
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   26.637840] audit: type=1800 audit(1544537273.704:21): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
syzkaller login: [   47.491032] IPVS: ftp: loaded support on port[0] = 21
[   47.649069] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.655764] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.663041] device bridge_slave_0 entered promiscuous mode
[   47.682568] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.688967] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.695838] device bridge_slave_1 entered promiscuous mode
[   47.713290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.731155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.779785] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   47.799850] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   47.878646] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   47.885987] team0: Port device team_slave_0 added
[   47.903150] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   47.910309] team0: Port device team_slave_1 added
[   47.927355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   47.946814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   47.967140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   47.985497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   48.130056] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.136584] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.143461] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.149841] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   48.662606] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.714547] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.765341] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   48.771503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   48.778793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.823613] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   49.247842] 
[   49.249618] ======================================================
[   49.255913] WARNING: possible circular locking dependency detected
[   49.262208] 4.20.0-rc6+ #174 Not tainted
[   49.266261] ------------------------------------------------------
[   49.272664] syz-executor687/6006 is trying to acquire lock:
[   49.278359] 000000009a78be90 (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0
[   49.286147] 
[   49.286147] but task is already holding lock:
[   49.292097] 0000000044286f55 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0
[   49.299357] 
[   49.299357] which lock already depends on the new lock.
[   49.299357] 
[   49.307822] 
[   49.307822] the existing dependency chain (in reverse order) is:
[   49.315447] 
[   49.315447] -> #1 (&n->lock){++--}:
[   49.320541]        _raw_write_lock+0x2d/0x40
[   49.325051]        neigh_flush_dev+0x34f/0x960
[   49.329739]        neigh_changeaddr+0x31/0x40
[   49.334216]        ndisc_netdev_event+0xe6/0x5b0
[   49.338953]        notifier_call_chain+0x17e/0x380
[   49.343967]        raw_notifier_call_chain+0x2d/0x40
[   49.349175]        call_netdevice_notifiers_info+0x3f/0x90
[   49.354883]        dev_set_mac_address+0x293/0x3b0
[   49.359800]        do_setlink+0x7c7/0x3f30
[   49.364089]        __rtnl_newlink+0xcde/0x19e0
[   49.368668]        rtnl_newlink+0x6b/0xa0
[   49.372795]        rtnetlink_rcv_msg+0x46a/0xc20
[   49.377630]        netlink_rcv_skb+0x172/0x440
[   49.382229]        rtnetlink_rcv+0x1c/0x20
[   49.386489]        netlink_unicast+0x5a5/0x760
[   49.391049]        netlink_sendmsg+0xa18/0xfc0
[   49.395639]        sock_sendmsg+0xd5/0x120
[   49.399863]        ___sys_sendmsg+0x7fd/0x930
[   49.404335]        __sys_sendmsg+0x11d/0x280
[   49.408827]        __x64_sys_sendmsg+0x78/0xb0
[   49.413392]        do_syscall_64+0x1b9/0x820
[   49.417781]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.423466] 
[   49.423466] -> #0 (&tbl->lock){+.-.}:
[   49.428745]        lock_acquire+0x1ed/0x520
[   49.433043]        _raw_write_lock_bh+0x31/0x40
[   49.437699]        neigh_change_state+0x1dc/0x7a0
[   49.442638]        __neigh_update+0x478/0x1eb0
[   49.447220]        neigh_update+0x37/0x50
[   49.451362]        arp_req_set+0x54c/0xaa0
[   49.455582]        arp_ioctl+0x48b/0xae0
[   49.459624]        inet_ioctl+0x237/0x360
[   49.463764]        sock_do_ioctl+0xeb/0x420
[   49.468106]        sock_ioctl+0x313/0x690
[   49.472249]        do_vfs_ioctl+0x1de/0x1790
[   49.476636]        ksys_ioctl+0xa9/0xd0
[   49.480591]        __x64_sys_ioctl+0x73/0xb0
[   49.484994]        do_syscall_64+0x1b9/0x820
[   49.489553]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.495246] 
[   49.495246] other info that might help us debug this:
[   49.495246] 
[   49.503364]  Possible unsafe locking scenario:
[   49.503364] 
[   49.509462]        CPU0                    CPU1
[   49.514185]        ----                    ----
[   49.518830]   lock(&n->lock);
[   49.522054]                                lock(&tbl->lock);
[   49.527943]                                lock(&n->lock);
[   49.533647]   lock(&tbl->lock);
[   49.536919] 
[   49.536919]  *** DEADLOCK ***
[   49.536919] 
[   49.542967] 2 locks held by syz-executor687/6006:
[   49.547784]  #0: 00000000f7902c1e (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20
[   49.555194]  #1: 0000000044286f55 (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0
[   49.562885] 
[   49.562885] stack backtrace:
[   49.567360] CPU: 0 PID: 6006 Comm: syz-executor687 Not tainted 4.20.0-rc6+ #174
[   49.574782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   49.584110] Call Trace:
[   49.586694]  dump_stack+0x244/0x39d
[   49.590303]  ? dump_stack_print_info.cold.1+0x20/0x20
[   49.595497]  ? vprintk_func+0x85/0x181
[   49.599393]  print_circular_bug.isra.35.cold.54+0x1bd/0x27d
[   49.605084]  ? save_trace+0xe0/0x290
[   49.608779]  __lock_acquire+0x3399/0x4c20
[   49.612909]  ? mark_held_locks+0x130/0x130
[   49.617128]  ? kasan_check_read+0x11/0x20
[   49.621292]  ? graph_lock+0x9c/0x270
[   49.625011]  ? mark_held_locks+0x130/0x130
[   49.629227]  ? mark_held_locks+0xc7/0x130
[   49.633354]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   49.637921]  ? trace_hardirqs_on+0xbd/0x310
[   49.642221]  ? _raw_write_unlock_bh+0x30/0x40
[   49.646696]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.652215]  ? ___neigh_create+0x1704/0x2630
[   49.656624]  ? ___neigh_create+0x1704/0x2630
[   49.661026]  lock_acquire+0x1ed/0x520
[   49.664807]  ? neigh_change_state+0x1dc/0x7a0
[   49.669282]  ? lock_release+0xa00/0xa00
[   49.673256]  _raw_write_lock_bh+0x31/0x40
[   49.677383]  ? neigh_change_state+0x1dc/0x7a0
[   49.681856]  neigh_change_state+0x1dc/0x7a0
[   49.686155]  ? neigh_parms_alloc+0x6d0/0x6d0
[   49.690547]  ? mark_held_locks+0xc7/0x130
[   49.694675]  ? kasan_check_read+0x11/0x20
[   49.698803]  ? do_raw_write_lock+0x14f/0x310
[   49.703204]  ? do_raw_read_unlock+0x70/0x70
[   49.707509]  ? neigh_lookup+0x586/0x7c0
[   49.711463]  ? trace_hardirqs_off_caller+0x310/0x310
[   49.716552]  __neigh_update+0x478/0x1eb0
[   49.720593]  ? __local_bh_enable_ip+0x160/0x260
[   49.725272]  ? arp_hash+0x90/0xa0
[   49.728722]  ? __neigh_notify+0x160/0x160
[   49.732872]  ? ip_route_output_key_hash_rcu+0x3490/0x3490
[   49.738389]  ? find_held_lock+0x36/0x1c0
[   49.742433]  neigh_update+0x37/0x50
[   49.746039]  arp_req_set+0x54c/0xaa0
[   49.749733]  ? arp_req_delete+0x870/0x870
[   49.753860]  ? apparmor_cred_transfer+0x590/0x590
[   49.758682]  ? print_usage_bug+0xc0/0xc0
[   49.762725]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.768243]  arp_ioctl+0x48b/0xae0
[   49.771762]  ? arp_constructor+0xd80/0xd80
[   49.775979]  inet_ioctl+0x237/0x360
[   49.779597]  ? refcount_inc_not_zero_checked+0x1e5/0x2f0
[   49.785025]  ? inet_stream_connect+0xa0/0xa0
[   49.789430]  ? refcount_add_not_zero_checked+0x330/0x330
[   49.794862]  ? apparmor_file_alloc_security+0x17b/0xac0
[   49.800206]  ? rcu_read_lock_sched_held+0x14f/0x180
[   49.805201]  ? kmem_cache_alloc_trace+0x353/0x750
[   49.810026]  ? __lockdep_init_map+0x105/0x590
[   49.814510]  ? lockdep_init_map+0x9/0x10
[   49.818552]  ? debug_mutex_init+0x2d/0x60
[   49.822681]  ? __mutex_init+0x1f7/0x290
[   49.826636]  sock_do_ioctl+0xeb/0x420
[   49.830416]  ? compat_ifr_data_ioctl+0x170/0x170
[   49.835154]  ? find_held_lock+0x36/0x1c0
[   49.839196]  ? __fd_install+0x2b5/0x8f0
[   49.843150]  ? lock_downgrade+0x900/0x900
[   49.847281]  ? check_preemption_disabled+0x48/0x280
[   49.852309]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   49.857478]  sock_ioctl+0x313/0x690
[   49.861095]  ? dlci_ioctl_set+0x40/0x40
[   49.865067]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.870584]  ? __fd_install+0x2f9/0x8f0
[   49.874538]  ? dlci_ioctl_set+0x40/0x40
[   49.878500]  do_vfs_ioctl+0x1de/0x1790
[   49.882368]  ? alloc_file_pseudo+0x281/0x3f0
[   49.886753]  ? ioctl_preallocate+0x300/0x300
[   49.891141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.896659]  ? __fget_light+0x2e9/0x430
[   49.900615]  ? fget_raw+0x20/0x20
[   49.904050]  ? __alloc_fd+0x6e0/0x6e0
[   49.907863]  ? do_syscall_64+0x9a/0x820
[   49.911814]  ? do_syscall_64+0x9a/0x820
[   49.915766]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   49.920330]  ? security_file_ioctl+0x94/0xc0
[   49.924716]  ksys_ioctl+0xa9/0xd0
[   49.928168]  __x64_sys_ioctl+0x73/0xb0
[   49.932066]  do_syscall_64+0x1b9/0x820
[   49.935930]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   49.941273]  ? syscall_return_slowpath+0x5e0/0x5e0
[   49.946179]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.951015]  ? trace_hardirqs_on_caller+0x310/0x310
[   49.956013]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   49.961037]  ? prepare_exit_to_usermode+0x291/0x3b0
[   49.966033]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.970855]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.976025] RIP: 0033:0x441299
[   49.979203] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   49.998085] RSP: 002b:00007ffd31692a78 EFLAGS: 00000203 ORIG_RAX: 0000000000000010
[   50.005783] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000441299
[   50.013033] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000003
[   50.020280] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   50.027528] R10: 0000000000000100 R11: 0000000000000203 R12: 0000000000402200
[   50.034773] R13: 0000000000402290 R14: 0000000000000000 R15: 0000000000000000