[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.142' (ECDSA) to the list of known hosts. syzkaller login: [ 75.021641][ T8471] chnl_net:caif_netlink_parms(): no params data found [ 75.099091][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.107251][ T8471] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.118250][ T8471] device bridge_slave_0 entered promiscuous mode [ 75.127780][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.135277][ T8471] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.143260][ T8471] device bridge_slave_1 entered promiscuous mode [ 75.173359][ T8471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.184327][ T8471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.218935][ T8471] team0: Port device team_slave_0 added [ 75.227408][ T8471] team0: Port device team_slave_1 added [ 75.255664][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.262752][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.289627][ T8471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.302715][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.310938][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.338443][ T8471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.376636][ T8471] device hsr_slave_0 entered promiscuous mode [ 75.384106][ T8471] device hsr_slave_1 entered promiscuous mode [ 75.507034][ T8471] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.521597][ T8471] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.531022][ T8471] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.542779][ T8471] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.567986][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.575293][ T8471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.583387][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.590900][ T8471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.637379][ T8471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.651522][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.663624][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.672866][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.682664][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 75.697270][ T8471] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.709293][ T29] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.735461][ T29] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.742564][ T29] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.766768][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.775867][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.783210][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.810931][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.819479][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.829603][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.843471][ T3819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.856951][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.868940][ T8471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.888090][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 75.896952][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.910697][ T8471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.935387][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 75.950357][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 75.961020][ T8471] device veth0_vlan entered promiscuous mode [ 75.968190][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 75.976730][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 75.991914][ T8471] device veth1_vlan entered promiscuous mode [ 76.005368][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.013626][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.032880][ T8471] device veth0_macvtap entered promiscuous mode [ 76.040550][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.049797][ T4858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.061213][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.071228][ T8471] device veth1_macvtap entered promiscuous mode [ 76.087850][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.103195][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.112360][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.120665][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.129458][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.138381][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.147129][ T8789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 76.160734][ T8471] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.169918][ T8471] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.180126][ T8471] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.189432][ T8471] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.231695][ T8471] [ 76.234264][ T8471] ====================================================== [ 76.241621][ T8471] WARNING: possible circular locking dependency detected [ 76.249066][ T8471] 5.14.0-rc2-syzkaller #0 Not tainted [ 76.254830][ T8471] ------------------------------------------------------ [ 76.262027][ T8471] syz-executor175/8471 is trying to acquire lock: [ 76.268507][ T8471] ffffffff8d0cb568 (rtnl_mutex){+.+.}-{3:3}, at: br_del_bridge+0x14/0x110 [ 76.277573][ T8471] [ 76.277573][ T8471] but task is already holding lock: [ 76.284991][ T8471] ffffffff8d0a9608 (br_ioctl_mutex){+.+.}-{3:3}, at: br_ioctl_call+0x3b/0xa0 [ 76.293796][ T8471] [ 76.293796][ T8471] which lock already depends on the new lock. [ 76.293796][ T8471] [ 76.304294][ T8471] [ 76.304294][ T8471] the existing dependency chain (in reverse order) is: [ 76.313672][ T8471] [ 76.313672][ T8471] -> #1 (br_ioctl_mutex){+.+.}-{3:3}: [ 76.321213][ T8471] __mutex_lock+0x12a/0x10a0 [ 76.326316][ T8471] br_ioctl_call+0x3b/0xa0 [ 76.331238][ T8471] dev_ifsioc+0xc1f/0xf60 [ 76.336110][ T8471] dev_ioctl+0x1b9/0xee0 [ 76.340901][ T8471] sock_do_ioctl+0x18b/0x210 [ 76.346101][ T8471] sock_ioctl+0x2f1/0x640 [ 76.351036][ T8471] __x64_sys_ioctl+0x193/0x200 [ 76.356392][ T8471] do_syscall_64+0x35/0xb0 [ 76.361422][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.367945][ T8471] [ 76.367945][ T8471] -> #0 (rtnl_mutex){+.+.}-{3:3}: [ 76.375135][ T8471] __lock_acquire+0x2a07/0x54a0 [ 76.380488][ T8471] lock_acquire+0x1ab/0x510 [ 76.385494][ T8471] __mutex_lock+0x12a/0x10a0 [ 76.390677][ T8471] br_del_bridge+0x14/0x110 [ 76.395685][ T8471] br_ioctl_stub+0x2f1/0x7f0 [ 76.402560][ T8471] br_ioctl_call+0x5e/0xa0 [ 76.407482][ T8471] sock_ioctl+0x30c/0x640 [ 76.412326][ T8471] __x64_sys_ioctl+0x193/0x200 [ 76.417818][ T8471] do_syscall_64+0x35/0xb0 [ 76.423614][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.430189][ T8471] [ 76.430189][ T8471] other info that might help us debug this: [ 76.430189][ T8471] [ 76.442497][ T8471] Possible unsafe locking scenario: [ 76.442497][ T8471] [ 76.449947][ T8471] CPU0 CPU1 [ 76.455377][ T8471] ---- ---- [ 76.460732][ T8471] lock(br_ioctl_mutex); [ 76.465151][ T8471] lock(rtnl_mutex); [ 76.471631][ T8471] lock(br_ioctl_mutex); [ 76.478514][ T8471] lock(rtnl_mutex); [ 76.482783][ T8471] [ 76.482783][ T8471] *** DEADLOCK *** [ 76.482783][ T8471] [ 76.491368][ T8471] 1 lock held by syz-executor175/8471: [ 76.496963][ T8471] #0: ffffffff8d0a9608 (br_ioctl_mutex){+.+.}-{3:3}, at: br_ioctl_call+0x3b/0xa0 [ 76.506177][ T8471] [ 76.506177][ T8471] stack backtrace: [ 76.512073][ T8471] CPU: 0 PID: 8471 Comm: syz-executor175 Not tainted 5.14.0-rc2-syzkaller #0 [ 76.521032][ T8471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.531637][ T8471] Call Trace: [ 76.535007][ T8471] dump_stack_lvl+0xcd/0x134 [ 76.539782][ T8471] check_noncircular+0x25f/0x2e0 [ 76.544709][ T8471] ? print_circular_bug+0x1e0/0x1e0 [ 76.550110][ T8471] ? __kernel_text_address+0x9/0x30 [ 76.555798][ T8471] ? unwind_get_return_address+0x51/0x90 [ 76.561715][ T8471] ? create_prof_cpu_mask+0x20/0x20 [ 76.567009][ T8471] ? lockdep_lock+0xc6/0x200 [ 76.571835][ T8471] ? call_rcu_zapped+0xb0/0xb0 [ 76.576769][ T8471] __lock_acquire+0x2a07/0x54a0 [ 76.581616][ T8471] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 76.587701][ T8471] ? add_lock_to_list.constprop.0+0x185/0x370 [ 76.593772][ T8471] lock_acquire+0x1ab/0x510 [ 76.598365][ T8471] ? br_del_bridge+0x14/0x110 [ 76.603452][ T8471] ? lock_release+0x720/0x720 [ 76.608131][ T8471] __mutex_lock+0x12a/0x10a0 [ 76.612713][ T8471] ? br_del_bridge+0x14/0x110 [ 76.617538][ T8471] ? br_del_bridge+0x14/0x110 [ 76.622302][ T8471] ? mutex_lock_io_nested+0xf00/0xf00 [ 76.627680][ T8471] br_del_bridge+0x14/0x110 [ 76.632189][ T8471] br_ioctl_stub+0x2f1/0x7f0 [ 76.636949][ T8471] ? __sanitizer_cov_trace_switch+0x63/0xf0 [ 76.642844][ T8471] ? br_dev_siocdevprivate+0x15c0/0x15c0 [ 76.648507][ T8471] ? do_vfs_ioctl+0x132/0x15d0 [ 76.653353][ T8471] ? vfs_fileattr_set+0xb50/0xb50 [ 76.658721][ T8471] ? br_dev_siocdevprivate+0x15c0/0x15c0 [ 76.664355][ T8471] br_ioctl_call+0x5e/0xa0 [ 76.668811][ T8471] sock_ioctl+0x30c/0x640 [ 76.673157][ T8471] ? br_ioctl_call+0xa0/0xa0 [ 76.677999][ T8471] ? lock_downgrade+0x6e0/0x6e0 [ 76.683147][ T8471] ? lock_downgrade+0x6e0/0x6e0 [ 76.688012][ T8471] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 76.694257][ T8471] ? br_ioctl_call+0xa0/0xa0 [ 76.698881][ T8471] __x64_sys_ioctl+0x193/0x200 [ 76.703660][ T8471] do_syscall_64+0x35/0xb0 [ 76.708208][ T8471] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 76.714991][ T8471] RIP: 0033:0x443119 [ 76.719173][ T8471] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.739172][ T8471] RSP: 002b:00007ffcae49a918 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.747801][ T8471] RAX: ffffffffffffffda RBX: 00007ffcae49a928 RCX: 0000000000443119 [ 76.755885][ T8471] RDX: 0000000020000140 RSI: 00000000000089a1 RDI: 0000000000000004 [ 76.763977][ T8471] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 76.772321][ T8471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcae49a930 [ 76.780324][ T8471] R13: 00007ffcae49a950 R1