[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 27.713432] IPVS: ftp: loaded support on port[0] = 21 [ 28.254958] [ 28.256650] ====================================================== [ 28.262944] WARNING: possible circular locking dependency detected [ 28.269241] 4.14.213-syzkaller #0 Not tainted [ 28.273708] ------------------------------------------------------ [ 28.280000] kworker/u4:2/34 is trying to acquire lock: [ 28.285266] (&qdisc_rx_lock){+.-.}, at: [] red_adaptative_timer+0x72/0x570 [ 28.293912] [ 28.293912] but task is already holding lock: [ 28.299884] (((&q->adapt_timer))){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 28.308364] [ 28.308364] which lock already depends on the new lock. [ 28.308364] [ 28.316717] [ 28.316717] the existing dependency chain (in reverse order) is: [ 28.324306] [ 28.324306] -> #1 (((&q->adapt_timer))){+.-.}: [ 28.330342] del_timer_sync+0xaf/0x240 [ 28.334862] red_destroy+0x15/0x50 [ 28.338920] qdisc_destroy+0x13c/0x310 [ 28.343311] red_change+0x4a4/0xf80 [ 28.347443] tc_modify_qdisc+0xd4e/0x1250 [ 28.352128] rtnetlink_rcv_msg+0x3be/0xb10 [ 28.357000] netlink_rcv_skb+0x125/0x390 [ 28.361717] netlink_unicast+0x437/0x610 [ 28.366295] netlink_sendmsg+0x62e/0xb80 [ 28.370871] sock_sendmsg+0xb5/0x100 [ 28.375093] ___sys_sendmsg+0x6c8/0x800 [ 28.379577] __sys_sendmsg+0xa3/0x120 [ 28.383894] SyS_sendmsg+0x27/0x40 [ 28.387974] do_syscall_64+0x1d5/0x640 [ 28.392419] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.398131] [ 28.398131] -> #0 (&qdisc_rx_lock){+.-.}: [ 28.403780] lock_acquire+0x170/0x3f0 [ 28.408089] _raw_spin_lock+0x2a/0x40 [ 28.412387] red_adaptative_timer+0x72/0x570 [ 28.417288] call_timer_fn+0x14a/0x650 [ 28.421666] expire_timers+0x232/0x4d0 [ 28.426051] run_timer_softirq+0x1d5/0x5a0 [ 28.430806] __do_softirq+0x254/0xa1d [ 28.435099] irq_exit+0x193/0x240 [ 28.439044] smp_apic_timer_interrupt+0x141/0x5e0 [ 28.444380] apic_timer_interrupt+0x93/0xa0 [ 28.449196] ___might_sleep+0x6c/0x2b0 [ 28.453593] inet_twsk_purge+0x9a/0x5a0 [ 28.458081] ops_exit_list+0xf9/0x150 [ 28.462372] cleanup_net+0x3b3/0x840 [ 28.466579] process_one_work+0x793/0x14a0 [ 28.471305] worker_thread+0x5cc/0xff0 [ 28.475689] kthread+0x30d/0x420 [ 28.479545] ret_from_fork+0x24/0x30 [ 28.483745] [ 28.483745] other info that might help us debug this: [ 28.483745] [ 28.491855] Possible unsafe locking scenario: [ 28.491855] [ 28.497888] CPU0 CPU1 [ 28.502522] ---- ---- [ 28.507156] lock(((&q->adapt_timer))); [ 28.511187] lock(&qdisc_rx_lock); [ 28.517301] lock(((&q->adapt_timer))); [ 28.523849] lock(&qdisc_rx_lock); [ 28.527446] [ 28.527446] *** DEADLOCK *** [ 28.527446] [ 28.533478] 4 locks held by kworker/u4:2/34: [ 28.537855] #0: ("%s""netns"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 28.546501] #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.555572] #2: (net_mutex){+.+.}, at: [] cleanup_net+0x110/0x840 [ 28.563519] #3: (((&q->adapt_timer))){+.-.}, at: [] call_timer_fn+0xb8/0x650 [ 28.572420] [ 28.572420] stack backtrace: [ 28.576894] CPU: 0 PID: 34 Comm: kworker/u4:2 Not tainted 4.14.213-syzkaller #0 [ 28.584309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.593640] Workqueue: netns cleanup_net [ 28.597706] Call Trace: [ 28.600263] [ 28.602393] dump_stack+0x1b2/0x283 [ 28.606000] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.611785] __lock_acquire+0x2e0e/0x3f20 [ 28.615906] ? trace_hardirqs_on+0x10/0x10 [ 28.620110] ? trace_hardirqs_on+0x10/0x10 [ 28.624330] ? trace_hardirqs_on+0x10/0x10 [ 28.628535] lock_acquire+0x170/0x3f0 [ 28.632310] ? red_adaptative_timer+0x72/0x570 [ 28.636865] _raw_spin_lock+0x2a/0x40 [ 28.640640] ? red_adaptative_timer+0x72/0x570 [ 28.645192] red_adaptative_timer+0x72/0x570 [ 28.649573] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.654996] call_timer_fn+0x14a/0x650 [ 28.658857] ? red_peek+0x90/0x90 [ 28.662319] ? collect_expired_timers+0x250/0x250 [ 28.667145] ? _raw_spin_unlock_irq+0x24/0x80 [ 28.671615] ? red_peek+0x90/0x90 [ 28.675044] expire_timers+0x232/0x4d0 [ 28.678910] run_timer_softirq+0x1d5/0x5a0 [ 28.683133] ? expire_timers+0x4d0/0x4d0 [ 28.687168] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.692590] __do_softirq+0x254/0xa1d [ 28.696366] ? check_preemption_disabled+0x35/0x240 [ 28.701364] irq_exit+0x193/0x240 [ 28.704790] smp_apic_timer_interrupt+0x141/0x5e0 [ 28.709605] apic_timer_interrupt+0x93/0xa0 [ 28.713899] [ 28.716115] RIP: 0010:___might_sleep+0x6c/0x2b0 [ 28.720780] RSP: 0018:ffff8880b56c7bc8 EFLAGS: 00000a02 ORIG_RAX: ffffffffffffff10 [ 28.728476] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 [ 28.735734] RDX: 1ffff11016ad70a8 RSI: 00000000ffffffff RDI: ffff8880b56b8540 [ 28.742976] RBP: ffffffff885c9540 R08: 0000000000000000 R09: 0000000000000003 [ 28.750216] R10: 0000000000000000 R11: ffff8880b56b81c0 R12: 000000000000010c [ 28.757458] R13: 0000000000000000 R14: ffff8880b56b81c0 R15: dffffc0000000000 [ 28.764707] ? ___might_sleep+0x227/0x2b0 [ 28.768828] ? dccp_v6_exit_batch+0x20/0x20 [ 28.773124] inet_twsk_purge+0x9a/0x5a0 [ 28.777073] ? dccp_v6_connect+0x15c0/0x15c0 [ 28.781467] ? dccp_v6_exit_batch+0x20/0x20 [ 28.785763] ops_exit_list+0xf9/0x150 [ 28.789544] cleanup_net+0x3b3/0x840 [ 28.793229] ? net_drop_ns+0x70/0x70 [ 28.796914] ? lock_acquire+0x170/0x3f0 [ 28.800866] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 28.806309] process_one_work+0x793/0x14a0 [ 28.810517] ? work_busy+0x320/0x320 [ 28.814208] ? worker_thread+0x158/0xff0 [ 28.818242] ? _raw_spin_unlock_irq+0x24/0x80 [ 28.822707] worker_thread+0x5cc/0xff0 [ 28.826566] ? rescuer_thread+0xc80/0xc80 [ 28.830684] kthread+0x30d/0x420 [ 28.834025] ? kthread_create_on_node+0xd0/0xd0 [ 28.838664] ret_from_fork+0x24/0x30 executing program [ 29.001136] IPVS: ftp: loaded support on port[0] = 21 executing program [ 29.037146] IPVS: ftp: loaded support on port[0] = 21 executing program [ 29.699428] IPVS: ftp: loaded support on port[0] = 21 [ 29.731249] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 30.866058] IPVS: ftp: loaded support on port[0] = 21 executing program [ 30.898380] IPVS: ftp: loaded support on port[0] = 21 executing program [ 31.975285] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.061213] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.694746] IPVS: ftp: loaded support on port[0] = 21 executing program [ 33.725415] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 34.404290] IPVS: ftp: loaded support on port[0] = 21 [ 34.437233] IPVS: ftp: loaded support on port[0] = 21 executing program [ 35.562194] IPVS: ftp: loaded support on port[0] = 21 executing program [ 36.752197] IPVS: ftp: loaded support on port[0] = 21 executing program [ 37.445341] IPVS: ftp: loaded support on port[0] = 21 [ 37.477786] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 38.141987] IPVS: ftp: loaded support on port[0] = 21 executing program [ 38.174856] IPVS: ftp: loaded support on port[0] = 21