
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   27.420646] audit: type=1800 audit(1544701422.029:21): pid=5887 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   31.809338] sshd (6026) used greatest stack depth: 15600 bytes left
Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts.
[   38.478148] IPVS: ftp: loaded support on port[0] = 21
[   38.630242] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.636846] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.644005] device bridge_slave_0 entered promiscuous mode
[   38.661802] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.668163] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.675331] device bridge_slave_1 entered promiscuous mode
[   38.691690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   38.708698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   38.754802] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   38.775515] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   38.846006] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   38.853342] team0: Port device team_slave_0 added
[   38.870198] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   38.877210] team0: Port device team_slave_1 added
[   38.893739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   38.913578] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   38.932111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   38.950814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   39.085853] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.092309] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.098995] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.105384] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   39.598531] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.646683] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   39.695067] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   39.701278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   39.708323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.756899] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   40.139880] 
[   40.141524] ======================================================
[   40.147820] WARNING: possible circular locking dependency detected
[   40.154119] 4.20.0-rc6-next-20181213+ #170 Not tainted
[   40.159376] ------------------------------------------------------
[   40.165680] syz-executor594/6043 is trying to acquire lock:
[   40.171361] 00000000ba24bb99 (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0
[   40.179139] 
[   40.179139] but task is already holding lock:
[   40.185107] 00000000ee97b6c2 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0
[   40.192372] 
[   40.192372] which lock already depends on the new lock.
[   40.192372] 
[   40.200659] 
[   40.200659] the existing dependency chain (in reverse order) is:
[   40.208251] 
[   40.208251] -> #1 (&n->lock){++--}:
[   40.213341]        _raw_write_lock+0x2d/0x40
[   40.217747]        neigh_flush_dev+0x34f/0x960
[   40.222303]        neigh_changeaddr+0x31/0x40
[   40.226786]        ndisc_netdev_event+0xe6/0x5b0
[   40.231519]        notifier_call_chain+0x17e/0x380
[   40.236431]        raw_notifier_call_chain+0x2d/0x40
[   40.241516]        call_netdevice_notifiers_info+0x3f/0x90
[   40.247132]        dev_set_mac_address+0x293/0x3b0
[   40.252035]        do_setlink+0x7c7/0x3f30
[   40.256240]        __rtnl_newlink+0xcde/0x19e0
[   40.260796]        rtnl_newlink+0x6b/0xa0
[   40.264918]        rtnetlink_rcv_msg+0x46a/0xc20
[   40.269650]        netlink_rcv_skb+0x172/0x440
[   40.274207]        rtnetlink_rcv+0x1c/0x20
[   40.278413]        netlink_unicast+0x5a5/0x760
[   40.282967]        netlink_sendmsg+0xa18/0xfc0
[   40.287546]        sock_sendmsg+0xd5/0x120
[   40.291753]        ___sys_sendmsg+0x7fd/0x930
[   40.296221]        __sys_sendmsg+0x11d/0x280
[   40.300603]        __x64_sys_sendmsg+0x78/0xb0
[   40.305160]        do_syscall_64+0x1b9/0x820
[   40.309543]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.315223] 
[   40.315223] -> #0 (&tbl->lock){+.-.}:
[   40.320489]        lock_acquire+0x1ed/0x520
[   40.324790]        _raw_write_lock_bh+0x31/0x40
[   40.329454]        neigh_change_state+0x1dc/0x7a0
[   40.334270]        __neigh_update+0x478/0x1eb0
[   40.338841]        neigh_update+0x37/0x50
[   40.342966]        arp_req_set+0x54c/0xaa0
[   40.347173]        arp_ioctl+0x48b/0xae0
[   40.351208]        inet_ioctl+0x237/0x360
[   40.355332]        sock_do_ioctl+0xeb/0x420
[   40.359629]        sock_ioctl+0x313/0x690
[   40.363753]        do_vfs_ioctl+0x1de/0x1790
[   40.368134]        ksys_ioctl+0xa9/0xd0
[   40.372081]        __x64_sys_ioctl+0x73/0xb0
[   40.376477]        do_syscall_64+0x1b9/0x820
[   40.380864]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.386543] 
[   40.386543] other info that might help us debug this:
[   40.386543] 
[   40.394658]  Possible unsafe locking scenario:
[   40.394658] 
[   40.400692]        CPU0                    CPU1
[   40.405332]        ----                    ----
[   40.409983]   lock(&n->lock);
[   40.413062]                                lock(&tbl->lock);
[   40.418828]                                lock(&n->lock);
[   40.424423]   lock(&tbl->lock);
[   40.427679] 
[   40.427679]  *** DEADLOCK ***
[   40.427679] 
[   40.433716] 2 locks held by syz-executor594/6043:
[   40.438527]  #0: 000000004e44c6b9 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
[   40.445782]  #1: 00000000ee97b6c2 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0
[   40.453471] 
[   40.453471] stack backtrace:
[   40.457944] CPU: 0 PID: 6043 Comm: syz-executor594 Not tainted 4.20.0-rc6-next-20181213+ #170
[   40.466578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.475904] Call Trace:
[   40.478473]  dump_stack+0x244/0x39d
[   40.482078]  ? dump_stack_print_info.cold.1+0x20/0x20
[   40.487292]  ? vprintk_func+0x85/0x181
[   40.491198]  print_circular_bug.isra.35.cold.56+0x1bd/0x27d
[   40.496889]  ? save_trace+0xe0/0x290
[   40.500577]  __lock_acquire+0x3399/0x4c20
[   40.504719]  ? mark_held_locks+0x130/0x130
[   40.508943]  ? kasan_check_write+0x14/0x20
[   40.513164]  ? graph_lock+0x9c/0x270
[   40.516858]  ? mark_held_locks+0x130/0x130
[   40.521091]  ? mark_held_locks+0xc7/0x130
[   40.525217]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   40.529776]  ? trace_hardirqs_on+0xbd/0x310
[   40.534073]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.539586]  ? ___neigh_create+0x1704/0x2630
[   40.543972]  ? ___neigh_create+0x1704/0x2630
[   40.548355]  lock_acquire+0x1ed/0x520
[   40.552142]  ? neigh_change_state+0x1dc/0x7a0
[   40.556613]  ? lock_release+0xa00/0xa00
[   40.560568]  _raw_write_lock_bh+0x31/0x40
[   40.564689]  ? neigh_change_state+0x1dc/0x7a0
[   40.569154]  neigh_change_state+0x1dc/0x7a0
[   40.573463]  ? neigh_parms_alloc+0x6d0/0x6d0
[   40.577868]  ? mark_held_locks+0xc7/0x130
[   40.581994]  ? kasan_check_write+0x14/0x20
[   40.586202]  ? do_raw_write_lock+0x14f/0x310
[   40.590590]  ? do_raw_read_unlock+0x70/0x70
[   40.594889]  ? neigh_lookup+0x586/0x7c0
[   40.598841]  ? trace_hardirqs_off_caller+0x310/0x310
[   40.603920]  __neigh_update+0x478/0x1eb0
[   40.607967]  ? __local_bh_enable_ip+0x160/0x260
[   40.612613]  ? arp_hash+0x40/0xa0
[   40.616064]  ? __neigh_notify+0x160/0x160
[   40.620187]  ? ip_route_output_key_hash_rcu+0x3490/0x3490
[   40.625699]  ? find_held_lock+0x36/0x1c0
[   40.629791]  neigh_update+0x37/0x50
[   40.633412]  arp_req_set+0x54c/0xaa0
[   40.637116]  ? arp_req_delete+0x870/0x870
[   40.641244]  ? apparmor_cred_prepare+0x5a0/0x5a0
[   40.645976]  ? print_usage_bug+0xc0/0xc0
[   40.650026]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.655542]  arp_ioctl+0x48b/0xae0
[   40.659057]  ? arp_constructor+0xd80/0xd80
[   40.663282]  inet_ioctl+0x237/0x360
[   40.666894]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   40.672332]  ? inet_stream_connect+0xa0/0xa0
[   40.676720]  ? refcount_dec_checked+0x70/0x70
[   40.681203]  ? apparmor_file_alloc_security+0x17b/0xac0
[   40.686547]  ? rcu_read_lock_sched_held+0x14f/0x180
[   40.691556]  ? kmem_cache_alloc_trace+0x356/0x740
[   40.696372]  ? __lockdep_init_map+0x105/0x590
[   40.700858]  ? lockdep_init_map+0x9/0x10
[   40.704896]  ? debug_mutex_init+0x2d/0x60
[   40.709018]  ? __mutex_init+0x1f7/0x290
[   40.712979]  sock_do_ioctl+0xeb/0x420
[   40.716768]  ? __alloc_file+0xa8/0x470
[   40.720635]  ? compat_ifr_data_ioctl+0x170/0x170
[   40.725363]  ? find_held_lock+0x36/0x1c0
[   40.729401]  ? __fd_install+0x2b5/0x8f0
[   40.733349]  ? lock_downgrade+0x900/0x900
[   40.737496]  ? check_preemption_disabled+0x48/0x280
[   40.742492]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   40.747658]  sock_ioctl+0x313/0x690
[   40.751259]  ? dlci_ioctl_set+0x40/0x40
[   40.755220]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.760744]  ? __fd_install+0x2f9/0x8f0
[   40.764693]  ? dlci_ioctl_set+0x40/0x40
[   40.768661]  do_vfs_ioctl+0x1de/0x1790
[   40.772527]  ? alloc_file_pseudo+0x281/0x3f0
[   40.776929]  ? ioctl_preallocate+0x300/0x300
[   40.781321]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   40.786839]  ? __fget_light+0x2e9/0x430
[   40.790790]  ? fget_raw+0x20/0x20
[   40.794224]  ? __alloc_fd+0x6e0/0x6e0
[   40.798002]  ? do_syscall_64+0x9a/0x820
[   40.801964]  ? do_syscall_64+0x9a/0x820
[   40.805913]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   40.810472]  ? security_file_ioctl+0x94/0xc0
[   40.814855]  ksys_ioctl+0xa9/0xd0
[   40.818298]  __x64_sys_ioctl+0x73/0xb0
[   40.822179]  do_syscall_64+0x1b9/0x820
[   40.826056]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   40.831396]  ? syscall_return_slowpath+0x5e0/0x5e0
[   40.836303]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.841121]  ? trace_hardirqs_on_caller+0x310/0x310
[   40.846118]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   40.851112]  ? prepare_exit_to_usermode+0x291/0x3b0
[   40.856106]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.860928]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   40.866094] RIP: 0033:0x441299
[   40.869276] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   40.888170] RSP: 002b:00007fff9d27e828 EFLAGS: 00000203 ORIG_RAX: 0000000000000010
[   40.895859] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000441299
[   40.903108] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000003
[   40.910354] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   40.917601] R10: 0000000000000100 R11: 0000000000000203 R12: 0000000000402200
[   40.924848] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000
[   40.940209] kobject: 'regulatory.0' (0000000003ff8dec): kobject_uevent_env
[   40.947241] kobject: 'regulatory.0' (0000000003ff8dec): fill_kobj_path: path = '/devices/platform/regulatory.0'