Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. syzkaller login: [ 27.644363] IPVS: ftp: loaded support on port[0] = 21 [ 27.716168] chnl_net:caif_netlink_parms(): no params data found [ 27.786511] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.793491] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.801925] device bridge_slave_0 entered promiscuous mode [ 27.809139] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.815529] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.822667] device bridge_slave_1 entered promiscuous mode [ 27.838728] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.847581] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.865566] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.873605] team0: Port device team_slave_0 added [ 27.879156] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.886236] team0: Port device team_slave_1 added [ 27.901071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.907327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.933423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.945136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.952055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.978091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.989509] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 27.996878] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.015540] device hsr_slave_0 entered promiscuous mode [ 28.021206] device hsr_slave_1 entered promiscuous mode [ 28.027113] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.035026] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.095207] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.101718] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.108462] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.114853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.141529] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.147607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.156264] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.165310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.184250] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.191749] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.202254] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.208340] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.217351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.224960] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.231343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.241747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.249508] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.255883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.274008] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.284049] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.294851] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.302082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.310226] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.317683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.325891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.333720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.340806] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.353285] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.360367] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.366992] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.377005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.423889] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.433436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.461022] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.467932] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.476266] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.485042] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.492951] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.499883] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.507947] device veth0_vlan entered promiscuous mode [ 28.516267] device veth1_vlan entered promiscuous mode [ 28.522555] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.530904] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 28.542753] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 28.551943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 28.559197] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 28.566481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.576700] device veth0_macvtap entered promiscuous mode [ 28.583235] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 28.591497] device veth1_macvtap entered promiscuous mode [ 28.600266] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 28.609645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 28.619495] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.626231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.635282] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.645030] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.651911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 28.709474] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.740329] [ 28.741971] ====================================================== [ 28.748269] WARNING: possible circular locking dependency detected [ 28.754664] 4.14.286-syzkaller #0 Not tainted [ 28.759138] ------------------------------------------------------ [ 28.765448] kworker/u4:4/2880 is trying to acquire lock: [ 28.770960] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 28.778742] [ 28.778742] but task is already holding lock: [ 28.784696] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.793103] [ 28.793103] which lock already depends on the new lock. [ 28.793103] [ 28.801420] [ 28.801420] the existing dependency chain (in reverse order) is: [ 28.809022] [ 28.809022] -> #1 ((&strp->work)){+.+.}: [ 28.815235] flush_work+0xad/0x770 [ 28.819271] __cancel_work_timer+0x321/0x460 [ 28.824175] strp_done+0x53/0xd0 [ 28.828037] kcm_ioctl+0x828/0xfb0 [ 28.832072] sock_ioctl+0x2cc/0x4c0 [ 28.836206] do_vfs_ioctl+0x75a/0xff0 [ 28.840507] SyS_ioctl+0x7f/0xb0 [ 28.844370] do_syscall_64+0x1d5/0x640 [ 28.848767] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.854457] [ 28.854457] -> #0 (sk_lock-AF_INET){+.+.}: [ 28.860160] lock_acquire+0x170/0x3f0 [ 28.864458] lock_sock_nested+0xb7/0x100 [ 28.869199] strp_work+0x3e/0x100 [ 28.873168] process_one_work+0x793/0x14a0 [ 28.877919] worker_thread+0x5cc/0xff0 [ 28.882321] kthread+0x30d/0x420 [ 28.886196] ret_from_fork+0x24/0x30 [ 28.890410] [ 28.890410] other info that might help us debug this: [ 28.890410] [ 28.899263] Possible unsafe locking scenario: [ 28.899263] [ 28.905295] CPU0 CPU1 [ 28.909951] ---- ---- [ 28.914591] lock((&strp->work)); [ 28.918279] lock(sk_lock-AF_INET); [ 28.924483] lock((&strp->work)); [ 28.930515] lock(sk_lock-AF_INET); [ 28.934230] [ 28.934230] *** DEADLOCK *** [ 28.934230] [ 28.940268] 2 locks held by kworker/u4:4/2880: [ 28.944834] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 28.953481] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.962549] [ 28.962549] stack backtrace: [ 28.967025] CPU: 1 PID: 2880 Comm: kworker/u4:4 Not tainted 4.14.286-syzkaller #0 [ 28.974615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 28.983955] Workqueue: kstrp strp_work [ 28.987816] Call Trace: [ 28.990393] dump_stack+0x1b2/0x281 [ 28.993995] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.999780] __lock_acquire+0x2e0e/0x3f20 [ 29.003900] ? __schedule+0x893/0x1de0 [ 29.007766] ? trace_hardirqs_on+0x10/0x10 [ 29.011986] ? lock_acquire+0x170/0x3f0 [ 29.015933] ? lock_sock_nested+0x98/0x100 [ 29.020153] lock_acquire+0x170/0x3f0 [ 29.023927] ? strp_work+0x3e/0x100 [ 29.027548] lock_sock_nested+0xb7/0x100 [ 29.031582] ? strp_work+0x3e/0x100 [ 29.035191] strp_work+0x3e/0x100 [ 29.038618] process_one_work+0x793/0x14a0 [ 29.042836] ? work_busy+0x320/0x320 [ 29.046521] ? worker_thread+0x158/0xff0 [ 29.050555] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.055025] worker_thread+0x5cc/0xff0 [ 29.058885] ? rescuer_thread+0xc80/0xc80 [ 29.063004] kthread+0x30d/0x420 [ 29.066342] ? kthread_create_on_node+0xd0/0xd0 [ 29.070985] ret_from_fork+0x24/0x30 [