[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. syzkaller login: [ 35.694429] IPVS: ftp: loaded support on port[0] = 21 [ 35.766793] chnl_net:caif_netlink_parms(): no params data found [ 35.868399] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.875152] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.883156] device bridge_slave_0 entered promiscuous mode [ 35.890260] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.897001] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.905000] device bridge_slave_1 entered promiscuous mode [ 35.922613] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.931862] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.949608] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.956989] team0: Port device team_slave_0 added [ 35.962949] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.970097] team0: Port device team_slave_1 added [ 35.985672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.991945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.017196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.028495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.034821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.060045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.070946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.078289] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.097632] device hsr_slave_0 entered promiscuous mode [ 36.103417] device hsr_slave_1 entered promiscuous mode [ 36.109963] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.117180] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.178762] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.185190] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.191941] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.198267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.228701] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.236398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.244883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 36.253911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.262697] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.269671] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.277073] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.287694] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 36.293867] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.311991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.319583] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.325955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.333334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.341065] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.347398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.355351] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.363273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.371601] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.383721] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 36.393542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.406999] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 36.414289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.422410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.429800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.443210] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 36.450975] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.457604] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.469327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.481129] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.490891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.519134] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.526619] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.534070] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.543656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.551436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.558260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.567631] device veth0_vlan entered promiscuous mode [ 36.576865] device veth1_vlan entered promiscuous mode [ 36.583054] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.591793] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 36.603543] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.612468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.619663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.627297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.636547] device veth0_macvtap entered promiscuous mode [ 36.643368] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.651742] device veth1_macvtap entered promiscuous mode [ 36.659748] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.669320] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.678816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.686423] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.694777] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.705692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.712535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.825083] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 36.833757] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.851069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.861318] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 36.872295] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 36.878882] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.888272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.896962] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 36.932231] BUG: "hc->tx_t_ipi == 0" holds (exception!) at net/dccp/ccids/ccid3.c:101/ccid3_update_send_interval() [ 36.943172] CPU: 1 PID: 8366 Comm: syz-executor127 Not tainted 4.19.211-syzkaller #0 [ 36.951037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.960373] Call Trace: [ 36.962946] dump_stack+0x1fc/0x2ef [ 36.966554] ccid3_update_send_interval.cold+0x87/0x93 [ 36.971813] ccid3_hc_tx_packet_sent+0x12e/0x160 [ 36.976554] ? ccid3_update_send_interval+0x120/0x120 [ 36.981725] dccp_xmit_packet+0x27e/0x760 [ 36.985853] dccp_write_xmit+0x16d/0x1d0 [ 36.989902] dccp_sendmsg+0x8de/0xc90 [ 36.993686] ? aa_sk_perm+0x534/0x930 [ 36.997467] ? dccp_ioctl+0x160/0x160 [ 37.001247] ? aa_af_perm+0x230/0x230 [ 37.005112] ? kernel_recvmsg+0x220/0x220 [ 37.009240] inet_sendmsg+0x132/0x5a0 [ 37.013025] ? security_socket_sendmsg+0x83/0xb0 [ 37.017760] ? inet_recvmsg+0x5c0/0x5c0 [ 37.021713] sock_sendmsg+0xc3/0x120 [ 37.025405] ___sys_sendmsg+0x3b3/0x8e0 [ 37.029359] ? copy_msghdr_from_user+0x440/0x440 [ 37.034095] ? __fget+0x32f/0x510 [ 37.037535] ? check_preemption_disabled+0x41/0x280 [ 37.042532] ? __fget+0x356/0x510 [ 37.045966] ? do_dup2+0x450/0x450 [ 37.049487] ? lock_downgrade+0x720/0x720 [ 37.053614] ? lock_acquire+0x170/0x3c0 [ 37.057569] ? __fdget+0x1d0/0x230 [ 37.061091] __sys_sendmmsg+0x195/0x470 [ 37.065045] ? __ia32_sys_sendmsg+0x220/0x220 [ 37.069522] ? __sys_connect+0x140/0x2c0 [ 37.073562] ? __ia32_sys_accept+0xb0/0xb0 [ 37.077778] ? __se_sys_futex+0x28f/0x3b0 [ 37.081906] ? __se_sys_futex+0x298/0x3b0 [ 37.086037] ? do_futex+0x1880/0x1880 [ 37.089828] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.095181] __x64_sys_sendmmsg+0x99/0x100 [ 37.099397] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 37.103959] do_syscall_64+0xf9/0x620 [ 37.107744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.112914] RIP: 0033:0x7fa0461f80e9 [ 37.116610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff