[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts.
syzkaller login: [   33.406006] audit: type=1400 audit(1595412582.355:8): avc:  denied  { execmem } for  pid=6343 comm="syz-executor319" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   33.660595] IPVS: ftp: loaded support on port[0] = 21
[   34.612670] chnl_net:caif_netlink_parms(): no params data found
[   34.671900] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.678451] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.686224] device bridge_slave_0 entered promiscuous mode
[   34.693666] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.700586] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.707451] device bridge_slave_1 entered promiscuous mode
[   34.723260] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   34.731838] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   34.748633] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   34.756157] team0: Port device team_slave_0 added
[   34.761925] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   34.769201] team0: Port device team_slave_1 added
[   34.783057] batman_adv: batadv0: Adding interface: batadv_slave_0
[   34.789405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   34.814703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   34.826082] batman_adv: batadv0: Adding interface: batadv_slave_1
[   34.832369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   34.857639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   34.868460] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   34.876066] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   34.931590] device hsr_slave_0 entered promiscuous mode
[   34.979119] device hsr_slave_1 entered promiscuous mode
[   35.019641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   35.026672] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   35.088087] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.094543] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.101429] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.107783] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.137451] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   35.144762] 8021q: adding VLAN 0 to HW filter on device bond0
[   35.153115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   35.162296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   35.181310] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.188244] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.198317] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   35.204544] 8021q: adding VLAN 0 to HW filter on device team0
[   35.212813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   35.220677] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.227029] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.239946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   35.247497] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.253892] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.263979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   35.272652] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   35.290167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   35.297659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   35.307469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   35.317326] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   35.323636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   35.336537] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   35.343993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   35.350751] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   35.361507] 8021q: adding VLAN 0 to HW filter on device batadv0
[   35.410568] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   35.420584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   35.452389] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   35.459841] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   35.466242] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   35.475647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   35.483917] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   35.491128] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   35.500709] device veth0_vlan entered promiscuous mode
[   35.509444] device veth1_vlan entered promiscuous mode
[   35.515180] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   35.524091] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   35.534966] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   35.544502] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   35.552109] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   35.559526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   35.569299] device veth0_macvtap entered promiscuous mode
[   35.575275] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   35.584229] device veth1_macvtap entered promiscuous mode
[   35.593183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   35.600385] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   35.607512] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   35.616962] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   35.626173] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[   35.633423] batman_adv: batadv0: Interface activated: batadv_slave_0
[   35.640312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   35.647995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   35.659153] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[   35.666012] batman_adv: batadv0: Interface activated: batadv_slave_1
[   35.672793] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   35.680801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   35.788420] BUG: spinlock recursion on CPU#1, syz-executor319/6344
[   35.794788]  lock: 0xffff8880983dc728, .magic: dead4ead, .owner: syz-executor319/6344, .owner_cpu: 1
[   35.804070] CPU: 1 PID: 6344 Comm: syz-executor319 Not tainted 4.14.189-syzkaller #0
[   35.811931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.821256] Call Trace:
[   35.823819]  dump_stack+0x1b2/0x283
[   35.827426]  do_raw_spin_lock+0x1a2/0x200
[   35.831549]  dev_mc_sync+0x10b/0x1c0
[   35.835354]  ? vlan_dev_set_mac_address+0x5c0/0x5c0
[   35.840345]  vlan_dev_set_rx_mode+0x38/0x80
[   35.844641]  __dev_set_rx_mode+0x191/0x2a0
[   35.848854]  dev_uc_unsync+0x16c/0x1c0
[   35.852743]  bond_enslave+0x2014/0x4b00
[   35.856719]  ? bond_update_slave_arr+0x670/0x670
[   35.861592]  ? nlmsg_notify+0x126/0x170
[   35.865544]  ? rtmsg_ifinfo+0xd4/0x100
[   35.869406]  ? __dev_notify_flags+0x12b/0x260
[   35.873875]  ? dev_change_name+0x6a0/0x6a0
[   35.878085]  ? bond_update_slave_arr+0x670/0x670
[   35.882817]  do_set_master+0x19e/0x200
[   35.886715]  rtnl_newlink+0x134c/0x1810
[   35.890671]  ? __lock_acquire+0x5fc/0x3f20
[   35.894893]  ? kmem_cache_free+0x7c/0x2b0
[   35.899018]  ? rtnl_dellink+0x6a0/0x6a0
[   35.902966]  ? trace_hardirqs_on+0x10/0x10
[   35.907184]  ? lock_acquire+0x170/0x3f0
[   35.911148]  ? lock_acquire+0x170/0x3f0
[   35.915365]  ? lock_downgrade+0x740/0x740
[   35.919488]  ? rtnl_dellink+0x6a0/0x6a0
[   35.923434]  rtnetlink_rcv_msg+0x3be/0xb10
[   35.927652]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   35.932130]  ? __netlink_lookup+0x345/0x5d0
[   35.936425]  ? netdev_pick_tx+0x2e0/0x2e0
[   35.940557]  netlink_rcv_skb+0x125/0x390
[   35.944590]  ? memcpy+0x35/0x50
[   35.947855]  ? rtnl_calcit.isra.0+0x3a0/0x3a0
[   35.952326]  ? netlink_ack+0x9a0/0x9a0
[   35.956192]  netlink_unicast+0x437/0x610
[   35.961390]  ? netlink_sendskb+0xd0/0xd0
[   35.965430]  netlink_sendmsg+0x62e/0xb80
[   35.969479]  ? nlmsg_notify+0x170/0x170
[   35.973427]  ? kernel_recvmsg+0x210/0x210
[   35.977547]  ? security_socket_sendmsg+0x83/0xb0
[   35.982277]  ? nlmsg_notify+0x170/0x170
[   35.986235]  sock_sendmsg+0xb5/0x100
[   35.990009]  ___sys_sendmsg+0x6c8/0x800
[   35.993956]  ? copy_msghdr_from_user+0x3b0/0x3b0
[   35.998685]  ? trace_hardirqs_on+0x10/0x10
[   36.002903]  ? trace_hardirqs_on+0x10/0x10
[   36.007135]  ? trace_hardirqs_on+0x10/0x10
[   36.011441]  ? trace_hardirqs_on+0x10/0x10
[   36.015649]  ? fs_reclaim_release+0xd0/0x110
[   36.020031]  ? __might_fault+0x104/0x1b0
[   36.024076]  ? lock_acquire+0x170/0x3f0
[   36.028023]  ? lock_downgrade+0x740/0x740
[   36.032147]  ? __might_fault+0x177/0x1b0
[   36.036196]  ? _copy_to_user+0x82/0xd0
[   36.040068]  ? move_addr_to_user+0x13f/0x180
[   36.044465]  ? __fdget+0x167/0x1f0
[   36.047990]  ? sockfd_lookup_light+0xb2/0x160
[   36.052460]  __sys_sendmsg+0xa3/0x120
[   36.056243]  ? SyS_shutdown+0x160/0x160
[   36.060194]  ? move_addr_to_kernel+0x60/0x60
[   36.064577]  SyS_sendmsg+0x27/0x40
[   36.068094]  ? __sys_sendmsg+0x120/0x120
[   36.072133]  do_syscall_64+0x1d5/0x640
[   36.075995]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   36.081168] RIP: 0033:0x443d29
[   36.084341] RSP: 002b:00007ffd89e04078 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   36.092029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443d29
[   36.099627] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010
[   36.106893] RBP: 00007ffd89e04090 R08: 00000000bb1414ac R09: 00000000bb1414ac
[   36.114143] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00007ffd89e040c0
[   36.121390] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000