[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. syzkaller login: [ 33.406006] audit: type=1400 audit(1595412582.355:8): avc: denied { execmem } for pid=6343 comm="syz-executor319" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.660595] IPVS: ftp: loaded support on port[0] = 21 [ 34.612670] chnl_net:caif_netlink_parms(): no params data found [ 34.671900] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.678451] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.686224] device bridge_slave_0 entered promiscuous mode [ 34.693666] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.700586] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.707451] device bridge_slave_1 entered promiscuous mode [ 34.723260] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 34.731838] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 34.748633] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 34.756157] team0: Port device team_slave_0 added [ 34.761925] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 34.769201] team0: Port device team_slave_1 added [ 34.783057] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 34.789405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.814703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 34.826082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 34.832369] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 34.857639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 34.868460] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 34.876066] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 34.931590] device hsr_slave_0 entered promiscuous mode [ 34.979119] device hsr_slave_1 entered promiscuous mode [ 35.019641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.026672] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.088087] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.094543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.101429] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.107783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.137451] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.144762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.153115] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.162296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.181310] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.188244] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.198317] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.204544] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.212813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.220677] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.227029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.239946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.247497] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.253892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.263979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 35.272652] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 35.290167] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 35.297659] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.307469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.317326] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 35.323636] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 35.336537] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 35.343993] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 35.350751] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 35.361507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.410568] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 35.420584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.452389] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 35.459841] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 35.466242] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 35.475647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.483917] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.491128] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.500709] device veth0_vlan entered promiscuous mode [ 35.509444] device veth1_vlan entered promiscuous mode [ 35.515180] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 35.524091] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 35.534966] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 35.544502] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 35.552109] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 35.559526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.569299] device veth0_macvtap entered promiscuous mode [ 35.575275] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 35.584229] device veth1_macvtap entered promiscuous mode [ 35.593183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 35.600385] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 35.607512] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 35.616962] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 35.626173] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 35.633423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.640312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.647995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.659153] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 35.666012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.672793] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.680801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 35.788420] BUG: spinlock recursion on CPU#1, syz-executor319/6344 [ 35.794788] lock: 0xffff8880983dc728, .magic: dead4ead, .owner: syz-executor319/6344, .owner_cpu: 1 [ 35.804070] CPU: 1 PID: 6344 Comm: syz-executor319 Not tainted 4.14.189-syzkaller #0 [ 35.811931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.821256] Call Trace: [ 35.823819] dump_stack+0x1b2/0x283 [ 35.827426] do_raw_spin_lock+0x1a2/0x200 [ 35.831549] dev_mc_sync+0x10b/0x1c0 [ 35.835354] ? vlan_dev_set_mac_address+0x5c0/0x5c0 [ 35.840345] vlan_dev_set_rx_mode+0x38/0x80 [ 35.844641] __dev_set_rx_mode+0x191/0x2a0 [ 35.848854] dev_uc_unsync+0x16c/0x1c0 [ 35.852743] bond_enslave+0x2014/0x4b00 [ 35.856719] ? bond_update_slave_arr+0x670/0x670 [ 35.861592] ? nlmsg_notify+0x126/0x170 [ 35.865544] ? rtmsg_ifinfo+0xd4/0x100 [ 35.869406] ? __dev_notify_flags+0x12b/0x260 [ 35.873875] ? dev_change_name+0x6a0/0x6a0 [ 35.878085] ? bond_update_slave_arr+0x670/0x670 [ 35.882817] do_set_master+0x19e/0x200 [ 35.886715] rtnl_newlink+0x134c/0x1810 [ 35.890671] ? __lock_acquire+0x5fc/0x3f20 [ 35.894893] ? kmem_cache_free+0x7c/0x2b0 [ 35.899018] ? rtnl_dellink+0x6a0/0x6a0 [ 35.902966] ? trace_hardirqs_on+0x10/0x10 [ 35.907184] ? lock_acquire+0x170/0x3f0 [ 35.911148] ? lock_acquire+0x170/0x3f0 [ 35.915365] ? lock_downgrade+0x740/0x740 [ 35.919488] ? rtnl_dellink+0x6a0/0x6a0 [ 35.923434] rtnetlink_rcv_msg+0x3be/0xb10 [ 35.927652] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 35.932130] ? __netlink_lookup+0x345/0x5d0 [ 35.936425] ? netdev_pick_tx+0x2e0/0x2e0 [ 35.940557] netlink_rcv_skb+0x125/0x390 [ 35.944590] ? memcpy+0x35/0x50 [ 35.947855] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 35.952326] ? netlink_ack+0x9a0/0x9a0 [ 35.956192] netlink_unicast+0x437/0x610 [ 35.961390] ? netlink_sendskb+0xd0/0xd0 [ 35.965430] netlink_sendmsg+0x62e/0xb80 [ 35.969479] ? nlmsg_notify+0x170/0x170 [ 35.973427] ? kernel_recvmsg+0x210/0x210 [ 35.977547] ? security_socket_sendmsg+0x83/0xb0 [ 35.982277] ? nlmsg_notify+0x170/0x170 [ 35.986235] sock_sendmsg+0xb5/0x100 [ 35.990009] ___sys_sendmsg+0x6c8/0x800 [ 35.993956] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 35.998685] ? trace_hardirqs_on+0x10/0x10 [ 36.002903] ? trace_hardirqs_on+0x10/0x10 [ 36.007135] ? trace_hardirqs_on+0x10/0x10 [ 36.011441] ? trace_hardirqs_on+0x10/0x10 [ 36.015649] ? fs_reclaim_release+0xd0/0x110 [ 36.020031] ? __might_fault+0x104/0x1b0 [ 36.024076] ? lock_acquire+0x170/0x3f0 [ 36.028023] ? lock_downgrade+0x740/0x740 [ 36.032147] ? __might_fault+0x177/0x1b0 [ 36.036196] ? _copy_to_user+0x82/0xd0 [ 36.040068] ? move_addr_to_user+0x13f/0x180 [ 36.044465] ? __fdget+0x167/0x1f0 [ 36.047990] ? sockfd_lookup_light+0xb2/0x160 [ 36.052460] __sys_sendmsg+0xa3/0x120 [ 36.056243] ? SyS_shutdown+0x160/0x160 [ 36.060194] ? move_addr_to_kernel+0x60/0x60 [ 36.064577] SyS_sendmsg+0x27/0x40 [ 36.068094] ? __sys_sendmsg+0x120/0x120 [ 36.072133] do_syscall_64+0x1d5/0x640 [ 36.075995] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.081168] RIP: 0033:0x443d29 [ 36.084341] RSP: 002b:00007ffd89e04078 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 36.092029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443d29 [ 36.099627] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010 [ 36.106893] RBP: 00007ffd89e04090 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 36.114143] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00007ffd89e040c0 [ 36.121390] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000