Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. syzkaller login: [ 27.551192] IPVS: ftp: loaded support on port[0] = 21 [ 27.622070] chnl_net:caif_netlink_parms(): no params data found [ 27.716946] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.723480] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.730904] device bridge_slave_0 entered promiscuous mode [ 27.738218] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.744581] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.751806] device bridge_slave_1 entered promiscuous mode [ 27.768327] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.777242] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.794335] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.801866] team0: Port device team_slave_0 added [ 27.807426] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.814551] team0: Port device team_slave_1 added [ 27.829022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.835252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.860535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.871733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.878117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.903525] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.914066] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 27.921675] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 27.939588] device hsr_slave_0 entered promiscuous mode [ 27.945396] device hsr_slave_1 entered promiscuous mode [ 27.951542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 27.958631] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.017400] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.023776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.030622] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.037027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.064626] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.072244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.080748] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.089607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.098104] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.104989] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.115065] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.121347] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.129428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.137341] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.143680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.162403] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.172229] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.183667] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.191992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.200012] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.206466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.213905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.221952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.229713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.237445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.244889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.251744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.263720] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.271527] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.278758] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.290428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.338468] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.348628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.378753] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.385641] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.393767] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.402741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.410688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.417868] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.426524] device veth0_vlan entered promiscuous mode [ 28.434573] device veth1_vlan entered promiscuous mode [ 28.440636] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.449273] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 28.460711] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 28.469483] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 28.476895] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 28.484005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.492990] device veth0_macvtap entered promiscuous mode [ 28.499497] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 28.507984] device veth1_macvtap entered promiscuous mode [ 28.516968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 28.525577] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 28.535023] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.542498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.550586] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.560188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.567485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 28.606918] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.654202] [ 28.655836] ====================================================== [ 28.662132] WARNING: possible circular locking dependency detected [ 28.668543] 4.14.283-syzkaller #0 Not tainted [ 28.673018] ------------------------------------------------------ [ 28.679310] kworker/u4:4/2857 is trying to acquire lock: [ 28.684730] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 28.692509] [ 28.692509] but task is already holding lock: [ 28.698459] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.706948] [ 28.706948] which lock already depends on the new lock. [ 28.706948] [ 28.715235] [ 28.715235] the existing dependency chain (in reverse order) is: [ 28.722826] [ 28.722826] -> #1 ((&strp->work)){+.+.}: [ 28.728347] flush_work+0xad/0x770 [ 28.732381] __cancel_work_timer+0x321/0x460 [ 28.737285] strp_done+0x53/0xd0 [ 28.741148] kcm_ioctl+0x828/0xfb0 [ 28.745180] sock_ioctl+0x2cc/0x4c0 [ 28.749313] do_vfs_ioctl+0x75a/0xff0 [ 28.753621] SyS_ioctl+0x7f/0xb0 [ 28.757490] do_syscall_64+0x1d5/0x640 [ 28.761876] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.767560] [ 28.767560] -> #0 (sk_lock-AF_INET){+.+.}: [ 28.773264] lock_acquire+0x170/0x3f0 [ 28.777574] lock_sock_nested+0xb7/0x100 [ 28.782132] strp_work+0x3e/0x100 [ 28.786092] process_one_work+0x793/0x14a0 [ 28.790829] worker_thread+0x5cc/0xff0 [ 28.795218] kthread+0x30d/0x420 [ 28.799145] ret_from_fork+0x24/0x30 [ 28.803351] [ 28.803351] other info that might help us debug this: [ 28.803351] [ 28.811485] Possible unsafe locking scenario: [ 28.811485] [ 28.817516] CPU0 CPU1 [ 28.822174] ---- ---- [ 28.826827] lock((&strp->work)); [ 28.830355] lock(sk_lock-AF_INET); [ 28.836557] lock((&strp->work)); [ 28.842586] lock(sk_lock-AF_INET); [ 28.846274] [ 28.846274] *** DEADLOCK *** [ 28.846274] [ 28.852306] 2 locks held by kworker/u4:4/2857: [ 28.856859] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 28.865598] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.874422] [ 28.874422] stack backtrace: [ 28.878900] CPU: 0 PID: 2857 Comm: kworker/u4:4 Not tainted 4.14.283-syzkaller #0 [ 28.886508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.895841] Workqueue: kstrp strp_work [ 28.899715] Call Trace: [ 28.902278] dump_stack+0x1b2/0x281 [ 28.905908] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.911766] __lock_acquire+0x2e0e/0x3f20 [ 28.916023] ? __schedule+0x893/0x1de0 [ 28.919895] ? trace_hardirqs_on+0x10/0x10 [ 28.924116] ? lock_acquire+0x170/0x3f0 [ 28.928073] ? lock_sock_nested+0x98/0x100 [ 28.932281] lock_acquire+0x170/0x3f0 [ 28.936074] ? strp_work+0x3e/0x100 [ 28.939678] lock_sock_nested+0xb7/0x100 [ 28.943712] ? strp_work+0x3e/0x100 [ 28.947311] strp_work+0x3e/0x100 [ 28.950738] process_one_work+0x793/0x14a0 [ 28.954947] ? work_busy+0x320/0x320 [ 28.958635] ? worker_thread+0x158/0xff0 [ 28.962694] ? _raw_spin_unlock_irq+0x24/0x80 [ 28.967182] worker_thread+0x5cc/0xff0 [ 28.971059] ? rescuer_thread+0xc80/0xc80 [ 28.975197] kthread+0x30d/0x420 [ 28.978626] ? kthread_create_on_node+0xd0/0xd0 [ 28.983271] ret_from_fork+0x24/0x30 [