Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. syzkaller login: [ 44.136730][ T6828] IPVS: ftp: loaded support on port[0] = 21 [ 44.226192][ T6828] chnl_net:caif_netlink_parms(): no params data found [ 44.275261][ T6828] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.283384][ T6828] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.296071][ T6828] device bridge_slave_0 entered promiscuous mode [ 44.307925][ T6828] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.315439][ T6828] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.324768][ T6828] device bridge_slave_1 entered promiscuous mode [ 44.345783][ T6828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 44.359246][ T6828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 44.381161][ T6828] team0: Port device team_slave_0 added [ 44.389091][ T6828] team0: Port device team_slave_1 added [ 44.405885][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.418933][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.445935][ T6828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.462365][ T6828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.469747][ T6828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.498772][ T6828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.526687][ T6828] device hsr_slave_0 entered promiscuous mode [ 44.533995][ T6828] device hsr_slave_1 entered promiscuous mode [ 44.622134][ T6828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.634488][ T6828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.643868][ T6828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.654358][ T6828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.677030][ T6828] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.684320][ T6828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.692286][ T6828] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.699544][ T6828] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.746150][ T6828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.758980][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.771136][ T23] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.779213][ T23] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.787823][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 44.801108][ T6828] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.813374][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.823432][ T2588] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.830777][ T2588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.849852][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.858371][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.865511][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.874224][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.892673][ T6828] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.903430][ T6828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.918930][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.927350][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.936736][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.946239][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.955358][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.972524][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 44.980535][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 44.994559][ T6828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.013572][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.032261][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.041034][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.050192][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.061059][ T6828] device veth0_vlan entered promiscuous mode [ 45.072758][ T6828] device veth1_vlan entered promiscuous mode [ 45.093579][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 45.102651][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 45.111752][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.123779][ T6828] device veth0_macvtap entered promiscuous mode [ 45.134550][ T6828] device veth1_macvtap entered promiscuous mode [ 45.152631][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.162393][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.172721][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 45.185360][ T6828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.193295][ T2638] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 45.205973][ T6828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.217987][ T6828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.229709][ T6828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.239017][ T6828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.287145][ T6828] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 45.297465][ C0] [ 45.297468][ C0] ====================================================== [ 45.297470][ C0] WARNING: possible circular locking dependency detected [ 45.297471][ C0] 5.9.0-rc3-syzkaller #0 Not tainted [ 45.297473][ C0] ------------------------------------------------------ [ 45.297477][ C0] syz-executor484/6828 is trying to acquire lock: [ 45.297478][ C0] ffffffff894fc9c0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x2d/0x60 [ 45.297484][ C0] [ 45.297485][ C0] but task is already holding lock: [ 45.297486][ C0] ffffffff8c3257a0 (&port->lock#2){-.-.}-{2:2}, at: tty_port_close_start+0x58/0x550 [ 45.297492][ C0] [ 45.297493][ C0] which lock already depends on the new lock. [ 45.297494][ C0] [ 45.297495][ C0] [ 45.297497][ C0] the existing dependency chain (in reverse order) is: [ 45.297498][ C0] [ 45.297499][ C0] -> #2 (&port->lock#2){-.-.}-{2:2}: [ 45.297504][ C0] lock_acquire+0x140/0x6f0 [ 45.297506][ C0] _raw_spin_lock_irqsave+0xaa/0xd0 [ 45.297507][ C0] tty_port_tty_get+0x21/0xe0 [ 45.297508][ C0] tty_port_default_wakeup+0x11/0x40 [ 45.297510][ C0] serial8250_tx_chars+0x5ea/0x800 [ 45.297512][ C0] serial8250_handle_irq+0x2fd/0x3e0 [ 45.297513][ C0] serial8250_default_handle_irq+0xac/0x190 [ 45.297515][ C0] serial8250_interrupt+0x93/0x180 [ 45.297516][ C0] __handle_irq_event_percpu+0x1f1/0x6e0 [ 45.297518][ C0] handle_irq_event+0xbd/0x280 [ 45.297519][ C0] handle_edge_irq+0x245/0xbf0 [ 45.297521][ C0] asm_call_on_stack+0xf/0x20 [ 45.297522][ C0] common_interrupt+0x13c/0x230 [ 45.297523][ C0] asm_common_interrupt+0x1e/0x40 [ 45.297525][ C0] _raw_spin_unlock_irqrestore+0x63/0x90 [ 45.297526][ C0] uart_write+0x767/0x8f0 [ 45.297528][ C0] do_output_char+0x63b/0x940 [ 45.297529][ C0] n_tty_write+0xd5c/0x1170 [ 45.297530][ C0] tty_write+0x593/0x940 [ 45.297532][ C0] do_iter_write+0x441/0x610 [ 45.297533][ C0] do_writev+0x23f/0x4a0 [ 45.297534][ C0] do_syscall_64+0x31/0x70 [ 45.297536][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.297537][ C0] [ 45.297538][ C0] -> #1 (&port->lock){-.-.}-{2:2}: [ 45.297542][ C0] lock_acquire+0x140/0x6f0 [ 45.297544][ C0] _raw_spin_lock_irqsave+0xaa/0xd0 [ 45.297545][ C0] serial8250_console_write+0x145/0xd10 [ 45.297547][ C0] console_unlock+0x94c/0xe20 [ 45.297548][ C0] vprintk_emit+0x205/0x370 [ 45.297549][ C0] printk+0x62/0x83 [ 45.297551][ C0] register_console+0x7a6/0xab0 [ 45.297552][ C0] univ8250_console_init+0x41/0x43 [ 45.297554][ C0] console_init+0x52/0x97 [ 45.297555][ C0] start_kernel+0x319/0x57c [ 45.297556][ C0] secondary_startup_64+0xa4/0xb0 [ 45.297557][ C0] [ 45.297558][ C0] -> #0 (console_owner){-.-.}-{0:0}: [ 45.297563][ C0] validate_chain+0x1b0c/0x88a0 [ 45.297564][ C0] __lock_acquire+0x110b/0x2ae0 [ 45.297565][ C0] lock_acquire+0x140/0x6f0 [ 45.297567][ C0] console_lock_spinning_enable+0x52/0x60 [ 45.297568][ C0] console_unlock+0x77f/0xe20 [ 45.297570][ C0] vprintk_emit+0x205/0x370 [ 45.297571][ C0] printk+0x62/0x83 [ 45.297572][ C0] tty_port_close_start+0x3c8/0x550 [ 45.297574][ C0] tty_port_close+0x25/0x140 [ 45.297575][ C0] tty_release+0x378/0xf90 [ 45.297576][ C0] __fput+0x34f/0x7b0 [ 45.297578][ C0] task_work_run+0x137/0x1c0 [ 45.297579][ C0] exit_to_user_mode_prepare+0x11a/0x1e0 [ 45.297581][ C0] syscall_exit_to_user_mode+0x82/0x1d0 [ 45.297583][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.297583][ C0] [ 45.297585][ C0] other info that might help us debug this: [ 45.297586][ C0] [ 45.297587][ C0] Chain exists of: [ 45.297588][ C0] console_owner --> &port->lock --> &port->lock#2 [ 45.297594][ C0] [ 45.297595][ C0] Possible unsafe locking scenario: [ 45.297596][ C0] [ 45.297598][ C0] CPU0 CPU1 [ 45.297599][ C0] ---- ---- [ 45.297600][ C0] lock(&port->lock#2); [ 45.297604][ C0] lock(&port->lock); [ 45.297607][ C0] lock(&port->lock#2); [ 45.297610][ C0] lock(console_owner); [ 45.297612][ C0] [ 45.297614][ C0] *** DEADLOCK *** [ 45.297614][ C0] [ 45.297616][ C0] 3 locks held by syz-executor484/6828: [ 45.297617][ C0] #0: ffff8880910901c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_release+0xa5/0xf90 [ 45.297622][ C0] #1: ffffffff8c3257a0 (&port->lock#2){-.-.}-{2:2}, at: tty_port_close_start+0x58/0x550 [ 45.297628][ C0] #2: ffffffff894fc8a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x1e8/0x370 [ 45.297634][ C0] [ 45.297635][ C0] stack backtrace: [ 45.297637][ C0] CPU: 0 PID: 6828 Comm: syz-executor484 Not tainted 5.9.0-rc3-syzkaller #0 [ 45.297640][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.297641][ C0] Call Trace: [ 45.297642][ C0] dump_stack+0x1d6/0x29e [ 45.297643][ C0] print_circular_bug+0xc72/0xea0 [ 45.297645][ C0] ? stack_trace_save+0xad/0x150 [ 45.297646][ C0] ? save_trace+0x49/0xba0 [ 45.297647][ C0] check_noncircular+0x1fb/0x3a0 [ 45.297649][ C0] validate_chain+0x1b0c/0x88a0 [ 45.297650][ C0] ? mark_lock+0x102/0x1b00 [ 45.297651][ C0] ? mark_lock+0x102/0x1b00 [ 45.297652][ C0] ? put_dec_trunc8+0x19a/0x290 [ 45.297654][ C0] ? number+0xf14/0x1190 [ 45.297655][ C0] ? skip_atoi+0xb5/0xd0 [ 45.297656][ C0] __lock_acquire+0x110b/0x2ae0 [ 45.297657][ C0] ? lock_is_held_type+0xb3/0xe0 [ 45.297659][ C0] lock_acquire+0x140/0x6f0 [ 45.297660][ C0] ? console_lock_spinning_enable+0x2d/0x60 [ 45.297661][ C0] ? do_raw_spin_unlock+0x134/0x8d0 [ 45.297663][ C0] console_lock_spinning_enable+0x52/0x60 [ 45.297665][ C0] ? console_lock_spinning_enable+0x2d/0x60 [ 45.297666][ C0] console_unlock+0x77f/0xe20 [ 45.297667][ C0] ? __down_trylock_console_sem+0x151/0x180 [ 45.297669][ C0] ? vprintk_emit+0x1e8/0x370 [ 45.297670][ C0] ? vprintk_emit+0x1e8/0x370 [ 45.297671][ C0] vprintk_emit+0x205/0x370 [ 45.297673][ C0] printk+0x62/0x83 [ 45.297674][ C0] ? _raw_spin_lock_irqsave+0x84/0xd0 [ 45.297675][ C0] tty_port_close_start+0x3c8/0x550 [ 45.297677][ C0] tty_port_close+0x25/0x140 [ 45.297678][ C0] ? tpk_open+0x60/0x60 [ 45.297679][ C0] tty_release+0x378/0xf90 [ 45.297680][ C0] ? ima_file_free+0xea/0x3b0 [ 45.297682][ C0] ? tty_release_struct+0xd0/0xd0 [ 45.297683][ C0] __fput+0x34f/0x7b0 [ 45.297684][ C0] task_work_run+0x137/0x1c0 [ 45.297686][ C0] exit_to_user_mode_prepare+0x11a/0x1e0 [ 45.297687][ C0] syscall_exit_to_user_mode+0x82/0x1d0 [ 45.297689][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.297690][ C0] RIP: 0033:0x407eb1 [ 45.297694][ C0] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 45.297696][ C0] RSP: 002b:00007ffc060e0560 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 45.297699][ C0] RAX: 0000000000000000 RBX: 00007ffc060e0590 RCX: 0000000000407eb1 [ 45.297