can not enslave it executing program [ 590.057060][ T7131] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 590.126664][ T7131] bond0: (slave dummy0): Enslaving as an active interface with an up link executing program [ 590.267456][ T7131] bond0: (slave dummy0): Releasing backup interface [ 590.329172][ T7140] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 590.401099][ T7140] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 590.419441][ T7140] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 590.441311][ T7140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 590.448811][ T7140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 590.470813][ T7140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 590.478281][ T7140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 590.578009][ T7140] bond0: (slave batadv0): Releasing backup interface executing program [ 590.690936][ T7140] syz-executor007 (7140) used greatest stack depth: 23600 bytes left [ 590.697488][ T7149] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 590.772040][ T7149] bond0: (slave veth0): Enslaving as an active interface with an up link [ 590.962007][ T7149] bond0: (slave veth0): Releasing backup interface executing program [ 591.096150][ T7160] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 591.156458][ T7160] bond0: (slave wg0): ether type (65534) is different from other slaves (1), can not enslave it executing program [ 591.297698][ T7169] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 591.365612][ T7169] bond0: (slave veth0_to_bridge): Enslaving as an active interface with an up link [ 591.558981][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.600666][ T7169] bond0: (slave veth0_to_bridge): Releasing backup interface [ 591.612389][ T7169] device bridge_slave_0 left promiscuous mode [ 591.618905][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state executing program [ 591.720029][ T7180] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.728529][ T7180] device bridge_slave_1 left promiscuous mode [ 591.735095][ T7180] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.746875][ T7180] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 591.899566][ T7087] Bluetooth: hci0: command 0x041b tx timeout executing program [ 591.973724][ T7180] bond0: (slave bridge_slave_1): Releasing backup interface [ 592.081882][ T7191] bond0: (slave veth1_to_bond): Enslaving as an active interface with an up link [ 592.252887][ T7191] bond0: (slave veth1_to_bond): Releasing backup interface [ 592.263975][ T7191] bond0: (slave bond_slave_1): Releasing backup interface executing program [ 592.382592][ T7202] team0: Port device team_slave_0 removed [ 592.391677][ T7202] bond0: (slave team_slave_0): Enslaving as an active interface with an up link executing program [ 592.629290][ T7202] bond0: (slave team_slave_0): Releasing backup interface [ 592.744767][ T7213] bond0: (slave veth0_to_batadv): Enslaving as an active interface with an up link [ 593.057213][ T7213] bond0: (slave veth0_to_batadv): Releasing backup interface executing program [ 593.185099][ T7225] bond0: (slave batadv_slave_1): Enslaving as an active interface with an up link executing program [ 593.450673][ T7225] bond0: (slave batadv_slave_1): Releasing backup interface [ 593.565021][ T7236] bond0: (slave veth1_to_hsr): Enslaving as an active interface with an up link executing program [ 593.786478][ T7236] bond0: (slave veth1_to_hsr): Releasing backup interface [ 593.797594][ T7236] device hsr_slave_1 left promiscuous mode [ 593.899612][ T7247] bond0: (slave veth1_virt_wifi): Error: Device is in use and cannot be enslaved [ 593.992814][ T7007] Bluetooth: hci0: command 0x040f tx timeout executing program [ 594.265308][ T7260] __nla_validate_parse: 7 callbacks suppressed [ 594.265315][ T7260] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 594.338930][ T7260] bond0: (slave veth1_vlan): Error: Device is in use and cannot be enslaved executing program [ 595.255530][ T7283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor007'. [ 595.284758][ T7283] 8021q: adding VLAN 0 to HW filter on device bond1 [ 595.292977][ T7283] bond0: (slave bond1): Enslaving as an active interface with an up link [ 595.305095][ T7283] bond1: (slave vcan0): The slave device specified does not support setting the MAC address [ 595.315514][ T7283] bond1: (slave vcan0): Error -22 calling dev_set_mtu [ 595.371315][ T7319] bond1 (unregistering): Released all slaves [ 595.377686][ T7319] ------------[ cut here ]------------ [ 595.384231][ T7319] WARNING: CPU: 0 PID: 7319 at net/core/dev.c:9304 rollback_registered_many+0xecd/0x1210 [ 595.394732][ T7319] Kernel panic - not syncing: panic_on_warn set ... [ 595.401369][ T7319] CPU: 0 PID: 7319 Comm: syz-executor007 Not tainted 5.9.0-rc1-syzkaller #0 [ 595.410018][ T7319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.420100][ T7319] Call Trace: [ 595.423485][ T7319] dump_stack+0x18f/0x20d [ 595.427861][ T7319] panic+0x2e3/0x75c [ 595.431764][ T7319] ? __warn_printk+0xf3/0xf3 [ 595.436404][ T7319] ? printk+0xba/0xed [ 595.440436][ T7319] ? log_store.cold+0x16/0x16 [ 595.445090][ T7319] ? __warn.cold+0x5/0x4a [ 595.449405][ T7319] ? __warn+0xd6/0x1f2 [ 595.453459][ T7319] ? rollback_registered_many+0xecd/0x1210 [ 595.459330][ T7319] __warn.cold+0x20/0x4a [ 595.463553][ T7319] ? rollback_registered_many+0xecd/0x1210 [ 595.469354][ T7319] report_bug+0x1bd/0x210 [ 595.473785][ T7319] handle_bug+0x38/0x90 [ 595.477936][ T7319] exc_invalid_op+0x14/0x40 [ 595.482484][ T7319] asm_exc_invalid_op+0x12/0x20 [ 595.487380][ T7319] RIP: 0010:rollback_registered_many+0xecd/0x1210 [ 595.493781][ T7319] Code: 0a 1b 00 00 48 c7 c6 c0 ef fe 88 48 c7 c7 00 f0 fe 88 c6 05 68 fc 70 04 01 e8 a1 16 09 fb 0f 0b e9 13 fc ff ff e8 93 05 38 fb <0f> 0b e9 ea fb ff ff e8 87 05 38 fb 0f 0b e9 29 fc ff ff e8 9b 19 [ 595.513375][ T7319] RSP: 0018:ffffc9000756f290 EFLAGS: 00010293 [ 595.519441][ T7319] RAX: 0000000000000000 RBX: 000000009df50501 RCX: ffffffff863c3566 [ 595.527487][ T7319] RDX: ffff8880a105c280 RSI: ffffffff863c397d RDI: 0000000000000001 [ 595.535433][ T7319] RBP: ffff8880a2f41f00 R08: 0000000000000000 R09: ffffffff8a7e5ce7 [ 595.543410][ T7319] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 595.551378][ T7319] R13: ffff888092abc000 R14: dffffc0000000000 R15: ffff8880a2f41f00 [ 595.559340][ T7319] ? rollback_registered_many+0xab6/0x1210 [ 595.565124][ T7319] ? rollback_registered_many+0xecd/0x1210 [ 595.570913][ T7319] ? flush_backlog+0x640/0x640 [ 595.575657][ T7319] ? unregister_netdevice_queue+0x216/0x570 [ 595.581533][ T7319] ? unregister_netdevice_many+0x50/0x50 [ 595.587177][ T7319] unregister_netdevice_many.part.0+0x1a/0x2f0 [ 595.593309][ T7319] ? unregister_netdevice_many+0x50/0x50 [ 595.598917][ T7319] unregister_netdevice_many+0x36/0x50 [ 595.604439][ T7319] rtnl_dellink+0x34a/0xa60 [ 595.608928][ T7319] ? _raw_spin_unlock_irq+0x1f/0x80 [ 595.614102][ T7319] ? rtnl_link_get_net_capable.constprop.0+0x390/0x390 [ 595.620999][ T7319] ? trace_hardirqs_on+0x5f/0x220 [ 595.626008][ T7319] ? lockdep_hardirqs_on+0x76/0xf0 [ 595.631115][ T7319] ? mutex_lock_io_nested+0xf60/0xf60 [ 595.636470][ T7319] ? lock_is_held_type+0xbb/0xf0 [ 595.641389][ T7319] ? rtnl_link_get_net_capable.constprop.0+0x390/0x390 [ 595.648213][ T7319] rtnetlink_rcv_msg+0x44e/0xad0 [ 595.653217][ T7319] ? rtnetlink_put_metrics+0x510/0x510 [ 595.658694][ T7319] ? lock_acquire+0x1f1/0xad0 [ 595.663375][ T7319] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 595.668702][ T7319] netlink_rcv_skb+0x15a/0x430 [ 595.673451][ T7319] ? rtnetlink_put_metrics+0x510/0x510 [ 595.678887][ T7319] ? netlink_ack+0xa10/0xa10 [ 595.683459][ T7319] netlink_unicast+0x533/0x7d0 [ 595.688223][ T7319] ? netlink_attachskb+0x810/0x810 [ 595.693357][ T7319] ? _copy_from_iter_full+0x247/0x890 [ 595.698749][ T7319] ? __phys_addr+0x9a/0x110 [ 595.703244][ T7319] ? __phys_addr_symbol+0x2c/0x70 [ 595.708293][ T7319] ? __check_object_size+0x171/0x3e4 [ 595.713576][ T7319] netlink_sendmsg+0x856/0xd90 [ 595.718374][ T7319] ? netlink_unicast+0x7d0/0x7d0 [ 595.723471][ T7319] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 595.728740][ T7319] ? netlink_unicast+0x7d0/0x7d0 [ 595.733729][ T7319] sock_sendmsg+0xcf/0x120 [ 595.738139][ T7319] ____sys_sendmsg+0x6e8/0x810 [ 595.742882][ T7319] ? kernel_sendmsg+0x50/0x50 [ 595.747533][ T7319] ? do_recvmmsg+0x6d0/0x6d0 [ 595.752103][ T7319] ? mark_lock+0xbc/0x1710 [ 595.756499][ T7319] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 595.762647][ T7319] ? __lock_acquire+0xbb5/0x5640 [ 595.767564][ T7319] ___sys_sendmsg+0xf3/0x170 [ 595.772264][ T7319] ? sendmsg_copy_msghdr+0x160/0x160 [ 595.777551][ T7319] ? __fget_files+0x272/0x400 [ 595.782330][ T7319] ? lock_downgrade+0x830/0x830 [ 595.787212][ T7319] ? percpu_counter_add_batch+0x126/0x180 [ 595.792916][ T7319] ? __fget_files+0x294/0x400 [ 595.797589][ T7319] ? __fget_light+0xea/0x280 [ 595.802199][ T7319] __sys_sendmsg+0xe5/0x1b0 [ 595.806722][ T7319] ? __sys_sendmsg_sock+0xb0/0xb0 [ 595.811734][ T7319] ? trace_hardirqs_on+0x5f/0x220 [ 595.816729][ T7319] ? lockdep_hardirqs_on+0x76/0xf0 [ 595.821977][ T7319] do_syscall_64+0x2d/0x70 [ 595.826416][ T7319] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 595.832289][ T7319] RIP: 0033:0x44b0f9 [ 595.836194][ T7319] Code: e8 3c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 04 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 595.855985][ T7319] RSP: 002b:00007fd3ad4d3d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 595.864371][ T7319] RAX: ffffffffffffffda RBX: 0000000000700038 RCX: 000000000044b0f9 [ 595.872442][ T7319] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000009 [ 595.880402][ T7319] RBP: 0000000000700030 R08: 0000000000000000 R09: 0000000000000000 [ 595.888367][ T7319] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000070003c [ 595.896317][ T7319] R13: 0000000000000000 R14: 0000000000000000 R15: 068500100000003c [ 595.905777][ T7319] Kernel Offset: disabled [ 595.910107][ T7319] Rebooting in 86400 seconds..