[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. syzkaller login: [ 31.259592] IPVS: ftp: loaded support on port[0] = 21 [ 31.324126] chnl_net:caif_netlink_parms(): no params data found [ 31.374550] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.381071] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.389418] device bridge_slave_0 entered promiscuous mode [ 31.395962] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.402579] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.409849] device bridge_slave_1 entered promiscuous mode [ 31.425827] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 31.434398] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 31.451579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 31.458701] team0: Port device team_slave_0 added [ 31.464420] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 31.472177] team0: Port device team_slave_1 added [ 31.486033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.492313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.518309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.529496] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.535726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.561390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.572040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 31.579565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 31.597347] device hsr_slave_0 entered promiscuous mode [ 31.602877] device hsr_slave_1 entered promiscuous mode [ 31.609214] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 31.616048] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 31.674692] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.681119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.687891] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.694227] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.719901] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 31.725954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.734456] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 31.742680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.761500] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.768523] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.777580] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 31.783710] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.791931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.799563] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.805887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.814588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.822290] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.828656] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.846777] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.856556] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.867217] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 31.873993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.881737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.889355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.896730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.904775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.911575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.923775] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.931635] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.938575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.949830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.995503] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 32.004762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.028999] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 32.035821] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 32.042990] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 32.051148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.058589] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.065340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.074109] device veth0_vlan entered promiscuous mode [ 32.082470] device veth1_vlan entered promiscuous mode [ 32.088474] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 32.096344] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 32.106424] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 32.115962] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 32.123408] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 32.130793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.140127] device veth0_macvtap entered promiscuous mode [ 32.146046] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 32.154776] device veth1_macvtap entered promiscuous mode [ 32.164347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 32.172971] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 32.182859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.189915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.198226] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 32.207487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.214068] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program executing program executing program [ 32.316969] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 32.722431] bridge0: port 3(vlan2) entered blocking state [ 32.728355] bridge0: port 3(vlan2) entered disabled state executing program [ 32.823274] BUG: spinlock recursion on CPU#0, syz-executor076/8269 [ 32.829600] lock: 0xffff8880b3a920b8, .magic: dead4ead, .owner: syz-executor076/8269, .owner_cpu: 0 [ 32.838870] CPU: 0 PID: 8269 Comm: syz-executor076 Not tainted 4.14.246-syzkaller #0 [ 32.846732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.856060] Call Trace: [ 32.858624] dump_stack+0x1b2/0x281 [ 32.862226] do_raw_spin_lock+0x1a2/0x200 [ 32.866352] dev_mc_sync+0x10b/0x1c0 [ 32.870039] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 32.875025] vlan_dev_set_rx_mode+0x38/0x80 [ 32.879320] __dev_set_rx_mode+0x191/0x2a0 [ 32.883526] dev_uc_unsync+0x16c/0x1c0 [ 32.887389] bond_enslave+0x1d35/0x4cf0 [ 32.891336] ? bond_update_slave_arr+0x6a0/0x6a0 [ 32.896064] ? nlmsg_notify+0x126/0x170 [ 32.900010] ? rtmsg_ifinfo+0xd4/0x100 [ 32.903870] ? __dev_notify_flags+0x12b/0x260 [ 32.908335] ? dev_change_name+0x6a0/0x6a0 [ 32.912545] ? bond_update_slave_arr+0x6a0/0x6a0 [ 32.917272] do_set_master+0x19e/0x200 [ 32.921131] rtnl_newlink+0x136f/0x1860 [ 32.925079] ? __lock_acquire+0x5fc/0x3f20 [ 32.929295] ? kmem_cache_free+0x7c/0x2b0 [ 32.933422] ? rtnl_dellink+0x6a0/0x6a0 [ 32.939192] ? trace_hardirqs_on+0x10/0x10 [ 32.943406] ? netlink_deliver_tap+0x60c/0x7d0 [ 32.947965] ? netlink_unicast+0x485/0x610 [ 32.952176] ? netlink_sendmsg+0x62e/0xb80 [ 32.956383] ? ___sys_sendmsg+0x6c8/0x800 [ 32.960503] ? __sys_sendmsg+0xa3/0x120 [ 32.964448] ? SyS_sendmsg+0x27/0x40 [ 32.968143] ? lock_acquire+0x170/0x3f0 [ 32.972089] ? lock_downgrade+0x740/0x740 [ 32.976210] ? rtnl_dellink+0x6a0/0x6a0 [ 32.980155] rtnetlink_rcv_msg+0x3be/0xb10 [ 32.984362] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 32.988866] ? __netlink_lookup+0x345/0x5d0 [ 32.993169] ? netdev_pick_tx+0x2e0/0x2e0 [ 32.997295] netlink_rcv_skb+0x125/0x390 [ 33.001325] ? memcpy+0x35/0x50 [ 33.004576] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 33.009043] ? netlink_ack+0x9a0/0x9a0 [ 33.012908] netlink_unicast+0x437/0x610 [ 33.016944] ? netlink_sendskb+0xd0/0xd0 [ 33.021011] ? __check_object_size+0x179/0x230 [ 33.025566] netlink_sendmsg+0x62e/0xb80 [ 33.029601] ? nlmsg_notify+0x170/0x170 [ 33.033544] ? kernel_recvmsg+0x210/0x210 [ 33.037699] ? security_socket_sendmsg+0x83/0xb0 [ 33.042426] ? nlmsg_notify+0x170/0x170 [ 33.046373] sock_sendmsg+0xb5/0x100 [ 33.050086] ___sys_sendmsg+0x6c8/0x800 [ 33.054035] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 33.058764] ? trace_hardirqs_on+0x10/0x10 [ 33.062972] ? lock_acquire+0x170/0x3f0 [ 33.066918] ? lock_downgrade+0x740/0x740 [ 33.071044] ? __might_fault+0x104/0x1b0 [ 33.075076] ? lock_acquire+0x170/0x3f0 [ 33.079023] ? lock_downgrade+0x740/0x740 [ 33.083143] ? __might_fault+0x177/0x1b0 [ 33.087180] ? _copy_to_user+0x82/0xd0 [ 33.091038] ? move_addr_to_user+0x13f/0x180 [ 33.095419] ? __fdget+0x167/0x1f0 [ 33.098934] ? sockfd_lookup_light+0xb2/0x160 [ 33.103404] __sys_sendmsg+0xa3/0x120 [ 33.107176] ? SyS_shutdown+0x160/0x160 [ 33.111128] ? move_addr_to_kernel+0x60/0x60 [ 33.115510] ? __do_page_fault+0x159/0xad0 [ 33.119717] SyS_sendmsg+0x27/0x40 [ 33.123230] ? __sys_sendmsg+0x120/0x120 [ 33.127264] do_syscall_64+0x1d5/0x640 [ 33.131123] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 33.136286] RIP: 0033:0x7f3faaf4fba9 [ 33.139968] RSP: 002b:00007ffd3a0262d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 33.147647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f3faaf4fba9 [ 33.154890] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 33.162134] RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d [ 33.169377] R10: 000000000000000d R11: 0000000000000246 R12: 00007ffd3a0262f0 [ 33.176616] R13: 00000000000f4240 R14: 0000000000008019 R15: 00007ffd3a0262e4