[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.265848][ T27] audit: type=1800 audit(1579295256.492:25): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.285007][ T27] audit: type=1800 audit(1579295256.492:26): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.336129][ T27] audit: type=1800 audit(1579295256.502:27): pid=8596 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. 2020/01/17 21:07:47 parsed 1 programs 2020/01/17 21:07:48 executed programs: 0 syzkaller login: [ 68.664086][ T8764] IPVS: ftp: loaded support on port[0] = 21 [ 68.712971][ T8764] chnl_net:caif_netlink_parms(): no params data found [ 68.739516][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.747517][ T8764] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.755430][ T8764] device bridge_slave_0 entered promiscuous mode [ 68.763755][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.770929][ T8764] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.779219][ T8764] device bridge_slave_1 entered promiscuous mode [ 68.795125][ T8764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.805732][ T8764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.824657][ T8764] team0: Port device team_slave_0 added [ 68.831815][ T8764] team0: Port device team_slave_1 added [ 68.905317][ T8764] device hsr_slave_0 entered promiscuous mode [ 68.973069][ T8764] device hsr_slave_1 entered promiscuous mode [ 69.063735][ T8764] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.095632][ T8764] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.165110][ T8764] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.205002][ T8764] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.253163][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.260333][ T8764] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.268095][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.275247][ T8764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.311684][ T8764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.326091][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 69.337041][ T2787] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.345126][ T2787] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.353546][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 69.366587][ T8764] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.376463][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 69.385747][ T2677] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.392884][ T2677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.403317][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.411629][ T2787] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.418725][ T2787] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.435052][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.443891][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.456330][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.468533][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.480120][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.490297][ T8764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.505870][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.513888][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.527181][ T8764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.543045][ T2787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.561065][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.569649][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.577718][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.587696][ T8764] device veth0_vlan entered promiscuous mode [ 69.598257][ T8764] device veth1_vlan entered promiscuous mode [ 69.714498][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.723797][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.930590][ T8783] [ 69.933293][ T8783] ============================= [ 69.938437][ T8783] WARNING: suspicious RCU usage [ 69.943849][ T8783] 5.5.0-rc6-syzkaller #0 Not tainted [ 69.949174][ T8783] ----------------------------- [ 69.954657][ T8783] net/netfilter/ipset/ip_set_core.c:1001 suspicious rcu_dereference_protected() usage! [ 69.964458][ T8783] [ 69.964458][ T8783] other info that might help us debug this: [ 69.964458][ T8783] [ 69.975152][ T8783] [ 69.975152][ T8783] rcu_scheduler_active = 2, debug_locks = 1 [ 69.983644][ T8783] 1 lock held by syz-executor.0/8783: [ 69.989157][ T8783] #0: ffff8880a681c5d8 (nlk_cb_mutex-NETFILTER){+.+.}, at: netlink_dump+0x75/0x1170 [ 70.000383][ T8783] [ 70.000383][ T8783] stack backtrace: [ 70.006356][ T8783] CPU: 1 PID: 8783 Comm: syz-executor.0 Not tainted 5.5.0-rc6-syzkaller #0 [ 70.014936][ T8783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.025123][ T8783] Call Trace: [ 70.028463][ T8783] dump_stack+0x1fb/0x318 [ 70.032797][ T8783] lockdep_rcu_suspicious+0x156/0x1c0 [ 70.038224][ T8783] find_set_and_id+0x140/0x2f0 [ 70.042993][ T8783] ip_set_dump_start+0x7c5/0x1800 [ 70.048037][ T8783] ? trace_kmalloc_node+0xd3/0x130 [ 70.053136][ T8783] ? kmem_cache_alloc_node_trace+0x268/0x2d0 [ 70.059105][ T8783] ? __kmalloc_node_track_caller+0x3c/0x60 [ 70.065014][ T8783] ? __phys_addr+0x8e/0x120 [ 70.069560][ T8783] netlink_dump+0x4ed/0x1170 [ 70.074147][ T8783] netlink_recvmsg+0x659/0xfb0 [ 70.078906][ T8783] ? security_socket_recvmsg+0xa4/0xd0 [ 70.084357][ T8783] ? netlink_sendmsg+0xd50/0xd50 [ 70.089293][ T8783] __sys_recvfrom+0x328/0x4b0 [ 70.093974][ T8783] ? debug_smp_processor_id+0x1c/0x20 [ 70.099429][ T8783] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 70.105485][ T8783] ? prepare_exit_to_usermode+0x221/0x5b0 [ 70.112003][ T8783] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 70.117952][ T8783] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.123437][ T8783] __x64_sys_recvfrom+0xe5/0x100 [ 70.128479][ T8783] do_syscall_64+0xf7/0x1c0 [ 70.132976][ T8783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.138945][ T8783] RIP: 0033:0x45aff9 [ 70.142835][ T8783] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.162570][ T8783] RSP: 002b:00007fc45d1a6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 70.171010][ T8783] RAX: ffffffffffffffda RBX: 00007fc45d1a76d4 RCX: 000000000045aff9 [ 70.178972][ T8783] RDX: 36ff0824c68970de RSI: 0000000000000000 RDI: 0000000000000003 [ 70.186934][ T8783] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000226 [ 70.194899][ T8783] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 70.202864][ T8783] R13: 000000000000085c R14: 00000000004c9852 R15: 000000000075bf2c 2020/01/17 21:07:53 executed programs: 58 2020/01/17 21:07:58 executed programs: 139