[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. syzkaller login: [ 28.426836] IPVS: ftp: loaded support on port[0] = 21 [ 28.500326] chnl_net:caif_netlink_parms(): no params data found [ 28.572334] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.579300] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.586327] device bridge_slave_0 entered promiscuous mode [ 28.593976] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.600688] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.607841] device bridge_slave_1 entered promiscuous mode [ 28.623886] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.632513] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.650033] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.657484] team0: Port device team_slave_0 added [ 28.663391] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.670620] team0: Port device team_slave_1 added [ 28.686005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.692321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.717612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.729044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.735305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.760769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.771340] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.778846] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.796671] device hsr_slave_0 entered promiscuous mode [ 28.802297] device hsr_slave_1 entered promiscuous mode [ 28.808508] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.815444] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.873508] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.879916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.886623] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.893008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.920814] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.926875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.936345] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.945398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.964380] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.971721] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.981763] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.988138] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.996680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.004429] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.010965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.020745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.028987] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.035314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.053013] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.062928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.074324] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 29.081540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 29.089530] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 29.097039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.104513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.112168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 29.119000] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 29.131192] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 29.141535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.148234] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 29.154989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 29.201359] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 29.211836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.240125] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 29.247921] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 29.254320] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 29.263323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.270794] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.278159] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.286639] device veth0_vlan entered promiscuous mode [ 29.295505] device veth1_vlan entered promiscuous mode [ 29.301952] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.310993] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.321284] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.330361] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.337596] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.344805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.353955] device veth0_macvtap entered promiscuous mode [ 29.360487] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.369319] device veth1_macvtap entered promiscuous mode [ 29.378465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.387931] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.397847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.404515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.412858] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.421977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.430072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 29.497743] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.514538] [ 29.516169] ====================================================== [ 29.522459] WARNING: possible circular locking dependency detected [ 29.528840] 4.14.287-syzkaller #0 Not tainted [ 29.533311] ------------------------------------------------------ [ 29.539598] kworker/u4:0/5 is trying to acquire lock: [ 29.544756] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 29.552539] [ 29.552539] but task is already holding lock: [ 29.558487] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.566871] [ 29.566871] which lock already depends on the new lock. [ 29.566871] [ 29.575156] [ 29.575156] the existing dependency chain (in reverse order) is: [ 29.582750] [ 29.582750] -> #1 ((&strp->work)){+.+.}: [ 29.588271] flush_work+0xad/0x770 [ 29.592304] __cancel_work_timer+0x321/0x460 [ 29.597224] strp_done+0x53/0xd0 [ 29.601099] kcm_ioctl+0x828/0xfb0 [ 29.605174] sock_ioctl+0x2cc/0x4c0 [ 29.609296] do_vfs_ioctl+0x75a/0xff0 [ 29.613591] SyS_ioctl+0x7f/0xb0 [ 29.617452] do_syscall_64+0x1d5/0x640 [ 29.621833] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.627530] [ 29.627530] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.633221] lock_acquire+0x170/0x3f0 [ 29.637518] lock_sock_nested+0xb7/0x100 [ 29.642071] strp_work+0x3e/0x100 [ 29.646019] process_one_work+0x793/0x14a0 [ 29.650744] worker_thread+0x5cc/0xff0 [ 29.655121] kthread+0x30d/0x420 [ 29.658996] ret_from_fork+0x24/0x30 [ 29.663210] [ 29.663210] other info that might help us debug this: [ 29.663210] [ 29.671320] Possible unsafe locking scenario: [ 29.671320] [ 29.677346] CPU0 CPU1 [ 29.681986] ---- ---- [ 29.686622] lock((&strp->work)); [ 29.690166] lock(sk_lock-AF_INET); [ 29.696370] lock((&strp->work)); [ 29.702401] lock(sk_lock-AF_INET); [ 29.706083] [ 29.706083] *** DEADLOCK *** [ 29.706083] [ 29.712120] 2 locks held by kworker/u4:0/5: [ 29.716412] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 29.725061] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.733879] [ 29.733879] stack backtrace: [ 29.738349] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.287-syzkaller #0 [ 29.745681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 29.755029] Workqueue: kstrp strp_work [ 29.758885] Call Trace: [ 29.761449] dump_stack+0x1b2/0x281 [ 29.765049] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.770823] __lock_acquire+0x2e0e/0x3f20 [ 29.774953] ? __schedule+0x893/0x1de0 [ 29.778824] ? trace_hardirqs_on+0x10/0x10 [ 29.783033] ? lock_acquire+0x170/0x3f0 [ 29.786985] ? lock_sock_nested+0x98/0x100 [ 29.791193] lock_acquire+0x170/0x3f0 [ 29.794984] ? strp_work+0x3e/0x100 [ 29.798590] lock_sock_nested+0xb7/0x100 [ 29.802624] ? strp_work+0x3e/0x100 [ 29.806239] strp_work+0x3e/0x100 [ 29.809685] process_one_work+0x793/0x14a0 [ 29.813893] ? work_busy+0x320/0x320 [ 29.817576] ? worker_thread+0x158/0xff0 [ 29.821609] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.826077] worker_thread+0x5cc/0xff0 [ 29.829938] ? rescuer_thread+0xc80/0xc80 [ 29.834064] kthread+0x30d/0x420 [ 29.837401] ? kthread_create_on_node+0xd0/0xd0 [ 29.842041] ret_from_fork+0x24/0x30