[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. syzkaller login: [ 78.935718][ T8460] chnl_net:caif_netlink_parms(): no params data found [ 79.022783][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.032502][ T8460] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.041642][ T8460] device bridge_slave_0 entered promiscuous mode [ 79.052326][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.060405][ T8460] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.068875][ T8460] device bridge_slave_1 entered promiscuous mode [ 79.100122][ T8460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.112106][ T8460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.145089][ T8460] team0: Port device team_slave_0 added [ 79.152767][ T8460] team0: Port device team_slave_1 added [ 79.181110][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.188142][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.215428][ T8460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.229759][ T8460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.237286][ T8460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.264463][ T8460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.305307][ T8460] device hsr_slave_0 entered promiscuous mode [ 79.313035][ T8460] device hsr_slave_1 entered promiscuous mode [ 79.442743][ T8460] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.459792][ T8460] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.470722][ T8460] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.482207][ T8460] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.511275][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.518530][ T8460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.526865][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.534144][ T8460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.580122][ T8460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.594211][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.608128][ T3172] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.618298][ T3172] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.628852][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.642857][ T8460] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.655417][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.665224][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.672517][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.686566][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.694965][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.702300][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.727624][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.737424][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.746557][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.759610][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.775161][ T8460] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.788506][ T8460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.797915][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.819143][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.827531][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.841568][ T8460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.863083][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.883663][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.892099][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.901524][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.914213][ T8460] device veth0_vlan entered promiscuous mode [ 79.927377][ T8460] device veth1_vlan entered promiscuous mode [ 79.951226][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 79.961024][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 79.974099][ T8460] device veth0_macvtap entered promiscuous mode [ 79.986269][ T8460] device veth1_macvtap entered promiscuous mode [ 80.012556][ T8460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.020875][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 80.031349][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 80.040391][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 80.049675][ T8778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 80.061900][ T8460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.070966][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 80.080445][ T3172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 80.093917][ T8460] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.103249][ T8460] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 80.112413][ T8460] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.121221][ T8460] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.171608][ T8460] [ 80.173949][ T8460] ====================================================== [ 80.181144][ T8460] WARNING: possible circular locking dependency detected [ 80.188147][ T8460] 5.14.0-rc2-syzkaller #0 Not tainted [ 80.193504][ T8460] ------------------------------------------------------ [ 80.201402][ T8460] syz-executor772/8460 is trying to acquire lock: [ 80.207808][ T8460] ffffffff8d0a9608 (br_ioctl_mutex){+.+.}-{3:3}, at: br_ioctl_call+0x3b/0xa0 [ 80.216604][ T8460] [ 80.216604][ T8460] but task is already holding lock: [ 80.223971][ T8460] ffffffff8d0cb568 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 [ 80.232307][ T8460] [ 80.232307][ T8460] which lock already depends on the new lock. [ 80.232307][ T8460] [ 80.242686][ T8460] [ 80.242686][ T8460] the existing dependency chain (in reverse order) is: [ 80.251774][ T8460] [ 80.251774][ T8460] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 80.258975][ T8460] __mutex_lock+0x12a/0x10a0 [ 80.264081][ T8460] register_netdev+0x11/0x50 [ 80.269178][ T8460] br_add_bridge+0x97/0xf0 [ 80.274193][ T8460] br_ioctl_stub+0x750/0x7f0 [ 80.279407][ T8460] br_ioctl_call+0x5e/0xa0 [ 80.284341][ T8460] sock_ioctl+0x30c/0x640 [ 80.289178][ T8460] __x64_sys_ioctl+0x193/0x200 [ 80.294481][ T8460] do_syscall_64+0x35/0xb0 [ 80.299430][ T8460] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.305935][ T8460] [ 80.305935][ T8460] -> #0 (br_ioctl_mutex){+.+.}-{3:3}: [ 80.313467][ T8460] __lock_acquire+0x2a07/0x54a0 [ 80.318834][ T8460] lock_acquire+0x1ab/0x510 [ 80.324011][ T8460] __mutex_lock+0x12a/0x10a0 [ 80.329113][ T8460] br_ioctl_call+0x3b/0xa0 [ 80.334124][ T8460] dev_ifsioc+0xc1f/0xf60 [ 80.338958][ T8460] dev_ioctl+0x1b9/0xee0 [ 80.343700][ T8460] sock_do_ioctl+0x18b/0x210 [ 80.348792][ T8460] sock_ioctl+0x2f1/0x640 [ 80.353640][ T8460] __x64_sys_ioctl+0x193/0x200 [ 80.359174][ T8460] do_syscall_64+0x35/0xb0 [ 80.364099][ T8460] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.370593][ T8460] [ 80.370593][ T8460] other info that might help us debug this: [ 80.370593][ T8460] [ 80.380887][ T8460] Possible unsafe locking scenario: [ 80.380887][ T8460] [ 80.388328][ T8460] CPU0 CPU1 [ 80.394454][ T8460] ---- ---- [ 80.399819][ T8460] lock(rtnl_mutex); [ 80.403879][ T8460] lock(br_ioctl_mutex); [ 80.410805][ T8460] lock(rtnl_mutex); [ 80.417287][ T8460] lock(br_ioctl_mutex); [ 80.421616][ T8460] [ 80.421616][ T8460] *** DEADLOCK *** [ 80.421616][ T8460] [ 80.430017][ T8460] 1 lock held by syz-executor772/8460: [ 80.435677][ T8460] #0: ffffffff8d0cb568 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x1a7/0xee0 [ 80.444685][ T8460] [ 80.444685][ T8460] stack backtrace: [ 80.450551][ T8460] CPU: 0 PID: 8460 Comm: syz-executor772 Not tainted 5.14.0-rc2-syzkaller #0 [ 80.459551][ T8460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.469956][ T8460] Call Trace: [ 80.473510][ T8460] dump_stack_lvl+0xcd/0x134 [ 80.478191][ T8460] check_noncircular+0x25f/0x2e0 [ 80.483115][ T8460] ? print_circular_bug+0x1e0/0x1e0 [ 80.488487][ T8460] ? is_bpf_text_address+0x99/0x170 [ 80.493676][ T8460] ? lockdep_lock+0xc6/0x200 [ 80.498262][ T8460] ? call_rcu_zapped+0xb0/0xb0 [ 80.503017][ T8460] __lock_acquire+0x2a07/0x54a0 [ 80.507940][ T8460] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 80.513921][ T8460] lock_acquire+0x1ab/0x510 [ 80.518404][ T8460] ? br_ioctl_call+0x3b/0xa0 [ 80.523236][ T8460] ? lock_release+0x720/0x720 [ 80.528012][ T8460] __mutex_lock+0x12a/0x10a0 [ 80.532846][ T8460] ? br_ioctl_call+0x3b/0xa0 [ 80.537508][ T8460] ? br_ioctl_call+0x3b/0xa0 [ 80.542179][ T8460] ? mutex_lock_io_nested+0xf00/0xf00 [ 80.549358][ T8460] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.555686][ T8460] ? full_name_hash+0xb5/0xf0 [ 80.560787][ T8460] br_ioctl_call+0x3b/0xa0 [ 80.565278][ T8460] dev_ifsioc+0xc1f/0xf60 [ 80.569591][ T8460] ? dev_load+0x79/0x200 [ 80.573829][ T8460] ? sock_diag_broadcast_destroy+0x1a0/0x1a0 [ 80.579880][ T8460] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.586118][ T8460] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.592437][ T8460] ? netdev_name_node_lookup_rcu+0x108/0x150 [ 80.598584][ T8460] dev_ioctl+0x1b9/0xee0 [ 80.602824][ T8460] sock_do_ioctl+0x18b/0x210 [ 80.607411][ T8460] ? put_user_ifreq+0x140/0x140 [ 80.612423][ T8460] sock_ioctl+0x2f1/0x640 [ 80.616868][ T8460] ? br_ioctl_call+0xa0/0xa0 [ 80.621761][ T8460] ? lock_downgrade+0x6e0/0x6e0 [ 80.626712][ T8460] ? lock_downgrade+0x6e0/0x6e0 [ 80.631642][ T8460] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 80.637878][ T8460] ? br_ioctl_call+0xa0/0xa0 [ 80.642465][ T8460] __x64_sys_ioctl+0x193/0x200 [ 80.647320][ T8460] do_syscall_64+0x35/0xb0 [ 80.651783][ T8460] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 80.657690][ T8460] RIP: 0033:0x4431f9 [ 80.661576][ T8460] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 80.681494][ T8460] RSP: 002b:00007ffd0ab19648 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.690075][ T8460] RAX: ffffffffffffffda RBX: 00007ffd0ab19658 RCX: 00000000004431f9 [ 80.698139][ T8460] RDX: 0000000020000000 RSI: 00000000000089a2 RDI: 0000000000000004 [ 80.706097][ T8460] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 80.714224][ T8460] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd0ab19660 [ 80.722205][ T8460] R13