[ 62.622419][ T26] audit: type=1800 audit(1576393854.546:25): pid=8967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 62.642489][ T26] audit: type=1800 audit(1576393854.546:26): pid=8967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 62.677434][ T26] audit: type=1800 audit(1576393854.546:27): pid=8967 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 63.246626][ T9035] sshd (9035) used greatest stack depth: 22920 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.30' (ECDSA) to the list of known hosts. syzkaller login: [ 72.978892][ T9120] IPVS: ftp: loaded support on port[0] = 21 [ 73.043131][ T9120] chnl_net:caif_netlink_parms(): no params data found [ 73.073259][ T9120] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.081091][ T9120] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.089610][ T9120] device bridge_slave_0 entered promiscuous mode [ 73.097621][ T9120] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.104868][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.113015][ T9120] device bridge_slave_1 entered promiscuous mode [ 73.131003][ T9120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.141974][ T9120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.161757][ T9120] team0: Port device team_slave_0 added [ 73.168931][ T9120] team0: Port device team_slave_1 added [ 73.230760][ T9120] device hsr_slave_0 entered promiscuous mode [ 73.278783][ T9120] device hsr_slave_1 entered promiscuous mode [ 73.339596][ T9120] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.390440][ T9120] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.431181][ T9120] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.470691][ T9120] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.528441][ T9120] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.535583][ T9120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.543424][ T9120] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.550495][ T9120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.585614][ T9120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.599675][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.620809][ T3413] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.639876][ T3413] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.648093][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 73.660849][ T9120] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.671182][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.680368][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.687476][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.699381][ T3413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.708082][ T3413] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.715187][ T3413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.732580][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.741930][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.757878][ T9120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.770140][ T9120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.782883][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.791498][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.800332][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.810687][ T2964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.824837][ T9122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.832883][ T9122] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready executing program [ 73.843901][ T9120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.871121][ T1600] block nbd0: Receive control failed (result -107) [ 73.879256][ T1600] block nbd0: shutting down sockets [ 73.886174][ T1600] [ 73.888512][ T1600] ============================================ [ 73.894783][ T1600] WARNING: possible recursive locking detected [ 73.900928][ T1600] 5.5.0-rc1-syzkaller #0 Not tainted [ 73.906187][ T1600] -------------------------------------------- [ 73.912751][ T1600] kworker/u5:0/1600 is trying to acquire lock: [ 73.918877][ T1600] ffff8880a7e93d28 ((wq_completion)knbd0-recv){+.+.}, at: flush_workqueue+0xf7/0x14c0 [ 73.928418][ T1600] [ 73.928418][ T1600] but task is already holding lock: [ 73.935758][ T1600] ffff8880a7e93d28 ((wq_completion)knbd0-recv){+.+.}, at: process_one_work+0x88b/0x1740 [ 73.945474][ T1600] [ 73.945474][ T1600] other info that might help us debug this: [ 73.953512][ T1600] Possible unsafe locking scenario: [ 73.953512][ T1600] [ 73.961010][ T1600] CPU0 [ 73.964282][ T1600] ---- [ 73.967545][ T1600] lock((wq_completion)knbd0-recv); [ 73.972807][ T1600] lock((wq_completion)knbd0-recv); [ 73.978081][ T1600] [ 73.978081][ T1600] *** DEADLOCK *** [ 73.978081][ T1600] [ 73.986412][ T1600] May be due to missing lock nesting notation [ 73.986412][ T1600] [ 73.994726][ T1600] 3 locks held by kworker/u5:0/1600: [ 73.999979][ T1600] #0: ffff8880a7e93d28 ((wq_completion)knbd0-recv){+.+.}, at: process_one_work+0x88b/0x1740 [ 74.010131][ T1600] #1: ffffc900057c7dc0 ((work_completion)(&args->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 74.020709][ T1600] #2: ffff8880a1984978 (&nbd->config_lock){+.+.}, at: refcount_dec_and_mutex_lock+0x55/0xe0 [ 74.030943][ T1600] [ 74.030943][ T1600] stack backtrace: [ 74.036816][ T1600] CPU: 0 PID: 1600 Comm: kworker/u5:0 Not tainted 5.5.0-rc1-syzkaller #0 [ 74.045207][ T1600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.055266][ T1600] Workqueue: knbd0-recv recv_work [ 74.060271][ T1600] Call Trace: [ 74.063543][ T1600] dump_stack+0x197/0x210 [ 74.067853][ T1600] __lock_acquire.cold+0x15d/0x385 [ 74.072954][ T1600] ? mark_held_locks+0xf0/0xf0 [ 74.077697][ T1600] lock_acquire+0x190/0x410 [ 74.082175][ T1600] ? flush_workqueue+0xf7/0x14c0 [ 74.087096][ T1600] flush_workqueue+0x126/0x14c0 [ 74.091927][ T1600] ? flush_workqueue+0xf7/0x14c0 [ 74.096862][ T1600] ? lock_downgrade+0x920/0x920 [ 74.101698][ T1600] ? drain_workqueue+0x2b/0x3d0 [ 74.106526][ T1600] ? find_held_lock+0x35/0x130 [ 74.111268][ T1600] ? pwq_unbound_release_workfn+0x2f0/0x2f0 [ 74.117142][ T1600] drain_workqueue+0x1b4/0x3d0 [ 74.121889][ T1600] ? drain_workqueue+0x1b4/0x3d0 [ 74.126802][ T1600] ? kfree+0x226/0x2c0 [ 74.130861][ T1600] destroy_workqueue+0x80/0x700 [ 74.135689][ T1600] nbd_config_put+0x3dd/0x870 [ 74.140341][ T1600] recv_work+0x19b/0x200 [ 74.144557][ T1600] process_one_work+0x9af/0x1740 [ 74.149469][ T1600] ? pwq_dec_nr_in_flight+0x320/0x320 [ 74.154815][ T1600] worker_thread+0x98/0xe40 [ 74.159303][ T1600] kthread+0x361/0x430 [ 74.163356][ T1600] ? process_one_work+0x1740/0x1740 [ 74.168560][ T1600] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 74.174254][ T1600] ret_from_fork+0x24/0x30 [ 74.258725][ T9120] kobject: 'batman_adv' (0000000044608f0f): kobject_uevent_env [ 74.266307][ T9120] kobject: 'batman_adv' (0000000044608f0f): kobject_uevent_env: filter function caused the event to drop! [ 74.277800][ T9120] kobject: 'batman_adv' (0000000044608f0f): kobject_cleanup, parent 0000000077b536de [ 74.287343][ T9120] kobject: 'batman_adv' (0000000044608f0f): calling ktype release [ 74.295195][ T9120] kobject: (0000000044608f0f): dynamic_kobj_release [ 74.301833][ T9120] kobject: 'batman_adv': free name [ 74.307142][ T9120] kobject: 'rx-0' (000000002909bf1d): kobject_cleanup, parent 000000007ebb6beb [ 74.316289][ T9120] kobject: 'rx-0' (000000002909bf1d): auto cleanup 'remove' event [ 74.324237][ T9120] kobject: 'rx-0' (000000002909bf1d): kobject_uevent_env [ 74.331472][ T9120] kobject: 'rx-0' (000000002909bf1d): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/rx-0' [ 74.342748][ T9120] kobject: 'rx-0' (000000002909bf1d): auto cleanup kobject_del [ 74.350456][ T9120] kobject: 'rx-0' (000000002909bf1d): calling ktype release [ 74.357726][ T9120] kobject: 'rx-0': free name [ 74.362412][ T9120] kobject: 'tx-0' (000000007942b151): kobject_cleanup, parent 000000007ebb6beb [ 74.371547][ T9120] kobject: 'tx-0' (000000007942b151): auto cleanup 'remove' event [ 74.379421][ T9120] kobject: 'tx-0' (000000007942b151): kobject_uevent_env [ 74.386492][ T9120] kobject: 'tx-0' (000000007942b151): fill_kobj_path: path = '/devices/virtual/net/syz_tun/queues/tx-0' [ 74.397713][ T9120] kobject: 'tx-0' (000000007942b151): auto cleanup kobject_del [ 74.405341][ T9120] kobject: 'tx-0' (000000007942b151): calling ktype release [ 74.412654][ T9120] kobject: 'tx-0': free name [ 74.417253][ T9120] kobject: 'queues' (000000007ebb6beb): kobject_cleanup, parent 0000000077b536de [ 74.426605][ T9120] kobject: 'queues' (000000007ebb6beb): calling ktype release [ 74.434116][ T9120] kobject: 'queues' (000000007ebb6beb): kset_release [ 74.440867][ T9120] kobject: 'queues': free name [ 74.445970][ T9120] kobject: 'syz_tun' (00000000cbee746b): kobject_uevent_env [ 74.453335][ T9120] kobject: 'syz_tun' (00000000cbee746b): fill_kobj_path: path = '/devices/virtual/net/syz_tun' [ 74.485127][ T7] kobject: 'batman_adv' (00000000490a3f48): kobject_uevent_env [ 74.492869][ T7] kobject: 'batman_adv' (00000000490a3f48): kobject_uevent_env: filter function caused the event to drop! [ 74.504217][ T7] kobject: 'batman_adv' (00000000490a3f48): kobject_cleanup, parent 0000000077b536de [ 74.513978][ T7] kobject: 'batman_adv' (00000000490a3f48): calling ktype release [ 74.521828][ T7] kobject: (00000000490a3f48): dynamic_kobj_release [ 74.529144][ T7] kobject: 'batman_adv': free name [ 74.534382][ T7] kobject: 'rx-0' (0000000031f41891): kobject_cleanup, parent 0000000028cba632 [ 74.543328][ T7] kobject: 'rx-0' (0000000031f41891): auto cleanup 'remove' event [ 74.551328][ T7] kobject: 'rx-0' (0000000031f41891): kobject_uevent_env [ 74.558362][ T7] kobject: 'rx-0' (0000000031f41891): kobject_uevent_env: uevent_suppress caused the event to drop! [ 74.569118][ T7] kobject: 'rx-0' (0000000031f41891): auto cleanup kobject_del [ 74.576673][ T7] kobject: 'rx-0' (0000000031f41891): calling ktype release [ 74.584170][ T7] kobject: 'rx-0': free name [ 74.588865][ T7] kobject: 'tx-0' (00000000d7437352): kobject_cleanup, parent 0000000028cba632 [ 74.597796][ T7] kobject: 'tx-0' (00000000d7437352): auto cleanup 'remove' event [ 74.605625][ T7] kobject: 'tx-0' (00000000d7437352): kobject_uevent_env [ 74.612659][ T7] kobject: 'tx-0' (00000000d7437352): kobject_uevent_env: uevent_suppress caused the event to drop! [ 74.623435][ T7] kobject: 'tx-0' (00000000d7437352): auto cleanup kobject_del [ 74.631030][ T7] kobject: 'tx-0' (00000000d7437352): calling ktype release [ 74.638347][ T7] kobject: 'tx-0': free name [ 74.642946][ T7] kobject: 'queues' (0000000028cba632): kobject_cleanup, parent 0000000077b536de [ 74.652068][ T7] kobject: 'queues' (0000000028cba632): calling ktype release [ 74.659728][ T7] kobject: 'queues' (0000000028cba632): kset_release [ 74.666420][ T7] kobject: 'queues': free name [ 74.671665][ T7] kobject: 'netdevsim3' (00000000b95e99ef): kobject_uevent_env [ 74.679258][ T7] kobject: 'netdevsim3' (00000000b95e99ef): kobject_uevent_env: uevent_suppress caused the event to drop!