Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. syzkaller login: [ 28.286191] IPVS: ftp: loaded support on port[0] = 21 [ 28.351836] chnl_net:caif_netlink_parms(): no params data found [ 28.459094] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.465697] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.473191] device bridge_slave_0 entered promiscuous mode [ 28.480889] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.487247] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.494419] device bridge_slave_1 entered promiscuous mode [ 28.510068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.518611] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.536642] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.543770] team0: Port device team_slave_0 added [ 28.549952] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.556963] team0: Port device team_slave_1 added [ 28.571564] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.577797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.604003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.615412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.621747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.647073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.658051] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.665588] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.682970] device hsr_slave_0 entered promiscuous mode [ 28.688662] device hsr_slave_1 entered promiscuous mode [ 28.694497] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.701598] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.761169] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.767627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.774515] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.780928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.806304] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.812948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.821375] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.830456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.849474] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.856426] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.866118] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.872766] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.881028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.888929] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.895274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.914215] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.924413] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.935779] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.944122] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.951990] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.958381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.965796] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.973607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.981274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.988986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.998450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.005155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.017873] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.025519] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.032253] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.042614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.089956] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.099387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.124564] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.131966] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.139420] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.149714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.157008] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.164461] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.172394] device veth0_vlan entered promiscuous mode [ 29.181493] device veth1_vlan entered promiscuous mode [ 29.187232] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.195820] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.206638] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.215757] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.223089] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.230321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.239669] device veth0_macvtap entered promiscuous mode [ 29.245637] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.253963] device veth1_macvtap entered promiscuous mode [ 29.262936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.272260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.281939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.288877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.296746] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.306091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.312903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.338086] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready executing program [ 29.397447] netlink: 20 bytes leftover after parsing attributes in process `syz-executor304'. [ 29.410411] BUG: spinlock recursion on CPU#0, syz-executor304/7974 [ 29.416807] lock: 0xffff888095e71e38, .magic: dead4ead, .owner: syz-executor304/7974, .owner_cpu: 0 [ 29.426094] CPU: 0 PID: 7974 Comm: syz-executor304 Not tainted 4.14.290-syzkaller #0 [ 29.433956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 29.443284] Call Trace: [ 29.445850] dump_stack+0x1b2/0x281 [ 29.449457] do_raw_spin_lock+0x1a2/0x200 [ 29.453591] dev_mc_sync+0x10b/0x1c0 [ 29.457282] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 29.462274] vlan_dev_set_rx_mode+0x38/0x80 [ 29.466569] __dev_set_rx_mode+0x191/0x2a0 [ 29.470779] dev_uc_unsync+0x16c/0x1c0 [ 29.474641] bond_enslave+0x1d35/0x4cf0 [ 29.478591] ? bond_update_slave_arr+0x6a0/0x6a0 [ 29.483324] ? nlmsg_notify+0x12b/0x1b0 [ 29.487273] ? nlmsg_notify+0xd5/0x1b0 [ 29.491221] ? rtmsg_ifinfo+0xd4/0x100 [ 29.495085] ? __dev_notify_flags+0x12b/0x260 [ 29.499559] ? dev_change_name+0x6a0/0x6a0 [ 29.503769] ? dev_set_allmulti+0x30/0x30 [ 29.507903] ? bond_update_slave_arr+0x6a0/0x6a0 [ 29.512633] do_set_master+0x19e/0x200 [ 29.516505] rtnl_newlink+0x1356/0x1830 [ 29.520456] ? __lock_acquire+0x5fc/0x3f20 [ 29.524681] ? kasan_slab_free+0xc3/0x1a0 [ 29.528802] ? rtnl_dellink+0x6a0/0x6a0 [ 29.532750] ? trace_hardirqs_on+0x10/0x10 [ 29.536958] ? __dev_queue_xmit+0x1d7f/0x2480 [ 29.541513] ? netlink_deliver_tap+0x61b/0x860 [ 29.546068] ? netlink_unicast+0x485/0x610 [ 29.550277] ? sock_sendmsg+0xb5/0x100 [ 29.554136] ? ___sys_sendmsg+0x6c8/0x800 [ 29.558266] ? __sys_sendmsg+0xa3/0x120 [ 29.562225] ? lock_acquire+0x170/0x3f0 [ 29.566175] ? lock_downgrade+0x740/0x740 [ 29.570303] ? rtnl_dellink+0x6a0/0x6a0 [ 29.574365] rtnetlink_rcv_msg+0x3be/0xb10 [ 29.578600] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.583068] ? __netlink_lookup+0x345/0x5d0 [ 29.587375] ? netdev_pick_tx+0x2e0/0x2e0 [ 29.591500] netlink_rcv_skb+0x125/0x390 [ 29.595536] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.600044] ? netlink_ack+0x9a0/0x9a0 [ 29.603913] netlink_unicast+0x437/0x610 [ 29.607958] ? netlink_sendskb+0xd0/0xd0 [ 29.612005] ? __check_object_size+0x179/0x230 [ 29.616564] netlink_sendmsg+0x648/0xbc0 [ 29.620602] ? nlmsg_notify+0x1b0/0x1b0 [ 29.624552] ? kernel_recvmsg+0x210/0x210 [ 29.628687] ? security_socket_sendmsg+0x83/0xb0 [ 29.633515] ? nlmsg_notify+0x1b0/0x1b0 [ 29.637463] sock_sendmsg+0xb5/0x100 [ 29.641161] ___sys_sendmsg+0x6c8/0x800 [ 29.645110] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.649844] ? trace_hardirqs_on+0x10/0x10 [ 29.654068] ? trace_hardirqs_on+0x10/0x10 [ 29.658290] ? apparmor_file_alloc_security+0x129/0x800 [ 29.663625] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.669049] ? __lockdep_init_map+0x100/0x560 [ 29.673516] ? __fd_install+0x1ec/0x5c0 [ 29.677495] ? lock_acquire+0x170/0x3f0 [ 29.681459] ? lock_downgrade+0x740/0x740 [ 29.685580] ? __fdget+0x167/0x1f0 [ 29.689096] ? sockfd_lookup_light+0xb2/0x160 [ 29.693562] __sys_sendmsg+0xa3/0x120 [ 29.697334] ? SyS_shutdown+0x160/0x160 [ 29.701279] ? move_addr_to_kernel+0x60/0x60 [ 29.705668] SyS_sendmsg+0x27/0x40 [ 29.709182] ? __sys_sendmsg+0x120/0x120 [ 29.713217] do_syscall_64+0x1d5/0x640 [ 29.717090] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.722251] RIP: 0033:0x7fd2ce4a76d9 [ 29.725933] RSP: 002b:00007ffdfe6026c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.733631] RAX: ffffffffffffffda RBX: 00007ffdfe6026d8 RCX: 00007fd2ce4a76d9 [ 29.740884] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000005 [ 29.748134] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 29.755379] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdfe6026e0 [ 29.762635] R13: 00007ffdfe602700 R14: 0000000000000000 R15: 0000000000000000