[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.501831] kauditd_printk_skb: 8 callbacks suppressed [ 29.501842] audit: type=1800 audit(1544534059.301:29): pid=5896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.528604] audit: type=1800 audit(1544534059.301:30): pid=5896 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. syzkaller login: [ 39.492399] IPVS: ftp: loaded support on port[0] = 21 [ 39.655033] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.661627] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.669140] device bridge_slave_0 entered promiscuous mode [ 39.688470] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.695062] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.702427] device bridge_slave_1 entered promiscuous mode [ 39.721270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.739780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.789549] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.810365] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.887944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.895668] team0: Port device team_slave_0 added [ 39.912591] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.919911] team0: Port device team_slave_1 added [ 39.936368] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.956104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.975625] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.996670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 40.146113] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.152672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.159447] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.165862] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 40.711186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.767142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.822855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.829028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.837136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.888416] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 41.206528] [ 41.208181] ====================================================== [ 41.214478] WARNING: possible circular locking dependency detected [ 41.220780] 4.20.0-rc6+ #338 Not tainted [ 41.224837] ------------------------------------------------------ [ 41.231272] syz-executor662/6051 is trying to acquire lock: [ 41.236964] 000000000d190a6e (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 41.244759] [ 41.244759] but task is already holding lock: [ 41.250715] 000000006a610774 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 41.257984] [ 41.257984] which lock already depends on the new lock. [ 41.257984] [ 41.266320] [ 41.266320] the existing dependency chain (in reverse order) is: [ 41.273926] [ 41.273926] -> #1 (&n->lock){++--}: [ 41.279038] _raw_write_lock+0x2d/0x40 [ 41.283544] neigh_flush_dev+0x34f/0x960 [ 41.288105] neigh_changeaddr+0x31/0x40 [ 41.292583] ndisc_netdev_event+0xe6/0x5b0 [ 41.297321] notifier_call_chain+0x17e/0x380 [ 41.302233] raw_notifier_call_chain+0x2d/0x40 [ 41.307321] call_netdevice_notifiers_info+0x3f/0x90 [ 41.312929] dev_set_mac_address+0x293/0x3b0 [ 41.317847] do_setlink+0x7c7/0x3f30 [ 41.322074] __rtnl_newlink+0xcde/0x19e0 [ 41.326643] rtnl_newlink+0x6b/0xa0 [ 41.330775] rtnetlink_rcv_msg+0x46a/0xc20 [ 41.335517] netlink_rcv_skb+0x172/0x440 [ 41.340084] rtnetlink_rcv+0x1c/0x20 [ 41.344299] netlink_unicast+0x5a5/0x760 [ 41.348866] netlink_sendmsg+0xa18/0xfc0 [ 41.353432] sock_sendmsg+0xd5/0x120 [ 41.357646] ___sys_sendmsg+0x7fd/0x930 [ 41.362122] __sys_sendmsg+0x11d/0x280 [ 41.366526] __x64_sys_sendmsg+0x78/0xb0 [ 41.371136] do_syscall_64+0x1b9/0x820 [ 41.375524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.381212] [ 41.381212] -> #0 (&tbl->lock){+.-.}: [ 41.386495] lock_acquire+0x1ed/0x520 [ 41.390800] _raw_write_lock_bh+0x31/0x40 [ 41.395476] neigh_change_state+0x1dc/0x7a0 [ 41.400299] __neigh_update+0x478/0x1eb0 [ 41.404859] neigh_update+0x37/0x50 [ 41.409032] arp_req_set+0x54c/0xaa0 [ 41.413260] arp_ioctl+0x48b/0xae0 [ 41.417316] inet_ioctl+0x237/0x360 [ 41.421446] sock_do_ioctl+0xeb/0x420 [ 41.425748] sock_ioctl+0x313/0x690 [ 41.429880] do_vfs_ioctl+0x1de/0x1790 [ 41.434267] ksys_ioctl+0xa9/0xd0 [ 41.438221] __x64_sys_ioctl+0x73/0xb0 [ 41.442626] do_syscall_64+0x1b9/0x820 [ 41.447016] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.452705] [ 41.452705] other info that might help us debug this: [ 41.452705] [ 41.460830] Possible unsafe locking scenario: [ 41.460830] [ 41.466867] CPU0 CPU1 [ 41.471512] ---- ---- [ 41.476154] lock(&n->lock); [ 41.479237] lock(&tbl->lock); [ 41.485010] lock(&n->lock); [ 41.490628] lock(&tbl->lock); [ 41.493886] [ 41.493886] *** DEADLOCK *** [ 41.493886] [ 41.499940] 2 locks held by syz-executor662/6051: [ 41.504772] #0: 000000003d2094e6 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 41.512054] #1: 000000006a610774 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 41.519771] [ 41.519771] stack backtrace: [ 41.524255] CPU: 0 PID: 6051 Comm: syz-executor662 Not tainted 4.20.0-rc6+ #338 [ 41.531702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.541043] Call Trace: [ 41.543621] dump_stack+0x244/0x39d [ 41.547230] ? dump_stack_print_info.cold.1+0x20/0x20 [ 41.552410] ? vprintk_func+0x85/0x181 [ 41.556283] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 41.561999] ? save_trace+0xe0/0x290 [ 41.565706] __lock_acquire+0x3399/0x4c20 [ 41.569850] ? mark_held_locks+0x130/0x130 [ 41.574081] ? kasan_check_read+0x11/0x20 [ 41.578220] ? graph_lock+0x9c/0x270 [ 41.581923] ? mark_held_locks+0x130/0x130 [ 41.586158] ? mark_held_locks+0xc7/0x130 [ 41.590294] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.594863] ? trace_hardirqs_on+0xbd/0x310 [ 41.599170] ? _raw_write_unlock_bh+0x30/0x40 [ 41.603656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.609178] ? ___neigh_create+0x1704/0x2630 [ 41.613591] ? ___neigh_create+0x1704/0x2630 [ 41.617989] lock_acquire+0x1ed/0x520 [ 41.621777] ? neigh_change_state+0x1dc/0x7a0 [ 41.626263] ? lock_release+0xa00/0xa00 [ 41.630227] _raw_write_lock_bh+0x31/0x40 [ 41.634364] ? neigh_change_state+0x1dc/0x7a0 [ 41.638851] neigh_change_state+0x1dc/0x7a0 [ 41.643165] ? neigh_parms_alloc+0x6d0/0x6d0 [ 41.647595] ? mark_held_locks+0xc7/0x130 [ 41.651736] ? kasan_check_read+0x11/0x20 [ 41.655869] ? do_raw_write_lock+0x14f/0x310 [ 41.660261] ? do_raw_read_unlock+0x70/0x70 [ 41.664568] ? neigh_lookup+0x586/0x7c0 [ 41.668530] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.673635] __neigh_update+0x478/0x1eb0 [ 41.677698] ? __local_bh_enable_ip+0x160/0x260 [ 41.682355] ? arp_hash+0x90/0xa0 [ 41.685814] ? __neigh_notify+0x160/0x160 [ 41.689949] ? ip_route_output_key_hash_rcu+0x3490/0x3490 [ 41.695473] ? find_held_lock+0x36/0x1c0 [ 41.699522] neigh_update+0x37/0x50 [ 41.703134] arp_req_set+0x54c/0xaa0 [ 41.706861] ? arp_req_delete+0x870/0x870 [ 41.710995] ? apparmor_cred_transfer+0x590/0x590 [ 41.715831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.721362] arp_ioctl+0x48b/0xae0 [ 41.724907] ? print_usage_bug+0xc0/0xc0 [ 41.728951] ? arp_constructor+0xd80/0xd80 [ 41.733175] inet_ioctl+0x237/0x360 [ 41.736796] ? lock_acquire+0x1ed/0x520 [ 41.740759] ? inet_stream_connect+0xa0/0xa0 [ 41.745150] ? mark_held_locks+0x130/0x130 [ 41.749364] ? mark_held_locks+0x130/0x130 [ 41.753582] ? rwlock_bug.part.2+0x90/0x90 [ 41.757801] ? lockdep_init_map+0x9/0x10 [ 41.761860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.767402] sock_do_ioctl+0xeb/0x420 [ 41.771189] ? compat_ifr_data_ioctl+0x170/0x170 [ 41.775929] ? find_held_lock+0x36/0x1c0 [ 41.779974] ? zap_class+0x640/0x640 [ 41.783674] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.788851] sock_ioctl+0x313/0x690 [ 41.792461] ? dlci_ioctl_set+0x40/0x40 [ 41.796417] ? find_held_lock+0x36/0x1c0 [ 41.800464] ? __do_page_fault+0x620/0xe60 [ 41.804685] ? dlci_ioctl_set+0x40/0x40 [ 41.808677] do_vfs_ioctl+0x1de/0x1790 [ 41.812554] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.817837] ? rcu_softirq_qs+0x20/0x20 [ 41.821821] ? ioctl_preallocate+0x300/0x300 [ 41.826220] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.831742] ? __fget_light+0x2e9/0x430 [ 41.835716] ? fget_raw+0x20/0x20 [ 41.839154] ? up_read+0x77/0x2c0 [ 41.842592] ? up_read_non_owner+0x100/0x100 [ 41.846988] ? do_syscall_64+0x9a/0x820 [ 41.850950] ? do_syscall_64+0x9a/0x820 [ 41.854907] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.859474] ? security_file_ioctl+0x94/0xc0 [ 41.863872] ksys_ioctl+0xa9/0xd0 [ 41.867326] __x64_sys_ioctl+0x73/0xb0 [ 41.871201] do_syscall_64+0x1b9/0x820 [ 41.875079] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.880446] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.885363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.890206] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.895207] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.900212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.905753] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.910761] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.915596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.920785] RIP: 0033:0x441089 [ 41.923969] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.942876] RSP: 002b:00007ffc4143a2e8 EFLAGS: 00000213 ORIG_RAX: 0000000000000010 [ 41.950576] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441089 [ 41.957836] RDX: 0000000020000000 RSI: 0000000000008955 RDI: 0000000000000003 [ 41.965099] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 41.972359] R10: 0000000000000020 R11: 0000000000000213 R12: 0000000000401ff0 [ 41.979626] R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000