./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1707424301
<...>
Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts.
execve("./syz-executor1707424301", ["./syz-executor1707424301"], 0x7ffc521b8f80 /* 10 vars */) = 0
brk(NULL) = 0x555556404000
brk(0x555556404c40) = 0x555556404c40
arch_prctl(ARCH_SET_FS, 0x555556404300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1707424301", 4096) = 28
brk(0x555556425c40) = 0x555556425c40
brk(0x555556426000) = 0x555556426000
mprotect(0x7fe7d7fb0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_NOFOLLOW|FASYNC) = 3
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
write(4, "5", 1) = 1
syzkaller login: [ 49.477299][ T3597] FAULT_INJECTION: forcing a failure.
[ 49.477299][ T3597] name failslab, interval 1, probability 0, space 0, times 1
[ 49.477591][ T3597]
[ 49.477597][ T3597] ======================================================
[ 49.477603][ T3597] WARNING: possible circular locking dependency detected
[ 49.477609][ T3597] 5.18.0-rc7-syzkaller-00181-geaea45fc0e7b #0 Not tainted
[ 49.477621][ T3597] ------------------------------------------------------
[ 49.477626][ T3597] syz-executor170/3597 is trying to acquire lock:
[ 49.477636][ T3597] ffffffff8bc90700 (console_owner){....}-{0:0}, at: console_unlock+0x35e/0xdd0
[ 49.477696][ T3597]
[ 49.477696][ T3597] but task is already holding lock:
[ 49.477701][ T3597] ffff88801eef3158 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[ 49.477747][ T3597]
[ 49.477747][ T3597] which lock already depends on the new lock.
[ 49.477747][ T3597]
[ 49.477752][ T3597]
[ 49.477752][ T3597] the existing dependency chain (in reverse order) is:
[ 49.477758][ T3597]
[ 49.477758][ T3597] -> #2 (&port->lock){-...}-{2:2}:
[ 49.477782][ T3597] _raw_spin_lock_irqsave+0x39/0x50
[ 49.477809][ T3597] tty_port_tty_get+0x1f/0x100
[ 49.477831][ T3597] tty_port_default_wakeup+0x11/0x40
[ 49.477853][ T3597] serial8250_tx_chars+0x4f3/0xa50
[ 49.477878][ T3597] serial8250_handle_irq.part.0+0x328/0x3d0
[ 49.477903][ T3597] serial8250_default_handle_irq+0xb2/0x220
[ 49.477929][ T3597] serial8250_interrupt+0xfd/0x200
[ 49.477951][ T3597] __handle_irq_event_percpu+0x22b/0x880
[ 49.477971][ T3597] handle_irq_event+0xa7/0x1e0
[ 49.477989][ T3597] handle_edge_irq+0x25f/0xd00
[ 49.478011][ T3597] __common_interrupt+0x9d/0x210
[ 49.478031][ T3597] common_interrupt+0xa4/0xc0
[ 49.478048][ T3597] asm_common_interrupt+0x1e/0x40
[ 49.478077][ T3597] acpi_idle_do_entry+0x1c6/0x250
[ 49.478098][ T3597] acpi_idle_enter+0x361/0x500
[ 49.478116][ T3597] cpuidle_enter_state+0x1b1/0xc80
[ 49.478136][ T3597] cpuidle_enter+0x4a/0xa0
[ 49.478153][ T3597] do_idle+0x3e8/0x590
[ 49.478170][ T3597] cpu_startup_entry+0x14/0x20
[ 49.478188][ T3597] rest_init+0x169/0x270
[ 49.478207][ T3597] arch_call_rest_init+0xf/0x14
[ 49.478227][ T3597] start_kernel+0x47f/0x4a0
[ 49.478245][ T3597] secondary_startup_64_no_verify+0xc3/0xcb
[ 49.478269][ T3597]
[ 49.478269][ T3597] -> #1 (&port_lock_key){-...}-{2:2}:
[ 49.478294][ T3597] _raw_spin_lock_irqsave+0x39/0x50
[ 49.478316][ T3597] serial8250_console_write+0x9cb/0xc30
[ 49.478341][ T3597] console_unlock+0x9bc/0xdd0
[ 49.478363][ T3597] vprintk_emit+0x1b4/0x5f0
[ 49.478386][ T3597] vprintk+0x80/0x90
[ 49.478408][ T3597] _printk+0xba/0xed
[ 49.478428][ T3597] register_console+0x410/0x7c0
[ 49.478451][ T3597] univ8250_console_init+0x3a/0x46
[ 49.478476][ T3597] console_init+0x3c1/0x58d
[ 49.478499][ T3597] start_kernel+0x30b/0x4a0
[ 49.478517][ T3597] secondary_startup_64_no_verify+0xc3/0xcb
[ 49.478541][ T3597]
[ 49.478541][ T3597] -> #0 (console_owner){....}-{0:0}:
[ 49.478565][ T3597] __lock_acquire+0x2ac6/0x56c0
[ 49.478589][ T3597] lock_acquire+0x1ab/0x510
[ 49.478611][ T3597] console_unlock+0x3b1/0xdd0
[ 49.478634][ T3597] vprintk_emit+0x1b4/0x5f0
[ 49.478656][ T3597] vprintk+0x80/0x90
[ 49.478678][ T3597] _printk+0xba/0xed
[ 49.478698][ T3597] should_fail+0x472/0x5a0
[ 49.478717][ T3597] should_failslab+0x5/0x10
[ 49.478737][ T3597] __kmalloc+0x7e/0x350
[ 49.478754][ T3597] tty_buffer_alloc+0x23f/0x2a0
[ 49.478775][ T3597] __tty_buffer_request_room+0x156/0x2a0
[ 49.478797][ T3597] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 49.478820][ T3597] pty_write+0x11c/0x1e0
[ 49.478840][ T3597] n_tty_write+0xa7a/0xfc0
[ 49.478858][ T3597] file_tty_write.constprop.0+0x520/0x900
[ 49.478884][ T3597] new_sync_write+0x38a/0x560
[ 49.478903][ T3597] vfs_write+0x7c0/0xac0
[ 49.478920][ T3597] ksys_write+0x127/0x250
[ 49.478938][ T3597] do_syscall_64+0x35/0xb0
[ 49.478961][ T3597] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.478985][ T3597]
[ 49.478985][ T3597] other info that might help us debug this:
[ 49.478985][ T3597]
[ 49.478989][ T3597] Chain exists of:
[ 49.478989][ T3597] console_owner --> &port_lock_key --> &port->lock
[ 49.478989][ T3597]
[ 49.479017][ T3597] Possible unsafe locking scenario:
[ 49.479017][ T3597]
[ 49.479020][ T3597] CPU0 CPU1
[ 49.479024][ T3597] ---- ----
[ 49.479028][ T3597] lock(&port->lock);
[ 49.479039][ T3597] lock(&port_lock_key);
[ 49.479051][ T3597] lock(&port->lock);
[ 49.479067][ T3597] lock(console_owner);
[ 49.479078][ T3597]
[ 49.479078][ T3597] *** DEADLOCK ***
[ 49.479078][ T3597]
[ 49.479081][ T3597] 6 locks held by syz-executor170/3597:
[ 49.479093][ T3597] #0: ffff8880162b2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80
[ 49.479142][ T3597] #1: ffff8880162b2130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x299/0x900
[ 49.479197][ T3597] #2: ffff8880162b22e8 (&tty->termios_rwsem){++++}-{3:3}, at: n_tty_write+0x1bf/0xfc0
[ 49.479243][ T3597] #3: ffffc900013da378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0xa47/0xfc0
[ 49.479288][ T3597] #4: ffff88801eef3158 (&port->lock){-...}-{2:2}, at: pty_write+0xea/0x1e0
[ 49.479336][ T3597] #5: ffffffff8bd70b40 (console_lock){+.+.}-{0:0}, at: vprintk+0x80/0x90
[ 49.479386][ T3597]
[ 49.479386][ T3597] stack backtrace:
[ 49.479390][ T3597] CPU: 1 PID: 3597 Comm: syz-executor170 Not tainted 5.18.0-rc7-syzkaller-00181-geaea45fc0e7b #0
[ 49.479413][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 49.479424][ T3597] Call Trace:
[ 49.479430][ T3597]
[ 49.479437][ T3597] dump_stack_lvl+0xcd/0x134
[ 49.479464][ T3597] check_noncircular+0x25f/0x2e0
[ 49.479489][ T3597] ? print_circular_bug+0x1e0/0x1e0
[ 49.479514][ T3597] ? __pv_queued_spin_lock_slowpath+0x254/0xb40
[ 49.479546][ T3597] ? add_lock_to_list.constprop.0+0x185/0x370
[ 49.479574][ T3597] __lock_acquire+0x2ac6/0x56c0
[ 49.479604][ T3597] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 49.479631][ T3597] ? msg_add_ext_text+0x1d0/0x1d0
[ 49.479660][ T3597] lock_acquire+0x1ab/0x510
[ 49.479683][ T3597] ? console_unlock+0x35e/0xdd0
[ 49.479709][ T3597] ? lock_release+0x720/0x720
[ 49.479733][ T3597] ? lock_downgrade+0x6e0/0x6e0
[ 49.479758][ T3597] ? do_raw_spin_lock+0x120/0x2a0
[ 49.479784][ T3597] ? rwlock_bug.part.0+0x90/0x90
[ 49.479810][ T3597] ? prb_final_commit+0x64/0xa0
[ 49.479838][ T3597] console_unlock+0x3b1/0xdd0
[ 49.479862][ T3597] ? console_unlock+0x35e/0xdd0
[ 49.479889][ T3597] ? devkmsg_read+0x730/0x730
[ 49.479913][ T3597] ? lock_release+0x720/0x720
[ 49.479943][ T3597] ? vprintk+0x80/0x90
[ 49.479969][ T3597] vprintk_emit+0x1b4/0x5f0
[ 49.479996][ T3597] vprintk+0x80/0x90
[ 49.480020][ T3597] _printk+0xba/0xed
[ 49.480041][ T3597] ? record_print_text.cold+0x16/0x16
[ 49.480073][ T3597] ? lock_release+0x720/0x720
[ 49.480097][ T3597] ? ___ratelimit+0x222/0x4b0
[ 49.480119][ T3597] should_fail+0x472/0x5a0
[ 49.480141][ T3597] should_failslab+0x5/0x10
[ 49.480161][ T3597] __kmalloc+0x7e/0x350
[ 49.480180][ T3597] ? tty_buffer_alloc+0x23f/0x2a0
[ 49.480204][ T3597] tty_buffer_alloc+0x23f/0x2a0
[ 49.480227][ T3597] __tty_buffer_request_room+0x156/0x2a0
[ 49.480252][ T3597] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 49.480281][ T3597] pty_write+0x11c/0x1e0
[ 49.480306][ T3597] n_tty_write+0xa7a/0xfc0
[ 49.480327][ T3597] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.480348][ T3597] ? _copy_from_iter+0x12b/0x15a0
[ 49.480374][ T3597] ? n_tty_check_unthrottle+0x440/0x440
[ 49.480395][ T3597] ? rcu_read_lock_sched_held+0x3a/0x70
[ 49.480420][ T3597] ? __init_waitqueue_head+0xd0/0xd0
[ 49.480445][ T3597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.480467][ T3597] ? __phys_addr+0xc4/0x140
[ 49.480491][ T3597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 49.480513][ T3597] ? __phys_addr_symbol+0x2c/0x70
[ 49.480538][ T3597] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 49.480558][ T3597] ? __check_object_size+0x16c/0x4f0
[ 49.480585][ T3597] file_tty_write.constprop.0+0x520/0x900
[ 49.480612][ T3597] ? n_tty_check_unthrottle+0x440/0x440
[ 49.480637][ T3597] new_sync_write+0x38a/0x560
[ 49.480658][ T3597] ? new_sync_read+0x5f0/0x5f0
[ 49.480677][ T3597] ? _raw_spin_lock_irq+0x41/0x50
[ 49.480705][ T3597] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 49.480727][ T3597] ? security_file_permission+0xab/0xd0
[ 49.480755][ T3597] vfs_write+0x7c0/0xac0
[ 49.480777][ T3597] ksys_write+0x127/0x250
[ 49.480797][ T3597] ? __ia32_sys_read+0xb0/0xb0
[ 49.480816][ T3597] ? lockdep_hardirqs_on+0x79/0x100
[ 49.480838][ T3597] ? _raw_spin_unlock_irq+0x2a/0x40
[ 49.480860][ T3597] ? ptrace_notify+0xfa/0x140
[ 49.480889][ T3597] do_syscall_64+0x35/0xb0
[ 49.480914][ T3597] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 49.480940][ T3597] RIP: 0033:0x7fe7d7f43669
[ 49.480956][ T3597] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.480975][ T3597] RSP: 002b:00007ffc1aad1d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 49.480994][ T3597] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe7d7f43669
[ 49.481008][ T3597] RDX: 00000000ffffff0b RSI: 0000000020c34fff RDI: 0000000000000003
[ 49.481021][ T3597] RBP: 00007ffc1aad1d30 R08: 0000000000000001 R09: 00007fe7d7f00035
[ 49.481035][ T3597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 49.481048][ T3597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 49.481073][ T3597]
[ 50.433006][ T3597] CPU: 1 PID: 3597 Comm: syz-executor170 Not tainted 5.18.0-rc7-syzkaller-00181-geaea45fc0e7b #0
[ 50.443502][ T3597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 50.453562][ T3597] Call Trace:
[ 50.456848][ T3597]
[ 50.459771][ T3597] dump_stack_lvl+0xcd/0x134
[ 50.464374][ T3597] should_fail.cold+0x5/0xa
[ 50.468881][ T3597] should_failslab+0x5/0x10
[ 50.473733][ T3597] __kmalloc+0x7e/0x350
[ 50.477908][ T3597] ? tty_buffer_alloc+0x23f/0x2a0
[ 50.483059][ T3597] tty_buffer_alloc+0x23f/0x2a0
[ 50.487903][ T3597] __tty_buffer_request_room+0x156/0x2a0
[ 50.493990][ T3597] tty_insert_flip_string_fixed_flag+0x8c/0x240
[ 50.501111][ T3597] pty_write+0x11c/0x1e0
[ 50.505359][ T3597] n_tty_write+0xa7a/0xfc0
[ 50.509768][ T3597] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 50.515484][ T3597] ? _copy_from_iter+0x12b/0x15a0
[ 50.520516][ T3597] ? n_tty_check_unthrottle+0x440/0x440
[ 50.526062][ T3597] ? rcu_read_lock_sched_held+0x3a/0x70
[ 50.531611][ T3597] ? __init_waitqueue_head+0xd0/0xd0
[ 50.536895][ T3597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.543259][ T3597] ? __phys_addr+0xc4/0x140
[ 50.547767][ T3597] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 50.554000][ T3597] ? __phys_addr_symbol+0x2c/0x70
[ 50.559018][ T3597] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 50.564732][ T3597] ? __check_object_size+0x16c/0x4f0
[ 50.570019][ T3597] file_tty_write.constprop.0+0x520/0x900
[ 50.575735][ T3597] ? n_tty_check_unthrottle+0x440/0x440
[ 50.581272][ T3597] new_sync_write+0x38a/0x560
[ 50.585938][ T3597] ? new_sync_read+0x5f0/0x5f0
[ 50.590690][ T3597] ? _raw_spin_lock_irq+0x41/0x50
[ 50.595705][ T3597] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 50.601934][ T3597] ? security_file_permission+0xab/0xd0
[ 50.607518][ T3597] vfs_write+0x7c0/0xac0
[ 50.611874][ T3597] ksys_write+0x127/0x250
[ 50.616203][ T3597] ? __ia32_sys_read+0xb0/0xb0
[ 50.620955][ T3597] ? lockdep_hardirqs_on+0x79/0x100
[ 50.626147][ T3597] ? _raw_spin_unlock_irq+0x2a/0x40
[ 50.631351][ T3597] ? ptrace_notify+0xfa/0x140
[ 50.636034][ T3597] do_syscall_64+0x35/0xb0
[ 50.640446][ T3597] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 50.646333][ T3597] RIP: 0033:0x7fe7d7f43669
[ 50.650737][ T3597] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.670342][ T3597] RSP: 002b:00007ffc1aad1d28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4294967051) = 13824
exit_group(0) = ?
[ 50.678749][ T3597] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe7d7f43669
[ 50.686730][ T3597] RDX: 00000000ffffff0b RSI: 0000000020c34fff RDI: 0000000000000003
[ 50.694688][ T3597] RBP: 00007ffc1aad1d30 R08: 0000000000000001 R09: 00007fe7d7f00035
[ 50.702648][ T3597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 50.710691][ T3597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 50.718652][ T3597]
+++ exited with 0 +++