[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   55.137282][   T27] audit: type=1800 audit(1581925938.571:25): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   55.156806][   T27] audit: type=1800 audit(1581925938.581:26): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   55.177907][   T27] audit: type=1800 audit(1581925938.581:27): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts.
2020/02/17 07:52:29 parsed 1 programs
2020/02/17 07:52:30 executed programs: 0
syzkaller login: [   67.312822][ T9164] IPVS: ftp: loaded support on port[0] = 21
[   67.365803][ T9164] chnl_net:caif_netlink_parms(): no params data found
[   67.412059][ T9164] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.419798][ T9164] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.427502][ T9164] device bridge_slave_0 entered promiscuous mode
[   67.436584][ T9164] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.444073][ T9164] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.451743][ T9164] device bridge_slave_1 entered promiscuous mode
[   67.468929][ T9164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.480199][ T9164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.498598][ T9164] team0: Port device team_slave_0 added
[   67.506905][ T9164] team0: Port device team_slave_1 added
[   67.521346][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.528506][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.555234][ T9164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.567383][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.574444][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.600827][ T9164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.681583][ T9164] device hsr_slave_0 entered promiscuous mode
[   67.749745][ T9164] device hsr_slave_1 entered promiscuous mode
[   67.887974][ T9164] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.922155][ T9164] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.982644][ T9164] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.031491][ T9164] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.083148][ T9164] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.090505][ T9164] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.098794][ T9164] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.106132][ T9164] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.145213][ T9164] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.158692][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.168556][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.177705][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.186126][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   68.199346][ T9164] 8021q: adding VLAN 0 to HW filter on device team0
[   68.210975][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.220461][ T2728] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.227530][ T2728] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.250641][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.259303][ T3515] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.266423][ T3515] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.274787][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.283578][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.292416][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.301243][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.312729][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.323583][ T9164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.340695][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   68.348304][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   68.360999][ T9164] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.380190][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   68.389128][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   68.406922][ T9164] device veth0_vlan entered promiscuous mode
[   68.419227][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   68.427836][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   68.437648][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   68.446735][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   68.461054][ T9164] device veth1_vlan entered promiscuous mode
[   68.478480][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   68.490791][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   68.498671][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   68.507434][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.518574][ T9164] device veth0_macvtap entered promiscuous mode
[   68.528334][ T9164] device veth1_macvtap entered promiscuous mode
[   68.543135][ T9164] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.551551][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   68.561737][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   68.570212][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.578693][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.590674][ T9164] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.599971][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.608428][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.852587][ T9554] 
[   70.854972][ T9554] ======================================================
[   70.862205][ T9554] WARNING: possible circular locking dependency detected
[   70.870444][ T9554] 5.6.0-rc2-syzkaller #0 Not tainted
[   70.875707][ T9554] ------------------------------------------------------
[   70.882716][ T9554] syz-executor.0/9554 is trying to acquire lock:
[   70.889921][ T9554] ffffe8ffffdc2458 (&l->lock){....}, at: bpf_lru_push_free+0xb6/0xab0
[   70.899055][ T9554] 
[   70.899055][ T9554] but task is already holding lock:
[   70.907180][ T9554] ffff8880a90240a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x575/0x1880
[   70.919654][ T9554] 
[   70.919654][ T9554] which lock already depends on the new lock.
[   70.919654][ T9554] 
[   70.930620][ T9554] 
[   70.930620][ T9554] the existing dependency chain (in reverse order) is:
[   70.940459][ T9554] 
[   70.940459][ T9554] -> #1 (&htab->buckets[i].lock){....}:
[   70.948194][ T9554]        lock_acquire+0x154/0x250
[   70.953274][ T9554]        _raw_spin_lock_irqsave+0xa1/0xc0
[   70.959234][ T9554]        htab_lru_map_delete_node+0x9c/0x290
[   70.965213][ T9554]        __bpf_lru_list_shrink+0x1ee/0xc80
[   70.971398][ T9554]        bpf_lru_pop_free+0x338/0x1c90
[   70.976965][ T9554]        __htab_lru_percpu_map_update_elem+0x14c/0x10d0
[   70.984354][ T9554]        bpf_percpu_hash_update+0xe0/0x1a0
[   70.990270][ T9554]        bpf_map_update_value+0x257/0x720
[   70.996428][ T9554]        generic_map_update_batch+0x42d/0x6e0
[   71.002832][ T9554]        bpf_map_do_batch+0x3df/0x500
[   71.009395][ T9554]        __do_sys_bpf+0x947/0xc160
[   71.014757][ T9554]        __x64_sys_bpf+0x7a/0x90
[   71.019682][ T9554]        do_syscall_64+0xf7/0x1c0
[   71.026133][ T9554]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.033621][ T9554] 
[   71.033621][ T9554] -> #0 (&l->lock){....}:
[   71.040278][ T9554]        validate_chain+0x1507/0x7be0
[   71.045878][ T9554]        __lock_acquire+0xc5a/0x1bc0
[   71.051340][ T9554]        lock_acquire+0x154/0x250
[   71.056555][ T9554]        _raw_spin_lock_irqsave+0xa1/0xc0
[   71.062353][ T9554]        bpf_lru_push_free+0xb6/0xab0
[   71.067881][ T9554]        __htab_map_lookup_and_delete_batch+0xd87/0x1880
[   71.076639][ T9554]        htab_lru_percpu_map_lookup_and_delete_batch+0x36/0x40
[   71.087106][ T9554]        bpf_map_do_batch+0x3df/0x500
[   71.094282][ T9554]        __do_sys_bpf+0x947/0xc160
[   71.099725][ T9554]        __x64_sys_bpf+0x7a/0x90
[   71.104837][ T9554]        do_syscall_64+0xf7/0x1c0
[   71.109907][ T9554]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.116757][ T9554] 
[   71.116757][ T9554] other info that might help us debug this:
[   71.116757][ T9554] 
[   71.128709][ T9554]  Possible unsafe locking scenario:
[   71.128709][ T9554] 
[   71.137804][ T9554]        CPU0                    CPU1
[   71.143885][ T9554]        ----                    ----
[   71.149834][ T9554]   lock(&htab->buckets[i].lock);
[   71.154846][ T9554]                                lock(&l->lock);
[   71.161385][ T9554]                                lock(&htab->buckets[i].lock);
[   71.169525][ T9554]   lock(&l->lock);
[   71.173496][ T9554] 
[   71.173496][ T9554]  *** DEADLOCK ***
[   71.173496][ T9554] 
[   71.181976][ T9554] 2 locks held by syz-executor.0/9554:
[   71.187593][ T9554]  #0: ffffffff892d9908 (rcu_read_lock){....}, at: rcu_lock_acquire+0x9/0x40
[   71.196520][ T9554]  #1: ffff8880a90240a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x575/0x1880
[   71.208275][ T9554] 
[   71.208275][ T9554] stack backtrace:
[   71.214287][ T9554] CPU: 1 PID: 9554 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0
[   71.224281][ T9554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.235100][ T9554] Call Trace:
[   71.238409][ T9554]  dump_stack+0x1fb/0x318
[   71.242746][ T9554]  print_circular_bug+0xc3f/0xe70
[   71.247771][ T9554]  ? stack_trace_save+0xb1/0x150
[   71.252702][ T9554]  ? save_trace+0x4b/0x9f0
[   71.257121][ T9554]  check_noncircular+0x206/0x3a0
[   71.262094][ T9554]  validate_chain+0x1507/0x7be0
[   71.266938][ T9554]  ? rcu_lock_release+0x21/0x30
[   71.272264][ T9554]  ? __kasan_check_read+0x11/0x20
[   71.277493][ T9554]  ? mark_lock+0x107/0x1650
[   71.282001][ T9554]  ? __kasan_check_read+0x11/0x20
[   71.287160][ T9554]  ? mark_lock+0x107/0x1650
[   71.291653][ T9554]  __lock_acquire+0xc5a/0x1bc0
[   71.296697][ T9554]  ? trace_lock_acquire+0x15b/0x1d0
[   71.301911][ T9554]  lock_acquire+0x154/0x250
[   71.306556][ T9554]  ? bpf_lru_push_free+0xb6/0xab0
[   71.311585][ T9554]  _raw_spin_lock_irqsave+0xa1/0xc0
[   71.317875][ T9554]  ? bpf_lru_push_free+0xb6/0xab0
[   71.323428][ T9554]  bpf_lru_push_free+0xb6/0xab0
[   71.328435][ T9554]  __htab_map_lookup_and_delete_batch+0xd87/0x1880
[   71.335085][ T9554]  htab_lru_percpu_map_lookup_and_delete_batch+0x36/0x40
[   71.342232][ T9554]  ? htab_lru_percpu_map_lookup_batch+0x40/0x40
[   71.348472][ T9554]  bpf_map_do_batch+0x3df/0x500
[   71.353487][ T9554]  __do_sys_bpf+0x947/0xc160
[   71.358324][ T9554]  ? check_preemption_disabled+0xb4/0x260
[   71.364053][ T9554]  ? debug_smp_processor_id+0x9/0x20
[   71.369327][ T9554]  ? debug_smp_processor_id+0x1c/0x20
[   71.375166][ T9554]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   71.381286][ T9554]  ? prepare_exit_to_usermode+0x221/0x5b0
[   71.387229][ T9554]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   71.392949][ T9554]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   71.398407][ T9554]  ? trace_irq_disable_rcuidle+0x23/0x1e0
[   71.404146][ T9554]  ? do_syscall_64+0x1d/0x1c0
[   71.408942][ T9554]  __x64_sys_bpf+0x7a/0x90
[   71.413356][ T9554]  do_syscall_64+0xf7/0x1c0
[   71.417846][ T9554]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.423925][ T9554] RIP: 0033:0x45c6c9
[   71.429017][ T9554] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   71.449045][ T9554] RSP: 002b:00007f256ceb2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   71.458614][ T9554] RAX: ffffffffffffffda RBX: 00007f256ceb36d4 RCX: 000000000045c6c9
[   71.466829][ T9554] RDX: 0000000000000038 RSI: 0000000020000180 RDI: 0000000000000019
[   71.475215][ T9554] RBP: 000000000076c070 R08: 0000000000000000 R09: 0000000000000000
[   71.483218][ T9554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[   71.491409][ T9554] R13: 0000000000000062 R14: 00000000004c2ec4 R15: 000000000076c07c
2020/02/17 07:52:35 executed programs: 140
2020/02/17 07:52:40 executed programs: 463