[ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. syzkaller login: [ 27.690877] IPVS: ftp: loaded support on port[0] = 21 [ 27.761727] chnl_net:caif_netlink_parms(): no params data found [ 27.848913] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.855449] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.863177] device bridge_slave_0 entered promiscuous mode [ 27.870935] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.877284] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.885009] device bridge_slave_1 entered promiscuous mode [ 27.900756] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.909636] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.926130] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.933857] team0: Port device team_slave_0 added [ 27.939386] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.946382] team0: Port device team_slave_1 added [ 27.960264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.966482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.991885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.003076] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.009400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.034699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.045405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.052928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.070846] device hsr_slave_0 entered promiscuous mode [ 28.076407] device hsr_slave_1 entered promiscuous mode [ 28.082513] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.089558] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.146138] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.152573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.159483] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.165827] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.193901] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.200582] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.207927] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.216409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.235174] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.242253] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.251915] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.257972] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.266365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.274029] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.280441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.289584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.297116] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.303499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.319645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.327278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.335609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.344257] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.353206] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.362446] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.368699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.380276] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.387235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.394603] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.404068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.450665] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.460269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.489091] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.496120] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.503733] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.512461] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.520676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.527414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.536135] device veth0_vlan entered promiscuous mode [ 28.545172] device veth1_vlan entered promiscuous mode [ 28.551418] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.560535] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 28.571168] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 28.579774] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 28.586898] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 28.594524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.603368] device veth0_macvtap entered promiscuous mode [ 28.609730] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 28.617499] device veth1_macvtap entered promiscuous mode [ 28.625741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 28.634609] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 28.644472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.651504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.659504] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.670161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.679540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 28.748639] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.766042] team0: Port device vlan2 added [ 28.773795] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.781477] BUG: spinlock recursion on CPU#1, syz-executor134/7973 [ 28.787834] lock: 0xffff8880b3569f78, .magic: dead4ead, .owner: syz-executor134/7973, .owner_cpu: 1 [ 28.797096] CPU: 1 PID: 7973 Comm: syz-executor134 Not tainted 4.14.277-syzkaller #0 [ 28.804958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.814292] Call Trace: [ 28.816860] dump_stack+0x1b2/0x281 [ 28.820466] do_raw_spin_lock+0x1a2/0x200 [ 28.824592] dev_mc_sync+0x10b/0x1c0 [ 28.828278] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 28.833267] vlan_dev_set_rx_mode+0x38/0x80 [ 28.837578] __dev_set_rx_mode+0x191/0x2a0 [ 28.841788] dev_uc_sync_multiple+0x17a/0x1c0 [ 28.846257] team_set_rx_mode+0xb8/0x1e0 [ 28.850295] ? team_dummy_transmit+0x20/0x20 [ 28.854675] __dev_set_rx_mode+0x191/0x2a0 [ 28.858885] dev_uc_unsync+0x16c/0x1c0 [ 28.862746] bond_enslave+0x1d35/0x4cf0 [ 28.866695] ? bond_update_slave_arr+0x6a0/0x6a0 [ 28.871423] ? __dev_notify_flags+0x12b/0x260 [ 28.875890] ? dev_change_name+0x6a0/0x6a0 [ 28.880101] ? dev_set_allmulti+0x30/0x30 [ 28.884225] ? bond_update_slave_arr+0x6a0/0x6a0 [ 28.888953] do_set_master+0x19e/0x200 [ 28.892820] do_setlink+0x8b8/0x2bf0 [ 28.896508] ? trace_hardirqs_on+0x10/0x10 [ 28.900715] ? rtnl_fdb_add+0x770/0x770 [ 28.904665] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.910521] ? trace_hardirqs_on+0x10/0x10 [ 28.914728] ? trace_hardirqs_on+0x10/0x10 [ 28.918935] ? deref_stack_reg+0x124/0x1a0 [ 28.923144] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 28.929000] ? is_bpf_text_address+0x91/0x150 [ 28.933467] ? unwind_next_frame+0xe54/0x17d0 [ 28.937937] ? __save_stack_trace+0x63/0x160 [ 28.942318] ? deref_stack_reg+0x124/0x1a0 [ 28.946525] ? is_bpf_text_address+0x91/0x150 [ 28.951004] ? lock_acquire+0x170/0x3f0 [ 28.954972] ? lock_downgrade+0x740/0x740 [ 28.959112] ? validate_nla+0x192/0x5e0 [ 28.963060] ? nla_parse+0x157/0x1f0 [ 28.966746] ? validate_linkmsg+0x3a1/0x460 [ 28.971039] rtnl_newlink+0x1271/0x1830 [ 28.974987] ? __lock_acquire+0x5fc/0x3f20 [ 28.979199] ? kasan_slab_free+0xc3/0x1a0 [ 28.983324] ? rtnl_dellink+0x6a0/0x6a0 [ 28.987271] ? trace_hardirqs_on+0x10/0x10 [ 28.991480] ? __dev_queue_xmit+0x1d7f/0x2480 [ 28.995948] ? netlink_deliver_tap+0x61b/0x860 [ 29.000503] ? netlink_unicast+0x485/0x610 [ 29.004708] ? netlink_sendmsg+0x5e0/0xbc0 [ 29.008916] ? sock_sendmsg+0xb5/0x100 [ 29.012773] ? ___sys_sendmsg+0x6c8/0x800 [ 29.016890] ? __sys_sendmsg+0xa3/0x120 [ 29.020841] ? __lock_acquire+0x5fc/0x3f20 [ 29.025056] ? lock_acquire+0x170/0x3f0 [ 29.029003] ? lock_downgrade+0x740/0x740 [ 29.033124] ? rtnl_dellink+0x6a0/0x6a0 [ 29.037075] rtnetlink_rcv_msg+0x3be/0xb10 [ 29.041284] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.045751] ? __netlink_lookup+0x345/0x5d0 [ 29.050052] ? netdev_pick_tx+0x2e0/0x2e0 [ 29.054173] netlink_rcv_skb+0x125/0x390 [ 29.058218] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.062686] ? netlink_ack+0x9a0/0x9a0 [ 29.066547] netlink_unicast+0x437/0x610 [ 29.070581] ? netlink_sendskb+0xd0/0xd0 [ 29.074617] ? __check_object_size+0x179/0x230 [ 29.079176] netlink_sendmsg+0x648/0xbc0 [ 29.083212] ? nlmsg_notify+0x1b0/0x1b0 [ 29.087158] ? kernel_recvmsg+0x210/0x210 [ 29.091285] ? security_socket_sendmsg+0x83/0xb0 [ 29.096013] ? nlmsg_notify+0x1b0/0x1b0 [ 29.099961] sock_sendmsg+0xb5/0x100 [ 29.103651] ___sys_sendmsg+0x6c8/0x800 [ 29.107598] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.112326] ? trace_hardirqs_on+0x10/0x10 [ 29.116532] ? trace_hardirqs_on+0x10/0x10 [ 29.120742] ? apparmor_file_alloc_security+0x129/0x800 [ 29.126129] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 29.131553] ? __lockdep_init_map+0x100/0x560 [ 29.136022] ? __fd_install+0x1ec/0x5c0 [ 29.139970] ? lock_acquire+0x170/0x3f0 [ 29.143916] ? lock_downgrade+0x740/0x740 [ 29.148034] ? __fdget+0x167/0x1f0 [ 29.151546] ? sockfd_lookup_light+0xb2/0x160 [ 29.156017] __sys_sendmsg+0xa3/0x120 [ 29.159798] ? SyS_shutdown+0x160/0x160 [ 29.163746] ? move_addr_to_kernel+0x60/0x60 [ 29.168129] SyS_sendmsg+0x27/0x40 [ 29.171641] ? __sys_sendmsg+0x120/0x120 [ 29.175673] do_syscall_64+0x1d5/0x640 [ 29.179536] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.184695] RIP: 0033:0x7f5a47685f69 [ 29.188377] RSP: 002b:00007fff34d1eff8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.196070] RAX: ffffffffffffffda RBX: 00007fff34d1f008 RCX: 00007f5a47685f69 [ 29.203428] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000006 [ 29.210676] RBP: 0000000000000003 R08: bb1414ac00000000 R09: bb1414ac00000000 [ 29.217932] R10: bb1414ac00000000 R11: 0000000000000246 R12: 00007fff34d1f010 [ 29.225176] R13: 00007fff34d1f004 R14: 0000000000000003 R15: 0000000000000000