[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.714249] kauditd_printk_skb: 7 callbacks suppressed [ 26.714261] audit: type=1800 audit(1540298212.671:29): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.748798] audit: type=1800 audit(1540298212.671:30): pid=5447 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. 2018/10/23 12:37:16 fuzzer started 2018/10/23 12:37:19 dialing manager at 10.128.0.26:34311 2018/10/23 12:37:19 syscalls: 1 2018/10/23 12:37:19 code coverage: enabled 2018/10/23 12:37:19 comparison tracing: enabled 2018/10/23 12:37:19 setuid sandbox: enabled 2018/10/23 12:37:19 namespace sandbox: enabled 2018/10/23 12:37:19 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/23 12:37:19 fault injection: enabled 2018/10/23 12:37:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/23 12:37:19 net packed injection: enabled 2018/10/23 12:37:19 net device setup: enabled 12:40:38 executing program 0: io_setup(0x4, &(0x7f0000000180)=0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) io_getevents(r0, 0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540)={0x0, 0x1c9c380}) syzkaller login: [ 252.824596] IPVS: ftp: loaded support on port[0] = 21 12:40:38 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000640)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000006c0)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)="131377c5fc35d41454d5d41d29ad1a6029598146e6be166e41ad0dbd4054033c9f33bbda8224a2f3d772e7636e48b33cbf708372e8f1b9933ec5127743be2206209ef02df9cbf2f6e880d3382f00", r1, &(0x7f00000000c0)='./file0\x00') [ 253.090025] IPVS: ftp: loaded support on port[0] = 21 12:40:39 executing program 2: perf_event_open$cgroup(&(0x7f00000004c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280), 0x12) perf_event_open(&(0x7f00000005c0)={0x4, 0x70, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x7cce, 0xffffffffffff5c4d, 0x0, 0x9, 0xfdd, 0x5, 0x0, 0x5, 0x10001, 0x9, 0x8, 0x0, 0x8001, 0x7, 0x0, 0x7fffffff, 0x9, 0x1, 0x9, 0x6, 0x0, 0x5, 0x101, 0x7, 0x6, 0x1000, 0x0, 0x6, 0x2, @perf_config_ext={0x3, 0x7}, 0x0, 0x1, 0x0, 0x0, 0x7fffffff, 0x0, 0xfffffffffffffe00}, 0x0, 0x5, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x4, 0x200, 0x5, 0x0, 0x0, 0xffff, 0x80200, 0x8, 0x0, 0x50, 0xfa4, 0x6, 0x7, 0x400, 0x0, 0x0, 0x4a85, 0x0, 0x5, 0x6, 0x0, 0x7fff, 0x7, 0x5, 0x7fffffff, 0x0, 0x6b1, 0x9, 0x80000000, 0x0, 0xfff, 0x0, 0x3, 0x7fff, 0x5, 0x6, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x6, 0x7, 0x80, 0x4, 0x6}, 0x0, 0x1, 0xffffffffffffffff, 0x1) [ 253.432906] IPVS: ftp: loaded support on port[0] = 21 12:40:39 executing program 3: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x4207, r1) ptrace$setregset(0x4209, r1, 0x0, &(0x7f0000000040)={&(0x7f0000000040)}) [ 254.032447] IPVS: ftp: loaded support on port[0] = 21 [ 254.311518] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.318248] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.331713] device bridge_slave_0 entered promiscuous mode 12:40:40 executing program 4: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00'}) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) socket$packet(0x11, 0x3, 0x300) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 254.469060] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.501620] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.511240] device bridge_slave_1 entered promiscuous mode [ 254.639048] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 254.654016] IPVS: ftp: loaded support on port[0] = 21 [ 254.802061] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 254.967413] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.980899] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.988260] device bridge_slave_0 entered promiscuous mode 12:40:41 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000d000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x180000000000000a, 0xe, 0x29, &(0x7f0000000000)="b90703e69ebf08bb64879e1086dd", &(0x7f0000000140)=""/41, 0x69}, 0x28) [ 255.148642] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.156722] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.164486] device bridge_slave_1 entered promiscuous mode [ 255.232915] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 255.297185] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 255.349049] IPVS: ftp: loaded support on port[0] = 21 [ 255.415693] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 255.433162] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 255.544995] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.555160] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.569992] device bridge_slave_0 entered promiscuous mode [ 255.702203] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.721105] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.728488] device bridge_slave_1 entered promiscuous mode [ 255.858075] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 255.872509] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 256.029928] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 256.061664] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 256.069304] team0: Port device team_slave_0 added [ 256.092615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 256.157026] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 256.178199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 256.235081] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 256.261532] team0: Port device team_slave_1 added [ 256.269487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 256.311855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 256.367473] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.381378] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.388816] device bridge_slave_0 entered promiscuous mode [ 256.399394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 256.427179] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 256.503604] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 256.530078] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.551973] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.560953] device bridge_slave_1 entered promiscuous mode [ 256.579428] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 256.622989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 256.631138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.642077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.727442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 256.742410] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 256.749903] team0: Port device team_slave_0 added [ 256.796983] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 256.807866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.825492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 256.863734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 256.887165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 256.905666] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 256.937177] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 256.955836] team0: Port device team_slave_1 added [ 256.967701] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.989570] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.014885] device bridge_slave_0 entered promiscuous mode [ 257.063789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 257.074875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 257.099204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 257.124847] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.146432] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.168102] device bridge_slave_1 entered promiscuous mode [ 257.193918] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 257.254104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 257.281649] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.306421] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 257.324311] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 257.339878] team0: Port device team_slave_0 added [ 257.348887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 257.371410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 257.380010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 257.412903] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 257.461584] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 257.469035] team0: Port device team_slave_1 added [ 257.492080] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 257.534279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 257.551318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.561084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 257.601737] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 257.624949] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 257.743791] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 257.847552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 257.859128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 257.908269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 257.930098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 257.961331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 257.994713] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 258.027987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 258.036606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 258.063451] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 258.101526] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.107906] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.132159] device bridge_slave_0 entered promiscuous mode [ 258.168323] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 258.240362] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.267530] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.281724] device bridge_slave_1 entered promiscuous mode [ 258.301851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 258.311535] team0: Port device team_slave_0 added [ 258.323946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 258.365369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 258.384114] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.390652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.397608] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.404052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.424004] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 258.433470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 258.474999] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 258.502727] team0: Port device team_slave_1 added [ 258.580587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 258.652548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 258.791014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 258.851879] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 258.930955] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 258.941537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 258.953355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 258.974741] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 258.994605] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 259.006686] team0: Port device team_slave_0 added [ 259.014330] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.020737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.027412] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.033883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.076431] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 259.093944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 259.108197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 259.131610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 259.153390] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 259.169219] team0: Port device team_slave_1 added [ 259.182541] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 259.271108] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 259.277976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 259.314833] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 259.333337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 259.349907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 259.384855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 259.427339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 259.472054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 259.478903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 259.508268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 259.660906] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 259.668061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 259.681608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 259.694494] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.700927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.707582] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.714012] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.736869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 259.791051] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 259.798186] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 259.807440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 259.870965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 259.878274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 259.930390] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 259.957881] team0: Port device team_slave_0 added [ 260.117548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 260.150367] team0: Port device team_slave_1 added [ 260.287636] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 260.307218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 260.322458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 260.402137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 260.409011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 260.417888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 260.531672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 260.538855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.551536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 260.635066] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.641515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.648173] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.654621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.671175] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 260.706611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 260.733513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 260.751301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 260.880632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 261.202905] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.209334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.216035] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.222472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.251862] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 261.961002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 262.091176] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.097576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 262.104308] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.110713] bridge0: port 1(bridge_slave_0) entered forwarding state [ 262.127563] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 263.000650] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.076979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.512642] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 264.800036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.985579] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 264.998541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.008442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 265.224591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.335088] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 265.363831] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.706443] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 265.898161] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 265.911297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 265.926964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 266.141459] 8021q: adding VLAN 0 to HW filter on device bond0 [ 266.211932] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 266.218094] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 266.231541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 266.383261] 8021q: adding VLAN 0 to HW filter on device team0 [ 266.575305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 266.682714] 8021q: adding VLAN 0 to HW filter on device team0 [ 266.741004] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 266.962179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 267.279837] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 267.300967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 267.310029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 267.340923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.365829] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 267.380826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 267.389826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 267.845598] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 267.869378] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.883847] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.323869] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 268.345497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 268.381367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 12:40:54 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) open(&(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) open$dir(&(0x7f0000000580)='./file0/file0\x00', 0x0, 0x0) close(r0) 12:40:54 executing program 0: [ 268.801110] 8021q: adding VLAN 0 to HW filter on device team0 12:40:54 executing program 0: 12:40:55 executing program 0: 12:40:55 executing program 0: 12:40:55 executing program 0: 12:40:55 executing program 0: 12:40:55 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000002000)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f0000006f3d)=""/195}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x1000000000000f, &(0x7f0000000000)=0x57bd, 0x4) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[]}}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000d83ff8), 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4) [ 269.702026] hrtimer: interrupt took 32328 ns 12:40:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$dspn(&(0x7f0000000200)='/dev/dsp#\x00', 0x0, 0x0) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180), 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[]}}, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RUNLINKAT(r1, &(0x7f00000001c0)={0x7}, 0x7) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}]}}) write$P9_RREADDIR(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a000000290100000000000000000000000000000000000000000000000000000007002e2f66696c6530"], 0x2a) write$P9_RGETATTR(r1, &(0x7f0000000200)={0xa0, 0x19, 0x1}, 0xa0) write$P9_RWALK(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="160000006f0100010000000000000000000000000000"], 0x16) write$P9_RSTAT(r1, &(0x7f0000000700)={0x56, 0x7d, 0x1, {0x0, 0x4f, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1, '(', 0x5, 'rfdno', 0x5, 'rfdno', 0x11, 'vboxnet1trustedlo'}}, 0x56) write$P9_RGETATTR(r1, &(0x7f0000000540)={0xa0, 0x19, 0x1}, 0xa0) write$P9_RLERROR(r1, &(0x7f0000000080)={0x1a, 0x7, 0x1, {0x11, 'vboxnet1trustedlo'}}, 0x1a) write$P9_RWRITE(r1, &(0x7f0000000400)={0xb, 0x77, 0x1}, 0xb) write$P9_RGETATTR(r1, &(0x7f0000000800)={0xa0, 0x19, 0x1}, 0xa0) write$P9_RSTATFS(r1, &(0x7f0000000440)={0x43, 0x9, 0x1}, 0x43) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000008c0)='9p\x00', 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) rename(&(0x7f0000000040)='./file0/file1\x00', &(0x7f00000000c0)='./file0/file0\x00') 12:40:56 executing program 3: r0 = semget(0x3, 0x0, 0x0) semop(r0, &(0x7f0000000040)=[{0x0, 0x8, 0x1000}], 0x1) semop(r0, &(0x7f0000000000)=[{0x1, 0x6, 0x1000}], 0x1) 12:40:56 executing program 4: sched_setaffinity(0x0, 0x375, &(0x7f0000000140)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00'}) bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) socket$packet(0x11, 0x3, 0x300) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x10, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 270.804687] ODEBUG: object 0000000075b7ed02 is on stack 0000000059b25407, but NOT annotated. [ 270.813688] kobject: 'loop4' (000000000ebc71c0): kobject_uevent_env [ 270.816046] WARNING: CPU: 1 PID: 7211 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 270.822156] kobject: 'loop4' (000000000ebc71c0): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 270.831421] Kernel panic - not syncing: panic_on_warn set ... [ 270.831437] CPU: 1 PID: 7211 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 270.831445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.831450] Call Trace: [ 270.831470] dump_stack+0x244/0x39d [ 270.831491] ? dump_stack_print_info.cold.1+0x20/0x20 [ 270.875933] panic+0x2ad/0x55c [ 270.879129] ? add_taint.cold.5+0x16/0x16 [ 270.883290] ? __warn.cold.8+0x5/0x45 [ 270.887094] ? __debug_object_init.cold.14+0x51/0xdf [ 270.892201] __warn.cold.8+0x20/0x45 [ 270.895918] ? __debug_object_init.cold.14+0x51/0xdf [ 270.901030] report_bug+0x254/0x2d0 [ 270.904661] do_error_trap+0x11b/0x200 [ 270.908552] do_invalid_op+0x36/0x40 [ 270.912736] ? __debug_object_init.cold.14+0x51/0xdf [ 270.917845] invalid_op+0x14/0x20 [ 270.921306] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 270.927017] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66 [ 270.945916] RSP: 0018:ffff880186a5f308 EFLAGS: 00010086 [ 270.951290] RAX: 0000000000000050 RBX: ffff880186a5faf8 RCX: ffffc9000bee6000 [ 270.958555] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005 [ 270.965822] RBP: ffff880186a5f560 R08: ffff8801d8c3b978 R09: ffffed003b5e5008 [ 270.973088] R10: ffffed003b5e5008 R11: ffff8801daf28047 R12: ffff8801b81ba040 [ 270.980355] R13: 0000000000060fc0 R14: ffff8801b81ba040 R15: ffff8801d8c3b968 [ 270.987726] ? vprintk_func+0x85/0x181 [ 270.991637] ? __debug_object_init.cold.14+0x4a/0xdf [ 270.996741] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 271.001334] ? debug_object_free+0x690/0x690 [ 271.005746] ? unwind_get_return_address+0x61/0xa0 [ 271.010689] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 271.015804] ? depot_save_stack+0x292/0x470 [ 271.020130] ? save_stack+0xa9/0xd0 [ 271.023758] ? save_stack+0x43/0xd0 [ 271.027391] ? kasan_kmalloc+0xc7/0xe0 [ 271.031278] ? bpf_test_init.isra.10+0x98/0x100 [ 271.035954] ? zap_class+0x640/0x640 [ 271.039666] ? do_syscall_64+0x1b9/0x820 [ 271.043737] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.049115] ? find_held_lock+0x36/0x1c0 [ 271.053181] debug_object_init+0x16/0x20 [ 271.057243] init_timer_key+0xa9/0x480 [ 271.061135] ? init_timer_on_stack_key+0xe0/0xe0 [ 271.065895] ? __might_fault+0x12b/0x1e0 [ 271.069956] ? __lockdep_init_map+0x105/0x590 [ 271.074452] ? __lockdep_init_map+0x105/0x590 [ 271.078948] ? lockdep_init_map+0x9/0x10 [ 271.083015] sock_init_data+0xe1/0xdc0 [ 271.086904] ? sk_stop_timer+0x50/0x50 [ 271.090805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.096347] ? _copy_from_user+0xdf/0x150 [ 271.100500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.106041] ? bpf_test_init.isra.10+0x70/0x100 [ 271.110719] bpf_prog_test_run_skb+0x255/0xc40 [ 271.115310] ? __lock_acquire+0x62f/0x4c20 [ 271.119550] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 271.124395] ? __lock_acquire+0x62f/0x4c20 [ 271.128714] ? fput+0x130/0x1a0 [ 271.132001] ? __bpf_prog_get+0x9b/0x290 [ 271.136069] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 271.140914] bpf_prog_test_run+0x130/0x1a0 [ 271.145153] __x64_sys_bpf+0x3d8/0x510 [ 271.149041] ? bpf_prog_get+0x20/0x20 [ 271.152858] do_syscall_64+0x1b9/0x820 [ 271.156747] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 271.162123] ? syscall_return_slowpath+0x5e0/0x5e0 [ 271.167055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.171899] ? trace_hardirqs_on_caller+0x310/0x310 [ 271.176919] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 271.181936] ? prepare_exit_to_usermode+0x291/0x3b0 [ 271.186961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.191811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.197002] RIP: 0033:0x457569 [ 271.200196] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 271.219099] RSP: 002b:00007f60175f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 271.226815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 271.234082] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 271.241353] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 271.248622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60175f86d4 [ 271.255890] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 271.263173] [ 271.263179] ====================================================== [ 271.263185] WARNING: possible circular locking dependency detected [ 271.263190] 4.19.0-rc8-next-20181019+ #98 Not tainted [ 271.263196] ------------------------------------------------------ [ 271.263202] syz-executor5/7211 is trying to acquire lock: [ 271.263206] 0000000007e1eeeb ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 271.263222] [ 271.263226] but task is already holding lock: [ 271.263230] 00000000b6059be8 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 271.263245] [ 271.263251] which lock already depends on the new lock. [ 271.263253] [ 271.263256] [ 271.263262] the existing dependency chain (in reverse order) is: [ 271.263264] [ 271.263267] -> #3 (&obj_hash[i].lock){-.-.}: [ 271.263288] _raw_spin_lock_irqsave+0x99/0xd0 [ 271.263293] __debug_object_init+0x127/0x1290 [ 271.263298] debug_object_init+0x16/0x20 [ 271.263302] hrtimer_init+0x97/0x490 [ 271.263307] init_dl_task_timer+0x1b/0x50 [ 271.263311] __sched_fork+0x2ae/0x590 [ 271.263316] init_idle+0x75/0x740 [ 271.263320] sched_init+0xb33/0xc02 [ 271.263324] start_kernel+0x4be/0xa2b [ 271.263329] x86_64_start_reservations+0x2e/0x30 [ 271.263334] x86_64_start_kernel+0x76/0x79 [ 271.263339] secondary_startup_64+0xa4/0xb0 [ 271.263341] [ 271.263344] -> #2 (&rq->lock){-.-.}: [ 271.263359] _raw_spin_lock+0x2d/0x40 [ 271.263363] task_fork_fair+0xb0/0x6d0 [ 271.263368] sched_fork+0x443/0xba0 [ 271.263372] copy_process+0x2585/0x8770 [ 271.263377] _do_fork+0x1cb/0x11c0 [ 271.263381] kernel_thread+0x34/0x40 [ 271.263385] rest_init+0x28/0x372 [ 271.263390] arch_call_rest_init+0xe/0x1b [ 271.263394] start_kernel+0x9f0/0xa2b [ 271.263399] x86_64_start_reservations+0x2e/0x30 [ 271.263404] x86_64_start_kernel+0x76/0x79 [ 271.263408] secondary_startup_64+0xa4/0xb0 [ 271.263411] [ 271.263414] -> #1 (&p->pi_lock){-.-.}: [ 271.263429] _raw_spin_lock_irqsave+0x99/0xd0 [ 271.263433] try_to_wake_up+0xd2/0x12e0 [ 271.263438] wake_up_process+0x10/0x20 [ 271.263442] __up.isra.1+0x1c0/0x2a0 [ 271.263446] up+0x13c/0x1c0 [ 271.263450] __up_console_sem+0xbe/0x1b0 [ 271.263455] console_unlock+0x80c/0x1190 [ 271.263459] vprintk_emit+0x391/0x990 [ 271.263464] vprintk_default+0x28/0x30 [ 271.263468] vprintk_func+0x7e/0x181 [ 271.263472] printk+0xa7/0xcf [ 271.263477] do_exit.cold.18+0x57/0x16f [ 271.263481] do_group_exit+0x177/0x440 [ 271.263486] __x64_sys_exit_group+0x3e/0x50 [ 271.263490] do_syscall_64+0x1b9/0x820 [ 271.263495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.263498] [ 271.263501] -> #0 ((console_sem).lock){-.-.}: [ 271.263516] lock_acquire+0x1ed/0x520 [ 271.263521] _raw_spin_lock_irqsave+0x99/0xd0 [ 271.263525] down_trylock+0x13/0x70 [ 271.263530] __down_trylock_console_sem+0xae/0x1f0 [ 271.263534] console_trylock+0x15/0xa0 [ 271.263539] vprintk_emit+0x372/0x990 [ 271.263543] vprintk_default+0x28/0x30 [ 271.263548] vprintk_func+0x7e/0x181 [ 271.263552] printk+0xa7/0xcf [ 271.263557] __debug_object_init.cold.14+0x4a/0xdf [ 271.263561] debug_object_init+0x16/0x20 [ 271.263566] init_timer_key+0xa9/0x480 [ 271.263570] sock_init_data+0xe1/0xdc0 [ 271.263575] bpf_prog_test_run_skb+0x255/0xc40 [ 271.263580] bpf_prog_test_run+0x130/0x1a0 [ 271.263584] __x64_sys_bpf+0x3d8/0x510 [ 271.263589] do_syscall_64+0x1b9/0x820 [ 271.263594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.263597] [ 271.263602] other info that might help us debug this: [ 271.263604] [ 271.263608] Chain exists of: [ 271.263610] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 271.263630] [ 271.263634] Possible unsafe locking scenario: [ 271.263637] [ 271.263642] CPU0 CPU1 [ 271.263646] ---- ---- [ 271.263649] lock(&obj_hash[i].lock); [ 271.263659] lock(&rq->lock); [ 271.263669] lock(&obj_hash[i].lock); [ 271.263678] lock((console_sem).lock); [ 271.263686] [ 271.263690] *** DEADLOCK *** [ 271.263693] [ 271.263697] 1 lock held by syz-executor5/7211: [ 271.263700] #0: 00000000b6059be8 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 271.263719] [ 271.263722] stack backtrace: [ 271.263729] CPU: 1 PID: 7211 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 271.263737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.263741] Call Trace: [ 271.263745] dump_stack+0x244/0x39d [ 271.263750] ? dump_stack_print_info.cold.1+0x20/0x20 [ 271.263755] ? vprintk_func+0x85/0x181 [ 271.263760] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 271.263764] ? save_trace+0xe0/0x290 [ 271.263777] __lock_acquire+0x3399/0x4c20 [ 271.263782] ? mark_held_locks+0x130/0x130 [ 271.263786] ? put_dec+0xf0/0xf0 [ 271.263791] ? mark_held_locks+0x130/0x130 [ 271.263795] ? zap_class+0x640/0x640 [ 271.263800] ? pointer_string+0x14e/0x1b0 [ 271.263804] ? number+0xca0/0xca0 [ 271.263808] ? print_usage_bug+0xc0/0xc0 [ 271.263812] ? ptr_to_id+0xd0/0x1d0 [ 271.263817] ? dentry_name+0x8f0/0x8f0 [ 271.263821] ? __lock_acquire+0x62f/0x4c20 [ 271.263826] ? zap_class+0x640/0x640 [ 271.263831] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 271.263835] lock_acquire+0x1ed/0x520 [ 271.263840] ? down_trylock+0x13/0x70 [ 271.263844] ? lock_release+0xa10/0xa10 [ 271.263848] ? trace_hardirqs_off+0xb8/0x310 [ 271.263853] ? vprintk_emit+0x1de/0x990 [ 271.263858] ? trace_hardirqs_on+0x310/0x310 [ 271.263862] ? trace_hardirqs_off+0xb8/0x310 [ 271.263867] ? log_store+0x344/0x4c0 [ 271.263871] ? vprintk_emit+0x372/0x990 [ 271.263876] _raw_spin_lock_irqsave+0x99/0xd0 [ 271.263880] ? down_trylock+0x13/0x70 [ 271.263884] down_trylock+0x13/0x70 [ 271.263889] __down_trylock_console_sem+0xae/0x1f0 [ 271.263893] console_trylock+0x15/0xa0 [ 271.263898] vprintk_emit+0x372/0x990 [ 271.263902] ? wake_up_klogd+0x180/0x180 [ 271.263907] ? zap_class+0x640/0x640 [ 271.263912] ? trace_hardirqs_off_caller+0x300/0x300 [ 271.263916] ? print_usage_bug+0xc0/0xc0 [ 271.263921] ? find_held_lock+0x36/0x1c0 [ 271.263925] vprintk_default+0x28/0x30 [ 271.263929] vprintk_func+0x7e/0x181 [ 271.263933] printk+0xa7/0xcf [ 271.263938] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 271.263943] __debug_object_init.cold.14+0x4a/0xdf [ 271.263948] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 271.263953] ? debug_object_free+0x690/0x690 [ 271.263958] ? unwind_get_return_address+0x61/0xa0 [ 271.263963] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 271.263968] ? depot_save_stack+0x292/0x470 [ 271.263972] ? save_stack+0xa9/0xd0 [ 271.263976] ? save_stack+0x43/0xd0 [ 271.263980] ? kasan_kmalloc+0xc7/0xe0 [ 271.263985] ? bpf_test_init.isra.10+0x98/0x100 [ 271.263990] ? zap_class+0x640/0x640 [ 271.263994] ? do_syscall_64+0x1b9/0x820 [ 271.263999] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.264004] ? find_held_lock+0x36/0x1c0 [ 271.264008] debug_object_init+0x16/0x20 [ 271.264013] init_timer_key+0xa9/0x480 [ 271.264018] ? init_timer_on_stack_key+0xe0/0xe0 [ 271.264022] ? __might_fault+0x12b/0x1e0 [ 271.264027] ? __lockdep_init_map+0x105/0x590 [ 271.264032] ? __lockdep_init_map+0x105/0x590 [ 271.264036] ? lockdep_init_map+0x9/0x10 [ 271.264041] sock_init_data+0xe1/0xdc0 [ 271.264045] ? sk_stop_timer+0x50/0x50 [ 271.264050] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.264055] ? _copy_from_user+0xdf/0x150 [ 271.264060] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.264065] ? bpf_test_init.isra.10+0x70/0x100 [ 271.264070] bpf_prog_test_run_skb+0x255/0xc40 [ 271.264075] ? __lock_acquire+0x62f/0x4c20 [ 271.264080] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 271.264084] ? __lock_acquire+0x62f/0x4c20 [ 271.264088] ? fput+0x130/0x1a0 [ 271.264093] ? __bpf_prog_get+0x9b/0x290 [ 271.264098] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 271.264102] bpf_prog_test_run+0x130/0x1a0 [ 271.264106] __x64_sys_bpf+0x3d8/0x510 [ 271.264111] ? bpf_prog_get+0x20/0x20 [ 271.264115] do_syscall_64+0x1b9/0x820 [ 271.264120] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 271.264125] ? syscall_return_slowpath+0x5e0/0x5e0 [ 271.264130] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.264135] ? trace_hardirqs_on_caller+0x310/0x310 [ 271.264141] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 271.264146] ? prepare_exit_to_usermode+0x291/0x3b0 [ 271.264151] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.264156] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.264160] RIP: 0033:0x457569 [ 271.264174] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 271.264179] RSP: 002b:00007f60175f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 271.264190] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 271.264197] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 271.264203] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 271.264210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60175f86d4 [ 271.264216] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 271.265093] Kernel Offset: disabled [ 272.163586] Rebooting in 86400 seconds..