Warning: Permanently added '10.128.1.64' (ECDSA) to the list of known hosts. syzkaller login: [ 28.078249] IPVS: ftp: loaded support on port[0] = 21 [ 28.147830] chnl_net:caif_netlink_parms(): no params data found [ 28.242631] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.249537] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.257074] device bridge_slave_0 entered promiscuous mode [ 28.264263] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.270619] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.278173] device bridge_slave_1 entered promiscuous mode [ 28.294341] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 28.304170] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 28.321271] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 28.328600] team0: Port device team_slave_0 added [ 28.334493] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 28.341506] team0: Port device team_slave_1 added [ 28.356765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.363059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.388332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.399744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.406305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.431620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.445859] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 28.453910] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 28.471840] device hsr_slave_0 entered promiscuous mode [ 28.477489] device hsr_slave_1 entered promiscuous mode [ 28.484278] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 28.491187] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 28.552146] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.558582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.565515] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.571894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.599662] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.606835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.615121] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.624831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.632860] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.651007] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.660645] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 28.667286] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.675545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.683497] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.689872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.709400] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.719280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.730741] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 28.738482] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.746565] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.752947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.760372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 28.768299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 28.775983] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.783719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.792029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 28.798896] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 28.811100] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 28.818981] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 28.826325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 28.837295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.885882] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 28.895351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.926722] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 28.934223] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 28.940623] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 28.949715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.957477] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.964591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.973536] device veth0_vlan entered promiscuous mode [ 28.982189] device veth1_vlan entered promiscuous mode [ 28.988670] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 28.997418] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 29.008478] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 29.021537] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 29.029443] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 29.037293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.046745] device veth0_macvtap entered promiscuous mode [ 29.054182] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 29.062025] device veth1_macvtap entered promiscuous mode [ 29.071268] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 29.081502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 29.092194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.099323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.107470] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 29.116936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.124359] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 29.131245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 29.274378] FAULT_INJECTION: forcing a failure. [ 29.274378] name failslab, interval 1, probability 0, space 0, times 1 [ 29.286226] CPU: 1 PID: 8208 Comm: syz-executor366 Not tainted 4.14.303-syzkaller #0 [ 29.294074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 29.303511] Call Trace: [ 29.306530] dump_stack+0x1b2/0x281 [ 29.310141] should_fail.cold+0x10a/0x149 [ 29.314278] should_failslab+0xd6/0x130 [ 29.318243] __kmalloc+0x6d/0x400 [ 29.321674] ? tty_buffer_alloc+0xc0/0x270 [ 29.325903] tty_buffer_alloc+0xc0/0x270 [ 29.329942] __tty_buffer_request_room+0x12c/0x290 [ 29.334844] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.340358] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.346301] pty_write+0xc3/0xf0 [ 29.349644] tty_put_char+0xfe/0x120 [ 29.353332] ? dev_match_devt+0x80/0x80 [ 29.357309] ? pty_write_room+0xa9/0xd0 [ 29.361254] ? ptmx_open+0x300/0x300 [ 29.364947] __process_echoes+0x48c/0x8c0 [ 29.369071] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.373981] ? n_tty_receive_buf2+0x40/0x40 [ 29.378283] tty_ioctl+0xe8a/0x1430 [ 29.381889] ? tty_fasync+0x2c0/0x2c0 [ 29.385675] ? proc_fail_nth_write+0x7b/0x180 [ 29.390157] ? trace_hardirqs_on+0x10/0x10 [ 29.394582] ? fsnotify+0x974/0x11b0 [ 29.398281] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.403188] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.408194] ? SyS_write+0x1b7/0x210 [ 29.411914] ? tty_fasync+0x2c0/0x2c0 [ 29.415694] do_vfs_ioctl+0x75a/0xff0 [ 29.419475] ? lock_acquire+0x170/0x3f0 write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [ 29.423427] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.427812] ? __fget+0x265/0x3e0 [ 29.431249] ? do_vfs_ioctl+0xff0/0xff0 [ 29.435237] ? security_file_ioctl+0x83/0xb0 [ 29.439655] SyS_ioctl+0x7f/0xb0 [ 29.442995] ? do_vfs_ioctl+0xff0/0xff0 [ 29.446947] do_syscall_64+0x1d5/0x640 [ 29.451016] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.456364] RIP: 0033:0x7fe31fb865f9 [ 29.460050] RSP: 002b:00007fe31f30a148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.467750] RAX: ffffffffffffffda RBX: 00007fe31fc084b8 RCX: 00007fe31fb865f9 [ 29.475021] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 29.482357] RBP: 00007fe31f30a170 R08: 0000000000000001 R09: 0000000000000000 [ 29.489616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 29.496953] R13: 00007ffc7453a12f R14: 00007fe31f30a300 R15: 0000000000022000 [ 29.504222] [ 29.504224] ====================================================== [ 29.504226] WARNING: possible circular locking dependency detected [ 29.504228] 4.14.303-syzkaller #0 Not tainted [ 29.504230] ------------------------------------------------------ [ 29.504231] syz-executor366/8208 is trying to acquire lock: [ 29.504232] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.504237] [ 29.504238] but task is already holding lock: [ 29.504239] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.504244] [ 29.504246] which lock already depends on the new lock. [ 29.504247] [ 29.504247] [ 29.504249] the existing dependency chain (in reverse order) is: [ 29.504250] [ 29.504251] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.504255] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.504256] tty_port_tty_get+0x1d/0x80 [ 29.504258] tty_port_default_wakeup+0x11/0x40 [ 29.504259] serial8250_tx_chars+0x3fe/0xc70 [ 29.504261] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.504263] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.504264] serial8250_interrupt+0xf3/0x210 [ 29.504266] __handle_irq_event_percpu+0xee/0x7f0 [ 29.504267] handle_irq_event+0xed/0x240 [ 29.504268] handle_edge_irq+0x224/0xc40 [ 29.504269] handle_irq+0x35/0x50 [ 29.504271] do_IRQ+0x93/0x1d0 [ 29.504272] ret_from_intr+0x0/0x1e [ 29.504273] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 29.504275] uart_write+0x2dd/0x560 [ 29.504276] do_output_char+0x4f5/0x750 [ 29.504277] n_tty_write+0x3e3/0xda0 [ 29.504279] tty_write+0x410/0x740 [ 29.504280] redirected_tty_write+0x9c/0xb0 [ 29.504281] do_iter_write+0x3da/0x550 [ 29.504282] vfs_writev+0x125/0x290 [ 29.504284] do_writev+0xfc/0x2c0 [ 29.504285] do_syscall_64+0x1d5/0x640 [ 29.504287] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.504287] [ 29.504288] -> #1 (&port_lock_key){-.-.}: [ 29.504292] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.504294] serial8250_console_write+0x8cb/0xb40 [ 29.504295] console_unlock+0x99d/0xf20 [ 29.504297] vprintk_emit+0x224/0x620 [ 29.504299] vprintk_func+0x58/0x160 [ 29.504301] printk+0x9e/0xbc [ 29.504302] register_console+0x6f4/0xad0 [ 29.504304] univ8250_console_init+0x2f/0x3a [ 29.504305] console_init+0x46/0x53 [ 29.504306] start_kernel+0x521/0x763 [ 29.504307] secondary_startup_64+0xa5/0xb0 [ 29.504308] [ 29.504309] -> #0 (console_owner){....}: [ 29.504313] lock_acquire+0x170/0x3f0 [ 29.504314] console_unlock+0x36f/0xf20 [ 29.504316] vprintk_emit+0x224/0x620 [ 29.504317] vprintk_func+0x58/0x160 [ 29.504318] printk+0x9e/0xbc [ 29.504320] should_fail.cold+0xdf/0x149 [ 29.504321] should_failslab+0xd6/0x130 [ 29.504322] __kmalloc+0x6d/0x400 [ 29.504324] tty_buffer_alloc+0xc0/0x270 [ 29.504325] __tty_buffer_request_room+0x12c/0x290 [ 29.504327] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.504329] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.504330] pty_write+0xc3/0xf0 [ 29.504331] tty_put_char+0xfe/0x120 [ 29.504333] __process_echoes+0x48c/0x8c0 [ 29.504334] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.504335] tty_ioctl+0xe8a/0x1430 [ 29.504337] do_vfs_ioctl+0x75a/0xff0 [ 29.504338] SyS_ioctl+0x7f/0xb0 [ 29.504339] do_syscall_64+0x1d5/0x640 [ 29.504341] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.504342] [ 29.504343] other info that might help us debug this: [ 29.504344] [ 29.504345] Chain exists of: [ 29.504346] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.504351] [ 29.504353] Possible unsafe locking scenario: [ 29.504353] [ 29.504355] CPU0 CPU1 [ 29.504356] ---- ---- [ 29.504357] lock(&(&port->lock)->rlock); [ 29.504360] lock(&port_lock_key); [ 29.504363] lock(&(&port->lock)->rlock); [ 29.504365] lock(console_owner); [ 29.504368] [ 29.504369] *** DEADLOCK *** [ 29.504369] [ 29.504371] 6 locks held by syz-executor366/8208: [ 29.504371] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.504376] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 29.504381] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 29.504387] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 29.504392] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.504397] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.504402] [ 29.504403] stack backtrace: [ 29.504405] CPU: 1 PID: 8208 Comm: syz-executor366 Not tainted 4.14.303-syzkaller #0 [ 29.504408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 29.504409] Call Trace: [ 29.504410] dump_stack+0x1b2/0x281 [ 29.504412] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.504413] __lock_acquire+0x2e0e/0x3f20 [ 29.504414] ? trace_hardirqs_on+0x10/0x10 [ 29.504416] ? snprintf+0xd0/0xd0 [ 29.504417] ? console_unlock+0x34a/0xf20 [ 29.504418] lock_acquire+0x170/0x3f0 [ 29.504419] ? console_unlock+0x307/0xf20 [ 29.504421] console_unlock+0x36f/0xf20 [ 29.504422] ? console_unlock+0x307/0xf20 [ 29.504423] vprintk_emit+0x224/0x620 [ 29.504424] vprintk_func+0x58/0x160 [ 29.504426] printk+0x9e/0xbc [ 29.504427] ? log_store.cold+0x16/0x16 [ 29.504428] ? ___ratelimit+0x2b5/0x510 [ 29.504429] should_fail.cold+0xdf/0x149 [ 29.504431] should_failslab+0xd6/0x130 [ 29.504432] __kmalloc+0x6d/0x400 [ 29.504433] ? tty_buffer_alloc+0xc0/0x270 [ 29.504434] tty_buffer_alloc+0xc0/0x270 [ 29.504436] __tty_buffer_request_room+0x12c/0x290 [ 29.504437] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.504439] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.504440] pty_write+0xc3/0xf0 [ 29.504442] tty_put_char+0xfe/0x120 [ 29.504443] ? dev_match_devt+0x80/0x80 [ 29.504444] ? pty_write_room+0xa9/0xd0 [ 29.504445] ? ptmx_open+0x300/0x300 [ 29.504447] __process_echoes+0x48c/0x8c0 [ 29.504448] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.504449] ? n_tty_receive_buf2+0x40/0x40 [ 29.504451] tty_ioctl+0xe8a/0x1430 [ 29.504452] ? tty_fasync+0x2c0/0x2c0 [ 29.504453] ? proc_fail_nth_write+0x7b/0x180 [ 29.504454] ? trace_hardirqs_on+0x10/0x10 [ 29.504456] ? fsnotify+0x974/0x11b0 [ 29.504457] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.504459] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.504460] ? SyS_write+0x1b7/0x210 [ 29.504461] ? tty_fasync+0x2c0/0x2c0 [ 29.504462] do_vfs_ioctl+0x75a/0xff0 [ 29.504464] ? lock_acquire+0x170/0x3f0 [ 29.504465] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.504466] ? __fget+0x265/0x3e0 [ 29.504467] ? do_vfs_ioctl+0xff0/0xff0 [ 29.504469] ? security_file_ioctl+0x83/0xb0 [ 29.504470] SyS_ioctl+0x7f/0xb0 [ 29.504471] ? do_vfs_ioctl+0xff0/0xff0 [ 29.504472] do_syscall_64+0x1d5/0x640 [ 29.504474] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.504475] RIP: 0033:0x7fe31fb865f9 [ 29.504476] RSP: 002b:00007fe31f30a148 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.504480] RAX: ffffffffffffffda RBX: 00007fe31fc084b8 RCX: 00007fe31fb865f9 write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [ 29.50