ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing.
ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk.
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
in_atomic(): 1, irqs_disabled(): 1, pid: 10147, name: syz-executor.4
3 locks held by syz-executor.4/10147:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355d3b2>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (&(&gsm->control_lock)->rlock){....}, at: [<ffffffff83573d26>] gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434
#2: (&(&gsm->tx_lock)->rlock){....}, at: [<ffffffff83573b51>] gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
#2: (&(&gsm->tx_lock)->rlock){....}, at: [<ffffffff83573b51>] gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
irq event stamp: 24
ntfs: volume version 3.1.
hardirqs last enabled at (23): [<ffffffff8724fcb9>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (23): [<ffffffff8724fcb9>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192
hardirqs last disabled at (24): [<ffffffff8724f946>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (24): [<ffffffff8724f946>] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10147 Comm: syz-executor.4 Not tainted 4.14.307-syzkaller #0
ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry with child node found in a leaf node in directory inode 0x5.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys.
ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk.
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fd23693f0f9
RSP: 002b:00007fd234e90168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd236a5f050 RCX: 00007fd23693f0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fd23699aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76c97f0f R14: 00007fd234e90300 R15: 0000000000022000
========================================================
WARNING: possible irq lock inversion dependency detected
4.14.307-syzkaller #0 Tainted: G W
--------------------------------------------------------
syz-executor.4/10147 just changed the state of lock:
(&(&gsm->control_lock)->rlock){..-.}, at: [<ffffffff835747a5>] gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
but this lock took another, SOFTIRQ-unsafe lock in the past:
(console_lock){+.+.}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Chain exists of:
&(&gsm->control_lock)->rlock --> &(&gsm->tx_lock)->rlock --> console_lock
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(console_lock);
local_irq_disable();
lock(&(&gsm->control_lock)->rlock);
lock(&(&gsm->tx_lock)->rlock);
<Interrupt>
lock(&(&gsm->control_lock)->rlock);
*** DEADLOCK ***
2 locks held by syz-executor.4/10147:
#0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355d3b2>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
#1: (((&gsm->t2_timer))){+.-.}, at: [<ffffffff814871a8>] lockdep_copy_map include/linux/lockdep.h:174 [inline]
#1: (((&gsm->t2_timer))){+.-.}, at: [<ffffffff814871a8>] call_timer_fn+0xb8/0x650 kernel/time/timer.c:1270
the shortest dependencies between 2nd lock and 1st lock:
-> (console_lock){+.+.} ops: 4316 {
HARDIRQ-ON-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
console_lock+0x42/0x70 kernel/printk/printk.c:2228
con_init+0x12/0x5d6 drivers/tty/vt/vt.c:3022
console_init+0x46/0x53 kernel/printk/printk.c:2809
start_kernel+0x521/0x763 init/main.c:638
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
SOFTIRQ-ON-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
console_lock+0x42/0x70 kernel/printk/printk.c:2228
con_init+0x12/0x5d6 drivers/tty/vt/vt.c:3022
console_init+0x46/0x53 kernel/printk/printk.c:2809
start_kernel+0x521/0x763 init/main.c:638
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
INITIAL USE at:
}
... key at: [<ffffffff88f6fb60>] console_lock_dep_map+0x0/0x40
... acquired at:
console_lock+0x42/0x70 kernel/printk/printk.c:2228
do_con_write+0xd5/0x19b0 drivers/tty/vt/vt.c:2247
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
-> (&(&gsm->tx_lock)->rlock){....} ops: 1 {
INITIAL USE at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
}
... key at: [<ffffffff8c8d54e0>] __key.4+0x0/0x40
... acquired at:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_data_queue drivers/tty/n_gsm.c:845 [inline]
gsm_control_transmit+0x1f1/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
-> (&(&gsm->control_lock)->rlock){..-.} ops: 2 {
IN-SOFTIRQ-W at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
INITIAL USE at:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_send+0xf6/0x480 drivers/tty/n_gsm.c:1434
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
}
... key at: [<ffffffff8c8d5520>] __key.5+0x0/0x40
... acquired at:
mark_lock_irq kernel/locking/lockdep.c:2804 [inline]
mark_lock+0x3c7/0x1050 kernel/locking/lockdep.c:3194
mark_irqflags kernel/locking/lockdep.c:3072 [inline]
__lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
stack backtrace:
CPU: 1 PID: 10147 Comm: syz-executor.4 Tainted: G W 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_irq_inversion_bug.cold+0x313/0x346 kernel/locking/lockdep.c:2670
check_usage_forwards+0x18f/0x2d0 kernel/locking/lockdep.c:2695
mark_lock_irq kernel/locking/lockdep.c:2804 [inline]
mark_lock+0x3c7/0x1050 kernel/locking/lockdep.c:3194
mark_irqflags kernel/locking/lockdep.c:3072 [inline]
__lock_acquire+0xc81/0x3f20 kernel/locking/lockdep.c:3448
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
gsm_control_retransmit+0x25/0x2c0 drivers/tty/n_gsm.c:1394
call_timer_fn+0x14a/0x650 kernel/time/timer.c:1280
expire_timers+0x232/0x4d0 kernel/time/timer.c:1319
__run_timers kernel/time/timer.c:1637 [inline]
run_timer_softirq+0x1d5/0x5a0 kernel/time/timer.c:1650
__do_softirq+0x24d/0x9ff kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x193/0x240 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:638 [inline]
smp_apic_timer_interrupt+0x141/0x5e0 arch/x86/kernel/apic/apic.c:1106
apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:796
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:779 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:192
RSP: 0018:ffff8880959d7940 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff11e13d9 RBX: 0000000000000282 RCX: 1ffff11013f5215d
RDX: dffffc0000000000 RSI: ffff88809fa90ac8 RDI: 0000000000000282
RBP: ffff8880b3b4f7a0 R08: ffffffff8ba3f1ec R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000282
R13: 0000000000000003 R14: ffff8880b3b4f448 R15: ffff8880b3b4f7a0
spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
gsm_control_send+0x395/0x480 drivers/tty/n_gsm.c:1452
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fd23693f0f9
RSP: 002b:00007fd234e90168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd236a5f050 RCX: 00007fd23693f0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fd23699aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76c97f0f R14: 00007fd234e90300 R15: 0000000000022000
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device batadv1 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device batadv1
team0: Port device batadv1 added
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10374, name: syz-executor.4
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10374 Comm: syz-executor.4 Tainted: G W 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fd23693f0f9
RSP: 002b:00007fd234e90168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd236a5f050 RCX: 00007fd23693f0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fd23699aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76c97f0f R14: 00007fd234e90300 R15: 0000000000022000
unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
attempt to access beyond end of device
device batadv0 entered promiscuous mode
loop0: rw=0, want=32769, limit=64
Buffer I/O error on dev loop0, logical block 32768, async page read
8021q: adding VLAN 0 to HW filter on device batadv0
attempt to access beyond end of device
team0: Port device batadv0 added
loop0: rw=0, want=32770, limit=64
Buffer I/O error on dev loop0, logical block 32769, async page read
attempt to access beyond end of device
loop0: rw=0, want=32771, limit=64
Buffer I/O error on dev loop0, logical block 32770, async page read
attempt to access beyond end of device
loop0: rw=0, want=32772, limit=64
Buffer I/O error on dev loop0, logical block 32771, async page read
hfs: unable to open extent tree
team0: Port device batadv0 removed
hfs: can't find a HFS filesystem on dev loop0
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device batadv0 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device batadv0
team0: Port device batadv0 added
team0: Port device batadv0 removed
usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10582, name: syz-executor.4
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 0 PID: 10582 Comm: syz-executor.4 Tainted: G W 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fd23693f0f9
RSP: 002b:00007fd234e90168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd236a5f050 RCX: 00007fd23693f0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fd23699aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76c97f0f R14: 00007fd234e90300 R15: 0000000000022000
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
device batadv0 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device batadv0
usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
team0: Port device batadv0 added
======================================================
WARNING: the mand mount option is being deprecated and
will be removed in v5.15!
======================================================
team0: Port device batadv0 removed
BUG: sleeping function called from invalid context at drivers/tty/vt/vt.c:2245
in_atomic(): 1, irqs_disabled(): 1, pid: 10763, name: syz-executor.4
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last enabled at (0): [< (null)>] (null)
hardirqs last disabled at (0): [<ffffffff81305b09>] copy_process.part.0+0x1229/0x71c0 kernel/fork.c:1731
softirqs last enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [< (null)>] (null)
Preemption disabled at:
[< (null)>] (null)
CPU: 1 PID: 10763 Comm: syz-executor.4 Tainted: G W 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6040
do_con_write+0xd0/0x19b0 drivers/tty/vt/vt.c:2245
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
con_write+0x21/0xa0 drivers/tty/vt/vt.c:2822
gsmld_output+0xc3/0x190 drivers/tty/n_gsm.c:2312
gsm_data_kick+0x266/0x9b0 drivers/tty/n_gsm.c:761
gsm_data_queue drivers/tty/n_gsm.c:846 [inline]
gsm_control_transmit+0x1ff/0x2d0 drivers/tty/n_gsm.c:1375
chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19
gsm_control_send+0x38a/0x480 drivers/tty/n_gsm.c:1451
caif:caif_disconnect_client(): nothing to disconnect
gsm_disconnect drivers/tty/n_gsm.c:2110 [inline]
gsmld_config.constprop.0+0x568/0xf90 drivers/tty/n_gsm.c:2636
gsmld_ioctl+0x375/0x410 drivers/tty/n_gsm.c:2700
tty_ioctl+0x5af/0x1430 drivers/tty/tty_io.c:2670
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fd23693f0f9
RSP: 002b:00007fd234e90168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd236a5f050 RCX: 00007fd23693f0f9
RDX: 0000000020000040 RSI: 00000000404c4701 RDI: 0000000000000003
RBP: 00007fd23699aae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76c97f0f R14: 00007fd234e90300 R15: 0000000000022000
chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT
chnl_net:chnl_net_open(): state disconnected
A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de
ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de
audit: type=1804 audit(1677508718.405:6): pid=10997 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir3921257549/syzkaller.89zTae/32/bus" dev="sda1" ino=14049 res=1
usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de
kvm: vcpu 0: requested 128 ns lapic timer period limited to 500000 ns
ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
minix_free_block (loop3:6): bit already cleared
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
minix_free_block (loop3:6): bit already cleared
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone
Trying to free block not in datazone