Warning: Permanently added '10.128.1.38' (ECDSA) to the list of known hosts. 2020/02/16 12:47:54 parsed 1 programs 2020/02/16 12:47:56 executed programs: 0 syzkaller login: [ 78.494671][ T9702] IPVS: ftp: loaded support on port[0] = 21 [ 78.550740][ T9702] chnl_net:caif_netlink_parms(): no params data found [ 78.590682][ T9702] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.598335][ T9702] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.606615][ T9702] device bridge_slave_0 entered promiscuous mode [ 78.614834][ T9702] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.622223][ T9702] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.629900][ T9702] device bridge_slave_1 entered promiscuous mode [ 78.646634][ T9702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.657704][ T9702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.676755][ T9702] team0: Port device team_slave_0 added [ 78.684110][ T9702] team0: Port device team_slave_1 added [ 78.699240][ T9702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.706337][ T9702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.732420][ T9702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.744792][ T9702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.751850][ T9702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.777834][ T9702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.834118][ T9702] device hsr_slave_0 entered promiscuous mode [ 78.861579][ T9702] device hsr_slave_1 entered promiscuous mode [ 78.983147][ T9702] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.034482][ T9702] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.083419][ T9702] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.153852][ T9702] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.206649][ T9702] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.213823][ T9702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.221573][ T9702] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.228639][ T9702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.270875][ T9702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.283843][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.295067][ T2691] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.303539][ T2691] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.311738][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.324028][ T9702] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.336043][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.344798][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.351905][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.374104][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.383002][ T2691] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.390060][ T2691] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.399070][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.407589][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.416333][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.432045][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.440205][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.449751][ T9702] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.470415][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.478989][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.491851][ T9702] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.510859][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.531932][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.540086][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.548478][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.557116][ T9702] device veth0_vlan entered promiscuous mode [ 79.570763][ T9702] device veth1_vlan entered promiscuous mode [ 79.593282][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.603508][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.614087][ T9702] device veth0_macvtap entered promiscuous mode [ 79.624997][ T9702] device veth1_macvtap entered promiscuous mode [ 79.640335][ T9702] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.653079][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 79.662328][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 79.670169][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 79.678912][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 79.690728][ T9702] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.698434][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 79.707868][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/02/16 12:48:01 executed programs: 130 [ 87.302470][T10766] [ 87.304909][T10766] ====================================================== [ 87.311917][T10766] WARNING: possible circular locking dependency detected [ 87.318926][T10766] 5.6.0-rc1-syzkaller #0 Not tainted [ 87.324181][T10766] ------------------------------------------------------ [ 87.331177][T10766] syz-executor.0/10766 is trying to acquire lock: [ 87.337565][T10766] ffffe8ffffd88f58 (&l->lock){....}, at: bpf_lru_push_free+0xe5/0x5b0 [ 87.345829][T10766] [ 87.345829][T10766] but task is already holding lock: [ 87.353223][T10766] ffff8880967928a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x617/0x1540 [ 87.364230][T10766] [ 87.364230][T10766] which lock already depends on the new lock. [ 87.364230][T10766] [ 87.374608][T10766] [ 87.374608][T10766] the existing dependency chain (in reverse order) is: [ 87.383608][T10766] [ 87.383608][T10766] -> #1 (&htab->buckets[i].lock){....}: [ 87.391371][T10766] _raw_spin_lock_irqsave+0x95/0xcd [ 87.397105][T10766] htab_lru_map_delete_node+0xce/0x2f0 [ 87.403059][T10766] __bpf_lru_list_shrink+0xf9/0x470 [ 87.408751][T10766] bpf_lru_pop_free+0xa9f/0x1670 [ 87.414356][T10766] prealloc_lru_pop+0x2c/0xa0 [ 87.419526][T10766] __htab_lru_percpu_map_update_elem+0x67e/0xa90 [ 87.426434][T10766] bpf_percpu_hash_update+0x16e/0x210 [ 87.432367][T10766] bpf_map_update_value.isra.0+0x2d7/0x8e0 [ 87.438862][T10766] generic_map_update_batch+0x41f/0x610 [ 87.444933][T10766] bpf_map_do_batch+0x3f5/0x510 [ 87.450313][T10766] __do_sys_bpf+0x9b7/0x41e0 [ 87.455416][T10766] __x64_sys_bpf+0x73/0xb0 [ 87.460345][T10766] do_syscall_64+0xfa/0x790 [ 87.465349][T10766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.471739][T10766] [ 87.471739][T10766] -> #0 (&l->lock){....}: [ 87.478234][T10766] __lock_acquire+0x2596/0x4a00 [ 87.483592][T10766] lock_acquire+0x190/0x410 [ 87.488606][T10766] _raw_spin_lock_irqsave+0x95/0xcd [ 87.494317][T10766] bpf_lru_push_free+0xe5/0x5b0 [ 87.499676][T10766] __htab_map_lookup_and_delete_batch+0x8d4/0x1540 [ 87.507271][T10766] htab_lru_percpu_map_lookup_and_delete_batch+0x37/0x40 [ 87.514803][T10766] bpf_map_do_batch+0x3f5/0x510 [ 87.520167][T10766] __do_sys_bpf+0x1f7d/0x41e0 [ 87.525353][T10766] __x64_sys_bpf+0x73/0xb0 [ 87.530283][T10766] do_syscall_64+0xfa/0x790 [ 87.535300][T10766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.541691][T10766] [ 87.541691][T10766] other info that might help us debug this: [ 87.541691][T10766] [ 87.551953][T10766] Possible unsafe locking scenario: [ 87.551953][T10766] [ 87.559394][T10766] CPU0 CPU1 [ 87.564741][T10766] ---- ---- [ 87.570083][T10766] lock(&htab->buckets[i].lock); [ 87.575081][T10766] lock(&l->lock); [ 87.581381][T10766] lock(&htab->buckets[i].lock); [ 87.588934][T10766] lock(&l->lock); [ 87.592713][T10766] [ 87.592713][T10766] *** DEADLOCK *** [ 87.592713][T10766] [ 87.600832][T10766] 2 locks held by syz-executor.0/10766: [ 87.606381][T10766] #0: ffffffff89bac240 (rcu_read_lock){....}, at: __htab_map_lookup_and_delete_batch+0x54b/0x1540 [ 87.617044][T10766] #1: ffff8880967928a0 (&htab->buckets[i].lock){....}, at: __htab_map_lookup_and_delete_batch+0x617/0x1540 [ 87.628492][T10766] [ 87.628492][T10766] stack backtrace: [ 87.634375][T10766] CPU: 0 PID: 10766 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 87.643018][T10766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 87.653049][T10766] Call Trace: [ 87.656320][T10766] dump_stack+0x197/0x210 [ 87.660628][T10766] print_circular_bug.isra.0.cold+0x163/0x172 [ 87.666667][T10766] check_noncircular+0x32e/0x3e0 [ 87.671579][T10766] ? __htab_map_lookup_and_delete_batch+0x511/0x1540 [ 87.678498][T10766] ? print_circular_bug.isra.0+0x230/0x230 [ 87.684278][T10766] ? alloc_list_entry+0xc0/0xc0 [ 87.689115][T10766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.695328][T10766] ? find_first_zero_bit+0x9a/0xc0 [ 87.700413][T10766] __lock_acquire+0x2596/0x4a00 [ 87.705259][T10766] ? mark_held_locks+0xf0/0xf0 [ 87.710003][T10766] ? pv_hash+0xf0/0xf0 [ 87.714069][T10766] lock_acquire+0x190/0x410 [ 87.718561][T10766] ? bpf_lru_push_free+0xe5/0x5b0 [ 87.723578][T10766] _raw_spin_lock_irqsave+0x95/0xcd [ 87.728762][T10766] ? bpf_lru_push_free+0xe5/0x5b0 [ 87.733778][T10766] bpf_lru_push_free+0xe5/0x5b0 [ 87.738726][T10766] __htab_map_lookup_and_delete_batch+0x8d4/0x1540 [ 87.745221][T10766] ? htab_percpu_map_seq_show_elem+0x490/0x490 [ 87.751392][T10766] ? htab_percpu_map_lookup_batch+0x40/0x40 [ 87.757318][T10766] htab_lru_percpu_map_lookup_and_delete_batch+0x37/0x40 [ 87.764471][T10766] bpf_map_do_batch+0x3f5/0x510 [ 87.769349][T10766] __do_sys_bpf+0x1f7d/0x41e0 [ 87.774018][T10766] ? bpf_prog_load+0x1820/0x1820 [ 87.778939][T10766] ? __kasan_check_read+0x11/0x20 [ 87.784009][T10766] ? _copy_to_user+0x118/0x160 [ 87.788765][T10766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 87.795031][T10766] ? put_timespec64+0xda/0x140 [ 87.799805][T10766] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 87.805248][T10766] ? do_syscall_64+0x26/0x790 [ 87.809913][T10766] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.815965][T10766] ? do_syscall_64+0x26/0x790 [ 87.820632][T10766] __x64_sys_bpf+0x73/0xb0 [ 87.825047][T10766] do_syscall_64+0xfa/0x790 [ 87.829541][T10766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.836175][T10766] RIP: 0033:0x45c6c9 [ 87.840056][T10766] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.859642][T10766] RSP: 002b:00007f4e26052c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 87.868070][T10766] RAX: ffffffffffffffda RBX: 00007f4e260536d4 RCX: 000000000045c6c9 [ 87.876018][T10766] RDX: 0000000000000038 RSI: 0000000020000180 RDI: 0000000000000019 [ 87.884014][T10766] RBP: 000000000076c070 R08: 0000000000000000 R09: 0000000000000000 [ 87.891970][T10766] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 87.899949][T10766] R13: 0000000000000062 R14: 00000000004c2ec4 R15: 000000000076c07c 2020/02/16 12:48:06 executed programs: 304 2020/02/16 12:48:11 executed programs: 549