[ 52.038533] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.046566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.054235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.065462] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.074376] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.081371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.094452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.118732] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.129784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 356.678878] random: crng init done [ 468.381267] device bridge_slave_1 left promiscuous mode [ 468.386978] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.462465] device bridge_slave_0 left promiscuous mode [ 468.468147] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.584939] device hsr_slave_1 left promiscuous mode [ 468.652683] device hsr_slave_0 left promiscuous mode [ 468.704605] team0 (unregistering): Port device team_slave_1 removed [ 468.713776] team0 (unregistering): Port device team_slave_0 removed [ 468.723444] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 468.764367] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 468.829623] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. [ 473.460414] device bridge_slave_1 left promiscuous mode [ 473.465914] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.540703] device bridge_slave_0 left promiscuous mode [ 473.546308] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.591676] device bridge_slave_1 left promiscuous mode [ 473.597150] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.651797] device bridge_slave_0 left promiscuous mode [ 473.657320] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.691543] device bridge_slave_1 left promiscuous mode [ 473.697010] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.750777] device bridge_slave_0 left promiscuous mode [ 473.756249] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.811371] device bridge_slave_1 left promiscuous mode [ 473.816832] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.851256] device bridge_slave_0 left promiscuous mode [ 473.856812] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.911362] device bridge_slave_1 left promiscuous mode [ 473.916825] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.950985] device bridge_slave_0 left promiscuous mode [ 473.956607] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.122621] device hsr_slave_1 left promiscuous mode [ 474.162293] device hsr_slave_0 left promiscuous mode [ 474.203168] team0 (unregistering): Port device team_slave_1 removed [ 474.212885] team0 (unregistering): Port device team_slave_0 removed [ 474.221833] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.262918] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.327484] bond0 (unregistering): Released all slaves [ 474.433582] device hsr_slave_1 left promiscuous mode [ 474.482199] device hsr_slave_0 left promiscuous mode [ 474.523070] team0 (unregistering): Port device team_slave_1 removed [ 474.532823] team0 (unregistering): Port device team_slave_0 removed [ 474.541868] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.573891] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.648804] bond0 (unregistering): Released all slaves [ 474.731458] device hsr_slave_1 left promiscuous mode [ 474.772226] device hsr_slave_0 left promiscuous mode [ 474.823817] team0 (unregistering): Port device team_slave_1 removed [ 474.833040] team0 (unregistering): Port device team_slave_0 removed [ 474.842929] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 474.884336] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 474.958462] bond0 (unregistering): Released all slaves [ 475.052175] device hsr_slave_1 left promiscuous mode [ 475.102298] device hsr_slave_0 left promiscuous mode [ 475.154393] team0 (unregistering): Port device team_slave_1 removed [ 475.163456] team0 (unregistering): Port device team_slave_0 removed [ 475.173239] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 475.222579] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 475.278012] bond0 (unregistering): Released all slaves [ 475.413388] device hsr_slave_1 left promiscuous mode [ 475.482568] device hsr_slave_0 left promiscuous mode [ 475.522406] team0 (unregistering): Port device team_slave_1 removed [ 475.531852] team0 (unregistering): Port device team_slave_0 removed [ 475.541254] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 475.592412] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 475.677739] bond0 (unregistering): Released all slaves [ 480.050824] IPVS: ftp: loaded support on port[0] = 21 [ 480.785858] [ 480.787551] ====================================================== [ 480.793891] WARNING: possible circular locking dependency detected [ 480.800203] 4.14.163-syzkaller #0 Not tainted [ 480.804674] ------------------------------------------------------ [ 480.810980] syz-executor845/28598 is trying to acquire lock: [ 480.816749] (((&q->adapt_timer))){+.-.}, at: [] del_timer_sync+0x76/0x1e0 [ 480.825381] [ 480.825381] but task is already holding lock: [ 480.831329] (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 480.839264] [ 480.839264] which lock already depends on the new lock. [ 480.839264] [ 480.847599] [ 480.847599] the existing dependency chain (in reverse order) is: [ 480.855207] [ 480.855207] -> #1 (&qdisc_rx_lock){+.-.}: [ 480.860951] lock_acquire+0x173/0x400 [ 480.865333] _raw_spin_lock+0x2d/0x40 [ 480.869698] pie_timer+0x6b/0x620 [ 480.873654] call_timer_fn+0x142/0x570 [ 480.878048] run_timer_softirq+0xc99/0x1210 [ 480.882867] __do_softirq+0x246/0x9b0 [ 480.887166] irq_exit+0x15f/0x1a0 [ 480.891116] smp_apic_timer_interrupt+0x149/0x5d0 [ 480.896465] apic_timer_interrupt+0x96/0xa0 [ 480.901284] console_unlock+0x90d/0xe30 [ 480.905759] vprintk_emit+0x1b4/0x4e0 [ 480.910057] vprintk_default+0x1a/0x20 [ 480.914442] vprintk_func+0x49/0x12c [ 480.918661] printk+0x91/0xab [ 480.922304] __netdev_printk.cold.167+0xc8/0x130 [ 480.927595] netdev_info+0xbd/0xe0 [ 480.931638] bond_enslave+0x16a7/0x4a80 [ 480.936153] do_set_master+0x163/0x1f0 [ 480.940553] do_setlink+0x9dd/0x2c50 [ 480.944784] rtnl_newlink+0xe0c/0x1390 [ 480.949171] rtnetlink_rcv_msg+0x34f/0x9d0 [ 480.953946] netlink_rcv_skb+0x133/0x370 [ 480.958519] rtnetlink_rcv+0x10/0x20 [ 480.962745] netlink_unicast+0x40d/0x5f0 [ 480.967347] netlink_sendmsg+0x730/0xbd0 [ 480.971964] sock_sendmsg+0xb5/0xf0 [ 480.976089] SYSC_sendto+0x1e3/0x2c0 [ 480.980303] SyS_sendto+0x9/0x10 [ 480.984183] do_syscall_64+0x1c7/0x5b0 [ 480.988588] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 480.994313] [ 480.994313] -> #0 (((&q->adapt_timer))){+.-.}: [ 481.000426] __lock_acquire+0x2e94/0x4500 [ 481.005079] lock_acquire+0x173/0x400 [ 481.009515] del_timer_sync+0xa2/0x1e0 [ 481.013901] pie_destroy+0x42/0x50 [ 481.017995] qdisc_destroy+0x123/0x2d0 [ 481.022381] sfb_change+0x261/0xa20 [ 481.026505] tc_modify_qdisc+0xb55/0x13eb [ 481.031279] rtnetlink_rcv_msg+0x34f/0x9d0 [ 481.036021] netlink_rcv_skb+0x133/0x370 [ 481.040588] rtnetlink_rcv+0x10/0x20 [ 481.044811] netlink_unicast+0x40d/0x5f0 [ 481.049373] netlink_sendmsg+0x730/0xbd0 [ 481.053933] sock_sendmsg+0xb5/0xf0 [ 481.058100] ___sys_sendmsg+0x625/0x920 [ 481.062572] __sys_sendmsg+0xc1/0x140 [ 481.066869] SyS_sendmsg+0xd/0x20 [ 481.070817] do_syscall_64+0x1c7/0x5b0 [ 481.075219] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 481.080915] [ 481.080915] other info that might help us debug this: [ 481.080915] [ 481.089034] Possible unsafe locking scenario: [ 481.089034] [ 481.095074] CPU0 CPU1 [ 481.099718] ---- ---- [ 481.104365] lock(&qdisc_rx_lock); [ 481.108010] lock(((&q->adapt_timer))); [ 481.114608] lock(&qdisc_rx_lock); [ 481.120777] lock(((&q->adapt_timer))); [ 481.124815] [ 481.124815] *** DEADLOCK *** [ 481.124815] [ 481.130908] 2 locks held by syz-executor845/28598: [ 481.135814] #0: (rtnl_mutex){+.+.}, at: [] rtnetlink_rcv_msg+0x2c1/0x9d0 [ 481.144500] #1: (&qdisc_rx_lock){+.-.}, at: [] sfb_change+0x1a3/0xa20 [ 481.152804] [ 481.152804] stack backtrace: [ 481.157278] CPU: 1 PID: 28598 Comm: syz-executor845 Not tainted 4.14.163-syzkaller #0 [ 481.165448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.174853] Call Trace: [ 481.177450] dump_stack+0xf7/0x13b [ 481.181012] print_circular_bug.isra.40.cold.67+0x1bd/0x27d [ 481.186729] ? save_trace+0xe0/0x290 [ 481.190425] __lock_acquire+0x2e94/0x4500 [ 481.194552] ? kfree+0xcc/0x270 [ 481.197816] ? fifo_set_limit+0x187/0x1f0 [ 481.201939] ? fifo_create_dflt+0x72/0xe0 [ 481.206113] ? trace_hardirqs_on+0x10/0x10 [ 481.210330] ? debug_check_no_obj_freed+0x2f0/0x930 [ 481.215415] ? trace_hardirqs_off+0x10/0x10 [ 481.219735] ? mark_held_locks+0xc7/0x130 [ 481.223875] lock_acquire+0x173/0x400 [ 481.227656] ? del_timer_sync+0x76/0x1e0 [ 481.231696] ? __lock_is_held+0xb5/0x140 [ 481.235737] del_timer_sync+0xa2/0x1e0 [ 481.239650] ? del_timer_sync+0x76/0x1e0 [ 481.243693] pie_destroy+0x42/0x50 [ 481.247210] qdisc_destroy+0x123/0x2d0 [ 481.251074] sfb_change+0x261/0xa20 [ 481.254676] ? sfb_graft+0x220/0x220 [ 481.258426] ? nla_strcmp+0x9b/0xe0 [ 481.262043] tc_modify_qdisc+0xb55/0x13eb [ 481.266185] ? qdisc_create+0xcf0/0xcf0 [ 481.270184] rtnetlink_rcv_msg+0x34f/0x9d0 [ 481.274399] ? rtnl_bridge_getlink+0x760/0x760 [ 481.278962] ? find_held_lock+0x36/0x1d0 [ 481.283010] netlink_rcv_skb+0x133/0x370 [ 481.287064] ? rtnl_bridge_getlink+0x760/0x760 [ 481.291637] ? netlink_ack+0xa00/0xa00 [ 481.295504] ? netlink_deliver_tap+0x8e/0x920 [ 481.299990] rtnetlink_rcv+0x10/0x20 [ 481.303684] netlink_unicast+0x40d/0x5f0 [ 481.307726] ? netlink_attachskb+0x6e0/0x6e0 [ 481.312111] netlink_sendmsg+0x730/0xbd0 [ 481.316164] ? netlink_unicast+0x5f0/0x5f0 [ 481.320429] ? selinux_socket_sendmsg+0x31/0x40 [ 481.325089] ? security_socket_sendmsg+0x6a/0xa0 [ 481.329834] ? netlink_unicast+0x5f0/0x5f0 [ 481.334100] sock_sendmsg+0xb5/0xf0 [ 481.337720] ___sys_sendmsg+0x625/0x920 [ 481.341745] ? trace_hardirqs_off+0x10/0x10 [ 481.346055] ? copy_msghdr_from_user+0x3f0/0x3f0 [ 481.350790] ? find_held_lock+0x36/0x1d0 [ 481.354828] ? lock_downgrade+0x7f0/0x7f0 [ 481.359063] ? __fget+0x1ca/0x2f0 [ 481.362500] ? __fget_light+0x166/0x200 [ 481.366451] ? __fdget+0xe/0x10 [ 481.369720] ? sockfd_lookup_light+0x1c/0x150 [ 481.374196] __sys_sendmsg+0xc1/0x140 [ 481.378015] ? SyS_shutdown+0x180/0x180 [ 481.381970] ? do_futex+0x1760/0x1760 [ 481.385749] ? SyS_futex+0xf1/0x250 [ 481.389354] ? do_syscall_64+0x4c/0x5b0 [ 481.393304] ? __sys_sendmsg+0x140/0x140 [ 481.397348] SyS_sendmsg+0xd/0x20 [ 481.400777] do_syscall_64+0x1c7/0x5b0 [ 481.404638] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.409458] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 481.414622] RIP: 0033:0x446cd9 [ 481.417787] RSP: 002b:00007fa52861edb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 481.425468] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446cd9 [ 481.432887] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 481.440133] RBP: 00000000006dbc50 R08: 0000000000000028 R09: 0000000000000000 [ 481.447393] R10: 0000000000000002 R11: 0000000000000246 R12: 00000000006dbc5c [ 481.454637] R13: 00007ffef019cfaf R14: 00007fa52861f9c0 R15: 0000000000000001