[   91.735322][   T27] audit: type=1800 audit(1581063178.406:27): pid=9696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   91.771450][   T27] audit: type=1800 audit(1581063178.406:28): pid=9696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   92.641385][   T27] audit: type=1800 audit(1581063179.396:29): pid=9696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   92.661650][   T27] audit: type=1800 audit(1581063179.396:30): pid=9696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts.
2020/02/07 08:13:08 parsed 1 programs
2020/02/07 08:13:10 executed programs: 0
syzkaller login: [  103.879935][ T9865] IPVS: ftp: loaded support on port[0] = 21
[  103.939227][ T9865] chnl_net:caif_netlink_parms(): no params data found
[  103.974493][ T9865] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.982314][ T9865] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.990736][ T9865] device bridge_slave_0 entered promiscuous mode
[  103.999382][ T9865] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.008112][ T9865] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.016741][ T9865] device bridge_slave_1 entered promiscuous mode
[  104.035380][ T9865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.047259][ T9865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.067129][ T9865] team0: Port device team_slave_0 added
[  104.074449][ T9865] team0: Port device team_slave_1 added
[  104.090175][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.097239][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.125201][ T9865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.138008][ T9865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.145091][ T9865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.171174][ T9865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.277339][ T9865] device hsr_slave_0 entered promiscuous mode
[  104.355531][ T9865] device hsr_slave_1 entered promiscuous mode
[  104.480779][ T9865] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.538418][ T9865] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.597393][ T9865] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.637701][ T9865] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.698616][ T9865] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.706134][ T9865] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.713871][ T9865] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.721331][ T9865] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.764474][ T9865] 8021q: adding VLAN 0 to HW filter on device bond0
[  104.779039][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.789670][ T2855] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.797817][ T2855] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.808061][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  104.821593][ T9865] 8021q: adding VLAN 0 to HW filter on device team0
[  104.832556][ T2711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.841927][ T2711] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.849429][ T2711] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.865790][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.874211][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.881466][ T2855] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.897582][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  104.906633][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  104.919508][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  104.930867][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.940970][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.953736][ T9865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  104.966856][ T9865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  104.975059][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  104.985900][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.005510][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  105.013129][ T2710] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  105.025572][ T9865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.043316][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  105.053354][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.073877][ T9865] device veth0_vlan entered promiscuous mode
[  105.080949][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  105.090015][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  105.099152][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  105.107403][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  105.120225][ T9865] device veth1_vlan entered promiscuous mode
[  105.142534][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  105.151481][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  105.159956][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  105.169241][ T2865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  105.180484][ T9865] device veth0_macvtap entered promiscuous mode
[  105.190975][ T9865] device veth1_macvtap entered promiscuous mode
[  105.208706][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.217298][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  105.226479][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  105.234382][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  105.243522][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  105.255404][ T9865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.268341][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  105.276972][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/02/07 08:13:15 executed programs: 138
2020/02/07 08:13:20 executed programs: 356
2020/02/07 08:13:25 executed programs: 580
2020/02/07 08:13:30 executed programs: 802
2020/02/07 08:13:35 executed programs: 1027
2020/02/07 08:13:40 executed programs: 1246
2020/02/07 08:13:45 executed programs: 1469
2020/02/07 08:13:50 executed programs: 1691
2020/02/07 08:13:55 executed programs: 1917
[  149.155876][ T2710] BUG: sleeping function called from invalid context at net/core/sock.c:2935
[  149.164932][ T2710] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2710, name: kworker/0:7
[  149.174114][ T2710] 4 locks held by kworker/0:7/2710:
[  149.179450][ T2710]  #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: process_one_work+0x8dd/0x17a0
[  149.189341][ T2710]  #1: ffffc90008927dc0 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x917/0x17a0
[  149.200029][ T2710]  #2: ffffffff89bac700 (rcu_read_lock){....}, at: sock_hash_free+0x0/0x540
[  149.208960][ T2710]  #3: ffffc90002c5eaa0 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x131/0x540
[  149.218969][ T2710] Preemption disabled at:
[  149.219023][ T2710] [<ffffffff864aa541>] sock_hash_free+0x131/0x540
[  149.229976][ T2710] CPU: 0 PID: 2710 Comm: kworker/0:7 Not tainted 5.5.0-next-20200207-syzkaller #0
[  149.239187][ T2710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  149.249291][ T2710] Workqueue: events bpf_map_free_deferred
[  149.255010][ T2710] Call Trace:
[  149.258360][ T2710]  dump_stack+0x197/0x210
[  149.262699][ T2710]  ? sock_hash_free+0x131/0x540
[  149.267573][ T2710]  ___might_sleep.cold+0x1fb/0x23e
[  149.272692][ T2710]  __might_sleep+0x95/0x190
[  149.277315][ T2710]  lock_sock_nested+0x39/0x120
[  149.282177][ T2710]  sock_hash_free+0x29f/0x540
[  149.286867][ T2710]  bpf_map_free_deferred+0xb3/0x100
[  149.292279][ T2710]  ? bpf_map_charge_move+0x80/0x80
[  149.297450][ T2710]  process_one_work+0xa05/0x17a0
[  149.302388][ T2710]  ? mark_held_locks+0xf0/0xf0
[  149.307163][ T2710]  ? pwq_dec_nr_in_flight+0x320/0x320
[  149.312546][ T2710]  ? lock_acquire+0x190/0x410
[  149.317254][ T2710]  worker_thread+0x98/0xe40
[  149.321785][ T2710]  kthread+0x361/0x430
[  149.325870][ T2710]  ? process_one_work+0x17a0/0x17a0
[  149.331084][ T2710]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  149.336814][ T2710]  ret_from_fork+0x24/0x30
[  149.341362][ T2710] 
[  149.343708][ T2710] ======================================================
[  149.350811][ T2710] WARNING: possible circular locking dependency detected
[  149.357821][ T2710] 5.5.0-next-20200207-syzkaller #0 Tainted: G        W        
[  149.365353][ T2710] ------------------------------------------------------
[  149.372518][ T2710] kworker/0:7/2710 is trying to acquire lock:
[  149.378576][ T2710] ffff88808cb68f10 (sk_lock-AF_INET6){+.+.}, at: sock_hash_free+0x29f/0x540
[  149.387255][ T2710] 
[  149.387255][ T2710] but task is already holding lock:
[  149.394631][ T2710] ffffc90002c5eaa0 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x131/0x540
[  149.403833][ T2710] 
[  149.403833][ T2710] which lock already depends on the new lock.
[  149.403833][ T2710] 
[  149.414340][ T2710] 
[  149.414340][ T2710] the existing dependency chain (in reverse order) is:
[  149.423465][ T2710] 
[  149.423465][ T2710] -> #1 (&htab->buckets[i].lock){+...}:
[  149.431287][ T2710]        _raw_spin_lock_bh+0x33/0x50
[  149.436578][ T2710]        sock_hash_update_common+0x811/0x1030
[  149.442644][ T2710]        sock_hash_update_elem+0x242/0x2b0
[  149.448458][ T2710]        bpf_map_update_value.isra.0+0x2a6/0x8e0
[  149.454899][ T2710]        __do_sys_bpf+0x3084/0x4130
[  149.460317][ T2710]        __x64_sys_bpf+0x73/0xb0
[  149.465253][ T2710]        do_syscall_64+0xfa/0x790
[  149.470275][ T2710]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  149.476694][ T2710] 
[  149.476694][ T2710] -> #0 (sk_lock-AF_INET6){+.+.}:
[  149.483890][ T2710]        __lock_acquire+0x2596/0x4a00
[  149.489255][ T2710]        lock_acquire+0x190/0x410
[  149.494276][ T2710]        lock_sock_nested+0xcb/0x120
[  149.499570][ T2710]        sock_hash_free+0x29f/0x540
[  149.504767][ T2710]        bpf_map_free_deferred+0xb3/0x100
[  149.510645][ T2710]        process_one_work+0xa05/0x17a0
[  149.516119][ T2710]        worker_thread+0x98/0xe40
[  149.521140][ T2710]        kthread+0x361/0x430
[  149.525727][ T2710]        ret_from_fork+0x24/0x30
[  149.530651][ T2710] 
[  149.530651][ T2710] other info that might help us debug this:
[  149.530651][ T2710] 
[  149.541106][ T2710]  Possible unsafe locking scenario:
[  149.541106][ T2710] 
[  149.548648][ T2710]        CPU0                    CPU1
[  149.554148][ T2710]        ----                    ----
[  149.559505][ T2710]   lock(&htab->buckets[i].lock);
[  149.564511][ T2710]                                lock(sk_lock-AF_INET6);
[  149.571630][ T2710]                                lock(&htab->buckets[i].lock);
[  149.579272][ T2710]   lock(sk_lock-AF_INET6);
[  149.583874][ T2710] 
[  149.583874][ T2710]  *** DEADLOCK ***
[  149.583874][ T2710] 
[  149.592019][ T2710] 4 locks held by kworker/0:7/2710:
[  149.597223][ T2710]  #0: ffff8880aa426d28 ((wq_completion)events){+.+.}, at: process_one_work+0x8dd/0x17a0
[  149.607047][ T2710]  #1: ffffc90008927dc0 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x917/0x17a0
[  149.617658][ T2710]  #2: ffffffff89bac700 (rcu_read_lock){....}, at: sock_hash_free+0x0/0x540
[  149.626340][ T2710]  #3: ffffc90002c5eaa0 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x131/0x540
[  149.635981][ T2710] 
[  149.635981][ T2710] stack backtrace:
[  149.641876][ T2710] CPU: 0 PID: 2710 Comm: kworker/0:7 Tainted: G        W         5.5.0-next-20200207-syzkaller #0
[  149.652462][ T2710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  149.662528][ T2710] Workqueue: events bpf_map_free_deferred
[  149.668364][ T2710] Call Trace:
[  149.671662][ T2710]  dump_stack+0x197/0x210
[  149.675985][ T2710]  print_circular_bug.isra.0.cold+0x163/0x172
[  149.682173][ T2710]  check_noncircular+0x32e/0x3e0
[  149.687128][ T2710]  ? print_circular_bug.isra.0+0x230/0x230
[  149.692929][ T2710]  ? mark_held_locks+0xa4/0xf0
[  149.697721][ T2710]  ? alloc_list_entry+0xc0/0xc0
[  149.702587][ T2710]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  149.708822][ T2710]  ? find_first_zero_bit+0x9a/0xc0
[  149.714067][ T2710]  __lock_acquire+0x2596/0x4a00
[  149.718913][ T2710]  ? mark_held_locks+0xf0/0xf0
[  149.723793][ T2710]  lock_acquire+0x190/0x410
[  149.728395][ T2710]  ? sock_hash_free+0x29f/0x540
[  149.733250][ T2710]  lock_sock_nested+0xcb/0x120
[  149.738010][ T2710]  ? sock_hash_free+0x29f/0x540
[  149.742885][ T2710]  sock_hash_free+0x29f/0x540
[  149.747565][ T2710]  bpf_map_free_deferred+0xb3/0x100
[  149.752799][ T2710]  ? bpf_map_charge_move+0x80/0x80
[  149.757912][ T2710]  process_one_work+0xa05/0x17a0
[  149.762865][ T2710]  ? mark_held_locks+0xf0/0xf0
[  149.767628][ T2710]  ? pwq_dec_nr_in_flight+0x320/0x320
[  149.773108][ T2710]  ? lock_acquire+0x190/0x410
[  149.777786][ T2710]  worker_thread+0x98/0xe40
[  149.782291][ T2710]  kthread+0x361/0x430
[  149.786356][ T2710]  ? process_one_work+0x17a0/0x17a0
[  149.791543][ T2710]  ? kthread_mod_delayed_work+0x1f0/0x1f0
[  149.797364][ T2710]  ret_from_fork+0x24/0x30
2020/02/07 08:14:00 executed programs: 2174
2020/02/07 08:14:05 executed programs: 2474