[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts.
syzkaller login: [   65.410027][ T6837] IPVS: ftp: loaded support on port[0] = 21
[   65.494811][ T6837] chnl_net:caif_netlink_parms(): no params data found
[   65.549054][ T6837] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.556752][ T6837] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.565907][ T6837] device bridge_slave_0 entered promiscuous mode
[   65.575184][ T6837] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.583631][ T6837] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.592335][ T6837] device bridge_slave_1 entered promiscuous mode
[   65.614206][ T6837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.625925][ T6837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.650573][ T6837] team0: Port device team_slave_0 added
[   65.658119][ T6837] team0: Port device team_slave_1 added
[   65.675350][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.682644][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.709047][ T6837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.722384][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.731850][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.758583][ T6837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.821630][ T6837] device hsr_slave_0 entered promiscuous mode
[   65.858900][ T6837] device hsr_slave_1 entered promiscuous mode
[   65.998069][ T6837] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.042146][ T6837] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.101266][ T6837] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.140813][ T6837] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.211506][ T6837] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.218998][ T6837] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.227501][ T6837] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.235090][ T6837] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.291817][ T6837] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.308192][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.327966][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.339417][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.349467][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   66.362995][ T6837] 8021q: adding VLAN 0 to HW filter on device team0
[   66.375578][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.385012][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.392315][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.406070][ T2573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.415399][ T2573] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.422546][ T2573] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.446302][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.457130][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.472676][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.491315][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.501102][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.512382][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.522091][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.535135][ T6837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.556705][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   66.566133][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   66.582487][ T6837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.607184][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.618475][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.637254][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.646253][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.657160][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.665703][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.675378][ T6837] device veth0_vlan entered promiscuous mode
[   66.688106][ T6837] device veth1_vlan entered promiscuous mode
[   66.711530][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   66.720954][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   66.730375][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.739847][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.751378][ T6837] device veth0_macvtap entered promiscuous mode
[   66.765169][ T6837] device veth1_macvtap entered promiscuous mode
[   66.783528][ T6837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.793318][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   66.802328][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.811785][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.820887][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.834701][ T6837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.842812][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.852237][ T2605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.076652][ T6837] 
[   68.079057][ T6837] ============================================
[   68.085195][ T6837] WARNING: possible recursive locking detected
[   68.091347][ T6837] 5.8.0-rc6-syzkaller #0 Not tainted
[   68.096616][ T6837] --------------------------------------------
[   68.102755][ T6837] syz-executor763/6837 is trying to acquire lock:
[   68.109152][ T6837] ffff88809422c498 (_xmit_ETHER#2){+.-.}-{2:2}, at: __dev_queue_xmit+0x215e/0x2d60
[   68.118456][ T6837] 
[   68.118456][ T6837] but task is already holding lock:
[   68.125817][ T6837] ffff88808e198498 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x25c/0xc00
[   68.134982][ T6837] 
[   68.134982][ T6837] other info that might help us debug this:
[   68.143470][ T6837]  Possible unsafe locking scenario:
[   68.143470][ T6837] 
[   68.150917][ T6837]        CPU0
[   68.154365][ T6837]        ----
[   68.157645][ T6837]   lock(_xmit_ETHER#2);
[   68.161880][ T6837]   lock(_xmit_ETHER#2);
[   68.166116][ T6837] 
[   68.166116][ T6837]  *** DEADLOCK ***
[   68.166116][ T6837] 
executing program
[   68.174512][ T6837]  May be due to missing lock nesting notation
[   68.174512][ T6837] 
[   68.182829][ T6837] 11 locks held by syz-executor763/6837:
[   68.188449][ T6837]  #0: ffffffff89bc11c0 (rcu_read_lock){....}-{1:2}, at: rawv6_sendmsg+0x1dda/0x38f0
[   68.197918][ T6837]  #1: ffffffff89bc1160 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x190/0x17b0
[   68.208095][ T6837]  #2: ffffffff89bc1160 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1da/0x2d60
[   68.217970][ T6837]  #3: ffff8880942ed258 (&sch->seqlock){+...}-{2:2}, at: __dev_queue_xmit+0x1310/0x2d60
[   68.227684][ T6837]  #4: ffff8880942ed148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: neigh_resolve_output+0x3fe/0x6a0
[   68.240510][ T6837]  #5: ffff88808e198498 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x25c/0xc00
[   68.249961][ T6837]  #6: ffffffff89bc11c0 (rcu_read_lock){....}-{1:2}, at: icmpv6_send+0x0/0x210
[   68.258874][ T6837]  #7: ffff88809202d820 (k-slock-AF_INET6){+...}-{2:2}, at: icmp6_send+0xe82/0x2660
[   68.268244][ T6837]  #8: ffffffff89bc11c0 (rcu_read_lock){....}-{1:2}, at: icmp6_send+0x1453/0x2660
[   68.277419][ T6837]  #9: ffffffff89bc1160 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x190/0x17b0
[   68.287463][ T6837]  #10: ffffffff89bc1160 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1da/0x2d60
[   68.297420][ T6837] 
[   68.297420][ T6837] stack backtrace:
[   68.303296][ T6837] CPU: 0 PID: 6837 Comm: syz-executor763 Not tainted 5.8.0-rc6-syzkaller #0
[   68.311957][ T6837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.321985][ T6837] Call Trace:
[   68.325260][ T6837]  dump_stack+0x18f/0x20d
[   68.329568][ T6837]  __lock_acquire.cold+0x178/0x3f8
[   68.334652][ T6837]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   68.340603][ T6837]  ? skb_crc32c_csum_help+0x70/0x70
[   68.346155][ T6837]  lock_acquire+0x1f1/0xad0
[   68.350645][ T6837]  ? __dev_queue_xmit+0x215e/0x2d60
[   68.355818][ T6837]  ? lock_release+0x8d0/0x8d0
[   68.360481][ T6837]  ? validate_xmit_xfrm+0x2a5/0xfa0
[   68.365659][ T6837]  ? validate_xmit_skb+0x848/0xe60
[   68.370753][ T6837]  _raw_spin_lock+0x2a/0x40
[   68.375297][ T6837]  ? __dev_queue_xmit+0x215e/0x2d60
[   68.380471][ T6837]  __dev_queue_xmit+0x215e/0x2d60
[   68.385474][ T6837]  ? neigh_resolve_output+0x2ec/0x6a0
[   68.390823][ T6837]  ? find_held_lock+0x2d/0x110
[   68.395635][ T6837]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   68.400902][ T6837]  ? mark_held_locks+0x9f/0xe0
[   68.405639][ T6837]  ? read_seqcount_begin+0xdf/0x270
[   68.410812][ T6837]  ? memcpy+0x39/0x60
[   68.414768][ T6837]  neigh_resolve_output+0x3fe/0x6a0
[   68.419949][ T6837]  ip6_finish_output2+0x8b6/0x17b0
[   68.425046][ T6837]  __ip6_finish_output+0x447/0xab0
[   68.430137][ T6837]  ip6_finish_output+0x34/0x1f0
[   68.434958][ T6837]  ip6_output+0x1db/0x520
[   68.439259][ T6837]  ip6_local_out+0xaf/0x1a0
[   68.443738][ T6837]  ip6_send_skb+0xb7/0x340
[   68.448281][ T6837]  ip6_push_pending_frames+0xbd/0xe0
[   68.453547][ T6837]  icmpv6_push_pending_frames+0x294/0x470
[   68.459245][ T6837]  icmp6_send+0x1cec/0x2660
[   68.463747][ T6837]  ? icmpv6_push_pending_frames+0x470/0x470
[   68.469613][ T6837]  ? lockdep_hardirqs_on_prepare+0x538/0x590
[   68.475571][ T6837]  ? lock_acquire+0x1f1/0xad0
[   68.480223][ T6837]  ? inet6_unregister_icmp_sender+0x50/0x50
[   68.486112][ T6837]  ? lockdep_hardirqs_on+0x6a/0xe0
[   68.491201][ T6837]  ? ip6_neigh_lookup+0x31e/0x4d0
[   68.496197][ T6837]  ? __local_bh_enable_ip+0x159/0x250
[   68.501555][ T6837]  ? icmpv6_push_pending_frames+0x470/0x470
[   68.507423][ T6837]  ? icmpv6_send+0xde/0x210
[   68.511901][ T6837]  icmpv6_send+0xde/0x210
[   68.516214][ T6837]  ? __ip6_route_redirect+0xb50/0xb50
[   68.521841][ T6837]  ip6_link_failure+0x26/0x500
[   68.526583][ T6837]  ? __ip6_route_redirect+0xb50/0xb50
[   68.531938][ T6837]  ip_tunnel_xmit+0x15cc/0x2ac3
[   68.536763][ T6837]  ? ip_md_tunnel_xmit+0x15b0/0x15b0
[   68.542024][ T6837]  ? lockdep_hardirqs_on_prepare+0x4df/0x590
[   68.547977][ T6837]  ? skb_push+0x97/0xc0
[   68.552103][ T6837]  ? __gre_xmit+0x535/0x8f0
[   68.556627][ T6837]  erspan_xmit+0x1109/0x2760
[   68.561195][ T6837]  dev_hard_start_xmit+0x193/0x950
[   68.566378][ T6837]  sch_direct_xmit+0x2ea/0xc00
[   68.571116][ T6837]  ? pfifo_fast_enqueue+0xf3/0x5f0
[   68.585769][ T6837]  ? dev_watchdog+0xc80/0xc80
[   68.590428][ T6837]  ? pfifo_fast_dequeue+0x5a1/0xb20
[   68.595602][ T6837]  ? lock_is_held_type+0xb0/0xe0
[   68.600512][ T6837]  __qdisc_run+0x4b9/0x1630
[   68.605006][ T6837]  __dev_queue_xmit+0x1456/0x2d60
[   68.610005][ T6837]  ? neigh_resolve_output+0x2ec/0x6a0
[   68.615348][ T6837]  ? find_held_lock+0x2d/0x110
[   68.620086][ T6837]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   68.625341][ T6837]  ? read_seqcount_begin+0xdf/0x270
[   68.630511][ T6837]  ? memcpy+0x39/0x60
[   68.634466][ T6837]  neigh_resolve_output+0x3fe/0x6a0
[   68.639645][ T6837]  ip6_finish_output2+0x8b6/0x17b0
[   68.644756][ T6837]  __ip6_finish_output+0x447/0xab0
[   68.649839][ T6837]  ip6_finish_output+0x34/0x1f0
[   68.654679][ T6837]  ip6_output+0x1db/0x520
[   68.658985][ T6837]  rawv6_sendmsg+0x2008/0x38f0
[   68.663720][ T6837]  ? rawv6_bind+0x9a0/0x9a0
[   68.668209][ T6837]  ? aa_profile_af_perm+0x2e0/0x2e0
[   68.673394][ T6837]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   68.679350][ T6837]  ? rawv6_recvmsg+0xd50/0xd50
[   68.684109][ T6837]  ? lock_is_held_type+0xb0/0xe0
[   68.689020][ T6837]  ? find_held_lock+0x2d/0x110
[   68.693754][ T6837]  ? aa_file_perm+0x5b8/0x1100
[   68.698491][ T6837]  inet_sendmsg+0x99/0xe0
[   68.702792][ T6837]  ? inet_send_prepare+0x4d0/0x4d0
[   68.707874][ T6837]  sock_sendmsg+0xcf/0x120
[   68.712265][ T6837]  sock_write_iter+0x28c/0x3c0
[   68.717006][ T6837]  ? sock_sendmsg+0x120/0x120
[   68.721668][ T6837]  ? aa_path_link+0x2f0/0x2f0
[   68.726329][ T6837]  new_sync_write+0x422/0x650
[   68.730978][ T6837]  ? new_sync_read+0x6e0/0x6e0
[   68.735725][ T6837]  ? lock_downgrade+0x820/0x820
[   68.740557][ T6837]  ? __local_bh_enable_ip+0x159/0x250
[   68.745918][ T6837]  ? apparmor_file_permission+0x26e/0x4e0
[   68.751616][ T6837]  vfs_write+0x59d/0x6b0
[   68.755832][ T6837]  ksys_write+0x1ee/0x250
[   68.760134][ T6837]  ? __ia32_sys_read+0xb0/0xb0
[   68.764883][ T6837]  ? lock_is_held_type+0xb0/0xe0
[   68.769802][ T6837]  ? do_syscall_64+0x1c/0xe0
[   68.774364][ T6837]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   68.780316][ T6837]  do_syscall_64+0x60/0xe0
[   68.784705][ T6837]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   68.790582][ T6837] RIP: 0033:0x449119
[   68.794460][ T6837] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   68.814039][ T6837] RSP: 002b:00007ffd62fa0718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   68.822431][ T6837] RAX: ffffffffffffffda RBX: 00007ffd62fa0780 RCX: 0000000000449119
[   68.830379][ T6837] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 0000000000000005
[   68.838331][ T6837] RBP: 0000000000000000 R08: 00000000000000ff R09: 00000000000000ff
[   68.846296][ T6837] R10: 00000000000000ff R11: 0000000000000246 R12: 0000000000000004
[   68.854245][ T6837] R13: 0000000000000003 R14: 0000000001d2f850 R15: 0000000000000001