WARNING: possible circular locking dependency detected
4.13.0-next-20170915+ #23 Not tainted
------------------------------------------------------
syz-executor2/12336 is trying to acquire lock:
(console_lock){+.+.}, at: [<ffffffff8272503d>] vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:396
but task is already holding lock:
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock_nested fs/pipe.c:66 [inline]
(&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock+0x56/0x70 fs/pipe.c:74
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&pipe->mutex/1){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
pipe_lock_nested fs/pipe.c:66 [inline]
pipe_lock+0x56/0x70 fs/pipe.c:74
iter_file_splice_write+0x264/0xf50 fs/splice.c:699
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #2 (sb_writers){.+.+}:
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
__sb_start_write+0x18f/0x290 fs/super.c:1341
sb_start_write include/linux/fs.h:1541 [inline]
mnt_want_write+0x3f/0xb0 fs/namespace.c:387
filename_create+0x12b/0x520 fs/namei.c:3628
kern_path_create+0x33/0x40 fs/namei.c:3674
handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203
-> #1 ((complete)&req.done){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115
device_add+0x120f/0x1640 drivers/base/core.c:1824
device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430
device_create_vargs drivers/base/core.c:2470 [inline]
device_create+0xda/0x110 drivers/base/core.c:2506
vcs_make_sysfs+0x35/0x60 drivers/tty/vt/vc_screen.c:628
vc_allocate+0x4b7/0x6b0 drivers/tty/vt/vt.c:795
con_install+0x52/0x440 drivers/tty/vt/vt.c:2876
tty_driver_install_tty drivers/tty/tty_io.c:1214 [inline]
tty_init_dev+0xf6/0x4a0 drivers/tty/tty_io.c:1314
tty_open_by_driver drivers/tty/tty_io.c:1941 [inline]
tty_open+0x60f/0xac0 drivers/tty/tty_io.c:1989
chrdev_open+0x257/0x730 fs/char_dev.c:416
do_dentry_open+0x67f/0xd70 fs/open.c:752
vfs_open+0x107/0x230 fs/open.c:866
do_last fs/namei.c:3387 [inline]
path_openat+0x1157/0x3520 fs/namei.c:3527
do_filp_open+0x25b/0x3b0 fs/namei.c:3562
do_sys_open+0x502/0x6d0 fs/open.c:1059
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0xbe
-> #0 (console_lock){+.+.}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:396
__vfs_write+0xef/0x970 fs/read_write.c:479
__kernel_write+0xfe/0x350 fs/read_write.c:500
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x343/0x750 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
other info that might help us debug this:
Chain exists of:
console_lock --> sb_writers --> &pipe->mutex/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&pipe->mutex/1);
lock(sb_writers);
lock(&pipe->mutex/1);
lock(console_lock);
*** DEADLOCK ***
1 lock held by syz-executor2/12336:
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock_nested fs/pipe.c:66 [inline]
#0: (&pipe->mutex/1){+.+.}, at: [<ffffffff81ac10d6>] pipe_lock+0x56/0x70 fs/pipe.c:74
stack backtrace:
CPU: 0 PID: 12336 Comm: syz-executor2 Not tainted 4.13.0-next-20170915+ #23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x328f/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
console_lock+0x4b/0x80 kernel/printk/printk.c:2047
vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:396
__vfs_write+0xef/0x970 fs/read_write.c:479
__kernel_write+0xfe/0x350 fs/read_write.c:500
write_pipe_buf+0x175/0x220 fs/splice.c:797
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x343/0x750 fs/splice.c:626
splice_from_pipe+0x1e9/0x330 fs/splice.c:661
default_file_splice_write+0x40/0x90 fs/splice.c:809
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0x7d5/0x1630 fs/splice.c:1382
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x451e59
RSP: 002b:00007ffa2a9cdc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 00000000007180b0 RCX: 0000000000451e59
RDX: 0000000000000017 RSI: 0000000000000000 RDI: 0000000000000006
RBP: 0000000000000082 R08: 00000000fffffdff R09: 0000000000000000
R10: 0000000000800000 R11: 0000000000000216 R12: 00000000004ba6ba
R13: 00000000ffffffff R14: 0000000020fa0000 R15: 0000000000000000
device gre0 entered promiscuous mode
device gre0 left promiscuous mode
netlink: 72 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 72 bytes leftover after parsing attributes in process `syz-executor0'.
audit: type=1326 audit(1505496668.788:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12425 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
*** Guest State ***
CR0: actual=0x0000000080000031, shadow=0x0000000060000011, gh_mask=fffffffffffffff7
CR4: actual=0x0000000000002050, shadow=0x0000000000000010, gh_mask=ffffffffffffe871
CR3 = 0x00000000fffbc000
RSP = 0x0000000000000f80 RIP = 0x0000000000000000
RFLAGS=0x00000002 DR7 = 0x0000000000000400
Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
CS: sel=0x0010, attr=0x0009b, limit=0x000fffff, base=0x0000000000000000
DS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000
SS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000
ES: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000
FS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000
GS: sel=0x0018, attr=0x00093, limit=0x000fffff, base=0x0000000000000000
GDTR: limit=0x000007ff, base=0x0000000000001000
LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
IDTR: limit=0x000001ff, base=0x0000000000003800
TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
EFER = 0x0000000000000001 PAT = 0x0007040600070406
DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
Interruptibility = 00000009 ActivityState = 00000000
*** Host State ***
RIP = 0xffffffff811b90cf RSP = 0xffff8801c4def4c8
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
FSBase=00007f7256d33700 GSBase=ffff8801db200000 TRBase=ffff8801db223100
GDTBase=ffffffffff577000 IDTBase=ffffffffff57b000
CR0=0000000080050033 CR3=00000001d876a000 CR4=00000000001426f0
Sysenter RSP=0000000000000000 CS:RIP=0010:ffffffff84d47b70
EFER = 0x0000000000000d01 PAT = 0x0000000000000000
*** Control State ***
PinBased=0000003f CPUBased=b699edfe SecondaryExec=0000004a
EntryControls=0000d1ff ExitControls=0023efff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffffc24c90c6ea
EPT pointer = 0x00000001d427201e
device syz7 left promiscuous mode
PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex
PF_BRIDGE: RTM_NEWNEIGH with unknown ifindex
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor6'.
sctp: [Deprecated]: syz-executor4 (pid 12565) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor4 (pid 12590) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
audit: type=1326 audit(1505496669.879:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=12576 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
kvm [12617]: vcpu1, guest rIP: 0x9117 Hyper-V uhandled wrmsr: 0x4000008f data 0xf3febcd9006f
kvm [12617]: vcpu1, guest rIP: 0x9117 Hyper-V uhandled wrmsr: 0x4000008e data 0xf3febcd9006f
kvm [12617]: vcpu1, guest rIP: 0x9117 Hyper-V uhandled wrmsr: 0x4000008d data 0xf3febcd9006f
kvm [12617]: vcpu1, guest rIP: 0x9117 Hyper-V uhandled wrmsr: 0x4000008c data 0xf3febcd9006f
kvm [12617]: vcpu1, guest rIP: 0x9117 Hyper-V uhandled wrmsr: 0x4000008b data 0xf3febcd9006f
netlink: 9 bytes leftover after parsing attributes in process `md5sum'.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=12741 comm=syz-executor6
netlink: 1 bytes leftover after parsing attributes in process `syz-executor0'.
IPv6: NLM_F_REPLACE set, but no existing node found!
IPv6: NLM_F_REPLACE set, but no existing node found!
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pig=12775 comm=syz-executor6
IPv6: NLM_F_REPLACE set, but no existing node found!
device lo entered promiscuous mode
nla_parse: 11 callbacks suppressed
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
PF_BRIDGE: RTM_SETLINK with unknown ifindex
PF_BRIDGE: RTM_SETLINK with unknown ifindex
device syz3 entered promiscuous mode
device syz3 left promiscuous mode
device syz3 entered promiscuous mode
sg_write: data in/out 1562545402/1 bytes for SCSI command 0x67-- guessing data in;
program syz-executor1 not setting count and/or reply_len properly
sg_write: data in/out 1562545402/1 bytes for SCSI command 0x67-- guessing data in;
program syz-executor1 not setting count and/or reply_len properly
sctp: [Deprecated]: syz-executor3 (pid 13307) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
sctp: [Deprecated]: syz-executor3 (pid 13310) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
IPv6: Can't replace route, no match found
kvm [13313]: vcpu0, guest rIP: 0x0 disabled perfctr wrmsr: 0xc1 data 0xffffffff
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor6'.
IPv6: Can't replace route, no match found
kvm [13313]: vcpu0, guest rIP: 0x0 disabled perfctr wrmsr: 0xc1 data 0xffffffff
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=63451 sclass=netlink_xfrm_socket pig=13505 comm=syz-executor7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=63451 sclass=netlink_xfrm_socket pig=13505 comm=syz-executor7
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
audit: type=1326 audit(1505496674.060:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13554 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496674.122:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13554 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0
kvm: emulating exchange as write
audit: type=1326 audit(1505496674.219:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13554 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496674.244:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13554 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0x0
sg_write: data in/out 327773/154 bytes for SCSI command 0x24-- guessing data in;
program syz-executor5 not setting count and/or reply_len properly
sg_write: data in/out 327773/154 bytes for SCSI command 0x24-- guessing data in;
program syz-executor5 not setting count and/or reply_len properly
kvm [13824]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5 sclass=netlink_audit_socket pig=13841 comm=syz-executor0
kvm [13824]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0x186 data 0x8
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5 sclass=netlink_audit_socket pig=13841 comm=syz-executor0
kvm [13790]: vcpu0, guest rIP: 0x0 disabled perfctr wrmsr: 0xc1 data 0xffffffff
audit: type=1326 audit(1505496675.184:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13887 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496675.305:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=13887 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496675.607:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14021 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496675.773:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14021 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
QAT: Invalid ioctl
audit: type=1326 audit(1505496676.236:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14174 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
audit: type=1326 audit(1505496676.411:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=14174 comm="syz-executor6" exe="/root/syz-executor6" sig=31 arch=c000003e syscall=202 compat=0 ip=0x451e59 code=0xffff0000
kvm pmu: pin control bit is ignored
kvm_pmu: event creation failed -2
device syz1 entered promiscuous mode
sctp: [Deprecated]: syz-executor7 (pid 14381) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
sctp: [Deprecated]: syz-executor7 (pid 14381) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead