[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.115' (ECDSA) to the list of known hosts. syzkaller login: [ 29.438852] IPVS: ftp: loaded support on port[0] = 21 [ 29.505576] chnl_net:caif_netlink_parms(): no params data found [ 29.595057] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.601811] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.609326] device bridge_slave_0 entered promiscuous mode [ 29.616105] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.622806] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.630171] device bridge_slave_1 entered promiscuous mode [ 29.646638] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 29.655219] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 29.672806] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 29.679985] team0: Port device team_slave_0 added [ 29.685279] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 29.692756] team0: Port device team_slave_1 added [ 29.706633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.712968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.738311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.749674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.755897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.781126] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.791631] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 29.799333] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 29.817310] device hsr_slave_0 entered promiscuous mode [ 29.822923] device hsr_slave_1 entered promiscuous mode [ 29.829152] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 29.837020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 29.893354] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.899775] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.906514] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.912940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.940445] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.946514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.955929] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.964295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.983207] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.990361] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.000311] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 30.006437] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.014868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.022943] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.029345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.039113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.047309] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.053877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.071372] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.081431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.092203] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 30.100336] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 30.108620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 30.116095] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.124105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.131994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 30.138889] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 30.150313] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 30.157888] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 30.164516] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 30.174892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.224332] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 30.234512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.260532] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 30.268192] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 30.274573] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 30.283405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.291125] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.298287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.307142] device veth0_vlan entered promiscuous mode [ 30.315495] device veth1_vlan entered promiscuous mode [ 30.322003] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 30.330567] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 30.342150] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 30.351385] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 30.358759] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 30.365879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.375685] device veth0_macvtap entered promiscuous mode [ 30.382040] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 30.390520] device veth1_macvtap entered promiscuous mode [ 30.399534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 30.408306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 30.418422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.425102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.433610] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 30.442790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.449832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 30.497573] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 30.532783] [ 30.534423] ====================================================== [ 30.540714] WARNING: possible circular locking dependency detected [ 30.547005] 4.14.285-syzkaller #0 Not tainted [ 30.551468] ------------------------------------------------------ [ 30.557759] kworker/u4:2/156 is trying to acquire lock: [ 30.563090] (sk_lock-AF_INET6){+.+.}, at: [] strp_work+0x3e/0x100 [ 30.570955] [ 30.570955] but task is already holding lock: [ 30.576897] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 30.585371] [ 30.585371] which lock already depends on the new lock. [ 30.585371] [ 30.593676] [ 30.593676] the existing dependency chain (in reverse order) is: [ 30.601284] [ 30.601284] -> #1 ((&strp->work)){+.+.}: [ 30.606805] flush_work+0xad/0x770 [ 30.610838] __cancel_work_timer+0x321/0x460 [ 30.615745] strp_done+0x53/0xd0 [ 30.619606] kcm_ioctl+0x828/0xfb0 [ 30.623640] sock_ioctl+0x2cc/0x4c0 [ 30.627796] do_vfs_ioctl+0x75a/0xff0 [ 30.632105] SyS_ioctl+0x7f/0xb0 [ 30.635982] do_syscall_64+0x1d5/0x640 [ 30.640404] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 30.646087] [ 30.646087] -> #0 (sk_lock-AF_INET6){+.+.}: [ 30.651884] lock_acquire+0x170/0x3f0 [ 30.656361] lock_sock_nested+0xb7/0x100 [ 30.661035] strp_work+0x3e/0x100 [ 30.664999] process_one_work+0x793/0x14a0 [ 30.669742] worker_thread+0x5cc/0xff0 [ 30.674144] kthread+0x30d/0x420 [ 30.678012] ret_from_fork+0x24/0x30 [ 30.682217] [ 30.682217] other info that might help us debug this: [ 30.682217] [ 30.690337] Possible unsafe locking scenario: [ 30.690337] [ 30.696364] CPU0 CPU1 [ 30.701000] ---- ---- [ 30.705636] lock((&strp->work)); [ 30.709154] lock(sk_lock-AF_INET6); [ 30.715448] lock((&strp->work)); [ 30.721480] lock(sk_lock-AF_INET6); [ 30.725255] [ 30.725255] *** DEADLOCK *** [ 30.725255] [ 30.731289] 2 locks held by kworker/u4:2/156: [ 30.735763] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 30.744410] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 30.753230] [ 30.753230] stack backtrace: [ 30.757702] CPU: 0 PID: 156 Comm: kworker/u4:2 Not tainted 4.14.285-syzkaller #0 [ 30.765208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 30.774550] Workqueue: kstrp strp_work [ 30.778414] Call Trace: [ 30.780979] dump_stack+0x1b2/0x281 [ 30.784583] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.790454] __lock_acquire+0x2e0e/0x3f20 [ 30.794579] ? __schedule+0x893/0x1de0 [ 30.798458] ? trace_hardirqs_on+0x10/0x10 [ 30.802668] ? lock_acquire+0x170/0x3f0 [ 30.806619] ? lock_sock_nested+0x98/0x100 [ 30.810829] lock_acquire+0x170/0x3f0 [ 30.814955] ? strp_work+0x3e/0x100 [ 30.818571] lock_sock_nested+0xb7/0x100 [ 30.822606] ? strp_work+0x3e/0x100 [ 30.826209] strp_work+0x3e/0x100 [ 30.829641] process_one_work+0x793/0x14a0 [ 30.833853] ? work_busy+0x320/0x320 [ 30.837547] ? worker_thread+0x158/0xff0 [ 30.841585] ? _raw_spin_unlock_irq+0x24/0x80 [ 30.846060] worker_thread+0x5cc/0x