[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. syzkaller login: [ 35.382997] audit: type=1400 audit(1587750963.751:8): avc: denied { execmem } for pid=6337 comm="syz-executor221" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 35.619409] IPVS: ftp: loaded support on port[0] = 21 [ 36.476249] chnl_net:caif_netlink_parms(): no params data found [ 36.565004] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.571686] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.579980] device bridge_slave_0 entered promiscuous mode [ 36.586910] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.594742] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.602348] device bridge_slave_1 entered promiscuous mode [ 36.620101] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.629156] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.648370] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.655850] team0: Port device team_slave_0 added [ 36.661760] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.669165] team0: Port device team_slave_1 added [ 36.684449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.691354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.716794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.728682] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.735070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.761241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.771990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.779809] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.830059] device hsr_slave_0 entered promiscuous mode [ 36.867815] device hsr_slave_1 entered promiscuous mode [ 36.898100] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.905334] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.971155] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.977787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.984603] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.991005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.021076] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 37.027147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.035860] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.045206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.063892] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.072122] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.082344] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 37.088967] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.097691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.105323] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.111755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.121253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.129324] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.135663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.155699] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.166115] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.178112] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 37.185047] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.193198] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.201678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.209443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.217117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 37.224075] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 37.236774] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 37.244560] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 37.251463] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 37.261770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.316179] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 37.326468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.355581] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 37.363053] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 37.370787] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 37.380356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.388474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.395410] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.404417] device veth0_vlan entered promiscuous mode [ 37.413517] device veth1_vlan entered promiscuous mode [ 37.419637] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 37.428634] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 37.440815] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 37.450142] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.457752] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.464949] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.473440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.483636] device veth0_macvtap entered promiscuous mode [ 37.493197] device veth1_macvtap entered promiscuous mode [ 37.501740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 37.510992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 37.520883] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 37.528572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.535339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 37.543509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.554511] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 37.561869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.569020] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 37.576909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 37.707154] BUG: spinlock recursion on CPU#0, syz-executor221/6340 [ 37.713715] lock: 0xffff88809d7c1ae8, .magic: dead4ead, .owner: syz-executor221/6340, .owner_cpu: 0 [ 37.723682] CPU: 0 PID: 6340 Comm: syz-executor221 Not tainted 4.14.177-syzkaller #0 [ 37.732101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.742908] Call Trace: [ 37.745780] dump_stack+0x13e/0x194 [ 37.749458] do_raw_spin_lock+0x1cd/0x230 [ 37.753584] dev_mc_sync+0x10b/0x1c0 [ 37.757279] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 37.762289] vlan_dev_set_rx_mode+0x38/0x80 [ 37.766600] __dev_set_rx_mode+0x191/0x2a0 [ 37.770835] dev_uc_unsync+0x16c/0x1c0 [ 37.774755] bond_hw_addr_flush+0x5c/0xe0 [ 37.778910] ? bond_set_dev_addr.isra.0+0xb0/0xb0 [ 37.784977] bond_enslave+0x1e53/0x49e0 [ 37.789035] ? bond_update_slave_arr+0x6c0/0x6c0 [ 37.793781] ? rtmsg_ifinfo_event.part.0+0x9a/0xc0 [ 37.798875] ? rtmsg_ifinfo+0x64/0x80 [ 37.802652] ? __dev_notify_flags+0x110/0x210 [ 37.807605] ? dev_change_name+0x990/0x990 [ 37.811828] ? bond_update_slave_arr+0x6c0/0x6c0 [ 37.816571] do_set_master+0x19e/0x200 [ 37.820434] rtnl_newlink+0x1319/0x1720 [ 37.824393] ? trace_hardirqs_on+0x10/0x10 [ 37.828701] ? rtnl_link_unregister+0x1f0/0x1f0 [ 37.833355] ? find_held_lock+0x2d/0x110 [ 37.837397] ? lock_acquire+0x170/0x3f0 [ 37.841359] ? check_preemption_disabled+0x35/0x240 [ 37.846369] ? __lock_is_held+0xad/0x140 [ 37.850503] ? lock_downgrade+0x6e0/0x6e0 [ 37.854643] ? rtnl_link_unregister+0x1f0/0x1f0 [ 37.859502] rtnetlink_rcv_msg+0x3be/0xb10 [ 37.863716] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 37.868281] ? netdev_pick_tx+0x2e0/0x2e0 [ 37.872432] ? skb_clone+0x11c/0x310 [ 37.876139] ? save_trace+0x290/0x290 [ 37.879915] netlink_rcv_skb+0x127/0x370 [ 37.883973] ? rtnl_bridge_getlink+0x7a0/0x7a0 [ 37.888559] ? netlink_ack+0x980/0x980 [ 37.892469] netlink_unicast+0x437/0x620 [ 37.896513] ? netlink_attachskb+0x600/0x600 [ 37.900939] netlink_sendmsg+0x733/0xbe0 [ 37.904994] ? netlink_unicast+0x620/0x620 [ 37.909241] ? SYSC_sendto+0x2b0/0x2b0 [ 37.913115] ? security_socket_sendmsg+0x83/0xb0 [ 37.917866] ? netlink_unicast+0x620/0x620 [ 37.922540] sock_sendmsg+0xc5/0x100 [ 37.926226] ___sys_sendmsg+0x70a/0x840 [ 37.930534] ? copy_msghdr_from_user+0x380/0x380 [ 37.935390] ? trace_hardirqs_on+0x10/0x10 [ 37.939600] ? save_trace+0x290/0x290 [ 37.943376] ? trace_hardirqs_on+0x10/0x10 [ 37.947585] ? find_held_lock+0x2d/0x110 [ 37.951621] ? __might_fault+0x104/0x1b0 [ 37.955654] ? lock_acquire+0x170/0x3f0 [ 37.959695] ? lock_downgrade+0x6e0/0x6e0 [ 37.963836] ? __might_fault+0x177/0x1b0 [ 37.968504] ? _copy_to_user+0x82/0xd0 [ 37.972366] ? __fget_light+0x16a/0x1f0 [ 37.976313] ? sockfd_lookup_light+0xb2/0x160 [ 37.981215] __sys_sendmsg+0xa3/0x120 [ 37.985956] ? SyS_shutdown+0x160/0x160 [ 37.989907] ? move_addr_to_kernel+0x60/0x60 [ 37.994303] SyS_sendmsg+0x27/0x40 [ 37.997996] ? __sys_sendmsg+0x120/0x120 [ 38.002394] do_syscall_64+0x1d5/0x640 [ 38.006260] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 38.011429] RIP: 0033:0x443cc9 [ 38.014620] RSP: 002b:00007ffc239ff848 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.024210] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000443cc9 [ 38.031455] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010 [ 38.038708] RBP: 000000000073a850 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 38.045970] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000013 [ 38.053386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000