[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.137282][ T27] audit: type=1800 audit(1581925938.571:25): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 55.156806][ T27] audit: type=1800 audit(1581925938.581:26): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 55.177907][ T27] audit: type=1800 audit(1581925938.581:27): pid=8996 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. 2020/02/17 07:52:29 parsed 1 programs 2020/02/17 07:52:30 executed programs: 0 syzkaller login: [ 67.312822][ T9164] IPVS: ftp: loaded support on port[0] = 21 [ 67.365803][ T9164] chnl_net:caif_netlink_parms(): no params data found [ 67.412059][ T9164] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.419798][ T9164] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.427502][ T9164] device bridge_slave_0 entered promiscuous mode [ 67.436584][ T9164] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.444073][ T9164] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.451743][ T9164] device bridge_slave_1 entered promiscuous mode [ 67.468929][ T9164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.480199][ T9164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.498598][ T9164] team0: Port device team_slave_0 added [ 67.506905][ T9164] team0: Port device team_slave_1 added [ 67.521346][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.528506][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.555234][ T9164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.567383][ T9164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.574444][ T9164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.600827][ T9164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.681583][ T9164] device hsr_slave_0 entered promiscuous mode [ 67.749745][ T9164] device hsr_slave_1 entered promiscuous mode [ 67.887974][ T9164] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.922155][ T9164] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.982644][ T9164] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.031491][ T9164] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.083148][ T9164] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.090505][ T9164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.098794][ T9164] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.106132][ T9164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.145213][ T9164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.158692][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.168556][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.177705][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.186126][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.199346][ T9164] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.210975][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.220461][ T2728] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.227530][ T2728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.250641][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.259303][ T3515] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.266423][ T3515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.274787][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.283578][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.292416][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.301243][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.312729][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.323583][ T9164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.340695][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.348304][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.360999][ T9164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.380190][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 68.389128][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.406922][ T9164] device veth0_vlan entered promiscuous mode [ 68.419227][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.427836][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.437648][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.446735][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.461054][ T9164] device veth1_vlan entered promiscuous mode [ 68.478480][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.490791][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.498671][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.507434][ T3515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.518574][ T9164] device veth0_macvtap entered promiscuous mode [ 68.528334][ T9164] device veth1_macvtap entered promiscuous mode [ 68.543135][ T9164] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.551551][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.561737][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.570212][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.578693][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.590674][ T9164] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.599971][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.608428][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.852587][ T9554] [ 70.854972][ T9554] ====================================================== [ 70.862205][ T9554] WARNING: possible circular locking dependency detected [ 70.870444][ T9554] 5.6.0-rc2-syzkaller #0 Not tainted [ 70.875707][ T9554] ------------------------------------------------------ [ 70.882716][ T9554] syz-executor.0/9554 is trying to acquire lock: [ 70.889921][ T9554] ffffe8ffffdc2458 (&l->lock){....}, at: bpf_lru_push_free+0xb6/0xab0 [ 70.899055][ T9554] [ 70.899055][ T9554] but task is already holding lock: [ 70.907180][ T9554] ffff8880a90240a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x575/0x1880 [ 70.919654][ T9554] [ 70.919654][ T9554] which lock already depends on the new lock. [ 70.919654][ T9554] [ 70.930620][ T9554] [ 70.930620][ T9554] the existing dependency chain (in reverse order) is: [ 70.940459][ T9554] [ 70.940459][ T9554] -> #1 (&htab->buckets[i].lock){....}: [ 70.948194][ T9554] lock_acquire+0x154/0x250 [ 70.953274][ T9554] _raw_spin_lock_irqsave+0xa1/0xc0 [ 70.959234][ T9554] htab_lru_map_delete_node+0x9c/0x290 [ 70.965213][ T9554] __bpf_lru_list_shrink+0x1ee/0xc80 [ 70.971398][ T9554] bpf_lru_pop_free+0x338/0x1c90 [ 70.976965][ T9554] __htab_lru_percpu_map_update_elem+0x14c/0x10d0 [ 70.984354][ T9554] bpf_percpu_hash_update+0xe0/0x1a0 [ 70.990270][ T9554] bpf_map_update_value+0x257/0x720 [ 70.996428][ T9554] generic_map_update_batch+0x42d/0x6e0 [ 71.002832][ T9554] bpf_map_do_batch+0x3df/0x500 [ 71.009395][ T9554] __do_sys_bpf+0x947/0xc160 [ 71.014757][ T9554] __x64_sys_bpf+0x7a/0x90 [ 71.019682][ T9554] do_syscall_64+0xf7/0x1c0 [ 71.026133][ T9554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.033621][ T9554] [ 71.033621][ T9554] -> #0 (&l->lock){....}: [ 71.040278][ T9554] validate_chain+0x1507/0x7be0 [ 71.045878][ T9554] __lock_acquire+0xc5a/0x1bc0 [ 71.051340][ T9554] lock_acquire+0x154/0x250 [ 71.056555][ T9554] _raw_spin_lock_irqsave+0xa1/0xc0 [ 71.062353][ T9554] bpf_lru_push_free+0xb6/0xab0 [ 71.067881][ T9554] __htab_map_lookup_and_delete_batch+0xd87/0x1880 [ 71.076639][ T9554] htab_lru_percpu_map_lookup_and_delete_batch+0x36/0x40 [ 71.087106][ T9554] bpf_map_do_batch+0x3df/0x500 [ 71.094282][ T9554] __do_sys_bpf+0x947/0xc160 [ 71.099725][ T9554] __x64_sys_bpf+0x7a/0x90 [ 71.104837][ T9554] do_syscall_64+0xf7/0x1c0 [ 71.109907][ T9554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.116757][ T9554] [ 71.116757][ T9554] other info that might help us debug this: [ 71.116757][ T9554] [ 71.128709][ T9554] Possible unsafe locking scenario: [ 71.128709][ T9554] [ 71.137804][ T9554] CPU0 CPU1 [ 71.143885][ T9554] ---- ---- [ 71.149834][ T9554] lock(&htab->buckets[i].lock); [ 71.154846][ T9554] lock(&l->lock); [ 71.161385][ T9554] lock(&htab->buckets[i].lock); [ 71.169525][ T9554] lock(&l->lock); [ 71.173496][ T9554] [ 71.173496][ T9554] *** DEADLOCK *** [ 71.173496][ T9554] [ 71.181976][ T9554] 2 locks held by syz-executor.0/9554: [ 71.187593][ T9554] #0: ffffffff892d9908 (rcu_read_lock){....}, at: rcu_lock_acquire+0x9/0x40 [ 71.196520][ T9554] #1: ffff8880a90240a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x575/0x1880 [ 71.208275][ T9554] [ 71.208275][ T9554] stack backtrace: [ 71.214287][ T9554] CPU: 1 PID: 9554 Comm: syz-executor.0 Not tainted 5.6.0-rc2-syzkaller #0 [ 71.224281][ T9554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.235100][ T9554] Call Trace: [ 71.238409][ T9554] dump_stack+0x1fb/0x318 [ 71.242746][ T9554] print_circular_bug+0xc3f/0xe70 [ 71.247771][ T9554] ? stack_trace_save+0xb1/0x150 [ 71.252702][ T9554] ? save_trace+0x4b/0x9f0 [ 71.257121][ T9554] check_noncircular+0x206/0x3a0 [ 71.262094][ T9554] validate_chain+0x1507/0x7be0 [ 71.266938][ T9554] ? rcu_lock_release+0x21/0x30 [ 71.272264][ T9554] ? __kasan_check_read+0x11/0x20 [ 71.277493][ T9554] ? mark_lock+0x107/0x1650 [ 71.282001][ T9554] ? __kasan_check_read+0x11/0x20 [ 71.287160][ T9554] ? mark_lock+0x107/0x1650 [ 71.291653][ T9554] __lock_acquire+0xc5a/0x1bc0 [ 71.296697][ T9554] ? trace_lock_acquire+0x15b/0x1d0 [ 71.301911][ T9554] lock_acquire+0x154/0x250 [ 71.306556][ T9554] ? bpf_lru_push_free+0xb6/0xab0 [ 71.311585][ T9554] _raw_spin_lock_irqsave+0xa1/0xc0 [ 71.317875][ T9554] ? bpf_lru_push_free+0xb6/0xab0 [ 71.323428][ T9554] bpf_lru_push_free+0xb6/0xab0 [ 71.328435][ T9554] __htab_map_lookup_and_delete_batch+0xd87/0x1880 [ 71.335085][ T9554] htab_lru_percpu_map_lookup_and_delete_batch+0x36/0x40 [ 71.342232][ T9554] ? htab_lru_percpu_map_lookup_batch+0x40/0x40 [ 71.348472][ T9554] bpf_map_do_batch+0x3df/0x500 [ 71.353487][ T9554] __do_sys_bpf+0x947/0xc160 [ 71.358324][ T9554] ? check_preemption_disabled+0xb4/0x260 [ 71.364053][ T9554] ? debug_smp_processor_id+0x9/0x20 [ 71.369327][ T9554] ? debug_smp_processor_id+0x1c/0x20 [ 71.375166][ T9554] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 71.381286][ T9554] ? prepare_exit_to_usermode+0x221/0x5b0 [ 71.387229][ T9554] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 71.392949][ T9554] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 71.398407][ T9554] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 71.404146][ T9554] ? do_syscall_64+0x1d/0x1c0 [ 71.408942][ T9554] __x64_sys_bpf+0x7a/0x90 [ 71.413356][ T9554] do_syscall_64+0xf7/0x1c0 [ 71.417846][ T9554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.423925][ T9554] RIP: 0033:0x45c6c9 [ 71.429017][ T9554] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.449045][ T9554] RSP: 002b:00007f256ceb2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 71.458614][ T9554] RAX: ffffffffffffffda RBX: 00007f256ceb36d4 RCX: 000000000045c6c9 [ 71.466829][ T9554] RDX: 0000000000000038 RSI: 0000000020000180 RDI: 0000000000000019 [ 71.475215][ T9554] RBP: 000000000076c070 R08: 0000000000000000 R09: 0000000000000000 [ 71.483218][ T9554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 71.491409][ T9554] R13: 0000000000000062 R14: 00000000004c2ec4 R15: 000000000076c07c 2020/02/17 07:52:35 executed programs: 140 2020/02/17 07:52:40 executed programs: 463