Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.665220] [ 37.667161] ====================================================== [ 37.673477] [ INFO: possible circular locking dependency detected ] [ 37.679864] 4.4.174+ #4 Not tainted [ 37.683468] ------------------------------------------------------- [ 37.689959] syz-executor869/2078 is trying to acquire lock: [ 37.695745] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 37.705057] [ 37.705057] but task is already holding lock: [ 37.711028] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 37.720297] [ 37.720297] which lock already depends on the new lock. [ 37.720297] [ 37.728946] [ 37.728946] the existing dependency chain (in reverse order) is: [ 37.736812] -> #1 (&(&q->lock)->rlock){+.-...}: [ 37.742505] [] lock_acquire+0x15e/0x450 [ 37.748824] [] _raw_spin_lock_irqsave+0x50/0x70 [ 37.756582] [] depot_save_stack+0x20c/0x5f0 [ 37.763675] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 37.770468] [] kasan_kmalloc+0xb7/0xd0 [ 37.776943] [] kasan_slab_alloc+0xf/0x20 [ 37.783673] [] kmem_cache_alloc+0xdc/0x2c0 [ 37.790583] [] inet_getpeer+0x1525/0x1ce0 [ 37.797008] [] ip4_frag_init+0x2a2/0x310 [ 37.804249] [] inet_frag_create+0x1ac/0x14e0 [ 37.810944] [] inet_frag_find+0x64d/0x880 [ 37.818184] [] ip_defrag+0x2fb/0x3b70 [ 37.824590] [] ip_check_defrag+0x3d6/0x5b0 [ 37.831991] [] packet_rcv_fanout+0x51e/0x5f0 [ 37.839033] [] dev_hard_start_xmit+0x654/0x11e0 [ 37.845977] [] sch_direct_xmit+0x2b6/0x700 [ 37.852607] [] __dev_queue_xmit+0xd24/0x1bb0 [ 37.860223] [] dev_queue_xmit+0x18/0x20 [ 37.866473] [] neigh_resolve_output+0x4a0/0x7a0 [ 37.873442] [] ip_finish_output2+0x6a2/0x1280 [ 37.880500] [] ip_do_fragment+0x187c/0x1f70 [ 37.887198] [] ip_fragment.constprop.0+0x14b/0x200 [ 37.894860] [] ip_finish_output+0x3b9/0xc60 [ 37.901837] [] ip_mc_output+0x251/0xae0 [ 37.908515] [] ip_local_out+0x9c/0x180 [ 37.914761] [] ip_send_skb+0x3e/0xc0 [ 37.920898] [] udp_send_skb+0x4fd/0xc70 [ 37.927265] [] udp_push_pending_frames+0x4e/0xe0 [ 37.934314] [] udp_sendpage+0x2ae/0x410 [ 37.940593] [] inet_sendpage+0x223/0x520 [ 37.947200] [] kernel_sendpage+0x95/0xf0 [ 37.953537] [] sock_sendpage+0x8b/0xc0 [ 37.960157] [] pipe_to_sendpage+0x28d/0x3d0 [ 37.968224] [] __splice_from_pipe+0x37e/0x7a0 [ 37.975088] [] splice_from_pipe+0x108/0x170 [ 37.981703] [] generic_splice_sendpage+0x3c/0x50 [ 37.988748] [] SyS_splice+0xd71/0x13a0 [ 37.995091] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 38.002489] -> #0 (_xmit_NETROM){+.-...}: [ 38.007340] [] __lock_acquire+0x37d6/0x4f50 [ 38.013949] [] lock_acquire+0x15e/0x450 [ 38.020296] [] _raw_spin_lock+0x38/0x50 [ 38.026716] [] sch_direct_xmit+0x238/0x700 [ 38.033313] [] __dev_queue_xmit+0xd24/0x1bb0 [ 38.041509] [] dev_queue_xmit+0x18/0x20 [ 38.048942] [] neigh_resolve_output+0x4a0/0x7a0 [ 38.056285] [] ip6_finish_output2+0x9c7/0x1dc0 [ 38.063242] [] ip6_finish_output+0x2f3/0x750 [ 38.070131] [] ip6_output+0x1b4/0x520 [ 38.077076] [] ndisc_send_skb+0x98d/0x1110 [ 38.084221] [] ndisc_send_ns+0x4bf/0x6b0 [ 38.092347] [] ndisc_solicit+0x2b2/0x440 [ 38.100993] [] neigh_probe+0xc8/0x100 [ 38.107081] [] __neigh_event_send+0x2ab/0xc50 [ 38.113858] [] neigh_resolve_output+0x5ec/0x7a0 [ 38.121563] [] ip6_finish_output2+0x9c7/0x1dc0 [ 38.128609] [] ip6_finish_output+0x2f3/0x750 [ 38.135837] [] ip6_output+0x1b4/0x520 [ 38.142866] [] ip6_local_out+0x9c/0x180 [ 38.149126] [] ip6_send_skb+0xa2/0x340 [ 38.155293] [] ip6_push_pending_frames+0xbb/0xe0 [ 38.162330] [] icmpv6_push_pending_frames+0x336/0x530 [ 38.169803] [] icmp6_send+0x1506/0x1b40 [ 38.176129] [] icmpv6_param_prob+0x29/0x40 [ 38.182743] [] ipv6_frag_rcv+0x3f06/0x51e0 [ 38.189270] [] ip6_input_finish+0x57d/0x14f0 [ 38.195964] [] ip6_input+0xf8/0x1f0 [ 38.201882] [] ip6_rcv_finish+0x14d/0x670 [ 38.208318] [] ipv6_rcv+0xfc1/0x1a20 [ 38.214320] [] __netif_receive_skb_core+0x1300/0x2950 [ 38.224102] [] __netif_receive_skb+0x58/0x1c0 [ 38.230872] [] process_backlog+0x200/0x630 [ 38.237419] [] net_rx_action+0x367/0xd30 [ 38.243768] [] __do_softirq+0x226/0xa3f [ 38.250038] [] do_softirq_own_stack+0x1c/0x30 [ 38.256829] [] do_softirq.part.0+0x54/0x60 [ 38.263335] [] do_softirq+0x18/0x20 [ 38.269248] [] netif_rx_ni+0xeb/0x3b0 [ 38.275496] [] tun_get_user+0xdbf/0x2640 [ 38.281950] [] tun_chr_write_iter+0xda/0x190 [ 38.288819] [] do_iter_readv_writev+0x141/0x1e0 [ 38.295856] [] do_readv_writev+0x387/0x6e0 [ 38.302361] [] vfs_writev+0x7d/0xb0 [ 38.308259] [] SyS_writev+0xdc/0x260 [ 38.314247] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 38.321444] [ 38.321444] other info that might help us debug this: [ 38.321444] [ 38.329592] Possible unsafe locking scenario: [ 38.329592] [ 38.335632] CPU0 CPU1 [ 38.340472] ---- ---- [ 38.345308] lock(&(&q->lock)->rlock); [ 38.349529] lock(_xmit_NETROM); [ 38.355791] lock(&(&q->lock)->rlock); [ 38.362517] lock(_xmit_NETROM); [ 38.366275] [ 38.366275] *** DEADLOCK *** [ 38.366275] [ 38.372320] 9 locks held by syz-executor869/2078: [ 38.377140] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 38.386649] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 38.396117] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 38.406391] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 38.415905] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 38.425047] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 38.435826] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 38.446317] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 38.456587] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 38.467212] [ 38.467212] stack backtrace: [ 38.471684] CPU: 1 PID: 2078 Comm: syz-executor869 Not tainted 4.4.174+ #4 [ 38.478668] 0000000000000000 0e3511a1970d254b ffff8801db7064e0 ffffffff81aad1a1 [ 38.486675] ffffffff84057a80 ffff8800b71c97c0 ffffffff83ad3870 ffffffff83ad3f30 [ 38.494691] ffffffff83ad3870 ffff8801db706530 ffffffff813abcda ffff8801db706610 [ 38.502699] Call Trace: [ 38.505256] [] dump_stack+0xc1/0x120 [ 38.511418] [] print_circular_bug.cold+0x2f7/0x44e [ 38.517977] [] __lock_acquire+0x37d6/0x4f50 [ 38.523923] [] ? check_usage+0x14e/0x5a0 [ 38.529612] [] ? trace_hardirqs_on+0x10/0x10 [ 38.535649] [] ? __lock_acquire+0x2c79/0x4f50 [ 38.541769] [] ? __dev_get_by_index+0x130/0x130 [ 38.548079] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 38.554284] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.561097] [] lock_acquire+0x15e/0x450 [ 38.566695] [] ? sch_direct_xmit+0x238/0x700 [ 38.572726] [] _raw_spin_lock+0x38/0x50 [ 38.578409] [] ? sch_direct_xmit+0x238/0x700 [ 38.584439] [] sch_direct_xmit+0x238/0x700 [ 38.590305] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 38.597817] [] __dev_queue_xmit+0xd24/0x1bb0 [ 38.603849] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 38.610053] [] ? trace_hardirqs_on+0x10/0x10 [ 38.616088] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 38.622035] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.628773] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.635509] [] ? memcpy+0x46/0x50 [ 38.640594] [] dev_queue_xmit+0x18/0x20 [ 38.646191] [] neigh_resolve_output+0x4a0/0x7a0 [ 38.652484] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 38.658864] [] ip6_finish_output2+0x9c7/0x1dc0 [ 38.665070] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 38.671469] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.678204] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.684934] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 38.691236] [] ? check_preemption_disabled+0x3c/0x200 [ 38.698072] [] ? check_preemption_disabled+0x3c/0x200 [ 38.704889] [] ? ip6_mtu+0x21f/0x340 [ 38.710230] [] ip6_finish_output+0x2f3/0x750 [ 38.716264] [] ip6_output+0x1b4/0x520 [ 38.721689] [] ? ip6_finish_output+0x750/0x750 [ 38.727895] [] ? nf_iterate+0x220/0x220 [ 38.733493] [] ? ip6_fragment+0x3210/0x3210 [ 38.739441] [] ndisc_send_skb+0x98d/0x1110 [ 38.745297] [] ? ndisc_send_skb+0x779/0x1110 [ 38.752545] [] ? ndisc_alloc_skb+0x330/0x330 [ 38.758580] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 38.765220] [] ? memcpy+0x46/0x50 [ 38.770297] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 38.776942] [] ndisc_send_ns+0x4bf/0x6b0 [ 38.782627] [] ? trace_hardirqs_on+0xd/0x10 [ 38.788573] [] ? ndisc_netdev_event+0x360/0x360 [ 38.794874] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 38.801599] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 38.808238] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 38.815138] [] ndisc_solicit+0x2b2/0x440 [ 38.820822] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 38.826678] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 38.832537] [] neigh_probe+0xc8/0x100 [ 38.837960] [] __neigh_event_send+0x2ab/0xc50 [ 38.844081] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 38.850371] [] ? _raw_write_unlock_bh+0x31/0x40 [ 38.856661] [] neigh_resolve_output+0x5ec/0x7a0 [ 38.862965] [] ip6_finish_output2+0x9c7/0x1dc0 [ 38.869173] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 38.875553] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 38.882296] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 38.888606] [] ? check_preemption_disabled+0x3c/0x200 [ 38.895439] [] ? check_preemption_disabled+0x3c/0x200 [ 38.902258] [] ? ip6_mtu+0x21f/0x340 [ 38.907597] [] ip6_finish_output+0x2f3/0x750 [ 38.913639] [] ip6_output+0x1b4/0x520 [ 38.919074] [] ? ip6_finish_output+0x750/0x750 [ 38.925290] [] ? ip6_fragment+0x3210/0x3210 [ 38.931244] [] ip6_local_out+0x9c/0x180 [ 38.936848] [] ip6_send_skb+0xa2/0x340 [ 38.942360] [] ip6_push_pending_frames+0xbb/0xe0 [ 38.948739] [] icmpv6_push_pending_frames+0x336/0x530 [ 38.955590] [] icmp6_send+0x1506/0x1b40 [ 38.961190] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 38.968188] [] ? print_cfs_rq+0x348/0x1370 [ 38.974047] [] ? perf_trace_softirq+0x28a/0x3b0 [ 38.980351] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 38.986296] [] icmpv6_param_prob+0x29/0x40 [ 38.992154] [] ipv6_frag_rcv+0x3f06/0x51e0 [ 38.998013] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 39.004392] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 39.011118] [] ip6_input_finish+0x57d/0x14f0 [ 39.017156] [] ? ip6_rcv_finish+0x670/0x670 [ 39.023101] [] ip6_input+0xf8/0x1f0 [ 39.028350] [] ? ipv6_rcv+0x1a20/0x1a20 [ 39.033951] [] ? ip6_rcv_finish+0x670/0x670 [ 39.039901] [] ip6_rcv_finish+0x14d/0x670 [ 39.045672] [] ipv6_rcv+0xfc1/0x1a20 [ 39.051012] [] ? ipv6_rcv+0xfc/0x1a20 [ 39.056444] [] ? ip6_input_finish+0x14f0/0x14f0 [ 39.062736] [] ? ip6_make_skb+0x3f0/0x3f0 [ 39.068517] [] ? packet_rcv_fanout+0x173/0x5f0 [ 39.075506] [] ? ip6_input_finish+0x14f0/0x14f0 [ 39.081809] [] __netif_receive_skb_core+0x1300/0x2950 [ 39.088633] [] ? dev_loopback_xmit+0x430/0x430 [ 39.094841] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 39.101569] [] ? check_preemption_disabled+0x3c/0x200 [ 39.108385] [] __netif_receive_skb+0x58/0x1c0 [ 39.114505] [] process_backlog+0x200/0x630 [ 39.120361] [] ? process_backlog+0x19c/0x630 [ 39.126391] [] ? check_preemption_disabled+0x3c/0x200 [ 39.133204] [] ? net_rx_action+0x1fb/0xd30 [ 39.139063] [] net_rx_action+0x367/0xd30 [ 39.144762] [] ? rcu_read_lock_sched_held+0x10b/0x130 [ 39.151577] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 39.159444] [] __do_softirq+0x226/0xa3f [ 39.165045] [] do_softirq_own_stack+0x1c/0x30 [ 39.171158] [] do_softirq.part.0+0x54/0x60 [ 39.177757] [] do_softirq+0x18/0x20 [ 39.183018] [] netif_rx_ni+0xeb/0x3b0 [ 39.188456] [] tun_get_user+0xdbf/0x2640 [ 39.194140] [] ? tun_free_netdev+0xb0/0xb0 [ 39.199999] [] ? futex_wait+0x47d/0x600 [ 39.205599] [] ? try_to_wake_up+0x701/0x1110 [ 39.211635] [] ? irq_cpu_online+0x1a0/0x230 [ 39.217580] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 39.224308] [] ? __tun_get+0x126/0x230 [ 39.229866] [] tun_chr_write_iter+0xda/0x190 [ 39.235995] [] do_iter_readv_writev+0x141/0x1e0 [ 39.242285] [] ? tun_sendmsg+0x140/0x140 [ 39.247971] [] ? vfs_iter_read+0x280/0x280 [ 39.253831] [] ? rw_verify_area+0x103/0x2f0 [ 39.259778] [] ? tun_sendmsg+0x140/0x140 [ 39.265470] [] do_readv_writev+0x387/0x6e0 [ 39.271335] [] ? vfs_write+0x4e0/0x4e0 [ 39.276859] [] ? exit_robust_list+0x220/0x220 [ 39.282979] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 39.289708] [] ? check_preemption_disabled+0x3c/0x200 [ 39.296523] [] ? check_preemption_disabled+0x3c/0x200 [ 39.303335] [] ? __fget+0x13b/0x370 [ 39.308605] [] ? __fget+0x162/0x370 [ 39.313856] [] ? __fget+0x47/0x370 [ 39.319018] [] vfs_writev+0x7d/0xb0 [ 39.324270] [] SyS_writev+0xdc/0x260 [ 39.329606] [] ? SyS_readv+0x260/0x260 [ 39.335209] [] ? lockdep_sys_exit_thunk+0x12/0x14 [ 39.341674] [] entry_SYSCALL_64_fastpath+0x1e/0x9a