[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.100' (ECDSA) to the list of known hosts. syzkaller login: [ 28.813413] IPVS: ftp: loaded support on port[0] = 21 [ 28.883945] chnl_net:caif_netlink_parms(): no params data found [ 29.029939] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.036481] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.044004] device bridge_slave_0 entered promiscuous mode [ 29.051595] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.057970] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.065369] device bridge_slave_1 entered promiscuous mode [ 29.081877] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.090395] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.107444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.114753] team0: Port device team_slave_0 added [ 29.121011] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.128078] team0: Port device team_slave_1 added [ 29.142813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.149131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.174384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.185556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.191856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.217097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.227775] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 29.235322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 29.253106] device hsr_slave_0 entered promiscuous mode [ 29.258750] device hsr_slave_1 entered promiscuous mode [ 29.264553] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 29.271690] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 29.330765] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.337158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.343974] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.350387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.376916] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.383134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.391323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.401075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.409181] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.426106] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.435793] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.442374] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.450470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.457998] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.464397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.479810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.487445] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.493847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.501135] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.509265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.517190] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.528564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.535910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.544914] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.552631] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.564844] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.572234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.579567] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.589542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.635315] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.644608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.671365] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.679318] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.685698] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.694694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.702710] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.709752] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.718040] device veth0_vlan entered promiscuous mode [ 29.727009] device veth1_vlan entered promiscuous mode [ 29.733121] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.742688] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.753551] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.762929] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.770110] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.777251] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.786572] device veth0_macvtap entered promiscuous mode [ 29.792765] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.801041] device veth1_macvtap entered promiscuous mode [ 29.809997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.819131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.828547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.835219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.843626] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.852603] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.860371] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.867535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 29.946627] [ 29.948269] ====================================================== [ 29.954554] WARNING: possible circular locking dependency detected [ 29.960844] 4.14.286-syzkaller #0 Not tainted [ 29.965307] ------------------------------------------------------ [ 29.971598] kworker/u4:0/5 is trying to acquire lock: [ 29.976755] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 29.984560] [ 29.984560] but task is already holding lock: [ 29.990498] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.998878] [ 29.998878] which lock already depends on the new lock. [ 29.998878] [ 30.007164] [ 30.007164] the existing dependency chain (in reverse order) is: [ 30.014753] [ 30.014753] -> #1 ((&strp->work)){+.+.}: [ 30.020273] flush_work+0xad/0x770 [ 30.024304] __cancel_work_timer+0x321/0x460 [ 30.029205] strp_done+0x53/0xd0 [ 30.033063] kcm_ioctl+0x828/0xfb0 [ 30.037093] sock_ioctl+0x2cc/0x4c0 [ 30.041210] do_vfs_ioctl+0x75a/0xff0 [ 30.045500] SyS_ioctl+0x7f/0xb0 [ 30.049359] do_syscall_64+0x1d5/0x640 [ 30.053737] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.059416] [ 30.059416] -> #0 (sk_lock-AF_INET){+.+.}: [ 30.065106] lock_acquire+0x170/0x3f0 [ 30.069400] lock_sock_nested+0xb7/0x100 [ 30.073955] strp_work+0x3e/0x100 [ 30.077904] process_one_work+0x793/0x14a0 [ 30.082630] worker_thread+0x5cc/0xff0 [ 30.087008] kthread+0x30d/0x420 [ 30.090869] ret_from_fork+0x24/0x30 [ 30.095069] [ 30.095069] other info that might help us debug this: [ 30.095069] [ 30.103179] Possible unsafe locking scenario: [ 30.103179] [ 30.109204] CPU0 CPU1 [ 30.113840] ---- ---- [ 30.118474] lock((&strp->work)); [ 30.121984] lock(sk_lock-AF_INET); [ 30.128184] lock((&strp->work)); [ 30.134217] lock(sk_lock-AF_INET); [ 30.137901] [ 30.137901] *** DEADLOCK *** [ 30.137901] [ 30.143930] 2 locks held by kworker/u4:0/5: [ 30.148222] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 30.156864] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 30.165681] [ 30.165681] stack backtrace: [ 30.170169] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.286-syzkaller #0 [ 30.177501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 30.186970] Workqueue: kstrp strp_work [ 30.190826] Call Trace: [ 30.193391] dump_stack+0x1b2/0x281 [ 30.196998] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.202779] __lock_acquire+0x2e0e/0x3f20 [ 30.206901] ? trace_hardirqs_on+0x10/0x10 [ 30.211147] ? trace_hardirqs_on+0x10/0x10 [ 30.215353] ? lock_acquire+0x170/0x3f0 [ 30.219301] ? check_preemption_disabled+0x35/0x240 [ 30.224294] ? lock_sock_nested+0x98/0x100 [ 30.228519] lock_acquire+0x170/0x3f0 [ 30.232294] ? strp_work+0x3e/0x100 [ 30.235900] lock_sock_nested+0xb7/0x100 [ 30.239945] ? strp_work+0x3e/0x100 [ 30.243543] strp_work+0x3e/0x100 [ 30.246969] process_one_work+0x793/0x14a0 [ 30.251177] ? work_busy+0x320/0x320 [ 30.254882] ? worker_thread+0x158/0xff0 [ 30.258941] ? _raw_spin_unlock_irq+0x24/0x80 [ 30.263411] worker_thread+0x5cc/0xff0 [ 30.267274] ? rescuer_thread+0xc80/0xc80 [ 30.271394] kthread+0x30d/0x420 [ 30.275080] ? kthread_create_on_node+0xd0/0xd0 [ 30.279719] ret_from_fork+0x24/0x30