syzbot


possible deadlock in vprintk_emit

Status: closed as dup on 2018/06/08 07:50
Subsystems: serial
[Documentation on labels]
Reported-by: syzbot+831ee52a258e90882b4d@syzkaller.appspotmail.com
First crash: 2231d, last: 1632d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
possible deadlock in console_unlock C done 22098 980d 2232d
Discussions (1)
Title Replies (including bot) Last reply
possible deadlock in vprintk_emit 2 (3) 2018/06/08 07:55
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-414 possible deadlock in vprintk_emit 5 1936d 1922d 0/1 auto-closed as invalid on 2019/09/26 04:13
android-414 possible deadlock in vprintk_emit (2) 1 1730d 1730d 0/1 auto-closed as invalid on 2020/02/18 18:06
linux-4.14 possible deadlock in vprintk_emit C inconclusive 280 1510d 1919d 0/1 upstream: reported C repro on 2019/04/16 05:43
linux-4.19 possible deadlock in vprintk_emit C error 172 1028d 1923d 0/1 upstream: reported C repro on 2019/04/11 22:47

Sample crash report:
RDX: 0000000000001006 RSI: 0000000020001640 RDI: 0000000000000003
RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0
R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000
======================================================
WARNING: possible circular locking dependency detected
5.0.0-rc5 #60 Not tainted
------------------------------------------------------
syz-executor262/8303 is trying to acquire lock:
000000006ba00706 (console_owner){-.-.}, at: console_trylock_spinning kernel/printk/printk.c:1670 [inline]
000000006ba00706 (console_owner){-.-.}, at: vprintk_emit+0x3d5/0x6d0 kernel/printk/printk.c:1930

but task is already holding lock:
000000003c4df63c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 drivers/tty/pty.c:120

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&(&port->lock)->rlock){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:152
       tty_port_tty_get+0x22/0x80 drivers/tty/tty_port.c:287
       tty_port_default_wakeup+0x16/0x40 drivers/tty/tty_port.c:47
       tty_port_tty_wakeup+0x5d/0x70 drivers/tty/tty_port.c:387
       uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:103
       serial8250_tx_chars+0x4a4/0xb20 drivers/tty/serial/8250/8250_port.c:1806
       serial8250_handle_irq.part.0+0x1be/0x2e0 drivers/tty/serial/8250/8250_port.c:1879
       serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1865 [inline]
       serial8250_default_handle_irq+0xc5/0x150 drivers/tty/serial/8250/8250_port.c:1895
       serial8250_interrupt+0xfb/0x1a0 drivers/tty/serial/8250/8250_core.c:125
       __handle_irq_event_percpu+0x146/0x900 kernel/irq/handle.c:149
       handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
       handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
       handle_edge_irq+0x232/0x8a0 kernel/irq/chip.c:791
       generic_handle_irq_desc include/linux/irqdesc.h:154 [inline]
       handle_irq+0x252/0x3d8 arch/x86/kernel/irq_64.c:78
       do_IRQ+0x99/0x1d0 arch/x86/kernel/irq.c:246
       ret_from_intr+0x0/0x1e
       native_safe_halt+0x2/0x10 arch/x86/include/asm/irqflags.h:57
       arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:555
       default_idle_call+0x36/0x90 kernel/sched/idle.c:93
       cpuidle_idle_call kernel/sched/idle.c:153 [inline]
       do_idle+0x386/0x570 kernel/sched/idle.c:262
       cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:353
       start_secondary+0x404/0x5c0 arch/x86/kernel/smpboot.c:271
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

-> #1 (&port_lock_key){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:152
       serial8250_console_write+0x253/0x9c0 drivers/tty/serial/8250/8250_port.c:3245
       univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:586
       call_console_drivers kernel/printk/printk.c:1737 [inline]
       console_unlock+0xbc6/0x10a0 kernel/printk/printk.c:2408
       vprintk_emit+0x280/0x6d0 kernel/printk/printk.c:1931
       vprintk_default+0x28/0x30 kernel/printk/printk.c:1958
       vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398
       printk+0xba/0xed kernel/printk/printk.c:1991
       register_console+0x74d/0xb50 kernel/printk/printk.c:2723
       univ8250_console_init+0x3e/0x4b drivers/tty/serial/8250/8250_core.c:681
       console_init+0x4f7/0x761 kernel/printk/printk.c:2809
       start_kernel+0x568/0x841 init/main.c:667
       x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:470
       x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:451
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

-> #0 (console_owner){-.-.}:
       lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3841
       console_trylock_spinning kernel/printk/printk.c:1691 [inline]
       vprintk_emit+0x412/0x6d0 kernel/printk/printk.c:1930
       vprintk_default+0x28/0x30 kernel/printk/printk.c:1958
       vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398
       printk+0xba/0xed kernel/printk/printk.c:1991
       fail_dump lib/fault-inject.c:44 [inline]
       should_fail+0x6f1/0x85c lib/fault-inject.c:149
       __should_failslab+0x121/0x190 mm/failslab.c:32
       should_failslab+0x9/0x14 mm/slab_common.c:1603
       slab_pre_alloc_hook mm/slab.h:423 [inline]
       slab_alloc mm/slab.c:3367 [inline]
       __do_kmalloc mm/slab.c:3709 [inline]
       __kmalloc+0x71/0x740 mm/slab.c:3720
       kmalloc include/linux/slab.h:550 [inline]
       tty_buffer_alloc drivers/tty/tty_buffer.c:175 [inline]
       __tty_buffer_request_room+0x1fb/0x5c0 drivers/tty/tty_buffer.c:273
       tty_insert_flip_string_fixed_flag+0x93/0x1f0 drivers/tty/tty_buffer.c:318
       tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
       pty_write+0x133/0x200 drivers/tty/pty.c:122
       process_output_block drivers/tty/n_tty.c:593 [inline]
       n_tty_write+0x3ff/0x1150 drivers/tty/n_tty.c:2331
       do_tty_write drivers/tty/tty_io.c:959 [inline]
       tty_write+0x45b/0x7a0 drivers/tty/tty_io.c:1043
       __vfs_write+0x116/0x8e0 fs/read_write.c:485
       vfs_write+0x20c/0x580 fs/read_write.c:549
       ksys_write+0xea/0x1f0 fs/read_write.c:598
       __do_sys_write fs/read_write.c:610 [inline]
       __se_sys_write fs/read_write.c:607 [inline]
       __x64_sys_write+0x73/0xb0 fs/read_write.c:607
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  console_owner --> &port_lock_key --> &(&port->lock)->rlock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&port->lock)->rlock);
                               lock(&port_lock_key);
                               lock(&(&port->lock)->rlock);
  lock(console_owner);

 *** DEADLOCK ***

5 locks held by syz-executor262/8303:
 #0: 00000000f1901091 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 drivers/tty/tty_ldsem.c:341
 #1: 00000000f15091b4 (&tty->atomic_write_lock){+.+.}, at: tty_write_lock+0x23/0x90 drivers/tty/tty_io.c:885
 #2: 00000000b498a78e (&o_tty->termios_rwsem/1){++++}, at: n_tty_write+0x1ab/0x1150 drivers/tty/n_tty.c:2314
 #3: 000000005495527c (&ldata->output_lock){+.+.}, at: process_output_block drivers/tty/n_tty.c:548 [inline]
 #3: 000000005495527c (&ldata->output_lock){+.+.}, at: n_tty_write+0x531/0x1150 drivers/tty/n_tty.c:2331
 #4: 000000003c4df63c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xff/0x200 drivers/tty/pty.c:120

stack backtrace:
CPU: 0 PID: 8303 Comm: syz-executor262 Not tainted 5.0.0-rc5 #60
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1224
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2350 [inline]
 __lock_acquire+0x2f00/0x4700 kernel/locking/lockdep.c:3338
 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3841
 console_trylock_spinning kernel/printk/printk.c:1691 [inline]
 vprintk_emit+0x412/0x6d0 kernel/printk/printk.c:1930
 vprintk_default+0x28/0x30 kernel/printk/printk.c:1958
 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398
 printk+0xba/0xed kernel/printk/printk.c:1991
 fail_dump lib/fault-inject.c:44 [inline]
 should_fail+0x6f1/0x85c lib/fault-inject.c:149
 __should_failslab+0x121/0x190 mm/failslab.c:32
 should_failslab+0x9/0x14 mm/slab_common.c:1603
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc mm/slab.c:3367 [inline]
 __do_kmalloc mm/slab.c:3709 [inline]
 __kmalloc+0x71/0x740 mm/slab.c:3720
 kmalloc include/linux/slab.h:550 [inline]
 tty_buffer_alloc drivers/tty/tty_buffer.c:175 [inline]
 __tty_buffer_request_room+0x1fb/0x5c0 drivers/tty/tty_buffer.c:273
 tty_insert_flip_string_fixed_flag+0x93/0x1f0 drivers/tty/tty_buffer.c:318
 tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
 pty_write+0x133/0x200 drivers/tty/pty.c:122
 process_output_block drivers/tty/n_tty.c:593 [inline]
 n_tty_write+0x3ff/0x1150 drivers/tty/n_tty.c:2331
 do_tty_write drivers/tty/tty_io.c:959 [inline]
 tty_write+0x45b/0x7a0 drivers/tty/tty_io.c:1043
 __vfs_write+0x116/0x8e0 fs/read_write.c:485
 vfs_write+0x20c/0x580 fs/read_write.c:549
 ksys_write+0xea/0x1f0 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:607
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440639
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff9a672118 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fff9a672130 RCX: 0000000000440639
RDX: 0000000000001006 RSI: 0000000020001640 RDI: 0000000000000003
RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401de0
R13: 0000000000401e70 R14: 0000000000000000

Crashes (1433):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/04 22:22 upstream 8834f5600cf3 d672172c .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/12/31 12:33 upstream 195303136f19 2b42fdc8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/10/30 19:41 upstream 11743c56785c 8dbb755a .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/01/27 21:54 upstream d5226fa6dbae 56cd6c9b .config console log report ci-upstream-kasan-gce
2020/01/24 16:32 upstream 4703d9119972 2e95ab33 .config console log report ci-upstream-kasan-gce-root
2020/01/19 11:44 upstream 244dc2689085 bc8bc756 .config console log report ci-upstream-kasan-gce-root
2020/01/19 10:37 upstream 244dc2689085 bc8bc756 .config console log report ci-upstream-kasan-gce-root
2020/01/18 20:54 upstream 25e73aadf297 3de7aabb .config console log report ci-upstream-kasan-gce-selinux-root
2020/01/18 14:12 upstream 25e73aadf297 3de7aabb .config console log report ci-upstream-kasan-gce-selinux-root
2020/01/15 10:50 upstream 95e20af9fb9c fa12bd3c .config console log report ci-qemu-upstream
2020/01/15 01:30 upstream e033e7d4a808 fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/12 16:05 upstream 6327edceb62b 31290a45 .config console log report ci-upstream-kasan-gce
2020/01/11 23:12 upstream bef1d88263ff 4c04afaa .config console log report ci-upstream-kasan-gce-selinux-root
2020/01/08 06:53 upstream ae6088216ce4 6738e0b3 .config console log report ci-upstream-kasan-gce
2020/01/06 14:06 upstream c79f46a28239 438e1227 .config console log report ci-upstream-kasan-gce
2020/01/03 14:19 upstream 7ca4ad5ba886 9dcc1191 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/29 14:33 upstream bf8d1cd43865 af6b8ef8 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/29 02:52 upstream bf8d1cd43865 af6b8ef8 .config console log report ci-upstream-kasan-gce
2019/12/25 13:10 upstream 46cf053efec6 be5c2c81 .config console log report ci-upstream-kasan-gce
2019/12/24 13:40 upstream 46cf053efec6 be5c2c81 .config console log report ci-upstream-kasan-gce-root
2019/12/24 05:00 upstream 46cf053efec6 be5c2c81 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/24 03:02 upstream 46cf053efec6 be5c2c81 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/21 06:41 upstream 6398b9fc818e bc586918 .config console log report ci-upstream-kasan-gce
2019/12/21 05:23 upstream 6398b9fc818e bc586918 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/19 05:44 upstream 2187f215ebaa 79b211f7 .config console log report ci-upstream-kasan-gce
2019/12/17 12:57 upstream ea200dec5128 d13d7958 .config console log report ci-upstream-kasan-gce
2019/12/17 10:04 upstream ea200dec5128 d13d7958 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/17 09:39 upstream ea200dec5128 d13d7958 .config console log report ci-upstream-kasan-gce
2019/12/16 13:28 upstream 07c4b9e9f71a eef6e580 .config console log report ci-upstream-kasan-gce
2019/12/14 15:26 upstream e31736d9fae8 eef6e580 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/13 07:52 upstream ae4b064e2a61 08003f64 .config console log report ci-upstream-kasan-gce
2019/12/11 22:36 upstream 6794862a16ef 101194eb .config console log report ci-upstream-kasan-gce
2019/12/09 14:02 upstream e42617b825f8 b31eda3d .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/08 10:29 upstream ad910e36da4c 1508f453 .config console log report ci-upstream-kasan-gce
2019/12/07 09:01 upstream 7ada90eb9c7a 85f26751 .config console log report ci-upstream-kasan-gce
2019/12/06 16:14 upstream b0d4beaa5a4b 98b4ef2d .config console log report ci-upstream-kasan-gce
2019/12/06 08:28 upstream b0d4beaa5a4b 98b4ef2d .config console log report ci-upstream-kasan-gce-root
2019/12/03 07:46 upstream 596cf45cbf6e ab342da3 .config console log report ci-upstream-kasan-gce
2019/11/30 16:02 upstream 81b6b96475ac 3a75be00 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/19 00:05 upstream 29f785ff76b6 e3f76baa .config console log report ci-upstream-kasan-gce-smack-root
2018/06/07 18:30 upstream 1c8c5a9d38f6 645e75f8 .config console log report ci-upstream-kasan-gce
2020/01/25 07:44 upstream 6381b442836e 2e95ab33 .config console log report ci-upstream-kasan-gce-386
2020/01/13 03:19 upstream 040a3c33623b 53faa9fe .config console log report ci-qemu-upstream-386
2020/01/12 17:13 upstream 6327edceb62b 53faa9fe .config console log report ci-qemu-upstream-386
2019/12/28 03:45 upstream 46cf053efec6 be5c2c81 .config console log report ci-upstream-kasan-gce-386
2019/12/15 21:19 upstream 07c4b9e9f71a eef6e580 .config console log report ci-upstream-kasan-gce-386
2019/12/11 11:15 upstream 6794862a16ef 101194eb .config console log report ci-upstream-kasan-gce-386
2019/12/08 23:45 upstream 9455d25f4e3b 1508f453 .config console log report ci-upstream-kasan-gce-386
2020/01/11 17:39 linux-next 6c09d7dbb7d3 4c04afaa .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/28 05:03 linux-next 7ddd09fc4b74 be5c2c81 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/22 17:14 linux-next 7ddd09fc4b74 8b967267 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 12:04 linux-next 282ffdf30a3e b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/04 15:57 linux-next c7c32c43e831 b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/27 21:59 linux-next 1875ff320f14 0d63f89c .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.