Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.740229] [ 29.742058] ====================================================== [ 29.748356] [ INFO: possible circular locking dependency detected ] [ 29.754741] 4.4.174+ #17 Not tainted [ 29.758428] ------------------------------------------------------- [ 29.764815] syz-executor074/2071 is trying to acquire lock: [ 29.771454] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 29.780266] [ 29.780266] but task is already holding lock: [ 29.786211] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 29.795439] [ 29.795439] which lock already depends on the new lock. [ 29.795439] [ 29.803727] [ 29.803727] the existing dependency chain (in reverse order) is: [ 29.811318] -> #1 (&(&q->lock)->rlock){+.-...}: [ 29.816646] [] lock_acquire+0x15e/0x450 [ 29.822893] [] _raw_spin_lock_irqsave+0x50/0x70 [ 29.829867] [] depot_save_stack+0x20c/0x5f0 [ 29.836471] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 29.843247] [] kasan_kmalloc+0xb7/0xd0 [ 29.850037] [] kasan_slab_alloc+0xf/0x20 [ 29.856369] [] kmem_cache_alloc+0xdc/0x2c0 [ 29.862872] [] inet_getpeer+0x1525/0x1ce0 [ 29.869294] [] ip4_frag_init+0x2a2/0x310 [ 29.875633] [] inet_frag_create+0x1ac/0x14e0 [ 29.882349] [] inet_frag_find+0x64d/0x880 [ 29.888776] [] ip_defrag+0x2fb/0x3b70 [ 29.894859] [] ip_check_defrag+0x3d6/0x5b0 [ 29.901461] [] packet_rcv_fanout+0x51e/0x5f0 [ 29.908162] [] dev_hard_start_xmit+0x654/0x11e0 [ 29.915115] [] sch_direct_xmit+0x2b6/0x700 [ 29.921676] [] __dev_queue_xmit+0xd24/0x1bb0 [ 29.928356] [] dev_queue_xmit+0x18/0x20 [ 29.934596] [] neigh_resolve_output+0x4a0/0x7a0 [ 29.941544] [] ip_finish_output2+0x6a2/0x1280 [ 29.948323] [] ip_do_fragment+0x187c/0x1f70 [ 29.954933] [] ip_fragment.constprop.0+0x14b/0x200 [ 29.962148] [] ip_finish_output+0x3b9/0xc60 [ 29.968761] [] ip_mc_output+0x251/0xae0 [ 29.975023] [] ip_local_out+0x9c/0x180 [ 29.981176] [] ip_send_skb+0x3e/0xc0 [ 29.987155] [] udp_send_skb+0x4fd/0xc70 [ 29.993410] [] udp_sendmsg+0x16cf/0x1c60 [ 29.999752] [] udpv6_sendmsg+0x12f2/0x24f0 [ 30.006256] [] inet_sendmsg+0x202/0x4d0 [ 30.012499] [] sock_sendmsg+0xbe/0x110 [ 30.018681] [] kernel_sendmsg+0x44/0x50 [ 30.024935] [] sock_no_sendpage+0x116/0x150 [ 30.031621] [] kernel_sendpage+0x95/0xf0 [ 30.037953] [] sock_sendpage+0x8b/0xc0 [ 30.044110] [] pipe_to_sendpage+0x28d/0x3d0 [ 30.050701] [] __splice_from_pipe+0x37e/0x7a0 [ 30.057466] [] splice_from_pipe+0x108/0x170 [ 30.064067] [] generic_splice_sendpage+0x3c/0x50 [ 30.071127] [] direct_splice_actor+0x126/0x1a0 [ 30.077983] [] splice_direct_to_actor+0x2ce/0x850 [ 30.085105] [] do_splice_direct+0x1a5/0x260 [ 30.091692] [] do_sendfile+0x4ed/0xba0 [ 30.097848] [] compat_SyS_sendfile+0x144/0x160 [ 30.104701] [] do_fast_syscall_32+0x32d/0xa90 [ 30.111468] [] sysenter_flags_fixed+0xd/0x1a [ 30.118161] -> #0 (_xmit_NETROM){+.-...}: [ 30.122971] [] __lock_acquire+0x37d6/0x4f50 [ 30.129563] [] lock_acquire+0x15e/0x450 [ 30.135956] [] _raw_spin_lock+0x38/0x50 [ 30.142197] [] sch_direct_xmit+0x238/0x700 [ 30.148701] [] __dev_queue_xmit+0xd24/0x1bb0 [ 30.155379] [] dev_queue_xmit+0x18/0x20 [ 30.161622] [] neigh_resolve_output+0x4a0/0x7a0 [ 30.168575] [] ip6_finish_output2+0x9c7/0x1dc0 [ 30.175433] [] ip6_finish_output+0x2f3/0x750 [ 30.182112] [] ip6_output+0x1b4/0x520 [ 30.188194] [] ndisc_send_skb+0x98d/0x1110 [ 30.195230] [] ndisc_send_ns+0x4bf/0x6b0 [ 30.201574] [] ndisc_solicit+0x2b2/0x440 [ 30.207905] [] neigh_probe+0xc8/0x100 [ 30.213973] [] __neigh_event_send+0x2ab/0xc50 [ 30.220738] [] neigh_resolve_output+0x5ec/0x7a0 [ 30.227678] [] ip6_finish_output2+0x9c7/0x1dc0 [ 30.234529] [] ip6_finish_output+0x2f3/0x750 [ 30.241205] [] ip6_output+0x1b4/0x520 [ 30.247272] [] ip6_local_out+0x9c/0x180 [ 30.253515] [] ip6_send_skb+0xa2/0x340 [ 30.259673] [] ip6_push_pending_frames+0xbb/0xe0 [ 30.266695] [] icmpv6_push_pending_frames+0x336/0x530 [ 30.274156] [] icmp6_send+0x1506/0x1b40 [ 30.280527] [] icmpv6_param_prob+0x29/0x40 [ 30.287114] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 30.293658] [] ip6_input_finish+0x57d/0x14f0 [ 30.300354] [] ip6_input+0xf8/0x1f0 [ 30.306273] [] ip6_rcv_finish+0x14d/0x670 [ 30.312704] [] ipv6_rcv+0xfc1/0x1a20 [ 30.319485] [] __netif_receive_skb_core+0x1300/0x2950 [ 30.327003] [] __netif_receive_skb+0x58/0x1c0 [ 30.333811] [] process_backlog+0x200/0x630 [ 30.340323] [] net_rx_action+0x367/0xd30 [ 30.346663] [] __do_softirq+0x226/0xa3f [ 30.353869] [] do_softirq_own_stack+0x1c/0x30 [ 30.360645] [] do_softirq.part.0+0x54/0x60 [ 30.367160] [] do_softirq+0x18/0x20 [ 30.373115] [] netif_rx_ni+0xeb/0x3b0 [ 30.379190] [] tun_get_user+0xdbf/0x2640 [ 30.385530] [] tun_chr_write_iter+0xda/0x190 [ 30.392216] [] do_iter_readv_writev+0x141/0x1e0 [ 30.399166] [] compat_do_readv_writev+0x389/0x6e0 [ 30.406276] [] compat_writev+0xe1/0x150 [ 30.412520] [] compat_SyS_writev+0xdb/0x1c0 [ 30.419124] [] do_fast_syscall_32+0x32d/0xa90 [ 30.425912] [] sysenter_flags_fixed+0xd/0x1a [ 30.432722] [ 30.432722] other info that might help us debug this: [ 30.432722] [ 30.440843] Possible unsafe locking scenario: [ 30.440843] [ 30.446970] CPU0 CPU1 [ 30.451639] ---- ---- [ 30.456338] lock(&(&q->lock)->rlock); [ 30.460547] lock(_xmit_NETROM); [ 30.466762] lock(&(&q->lock)->rlock); [ 30.473513] lock(_xmit_NETROM); [ 30.477189] [ 30.477189] *** DEADLOCK *** [ 30.477189] [ 30.483274] 9 locks held by syz-executor074/2071: [ 30.488090] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 30.497570] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 30.507033] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 30.516911] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 30.526093] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 30.535190] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 30.545238] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 30.554678] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 30.564724] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 30.574595] [ 30.574595] stack backtrace: [ 30.579081] CPU: 0 PID: 2071 Comm: syz-executor074 Not tainted 4.4.174+ #17 [ 30.586155] 0000000000000000 4c2a72e41aaae90c ffff8801db6064e0 ffffffff81aad1a1 [ 30.594164] ffffffff84057a80 ffff8801d4030000 ffffffff83ad36c0 ffffffff83ad3bd0 [ 30.602197] ffffffff83ad36c0 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 30.610225] Call Trace: [ 30.612782] [] dump_stack+0xc1/0x120 [ 30.618863] [] print_circular_bug.cold+0x2f7/0x44e [ 30.625419] [] __lock_acquire+0x37d6/0x4f50 [ 30.631365] [] ? check_usage+0x14e/0x5a0 [ 30.637051] [] ? trace_hardirqs_on+0x10/0x10 [ 30.643099] [] ? __lock_acquire+0x2c79/0x4f50 [ 30.649307] [] ? __dev_get_by_index+0x130/0x130 [ 30.655604] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 30.661810] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.669149] [] lock_acquire+0x15e/0x450 [ 30.674749] [] ? sch_direct_xmit+0x238/0x700 [ 30.680784] [] _raw_spin_lock+0x38/0x50 [ 30.686392] [] ? sch_direct_xmit+0x238/0x700 [ 30.692427] [] sch_direct_xmit+0x238/0x700 [ 30.698301] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 30.705816] [] __dev_queue_xmit+0xd24/0x1bb0 [ 30.711849] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 30.718058] [] ? trace_hardirqs_on+0x10/0x10 [ 30.724092] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 30.730052] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.736778] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.743514] [] ? memcpy+0x46/0x50 [ 30.748606] [] dev_queue_xmit+0x18/0x20 [ 30.754213] [] neigh_resolve_output+0x4a0/0x7a0 [ 30.760512] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 30.766897] [] ip6_finish_output2+0x9c7/0x1dc0 [ 30.773465] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 30.779855] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.786585] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.793314] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 30.799616] [] ? check_preemption_disabled+0x3c/0x200 [ 30.806446] [] ? check_preemption_disabled+0x3c/0x200 [ 30.813272] [] ? ip6_mtu+0x21f/0x340 [ 30.818613] [] ip6_finish_output+0x2f3/0x750 [ 30.824649] [] ip6_output+0x1b4/0x520 [ 30.830090] [] ? ip6_finish_output+0x750/0x750 [ 30.836315] [] ? nf_iterate+0x220/0x220 [ 30.841930] [] ? ip6_fragment+0x3210/0x3210 [ 30.847892] [] ndisc_send_skb+0x98d/0x1110 [ 30.853770] [] ? ndisc_send_skb+0x779/0x1110 [ 30.859820] [] ? ndisc_alloc_skb+0x330/0x330 [ 30.865878] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 30.872526] [] ? memcpy+0x46/0x50 [ 30.877607] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 30.884261] [] ndisc_send_ns+0x4bf/0x6b0 [ 30.889960] [] ? trace_hardirqs_on+0xd/0x10 [ 30.895907] [] ? ndisc_netdev_event+0x360/0x360 [ 30.902201] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 30.908941] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 30.915593] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 30.922496] [] ndisc_solicit+0x2b2/0x440 [ 30.928195] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 30.934066] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 30.939928] [] neigh_probe+0xc8/0x100 [ 30.945369] [] __neigh_event_send+0x2ab/0xc50 [ 30.951490] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 30.957783] [] ? _raw_write_unlock_bh+0x31/0x40 [ 30.964085] [] neigh_resolve_output+0x5ec/0x7a0 [ 30.970466] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 30.977731] [] ip6_finish_output2+0x9c7/0x1dc0 [ 30.983940] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 30.990335] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 30.997099] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 31.003394] [] ? check_preemption_disabled+0x3c/0x200 [ 31.010207] [] ? check_preemption_disabled+0x3c/0x200 [ 31.017023] [] ? ip6_mtu+0x21f/0x340 [ 31.022378] [] ip6_finish_output+0x2f3/0x750 [ 31.028412] [] ip6_output+0x1b4/0x520 [ 31.033851] [] ? ip6_finish_output+0x750/0x750 [ 31.040058] [] ? ip6_fragment+0x3210/0x3210 [ 31.046006] [] ip6_local_out+0x9c/0x180 [ 31.051616] [] ip6_send_skb+0xa2/0x340 [ 31.057128] [] ip6_push_pending_frames+0xbb/0xe0 [ 31.063509] [] icmpv6_push_pending_frames+0x336/0x530 [ 31.070326] [] icmp6_send+0x1506/0x1b40 [ 31.075943] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 31.084504] [] ? __lock_acquire+0x74f/0x4f50 [ 31.090551] [] ? perf_trace_softirq+0x28a/0x3b0 [ 31.096846] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 31.102793] [] icmpv6_param_prob+0x29/0x40 [ 31.108770] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 31.114635] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 31.121018] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.127748] [] ip6_input_finish+0x57d/0x14f0 [ 31.133783] [] ? ip6_rcv_finish+0x670/0x670 [ 31.139730] [] ip6_input+0xf8/0x1f0 [ 31.144994] [] ? ipv6_rcv+0x1a20/0x1a20 [ 31.150611] [] ? ip6_rcv_finish+0x670/0x670 [ 31.156565] [] ip6_rcv_finish+0x14d/0x670 [ 31.162351] [] ipv6_rcv+0xfc1/0x1a20 [ 31.167695] [] ? ipv6_rcv+0xfc/0x1a20 [ 31.173124] [] ? ip6_input_finish+0x14f0/0x14f0 [ 31.179417] [] ? ip6_make_skb+0x3f0/0x3f0 [ 31.185252] [] ? packet_rcv_fanout+0x173/0x5f0 [ 31.191472] [] ? ip6_input_finish+0x14f0/0x14f0 [ 31.197776] [] __netif_receive_skb_core+0x1300/0x2950 [ 31.204593] [] ? dev_loopback_xmit+0x430/0x430 [ 31.210805] [] ? __enqueue_entity+0x15e/0x2c0 [ 31.216930] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.223704] [] ? check_preemption_disabled+0x3c/0x200 [ 31.230535] [] __netif_receive_skb+0x58/0x1c0 [ 31.236699] [] process_backlog+0x200/0x630 [ 31.242994] [] ? process_backlog+0x19c/0x630 [ 31.249033] [] ? net_rx_action+0x1fb/0xd30 [ 31.254895] [] net_rx_action+0x367/0xd30 [ 31.260593] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 31.268613] [] __do_softirq+0x226/0xa3f [ 31.274255] [] do_softirq_own_stack+0x1c/0x30 [ 31.280382] [] do_softirq.part.0+0x54/0x60 [ 31.286991] [] do_softirq+0x18/0x20 [ 31.292246] [] netif_rx_ni+0xeb/0x3b0 [ 31.297678] [] tun_get_user+0xdbf/0x2640 [ 31.303383] [] ? tun_free_netdev+0xb0/0xb0 [ 31.309366] [] ? touch_atime+0x188/0x2a0 [ 31.315059] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 31.321794] [] ? __tun_get+0x126/0x230 [ 31.327311] [] tun_chr_write_iter+0xda/0x190 [ 31.333346] [] do_iter_readv_writev+0x141/0x1e0 [ 31.339646] [] ? tun_sendmsg+0x140/0x140 [ 31.345422] [] ? vfs_iter_read+0x280/0x280 [ 31.351282] [] ? rw_verify_area+0x103/0x2f0 [ 31.357230] [] ? tun_sendmsg+0x140/0x140 [ 31.362931] [] compat_do_readv_writev+0x389/0x6e0 [ 31.369398] [] ? vfs_writev+0xb0/0xb0 [ 31.374837] [] ? __fsnotify_inode_delete+0x30/0x30 [ 31.381407] [] ? rw_verify_area+0x103/0x2f0 [ 31.387358] [] ? do_sendfile+0x20e/0xba0 [ 31.393047] [] ? __compat_sys_pwritev64+0x170/0x170 [ 31.399949] [] ? do_sys_open+0x237/0x600 [ 31.405650] [] compat_writev+0xe1/0x150 [ 31.411255] [] compat_SyS_writev+0xdb/0x1c0 [ 31.417203] [] ? compat_SyS_preadv+0x50/0x50 [ 31.423238] [] ? __do_page_fault+0x2b3/0x7f0 [ 31.429535] [] ? do_fast_syscall_32+0xd6/0xa90 [ 31.435744] [] ? compat_SyS_preadv+0x50/0x50 [ 31.441792] [] do_fast_syscall_32+0x32d/0xa90 [ 31.447914] [] sysenter_flags_fixed+0xd/0x1a