[ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. syzkaller login: [ 53.509714][ T8405] IPVS: ftp: loaded support on port[0] = 21 [ 53.580539][ T8405] chnl_net:caif_netlink_parms(): no params data found [ 53.620707][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.628418][ T8405] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.637861][ T8405] device bridge_slave_0 entered promiscuous mode [ 53.646481][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.654945][ T8405] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.662781][ T8405] device bridge_slave_1 entered promiscuous mode [ 53.678793][ T8405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.690305][ T8405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.707951][ T8405] team0: Port device team_slave_0 added [ 53.715408][ T8405] team0: Port device team_slave_1 added [ 53.729068][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.736371][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.762556][ T8405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.774704][ T8405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.781689][ T8405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.807788][ T8405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.830303][ T8405] device hsr_slave_0 entered promiscuous mode [ 53.836960][ T8405] device hsr_slave_1 entered promiscuous mode [ 53.913190][ T8405] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 53.923098][ T8405] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 53.932886][ T8405] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 53.942976][ T8405] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 53.962879][ T8405] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.970349][ T8405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.977789][ T8405] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.984865][ T8405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.020906][ T8405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.033448][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.044680][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.053328][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.062126][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 54.073584][ T8405] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.083447][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.092763][ T3741] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.099937][ T3741] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.119660][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.128037][ T3741] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.135148][ T3741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.143956][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.154229][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.162603][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.173686][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.185293][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.195951][ T8405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.212058][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 54.220537][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 54.232178][ T8405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.248640][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.267058][ T8405] device veth0_vlan entered promiscuous mode [ 54.274314][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.283163][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.291265][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.303822][ T8405] device veth1_vlan entered promiscuous mode [ 54.322187][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 54.331265][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 54.340276][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.350496][ T8405] device veth0_macvtap entered promiscuous mode [ 54.360290][ T8405] device veth1_macvtap entered promiscuous mode [ 54.374918][ T8405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.383103][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.392774][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 54.403497][ T8405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.412192][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 54.423067][ T8405] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.434064][ T8405] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.443025][ T8405] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.452713][ T8405] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.487451][ T8405] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 54.496801][ C0] [ 54.496809][ C0] ====================================================== [ 54.496814][ C0] WARNING: possible circular locking dependency detected [ 54.496819][ C0] 5.12.0-rc7-syzkaller #0 Not tainted [ 54.496822][ C0] ------------------------------------------------------ [ 54.496827][ C0] syz-executor124/8405 is trying to acquire lock: [ 54.496831][ C0] ffffffff8be830a0 (console_owner){....}-{0:0}, at: console_unlock+0x2f2/0xc80 [ 54.496848][ C0] [ 54.496851][ C0] but task is already holding lock: [ 54.496854][ C0] ffffffff90106d38 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 54.496869][ C0] [ 54.496872][ C0] which lock already depends on the new lock. [ 54.496875][ C0] [ 54.496877][ C0] [ 54.496880][ C0] the existing dependency chain (in reverse order) is: [ 54.496883][ C0] [ 54.496885][ C0] -> #2 (&port->lock){-.-.}-{2:2}: [ 54.496897][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 54.496901][ C0] tty_port_tty_get+0x1f/0x100 [ 54.496905][ C0] tty_port_default_wakeup+0x11/0x40 [ 54.496908][ C0] serial8250_tx_chars+0x487/0xa80 [ 54.496912][ C0] serial8250_handle_irq.part.0+0x328/0x3d0 [ 54.496916][ C0] serial8250_default_handle_irq+0xb2/0x220 [ 54.496920][ C0] serial8250_interrupt+0xfd/0x200 [ 54.496923][ C0] __handle_irq_event_percpu+0x303/0x8f0 [ 54.496927][ C0] handle_irq_event+0x102/0x290 [ 54.496931][ C0] handle_edge_irq+0x25f/0xd00 [ 54.496934][ C0] __common_interrupt+0x9e/0x200 [ 54.496937][ C0] common_interrupt+0x9f/0xd0 [ 54.496941][ C0] asm_common_interrupt+0x1e/0x40 [ 54.496944][ C0] _raw_spin_unlock_irqrestore+0x38/0x70 [ 54.496948][ C0] uart_write+0x30d/0x570 [ 54.496951][ C0] do_output_char+0x5de/0x850 [ 54.496954][ C0] n_tty_write+0x4c3/0xfd0 [ 54.496958][ C0] file_tty_write.constprop.0+0x526/0x910 [ 54.496962][ C0] redirected_tty_write+0xa1/0xc0 [ 54.496965][ C0] do_iter_readv_writev+0x46f/0x740 [ 54.496969][ C0] do_iter_write+0x188/0x670 [ 54.496972][ C0] vfs_writev+0x1aa/0x630 [ 54.496975][ C0] do_writev+0x139/0x300 [ 54.496978][ C0] do_syscall_64+0x2d/0x70 [ 54.496982][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.496985][ C0] [ 54.496987][ C0] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 54.496999][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 54.497003][ C0] serial8250_console_write+0x8b2/0xae0 [ 54.497007][ C0] console_unlock+0x895/0xc80 [ 54.497010][ C0] vprintk_emit+0x1ca/0x560 [ 54.497013][ C0] vprintk_func+0x8d/0x1e0 [ 54.497016][ C0] printk+0xba/0xed [ 54.497020][ C0] register_console+0x606/0x840 [ 54.497023][ C0] univ8250_console_init+0x3a/0x46 [ 54.497027][ C0] console_init+0x3c7/0x596 [ 54.497030][ C0] start_kernel+0x306/0x496 [ 54.497033][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 54.497036][ C0] [ 54.497038][ C0] -> #0 (console_owner){....}-{0:0}: [ 54.497051][ C0] __lock_acquire+0x2b14/0x54c0 [ 54.497054][ C0] lock_acquire+0x1ab/0x740 [ 54.497058][ C0] console_unlock+0x371/0xc80 [ 54.497061][ C0] vprintk_emit+0x1ca/0x560 [ 54.497064][ C0] vprintk_func+0x8d/0x1e0 [ 54.497067][ C0] printk+0xba/0xed [ 54.497070][ C0] tty_port_close_start.part.0+0x503/0x550 [ 54.497074][ C0] tty_port_close+0x46/0x170 [ 54.497077][ C0] tty_release+0x45e/0x1210 [ 54.497080][ C0] __fput+0x288/0x920 [ 54.497084][ C0] task_work_run+0xdd/0x1a0 [ 54.497087][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 54.497091][ C0] syscall_exit_to_user_mode+0x19/0x60 [ 54.497095][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.497098][ C0] [ 54.497100][ C0] other info that might help us debug this: [ 54.497103][ C0] [ 54.497105][ C0] Chain exists of: [ 54.497108][ C0] console_owner --> &port_lock_key --> &port->lock [ 54.497125][ C0] [ 54.497127][ C0] Possible unsafe locking scenario: [ 54.497130][ C0] [ 54.497132][ C0] CPU0 CPU1 [ 54.497140][ C0] ---- ---- [ 54.497143][ C0] lock(&port->lock); [ 54.497150][ C0] lock(&port_lock_key); [ 54.497159][ C0] lock(&port->lock); [ 54.497167][ C0] lock(console_owner); [ 54.497174][ C0] [ 54.497176][ C0] *** DEADLOCK *** [ 54.497178][ C0] [ 54.497181][ C0] 3 locks held by syz-executor124/8405: [ 54.497184][ C0] #0: ffff8880301c01c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 54.497200][ C0] #1: ffffffff90106d38 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 54.497217][ C0] #2: ffffffff8bf63420 (console_lock){+.+.}-{0:0}, at: vprintk_func+0x8d/0x1e0 [ 54.497233][ C0] [ 54.497235][ C0] stack backtrace: [ 54.497238][ C0] CPU: 0 PID: 8405 Comm: syz-executor124 Not tainted 5.12.0-rc7-syzkaller #0 [ 54.497244][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.497249][ C0] Call Trace: [ 54.497251][ C0] dump_stack+0x141/0x1d7 [ 54.497254][ C0] check_noncircular+0x25f/0x2e0 [ 54.497257][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 54.497261][ C0] ? print_circular_bug+0x480/0x480 [ 54.497264][ C0] ? memcpy+0x39/0x60 [ 54.497267][ C0] ? lockdep_lock+0xc6/0x200 [ 54.497270][ C0] ? call_rcu_zapped+0xb0/0xb0 [ 54.497273][ C0] __lock_acquire+0x2b14/0x54c0 [ 54.497276][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.497280][ C0] lock_acquire+0x1ab/0x740 [ 54.497283][ C0] ? console_unlock+0x2f2/0xc80 [ 54.497286][ C0] ? lock_release+0x720/0x720 [ 54.497289][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 54.497292][ C0] ? do_raw_spin_lock+0x120/0x2b0 [ 54.497295][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 54.497299][ C0] console_unlock+0x371/0xc80 [ 54.497302][ C0] ? console_unlock+0x2f2/0xc80 [ 54.497305][ C0] ? devkmsg_read+0x730/0x730 [ 54.497308][ C0] ? lock_release+0x720/0x720 [ 54.497311][ C0] ? vprintk_func+0x8d/0x1e0 [ 54.497314][ C0] vprintk_emit+0x1ca/0x560 [ 54.497317][ C0] vprintk_func+0x8d/0x1e0 [ 54.497320][ C0] printk+0xba/0xed [ 54.497322][ C0] ? record_print_text.cold+0x16/0x16 [ 54.497326][ C0] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 54.497329][ C0] tty_port_close_start.part.0+0x503/0x550 [ 54.497333][ C0] tty_port_close+0x46/0x170 [ 54.497336][ C0] ? tpk_open+0x60/0x60 [ 54.497339][ C0] tty_release+0x45e/0x1210 [ 54.497341][ C0] ? tty_fasync+0x1ab/0x390 [ 54.497344][ C0] __fput+0x288/0x920 [ 54.497347][ C0] ? tty_release_struct+0xe0/0xe0 [ 54.497350][ C0] task_work_run+0xdd/0x1a0 [ 54.497353][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 54.497357][ C0] syscall_exit_to_user_mode+0x19/0x60 [ 54.497361][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.497364][ C0] RIP: 0033:0x40964b [ 54.497369][ C0] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 54.497378][ C0] RSP: 002b:00007fff2d5359f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 54.497386][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000040964b [ 54.497391][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 54.497395][ C0] RBP: 00000000004ce4dc R08: 0000000000000000 R09: 00007fff2d535ab0 [ 54.497400][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 54.4