[ OK ] Reached target Login Prompts. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. syzkaller login: [ 28.173971] IPVS: ftp: loaded support on port[0] = 21 [ 28.245139] chnl_net:caif_netlink_parms(): no params data found [ 28.321085] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.327633] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.335197] device bridge_slave_0 entered promiscuous mode [ 28.342482] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.348915] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.356325] device bridge_slave_1 entered promiscuous mode [ 28.371989] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.381170] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.397860] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.405017] team0: Port device team_slave_0 added [ 28.410903] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.417907] team0: Port device team_slave_1 added [ 28.432332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.438563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.463918] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.475590] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.481916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.507145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.517965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.525458] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.543049] device hsr_slave_0 entered promiscuous mode [ 28.548619] device hsr_slave_1 entered promiscuous mode [ 28.554764] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.561869] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.618662] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.625093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.631959] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.638309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.665798] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.672508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.681610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.690804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.698561] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.716116] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.725995] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.732556] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.740638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.748173] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.754557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.770161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.777720] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.784106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.791350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.798830] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.807954] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.814997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.824845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.833736] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.839931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.852835] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.860566] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.867186] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.878063] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.924530] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.934006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.967336] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.974786] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.982311] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.991471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.998828] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.006105] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.014609] device veth0_vlan entered promiscuous mode [ 29.023483] device veth1_vlan entered promiscuous mode [ 29.029629] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 29.037834] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.048225] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.057444] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.064823] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.072182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.081543] device veth0_macvtap entered promiscuous mode [ 29.087504] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.095580] device veth1_macvtap entered promiscuous mode [ 29.103721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.113096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.122850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.129851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.137725] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.148010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.155325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 29.231238] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.241420] [ 29.243053] ====================================================== [ 29.249367] WARNING: possible circular locking dependency detected [ 29.255660] 4.14.285-syzkaller #0 Not tainted [ 29.260145] ------------------------------------------------------ [ 29.266435] kworker/u4:0/5 is trying to acquire lock: [ 29.271612] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 29.279388] [ 29.279388] but task is already holding lock: [ 29.285328] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.293707] [ 29.293707] which lock already depends on the new lock. [ 29.293707] [ 29.301993] [ 29.301993] the existing dependency chain (in reverse order) is: [ 29.309584] [ 29.309584] -> #1 ((&strp->work)){+.+.}: [ 29.315108] flush_work+0xad/0x770 [ 29.319262] __cancel_work_timer+0x321/0x460 [ 29.324187] strp_done+0x53/0xd0 [ 29.328051] kcm_ioctl+0x828/0xfb0 [ 29.332087] sock_ioctl+0x2cc/0x4c0 [ 29.336225] do_vfs_ioctl+0x75a/0xff0 [ 29.340521] SyS_ioctl+0x7f/0xb0 [ 29.344395] do_syscall_64+0x1d5/0x640 [ 29.348779] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.354465] [ 29.354465] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.360162] lock_acquire+0x170/0x3f0 [ 29.364462] lock_sock_nested+0xb7/0x100 [ 29.369118] strp_work+0x3e/0x100 [ 29.373076] process_one_work+0x793/0x14a0 [ 29.377808] worker_thread+0x5cc/0xff0 [ 29.382209] kthread+0x30d/0x420 [ 29.386071] ret_from_fork+0x24/0x30 [ 29.390281] [ 29.390281] other info that might help us debug this: [ 29.390281] [ 29.398397] Possible unsafe locking scenario: [ 29.398397] [ 29.404430] CPU0 CPU1 [ 29.409070] ---- ---- [ 29.413713] lock((&strp->work)); [ 29.417226] lock(sk_lock-AF_INET); [ 29.423431] lock((&strp->work)); [ 29.429476] lock(sk_lock-AF_INET); [ 29.433167] [ 29.433167] *** DEADLOCK *** [ 29.433167] [ 29.439200] 2 locks held by kworker/u4:0/5: [ 29.443493] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 29.452139] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.460954] [ 29.460954] stack backtrace: [ 29.465426] CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.285-syzkaller #0 [ 29.472763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2022 [ 29.482107] Workqueue: kstrp strp_work [ 29.485976] Call Trace: [ 29.488546] dump_stack+0x1b2/0x281 [ 29.492150] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.497926] __lock_acquire+0x2e0e/0x3f20 [ 29.502057] ? trace_hardirqs_on+0x10/0x10 [ 29.506270] ? trace_hardirqs_on+0x10/0x10 [ 29.510478] ? lock_acquire+0x170/0x3f0 [ 29.514431] ? check_preemption_disabled+0x35/0x240 [ 29.519421] ? lock_sock_nested+0x98/0x100 [ 29.523630] lock_acquire+0x170/0x3f0 [ 29.527408] ? strp_work+0x3e/0x100 [ 29.531007] lock_sock_nested+0xb7/0x100 [ 29.535042] ? strp_work+0x3e/0x100 [ 29.538658] strp_work+0x3e/0x100 [ 29.542099] process_one_work+0x793/0x14a0 [ 29.546318] ? work_busy+0x320/0x320 [ 29.550019] ? worker_thread+0x158/0xff0 [ 29.554057] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.558535] worker_thread+0x5cc/0xff0 [ 29.562402] ? rescuer_thread+0xc80/0xc80 [ 29.566524] kthread+0x30d/0x420 [ 29.569865] ? kthread_create_on_node+0xd0/0xd0 [ 29.574510] ret_from_fork+0x24/0x30