[ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. syzkaller login: [ 54.238794][ T6814] IPVS: ftp: loaded support on port[0] = 21 [ 54.314927][ T6814] chnl_net:caif_netlink_parms(): no params data found [ 54.363427][ T6814] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.371459][ T6814] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.379643][ T6814] device bridge_slave_0 entered promiscuous mode [ 54.387872][ T6814] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.395966][ T6814] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.403917][ T6814] device bridge_slave_1 entered promiscuous mode [ 54.422827][ T6814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.434066][ T6814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.456162][ T6814] team0: Port device team_slave_0 added [ 54.463370][ T6814] team0: Port device team_slave_1 added [ 54.480794][ T6814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.487731][ T6814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.514557][ T6814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.527024][ T6814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.534188][ T6814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.560512][ T6814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.621261][ T6814] device hsr_slave_0 entered promiscuous mode [ 54.679117][ T6814] device hsr_slave_1 entered promiscuous mode [ 54.797460][ T6814] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.851916][ T6814] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.901445][ T6814] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.950910][ T6814] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.004099][ T6814] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.011250][ T6814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.019235][ T6814] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.026294][ T6814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.067507][ T6814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.082134][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.092218][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.100329][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.108013][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.122869][ T6814] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.133523][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.143990][ T3786] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.151097][ T3786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.168917][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.177203][ T2488] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.184308][ T2488] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.195695][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.204777][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.216922][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.234522][ T6814] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.245838][ T6814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.258234][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.267603][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.276285][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.294347][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.302216][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.314656][ T6814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.334045][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 55.343348][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 55.362399][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 55.372407][ T3786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.383562][ T6814] device veth0_vlan entered promiscuous mode [ 55.390583][ T3785] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.398225][ T3785] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.412253][ T6814] device veth1_vlan entered promiscuous mode [ 55.432926][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.441625][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.450196][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.458886][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.470258][ T6814] device veth0_macvtap entered promiscuous mode [ 55.480520][ T6814] device veth1_macvtap entered promiscuous mode [ 55.496645][ T6814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.504068][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.513518][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 55.521811][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 55.533411][ T2488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 55.545813][ T6814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.553227][ T3785] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 55.562120][ T3785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 55.727043][ T6814] tipc: Started in network mode [ 55.732060][ T6814] tipc: Own node identity aaaaaaaaaa3a, cluster identity 4711 [ 55.740280][ T6814] tipc: Enabled bearer , priority 0 [ 55.787247][ T6814] tipc: TX(aaaaaaaaaa3a): key initiating, rc 1! [ 55.794480][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor855/6814 [ 55.804277][ T6814] caller is tipc_crypto_xmit+0x80a/0x2790 [ 55.810069][ T6814] CPU: 0 PID: 6814 Comm: syz-executor855 Not tainted 5.8.0-rc4-syzkaller #0 [ 55.818742][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.828781][ T6814] Call Trace: [ 55.832049][ T6814] dump_stack+0x18f/0x20d [ 55.836443][ T6814] check_preemption_disabled+0x128/0x130 [ 55.842052][ T6814] tipc_crypto_xmit+0x80a/0x2790 [ 55.847011][ T6814] ? tipc_crypto_timeout+0x10f0/0x10f0 [ 55.852445][ T6814] ? bearer_get+0x168/0x340 [ 55.856926][ T6814] ? lock_downgrade+0x820/0x820 [ 55.861751][ T6814] ? lockdep_hardirqs_on+0x6a/0xe0 [ 55.866836][ T6814] ? memcpy+0x39/0x60 [ 55.870795][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 55.875711][ T6814] tipc_bearer_xmit_skb+0x180/0x3f0 [ 55.880884][ T6814] ? tipc_bearer_mtu+0x4d0/0x4d0 [ 55.885795][ T6814] ? tipc_disc_create+0x705/0xa90 [ 55.890911][ T6814] tipc_enable_bearer+0xb1d/0xdc0 [ 55.895912][ T6814] ? tipc_bearer_xmit_skb+0x3f0/0x3f0 [ 55.901258][ T6814] ? __sys_sendmsg+0xe5/0x1b0 [ 55.905913][ T6814] ? do_syscall_32_irqs_on+0x3f/0x60 [ 55.911215][ T6814] ? do_fast_syscall_32+0x7f/0x120 [ 55.916299][ T6814] ? cache_alloc_refill+0x2fd/0x340 [ 55.921475][ T6814] ? __nla_parse+0x3d/0x4a [ 55.925871][ T6814] __tipc_nl_bearer_enable+0x2bf/0x390 [ 55.931306][ T6814] ? tipc_nl_bearer_disable+0x30/0x30 [ 55.936655][ T6814] ? tipc_nl_compat_bearer_enable+0x33c/0x5a0 [ 55.942699][ T6814] ? __nla_parse+0x3d/0x4a [ 55.947100][ T6814] tipc_nl_compat_doit+0x440/0x640 [ 55.952187][ T6814] ? tipc_nl_compat_dumpit+0x570/0x570 [ 55.957618][ T6814] ? apparmor_capable+0x1d8/0x460 [ 55.962626][ T6814] ? ns_capable+0xde/0x100 [ 55.967018][ T6814] tipc_nl_compat_recv+0x4ef/0xb40 [ 55.972106][ T6814] ? tipc_nl_compat_link_set+0xad0/0xad0 [ 55.977710][ T6814] ? tipc_nl_bearer_disable+0x30/0x30 [ 55.983057][ T6814] ? tipc_nl_compat_bearer_disable+0x2c0/0x2c0 [ 55.989183][ T6814] ? mutex_lock_io_nested+0xf60/0xf60 [ 55.994529][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 55.999445][ T6814] ? __radix_tree_lookup+0x1f3/0x290 [ 56.004705][ T6814] ? genl_family_rcv_msg_attrs_parse.isra.0+0x8d/0x250 [ 56.011540][ T6814] genl_rcv_msg+0x61d/0x980 [ 56.016109][ T6814] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 56.023022][ T6814] ? lock_release+0x8d0/0x8d0 [ 56.027692][ T6814] ? netdev_core_pick_tx+0x2e0/0x2e0 [ 56.032950][ T6814] ? do_raw_spin_unlock+0x171/0x230 [ 56.038128][ T6814] netlink_rcv_skb+0x15a/0x430 [ 56.042869][ T6814] ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 [ 56.049789][ T6814] ? netlink_ack+0xa10/0xa10 [ 56.054368][ T6814] genl_rcv+0x24/0x40 [ 56.058331][ T6814] netlink_unicast+0x533/0x7d0 [ 56.063080][ T6814] ? netlink_attachskb+0x810/0x810 [ 56.068173][ T6814] ? _copy_from_iter_full+0x247/0x890 [ 56.073525][ T6814] ? __phys_addr+0x9a/0x110 [ 56.078004][ T6814] ? __phys_addr_symbol+0x2c/0x70 [ 56.083095][ T6814] ? __check_object_size+0x171/0x3e4 [ 56.088359][ T6814] netlink_sendmsg+0x856/0xd90 [ 56.093102][ T6814] ? netlink_unicast+0x7d0/0x7d0 [ 56.098016][ T6814] ? netlink_unicast+0x7d0/0x7d0 [ 56.102928][ T6814] sock_sendmsg+0xcf/0x120 [ 56.107320][ T6814] ____sys_sendmsg+0x6e8/0x810 [ 56.112060][ T6814] ? kernel_sendmsg+0x50/0x50 [ 56.116712][ T6814] ? do_recvmmsg+0x6d0/0x6d0 [ 56.121278][ T6814] ? find_held_lock+0x2d/0x110 [ 56.126042][ T6814] ? debug_object_activate+0x287/0x3e0 [ 56.131476][ T6814] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.137428][ T6814] ? lock_downgrade+0x820/0x820 [ 56.142258][ T6814] ___sys_sendmsg+0xf3/0x170 [ 56.146825][ T6814] ? sendmsg_copy_msghdr+0x160/0x160 [ 56.152092][ T6814] ? lock_downgrade+0x820/0x820 [ 56.156957][ T6814] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.162738][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.168718][ T6814] ? trace_hardirqs_on+0x5f/0x220 [ 56.173716][ T6814] ? lockdep_hardirqs_on+0x6a/0xe0 [ 56.178810][ T6814] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 56.184732][ T6814] ? debug_object_active_state+0x260/0x350 [ 56.190517][ T6814] ? __fget_light+0x215/0x280 [ 56.195181][ T6814] __sys_sendmsg+0xe5/0x1b0 [ 56.199659][ T6814] ? __sys_sendmsg_sock+0xb0/0xb0 [ 56.204660][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 56.209592][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 56.214504][ T6814] ? do_fast_syscall_32+0x40/0x120 [ 56.219588][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.225560][ T6814] do_syscall_32_irqs_on+0x3f/0x60 [ 56.230662][ T6814] do_fast_syscall_32+0x7f/0x120 [ 56.235573][ T6814] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 56.241872][ T6814] RIP: 0023:0xf7f95569 [ 56.245933][ T6814] Code: Bad RIP value. [ 56.250080][ T6814] RSP: 002b:00000000ffcf746c EFLAGS: 00000246 ORIG_RAX: 0000000000000172 [ 56.258465][ T6814] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000640 [ 56.266411][ T6814] RDX: 0000000000000000 RSI: 00000000f7f9528c RDI: 0000000000000004 [ 56.274459][ T6814] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.282407][ T6814] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000