TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. netlink: 244 bytes leftover after parsing attributes in process `syz-executor.4'. ====================================================== WARNING: possible circular locking dependency detected 4.19.195-syzkaller #0 Not tainted ------------------------------------------------------ kworker/u4:5/8465 is trying to acquire lock: 000000009e08122e ((wq_completion)"events"){+.+.}, at: flush_workqueue+0xe8/0x13e0 kernel/workqueue.c:2658 but task is already holding lock: 00000000f7c10344 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:520 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (pernet_ops_rwsem){++++}: unregister_netdevice_notifier+0x7b/0x330 net/core/dev.c:1708 bcm_release+0x94/0x700 net/can/bcm.c:1525 __sock_release+0xcd/0x2a0 net/socket.c:579 sock_close+0x15/0x20 net/socket.c:1140 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline] syscall_return_slowpath arch/x86/entry/common.c:271 [inline] do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (&sb->s_type->i_mutex_key#13){+.+.}: inode_lock include/linux/fs.h:748 [inline] __sock_release+0x86/0x2a0 net/socket.c:578 sock_close+0x15/0x20 net/socket.c:1140 __fput+0x2ce/0x890 fs/file_table.c:278 delayed_fput+0x56/0x70 fs/file_table.c:304 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #1 ((delayed_fput_work).work){+.+.}: worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 -> #0 ((wq_completion)"events"){+.+.}: flush_workqueue+0x117/0x13e0 kernel/workqueue.c:2661 flush_scheduled_work include/linux/workqueue.h:599 [inline] tipc_exit_net+0x38/0x60 net/tipc/core.c:100 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 other info that might help us debug this: Chain exists of: (wq_completion)"events" --> &sb->s_type->i_mutex_key#13 --> pernet_ops_rwsem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pernet_ops_rwsem); lock(&sb->s_type->i_mutex_key#13); lock(pernet_ops_rwsem); lock((wq_completion)"events"); *** DEADLOCK *** 3 locks held by kworker/u4:5/8465: #0: 00000000e208bed5 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124 #1: 000000000882b166 (net_cleanup_work){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128 #2: 00000000f7c10344 (pernet_ops_rwsem){++++}, at: cleanup_net+0xa8/0x8b0 net/core/net_namespace.c:520 stack backtrace: CPU: 0 PID: 8465 Comm: kworker/u4:5 Not tainted 4.19.195-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 flush_workqueue+0x117/0x13e0 kernel/workqueue.c:2661 flush_scheduled_work include/linux/workqueue.h:599 [inline] tipc_exit_net+0x38/0x60 net/tipc/core.c:100 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 sctp: [Deprecated]: syz-executor.4 (pid 11544) Use of int in maxseg socket option. Use struct sctp_assoc_value instead syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) audit: type=1326 audit(1624991988.297:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11750 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 audit: type=1326 audit(1624991988.297:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11761 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 audit: type=1326 audit(1624991989.037:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11794 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) bridge0: received packet on veth1_to_bridge with own address as source address (addr:3e:45:de:9c:96:c0, vlan:0) audit: type=1326 audit(1624991989.267:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=11817 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0x0 x_tables: duplicate underflow at hook 2 x_tables: duplicate underflow at hook 2 FAT-fs (loop4): bogus number of reserved sectors FAT-fs (loop4): Can't find a valid FAT filesystem FAT-fs (loop4): bogus number of reserved sectors FAT-fs (loop4): Can't find a valid FAT filesystem audit: type=1804 audit(1624991992.787:15): pid=12143 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir292549701/syzkaller.brvql3/125/cgroup.controllers" dev="sda1" ino=14173 res=1 audit: type=1804 audit(1624991993.297:16): pid=12198 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir292549701/syzkaller.brvql3/126/cgroup.controllers" dev="sda1" ino=14165 res=1 netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.