Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.67' (ECDSA) to the list of known hosts. syzkaller login: [ 27.756320] IPVS: ftp: loaded support on port[0] = 21 [ 27.821927] chnl_net:caif_netlink_parms(): no params data found [ 27.901894] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.908452] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.916271] device bridge_slave_0 entered promiscuous mode [ 27.923182] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.929530] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.936918] device bridge_slave_1 entered promiscuous mode [ 27.952921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 27.961613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 27.979083] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 27.986285] team0: Port device team_slave_0 added [ 27.991912] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 27.998939] team0: Port device team_slave_1 added [ 28.013681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.019970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.045220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.056388] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.062710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.087930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.098609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.106620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.124488] device hsr_slave_0 entered promiscuous mode [ 28.130295] device hsr_slave_1 entered promiscuous mode [ 28.136198] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.143328] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.202209] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.208617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.215764] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.222173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.249091] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.255333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.264626] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.273445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.292514] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.299632] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.308568] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.315215] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.323676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.331487] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.337960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.357354] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.367437] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.379077] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.386505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.394437] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.400823] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.407965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.415861] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.423462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.431194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.438634] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.445487] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.457597] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.465014] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.472249] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.481919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.530153] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.540049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.565852] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.573439] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.580769] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.588863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.597418] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.604703] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.614683] device veth0_vlan entered promiscuous mode [ 28.623767] device veth1_vlan entered promiscuous mode [ 28.629713] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.637716] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 28.648071] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 28.657848] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 28.665140] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 28.672397] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.682123] device veth0_macvtap entered promiscuous mode [ 28.688065] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 28.696373] device veth1_macvtap entered promiscuous mode [ 28.705178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 28.713993] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 28.724338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.731481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.740388] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.749787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.759359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 28.819357] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.841323] [ 28.843005] ====================================================== [ 28.849297] WARNING: possible circular locking dependency detected [ 28.855594] 4.14.284-syzkaller #0 Not tainted [ 28.860069] ------------------------------------------------------ [ 28.866358] kworker/u4:1/22 is trying to acquire lock: [ 28.871618] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 28.879416] [ 28.879416] but task is already holding lock: [ 28.885466] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.893865] [ 28.893865] which lock already depends on the new lock. [ 28.893865] [ 28.902191] [ 28.902191] the existing dependency chain (in reverse order) is: [ 28.909873] [ 28.909873] -> #1 ((&strp->work)){+.+.}: [ 28.915398] flush_work+0xad/0x770 [ 28.919433] __cancel_work_timer+0x321/0x460 [ 28.924428] strp_done+0x53/0xd0 [ 28.928288] kcm_ioctl+0x828/0xfb0 [ 28.932329] sock_ioctl+0x2cc/0x4c0 [ 28.936449] do_vfs_ioctl+0x75a/0xff0 [ 28.940741] SyS_ioctl+0x7f/0xb0 [ 28.944610] do_syscall_64+0x1d5/0x640 [ 28.948998] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 28.954696] [ 28.954696] -> #0 (sk_lock-AF_INET){+.+.}: [ 28.960474] lock_acquire+0x170/0x3f0 [ 28.964950] lock_sock_nested+0xb7/0x100 [ 28.969507] strp_work+0x3e/0x100 [ 28.973457] process_one_work+0x793/0x14a0 [ 28.978183] worker_thread+0x5cc/0xff0 [ 28.982573] kthread+0x30d/0x420 [ 28.986431] ret_from_fork+0x24/0x30 [ 28.990632] [ 28.990632] other info that might help us debug this: [ 28.990632] [ 28.998740] Possible unsafe locking scenario: [ 28.998740] [ 29.004767] CPU0 CPU1 [ 29.009408] ---- ---- [ 29.014057] lock((&strp->work)); [ 29.017581] lock(sk_lock-AF_INET); [ 29.023804] lock((&strp->work)); [ 29.029834] lock(sk_lock-AF_INET); [ 29.033517] [ 29.033517] *** DEADLOCK *** [ 29.033517] [ 29.039547] 2 locks held by kworker/u4:1/22: [ 29.044010] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 29.052653] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.061477] [ 29.061477] stack backtrace: [ 29.065948] CPU: 1 PID: 22 Comm: kworker/u4:1 Not tainted 4.14.284-syzkaller #0 [ 29.073380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.082723] Workqueue: kstrp strp_work [ 29.086582] Call Trace: [ 29.089164] dump_stack+0x1b2/0x281 [ 29.092776] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.098547] __lock_acquire+0x2e0e/0x3f20 [ 29.102666] ? trace_hardirqs_on+0x10/0x10 [ 29.106871] ? trace_hardirqs_on+0x10/0x10 [ 29.111078] ? lock_acquire+0x170/0x3f0 [ 29.115038] ? check_preemption_disabled+0x35/0x240 [ 29.120113] ? lock_sock_nested+0x98/0x100 [ 29.124322] lock_acquire+0x170/0x3f0 [ 29.128094] ? strp_work+0x3e/0x100 [ 29.131703] lock_sock_nested+0xb7/0x100 [ 29.135764] ? strp_work+0x3e/0x100 [ 29.139391] strp_work+0x3e/0x100 [ 29.142826] process_one_work+0x793/0x14a0 [ 29.147138] ? work_busy+0x320/0x320 [ 29.150851] ? worker_thread+0x158/0xff0 [ 29.154934] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.159409] worker_thread+0x5cc/0xff0 [ 29.163269] ? rescuer_thread+0xc80/0xc80 [ 29.167405] kthread+0x30d/0x420 [