Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.232' (ECDSA) to the list of known hosts. syzkaller login: [ 28.407626] IPVS: ftp: loaded support on port[0] = 21 [ 28.477304] chnl_net:caif_netlink_parms(): no params data found [ 28.553412] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.560001] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.568636] device bridge_slave_0 entered promiscuous mode [ 28.575974] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.582812] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.589634] device bridge_slave_1 entered promiscuous mode [ 28.605664] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.614296] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.631888] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.638996] team0: Port device team_slave_0 added [ 28.645021] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.652458] team0: Port device team_slave_1 added [ 28.666473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.672786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.698532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.710019] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.716634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.742302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.753624] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.761508] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.778736] device hsr_slave_0 entered promiscuous mode [ 28.784378] device hsr_slave_1 entered promiscuous mode [ 28.790264] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.797958] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.855039] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.861540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.868274] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.874656] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.903107] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.909174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.917703] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.927181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.945507] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.952790] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.962298] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.968361] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.976488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.984413] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.990809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.001063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.008594] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.014971] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.028737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.036449] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.045819] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.058018] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.068264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.079281] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.086690] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.094401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.102014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.113946] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.123848] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.130875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.141568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.187349] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.196905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.226352] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.233705] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.240061] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.249954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.257794] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.265080] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.273841] device veth0_vlan entered promiscuous mode [ 29.282493] device veth1_vlan entered promiscuous mode [ 29.288251] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.296636] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.306763] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.316021] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.323464] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.330952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.339631] device veth0_macvtap entered promiscuous mode [ 29.346260] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.354902] device veth1_macvtap entered promiscuous mode [ 29.363319] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.372808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.383328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.389989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.398698] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.408715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.415666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 29.461155] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.501015] BUG: spinlock recursion on CPU#0, syz-executor066/8013 [ 29.507353] lock: 0xffff8880b2f94b78, .magic: dead4ead, .owner: syz-executor066/8013, .owner_cpu: 0 [ 29.516658] CPU: 0 PID: 8013 Comm: syz-executor066 Not tainted 4.14.209-syzkaller #0 [ 29.524527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.533887] Call Trace: [ 29.536452] dump_stack+0x1b2/0x283 [ 29.540055] do_raw_spin_lock+0x1a2/0x200 [ 29.544182] dev_mc_sync+0x10b/0x1c0 [ 29.547870] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 29.552863] vlan_dev_set_rx_mode+0x38/0x80 [ 29.557159] __dev_set_rx_mode+0x191/0x2a0 [ 29.561389] dev_uc_unsync+0x16c/0x1c0 [ 29.565252] bond_enslave+0x1cc0/0x4d20 [ 29.569281] ? bond_update_slave_arr+0x6a0/0x6a0 [ 29.574057] ? nlmsg_notify+0x126/0x170 [ 29.578032] ? rtmsg_ifinfo+0xd4/0x100 [ 29.581923] ? __dev_notify_flags+0x12b/0x260 [ 29.586391] ? dev_change_name+0x6a0/0x6a0 [ 29.590602] ? bond_update_slave_arr+0x6a0/0x6a0 [ 29.595330] do_set_master+0x19e/0x200 [ 29.599189] rtnl_newlink+0x134c/0x1830 [ 29.603140] ? __lock_acquire+0x5fc/0x3f20 [ 29.607351] ? kmem_cache_free+0x7c/0x2b0 [ 29.611473] ? rtnl_dellink+0x6a0/0x6a0 [ 29.615418] ? trace_hardirqs_on+0x10/0x10 [ 29.619626] ? netlink_deliver_tap+0x60c/0x7d0 [ 29.624184] ? netlink_unicast+0x485/0x610 [ 29.628392] ? netlink_sendmsg+0x62e/0xb80 [ 29.632604] ? ___sys_sendmsg+0x6c8/0x800 [ 29.636725] ? __sys_sendmsg+0xa3/0x120 [ 29.640673] ? SyS_sendmsg+0x27/0x40 [ 29.644370] ? lock_acquire+0x170/0x3f0 [ 29.648317] ? lock_downgrade+0x740/0x740 [ 29.652442] ? rtnl_dellink+0x6a0/0x6a0 [ 29.656392] rtnetlink_rcv_msg+0x3be/0xb10 [ 29.660605] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.665074] ? __netlink_lookup+0x345/0x5d0 [ 29.669369] ? netdev_pick_tx+0x2e0/0x2e0 [ 29.673492] netlink_rcv_skb+0x125/0x390 [ 29.677533] ? memcpy+0x35/0x50 [ 29.680791] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.685261] ? netlink_ack+0x9a0/0x9a0 [ 29.689123] netlink_unicast+0x437/0x610 [ 29.693173] ? netlink_sendskb+0xd0/0xd0 [ 29.697209] ? __check_object_size+0x179/0x22c [ 29.701765] netlink_sendmsg+0x62e/0xb80 [ 29.705816] ? nlmsg_notify+0x170/0x170 [ 29.709763] ? kernel_recvmsg+0x210/0x210 [ 29.713892] ? security_socket_sendmsg+0x83/0xb0 [ 29.718623] ? nlmsg_notify+0x170/0x170 [ 29.722621] sock_sendmsg+0xb5/0x100 [ 29.726310] ___sys_sendmsg+0x6c8/0x800 [ 29.730262] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.735002] ? trace_hardirqs_on+0x10/0x10 [ 29.739209] ? trace_hardirqs_on+0x10/0x10 [ 29.743420] ? trace_hardirqs_on+0x10/0x10 [ 29.747632] ? __might_fault+0x104/0x1b0 [ 29.751669] ? lock_acquire+0x170/0x3f0 [ 29.755615] ? lock_downgrade+0x740/0x740 [ 29.759752] ? __might_fault+0x177/0x1b0 [ 29.763804] ? _copy_to_user+0x82/0xd0 [ 29.767664] ? move_addr_to_user+0x13f/0x180 [ 29.772047] ? __fdget+0x167/0x1f0 [ 29.775560] ? sockfd_lookup_light+0xb2/0x160 [ 29.780052] __sys_sendmsg+0xa3/0x120 [ 29.783833] ? SyS_shutdown+0x160/0x160 [ 29.787781] ? move_addr_to_kernel+0x60/0x60 [ 29.792163] SyS_sendmsg+0x27/0x40 [ 29.795676] ? __sys_sendmsg+0x120/0x120 [ 29.799708] do_syscall_64+0x1d5/0x640 [ 29.803574] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.808739] RIP: 0033:0x443e69 [ 29.811903] RSP: 002b:00007ffced707308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.819584] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000443e69 [ 29.826853] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010 [ 29.834098] RBP: 0000000001bad850 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 29.841360] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000013 [ 29.848602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000