[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. syzkaller login: [ 38.204866] IPVS: ftp: loaded support on port[0] = 21 [ 38.300465] chnl_net:caif_netlink_parms(): no params data found [ 38.384416] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.391489] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.399324] device bridge_slave_0 entered promiscuous mode [ 38.406749] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.413312] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.420563] device bridge_slave_1 entered promiscuous mode [ 38.440598] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.449793] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.469245] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.477670] team0: Port device team_slave_0 added [ 38.483429] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.491787] team0: Port device team_slave_1 added [ 38.509278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.515805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.543011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.555636] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.562675] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.588779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.600566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.609805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.631918] device hsr_slave_0 entered promiscuous mode [ 38.638125] device hsr_slave_1 entered promiscuous mode [ 38.644441] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.653117] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.731318] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.738064] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.745145] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.751607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.792014] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 38.799732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.811297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.822582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.833640] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.842638] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.851799] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 38.864617] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 38.871220] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.881546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.889738] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.896248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.906589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.914557] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.921170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.938273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.952249] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.961600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.970273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.981921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.993162] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 38.999342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.007293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.021800] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 39.030071] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.038983] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.050958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.064040] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 39.074521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.109103] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 39.116347] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 39.124463] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 39.133985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.141953] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.149815] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.161796] device veth0_vlan entered promiscuous mode [ 39.173940] device veth1_vlan entered promiscuous mode [ 39.182387] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 39.197363] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 39.214466] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 39.227805] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.236048] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.247273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.262281] device veth0_macvtap entered promiscuous mode [ 39.269385] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 39.281542] device veth1_macvtap entered promiscuous mode [ 39.291535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 39.301456] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 39.312565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 39.323457] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 39.331976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.339948] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.349069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.360011] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 39.367226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.374528] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.382794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 39.531132] netlink: 12 bytes leftover after parsing attributes in process `syz-executor764'. [ 39.540094] netlink: 'syz-executor764': attribute type 11 has an invalid length. [ 39.563745] netlink: 16 bytes leftover after parsing attributes in process `syz-executor764'. [ 39.617136] [ 39.618855] ============================= [ 39.623025] WARNING: suspicious RCU usage [ 39.627355] 4.19.196-syzkaller #0 Not tainted [ 39.631937] ----------------------------- [ 39.636173] include/net/addrconf.h:340 suspicious rcu_dereference_check() usage! [ 39.643775] [ 39.643775] other info that might help us debug this: [ 39.643775] [ 39.652028] [ 39.652028] rcu_scheduler_active = 2, debug_locks = 1 [ 39.658782] 3 locks held by kworker/0:1/14: [ 39.663128] #0: 0000000096600449 ((wq_completion)"events"){+.+.}, at: process_one_work+0x767/0x1570 [ 39.672799] #1: 00000000e4b4d003 ((work_completion)(&port->wq)){+.+.}, at: process_one_work+0x79c/0x1570 [ 39.682630] #2: 00000000b451db01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x1e2/0x2e00 [ 39.691432] [ 39.691432] stack backtrace: [ 39.696031] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.19.196-syzkaller #0 [ 39.703397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.712858] Workqueue: events ipvlan_process_multicast [ 39.718563] Call Trace: [ 39.721162] dump_stack+0x1fc/0x2ef [ 39.724876] vxlan_xmit+0x2b3b/0x4250 [ 39.728676] ? vxlan_dev_create+0x330/0x330 [ 39.733017] ? netif_skb_features+0x5c1/0xb30 [ 39.737607] ? check_preemption_disabled+0x41/0x280 [ 39.742618] dev_hard_start_xmit+0x1a8/0x920 [ 39.747110] __dev_queue_xmit+0x269d/0x2e00 [ 39.751531] ? mark_held_locks+0xf0/0xf0 [ 39.755599] ? netdev_pick_tx+0x2f0/0x2f0 [ 39.760008] ? ipvlan_process_multicast+0x807/0xcb0 [ 39.765035] ? lock_downgrade+0x720/0x720 [ 39.769175] ? lock_acquire+0x170/0x3c0 [ 39.773156] ? ipvlan_process_multicast+0x40f/0xcb0 [ 39.778181] ? check_preemption_disabled+0x41/0x280 [ 39.783256] ipvlan_process_multicast+0xa19/0xcb0 [ 39.788295] ? ipvlan_mac_hash+0xd0/0xd0 [ 39.792405] ? process_one_work+0x77b/0x1570 [ 39.796831] ? check_preemption_disabled+0x41/0x280 [ 39.801887] process_one_work+0x864/0x1570 [ 39.806135] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 39.810814] worker_thread+0x64c/0x1130 [ 39.814839] ? __kthread_parkme+0x13