./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1548643325
<...>
Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts.
execve("./syz-executor1548643325", ["./syz-executor1548643325"], 0x7ffcc197ffc0 /* 10 vars */) = 0
brk(NULL) = 0x555555657000
brk(0x555555657c40) = 0x555555657c40
arch_prctl(ARCH_SET_FS, 0x555555657300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1548643325", 4096) = 28
brk(0x555555678c40) = 0x555555678c40
brk(0x555555679000) = 0x555555679000
mprotect(0x7f667e3a3000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/self/net/dev_snmp6", O_RDWR) = -1 EISDIR (Is a directory)
openat(AT_FDCWD, "/proc/self/net/dev_snmp6", O_RDONLY) = 3
openat(AT_FDCWD, "/dev/ptmx", O_RDONLY) = 4
ioctl(4, TIOCSPTLCK, [0]) = 0
ioctl(4, TIOCGPTN, [0]) = 0
openat(AT_FDCWD, "/dev/pts/0", O_RDWR) = 5
dup3(5, 3, 0) = 3
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
write(6, "3", 1) = 1
syzkaller login: [ 48.689749][ T3598] FAULT_INJECTION: forcing a failure.
[ 48.689749][ T3598] name failslab, interval 1, probability 0, space 0, times 1
[ 48.689887][ T3598]
[ 48.689892][ T3598] ======================================================
[ 48.689897][ T3598] WARNING: possible circular locking dependency detected
[ 48.689903][ T3598] 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 Not tainted
[ 48.689911][ T3598] ------------------------------------------------------
[ 48.689915][ T3598] syz-executor154/3598 is trying to acquire lock:
[ 48.689922][ T3598] ffffffff8cb0f4a0 (console_owner){....}-{0:0}, at: console_lock_spinning_enable+0x2d/0x60
[ 48.689991][ T3598]
[ 48.689991][ T3598] but task is already holding lock:
[ 48.689994][ T3598] ffff8880201a9958 (&port->lock){-.-.}-{2:2}, at: pty_write+0xc5/0x170
[ 48.690023][ T3598]
[ 48.690023][ T3598] which lock already depends on the new lock.
[ 48.690023][ T3598]
[ 48.690027][ T3598]
[ 48.690027][ T3598] the existing dependency chain (in reverse order) is:
[ 48.690031][ T3598]
[ 48.690031][ T3598] -> #2 (&port->lock){-.-.}-{2:2}:
[ 48.690049][ T3598] lock_acquire+0x1a7/0x400
[ 48.690064][ T3598] _raw_spin_lock_irqsave+0xd1/0x120
[ 48.690084][ T3598] tty_port_default_wakeup+0x21/0x100
[ 48.690101][ T3598] serial8250_tx_chars+0x60e/0x810
[ 48.690117][ T3598] serial8250_handle_irq+0x32f/0x410
[ 48.690131][ T3598] serial8250_default_handle_irq+0xaf/0x190
[ 48.690144][ T3598] serial8250_interrupt+0xa3/0x1e0
[ 48.690156][ T3598] __handle_irq_event_percpu+0x200/0x620
[ 48.690166][ T3598] handle_irq_event+0x83/0x1e0
[ 48.690174][ T3598] handle_edge_irq+0x245/0xbe0
[ 48.690181][ T3598] __common_interrupt+0xce/0x1e0
[ 48.690192][ T3598] common_interrupt+0x9f/0xc0
[ 48.690200][ T3598] asm_common_interrupt+0x1e/0x40
[ 48.690217][ T3598] acpi_idle_enter+0x42d/0x790
[ 48.690226][ T3598] cpuidle_enter_state+0x517/0xed0
[ 48.690236][ T3598] cpuidle_enter+0x59/0x90
[ 48.690243][ T3598] do_idle+0x3d2/0x640
[ 48.690251][ T3598] cpu_startup_entry+0x15/0x20
[ 48.690258][ T3598] rest_init+0x24f/0x270
[ 48.690267][ T3598] start_kernel+0x0/0x56e
[ 48.690276][ T3598] start_kernel+0x4bf/0x56e
[ 48.690283][ T3598] secondary_startup_64_no_verify+0xc4/0xcb
[ 48.690293][ T3598]
[ 48.690293][ T3598] -> #1 (&port_lock_key){-.-.}-{2:2}:
[ 48.690305][ T3598] lock_acquire+0x1a7/0x400
[ 48.690312][ T3598] _raw_spin_lock_irqsave+0xd1/0x120
[ 48.690319][ T3598] serial8250_console_write+0x19c/0xf60
[ 48.690327][ T3598] console_unlock+0xa98/0x1150
[ 48.690334][ T3598] vprintk_emit+0xd1/0x1e0
[ 48.690341][ T3598] _printk+0xcf/0x10f
[ 48.690349][ T3598] register_console+0x6e2/0x9c0
[ 48.690356][ T3598] univ8250_console_init+0x41/0x43
[ 48.690366][ T3598] console_init+0x5d/0xa8
[ 48.690374][ T3598] start_kernel+0x328/0x56e
[ 48.690381][ T3598] secondary_startup_64_no_verify+0xc4/0xcb
[ 48.690390][ T3598]
[ 48.690390][ T3598] -> #0 (console_owner){....}-{0:0}:
[ 48.690400][ T3598] validate_chain+0x185c/0x65c0
[ 48.690408][ T3598] __lock_acquire+0x129a/0x1f80
[ 48.690416][ T3598] lock_acquire+0x1a7/0x400
[ 48.690422][ T3598] console_lock_spinning_enable+0x52/0x60
[ 48.690430][ T3598] console_unlock+0x7f4/0x1150
[ 48.690438][ T3598] vprintk_emit+0xd1/0x1e0
[ 48.690445][ T3598] _printk+0xcf/0x10f
[ 48.690452][ T3598] should_fail+0x366/0x4b0
[ 48.690460][ T3598] should_failslab+0x5/0x20
[ 48.690470][ T3598] __kmalloc+0x8b/0x370
[ 48.690479][ T3598] __tty_buffer_request_room+0x1f0/0x540
[ 48.690487][ T3598] tty_insert_flip_string_fixed_flag+0x91/0x2c0
[ 48.690496][ T3598] pty_write+0xe9/0x170
[ 48.690503][ T3598] n_tty_write+0xe4f/0x13b0
[ 48.690510][ T3598] file_tty_write+0x5a5/0x960
[ 48.690517][ T3598] vfs_write+0xa22/0xd40
[ 48.690525][ T3598] ksys_write+0x19b/0x2c0
[ 48.690531][ T3598] do_syscall_64+0x2b/0x70
[ 48.690538][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 48.690546][ T3598]
[ 48.690546][ T3598] other info that might help us debug this:
[ 48.690546][ T3598]
[ 48.690548][ T3598] Chain exists of:
[ 48.690548][ T3598] console_owner --> &port_lock_key --> &port->lock
[ 48.690548][ T3598]
[ 48.690561][ T3598] Possible unsafe locking scenario:
[ 48.690561][ T3598]
[ 48.690562][ T3598] CPU0 CPU1
[ 48.690564][ T3598] ---- ----
[ 48.690566][ T3598] lock(&port->lock);
[ 48.690571][ T3598] lock(&port_lock_key);
[ 48.690576][ T3598] lock(&port->lock);
[ 48.690581][ T3598] lock(console_owner);
[ 48.690585][ T3598]
[ 48.690585][ T3598] *** DEADLOCK ***
[ 48.690585][ T3598]
[ 48.690587][ T3598] 6 locks held by syz-executor154/3598:
[ 48.690592][ T3598] #0: ffff888020368098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[ 48.690613][ T3598] #1: ffff888020368130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write+0x26e/0x960
[ 48.690632][ T3598] #2: ffff8880203682e8 (&o_tty->termios_rwsem/1){++++}-{3:3}, at: n_tty_write+0x244/0x13b0
[ 48.690653][ T3598] #3: ffffc90001c0c378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0x707/0x13b0
[ 48.690672][ T3598] #4: ffff8880201a9958 (&port->lock){-.-.}-{2:2}, at: pty_write+0xc5/0x170
[ 48.690689][ T3598] #5: ffffffff8c9f71a0 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0xb8/0x1e0
[ 48.690708][ T3598]
[ 48.690708][ T3598] stack backtrace:
[ 48.690711][ T3598] CPU: 0 PID: 3598 Comm: syz-executor154 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0
[ 48.690721][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.690726][ T3598] Call Trace:
[ 48.690729][ T3598]
[ 48.690733][ T3598] dump_stack_lvl+0x1e3/0x2cb
[ 48.690744][ T3598] ? bfq_pos_tree_add_move+0x436/0x436
[ 48.690756][ T3598] ? print_circular_bug+0x13e/0x1c0
[ 48.690765][ T3598] check_noncircular+0x2f7/0x3b0
[ 48.690775][ T3598] ? add_chain_block+0x850/0x850
[ 48.690783][ T3598] ? lockdep_lock+0x11d/0x2a0
[ 48.690793][ T3598] validate_chain+0x185c/0x65c0
[ 48.690806][ T3598] ? vsnprintf+0x1ce0/0x1ce0
[ 48.690816][ T3598] ? reacquire_held_locks+0x680/0x680
[ 48.690824][ T3598] ? memset+0x1f/0x40
[ 48.690833][ T3598] ? vsnprintf+0x1fa/0x1ce0
[ 48.690842][ T3598] ? memcpy+0x3c/0x60
[ 48.690850][ T3598] ? vsnprintf+0x1c02/0x1ce0
[ 48.690858][ T3598] ? reacquire_held_locks+0x680/0x680
[ 48.690871][ T3598] ? sprintf+0xd6/0x120
[ 48.690880][ T3598] ? _prb_read_valid+0xbb9/0xbd0
[ 48.690889][ T3598] ? mark_lock+0x98/0x350
[ 48.690898][ T3598] __lock_acquire+0x129a/0x1f80
[ 48.690909][ T3598] lock_acquire+0x1a7/0x400
[ 48.690916][ T3598] ? console_lock_spinning_enable+0x2d/0x60
[ 48.690927][ T3598] ? read_lock_is_recursive+0x10/0x10
[ 48.690935][ T3598] ? console_lock_spinning_enable+0x2d/0x60
[ 48.690944][ T3598] ? __lock_acquire+0x1f80/0x1f80
[ 48.690952][ T3598] ? do_raw_spin_lock+0x148/0x360
[ 48.690962][ T3598] ? _raw_spin_unlock+0x40/0x40
[ 48.690971][ T3598] console_lock_spinning_enable+0x52/0x60
[ 48.690980][ T3598] ? console_lock_spinning_enable+0x2d/0x60
[ 48.690988][ T3598] console_unlock+0x7f4/0x1150
[ 48.690998][ T3598] ? vprintk_emit+0xb8/0x1e0
[ 48.691006][ T3598] ? console_trylock_spinning+0x450/0x450
[ 48.691014][ T3598] ? vprintk_emit+0xb8/0x1e0
[ 48.691021][ T3598] ? console_trylock+0x70/0x70
[ 48.691029][ T3598] ? register_lock_class+0xfe/0x9d0
[ 48.691040][ T3598] ? register_lock_class+0xfe/0x9d0
[ 48.691049][ T3598] ? is_dynamic_key+0x1f0/0x1f0
[ 48.691058][ T3598] vprintk_emit+0xd1/0x1e0
[ 48.691067][ T3598] _printk+0xcf/0x10f
[ 48.691076][ T3598] ? panic+0x76e/0x76e
[ 48.691086][ T3598] should_fail+0x366/0x4b0
[ 48.691095][ T3598] ? __tty_buffer_request_room+0x1f0/0x540
[ 48.691104][ T3598] should_failslab+0x5/0x20
[ 48.691113][ T3598] __kmalloc+0x8b/0x370
[ 48.691123][ T3598] __tty_buffer_request_room+0x1f0/0x540
[ 48.691140][ T3598] tty_insert_flip_string_fixed_flag+0x91/0x2c0
[ 48.691157][ T3598] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 48.691168][ T3598] ? _raw_spin_unlock+0x40/0x40
[ 48.691176][ T3598] pty_write+0xe9/0x170
[ 48.691184][ T3598] n_tty_write+0xe4f/0x13b0
[ 48.691197][ T3598] ? n_tty_read+0x1c90/0x1c90
[ 48.691210][ T3598] ? wait_woken+0x1b0/0x1b0
[ 48.691220][ T3598] ? check_heap_object+0x13c/0x310
[ 48.691230][ T3598] ? 0xffffffff81000000
[ 48.691236][ T3598] ? __check_object_size+0x15a/0x210
[ 48.691245][ T3598] file_tty_write+0x5a5/0x960
[ 48.691254][ T3598] ? n_tty_read+0x1c90/0x1c90
[ 48.691262][ T3598] vfs_write+0xa22/0xd40
[ 48.691272][ T3598] ? file_end_write+0x230/0x230
[ 48.691280][ T3598] ? print_irqtrace_events+0x220/0x220
[ 48.691290][ T3598] ? _raw_spin_unlock_irq+0x2a/0x40
[ 48.691298][ T3598] ? __fdget_pos+0x1d7/0x2e0
[ 48.691308][ T3598] ksys_write+0x19b/0x2c0
[ 48.691315][ T3598] ? print_irqtrace_events+0x220/0x220
[ 48.691324][ T3598] ? __ia32_sys_read+0x80/0x80
[ 48.691332][ T3598] ? syscall_enter_from_user_mode+0x2e/0x1a0
[ 48.691342][ T3598] ? syscall_enter_from_user_mode+0x86/0x1a0
[ 48.691351][ T3598] do_syscall_64+0x2b/0x70
[ 48.691359][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 48.691367][ T3598] RIP: 0033:0x7f667e336919
[ 48.691375][ T3598] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.691382][ T3598] RSP: 002b:00007ffef1700db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 48.691392][ T3598] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f667e336919
[ 48.691398][ T3598] RDX: 00000000ffffffde RSI: 00000000200001c0 RDI: 0000000000000003
[ 48.691403][ T3598] RBP: 00007ffef1700dd0 R08: 0000000000000001 R09: 0000000000000001
[ 48.691409][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 48.691414][ T3598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 48.691422][ T3598]
[ 49.678183][ T3598] CPU: 0 PID: 3598 Comm: syz-executor154 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0
[ 49.688673][ T3598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.698803][ T3598] Call Trace:
[ 49.702161][ T3598]
[ 49.705075][ T3598] dump_stack_lvl+0x1e3/0x2cb
[ 49.709848][ T3598] ? bfq_pos_tree_add_move+0x436/0x436
[ 49.715312][ T3598] ? panic+0x76e/0x76e
[ 49.719383][ T3598] should_fail+0x384/0x4b0
[ 49.723799][ T3598] ? __tty_buffer_request_room+0x1f0/0x540
[ 49.729591][ T3598] should_failslab+0x5/0x20
[ 49.734085][ T3598] __kmalloc+0x8b/0x370
[ 49.738230][ T3598] __tty_buffer_request_room+0x1f0/0x540
[ 49.743858][ T3598] tty_insert_flip_string_fixed_flag+0x91/0x2c0
[ 49.750095][ T3598] ? _raw_spin_unlock_irqrestore+0xd9/0x130
[ 49.755972][ T3598] ? _raw_spin_unlock+0x40/0x40
[ 49.760900][ T3598] pty_write+0xe9/0x170
[ 49.765040][ T3598] n_tty_write+0xe4f/0x13b0
[ 49.769537][ T3598] ? n_tty_read+0x1c90/0x1c90
[ 49.774276][ T3598] ? wait_woken+0x1b0/0x1b0
[ 49.778797][ T3598] ? check_heap_object+0x13c/0x310
[ 49.783994][ T3598] ? 0xffffffff81000000
[ 49.788139][ T3598] ? __check_object_size+0x15a/0x210
[ 49.793599][ T3598] file_tty_write+0x5a5/0x960
[ 49.798272][ T3598] ? n_tty_read+0x1c90/0x1c90
[ 49.802934][ T3598] vfs_write+0xa22/0xd40
[ 49.807426][ T3598] ? file_end_write+0x230/0x230
[ 49.812264][ T3598] ? print_irqtrace_events+0x220/0x220
[ 49.817713][ T3598] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.823012][ T3598] ? __fdget_pos+0x1d7/0x2e0
[ 49.827594][ T3598] ksys_write+0x19b/0x2c0
[ 49.831912][ T3598] ? print_irqtrace_events+0x220/0x220
[ 49.837361][ T3598] ? __ia32_sys_read+0x80/0x80
[ 49.842108][ T3598] ? syscall_enter_from_user_mode+0x2e/0x1a0
[ 49.848076][ T3598] ? syscall_enter_from_user_mode+0x86/0x1a0
[ 49.854391][ T3598] do_syscall_64+0x2b/0x70
[ 49.858792][ T3598] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.864673][ T3598] RIP: 0033:0x7f667e336919
[ 49.869086][ T3598] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.888764][ T3598] RSP: 002b:00007ffef1700db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 49.897253][ T3598] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f667e336919
[ 49.905213][ T3598] RDX: 00000000ffffffde RSI: 00000000200001c0 RDI: 0000000000000003
[ 49.913241][ T3598] RBP: 00007ffef1700dd0 R08: 0000000000000001 R09: 0000000000000001
[ 49.921283][ T3598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 49.929241][ T3598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.937213][ T3598]