Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.579025] [ 33.580808] ====================================================== [ 33.587099] [ INFO: possible circular locking dependency detected ] [ 33.593476] 4.4.174+ #4 Not tainted [ 33.597072] ------------------------------------------------------- [ 33.603446] syz-executor718/2063 is trying to acquire lock: [ 33.609130] (_xmit_NETROM){+.-...}, at: [] sch_direct_xmit+0x238/0x700 [ 33.617912] [ 33.617912] but task is already holding lock: [ 33.623854] (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 33.633085] [ 33.633085] which lock already depends on the new lock. [ 33.633085] [ 33.641372] [ 33.641372] the existing dependency chain (in reverse order) is: [ 33.648963] -> #1 (&(&q->lock)->rlock){+.-...}: [ 33.654268] [] lock_acquire+0x15e/0x450 [ 33.660509] [] _raw_spin_lock_irqsave+0x50/0x70 [ 33.667572] [] depot_save_stack+0x20c/0x5f0 [ 33.674166] [] kasan_kmalloc.part.0+0xc6/0xf0 [ 33.680976] [] kasan_kmalloc+0xb7/0xd0 [ 33.687125] [] kasan_slab_alloc+0xf/0x20 [ 33.693452] [] kmem_cache_alloc+0xdc/0x2c0 [ 33.699951] [] inet_getpeer+0x1525/0x1ce0 [ 33.706364] [] ip4_frag_init+0x2a2/0x310 [ 33.712692] [] inet_frag_create+0x1ac/0x14e0 [ 33.719362] [] inet_frag_find+0x64d/0x880 [ 33.725771] [] ip_defrag+0x2fb/0x3b70 [ 33.731841] [] ip_check_defrag+0x3d6/0x5b0 [ 33.738351] [] packet_rcv_fanout+0x51e/0x5f0 [ 33.745027] [] dev_hard_start_xmit+0x654/0x11e0 [ 33.752022] [] sch_direct_xmit+0x2b6/0x700 [ 33.758863] [] __dev_queue_xmit+0xd24/0x1bb0 [ 33.765544] [] dev_queue_xmit+0x18/0x20 [ 33.771785] [] neigh_resolve_output+0x4a0/0x7a0 [ 33.778718] [] ip_finish_output2+0x6a2/0x1280 [ 33.785481] [] ip_do_fragment+0x187c/0x1f70 [ 33.792067] [] ip_fragment.constprop.0+0x14b/0x200 [ 33.799262] [] ip_finish_output+0x3b9/0xc60 [ 33.805851] [] ip_mc_output+0x251/0xae0 [ 33.812091] [] ip_local_out+0x9c/0x180 [ 33.818267] [] ip_send_skb+0x3e/0xc0 [ 33.824259] [] udp_send_skb+0x4fd/0xc70 [ 33.830506] [] udp_sendmsg+0x16cf/0x1c60 [ 33.836836] [] udpv6_sendmsg+0x12f2/0x24f0 [ 33.843336] [] inet_sendmsg+0x202/0x4d0 [ 33.849578] [] sock_sendmsg+0xbe/0x110 [ 33.856170] [] kernel_sendmsg+0x44/0x50 [ 33.862422] [] sock_no_sendpage+0x116/0x150 [ 33.869018] [] kernel_sendpage+0x95/0xf0 [ 33.875361] [] sock_sendpage+0x8b/0xc0 [ 33.881526] [] pipe_to_sendpage+0x28d/0x3d0 [ 33.888138] [] __splice_from_pipe+0x37e/0x7a0 [ 33.894897] [] splice_from_pipe+0x108/0x170 [ 33.901583] [] generic_splice_sendpage+0x3c/0x50 [ 33.908605] [] direct_splice_actor+0x126/0x1a0 [ 33.915465] [] splice_direct_to_actor+0x2ce/0x850 [ 33.922571] [] do_splice_direct+0x1a5/0x260 [ 33.929172] [] do_sendfile+0x4ed/0xba0 [ 33.935353] [] SyS_sendfile64+0x137/0x150 [ 33.941788] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 33.948984] -> #0 (_xmit_NETROM){+.-...}: [ 33.954191] [] __lock_acquire+0x37d6/0x4f50 [ 33.960783] [] lock_acquire+0x15e/0x450 [ 33.967022] [] _raw_spin_lock+0x38/0x50 [ 33.973278] [] sch_direct_xmit+0x238/0x700 [ 33.979792] [] __dev_queue_xmit+0xd24/0x1bb0 [ 33.986468] [] dev_queue_xmit+0x18/0x20 [ 33.992716] [] neigh_resolve_output+0x4a0/0x7a0 [ 33.999650] [] ip6_finish_output2+0x9c7/0x1dc0 [ 34.006516] [] ip6_finish_output+0x2f3/0x750 [ 34.013207] [] ip6_output+0x1b4/0x520 [ 34.019277] [] ndisc_send_skb+0x98d/0x1110 [ 34.025777] [] ndisc_send_ns+0x4bf/0x6b0 [ 34.032099] [] ndisc_solicit+0x2b2/0x440 [ 34.038427] [] neigh_probe+0xc8/0x100 [ 34.044504] [] __neigh_event_send+0x2ab/0xc50 [ 34.051279] [] neigh_resolve_output+0x5ec/0x7a0 [ 34.058560] [] ip6_finish_output2+0x9c7/0x1dc0 [ 34.065408] [] ip6_finish_output+0x2f3/0x750 [ 34.072278] [] ip6_output+0x1b4/0x520 [ 34.078345] [] ip6_local_out+0x9c/0x180 [ 34.084583] [] ip6_send_skb+0xa2/0x340 [ 34.090726] [] ip6_push_pending_frames+0xbb/0xe0 [ 34.097746] [] icmpv6_push_pending_frames+0x336/0x530 [ 34.105195] [] icmp6_send+0x1506/0x1b40 [ 34.111446] [] icmpv6_param_prob+0x29/0x40 [ 34.117976] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 34.124476] [] ip6_input_finish+0x57d/0x14f0 [ 34.131150] [] ip6_input+0xf8/0x1f0 [ 34.137057] [] ip6_rcv_finish+0x14d/0x670 [ 34.143486] [] ipv6_rcv+0xfc1/0x1a20 [ 34.149464] [] __netif_receive_skb_core+0x1300/0x2950 [ 34.157233] [] __netif_receive_skb+0x58/0x1c0 [ 34.164005] [] process_backlog+0x200/0x630 [ 34.170505] [] net_rx_action+0x367/0xd30 [ 34.176832] [] __do_softirq+0x226/0xa3f [ 34.183071] [] do_softirq_own_stack+0x1c/0x30 [ 34.189828] [] do_softirq.part.0+0x54/0x60 [ 34.196338] [] do_softirq+0x18/0x20 [ 34.202224] [] netif_rx_ni+0xeb/0x3b0 [ 34.208303] [] tun_get_user+0xdbf/0x2640 [ 34.214622] [] tun_chr_write_iter+0xda/0x190 [ 34.221747] [] do_iter_readv_writev+0x141/0x1e0 [ 34.228682] [] do_readv_writev+0x387/0x6e0 [ 34.235180] [] vfs_writev+0x7d/0xb0 [ 34.241075] [] SyS_writev+0xdc/0x260 [ 34.247070] [] entry_SYSCALL_64_fastpath+0x1e/0x9a [ 34.254825] [ 34.254825] other info that might help us debug this: [ 34.254825] [ 34.262951] Possible unsafe locking scenario: [ 34.262951] [ 34.268978] CPU0 CPU1 [ 34.273615] ---- ---- [ 34.278254] lock(&(&q->lock)->rlock); [ 34.282461] lock(_xmit_NETROM); [ 34.288656] lock(&(&q->lock)->rlock); [ 34.295360] lock(_xmit_NETROM); [ 34.299020] [ 34.299020] *** DEADLOCK *** [ 34.299020] [ 34.305059] 9 locks held by syz-executor718/2063: [ 34.309871] #0: (rcu_read_lock){......}, at: [] process_backlog+0x19c/0x630 [ 34.319293] #1: (rcu_read_lock){......}, at: [] ip6_input_finish+0x0/0x14f0 [ 34.328727] #2: (&(&q->lock)->rlock){+.-...}, at: [] ipv6_frag_rcv+0x6cc/0x51e0 [ 34.338536] #3: (slock-AF_INET6){+.....}, at: [] icmp6_send+0x7bd/0x1b40 [ 34.347709] #4: (rcu_read_lock){......}, at: [] icmp6_send+0xf44/0x1b40 [ 34.357332] #5: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 34.367365] #6: (rcu_read_lock){......}, at: [] ndisc_send_skb+0x779/0x1110 [ 34.376816] #7: (rcu_read_lock_bh){......}, at: [] ip6_finish_output2+0x1e1/0x1dc0 [ 34.386854] #8: (rcu_read_lock_bh){......}, at: [] __dev_queue_xmit+0x1d7/0x1bb0 [ 34.396710] [ 34.396710] stack backtrace: [ 34.401183] CPU: 0 PID: 2063 Comm: syz-executor718 Not tainted 4.4.174+ #4 [ 34.408172] 0000000000000000 971c7758baccb4a1 ffff8801db6064e0 ffffffff81aad1a1 [ 34.416161] ffffffff84057a80 ffff8800b69297c0 ffffffff83ad3a20 ffffffff83ad3f30 [ 34.424173] ffffffff83ad3a20 ffff8801db606530 ffffffff813abcda ffff8801db606610 [ 34.432160] Call Trace: [ 34.434714] [] dump_stack+0xc1/0x120 [ 34.440790] [] print_circular_bug.cold+0x2f7/0x44e [ 34.447343] [] __lock_acquire+0x37d6/0x4f50 [ 34.453747] [] ? check_usage+0x14e/0x5a0 [ 34.459429] [] ? trace_hardirqs_on+0x10/0x10 [ 34.465467] [] ? __lock_acquire+0x2c79/0x4f50 [ 34.471610] [] ? __dev_get_by_index+0x130/0x130 [ 34.477906] [] ? __skb_gso_segment+0x4c0/0x4c0 [ 34.484116] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.490844] [] lock_acquire+0x15e/0x450 [ 34.496483] [] ? sch_direct_xmit+0x238/0x700 [ 34.502528] [] _raw_spin_lock+0x38/0x50 [ 34.508128] [] ? sch_direct_xmit+0x238/0x700 [ 34.514158] [] sch_direct_xmit+0x238/0x700 [ 34.520015] [] ? dev_deactivate_queue.constprop.0+0x160/0x160 [ 34.527539] [] __dev_queue_xmit+0xd24/0x1bb0 [ 34.533570] [] ? __dev_queue_xmit+0x1d7/0x1bb0 [ 34.539777] [] ? trace_hardirqs_on+0x10/0x10 [ 34.545808] [] ? netdev_pick_tx+0x2f0/0x2f0 [ 34.551816] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.558545] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.565267] [] ? memcpy+0x46/0x50 [ 34.570343] [] dev_queue_xmit+0x18/0x20 [ 34.575940] [] neigh_resolve_output+0x4a0/0x7a0 [ 34.582232] [] ? ip6_finish_output2+0x9c7/0x1dc0 [ 34.588610] [] ip6_finish_output2+0x9c7/0x1dc0 [ 34.594811] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 34.601191] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.607918] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.614645] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 34.620939] [] ? check_preemption_disabled+0x3c/0x200 [ 34.627773] [] ? check_preemption_disabled+0x3c/0x200 [ 34.634584] [] ? ip6_mtu+0x21f/0x340 [ 34.639921] [] ip6_finish_output+0x2f3/0x750 [ 34.645969] [] ip6_output+0x1b4/0x520 [ 34.651392] [] ? ip6_finish_output+0x750/0x750 [ 34.657598] [] ? nf_iterate+0x220/0x220 [ 34.663194] [] ? ip6_fragment+0x3210/0x3210 [ 34.669156] [] ndisc_send_skb+0x98d/0x1110 [ 34.675016] [] ? ndisc_send_skb+0x779/0x1110 [ 34.681047] [] ? ndisc_alloc_skb+0x330/0x330 [ 34.687081] [] ? compat_ipv6_setsockopt+0x1d0/0x1d0 [ 34.693734] [] ? memcpy+0x46/0x50 [ 34.698816] [] ? ndisc_fill_addr_option+0x19b/0x1f0 [ 34.705452] [] ndisc_send_ns+0x4bf/0x6b0 [ 34.711133] [] ? trace_hardirqs_on+0xd/0x10 [ 34.717075] [] ? ndisc_netdev_event+0x360/0x360 [ 34.723363] [] ? ipv6_chk_addr_and_flags+0x3a6/0x530 [ 34.730103] [] ? ipv6_chk_addr_and_flags+0x69/0x530 [ 34.736744] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 34.743641] [] ndisc_solicit+0x2b2/0x440 [ 34.749339] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 34.755194] [] ? ndisc_send_ns+0x6b0/0x6b0 [ 34.761052] [] neigh_probe+0xc8/0x100 [ 34.766480] [] __neigh_event_send+0x2ab/0xc50 [ 34.772601] [] ? __local_bh_enable_ip+0x6a/0xe0 [ 34.778890] [] ? _raw_write_unlock_bh+0x31/0x40 [ 34.785193] [] neigh_resolve_output+0x5ec/0x7a0 [ 34.791485] [] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 34.798752] [] ip6_finish_output2+0x9c7/0x1dc0 [ 34.804954] [] ? ip6_finish_output2+0x1e1/0x1dc0 [ 34.811334] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.818078] [] ? ip6_forward_finish+0x4a0/0x4a0 [ 34.824369] [] ? check_preemption_disabled+0x3c/0x200 [ 34.831193] [] ? check_preemption_disabled+0x3c/0x200 [ 34.838008] [] ? ip6_mtu+0x21f/0x340 [ 34.843347] [] ip6_finish_output+0x2f3/0x750 [ 34.849376] [] ip6_output+0x1b4/0x520 [ 34.854799] [] ? ip6_finish_output+0x750/0x750 [ 34.861005] [] ? ip6_fragment+0x3210/0x3210 [ 34.866949] [] ip6_local_out+0x9c/0x180 [ 34.873401] [] ip6_send_skb+0xa2/0x340 [ 34.878912] [] ip6_push_pending_frames+0xbb/0xe0 [ 34.885290] [] icmpv6_push_pending_frames+0x336/0x530 [ 34.892104] [] icmp6_send+0x1506/0x1b40 [ 34.897701] [] ? icmpv6_push_pending_frames+0x530/0x530 [ 34.904700] [] ? __lock_acquire+0x74f/0x4f50 [ 34.910733] [] ? perf_trace_softirq+0x28a/0x3b0 [ 34.917025] [] ? ipv6_frag_rcv+0x6cc/0x51e0 [ 34.922969] [] icmpv6_param_prob+0x29/0x40 [ 34.928825] [] ipv6_frag_rcv+0x3ce5/0x51e0 [ 34.934681] [] ? ipv6_frags_init_net+0x3e0/0x3e0 [ 34.941077] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 34.947806] [] ip6_input_finish+0x57d/0x14f0 [ 34.953835] [] ? ip6_rcv_finish+0x670/0x670 [ 34.959780] [] ip6_input+0xf8/0x1f0 [ 34.965029] [] ? ipv6_rcv+0x1a20/0x1a20 [ 34.970639] [] ? ip6_rcv_finish+0x670/0x670 [ 34.976585] [] ip6_rcv_finish+0x14d/0x670 [ 34.982355] [] ipv6_rcv+0xfc1/0x1a20 [ 34.987700] [] ? ipv6_rcv+0xfc/0x1a20 [ 34.993129] [] ? ip6_input_finish+0x14f0/0x14f0 [ 34.999419] [] ? ip6_make_skb+0x3f0/0x3f0 [ 35.005186] [] ? packet_rcv_fanout+0x173/0x5f0 [ 35.011391] [] ? ip6_input_finish+0x14f0/0x14f0 [ 35.017685] [] __netif_receive_skb_core+0x1300/0x2950 [ 35.024495] [] ? dev_loopback_xmit+0x430/0x430 [ 35.030699] [] ? try_to_wake_up+0x701/0x1110 [ 35.036738] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 35.043459] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 35.050185] [] ? check_preemption_disabled+0x3c/0x200 [ 35.057000] [] __netif_receive_skb+0x58/0x1c0 [ 35.063132] [] process_backlog+0x200/0x630 [ 35.068992] [] ? process_backlog+0x19c/0x630 [ 35.075023] [] ? net_rx_action+0x1fb/0xd30 [ 35.080897] [] net_rx_action+0x367/0xd30 [ 35.086582] [] ? net_rps_action_and_irq_enable.isra.0+0x170/0x170 [ 35.094450] [] __do_softirq+0x226/0xa3f [ 35.100046] [] do_softirq_own_stack+0x1c/0x30 [ 35.106158] [] do_softirq.part.0+0x54/0x60 [ 35.112764] [] do_softirq+0x18/0x20 [ 35.118016] [] netif_rx_ni+0xeb/0x3b0 [ 35.123440] [] tun_get_user+0xdbf/0x2640 [ 35.129122] [] ? tun_free_netdev+0xb0/0xb0 [ 35.134996] [] ? irq_cpu_online+0x1a0/0x230 [ 35.140941] [] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 35.147666] [] ? __tun_get+0x126/0x230 [ 35.153176] [] tun_chr_write_iter+0xda/0x190 [ 35.159209] [] do_iter_readv_writev+0x141/0x1e0 [ 35.165510] [] ? tun_sendmsg+0x140/0x140 [ 35.171208] [] ? vfs_iter_read+0x280/0x280 [ 35.177079] [] ? rw_verify_area+0x103/0x2f0 [ 35.183021] [] ? tun_sendmsg+0x140/0x140 [ 35.188721] [] do_readv_writev+0x387/0x6e0 [ 35.194577] [] ? vfs_write+0x4e0/0x4e0 [ 35.200100] [] ? __fsnotify_inode_delete+0x30/0x30 [ 35.206650] [] ? rw_verify_area+0x103/0x2f0 [ 35.212603] [] ? do_sendfile+0x20e/0xba0 [ 35.218286] [] ? __compat_sys_pwritev64+0x170/0x170 [ 35.224935] [] vfs_writev+0x7d/0xb0 [ 35.230203] [] SyS_writev+0xdc/0x260 [ 35.235538] [] ? SyS_readv+0x260/0x260 [ 35.241066] [] ? trace_hardirqs_on_thunk+0x17/0x19 [ 35.247637] [] entry_SYSCALL_64_fastpath+0x1e/0x9a