[ 52.531603] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.541376] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.549342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.562931] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.569632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.585022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.592819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.609376] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.626449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 364.345589] random: crng init done [ 468.461311] device bridge_slave_1 left promiscuous mode [ 468.467945] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.512675] device bridge_slave_0 left promiscuous mode [ 468.522546] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.653241] device hsr_slave_1 left promiscuous mode [ 468.704322] device hsr_slave_0 left promiscuous mode [ 468.753863] team0 (unregistering): Port device team_slave_1 removed [ 468.764819] team0 (unregistering): Port device team_slave_0 removed [ 468.775313] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 468.813695] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 468.889016] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.15.233' (ECDSA) to the list of known hosts. [ 473.270533] device bridge_slave_1 left promiscuous mode [ 473.276425] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.330965] device bridge_slave_0 left promiscuous mode [ 473.336650] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.391124] device bridge_slave_1 left promiscuous mode [ 473.396625] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.431305] device bridge_slave_0 left promiscuous mode [ 473.436900] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.471774] device bridge_slave_1 left promiscuous mode [ 473.477270] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.530919] device bridge_slave_0 left promiscuous mode [ 473.536844] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.591649] device bridge_slave_1 left promiscuous mode [ 473.597170] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.660785] device bridge_slave_0 left promiscuous mode [ 473.666242] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.711238] device bridge_slave_1 left promiscuous mode [ 473.716685] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.760830] device bridge_slave_0 left promiscuous mode [ 473.766302] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.923427] device hsr_slave_1 left promiscuous mode [ 473.962591] device hsr_slave_0 left promiscuous mode [ 474.002774] team0 (unregistering): Port device team_slave_1 removed [ 474.012100] team0 (unregistering): Port device team_slave_0 removed [ 474.021218] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.062895] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.137349] bond0 (unregistering): Released all slaves [ 474.222919] device hsr_slave_1 left promiscuous mode [ 474.263411] device hsr_slave_0 left promiscuous mode [ 474.303637] team0 (unregistering): Port device team_slave_1 removed [ 474.313020] team0 (unregistering): Port device team_slave_0 removed [ 474.321976] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.362952] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.439365] bond0 (unregistering): Released all slaves [ 474.561511] device hsr_slave_1 left promiscuous mode [ 474.602327] device hsr_slave_0 left promiscuous mode [ 474.653759] team0 (unregistering): Port device team_slave_1 removed [ 474.663085] team0 (unregistering): Port device team_slave_0 removed [ 474.672348] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.744082] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.807340] bond0 (unregistering): Released all slaves [ 474.911571] device hsr_slave_1 left promiscuous mode [ 474.972253] device hsr_slave_0 left promiscuous mode [ 475.013534] team0 (unregistering): Port device team_slave_1 removed [ 475.024657] team0 (unregistering): Port device team_slave_0 removed [ 475.033569] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 475.063051] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 475.127521] bond0 (unregistering): Released all slaves [ 475.201605] device hsr_slave_1 left promiscuous mode [ 475.243220] device hsr_slave_0 left promiscuous mode [ 475.283583] team0 (unregistering): Port device team_slave_1 removed [ 475.292662] team0 (unregistering): Port device team_slave_0 removed [ 475.301794] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 475.324157] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 475.388215] bond0 (unregistering): Released all slaves [ 479.780849] IPVS: ftp: loaded support on port[0] = 21 [ 480.588390] [ 480.590174] ====================================================== [ 480.596477] WARNING: possible circular locking dependency detected [ 480.602890] 4.14.158-syzkaller #0 Not tainted [ 480.607358] ------------------------------------------------------ [ 480.613671] syz-executor412/29773 is trying to acquire lock: [ 480.619583] (((&q->adapt_timer))){+.-.}, at: [] del_timer_sync+0x76/0x1e0 [ 480.628152] [ 480.628152] but task is already holding lock: [ 480.634310] (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 480.642187] [ 480.642187] which lock already depends on the new lock. [ 480.642187] [ 480.650492] [ 480.650492] the existing dependency chain (in reverse order) is: [ 480.658091] [ 480.658091] -> #1 (&qdisc_rx_lock){+.-.}: [ 480.663831] lock_acquire+0x173/0x400 [ 480.668133] _raw_spin_lock+0x2d/0x40 [ 480.672879] pie_timer+0x6b/0x620 [ 480.677598] call_timer_fn+0x142/0x570 [ 480.682799] run_timer_softirq+0xc99/0x1210 [ 480.687680] __do_softirq+0x246/0x9b0 [ 480.692024] irq_exit+0x15f/0x1a0 [ 480.696136] smp_apic_timer_interrupt+0x149/0x5d0 [ 480.702274] apic_timer_interrupt+0x96/0xa0 [ 480.707549] debug_check_no_locks_freed+0x1ce/0x280 [ 480.713164] __raw_spin_lock_init+0x1c/0x100 [ 480.718108] get_empty_filp+0x1af/0x3b0 [ 480.722594] alloc_file+0x1f/0x400 [ 480.726738] sock_alloc_file+0x132/0x320 [ 480.731311] sock_map_fd+0x2d/0x60 [ 480.735348] SyS_socket+0xdd/0x1a0 [ 480.739402] do_syscall_64+0x1c7/0x5b0 [ 480.743883] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 480.749590] [ 480.749590] -> #0 (((&q->adapt_timer))){+.-.}: [ 480.755658] __lock_acquire+0x2e94/0x4500 [ 480.760388] lock_acquire+0x173/0x400 [ 480.764683] del_timer_sync+0xa2/0x1e0 [ 480.769076] pie_destroy+0x42/0x50 [ 480.773116] qdisc_destroy+0x123/0x2d0 [ 480.777498] sfb_change+0x261/0xa20 [ 480.781887] tc_modify_qdisc+0xb55/0x13eb [ 480.786540] rtnetlink_rcv_msg+0x34f/0x9d0 [ 480.791278] netlink_rcv_skb+0x133/0x370 [ 480.795832] rtnetlink_rcv+0x10/0x20 [ 480.800041] netlink_unicast+0x40d/0x5f0 [ 480.804680] netlink_sendmsg+0x730/0xbd0 [ 480.809409] sock_sendmsg+0xb5/0xf0 [ 480.813527] ___sys_sendmsg+0x625/0x920 [ 480.818008] __sys_sendmsg+0xc1/0x140 [ 480.822309] SyS_sendmsg+0xd/0x20 [ 480.826321] do_syscall_64+0x1c7/0x5b0 [ 480.830726] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 480.836849] [ 480.836849] other info that might help us debug this: [ 480.836849] [ 480.844967] Possible unsafe locking scenario: [ 480.844967] [ 480.850998] CPU0 CPU1 [ 480.855665] ---- ---- [ 480.860309] lock(&qdisc_rx_lock); [ 480.863911] lock(((&q->adapt_timer))); [ 480.870465] lock(&qdisc_rx_lock); [ 480.876594] lock(((&q->adapt_timer))); [ 480.880634] [ 480.880634] *** DEADLOCK *** [ 480.880634] [ 480.887630] 2 locks held by syz-executor412/29773: [ 480.892528] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x2c1/0x9d0 [ 480.901086] #1: (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 480.909562] [ 480.909562] stack backtrace: [ 480.914040] CPU: 0 PID: 29773 Comm: syz-executor412 Not tainted 4.14.158-syzkaller #0 [ 480.921974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.931313] Call Trace: [ 480.933917] dump_stack+0xf7/0x13b [ 480.937450] print_circular_bug.isra.40.cold.67+0x1bd/0x27d [ 480.943135] ? save_trace+0xe0/0x290 [ 480.946822] __lock_acquire+0x2e94/0x4500 [ 480.951030] ? kfree+0xcc/0x270 [ 480.954282] ? fifo_set_limit+0x187/0x1f0 [ 480.958400] ? fifo_create_dflt+0x72/0xe0 [ 480.962537] ? trace_hardirqs_on+0x10/0x10 [ 480.966752] ? debug_check_no_obj_freed+0x2f0/0x930 [ 480.972188] ? trace_hardirqs_off+0x10/0x10 [ 480.976489] ? mark_held_locks+0xc7/0x130 [ 480.980620] lock_acquire+0x173/0x400 [ 480.984404] ? del_timer_sync+0x76/0x1e0 [ 480.988437] ? __lock_is_held+0xb5/0x140 [ 480.992470] del_timer_sync+0xa2/0x1e0 [ 480.996331] ? del_timer_sync+0x76/0x1e0 [ 481.000377] pie_destroy+0x42/0x50 [ 481.003894] qdisc_destroy+0x123/0x2d0 [ 481.007755] sfb_change+0x261/0xa20 [ 481.011527] ? sfb_graft+0x220/0x220 [ 481.015475] ? nla_strcmp+0x9b/0xe0 [ 481.019073] tc_modify_qdisc+0xb55/0x13eb [ 481.023309] ? qdisc_create+0xcf0/0xcf0 [ 481.027271] rtnetlink_rcv_msg+0x34f/0x9d0 [ 481.031497] ? rtnl_bridge_getlink+0x760/0x760 [ 481.036058] ? find_held_lock+0x36/0x1d0 [ 481.040099] netlink_rcv_skb+0x133/0x370 [ 481.044134] ? rtnl_bridge_getlink+0x760/0x760 [ 481.048794] ? netlink_ack+0xa00/0xa00 [ 481.052653] ? netlink_deliver_tap+0x8e/0x920 [ 481.057399] rtnetlink_rcv+0x10/0x20 [ 481.061086] netlink_unicast+0x40d/0x5f0 [ 481.065214] ? netlink_attachskb+0x6e0/0x6e0 [ 481.069594] netlink_sendmsg+0x730/0xbd0 [ 481.073634] ? netlink_unicast+0x5f0/0x5f0 [ 481.077845] ? selinux_socket_sendmsg+0x31/0x40 [ 481.082499] ? security_socket_sendmsg+0x6a/0xa0 [ 481.087223] ? netlink_unicast+0x5f0/0x5f0 [ 481.091429] sock_sendmsg+0xb5/0xf0 [ 481.095025] ___sys_sendmsg+0x625/0x920 [ 481.098982] ? trace_hardirqs_off+0x10/0x10 [ 481.103276] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 481.108003] ? find_held_lock+0x36/0x1d0 [ 481.112036] ? lock_downgrade+0x7f0/0x7f0 [ 481.116157] ? __fget+0x1ca/0x2f0 [ 481.119591] ? __fget_light+0x166/0x200 [ 481.123578] ? __fdget+0xe/0x10 [ 481.126834] ? sockfd_lookup_light+0x1c/0x150 [ 481.131310] __sys_sendmsg+0xc1/0x140 [ 481.135087] ? SyS_shutdown+0x180/0x180 [ 481.139041] ? do_futex+0x1760/0x1760 [ 481.143342] ? SyS_futex+0xf1/0x250 [ 481.147037] ? do_syscall_64+0x4c/0x5b0 [ 481.150984] ? __sys_sendmsg+0x140/0x140 [ 481.155017] SyS_sendmsg+0xd/0x20 [ 481.158453] do_syscall_64+0x1c7/0x5b0 [ 481.162332] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.167146] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 481.173011] RIP: 0033:0x446cd9 [ 481.176194] RSP: 002b:00007f7dd60f5db8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 481.183942] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446cd9 [ 481.191192] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 481.198438] RBP: 00000000006dbc50 R08: 0000000000000028 R09: 0000000000000000 [ 481.205706] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dbc5c [ 481.212949] R13: 00007ffc96a36f7f R14: 00007f7dd60f69c0 R15: 0000000000000001