[ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. syzkaller login: [ 26.793299] IPVS: ftp: loaded support on port[0] = 21 [ 26.863846] chnl_net:caif_netlink_parms(): no params data found [ 26.933467] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.940498] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.947417] device bridge_slave_0 entered promiscuous mode [ 26.955194] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.961636] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.968471] device bridge_slave_1 entered promiscuous mode [ 26.984416] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 26.993066] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.009979] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.017114] team0: Port device team_slave_0 added [ 27.022674] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.029877] team0: Port device team_slave_1 added [ 27.043964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.050557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.075761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.087043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.093640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.118957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.129516] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 27.136763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 27.154427] device hsr_slave_0 entered promiscuous mode [ 27.160090] device hsr_slave_1 entered promiscuous mode [ 27.165885] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 27.173022] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 27.231953] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.238379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.245315] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.251736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.277960] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 27.284248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.295051] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 27.303641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.322255] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.329944] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.339873] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 27.345953] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.354416] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.362348] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.368756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.387003] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.397269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.407720] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 27.414575] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.422487] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.428889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.436360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.444110] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.451704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.459439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.466906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 27.473745] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 27.486432] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 27.494360] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 27.501136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 27.512827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.561223] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 27.571660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.600587] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 27.607466] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 27.614899] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 27.624460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.631965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.639046] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.647168] device veth0_vlan entered promiscuous mode [ 27.655241] device veth1_vlan entered promiscuous mode [ 27.661341] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 27.669724] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 27.680325] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 27.689256] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 27.696361] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 27.703945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.712791] device veth0_macvtap entered promiscuous mode [ 27.719706] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 27.727612] device veth1_macvtap entered promiscuous mode [ 27.736999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 27.746154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 27.756561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.763913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.772378] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 27.781821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.788570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 27.848490] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 27.874396] [ 27.876030] ====================================================== [ 27.882321] WARNING: possible circular locking dependency detected [ 27.888614] 4.14.289-syzkaller #0 Not tainted [ 27.893081] ------------------------------------------------------ [ 27.899369] kworker/u4:0/5 is trying to acquire lock: [ 27.904542] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 27.912390] [ 27.912390] but task is already holding lock: [ 27.918332] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 27.926731] [ 27.926731] which lock already depends on the new lock. [ 27.926731] [ 27.935018] [ 27.935018] the existing dependency chain (in reverse order) is: [ 27.942611] [ 27.942611] -> #1 ((&strp->work)){+.+.}: [ 27.948127] flush_work+0xad/0x770 [ 27.952187] __cancel_work_timer+0x321/0x460 [ 27.957092] strp_done+0x53/0xd0 [ 27.960953] kcm_ioctl+0x828/0xfb0 [ 27.964986] sock_ioctl+0x2cc/0x4c0 [ 27.969196] do_vfs_ioctl+0x75a/0xff0 [ 27.973584] SyS_ioctl+0x7f/0xb0 [ 27.977443] do_syscall_64+0x1d5/0x640 [ 27.981825] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 27.987507] [ 27.987507] -> #0 (sk_lock-AF_INET){+.+.}: [ 27.993198] lock_acquire+0x170/0x3f0 [ 27.997494] lock_sock_nested+0xb7/0x100 [ 28.002046] strp_work+0x3e/0x100 [ 28.005996] process_one_work+0x793/0x14a0 [ 28.010796] worker_thread+0x5cc/0xff0 [ 28.015202] kthread+0x30d/0x420 [ 28.019079] ret_from_fork+0x24/0x30 [ 28.023297] [ 28.023297] other info that might help us debug this: [ 28.023297] [ 28.031421] Possible unsafe locking scenario: [ 28.031421] [ 28.037453] CPU0 CPU1 [ 28.042100] ---- ---- [ 28.046753] lock((&strp->work)); [ 28.050379] lock(sk_lock-AF_INET); [ 28.056596] lock((&strp->work)); [ 28.062626] lock(sk_lock-AF_INET); [ 28.066309] [ 28.066309] *** DEADLOCK *** [ 28.066309] [ 28.072351] 2 locks held by kworker/u4:0/5: [ 28.076642] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 28.085376] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.094196] [ 28.094196] stack backtrace: [ 28.098664] CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.289-syzkaller #0 [ 28.105995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 28.115327] Workqueue: kstrp strp_work [ 28.119184] Call Trace: [ 28.121748] dump_stack+0x1b2/0x281 [ 28.125350] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.131133] __lock_acquire+0x2e0e/0x3f20 [ 28.135273] ? trace_hardirqs_on+0x10/0x10 [ 28.139504] ? trace_hardirqs_on+0x10/0x10 [ 28.143719] ? lock_acquire+0x170/0x3f0 [ 28.147771] ? lock_sock_nested+0x98/0x100 [ 28.151998] lock_acquire+0x170/0x3f0 [ 28.155780] ? strp_work+0x3e/0x100 [ 28.159390] lock_sock_nested+0xb7/0x100 [ 28.163430] ? strp_work+0x3e/0x100 [ 28.167032] strp_work+0x3e/0x100 [ 28.170459] process_one_work+0x793/0x14a0 [ 28.174670] ? work_busy+0x320/0x320 [ 28.178356] ? worker_thread+0x158/0xff0 [ 28.182413] ? _raw_spin_unlock_irq+0x24/0x80 [ 28.186883] worker_thread+0x5cc/0xff0 [ 28.190748] ? rescuer_thread+0xc80/0xc80 [ 28.194869] kthread+0x30d/0x420 [ 28.198217] ? kthread_create_on_node+0xd0/0xd0 [ 28.202864] ret_from_fork+0x24/0x30