[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.221422][ T26] audit: type=1800 audit(1568950383.758:25): pid=8534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.242321][ T26] audit: type=1800 audit(1568950383.788:26): pid=8534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.286314][ T26] audit: type=1800 audit(1568950383.788:27): pid=8534 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. syzkaller login: [ 69.659933][ T8687] IPVS: ftp: loaded support on port[0] = 21 [ 69.714608][ T8687] chnl_net:caif_netlink_parms(): no params data found [ 69.740327][ T8687] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.748521][ T8687] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.756353][ T8687] device bridge_slave_0 entered promiscuous mode [ 69.764454][ T8687] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.771675][ T8687] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.779317][ T8687] device bridge_slave_1 entered promiscuous mode [ 69.796392][ T8687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.807861][ T8687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.827065][ T8687] team0: Port device team_slave_0 added [ 69.834776][ T8687] team0: Port device team_slave_1 added [ 69.913384][ T8687] device hsr_slave_0 entered promiscuous mode [ 69.991679][ T8687] device hsr_slave_1 entered promiscuous mode [ 70.049065][ T8687] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.056496][ T8687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.064480][ T8687] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.071612][ T8687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.106714][ T8687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.118190][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.138571][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.146890][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.156080][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 70.167166][ T8687] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.178036][ T2878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.186696][ T2878] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.193891][ T2878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.212244][ T8689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.220758][ T8689] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.227909][ T8689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.236663][ T8689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.245311][ T8689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.257102][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.265003][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.276431][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.287343][ T8687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 70.307431][ T8687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.343542][ T8687] netlink: 80 bytes leftover after parsing attributes in process `syz-executor083'. [ 70.353379][ T8687] netlink: 48 bytes leftover after parsing attributes in process `syz-executor083'. [ 70.364424][ T8687] [ 70.366838][ T8687] ============================= [ 70.372069][ T8687] WARNING: suspicious RCU usage [ 70.376925][ T8687] 5.3.0+ #0 Not tainted [ 70.381061][ T8687] ----------------------------- [ 70.385950][ T8687] include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage! [ 70.394469][ T8687] [ 70.394469][ T8687] other info that might help us debug this: [ 70.394469][ T8687] [ 70.404747][ T8687] [ 70.404747][ T8687] rcu_scheduler_active = 2, debug_locks = 1 [ 70.412833][ T8687] 3 locks held by syz-executor083/8687: [ 70.418353][ T8687] #0: ffffffff88fab240 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 [ 70.427865][ T8687] #1: ffffffff88fab240 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x35b0 [ 70.437290][ T8687] #2: ffff8880873f4c80 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b0/0x35b0 [ 70.447315][ T8687] [ 70.447315][ T8687] stack backtrace: [ 70.453221][ T8687] CPU: 1 PID: 8687 Comm: syz-executor083 Not tainted 5.3.0+ #0 [ 70.461351][ T8687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.471396][ T8687] Call Trace: [ 70.474682][ T8687] dump_stack+0x172/0x1f0 [ 70.479105][ T8687] lockdep_rcu_suspicious+0x153/0x15d [ 70.484601][ T8687] netem_enqueue+0x1cfb/0x2d80 [ 70.489347][ T8687] ? lock_acquire+0x190/0x410 [ 70.494010][ T8687] ? __dev_queue_xmit+0x14b0/0x35b0 [ 70.499210][ T8687] __dev_queue_xmit+0x157e/0x35b0 [ 70.504222][ T8687] ? __kasan_check_read+0x11/0x20 [ 70.509235][ T8687] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 70.514502][ T8687] ? find_held_lock+0x10/0x130 [ 70.519257][ T8687] ? __ip_finish_output+0x5fc/0xb90 [ 70.524442][ T8687] ? lock_downgrade+0x920/0x920 [ 70.529286][ T8687] ? ip_finish_output2+0x13e2/0x2570 [ 70.534556][ T8687] ? __ip_finish_output+0x5fc/0xb90 [ 70.539740][ T8687] ? ip_finish_output2+0x13e2/0x2570 [ 70.545014][ T8687] dev_queue_xmit+0x18/0x20 [ 70.549499][ T8687] ? dev_queue_xmit+0x18/0x20 [ 70.554168][ T8687] ip_finish_output2+0x1726/0x2570 [ 70.559265][ T8687] ? nf_ct_deliver_cached_events+0x23d/0x6e0 [ 70.565239][ T8687] ? ip_frag_next+0x910/0x910 [ 70.569903][ T8687] ? ip_mc_output+0xb31/0xf40 [ 70.574653][ T8687] __ip_finish_output+0x5fc/0xb90 [ 70.579661][ T8687] ? __ip_finish_output+0x5fc/0xb90 [ 70.584850][ T8687] ? audit_add_watch+0x110/0xc50 [ 70.589873][ T8687] ip_finish_output+0x38/0x1f0 [ 70.594629][ T8687] ip_mc_output+0x292/0xf40 [ 70.599561][ T8687] ? __ip_queue_xmit+0x1bd0/0x1bd0 [ 70.604670][ T8687] ? __ip_finish_output+0xb90/0xb90 [ 70.609865][ T8687] ? ip_make_skb+0x1b1/0x2c0 [ 70.614436][ T8687] ? ip_reply_glue_bits+0xc0/0xc0 [ 70.619557][ T8687] ip_local_out+0xbb/0x190 [ 70.623957][ T8687] ip_send_skb+0x42/0xf0 [ 70.628187][ T8687] udp_send_skb.isra.0+0x6b2/0x1160 [ 70.633365][ T8687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.639593][ T8687] udp_sendmsg+0x1e96/0x2820 [ 70.644180][ T8687] ? ip_reply_glue_bits+0xc0/0xc0 [ 70.649191][ T8687] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 70.655078][ T8687] ? find_held_lock+0x35/0x130 [ 70.660261][ T8687] ? __might_fault+0x12b/0x1e0 [ 70.665042][ T8687] ? ___might_sleep+0x163/0x280 [ 70.669900][ T8687] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 70.675577][ T8687] ? aa_sk_perm+0x288/0x880 [ 70.680085][ T8687] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 70.685967][ T8687] inet_sendmsg+0x9e/0xe0 [ 70.690278][ T8687] ? inet_sendmsg+0x9e/0xe0 [ 70.694762][ T8687] ? inet_send_prepare+0x4f0/0x4f0 [ 70.700819][ T8687] sock_sendmsg+0xd7/0x130 [ 70.705428][ T8687] ___sys_sendmsg+0x3e2/0x920 [ 70.710117][ T8687] ? copy_msghdr_from_user+0x440/0x440 [ 70.715569][ T8687] ? __kasan_check_read+0x11/0x20 [ 70.720587][ T8687] ? __kasan_check_read+0x11/0x20 [ 70.725596][ T8687] ? __lock_acquire+0x1703/0x4e70 [ 70.730614][ T8687] ? mark_held_locks+0xf0/0xf0 [ 70.735363][ T8687] ? __might_fault+0x12b/0x1e0 [ 70.740111][ T8687] ? find_held_lock+0x35/0x130 [ 70.744872][ T8687] ? __might_fault+0x12b/0x1e0 [ 70.749623][ T8687] ? lock_downgrade+0x920/0x920 [ 70.754470][ T8687] ? ___might_sleep+0x163/0x280 [ 70.759406][ T8687] __sys_sendmmsg+0x1bf/0x4d0 [ 70.764162][ T8687] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 70.769175][ T8687] ? release_sock+0x156/0x1c0 [ 70.773856][ T8687] ? __sys_connect+0x12d/0x330 [ 70.778603][ T8687] ? __ia32_sys_accept+0xb0/0xb0 [ 70.783537][ T8687] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 70.788975][ T8687] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 70.795471][ T8687] ? do_syscall_64+0x26/0x760 [ 70.800132][ T8687] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.806180][ T8687] ? do_syscall_64+0x26/0x760 [ 70.810845][ T8687] __x64_sys_sendmmsg+0x9d/0x100 [ 70.815769][ T8687] do_syscall_64+0xfa/0x760 [ 70.820430][ T8687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.826303][ T8687] RIP: 0033:0x442339 [ 70.830182][ T8687] Code: 43 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.850835][ T8687] RSP: 002b:00007ffd8921cee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 70.859340][ T8687] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442339 [ 70.867312][ T8687] RDX: 04000000000001a8 RSI: 0000000020007fc0 RDI: 0000000000000005 [ 70.875645][ T8687] RBP: 00007ffd8921cf10 R08: 0000000000000003 R09: 0000000000000003 [ 70.883911][ T8687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.891880][ T8687] R13: 0000000000403870 R14: 0000000000000000 R15: 0000000000000000