[ OK ] Found device /dev/ttyS0. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts. syzkaller login: [ 27.841563] IPVS: ftp: loaded support on port[0] = 21 [ 27.912782] chnl_net:caif_netlink_parms(): no params data found [ 27.975578] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.982643] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.990454] device bridge_slave_0 entered promiscuous mode [ 27.997177] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.004351] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.011994] device bridge_slave_1 entered promiscuous mode [ 28.028225] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.036773] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.054580] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.061954] team0: Port device team_slave_0 added [ 28.068298] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.075404] team0: Port device team_slave_1 added [ 28.090911] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.097189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.122969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.134509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.141587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.167318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.177937] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.185182] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.203362] device hsr_slave_0 entered promiscuous mode [ 28.208990] device hsr_slave_1 entered promiscuous mode [ 28.214783] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.222488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.281641] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.288044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.294712] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.301096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.327228] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.333302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.341949] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.350474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.369573] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.376663] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.386302] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.393058] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.401510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.409173] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.415538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.424540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.432284] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.438672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.457680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.465224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.473429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.481258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.489055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.497316] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.503309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.515502] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.522786] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.529486] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.540472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.587677] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.596454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.624898] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.632789] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.640524] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.650140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.657993] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.664729] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.673713] device veth0_vlan entered promiscuous mode [ 28.682157] device veth1_vlan entered promiscuous mode [ 28.688170] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.696100] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 28.706251] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 28.715431] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 28.722765] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 28.730218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.739497] device veth0_macvtap entered promiscuous mode [ 28.745468] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 28.753817] device veth1_macvtap entered promiscuous mode [ 28.762292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 28.771148] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 28.781031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.788216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.797390] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.806568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.817452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 28.890294] [ 28.891932] ====================================================== [ 28.898230] WARNING: possible circular locking dependency detected [ 28.904521] 4.14.284-syzkaller #0 Not tainted [ 28.908986] ------------------------------------------------------ [ 28.915277] kworker/u4:2/34 is trying to acquire lock: [ 28.920523] (sk_lock-AF_INET){+.+.}, at: [] strp_work+0x3e/0x100 [ 28.928295] [ 28.928295] but task is already holding lock: [ 28.934241] ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 28.942639] [ 28.942639] which lock already depends on the new lock. [ 28.942639] [ 28.950928] [ 28.950928] the existing dependency chain (in reverse order) is: [ 28.958537] [ 28.958537] -> #1 ((&strp->work)){+.+.}: [ 28.964056] flush_work+0xad/0x770 [ 28.968091] __cancel_work_timer+0x321/0x460 [ 28.973011] strp_done+0x53/0xd0 [ 28.977148] kcm_ioctl+0x828/0xfb0 [ 28.981181] sock_ioctl+0x2cc/0x4c0 [ 28.985300] do_vfs_ioctl+0x75a/0xff0 [ 28.989593] SyS_ioctl+0x7f/0xb0 [ 28.993559] do_syscall_64+0x1d5/0x640 [ 28.997939] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 29.003622] [ 29.003622] -> #0 (sk_lock-AF_INET){+.+.}: [ 29.009418] lock_acquire+0x170/0x3f0 [ 29.013715] lock_sock_nested+0xb7/0x100 [ 29.018269] strp_work+0x3e/0x100 [ 29.022215] process_one_work+0x793/0x14a0 [ 29.027209] worker_thread+0x5cc/0xff0 [ 29.031592] kthread+0x30d/0x420 [ 29.035452] ret_from_fork+0x24/0x30 [ 29.040001] [ 29.040001] other info that might help us debug this: [ 29.040001] [ 29.048199] Possible unsafe locking scenario: [ 29.048199] [ 29.054224] CPU0 CPU1 [ 29.058859] ---- ---- [ 29.063493] lock((&strp->work)); [ 29.067005] lock(sk_lock-AF_INET); [ 29.073235] lock((&strp->work)); [ 29.079262] lock(sk_lock-AF_INET); [ 29.082946] [ 29.082946] *** DEADLOCK *** [ 29.082946] [ 29.088976] 2 locks held by kworker/u4:2/34: [ 29.093363] #0: ("%s""kstrp"){+.+.}, at: [] process_one_work+0x6b0/0x14a0 [ 29.102010] #1: ((&strp->work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 [ 29.110826] [ 29.110826] stack backtrace: [ 29.115302] CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 4.14.284-syzkaller #0 [ 29.122802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.132138] Workqueue: kstrp strp_work [ 29.135996] Call Trace: [ 29.138586] dump_stack+0x1b2/0x281 [ 29.142203] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.147977] __lock_acquire+0x2e0e/0x3f20 [ 29.152100] ? trace_hardirqs_on+0x10/0x10 [ 29.156310] ? trace_hardirqs_on+0x10/0x10 [ 29.160535] ? lock_acquire+0x170/0x3f0 [ 29.164498] ? lock_sock_nested+0x98/0x100 [ 29.168707] lock_acquire+0x170/0x3f0 [ 29.172579] ? strp_work+0x3e/0x100 [ 29.176184] lock_sock_nested+0xb7/0x100 [ 29.180224] ? strp_work+0x3e/0x100 [ 29.183824] strp_work+0x3e/0x100 [ 29.187251] process_one_work+0x793/0x14a0 [ 29.191468] ? work_busy+0x320/0x320 [ 29.195157] ? worker_thread+0x158/0xff0 [ 29.199193] ? _raw_spin_unlock_irq+0x24/0x80 [ 29.203663] worker_thread+0x5cc/0xff0 [ 29.207524] ? rescuer_thread+0xc80/0xc80 [ 29.211658] kthread+0x30d/0x420 [ 29.215004] ? kthread_create_on_node+0xd0/0xd0 [ 29.219649] ret_from_fork+0x24/0x30 [ 29.224384] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready