DUID 00:04:1e:62:2e:d3:28:4c:47:2c:f6:06:4a:96:1e:52:1a:b0 forked to background, child pid 3175 [ 28.485751][ T3176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.496697][ T3176] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. 2022/02/23 22:20:18 fuzzer started 2022/02/23 22:20:18 connecting to host at 10.128.0.169:34053 2022/02/23 22:20:18 checking machine... 2022/02/23 22:20:18 checking revisions... 2022/02/23 22:20:19 testing simple program... syzkaller login: [ 49.662207][ T3596] cgroup: Unknown subsys name 'net' [ 49.767307][ T3596] cgroup: Unknown subsys name 'rlimit' [ 50.951485][ T3599] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.959451][ T3599] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.967197][ T3599] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.975663][ T3599] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.983235][ T3599] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.990503][ T3599] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 51.077946][ T3598] chnl_net:caif_netlink_parms(): no params data found [ 51.119535][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.127123][ T3598] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.135322][ T3598] device bridge_slave_0 entered promiscuous mode [ 51.144352][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.151847][ T3598] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.159549][ T3598] device bridge_slave_1 entered promiscuous mode [ 51.181114][ T3598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.193252][ T3598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.215587][ T3598] team0: Port device team_slave_0 added [ 51.222927][ T3598] team0: Port device team_slave_1 added [ 51.241595][ T3598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 51.248675][ T3598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.275136][ T3598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 51.288431][ T3598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 51.296397][ T3598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.323703][ T3598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 51.347595][ T3598] [ 51.350116][ T3598] ============================= [ 51.354992][ T3598] WARNING: suspicious RCU usage [ 51.359836][ T3598] 5.17.0-rc4-syzkaller-01356-ga19df7139440 #0 Not tainted [ 51.366974][ T3598] ----------------------------- [ 51.371841][ T3598] net/hsr/hsr_framereg.c:34 suspicious rcu_dereference_check() usage! [ 51.380060][ T3598] [ 51.380060][ T3598] other info that might help us debug this: [ 51.380060][ T3598] [ 51.390371][ T3598] [ 51.390371][ T3598] rcu_scheduler_active = 2, debug_locks = 1 [ 51.398684][ T3598] 2 locks held by syz-executor.0/3598: [ 51.404193][ T3598] #0: ffffffff8d32f868 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x3be/0xb80 [ 51.413678][ T3598] #1: ffff888079e455f0 (&hsr->list_lock){+...}-{2:2}, at: hsr_create_self_node+0x225/0x650 [ 51.423964][ T3598] [ 51.423964][ T3598] stack backtrace: [ 51.429851][ T3598] CPU: 0 PID: 3598 Comm: syz-executor.0 Not tainted 5.17.0-rc4-syzkaller-01356-ga19df7139440 #0 [ 51.440258][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.450580][ T3598] Call Trace: [ 51.453860][ T3598] [ 51.456809][ T3598] dump_stack_lvl+0xcd/0x134 [ 51.461684][ T3598] hsr_node_get_first+0x9b/0xb0 [ 51.466684][ T3598] hsr_create_self_node+0x22d/0x650 [ 51.471882][ T3598] hsr_dev_finalize+0x2c1/0x7d0 [ 51.476741][ T3598] hsr_newlink+0x315/0x730 [ 51.481150][ T3598] ? hsr_dellink+0x130/0x130 [ 51.485745][ T3598] ? rtnl_create_link+0x7e8/0xc00 [ 51.490763][ T3598] ? hsr_dellink+0x130/0x130 [ 51.495339][ T3598] __rtnl_newlink+0x107c/0x1760 [ 51.500185][ T3598] ? rtnl_setlink+0x3c0/0x3c0 [ 51.504942][ T3598] ? is_bpf_text_address+0x77/0x170 [ 51.510141][ T3598] ? lock_downgrade+0x6e0/0x6e0 [ 51.514987][ T3598] ? unwind_next_frame+0xee1/0x1ce0 [ 51.520201][ T3598] ? entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.526381][ T3598] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 51.532104][ T3598] ? is_bpf_text_address+0x99/0x170 [ 51.537508][ T3598] ? kernel_text_address+0x39/0x80 [ 51.542793][ T3598] ? __kernel_text_address+0x9/0x30 [ 51.548257][ T3598] ? unwind_get_return_address+0x51/0x90 [ 51.553986][ T3598] ? create_prof_cpu_mask+0x20/0x20 [ 51.559194][ T3598] ? arch_stack_walk+0x93/0xe0 [ 51.563996][ T3598] ? kmem_cache_alloc_trace+0x42/0x3d0 [ 51.569483][ T3598] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.575127][ T3598] rtnl_newlink+0x64/0xa0 [ 51.579454][ T3598] ? __rtnl_newlink+0x1760/0x1760 [ 51.584472][ T3598] rtnetlink_rcv_msg+0x413/0xb80 [ 51.589405][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 51.594176][ T3598] netlink_rcv_skb+0x153/0x420 [ 51.598942][ T3598] ? rtnl_fdb_dump+0x9a0/0x9a0 [ 51.603698][ T3598] ? netlink_ack+0xa60/0xa60 [ 51.608277][ T3598] ? netlink_deliver_tap+0x1a2/0xc40 [ 51.613564][ T3598] ? netlink_deliver_tap+0x1b1/0xc40 [ 51.618937][ T3598] netlink_unicast+0x539/0x7e0 [ 51.623698][ T3598] ? netlink_attachskb+0x880/0x880 [ 51.628986][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.635234][ T3598] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.641475][ T3598] ? __phys_addr_symbol+0x2c/0x70 [ 51.646580][ T3598] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 51.652295][ T3598] ? __check_object_size+0x16e/0x310 [ 51.657768][ T3598] netlink_sendmsg+0x904/0xe00 [ 51.662537][ T3598] ? netlink_unicast+0x7e0/0x7e0 [ 51.667473][ T3598] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.673710][ T3598] ? netlink_unicast+0x7e0/0x7e0 [ 51.678639][ T3598] sock_sendmsg+0xcf/0x120 [ 51.683055][ T3598] __sys_sendto+0x21c/0x320 [ 51.687550][ T3598] ? __ia32_sys_getpeername+0xb0/0xb0 [ 51.692913][ T3598] ? lockdep_hardirqs_on+0x79/0x100 [ 51.698132][ T3598] ? __context_tracking_exit+0xb8/0xe0 [ 51.703587][ T3598] ? lock_downgrade+0x6e0/0x6e0 [ 51.708449][ T3598] __x64_sys_sendto+0xdd/0x1b0 [ 51.713203][ T3598] ? lockdep_hardirqs_on+0x79/0x100 [ 51.718396][ T3598] ? syscall_enter_from_user_mode+0x21/0x70 [ 51.724370][ T3598] do_syscall_64+0x35/0xb0 [ 51.728884][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.734855][ T3598] RIP: 0033:0x7f621a80ce1c [ 51.739261][ T3598] Code: fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 20 fb ff ff 48 8b [ 51.758860][ T3598] RSP: 002b:00007ffcea524bb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 51.767278][ T3598] RAX: ffffffffffffffda RBX: 00007f621b8a5320 RCX: 00007f621a80ce1c [ 51.775498][ T3598] RDX: 0000000000000048 RSI: 00007f621b8a5370 RDI: 0000000000000003 [ 51.788666][ T3598] RBP: 0000000000000000 R08: 00007ffcea524c04 R09: 000000000000000c [ 51.796627][ T3598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 51.804597][ T3598] R13: 00007f621b8a5370 R14: 0000000000000003 R15: 0000000000000000 [ 51.812655][ T3598] [ 51.819619][ T3598] device hsr_slave_0 entered promiscuous mode [ 51.827416][ T3598] device hsr_slave_1 entered promiscuous mode [ 51.907375][ T3598] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 51.917568][ T3598] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 51.926792][ T3598] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 51.936386][ T3598] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 51.956503][ T3598] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.963793][ T3598] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.971615][ T3598] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.978768][ T3598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.023048][ T3598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.036525][ T1142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.047445][ T1142] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.055615][ T1142] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.064478][ T1142] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 52.078134][ T3598] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.087342][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.096371][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.104778][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.111907][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.123956][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.132744][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.145443][ T21] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.152575][ T21] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.173422][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.182637][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.191612][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.200407][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.217277][ T3598] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.227839][ T3598] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.241854][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.249751][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.258908][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.267515][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.275897][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.285030][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.293506][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.302412][ T3608] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.320418][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.328224][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.342380][ T3598] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program [ 52.452991][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 52.462180][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.476734][ T3598] device veth0_vlan entered promiscuous mode [ 52.485244][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 52.494016][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.505592][ T3598] device veth1_vlan entered promiscuous mode [ 52.514015][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.521868][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.529579][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 52.550007][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 52.558152][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.567038][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.579050][ T3598] device veth0_macvtap entered promiscuous mode [ 52.588373][ T3598] device veth1_macvtap entered promiscuous mode [ 52.603316][ T3598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 52.613330][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 52.621465][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.629334][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.638586][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.650376][ T3598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 52.658988][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.667791][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.680077][ T3598] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.689075][ T3598] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.698925][ T3598] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.708622][ T3598] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.765205][ T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.774633][ T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.790065][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 52.801732][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 52.809759][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 52.819289][ T3609] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 2022/02/23 22:20:22 building call list... [ 53.043916][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.150111][ T3618] can: request_module (can-proto-0) failed. [ 55.173480][ T3618] can: request_module (can-proto-0) failed. [ 55.195895][ T3618] can: request_module (can-proto-0) failed. executing program [ 55.581693][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0