[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 27.010510] kauditd_printk_skb: 7 callbacks suppressed [ 27.010523] audit: type=1800 audit(1540744095.869:29): pid=5457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.036593] audit: type=1800 audit(1540744095.869:30): pid=5457 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. 2018/10/28 16:28:45 fuzzer started 2018/10/28 16:28:47 dialing manager at 10.128.0.26:37113 syzkaller login: [ 59.110857] ld (5620) used greatest stack depth: 15296 bytes left 2018/10/28 16:28:48 syscalls: 1 2018/10/28 16:28:48 code coverage: enabled 2018/10/28 16:28:48 comparison tracing: enabled 2018/10/28 16:28:48 setuid sandbox: enabled 2018/10/28 16:28:48 namespace sandbox: enabled 2018/10/28 16:28:48 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/28 16:28:48 fault injection: enabled 2018/10/28 16:28:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/28 16:28:48 net packed injection: enabled 2018/10/28 16:28:48 net device setup: enabled 16:32:11 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000100)={0x0, 0x0, 0xffffffa5}) [ 262.999846] IPVS: ftp: loaded support on port[0] = 21 16:32:12 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_type(r3, &(0x7f0000000200)='threaded\x00', 0x175d900f) fsetxattr$security_selinux(r2, &(0x7f0000000240)='security.selinux\x00', &(0x7f0000000280)="73797374656d5f753a6f626a6563745f723a6175746f66735f6465766963655f743a733000b8cce0437a", 0xfe61, 0x0) dup3(r0, r2, 0x0) [ 263.291434] IPVS: ftp: loaded support on port[0] = 21 16:32:12 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffee9}}], 0x1, 0x0, &(0x7f0000003280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)="6e65742f6970365f6d725f636163686500d3f43df9e5cce51c9592ea641acf9847fa82bae338e744e20ca799e2ec0ab64e5563c1baba61f4f1d561f4be03f1312f0100010026da30e412a0bc22651095511dfca2551bc8005782d8ff3b27f764130482a9c7e8eca9ea7806c37c11f5251fc89b268f79555675c451dad9fa7891639fcd0d3db63f0cfb28b8972cbb255207dbfbfede398e140001993726752554f55b9298500824d3300d1623ca") preadv(r0, &(0x7f00000017c0), 0x199, 0x0) [ 263.669655] IPVS: ftp: loaded support on port[0] = 21 16:32:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x2}, 0x28c5a6d08ae9420c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000200), 0x4) sendto$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000180), 0x1c) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @multicast2, @rand_addr}, 0xc) setxattr(&(0x7f0000000240)='./file0\x00', &(0x7f0000000440)=@random={'trusted.', 'bdev{.posix_acl_accessvboxnet0wlan0\x00'}, &(0x7f0000000540)='self\x00', 0x5, 0x0) alarm(0x30000000000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000100)={{0xffffffffffffffff, 0x0, 0x7f, 0x2, 0x8a2}, 0xff, 0x5}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f00000004c0)={{0xffffffffffffffff, 0x2, 0x8f, 0x0, 0xb4a38a4}}) syz_open_pts(r1, 0x0) inotify_init1(0x0) msgget(0x3, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x6, 0x0) close(r1) [ 264.149151] IPVS: ftp: loaded support on port[0] = 21 [ 264.417921] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.448173] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.456119] device bridge_slave_0 entered promiscuous mode 16:32:13 executing program 4: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip6tnl2\x00', @ifru_addrs=@in={0x2, 0x4e20, @rand_addr}}) [ 264.618753] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.625688] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.639613] device bridge_slave_1 entered promiscuous mode [ 264.762305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 264.793885] IPVS: ftp: loaded support on port[0] = 21 [ 264.919274] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 16:32:14 executing program 5: timer_create(0x0, &(0x7f0000000180), &(0x7f00000001c0)) [ 265.311338] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.317746] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.349645] device bridge_slave_0 entered promiscuous mode [ 265.372176] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 265.387461] IPVS: ftp: loaded support on port[0] = 21 [ 265.497305] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.504905] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.512883] device bridge_slave_1 entered promiscuous mode [ 265.551434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 265.667084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 265.785008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 265.907009] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.914971] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.922546] device bridge_slave_0 entered promiscuous mode [ 265.985562] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.018650] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.026092] device bridge_slave_1 entered promiscuous mode [ 266.179595] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 266.205070] team0: Port device team_slave_0 added [ 266.217629] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 266.276807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 266.310940] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 266.338420] team0: Port device team_slave_1 added [ 266.352044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 266.405839] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.415017] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.433853] device bridge_slave_0 entered promiscuous mode [ 266.450688] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 266.468955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 266.528964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 266.542353] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 266.556956] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.568126] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.584201] device bridge_slave_1 entered promiscuous mode [ 266.637300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 266.679271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 266.792642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 266.813165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 266.840099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 266.861233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 266.884162] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 266.917702] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 266.926353] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 266.948959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.063559] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 267.155396] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 267.180833] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 267.199669] team0: Port device team_slave_0 added [ 267.217901] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.238402] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.245789] device bridge_slave_0 entered promiscuous mode [ 267.276867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 267.316403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 267.338140] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 267.345715] team0: Port device team_slave_1 added [ 267.369112] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 267.384596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 267.395000] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.409494] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.416939] device bridge_slave_1 entered promiscuous mode [ 267.436416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 267.462987] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 267.478641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 267.488812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 267.532227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 267.578662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 267.585851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 267.594078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 267.690356] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 267.697494] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 267.719234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 267.740904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 267.790094] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 267.797508] team0: Port device team_slave_0 added [ 267.828805] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 267.860988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 267.875620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.944677] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 267.968982] team0: Port device team_slave_1 added [ 268.067167] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.094794] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.105408] device bridge_slave_0 entered promiscuous mode [ 268.123105] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 268.136052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 268.151676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 268.169706] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 268.205282] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 268.226488] team0: Port device team_slave_0 added [ 268.262666] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.279317] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.297394] device bridge_slave_1 entered promiscuous mode [ 268.307476] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 268.325501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 268.343515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 268.360931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 268.372067] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.378583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.385493] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.391934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.400256] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 268.412183] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 268.423191] team0: Port device team_slave_1 added [ 268.432497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 268.457337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 268.485592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 268.509370] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 268.538160] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 268.563603] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 268.579230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 268.598817] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 268.609087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 268.631494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 268.648546] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 268.655842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 268.676061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 268.693891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 268.719037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 268.758712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 268.788339] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 268.795488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 268.807369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 268.928818] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 268.936030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 268.949234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 269.018227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 269.062915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 269.089189] team0: Port device team_slave_0 added [ 269.123227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 269.246122] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 269.283094] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 269.298746] team0: Port device team_slave_1 added [ 269.358355] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 269.365224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 269.418880] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 269.425730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 269.439286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 269.473601] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.480048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.486707] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.493164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.529423] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 269.539285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 269.565368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 269.591432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 269.618447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 269.628562] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 269.722819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 269.739405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 269.755747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 269.854948] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 269.869633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 269.888778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 270.016309] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 270.028849] team0: Port device team_slave_0 added [ 270.033961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 270.161434] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.167826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.174534] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.180947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.189226] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 270.200109] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 270.207495] team0: Port device team_slave_1 added [ 270.378928] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 270.385819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 270.399320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 270.568616] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 270.575837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 270.589653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 270.610586] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.616957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.623680] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.630093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.643430] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 270.660375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 270.668232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 270.676234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 270.787329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 270.808451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 270.819998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 271.038681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 271.058965] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 271.350383] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.356790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.363521] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.369931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.389150] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 272.096969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 272.237307] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.243750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 272.250490] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.256857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.282957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 273.128250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.282187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.731427] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 275.162436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.250084] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 275.258460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.269308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.527377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.691182] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.810248] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 275.823356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.095571] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 276.313771] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.348950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.356047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 276.387036] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 276.591479] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.608862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.615043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.638552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 276.698425] 8021q: adding VLAN 0 to HW filter on device team0 [ 276.895088] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.904300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.920115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 277.121354] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 277.193255] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.295207] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.349397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.596150] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 277.613495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 277.634787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 277.829194] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 278.060689] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.438967] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 278.458414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 278.476538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:32:27 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000040000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x0, 0x10, 0x29, &(0x7f0000000000)="3706623eefa5ceefc40954cc5667b9f6", &(0x7f0000000140)=""/41, 0x527d}, 0x28) [ 278.868880] ODEBUG: object 00000000465dda80 is on stack 00000000e9221f7c, but NOT annotated. [ 278.880195] WARNING: CPU: 0 PID: 7020 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 278.889568] Kernel panic - not syncing: panic_on_warn set ... [ 278.895467] CPU: 0 PID: 7020 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 278.903876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.913230] Call Trace: [ 278.915835] dump_stack+0x244/0x39d [ 278.916699] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.919472] ? dump_stack_print_info.cold.1+0x20/0x20 [ 278.919494] panic+0x2ad/0x55c [ 278.919513] ? add_taint.cold.5+0x16/0x16 [ 278.937903] ? __warn.cold.8+0x5/0x45 [ 278.941722] ? __debug_object_init.cold.14+0x51/0xdf [ 278.946834] __warn.cold.8+0x20/0x45 [ 278.950563] ? __debug_object_init.cold.14+0x51/0xdf [ 278.955674] report_bug+0x254/0x2d0 [ 278.959319] do_error_trap+0x11b/0x200 [ 278.963216] do_invalid_op+0x36/0x40 [ 278.966947] ? __debug_object_init.cold.14+0x51/0xdf [ 278.972067] invalid_op+0x14/0x20 [ 278.975528] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 278.981258] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66 [ 278.989673] ------------[ cut here ]------------ [ 279.000171] RSP: 0018:ffff88018882f308 EFLAGS: 00010086 [ 279.004920] downgrading a read lock [ 279.005019] WARNING: CPU: 1 PID: 7023 at kernel/locking/lockdep.c:3556 lock_downgrade+0x4d7/0x900 [ 279.010280] RAX: 0000000000000050 RBX: ffff88018882faf8 RCX: ffffc90001e5a000 [ 279.013890] Modules linked in: [ 279.022901] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005 [ 279.030164] CPU: 1 PID: 7023 Comm: ip Not tainted 4.19.0-rc8-next-20181019+ #98 [ 279.033341] RBP: ffff88018882f560 R08: ffff8801c14e7780 R09: ffffed003b5c5008 [ 279.040606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.048041] R10: ffffed003b5c5008 R11: ffff8801dae28047 R12: ffff8801be9ea0c0 [ 279.055317] RIP: 0010:lock_downgrade+0x4d7/0x900 [ 279.064652] R13: 000000000008b200 R14: ffff8801be9ea0c0 R15: ffff8801c14e7770 [ 279.071918] Code: 00 00 fc ff df 41 c6 44 05 00 f8 e9 1b ff ff ff 48 c7 c7 a0 5a 0b 88 4c 89 9d 58 ff ff ff 48 89 85 60 ff ff ff e8 39 76 e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 4d d8 4c 89 e9 48 ba 00 00 00 00 [ 279.076671] ? vprintk_func+0x85/0x181 [ 279.083923] RSP: 0018:ffff8801c5cb7b70 EFLAGS: 00010086 [ 279.102826] ? __debug_object_init.cold.14+0x4a/0xdf [ 279.106969] RAX: 0000000000000000 RBX: 1ffff10038b96f74 RCX: 0000000000000000 [ 279.112420] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 279.117505] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000006 [ 279.124793] ? debug_object_free+0x690/0x690 [ 279.129360] RBP: ffff8801c5cb7c28 R08: ffff880188f14500 R09: fffffbfff12720d4 [ 279.136629] ? unwind_get_return_address+0x61/0xa0 [ 279.141020] R10: fffffbfff12720d4 R11: ffffffff893906a3 R12: ffffffff8aebc520 [ 279.148292] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 279.153207] R13: ffff8801c5cb7bc0 R14: 0000000000000001 R15: ffff880188f14500 [ 279.160480] ? depot_save_stack+0x292/0x470 [ 279.165566] FS: 00007f6cfe484700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 279.172832] ? save_stack+0xa9/0xd0 [ 279.177134] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 279.185358] ? save_stack+0x43/0xd0 [ 279.188989] CR2: 00007f6cfdc12770 CR3: 00000001c6173000 CR4: 00000000001406e0 [ 279.194862] ? kasan_kmalloc+0xc7/0xe0 [ 279.198470] Call Trace: [ 279.205743] ? bpf_test_init.isra.10+0x98/0x100 [ 279.209619] ? __do_munmap+0xcd3/0xf80 [ 279.212191] ? zap_class+0x640/0x640 [ 279.216847] ? lock_set_class+0x770/0x770 [ 279.220727] ? do_syscall_64+0x1b9/0x820 [ 279.224429] ? perf_trace_sched_process_exec+0x860/0x860 [ 279.228567] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.232614] downgrade_write+0x76/0x270 [ 279.238051] ? find_held_lock+0x36/0x1c0 [ 279.243400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 279.247358] debug_object_init+0x16/0x20 [ 279.251403] ? up_read+0x2c0/0x2c0 [ 279.256925] init_timer_key+0xa9/0x480 [ 279.260975] ? vma_compute_subtree_gap+0x160/0x240 [ 279.264502] ? init_timer_on_stack_key+0xe0/0xe0 [ 279.268373] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 279.273291] ? __might_fault+0x12b/0x1e0 [ 279.278044] __do_munmap+0xcd3/0xf80 [ 279.283050] ? __lockdep_init_map+0x105/0x590 [ 279.287094] __vm_munmap+0x138/0x1f0 [ 279.290795] ? __lockdep_init_map+0x105/0x590 [ 279.295272] ? __do_munmap+0xf80/0xf80 [ 279.298979] ? lockdep_init_map+0x9/0x10 [ 279.303461] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.307336] sock_init_data+0xe1/0xdc0 [ 279.311384] ? trace_hardirqs_off_caller+0x300/0x300 [ 279.316731] ? sk_stop_timer+0x50/0x50 [ 279.320613] __x64_sys_munmap+0x65/0x80 [ 279.325704] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 279.329574] do_syscall_64+0x1b9/0x820 [ 279.333536] ? _copy_from_user+0xdf/0x150 [ 279.339055] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 279.342930] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 279.347072] ? syscall_return_slowpath+0x5e0/0x5e0 [ 279.352422] ? bpf_test_init.isra.10+0x70/0x100 [ 279.357949] ? trace_hardirqs_on_caller+0x310/0x310 [ 279.362865] bpf_prog_test_run_skb+0x255/0xc40 [ 279.367518] ? prepare_exit_to_usermode+0x291/0x3b0 [ 279.372518] ? __lock_acquire+0x62f/0x4c20 [ 279.377098] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.382101] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 279.386326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.391159] ? __lock_acquire+0x62f/0x4c20 [ 279.395983] RIP: 0033:0x7f6cfe283417 [ 279.401252] ? fput+0x130/0x1a0 [ 279.405383] Code: f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89 [ 279.409082] ? __bpf_prog_get+0x9b/0x290 [ 279.412346] RSP: 002b:00007ffeebd93b28 EFLAGS: 00000203 ORIG_RAX: 000000000000000b [ 279.431269] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 279.435314] RAX: ffffffffffffffda RBX: 00007f6cfe48e1c8 RCX: 00007f6cfe283417 [ 279.443014] bpf_prog_test_run+0x130/0x1a0 [ 279.447841] RDX: 0000000012121f00 RSI: 00000000000033ef RDI: 00007f6cfe486000 [ 279.455108] __x64_sys_bpf+0x3d8/0x510 [ 279.459324] RBP: 00007ffeebd93c90 R08: 0000000000000001 R09: 0000000000000007 [ 279.466589] ? bpf_prog_get+0x20/0x20 [ 279.470463] R10: 00007f6cfe27da0b R11: 0000000000000203 R12: 00000000ac7b4a1a [ 279.477735] do_syscall_64+0x1b9/0x820 [ 279.481514] R13: 00000097ac7b4a1a R14: 000000979a6b4d5f R15: 00007f6cfe484700 [ 279.488778] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 279.492645] irq event stamp: 3452 [ 279.499914] ? syscall_return_slowpath+0x5e0/0x5e0 [ 279.505279] hardirqs last enabled at (3451): [] trace_hardirqs_on_thunk+0x1a/0x1c [ 279.508719] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.513646] hardirqs last disabled at (3452): [] __schedule+0x21e/0x21d0 [ 279.522905] ? trace_hardirqs_on_caller+0x310/0x310 [ 279.527747] softirqs last enabled at (3450): [] __do_softirq+0x7df/0xb7e [ 279.536126] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 279.541130] softirqs last disabled at (3443): [] irq_exit+0x17f/0x1c0 [ 279.549606] ? prepare_exit_to_usermode+0x291/0x3b0 [ 279.554596] ---[ end trace 02c6f837cfef0458 ]--- [ 279.562733] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.577329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.582528] RIP: 0033:0x457569 [ 279.585729] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 279.604631] RSP: 002b:00007f78759e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 279.612344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 279.619621] RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a [ 279.626895] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.634175] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78759e26d4 [ 279.641451] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 279.648738] [ 279.648744] ====================================================== [ 279.648750] WARNING: possible circular locking dependency detected [ 279.648755] 4.19.0-rc8-next-20181019+ #98 Not tainted [ 279.648761] ------------------------------------------------------ [ 279.648767] syz-executor0/7020 is trying to acquire lock: [ 279.648770] 00000000e4f1981c ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 279.648786] [ 279.648791] but task is already holding lock: [ 279.648794] 000000005d772b19 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 279.648810] [ 279.648816] which lock already depends on the new lock. [ 279.648819] [ 279.648822] [ 279.648827] the existing dependency chain (in reverse order) is: [ 279.648830] [ 279.648833] -> #3 (&obj_hash[i].lock){-.-.}: [ 279.648849] _raw_spin_lock_irqsave+0x99/0xd0 [ 279.648854] __debug_object_init+0x127/0x1290 [ 279.648859] debug_object_init+0x16/0x20 [ 279.648863] hrtimer_init+0x97/0x490 [ 279.648868] init_dl_task_timer+0x1b/0x50 [ 279.648873] __sched_fork+0x2ae/0x590 [ 279.648878] init_idle+0x75/0x740 [ 279.648882] sched_init+0xb33/0xc02 [ 279.648887] start_kernel+0x4be/0xa2b [ 279.648892] x86_64_start_reservations+0x2e/0x30 [ 279.648897] x86_64_start_kernel+0x76/0x79 [ 279.648902] secondary_startup_64+0xa4/0xb0 [ 279.648905] [ 279.648908] -> #2 (&rq->lock){-.-.}: [ 279.648924] _raw_spin_lock+0x2d/0x40 [ 279.648928] task_fork_fair+0xb0/0x6d0 [ 279.648932] sched_fork+0x443/0xba0 [ 279.648937] copy_process+0x2585/0x8770 [ 279.648941] _do_fork+0x1cb/0x11c0 [ 279.648946] kernel_thread+0x34/0x40 [ 279.648950] rest_init+0x28/0x372 [ 279.648955] arch_call_rest_init+0xe/0x1b [ 279.648960] start_kernel+0x9f0/0xa2b [ 279.648966] x86_64_start_reservations+0x2e/0x30 [ 279.648971] x86_64_start_kernel+0x76/0x79 [ 279.648976] secondary_startup_64+0xa4/0xb0 [ 279.648978] [ 279.648981] -> #1 (&p->pi_lock){-.-.}: [ 279.648997] _raw_spin_lock_irqsave+0x99/0xd0 [ 279.649002] try_to_wake_up+0xd2/0x12e0 [ 279.649007] wake_up_process+0x10/0x20 [ 279.649011] __up.isra.1+0x1c0/0x2a0 [ 279.649015] up+0x13c/0x1c0 [ 279.649020] __up_console_sem+0xbe/0x1b0 [ 279.649025] console_unlock+0x80c/0x1190 [ 279.649030] vprintk_emit+0x391/0x990 [ 279.649034] vprintk_default+0x28/0x30 [ 279.649039] vprintk_func+0x7e/0x181 [ 279.649043] printk+0xa7/0xcf [ 279.649047] do_exit.cold.18+0x57/0x16f [ 279.649052] do_group_exit+0x177/0x440 [ 279.649057] __x64_sys_exit_group+0x3e/0x50 [ 279.649062] do_syscall_64+0x1b9/0x820 [ 279.649067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.649070] [ 279.649073] -> #0 ((console_sem).lock){-.-.}: [ 279.649089] lock_acquire+0x1ed/0x520 [ 279.649093] _raw_spin_lock_irqsave+0x99/0xd0 [ 279.649098] down_trylock+0x13/0x70 [ 279.649103] __down_trylock_console_sem+0xae/0x1f0 [ 279.649108] console_trylock+0x15/0xa0 [ 279.649112] vprintk_emit+0x372/0x990 [ 279.649117] vprintk_default+0x28/0x30 [ 279.649122] vprintk_func+0x7e/0x181 [ 279.649126] printk+0xa7/0xcf [ 279.649131] __debug_object_init.cold.14+0x4a/0xdf [ 279.649136] debug_object_init+0x16/0x20 [ 279.649141] init_timer_key+0xa9/0x480 [ 279.649145] sock_init_data+0xe1/0xdc0 [ 279.649151] bpf_prog_test_run_skb+0x255/0xc40 [ 279.649155] bpf_prog_test_run+0x130/0x1a0 [ 279.649160] __x64_sys_bpf+0x3d8/0x510 [ 279.649165] do_syscall_64+0x1b9/0x820 [ 279.649170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.649173] [ 279.649178] other info that might help us debug this: [ 279.649181] [ 279.649184] Chain exists of: [ 279.649187] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 279.649207] [ 279.649226] Possible unsafe locking scenario: [ 279.649229] [ 279.649234] CPU0 CPU1 [ 279.649239] ---- ---- [ 279.649249] lock(&obj_hash[i].lock); [ 279.649260] lock(&rq->lock); [ 279.649271] lock(&obj_hash[i].lock); [ 279.649279] lock((console_sem).lock); [ 279.649288] [ 279.649292] *** DEADLOCK *** [ 279.649295] [ 279.649300] 1 lock held by syz-executor0/7020: [ 279.649302] #0: 000000005d772b19 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 279.649322] [ 279.649325] stack backtrace: [ 279.649333] CPU: 0 PID: 7020 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 279.649341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.649345] Call Trace: [ 279.649350] dump_stack+0x244/0x39d [ 279.649355] ? dump_stack_print_info.cold.1+0x20/0x20 [ 279.649359] ? vprintk_func+0x85/0x181 [ 279.649365] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 279.649370] ? save_trace+0xe0/0x290 [ 279.649375] __lock_acquire+0x3399/0x4c20 [ 279.649379] ? mark_held_locks+0x130/0x130 [ 279.649384] ? put_dec+0xf0/0xf0 [ 279.649389] ? mark_held_locks+0x130/0x130 [ 279.649393] ? zap_class+0x640/0x640 [ 279.649397] ? pointer_string+0x14e/0x1b0 [ 279.649402] ? number+0xca0/0xca0 [ 279.649406] ? print_usage_bug+0xc0/0xc0 [ 279.649410] ? ptr_to_id+0xd0/0x1d0 [ 279.649415] ? dentry_name+0x8f0/0x8f0 [ 279.649419] ? __lock_acquire+0x62f/0x4c20 [ 279.649424] ? zap_class+0x640/0x640 [ 279.649429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 279.649433] lock_acquire+0x1ed/0x520 [ 279.649438] ? down_trylock+0x13/0x70 [ 279.649442] ? lock_release+0xa10/0xa10 [ 279.649447] ? trace_hardirqs_off+0xb8/0x310 [ 279.649451] ? vprintk_emit+0x1de/0x990 [ 279.649456] ? trace_hardirqs_on+0x310/0x310 [ 279.649461] ? trace_hardirqs_off+0xb8/0x310 [ 279.649465] ? log_store+0x344/0x4c0 [ 279.649470] ? vprintk_emit+0x372/0x990 [ 279.649475] _raw_spin_lock_irqsave+0x99/0xd0 [ 279.649479] ? down_trylock+0x13/0x70 [ 279.649484] down_trylock+0x13/0x70 [ 279.649489] __down_trylock_console_sem+0xae/0x1f0 [ 279.649493] console_trylock+0x15/0xa0 [ 279.649498] vprintk_emit+0x372/0x990 [ 279.649502] ? wake_up_klogd+0x180/0x180 [ 279.649507] ? zap_class+0x640/0x640 [ 279.649512] ? trace_hardirqs_off_caller+0x300/0x300 [ 279.649517] ? print_usage_bug+0xc0/0xc0 [ 279.649522] ? find_held_lock+0x36/0x1c0 [ 279.649527] vprintk_default+0x28/0x30 [ 279.649531] vprintk_func+0x7e/0x181 [ 279.649535] printk+0xa7/0xcf [ 279.649540] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 279.649546] __debug_object_init.cold.14+0x4a/0xdf [ 279.649551] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 279.649556] ? debug_object_free+0x690/0x690 [ 279.649561] ? unwind_get_return_address+0x61/0xa0 [ 279.649566] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 279.649571] ? depot_save_stack+0x292/0x470 [ 279.649576] ? save_stack+0xa9/0xd0 [ 279.649581] ? save_stack+0x43/0xd0 [ 279.649585] ? kasan_kmalloc+0xc7/0xe0 [ 279.649590] ? bpf_test_init.isra.10+0x98/0x100 [ 279.649595] ? zap_class+0x640/0x640 [ 279.649599] ? do_syscall_64+0x1b9/0x820 [ 279.649605] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.649610] ? find_held_lock+0x36/0x1c0 [ 279.649615] debug_object_init+0x16/0x20 [ 279.649619] init_timer_key+0xa9/0x480 [ 279.649624] ? init_timer_on_stack_key+0xe0/0xe0 [ 279.649629] ? __might_fault+0x12b/0x1e0 [ 279.649634] ? __lockdep_init_map+0x105/0x590 [ 279.649639] ? __lockdep_init_map+0x105/0x590 [ 279.649643] ? lockdep_init_map+0x9/0x10 [ 279.649648] sock_init_data+0xe1/0xdc0 [ 279.649652] ? sk_stop_timer+0x50/0x50 [ 279.649657] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 279.649662] ? _copy_from_user+0xdf/0x150 [ 279.649668] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 279.649673] ? bpf_test_init.isra.10+0x70/0x100 [ 279.649678] bpf_prog_test_run_skb+0x255/0xc40 [ 279.649683] ? __lock_acquire+0x62f/0x4c20 [ 279.649688] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 279.649693] ? __lock_acquire+0x62f/0x4c20 [ 279.649697] ? fput+0x130/0x1a0 [ 279.649702] ? __bpf_prog_get+0x9b/0x290 [ 279.649707] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 279.649712] bpf_prog_test_run+0x130/0x1a0 [ 279.649716] __x64_sys_bpf+0x3d8/0x510 [ 279.649721] ? bpf_prog_get+0x20/0x20 [ 279.649725] do_syscall_64+0x1b9/0x820 [ 279.649730] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 279.649735] ? syscall_return_slowpath+0x5e0/0x5e0 [ 279.649740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.649745] ? trace_hardirqs_on_caller+0x310/0x310 [ 279.649751] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 279.649756] ? prepare_exit_to_usermode+0x291/0x3b0 [ 279.649761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.649766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.649770] RIP: 0033:0x457569 [ 279.649786] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 279.649791] RSP: 002b:00007f78759e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 279.649803] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 279.649809] RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a [ 279.649816] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.649823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78759e26d4 [ 279.649830] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 279.650619] Kernel Offset: disabled [ 280.548530] Rebooting in 86400 seconds..