[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. syzkaller login: [ 28.298701] IPVS: ftp: loaded support on port[0] = 21 [ 28.369502] chnl_net:caif_netlink_parms(): no params data found [ 28.474177] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.480749] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.488753] device bridge_slave_0 entered promiscuous mode [ 28.496037] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.502506] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.509316] device bridge_slave_1 entered promiscuous mode [ 28.524877] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.533588] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.550277] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.557433] team0: Port device team_slave_0 added [ 28.562986] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.569994] team0: Port device team_slave_1 added [ 28.584080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.590407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.616280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.627480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.633795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.659016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.669696] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.677188] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.695448] device hsr_slave_0 entered promiscuous mode [ 28.701006] device hsr_slave_1 entered promiscuous mode [ 28.707170] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.714511] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.777159] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.783569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.790257] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.796786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.823712] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.829767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.838419] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.846890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.864780] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.882413] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.892489] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.898549] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.906701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.914406] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.920748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.938779] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.948793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.960434] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.968422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.976310] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.982690] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.990114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.997901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.005544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.013125] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.020733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.027535] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.042887] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.051052] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.057698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.069417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.116122] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.125161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.153917] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.160781] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.168407] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.177435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.184898] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.192151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.200271] device veth0_vlan entered promiscuous mode [ 29.208574] device veth1_vlan entered promiscuous mode [ 29.214682] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.223408] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.233873] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.243438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.250507] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.258119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.266891] device veth0_macvtap entered promiscuous mode [ 29.273219] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.280985] device veth1_macvtap entered promiscuous mode [ 29.288730] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.297414] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.306986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.314005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.322179] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.331716] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.338403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.361736] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready executing program [ 29.420516] [ 29.422152] ====================================================== [ 29.428446] WARNING: possible circular locking dependency detected [ 29.434734] 4.14.285-syzkaller #0 Not tainted [ 29.439198] ------------------------------------------------------ [ 29.445485] kworker/u4:0/5 is trying to acquire lock: [ 29.450643] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 29.458448] [ 29.458448] but task is already holding lock: [ 29.464390] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.472770] [ 29.472770] which lock already depends on the new lock. [ 29.472770] [ 29.481055] [ 29.481055] the existing dependency chain (in reverse order) is: [ 29.488643] [ 29.488643] -> #1 ((&strp->work)){+.+.}: [ 29.494161] flush_work+0xad/0x770 [ 29.498192] __cancel_work_timer+0x321/0x460 [ 29.503094] strp_done+0x53/0xd0 [ 29.506955] kcm_ioctl+0x828/0xfb0 [ 29.510989] sock_ioctl+0x2cc/0x4c0 [ 29.515108] do_vfs_ioctl+0x75a/0xff0 [ 29.519400] SyS_ioctl+0x7f/0xb0 [ 29.523257] do_syscall_64+0x1d5/0x640 [ 29.527636] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.533320] [ 29.533320] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.539022] lock_acquire+0x170/0x3f0 [ 29.543319] lock_sock_nested+0xb7/0x100 [ 29.547870] strp_work+0x3e/0x100 [ 29.551815] process_one_work+0x793/0x14a0 [ 29.556540] worker_thread+0x5cc/0xff0 [ 29.560920] kthread+0x30d/0x420 [ 29.564779] ret_from_fork+0x24/0x30 [ 29.568985] [ 29.568985] other info that might help us debug this: [ 29.568985] [ 29.577111] Possible unsafe locking scenario: [ 29.577111] [ 29.583139] CPU0 CPU1 [ 29.587776] ---- ---- [ 29.592414] lock((&strp->work)); [ 29.595924] lock(sk_lock-AF_INET); [ 29.602125] lock((&strp->work)); [ 29.608154] lock(sk_lock-AF_INET); [ 29.611838] [ 29.611838] *** DEADLOCK *** [ 29.611838] [ 29.617870] 2 locks held by kworker/u4:0/5: [ 29.622160] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 29.630805] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.639643] [ 29.639643] stack backtrace: [ 29.644112] CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.285-syzkaller #0 [ 29.651453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 29.660898] Workqueue: kstrp strp_work [ 29.664758] Call Trace: [ 29.667326] dump_stack+0x1b2/0x281 [ 29.670930] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.676714] __lock_acquire+0x2e0e/0x3f20 [ 29.680844] ? __schedule+0x893/0x1de0 [ 29.684719] ? trace_hardirqs_on+0x10/0x10 [ 29.688928] ? lock_acquire+0x170/0x3f0 [ 29.692891] ? lock_sock_nested+0x98/0x100 [ 29.697104] lock_acquire+0x170/0x3f0 [ 29.701320] ? strp_work+0x3e/0x100 [ 29.704926] lock_sock_nested+0xb7/0x100 [ 29.708965] ? strp_work+0x3e/0x100 [ 29.712579] strp_work+0x3e/0x100 [ 29.716010] process_one_work+0x793/0x14a0 [ 29.720237] ?