./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1686587977 <...> DUID 00:04:4f:52:9e:ef:28:bc:79:ad:2a:9e:d1:97:f2:e1:e7:a4 forked to background, child pid 3174 [ 22.284876][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 22.299557][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. execve("./syz-executor1686587977", ["./syz-executor1686587977"], 0x7ffe259c4bd0 /* 10 vars */) = 0 brk(NULL) = 0x555556bcc000 brk(0x555556bccc40) = 0x555556bccc40 arch_prctl(ARCH_SET_FS, 0x555556bcc300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1686587977", 4096) = 28 brk(0x555556bedc40) = 0x555556bedc40 brk(0x555556bee000) = 0x555556bee000 mprotect(0x7fc21008b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/self/net/dev_snmp6", O_RDWR) = -1 EISDIR (Is a directory) openat(AT_FDCWD, "/proc/self/net/dev_snmp6", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|0x4) = 4 ioctl(4, TIOCSPTLCK, [0]) = 0 ioctl(4, TIOCGPTN, [0]) = 0 openat(AT_FDCWD, "/dev/pts/0", O_RDWR) = 5 dup3(5, 3, 0) = 3 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6 write(6, "3", 1) = 1 syzkaller login: [ 38.581571][ T3602] FAULT_INJECTION: forcing a failure. [ 38.581571][ T3602] name failslab, interval 1, probability 0, space 0, times 1 [ 38.581673][ T3602] [ 38.581676][ T3602] ====================================================== [ 38.581679][ T3602] WARNING: possible circular locking dependency detected [ 38.581683][ T3602] 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 Not tainted [ 38.581690][ T3602] ------------------------------------------------------ [ 38.581693][ T3602] syz-executor168/3602 is trying to acquire lock: [ 38.581700][ T3602] ffffffff8bc90700 (console_owner){....}-{0:0}, at: console_unlock+0x35e/0xdd0 [ 38.581748][ T3602] [ 38.581748][ T3602] but task is already holding lock: [ 38.581750][ T3602] ffff888016aa5158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xea/0x1e0 [ 38.581779][ T3602] [ 38.581779][ T3602] which lock already depends on the new lock. [ 38.581779][ T3602] [ 38.581782][ T3602] [ 38.581782][ T3602] the existing dependency chain (in reverse order) is: [ 38.581785][ T3602] [ 38.581785][ T3602] -> #2 (&port->lock){-.-.}-{2:2}: [ 38.581800][ T3602] _raw_spin_lock_irqsave+0x39/0x50 [ 38.581824][ T3602] tty_port_tty_get+0x1f/0x100 [ 38.581837][ T3602] tty_port_default_wakeup+0x11/0x40 [ 38.581849][ T3602] serial8250_tx_chars+0x4f3/0xa50 [ 38.581865][ T3602] serial8250_handle_irq.part.0+0x328/0x3d0 [ 38.581879][ T3602] serial8250_default_handle_irq+0xb2/0x220 [ 38.581894][ T3602] serial8250_interrupt+0xfd/0x200 [ 38.581906][ T3602] __handle_irq_event_percpu+0x22b/0x880 [ 38.581918][ T3602] handle_irq_event+0xa7/0x1e0 [ 38.581929][ T3602] handle_edge_irq+0x25f/0xd00 [ 38.581941][ T3602] __common_interrupt+0x9d/0x210 [ 38.581953][ T3602] common_interrupt+0xa4/0xc0 [ 38.581968][ T3602] asm_common_interrupt+0x1e/0x40 [ 38.581981][ T3602] acpi_idle_do_entry+0x1c6/0x250 [ 38.581993][ T3602] acpi_idle_enter+0x361/0x500 [ 38.582004][ T3602] cpuidle_enter_state+0x1b1/0xc80 [ 38.582016][ T3602] cpuidle_enter+0x4a/0xa0 [ 38.582026][ T3602] do_idle+0x3e8/0x590 [ 38.582037][ T3602] cpu_startup_entry+0x14/0x20 [ 38.582047][ T3602] rest_init+0x169/0x270 [ 38.582058][ T3602] arch_call_rest_init+0xf/0x14 [ 38.582070][ T3602] start_kernel+0x47f/0x4a0 [ 38.582080][ T3602] secondary_startup_64_no_verify+0xc3/0xcb [ 38.582095][ T3602] [ 38.582095][ T3602] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 38.582110][ T3602] _raw_spin_lock_irqsave+0x39/0x50 [ 38.582123][ T3602] serial8250_console_write+0x9cb/0xc30 [ 38.582137][ T3602] console_unlock+0x9bc/0xdd0 [ 38.582150][ T3602] vprintk_emit+0x1b4/0x5f0 [ 38.582163][ T3602] vprintk+0x80/0x90 [ 38.582175][ T3602] _printk+0xba/0xed [ 38.582188][ T3602] register_console+0x410/0x7c0 [ 38.582201][ T3602] univ8250_console_init+0x3a/0x46 [ 38.582216][ T3602] console_init+0x3c1/0x58d [ 38.582230][ T3602] start_kernel+0x30b/0x4a0 [ 38.582240][ T3602] secondary_startup_64_no_verify+0xc3/0xcb [ 38.582253][ T3602] [ 38.582253][ T3602] -> #0 (console_owner){....}-{0:0}: [ 38.582268][ T3602] __lock_acquire+0x2ac6/0x56c0 [ 38.582282][ T3602] lock_acquire+0x1ab/0x510 [ 38.582294][ T3602] console_unlock+0x3b1/0xdd0 [ 38.582309][ T3602] vprintk_emit+0x1b4/0x5f0 [ 38.582322][ T3602] vprintk+0x80/0x90 [ 38.582334][ T3602] _printk+0xba/0xed [ 38.582345][ T3602] should_fail+0x472/0x5a0 [ 38.582357][ T3602] should_failslab+0x5/0x10 [ 38.582368][ T3602] __kmalloc+0x7e/0x350 [ 38.582379][ T3602] tty_buffer_alloc+0x23f/0x2a0 [ 38.582391][ T3602] __tty_buffer_request_room+0x156/0x2a0 [ 38.582403][ T3602] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 38.582416][ T3602] pty_write+0x11c/0x1e0 [ 38.582428][ T3602] n_tty_write+0x410/0xfc0 [ 38.582439][ T3602] file_tty_write.constprop.0+0x520/0x900 [ 38.582454][ T3602] new_sync_write+0x38a/0x560 [ 38.582469][ T3602] vfs_write+0x7c0/0xac0 [ 38.582479][ T3602] ksys_write+0x127/0x250 [ 38.582489][ T3602] do_syscall_64+0x35/0xb0 [ 38.582502][ T3602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 38.582516][ T3602] [ 38.582516][ T3602] other info that might help us debug this: [ 38.582516][ T3602] [ 38.582519][ T3602] Chain exists of: [ 38.582519][ T3602] console_owner --> &port_lock_key --> &port->lock [ 38.582519][ T3602] [ 38.582535][ T3602] Possible unsafe locking scenario: [ 38.582535][ T3602] [ 38.582537][ T3602] CPU0 CPU1 [ 38.582540][ T3602] ---- ---- [ 38.582542][ T3602] lock(&port->lock); [ 38.582549][ T3602] lock(&port_lock_key); [ 38.582556][ T3602] lock(&port->lock); [ 38.582563][ T3602] lock(console_owner); [ 38.582569][ T3602] [ 38.582569][ T3602] *** DEADLOCK *** [ 38.582569][ T3602] [ 38.582571][ T3602] 6 locks held by syz-executor168/3602: [ 38.582579][ T3602] #0: ffff88807991f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 38.582607][ T3602] #1: ffff88807991f130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x299/0x900 [ 38.582639][ T3602] #2: ffff88807991f2e8 (&o_tty->termios_rwsem/1){++++}-{3:3}, at: n_tty_write+0x1bf/0xfc0 [ 38.582669][ T3602] #3: ffffc90001bfd378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0x53c/0xfc0 [ 38.582695][ T3602] #4: ffff888016aa5158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xea/0x1e0 [ 38.582724][ T3602] #5: ffffffff8bd70b40 (console_lock){+.+.}-{0:0}, at: vprintk+0x80/0x90 [ 38.582753][ T3602] [ 38.582753][ T3602] stack backtrace: [ 38.582756][ T3602] CPU: 0 PID: 3602 Comm: syz-executor168 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 38.582770][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.582777][ T3602] Call Trace: [ 38.582781][ T3602] [ 38.582785][ T3602] dump_stack_lvl+0xcd/0x134 [ 38.582802][ T3602] check_noncircular+0x25f/0x2e0 [ 38.582819][ T3602] ? filter_irq_stacks+0x90/0x90 [ 38.582835][ T3602] ? print_circular_bug+0x1e0/0x1e0 [ 38.582849][ T3602] ? pointer+0x950/0x950 [ 38.582863][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 38.582878][ T3602] ? add_lock_to_list.constprop.0+0x185/0x370 [ 38.582894][ T3602] __lock_acquire+0x2ac6/0x56c0 [ 38.582911][ T3602] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 38.582926][ T3602] ? msg_add_ext_text+0x1d0/0x1d0 [ 38.582942][ T3602] lock_acquire+0x1ab/0x510 [ 38.582955][ T3602] ? console_unlock+0x35e/0xdd0 [ 38.582970][ T3602] ? lock_release+0x720/0x720 [ 38.582983][ T3602] ? lock_downgrade+0x6e0/0x6e0 [ 38.582997][ T3602] ? do_raw_spin_lock+0x120/0x2a0 [ 38.583012][ T3602] ? rwlock_bug.part.0+0x90/0x90 [ 38.583027][ T3602] ? prb_final_commit+0x64/0xa0 [ 38.583043][ T3602] console_unlock+0x3b1/0xdd0 [ 38.583056][ T3602] ? console_unlock+0x35e/0xdd0 [ 38.583071][ T3602] ? devkmsg_read+0x730/0x730 [ 38.583085][ T3602] ? lock_release+0x720/0x720 [ 38.583101][ T3602] ? vprintk+0x80/0x90 [ 38.583116][ T3602] vprintk_emit+0x1b4/0x5f0 [ 38.583129][ T3602] ? add_lock_to_list.constprop.0+0x185/0x370 [ 38.583145][ T3602] vprintk+0x80/0x90 [ 38.583159][ T3602] _printk+0xba/0xed [ 38.583171][ T3602] ? record_print_text.cold+0x16/0x16 [ 38.583186][ T3602] ? ___ratelimit+0x222/0x4b0 [ 38.583199][ T3602] should_fail+0x472/0x5a0 [ 38.583211][ T3602] should_failslab+0x5/0x10 [ 38.583222][ T3602] __kmalloc+0x7e/0x350 [ 38.583233][ T3602] ? tty_buffer_alloc+0x23f/0x2a0 [ 38.583246][ T3602] tty_buffer_alloc+0x23f/0x2a0 [ 38.583259][ T3602] __tty_buffer_request_room+0x156/0x2a0 [ 38.583274][ T3602] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 38.583290][ T3602] pty_write+0x11c/0x1e0 [ 38.583303][ T3602] ? ptmx_open+0x360/0x360 [ 38.583318][ T3602] n_tty_write+0x410/0xfc0 [ 38.583332][ T3602] ? n_tty_check_unthrottle+0x440/0x440 [ 38.583344][ T3602] ? rcu_read_lock_sched_held+0x3a/0x70 [ 38.583359][ T3602] ? __init_waitqueue_head+0xd0/0xd0 [ 38.583373][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 38.583386][ T3602] ? __phys_addr+0xc4/0x140 [ 38.583400][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 38.583413][ T3602] ? __phys_addr_symbol+0x2c/0x70 [ 38.583426][ T3602] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 38.583439][ T3602] ? __check_object_size+0x16c/0x4f0 [ 38.583454][ T3602] file_tty_write.constprop.0+0x520/0x900 [ 38.583469][ T3602] ? n_tty_check_unthrottle+0x440/0x440 [ 38.583483][ T3602] new_sync_write+0x38a/0x560 [ 38.583495][ T3602] ? new_sync_read+0x5f0/0x5f0 [ 38.583506][ T3602] ? _raw_spin_lock_irq+0x41/0x50 [ 38.583521][ T3602] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 38.583533][ T3602] ? security_file_permission+0xab/0xd0 [ 38.583550][ T3602] vfs_write+0x7c0/0xac0 [ 38.583562][ T3602] ksys_write+0x127/0x250 [ 38.583573][ T3602] ? __ia32_sys_read+0xb0/0xb0 [ 38.583584][ T3602] ? lockdep_hardirqs_on+0x79/0x100 [ 38.583596][ T3602] ? _raw_spin_unlock_irq+0x2a/0x40 [ 38.583609][ T3602] ? ptrace_notify+0xfa/0x140 [ 38.583626][ T3602] do_syscall_64+0x35/0xb0 [ 38.583640][ T3602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 38.583654][ T3602] RIP: 0033:0x7fc21001e929 [ 38.583665][ T3602] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 38.583677][ T3602] RSP: 002b:00007ffd810dbe08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 38.583689][ T3602] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc21001e929 [ 38.583697][ T3602] RDX: 00000000ffffffde RSI: 00000000200001c0 RDI: 0000000000000003 [ 38.583705][ T3602] RBP: 00007ffd810dbe20 R08: 0000000000000001 R09: 0000000000000000 [ 38.583712][ T3602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 38.583720][ T3602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 38.583730][ T3602] [ 39.554905][ T3602] CPU: 0 PID: 3602 Comm: syz-executor168 Not tainted 5.18.0-rc6-syzkaller-00161-gbc403203d65a #0 [ 39.565740][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.575784][ T3602] Call Trace: [ 39.579052][ T3602] [ 39.582143][ T3602] dump_stack_lvl+0xcd/0x134 [ 39.586726][ T3602] should_fail.cold+0x5/0xa [ 39.591216][ T3602] should_failslab+0x5/0x10 [ 39.595708][ T3602] __kmalloc+0x7e/0x350 [ 39.599844][ T3602] ? tty_buffer_alloc+0x23f/0x2a0 [ 39.604852][ T3602] tty_buffer_alloc+0x23f/0x2a0 [ 39.609891][ T3602] __tty_buffer_request_room+0x156/0x2a0 [ 39.615529][ T3602] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 39.621764][ T3602] pty_write+0x11c/0x1e0 [ 39.625998][ T3602] ? ptmx_open+0x360/0x360 [ 39.630408][ T3602] n_tty_write+0x410/0xfc0 [ 39.634820][ T3602] ? n_tty_check_unthrottle+0x440/0x440 [ 39.640351][ T3602] ? rcu_read_lock_sched_held+0x3a/0x70 [ 39.645891][ T3602] ? __init_waitqueue_head+0xd0/0xd0 [ 39.651166][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 39.657395][ T3602] ? __phys_addr+0xc4/0x140 [ 39.661888][ T3602] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 39.668116][ T3602] ? __phys_addr_symbol+0x2c/0x70 [ 39.673310][ T3602] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 39.679029][ T3602] ? __check_object_size+0x16c/0x4f0 [ 39.684322][ T3602] file_tty_write.constprop.0+0x520/0x900 [ 39.690050][ T3602] ? n_tty_check_unthrottle+0x440/0x440 [ 39.695884][ T3602] new_sync_write+0x38a/0x560 [ 39.702897][ T3602] ? new_sync_read+0x5f0/0x5f0 [ 39.707652][ T3602] ? _raw_spin_lock_irq+0x41/0x50 [ 39.712667][ T3602] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 39.718927][ T3602] ? security_file_permission+0xab/0xd0 [ 39.724462][ T3602] vfs_write+0x7c0/0xac0 [ 39.728694][ T3602] ksys_write+0x127/0x250 [ 39.733008][ T3602] ? __ia32_sys_read+0xb0/0xb0 [ 39.737769][ T3602] ? lockdep_hardirqs_on+0x79/0x100 [ 39.742958][ T3602] ? _raw_spin_unlock_irq+0x2a/0x40 [ 39.748318][ T3602] ? ptrace_notify+0xfa/0x140 [ 39.752985][ T3602] do_syscall_64+0x35/0xb0 [ 39.757478][ T3602] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 39.763361][ T3602] RIP: 0033:0x7fc21001e929 [ 39.767762][ T3602] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.787797][ T3602] RSP: 002b:00007ffd810dbe08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 39.796207][ T3602] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc21001e929 [ 39.804168][ T3602] RDX: 00000000ffffffde RSI: 00000000200001c0 RDI: 0000000000000003 [ 39.813529][ T3602] RBP: 00007ffd810dbe20 R08: 0000000000000001 R09: 0000000000000000 [ 39.821772][ T3602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 39.829731][ T3602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.837707][ T3602]