[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. syzkaller login: [ 29.829325] IPVS: ftp: loaded support on port[0] = 21 [ 29.894842] chnl_net:caif_netlink_parms(): no params data found [ 29.973097] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.979799] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.987896] device bridge_slave_0 entered promiscuous mode [ 29.995486] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.001878] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.009423] device bridge_slave_1 entered promiscuous mode [ 30.025748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.034459] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.052106] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.059404] team0: Port device team_slave_0 added [ 30.065408] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.072679] team0: Port device team_slave_1 added [ 30.087744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.094046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.119914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.131458] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.138182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.164342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.178372] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.186208] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.204243] device hsr_slave_0 entered promiscuous mode [ 30.210285] device hsr_slave_1 entered promiscuous mode [ 30.216852] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.225161] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.284088] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.290516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.297434] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.303842] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.331538] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.337697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.347258] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.355818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.365275] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.372249] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.381709] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.387995] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.396238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.404486] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.410986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.420381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.428685] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.435185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.454296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.461963] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.469725] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.477232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.485407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.494031] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.500048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.512139] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.520279] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.527035] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.537597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.584682] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.594254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.620127] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.627464] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.634783] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.643334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.650814] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.658235] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.667345] device veth0_vlan entered promiscuous mode [ 30.676125] device veth1_vlan entered promiscuous mode [ 30.682001] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.690540] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.700868] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.710059] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.717382] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.724699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.734730] device veth0_macvtap entered promiscuous mode [ 30.740749] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.749319] device veth1_macvtap entered promiscuous mode [ 30.758590] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.767741] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.780296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.788233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.797301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.806566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.814452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 30.883056] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.926130] [ 30.927792] ============================================ [ 30.933222] WARNING: possible recursive locking detected [ 30.938650] 4.14.294-syzkaller #0 Not tainted [ 30.943138] -------------------------------------------- [ 30.948782] syz-executor110/7978 is trying to acquire lock: [ 30.954475] (rtnl_mutex){+.+.}, at: [] hsr_dev_destroy+0x1b/0xb0 [ 30.962264] [ 30.962264] but task is already holding lock: [ 30.968214] (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 30.976349] [ 30.976349] other info that might help us debug this: [ 30.982997] Possible unsafe locking scenario: [ 30.982997] [ 30.989032] CPU0 [ 30.991592] ---- [ 30.994235] lock(rtnl_mutex); [ 30.997499] lock(rtnl_mutex); [ 31.000757] [ 31.000757] *** DEADLOCK *** [ 31.000757] [ 31.006788] May be due to missing lock nesting notation [ 31.006788] [ 31.013694] 1 lock held by syz-executor110/7978: [ 31.018421] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 31.026994] [ 31.026994] stack backtrace: [ 31.031469] CPU: 0 PID: 7978 Comm: syz-executor110 Not tainted 4.14.294-syzkaller #0 [ 31.039326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/16/2022 [ 31.048661] Call Trace: [ 31.051231] dump_stack+0x1b2/0x281 [ 31.054940] __lock_acquire.cold+0x180/0x97c [ 31.059342] ? put_dec+0xb0/0xb0 [ 31.062958] ? format_decode+0x1cb/0x890 [ 31.067001] ? trace_hardirqs_on+0x10/0x10 [ 31.071214] ? set_precision+0x150/0x150 [ 31.075252] ? vsnprintf+0x260/0x1340 [ 31.079032] lock_acquire+0x170/0x3f0 [ 31.082810] ? hsr_dev_destroy+0x1b/0xb0 [ 31.086848] ? hsr_dev_destroy+0x1b/0xb0 [ 31.090890] __mutex_lock+0xc4/0x1310 [ 31.094690] ? hsr_dev_destroy+0x1b/0xb0 [ 31.098729] ? full_name_hash+0x91/0xd0 [ 31.102758] ? hsr_dev_destroy+0x1b/0xb0 [ 31.106797] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 31.112225] ? dev_get_nest_level+0x160/0x160 [ 31.116696] ? memcpy+0x35/0x50 [ 31.119953] ? dev_get_valid_name+0x131/0x1c0 [ 31.124434] ? hsr_dev_close+0x10/0x10 [ 31.128329] hsr_dev_destroy+0x1b/0xb0 [ 31.132201] ? hsr_dev_close+0x10/0x10 [ 31.136069] register_netdevice+0x83c/0xe50 [ 31.140456] ? netdev_change_features+0xa0/0xa0 [ 31.145136] ? hsr_add_port+0x466/0x670 [ 31.149090] hsr_dev_finalize+0x57b/0x800 [ 31.153216] hsr_newlink+0x259/0x3a0 [ 31.156927] ? hsr_fill_info+0x4b0/0x4b0 [ 31.160967] rtnl_newlink+0xf7c/0x1830 [ 31.164838] ? __lock_acquire+0x5fc/0x3f20 [ 31.169083] ? hsr_fill_info+0x4b0/0x4b0 [ 31.173135] ? kasan_slab_free+0xc3/0x1a0 [ 31.177275] ? rtnl_dellink+0x6a0/0x6a0 [ 31.181231] ? trace_hardirqs_on+0x10/0x10 [ 31.185480] ? __dev_queue_xmit+0x1d7f/0x2480 [ 31.189958] ? netlink_deliver_tap+0x61b/0x860 [ 31.194525] ? netlink_unicast+0x485/0x610 [ 31.198738] ? sock_sendmsg+0xb5/0x100 [ 31.202696] ? ___sys_sendmsg+0x6c8/0x800 [ 31.206823] ? __sys_sendmsg+0xa3/0x120 [ 31.210783] ? lock_acquire+0x170/0x3f0 [ 31.214820] ? lock_downgrade+0x740/0x740 [ 31.218948] ? rtnl_dellink+0x6a0/0x6a0 [ 31.222912] rtnetlink_rcv_msg+0x3be/0xb10 [ 31.227130] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 31.231605] ? __netlink_lookup+0x345/0x5d0 [ 31.235928] ? netdev_pick_tx+0x2e0/0x2e0 [ 31.240075] netlink_rcv_skb+0x125/0x390 [ 31.244117] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 31.248591] ? netlink_ack+0x9a0/0x9a0 [ 31.252466] netlink_unicast+0x437/0x610 [ 31.256518] ? netlink_sendskb+0xd0/0xd0 [ 31.260572] ? __check_object_size+0x179/0x230 [ 31.265143] netlink_sendmsg+0x648/0xbc0 [ 31.269191] ? nlmsg_notify+0x1b0/0x1b0 [ 31.273146] ? kernel_recvmsg+0x210/0x210 [ 31.277369] ? security_socket_sendmsg+0x83/0xb0 [ 31.282104] ? nlmsg_notify+0x1b0/0x1b0 [ 31.286057] sock_sendmsg+0xb5/0x100 [ 31.289751] ___sys_sendmsg+0x6c8/0x800 [ 31.293915] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 31.298662] ? dev_ioctl+0xe7/0xbe0 [ 31.302264] ? dev_ifsioc+0x7d0/0x7d0 [ 31.306047] ? __might_fault+0x104/0x1b0 [ 31.310177] ? lock_acquire+0x170/0x3f0 [ 31.314134] ? lock_downgrade+0x740/0x740 [ 31.318348] ? sock_ioctl+0x16c/0x4c0 [ 31.322123] ? sock_release+0x1e0/0x1e0 [ 31.326073] ? __fdget+0x167/0x1f0 [ 31.329617] ? sockfd_lookup_light+0xb2/0x160 [ 31.334095] __sys_sendmsg+0xa3/0x120 [ 31.337964] ? SyS_shutdown+0x160/0x160 [ 31.341922] ? security_file_ioctl+0x83/0xb0 [ 31.346309] SyS_sendmsg+0x27/0x40 [ 31.349913] ? __sys_sendmsg+0x120/0x120 [ 31.354036] do_syscall_64+0x1d5/0x640 [ 31.357902] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.363071] RIP: 0033:0x7fee6c3f99a9 [ 31.366757] RSP: 002b:00007ffee5330978 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 31.374440] RAX: ffffffffffffffda RBX: 00007ffee5330988 RCX: 00007fee6c3f99a9 [ 31.381861] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 31.389109] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 31.396358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee5330990 [ 31.403604] R13: 00007ffee53309b0 R14: 0000000000000000 R15: 0000000000000000