[   90.095111][   T27] audit: type=1800 audit(1579865584.816:25): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   91.087063][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   91.087074][   T27] audit: type=1800 audit(1579865585.806:29): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   91.113912][   T27] audit: type=1800 audit(1579865585.806:30): pid=9535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts.
2020/01/24 11:34:05 parsed 1 programs
2020/01/24 11:34:06 executed programs: 0
syzkaller login: [  152.308032][ T9706] IPVS: ftp: loaded support on port[0] = 21
[  152.368756][ T9706] chnl_net:caif_netlink_parms(): no params data found
[  152.398307][ T9706] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.406359][ T9706] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.414851][ T9706] device bridge_slave_0 entered promiscuous mode
[  152.423370][ T9706] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.430708][ T9706] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.438459][ T9706] device bridge_slave_1 entered promiscuous mode
[  152.456321][ T9706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  152.468488][ T9706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  152.487567][ T9706] team0: Port device team_slave_0 added
[  152.495524][ T9706] team0: Port device team_slave_1 added
[  152.509927][ T9706] batman_adv: batadv0: Adding interface: batadv_slave_0
[  152.517134][ T9706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.544510][ T9706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  152.556908][ T9706] batman_adv: batadv0: Adding interface: batadv_slave_1
[  152.564060][ T9706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  152.590928][ T9706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  152.656109][ T9706] device hsr_slave_0 entered promiscuous mode
[  152.714149][ T9706] device hsr_slave_1 entered promiscuous mode
[  152.827614][ T9706] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  152.876611][ T9706] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  152.936039][ T9706] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  152.976442][ T9706] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  153.027406][ T9706] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.034616][ T9706] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.042333][ T9706] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.049468][ T9706] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.095956][ T9706] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.108524][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  153.119302][ T2714] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.127584][ T2714] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.136152][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  153.150084][ T9706] 8021q: adding VLAN 0 to HW filter on device team0
[  153.161326][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  153.170877][ T3103] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.178236][ T3103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.190430][ T2714] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  153.199482][ T2714] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.206757][ T2714] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.225358][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  153.235077][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  153.247065][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  153.263023][ T9706] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  153.274289][ T9706] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  153.286408][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  153.295793][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  153.304755][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  153.324336][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  153.331799][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  153.343386][ T9706] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.363246][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  153.382912][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  153.392455][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  153.401957][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  153.409906][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  153.419845][ T9706] device veth0_vlan entered promiscuous mode
[  153.431309][ T9706] device veth1_vlan entered promiscuous mode
[  153.453704][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  153.462002][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  153.470257][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  153.478794][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  153.490087][ T9706] device veth0_macvtap entered promiscuous mode
[  153.500400][ T9706] device veth1_macvtap entered promiscuous mode
[  153.516973][ T9706] batman_adv: batadv0: Interface activated: batadv_slave_0
[  153.524698][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  153.532925][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  153.541105][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  153.550147][ T3103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  153.563047][ T9706] batman_adv: batadv0: Interface activated: batadv_slave_1
[  153.571446][ T2713] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  153.581193][ T2713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/01/24 11:34:11 executed programs: 52
2020/01/24 11:34:17 executed programs: 126
[  163.075848][T10390] 
[  163.078560][T10390] =============================
[  163.084030][T10390] WARNING: suspicious RCU usage
[  163.088948][T10390] 5.5.0-rc6-next-20200116-syzkaller #0 Not tainted
[  163.096064][T10390] -----------------------------
[  163.100972][T10390] net/netfilter/ipset/ip_set_core.c:1001 suspicious rcu_dereference_protected() usage!
[  163.111030][T10390] 
[  163.111030][T10390] other info that might help us debug this:
[  163.111030][T10390] 
[  163.121837][T10390] 
[  163.121837][T10390] rcu_scheduler_active = 2, debug_locks = 1
[  163.130182][T10390] 1 lock held by syz-executor.0/10390:
[  163.135676][T10390]  #0: ffff88809726c5d8 (nlk_cb_mutex-NETFILTER){+.+.}, at: netlink_dump+0xe7/0xfb0
[  163.145414][T10390] 
[  163.145414][T10390] stack backtrace:
[  163.151428][T10390] CPU: 0 PID: 10390 Comm: syz-executor.0 Not tainted 5.5.0-rc6-next-20200116-syzkaller #0
[  163.161707][T10390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  163.171835][T10390] Call Trace:
[  163.175239][T10390]  dump_stack+0x197/0x210
[  163.179668][T10390]  lockdep_rcu_suspicious+0x153/0x15d
[  163.185034][T10390]  find_set_and_id.isra.0+0x227/0x330
[  163.190418][T10390]  dump_init+0x1c1/0x3b0
[  163.194682][T10390]  ? find_set_and_id.isra.0+0x330/0x330
[  163.200231][T10390]  ? __kasan_check_read+0x11/0x20
[  163.205258][T10390]  ip_set_dump_start+0x9e6/0x1ca0
[  163.210283][T10390]  ? __kmalloc_node_track_caller+0x4e/0x70
[  163.216086][T10390]  ? __phys_addr+0xa4/0x120
[  163.220592][T10390]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  163.226828][T10390]  ? ip_set_rename+0x720/0x720
[  163.231716][T10390]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  163.237256][T10390]  ? __kasan_check_write+0x14/0x20
[  163.242382][T10390]  netlink_dump+0x558/0xfb0
[  163.246998][T10390]  ? __netlink_sendskb+0xc0/0xc0
[  163.251992][T10390]  ? kmem_cache_free+0x26b/0x320
[  163.256940][T10390]  ? kfree_skbmem+0x100/0x1c0
[  163.261630][T10390]  ? consume_skb+0x108/0x410
[  163.266290][T10390]  netlink_recvmsg+0xbb4/0xf50
[  163.271098][T10390]  ? netlink_dump+0xfb0/0xfb0
[  163.275851][T10390]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  163.281390][T10390]  ? apparmor_socket_recvmsg+0x2a/0x30
[  163.286902][T10390]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  163.293167][T10390]  ? security_socket_recvmsg+0x95/0xc0
[  163.298631][T10390]  ? netlink_dump+0xfb0/0xfb0
[  163.303306][T10390]  sock_recvmsg+0xce/0x110
[  163.307721][T10390]  __sys_recvfrom+0x1ff/0x350
[  163.312390][T10390]  ? __ia32_sys_send+0x100/0x100
[  163.317337][T10390]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  163.323730][T10390]  ? put_timespec64+0xda/0x140
[  163.328517][T10390]  ? ns_to_kernel_old_timeval+0x100/0x100
[  163.334380][T10390]  ? __x64_sys_futex+0x404/0x590
[  163.339370][T10390]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  163.344834][T10390]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  163.350501][T10390]  ? do_syscall_64+0x26/0x790
[  163.355259][T10390]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  163.361328][T10390]  __x64_sys_recvfrom+0xe1/0x1a0
[  163.366491][T10390]  do_syscall_64+0xfa/0x790
[  163.370999][T10390]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  163.377016][T10390] RIP: 0033:0x45b349
[  163.380906][T10390] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  163.400655][T10390] RSP: 002b:00007f8fb5abec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  163.409080][T10390] RAX: ffffffffffffffda RBX: 00007f8fb5abf6d4 RCX: 000000000045b349
[  163.417060][T10390] RDX: 36ff0824c68970de RSI: 0000000000000000 RDI: 0000000000000003
[  163.425031][T10390] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000226
[  163.433036][T10390] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  163.441084][T10390] R13: 0000000000000860 R14: 00000000004c9c9c R15: 000000000075bf2c
2020/01/24 11:34:22 executed programs: 193
2020/01/24 11:34:27 executed programs: 267