[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. syzkaller login: [ 30.388739] IPVS: ftp: loaded support on port[0] = 21 [ 30.454019] chnl_net:caif_netlink_parms(): no params data found [ 30.544521] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.551573] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.558955] device bridge_slave_0 entered promiscuous mode [ 30.566529] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.572905] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.580089] device bridge_slave_1 entered promiscuous mode [ 30.596474] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 30.605277] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 30.622851] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 30.630069] team0: Port device team_slave_0 added [ 30.635654] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 30.642700] team0: Port device team_slave_1 added [ 30.658150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.664394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.689994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.701251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.707581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.732815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.743594] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 30.751110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 30.768961] device hsr_slave_0 entered promiscuous mode [ 30.774550] device hsr_slave_1 entered promiscuous mode [ 30.780672] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 30.787785] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 30.848022] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.854410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.861256] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.867735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.893598] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 30.899864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.908892] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 30.917512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.926370] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.933251] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.942748] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.948976] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.957551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.966177] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.972505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.990661] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.001286] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.012118] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 31.019147] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.026827] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.033160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.040907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.049017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.057018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.064453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.072110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 31.078923] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 31.089599] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 31.098654] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 31.105392] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 31.115061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.163002] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 31.172861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.201389] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 31.209463] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 31.216513] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 31.225294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.232569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.239821] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.248456] device veth0_vlan entered promiscuous mode [ 31.257371] device veth1_vlan entered promiscuous mode [ 31.263185] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 31.271653] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 31.282747] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 31.292823] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 31.300182] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 31.307466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.316777] device veth0_macvtap entered promiscuous mode [ 31.322812] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 31.331129] device veth1_macvtap entered promiscuous mode [ 31.339323] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 31.348234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 31.357584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.364290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.373043] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 31.382338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.389511] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 31.444970] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 31.474238] [ 31.475879] ====================================================== [ 31.482189] WARNING: possible circular locking dependency detected [ 31.488509] 4.14.284-syzkaller #0 Not tainted [ 31.492978] ------------------------------------------------------ [ 31.499267] kworker/u4:4/2880 is trying to acquire lock: [ 31.504704] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 31.512497] [ 31.512497] but task is already holding lock: [ 31.518438] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 31.526839] [ 31.526839] which lock already depends on the new lock. [ 31.526839] [ 31.535138] [ 31.535138] the existing dependency chain (in reverse order) is: [ 31.542729] [ 31.542729] -> #1 ((&strp->work)){+.+.}: [ 31.548247] flush_work+0xad/0x770 [ 31.552287] __cancel_work_timer+0x321/0x460 [ 31.557188] strp_done+0x53/0xd0 [ 31.561047] kcm_ioctl+0x828/0xfb0 [ 31.565082] sock_ioctl+0x2cc/0x4c0 [ 31.569204] do_vfs_ioctl+0x75a/0xff0 [ 31.573499] SyS_ioctl+0x7f/0xb0 [ 31.577365] do_syscall_64+0x1d5/0x640 [ 31.581747] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 31.587443] [ 31.587443] -> #0 (sk_lock-AF_INET){+.+.}: [ 31.593134] lock_acquire+0x170/0x3f0 [ 31.597442] lock_sock_nested+0xb7/0x100 [ 31.602102] strp_work+0x3e/0x100 [ 31.606085] process_one_work+0x793/0x14a0 [ 31.610816] worker_thread+0x5cc/0xff0 [ 31.615197] kthread+0x30d/0x420 [ 31.619056] ret_from_fork+0x24/0x30 [ 31.623276] [ 31.623276] other info that might help us debug this: [ 31.623276] [ 31.631397] Possible unsafe locking scenario: [ 31.631397] [ 31.637431] CPU0 CPU1 [ 31.642072] ---- ---- [ 31.646712] lock((&strp->work)); [ 31.650245] lock(sk_lock-AF_INET); [ 31.656452] lock((&strp->work)); [ 31.662501] lock(sk_lock-AF_INET); [ 31.666188] [ 31.666188] *** DEADLOCK *** [ 31.666188] [ 31.672745] 2 locks held by kworker/u4:4/2880: [ 31.677314] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 31.685960] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 31.694773] [ 31.694773] stack backtrace: [ 31.699242] CPU: 1 PID: 2880 Comm: kworker/u4:4 Not tainted 4.14.284-syzkaller #0 [ 31.706848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.716181] Workqueue: kstrp strp_work [ 31.720048] Call Trace: [ 31.722705] dump_stack+0x1b2/0x281 [ 31.726308] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 31.732082] __lock_acquire+0x2e0e/0x3f20 [ 31.736223] ? __schedule+0x893/0x1de0 [ 31.740102] ? trace_hardirqs_on+0x10/0x10 [ 31.744320] ? lock_acquire+0x170/0x3f0 [ 31.748277] ? lock_sock_nested+0x98/0x100 [ 31.752485] lock_acquire+0x170/0x3f0 [ 31.756259] ? strp_work+0x3e/0x100 [ 31.759866] lock_sock_nested+0xb7/0x100 [ 31.763899] ? strp_work+0x3e/0x100 [ 31.767502] strp_work+0x3e/0x100 [ 31.771016] process_one_work+0x793/0x14a0 [ 31.775226] ? work_busy+0x320/0x320 [ 31.779016] ? worker_thread+0x158/0xff0 [ 31.783051] ? _raw_spin_unlock_irq+0x24/0x80 [ 31.787519] worker_thread+0x5cc/0xff0 [ 31.791384] ? rescuer_thread+0xc80/0xc80 [ 31.79550