[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. syzkaller login: [ 28.533604] IPVS: ftp: loaded support on port[0] = 21 [ 28.598533] chnl_net:caif_netlink_parms(): no params data found [ 28.676009] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.682630] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.689573] device bridge_slave_0 entered promiscuous mode [ 28.696987] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.703939] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.710838] device bridge_slave_1 entered promiscuous mode [ 28.727861] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.736461] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.754685] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.762113] team0: Port device team_slave_0 added [ 28.767428] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.775442] team0: Port device team_slave_1 added [ 28.789829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.796239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.822026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.833607] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.839839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.865733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.876553] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.884229] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.902344] device hsr_slave_0 entered promiscuous mode [ 28.907901] device hsr_slave_1 entered promiscuous mode [ 28.914835] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.922101] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.984852] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.991280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.997966] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.004341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.033011] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.039071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.048482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.057411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.075806] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.082982] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.092884] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 29.099048] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.107935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.115901] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.122488] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.131420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.139017] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.145414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.162566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.170082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.178309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.186717] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.195683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.205032] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.211731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.224277] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.233168] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.239799] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.249574] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.297210] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.306411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.335499] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.343175] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.349555] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.358593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.366524] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.373690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.382183] device veth0_vlan entered promiscuous mode [ 29.389849] device veth1_vlan entered promiscuous mode [ 29.396005] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.404506] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.415513] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.424500] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.432468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.439535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.448487] device veth0_macvtap entered promiscuous mode [ 29.455061] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.463642] device veth1_macvtap entered promiscuous mode [ 29.471838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.480444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.491254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.499543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.507108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.515412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.523477] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready executing program [ 29.580746] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.606826] FAULT_INJECTION: forcing a failure. [ 29.606826] name failslab, interval 1, probability 0, space 0, times 1 [ 29.618778] CPU: 0 PID: 7967 Comm: syz-executor130 Not tainted 4.14.281-syzkaller #0 [ 29.626733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.636177] Call Trace: [ 29.638743] dump_stack+0x1b2/0x281 [ 29.642349] should_fail.cold+0x10a/0x149 [ 29.646475] should_failslab+0xd6/0x130 [ 29.650427] __kmalloc_track_caller+0x2bc/0x400 [ 29.655071] ? kstrdup_const+0x35/0x60 [ 29.658933] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 29.664011] kstrdup+0x36/0x70 [ 29.667177] kstrdup_const+0x35/0x60 [ 29.671221] kvasprintf_const+0xf1/0x180 [ 29.675281] kobject_set_name_vargs+0x56/0x150 [ 29.679850] dev_set_name+0xa4/0xc0 [ 29.683455] ? device_initialize+0x430/0x430 [ 29.687842] ? __lockdep_init_map+0x100/0x560 [ 29.692321] netdev_register_kobject+0xbd/0x410 [ 29.696974] register_netdevice+0x955/0xe50 [ 29.701462] ? netdev_change_features+0xa0/0xa0 [ 29.706105] ? hsr_add_port+0x466/0x670 [ 29.710068] hsr_dev_finalize+0x57b/0x800 [ 29.714192] hsr_newlink+0x259/0x3a0 [ 29.717880] ? hsr_fill_info+0x4b0/0x4b0 [ 29.721917] rtnl_newlink+0xf7c/0x1830 [ 29.725794] ? __lock_acquire+0x5fc/0x3f20 [ 29.730005] ? hsr_fill_info+0x4b0/0x4b0 [ 29.734040] ? kasan_slab_free+0xc3/0x1a0 [ 29.738164] ? rtnl_dellink+0x6a0/0x6a0 [ 29.742113] ? trace_hardirqs_on+0x10/0x10 [ 29.746346] ? __dev_queue_xmit+0x1d7f/0x2480 [ 29.750814] ? netlink_deliver_tap+0x61b/0x860 [ 29.755372] ? netlink_unicast+0x485/0x610 [ 29.759599] ? sock_sendmsg+0xb5/0x100 [ 29.763460] ? ___sys_sendmsg+0x6c8/0x800 [ 29.767583] ? __sys_sendmsg+0xa3/0x120 [ 29.771553] ? lock_acquire+0x170/0x3f0 [ 29.775511] ? lock_downgrade+0x740/0x740 [ 29.779633] ? rtnl_dellink+0x6a0/0x6a0 [ 29.783590] rtnetlink_rcv_msg+0x3be/0xb10 [ 29.787803] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.792272] ? __netlink_lookup+0x345/0x5d0 [ 29.796572] ? netdev_pick_tx+0x2e0/0x2e0 [ 29.800697] netlink_rcv_skb+0x125/0x390 [ 29.804738] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 29.809221] ? netlink_ack+0x9a0/0x9a0 [ 29.813086] netlink_unicast+0x437/0x610 [ 29.817122] ? netlink_sendskb+0xd0/0xd0 [ 29.821159] ? __check_object_size+0x179/0x230 [ 29.825718] netlink_sendmsg+0x648/0xbc0 [ 29.829766] ? nlmsg_notify+0x1b0/0x1b0 [ 29.833715] ? kernel_recvmsg+0x210/0x210 [ 29.837839] ? security_socket_sendmsg+0x83/0xb0 [ 29.842657] ? nlmsg_notify+0x1b0/0x1b0 [ 29.846606] sock_sendmsg+0xb5/0x100 [ 29.850297] ___sys_sendmsg+0x6c8/0x800 [ 29.854249] ? get_pid_task+0x91/0x130 [ 29.858109] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 29.862844] ? lock_downgrade+0x740/0x740 [ 29.866973] ? proc_fail_nth_write+0x7b/0x180 [ 29.871600] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.876568] ? fsnotify+0x974/0x11b0 [ 29.880256] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.885157] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.890149] ? vfs_write+0x35d/0x4d0 [ 29.893836] ? __fdget+0x167/0x1f0 [ 29.897350] ? sockfd_lookup_light+0xb2/0x160 [ 29.901821] __sys_sendmsg+0xa3/0x120 [ 29.905597] ? SyS_shutdown+0x160/0x160 [ 29.909549] ? SyS_read+0x210/0x210 [ 29.913151] SyS_sendmsg+0x27/0x40 [ 29.916667] ? __sys_sendmsg+0x120/0x120 [ 29.920989] do_syscall_64+0x1d5/0x640 [ 29.925027] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.930303] RIP: 0033:0x7f8ebef785f9 [ 29.933997] RSP: 002b:00007ffdcd194ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 29.941698] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8ebef785f9 [ 29.948943] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 29.956295] RBP: 00007ffdcd194b00 R08: 0000000000000002 R09: 0000000000000000 [ 29.963627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 29.970875] R13: 00007ffdcd194b20 R14: 0000000000000003 R15: 0000000000000000 [ 29.982444] [ 29.984075] ============================================ [ 29.989781] WARNING: possible recursive locking detected [ 29.995221] 4.14.281-syzkaller #0 Not tainted [ 29.999870] -------------------------------------------- [ 30.005309] syz-executor130/7967 is trying to acquire lock: [ 30.011014] (rtnl_mutex){+.+.}, at: [] hsr_dev_destroy+0x1b/0xb0 [ 30.018791] [ 30.018791] but task is already holding lock: [ 30.024739] (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 30.033057] [ 30.033057] other info that might help us debug this: [ 30.039782] Possible unsafe locking scenario: [ 30.039782] [ 30.045808] CPU0 [ 30.048364] ---- [ 30.050921] lock(rtnl_mutex); [ 30.054184] lock(rtnl_mutex); [ 30.057456] [ 30.057456] *** DEADLOCK *** [ 30.057456] [ 30.063492] May be due to missing lock nesting notation [ 30.063492] [ 30.070744] 1 lock held by syz-executor130/7967: [ 30.075484] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x31d/0xb10 [ 30.084064] [ 30.084064] stack backtrace: [ 30.088633] CPU: 0 PID: 7967 Comm: syz-executor130 Not tainted 4.14.281-syzkaller #0 [ 30.096592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.105918] Call Trace: [ 30.108498] dump_stack+0x1b2/0x281 [ 30.112116] __lock_acquire.cold+0x180/0x97c [ 30.116521] ? kasan_slab_free+0xc3/0x1a0 [ 30.120643] ? kfree+0xc9/0x250 [ 30.123893] ? device_add+0x68b/0x15c0 [ 30.127753] ? netdev_register_kobject+0x181/0x410 [ 30.132662] ? register_netdevice+0x955/0xe50 [ 30.137245] ? trace_hardirqs_on+0x10/0x10 [ 30.141498] ? rtnetlink_rcv_msg+0x3be/0xb10 [ 30.145881] ? netlink_rcv_skb+0x125/0x390 [ 30.150097] ? netlink_unicast+0x437/0x610 [ 30.154397] ? netlink_sendmsg+0x648/0xbc0 [ 30.158606] ? sock_sendmsg+0xb5/0x100 [ 30.162471] ? ___sys_sendmsg+0x6c8/0x800 [ 30.166793] ? __sys_sendmsg+0xa3/0x120 [ 30.170742] ? SyS_sendmsg+0x27/0x40 [ 30.174432] ? do_syscall_64+0x1d5/0x640 [ 30.178484] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.183822] ? lock_acquire+0x170/0x3f0 [ 30.187774] ? lock_downgrade+0x740/0x740 [ 30.191898] lock_acquire+0x170/0x3f0 [ 30.195679] ? hsr_dev_destroy+0x1b/0xb0 [ 30.199716] ? hsr_dev_destroy+0x1b/0xb0 [ 30.203752] __mutex_lock+0xc4/0x1310 [ 30.207541] ? hsr_dev_destroy+0x1b/0xb0 [ 30.211582] ? mark_held_locks+0xa6/0xf0 [ 30.215619] ? kfree+0x14a/0x250 [ 30.219133] ? device_add+0x68b/0x15c0 [ 30.222997] ? hsr_dev_destroy+0x1b/0xb0 [ 30.227029] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 30.232106] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 30.237536] ? device_add+0x631/0x15c0 [ 30.241393] ? device_is_dependent+0x2a0/0x2a0 [ 30.245951] ? hsr_dev_close+0x10/0x10 [ 30.249814] hsr_dev_destroy+0x1b/0xb0 [ 30.253678] ? hsr_dev_close+0x10/0x10 [ 30.257536] register_netdevice+0x83c/0xe50 [ 30.261832] ? netdev_change_features+0xa0/0xa0 [ 30.266489] ? hsr_add_port+0x466/0x670 [ 30.270529] hsr_dev_finalize+0x57b/0x800 [ 30.274660] hsr_newlink+0x259/0x3a0 [ 30.278343] ? hsr_fill_info+0x4b0/0x4b0 [ 30.282380] rtnl_newlink+0xf7c/0x1830 [ 30.286245] ? __lock_acquire+0x5fc/0x3f20 [ 30.290459] ? hsr_fill_info+0x4b0/0x4b0 [ 30.294506] ? kasan_slab_free+0xc3/0x1a0 [ 30.298624] ? rtnl_dellink+0x6a0/0x6a0 [ 30.302572] ? trace_hardirqs_on+0x10/0x10 [ 30.306779] ? __dev_queue_xmit+0x1d7f/0x2480 [ 30.311245] ? netlink_deliver_tap+0x61b/0x860 [ 30.315799] ? netlink_unicast+0x485/0x610 [ 30.320007] ? sock_sendmsg+0xb5/0x100 [ 30.323863] ? ___sys_sendmsg+0x6c8/0x800 [ 30.327982] ? __sys_sendmsg+0xa3/0x120 [ 30.331934] ? lock_acquire+0x170/0x3f0 [ 30.335887] ? lock_downgrade+0x740/0x740 [ 30.340010] ? rtnl_dellink+0x6a0/0x6a0 [ 30.343957] rtnetlink_rcv_msg+0x3be/0xb10 [ 30.348178] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 30.352650] ? __netlink_lookup+0x345/0x5d0 [ 30.356950] ? netdev_pick_tx+0x2e0/0x2e0 [ 30.361182] netlink_rcv_skb+0x125/0x390 [ 30.365221] ? rtnl_calcit.isra.0+0x3a0/0x3a0 [ 30.369692] ? netlink_ack+0x9a0/0x9a0 [ 30.373568] netlink_unicast+0x437/0x610 [ 30.377602] ? netlink_sendskb+0xd0/0xd0 [ 30.381648] ? __check_object_size+0x179/0x230 [ 30.386202] netlink_sendmsg+0x648/0xbc0 [ 30.390249] ? nlmsg_notify+0x1b0/0x1b0 [ 30.394202] ? kernel_recvmsg+0x210/0x210 [ 30.398331] ? security_socket_sendmsg+0x83/0xb0 [ 30.403058] ? nlmsg_notify+0x1b0/0x1b0 [ 30.407024] sock_sendmsg+0xb5/0x100 [ 30.410712] ___sys_sendmsg+0x6c8/0x800 [ 30.414660] ? get_pid_task+0x91/0x130 [ 30.418524] ? copy_msghdr_from_user+0x3b0/0x3b0 [ 30.423255] ? lock_downgrade+0x740/0x740 [ 30.427381] ? proc_fail_nth_write+0x7b/0x180 [ 30.431851] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 30.436752] ? fsnotify+0x974/0x11b0 [ 30.440483] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 30.445385] ? debug_check_no_obj_freed+0x2c0/0x680 [ 30.450377] ? vfs_write+0x35d/0x4d0 [ 30.454184] ? __fdget+0x167/0x1f0 [ 30.457693] ? sockfd_lookup_light+0xb2/0x160 [ 30.462157] __sys_sendmsg+0xa3/0x120 [ 30.465930] ? SyS_shutdown+0x160/0x160 [ 30.469886] ? SyS_read+0x210/0x210 [ 30.473488] SyS_sendmsg+0x27/0x40 [ 30.477000] ? __sys_sendmsg+0x120/0x120 [ 30.481032] do_syscall_64+0x1d5/0x640 [ 30.484906] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.490069] RIP: 0033:0x7f8ebef785f9 [ 30.493759] RSP: 002b:00007ffdcd194ae8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 30.501437] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8ebef785f9 [ 30.508682] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 30.515922] RBP: 00007ffdcd194b00 R08: 0000000000000002 R09: 0000000000000000 [ 30.523164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 30.530449] R13: 00007ffdcd194b20 R14: 0000000000000003 R15: 0000000000000000