[ 56.224421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.234380] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.269005] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.279795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.287968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.304977] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.311452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.326214] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.335555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 304.349798] random: crng init done [ 472.291434] device bridge_slave_1 left promiscuous mode [ 472.297337] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.333812] device bridge_slave_0 left promiscuous mode [ 472.339304] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.446128] device hsr_slave_1 left promiscuous mode [ 472.533778] device hsr_slave_0 left promiscuous mode [ 472.573206] team0 (unregistering): Port device team_slave_1 removed [ 472.583283] team0 (unregistering): Port device team_slave_0 removed [ 472.592851] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 472.633849] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 472.697190] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. [ 477.240538] device bridge_slave_1 left promiscuous mode [ 477.246073] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.300702] device bridge_slave_0 left promiscuous mode [ 477.306242] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.341129] device bridge_slave_1 left promiscuous mode [ 477.346591] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.400693] device bridge_slave_0 left promiscuous mode [ 477.406179] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.461011] device bridge_slave_1 left promiscuous mode [ 477.466515] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.520989] device bridge_slave_0 left promiscuous mode [ 477.526493] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.581097] device bridge_slave_1 left promiscuous mode [ 477.586565] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.640757] device bridge_slave_0 left promiscuous mode [ 477.646229] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.701076] device bridge_slave_1 left promiscuous mode [ 477.706622] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.741146] device bridge_slave_0 left promiscuous mode [ 477.746762] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.964348] device hsr_slave_1 left promiscuous mode [ 478.002246] device hsr_slave_0 left promiscuous mode [ 478.042529] team0 (unregistering): Port device team_slave_1 removed [ 478.051988] team0 (unregistering): Port device team_slave_0 removed [ 478.061694] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 478.113972] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 478.165473] bond0 (unregistering): Released all slaves [ 478.252945] device hsr_slave_1 left promiscuous mode [ 478.293392] device hsr_slave_0 left promiscuous mode [ 478.333637] team0 (unregistering): Port device team_slave_1 removed [ 478.342724] team0 (unregistering): Port device team_slave_0 removed [ 478.352278] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 478.382889] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 478.455908] bond0 (unregistering): Released all slaves [ 478.542389] device hsr_slave_1 left promiscuous mode [ 478.583382] device hsr_slave_0 left promiscuous mode [ 478.643543] team0 (unregistering): Port device team_slave_1 removed [ 478.652309] team0 (unregistering): Port device team_slave_0 removed [ 478.661872] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 478.713489] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 478.766655] bond0 (unregistering): Released all slaves [ 478.862373] device hsr_slave_1 left promiscuous mode [ 478.903407] device hsr_slave_0 left promiscuous mode [ 478.943722] team0 (unregistering): Port device team_slave_1 removed [ 478.952434] team0 (unregistering): Port device team_slave_0 removed [ 478.960925] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 479.002933] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 479.055876] bond0 (unregistering): Released all slaves [ 479.192876] device hsr_slave_1 left promiscuous mode [ 479.233304] device hsr_slave_0 left promiscuous mode [ 479.273574] team0 (unregistering): Port device team_slave_1 removed [ 479.282348] team0 (unregistering): Port device team_slave_0 removed [ 479.293037] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 479.323397] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 479.394615] bond0 (unregistering): Released all slaves [ 484.040988] IPVS: ftp: loaded support on port[0] = 21 [ 484.855785] [ 484.857432] ====================================================== [ 484.863724] WARNING: possible circular locking dependency detected [ 484.870028] 4.14.172-syzkaller #0 Not tainted [ 484.874592] ------------------------------------------------------ [ 484.880889] syz-executor180/19708 is trying to acquire lock: [ 484.886711] (((&q->adapt_timer))){+.-.}, at: [] del_timer_sync+0x76/0x1e0 [ 484.895268] [ 484.895268] but task is already holding lock: [ 484.901263] (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 484.909140] [ 484.909140] which lock already depends on the new lock. [ 484.909140] [ 484.917432] [ 484.917432] the existing dependency chain (in reverse order) is: [ 484.925023] [ 484.925023] -> #1 (&qdisc_rx_lock){+.-.}: [ 484.930633] lock_acquire+0x173/0x400 [ 484.934928] _raw_spin_lock+0x2d/0x40 [ 484.939227] pie_timer+0x6b/0x620 [ 484.943176] call_timer_fn+0x142/0x570 [ 484.947559] run_timer_softirq+0xc99/0x1210 [ 484.952383] __do_softirq+0x246/0x9b0 [ 484.956680] irq_exit+0x15f/0x1a0 [ 484.960625] smp_apic_timer_interrupt+0x149/0x5d0 [ 484.966054] apic_timer_interrupt+0x96/0xa0 [ 484.970876] lock_is_held_type+0x8a/0x210 [ 484.975520] ___might_sleep+0x1fe/0x2a0 [ 484.979999] __might_sleep+0x93/0xb0 [ 484.984215] down_write+0x1d/0x90 [ 484.988175] __anon_vma_prepare+0xa6/0x330 [ 484.993250] __handle_mm_fault+0x2a71/0x3870 [ 484.998166] handle_mm_fault+0x234/0x6e0 [ 485.002723] __do_page_fault+0x44d/0xb00 [ 485.007279] do_page_fault+0x64/0x3fb [ 485.011588] page_fault+0x45/0x50 [ 485.015544] [ 485.015544] -> #0 (((&q->adapt_timer))){+.-.}: [ 485.021589] __lock_acquire+0x2e94/0x4500 [ 485.026231] lock_acquire+0x173/0x400 [ 485.030546] del_timer_sync+0xa2/0x1e0 [ 485.034937] pie_destroy+0x42/0x50 [ 485.038988] qdisc_destroy+0x123/0x2d0 [ 485.043377] sfb_change+0x261/0xa20 [ 485.047515] tc_modify_qdisc+0xb55/0x13eb [ 485.052175] rtnetlink_rcv_msg+0x34f/0x9d0 [ 485.057949] netlink_rcv_skb+0x133/0x370 [ 485.062515] rtnetlink_rcv+0x10/0x20 [ 485.066736] netlink_unicast+0x40d/0x5f0 [ 485.071383] netlink_sendmsg+0x730/0xbd0 [ 485.075941] sock_sendmsg+0xb5/0xf0 [ 485.080069] ___sys_sendmsg+0x625/0x920 [ 485.084538] __sys_sendmsg+0xc1/0x140 [ 485.088848] SyS_sendmsg+0xd/0x20 [ 485.092803] do_syscall_64+0x1c7/0x5b0 [ 485.097192] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 485.102891] [ 485.102891] other info that might help us debug this: [ 485.102891] [ 485.111267] Possible unsafe locking scenario: [ 485.111267] [ 485.117307] CPU0 CPU1 [ 485.121948] ---- ---- [ 485.126593] lock(&qdisc_rx_lock); [ 485.130198] lock(((&q->adapt_timer))); [ 485.136752] lock(&qdisc_rx_lock); [ 485.142885] lock(((&q->adapt_timer))); [ 485.146926] [ 485.146926] *** DEADLOCK *** [ 485.146926] [ 485.152963] 2 locks held by syz-executor180/19708: [ 485.157864] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x2c1/0x9d0 [ 485.166441] #1: (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 485.174749] [ 485.174749] stack backtrace: [ 485.179228] CPU: 0 PID: 19708 Comm: syz-executor180 Not tainted 4.14.172-syzkaller #0 [ 485.187188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.196525] Call Trace: [ 485.199101] dump_stack+0xf7/0x13b [ 485.202629] print_circular_bug.isra.40.cold.67+0x1bd/0x27d [ 485.208323] ? save_trace+0xe0/0x290 [ 485.212129] __lock_acquire+0x2e94/0x4500 [ 485.216257] ? kfree+0xcc/0x270 [ 485.219516] ? fifo_set_limit+0x187/0x1f0 [ 485.223641] ? fifo_create_dflt+0x72/0xe0 [ 485.227767] ? trace_hardirqs_on+0x10/0x10 [ 485.231977] ? debug_check_no_obj_freed+0x2f0/0x930 [ 485.236978] ? trace_hardirqs_off+0x10/0x10 [ 485.241283] ? mark_held_locks+0xc7/0x130 [ 485.245417] lock_acquire+0x173/0x400 [ 485.249191] ? del_timer_sync+0x76/0x1e0 [ 485.253228] ? __lock_is_held+0xb5/0x140 [ 485.257264] del_timer_sync+0xa2/0x1e0 [ 485.261140] ? del_timer_sync+0x76/0x1e0 [ 485.265181] pie_destroy+0x42/0x50 [ 485.268696] qdisc_destroy+0x123/0x2d0 [ 485.272568] sfb_change+0x261/0xa20 [ 485.276194] ? sfb_graft+0x220/0x220 [ 485.279906] ? nla_strcmp+0x9b/0xe0 [ 485.283512] tc_modify_qdisc+0xb55/0x13eb [ 485.287640] ? qdisc_create+0xcf0/0xcf0 [ 485.291657] rtnetlink_rcv_msg+0x34f/0x9d0 [ 485.295873] ? rtnl_bridge_getlink+0x760/0x760 [ 485.300447] ? find_held_lock+0x36/0x1d0 [ 485.304487] netlink_rcv_skb+0x133/0x370 [ 485.308524] ? rtnl_bridge_getlink+0x760/0x760 [ 485.313084] ? netlink_ack+0xa00/0xa00 [ 485.316944] ? netlink_deliver_tap+0x8e/0x920 [ 485.321415] rtnetlink_rcv+0x10/0x20 [ 485.325100] netlink_unicast+0x40d/0x5f0 [ 485.329198] ? netlink_attachskb+0x6e0/0x6e0 [ 485.333585] netlink_sendmsg+0x730/0xbd0 [ 485.337667] ? netlink_unicast+0x5f0/0x5f0 [ 485.341878] ? selinux_socket_sendmsg+0x31/0x40 [ 485.346521] ? security_socket_sendmsg+0x6a/0xa0 [ 485.351256] ? netlink_unicast+0x5f0/0x5f0 [ 485.355466] sock_sendmsg+0xb5/0xf0 [ 485.359067] ___sys_sendmsg+0x625/0x920 [ 485.363016] ? trace_hardirqs_off+0x10/0x10 [ 485.367312] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 485.372044] ? find_held_lock+0x36/0x1d0 [ 485.376089] ? lock_downgrade+0x7f0/0x7f0 [ 485.380211] ? __fget+0x1ca/0x2f0 [ 485.383636] ? __fget_light+0x166/0x200 [ 485.387585] ? __fdget+0xe/0x10 [ 485.390861] ? sockfd_lookup_light+0x1c/0x150 [ 485.395440] __sys_sendmsg+0xc1/0x140 [ 485.399217] ? SyS_shutdown+0x180/0x180 [ 485.403166] ? do_futex+0x1760/0x1760 [ 485.406942] ? SyS_futex+0xf1/0x250 [ 485.410545] ? do_syscall_64+0x4c/0x5b0 [ 485.414492] ? __sys_sendmsg+0x140/0x140 [ 485.418531] SyS_sendmsg+0xd/0x20 [ 485.421960] do_syscall_64+0x1c7/0x5b0 [ 485.425847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 485.430678] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 485.435843] RIP: 0033:0x446cd9 [ 485.439008] RSP: 002b:00007fea63a0fdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.446699] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446cd9 [ 485.453960] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 485.461217] RBP: 00000000006dbc50 R08: 0000000000000028 R09: 0000000000000000 [ 485.468480] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dbc5c [ 485.475729] R13: 00007ffdca08640f R14: 00007fea63a109c0 R15: 0000000000000001