./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1456067800 <...> forked to background, child pid 3177 no interfaces have a carrier [ 26.311426][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.322120][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. execve("./syz-executor1456067800", ["./syz-executor1456067800"], 0x7ffebe521230 /* 10 vars */) = 0 brk(NULL) = 0x555556077000 brk(0x555556077c40) = 0x555556077c40 arch_prctl(ARCH_SET_FS, 0x555556077300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1456067800", 4096) = 28 brk(0x555556098c40) = 0x555556098c40 brk(0x555556099000) = 0x555556099000 mprotect(0x7fc251bba000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3600 attached , child_tidptr=0x5555560775d0) = 3600 [pid 3600] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3600] setsid() = 1 [pid 3600] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3600] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3600] unshare(CLONE_NEWNS) = 0 [pid 3600] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3600] unshare(CLONE_NEWIPC) = 0 [pid 3600] unshare(CLONE_NEWCGROUP) = 0 [pid 3600] unshare(CLONE_NEWUTS) = 0 [pid 3600] unshare(CLONE_SYSVSEM) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "16777216", 8) = 8 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "536870912", 9) = 9 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "8192", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024", 4) = 4 [pid 3600] close(3) = 0 [pid 3600] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3600] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3600] close(3) = 0 [pid 3600] getpid() = 1 [pid 3600] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<lock){-.-.}-{2:2}, at: pty_write+0xea/0x1e0 [ 51.441403][ T3600] [ 51.441403][ T3600] which lock already depends on the new lock. [ 51.441403][ T3600] [ 51.441406][ T3600] [ 51.441406][ T3600] the existing dependency chain (in reverse order) is: [ 51.441409][ T3600] [ 51.441409][ T3600] -> #2 (&port->lock){-.-.}-{2:2}: [ 51.441424][ T3600] _raw_spin_lock_irqsave+0x39/0x50 [ 51.441442][ T3600] tty_port_tty_get+0x1f/0x100 [ 51.441455][ T3600] tty_port_default_wakeup+0x11/0x40 [ 51.441467][ T3600] serial8250_tx_chars+0x4f3/0xa50 [ 51.441482][ T3600] serial8250_handle_irq.part.0+0x328/0x3d0 [ 51.441496][ T3600] serial8250_default_handle_irq+0xb2/0x220 [ 51.441510][ T3600] serial8250_interrupt+0xfd/0x200 [ 51.441523][ T3600] __handle_irq_event_percpu+0x22b/0x880 [ 51.441534][ T3600] handle_irq_event+0xa7/0x1e0 [ 51.441545][ T3600] handle_edge_irq+0x25f/0xd00 [ 51.441557][ T3600] __common_interrupt+0x9d/0x210 [ 51.441570][ T3600] common_interrupt+0xa4/0xc0 [ 51.441584][ T3600] asm_common_interrupt+0x1e/0x40 [ 51.441597][ T3600] acpi_idle_do_entry+0x1c6/0x250 [ 51.441608][ T3600] acpi_idle_enter+0x361/0x500 [ 51.441619][ T3600] cpuidle_enter_state+0x1b1/0xc80 [ 51.441630][ T3600] cpuidle_enter+0x4a/0xa0 [ 51.441640][ T3600] do_idle+0x3e8/0x590 [ 51.441650][ T3600] cpu_startup_entry+0x14/0x20 [ 51.441661][ T3600] rest_init+0x169/0x270 [ 51.441672][ T3600] arch_call_rest_init+0xf/0x14 [ 51.441683][ T3600] start_kernel+0x47f/0x4a0 [ 51.441693][ T3600] secondary_startup_64_no_verify+0xc3/0xcb [ 51.441707][ T3600] [ 51.441707][ T3600] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 51.441722][ T3600] _raw_spin_lock_irqsave+0x39/0x50 [ 51.441734][ T3600] serial8250_console_write+0x9cb/0xc30 [ 51.441748][ T3600] console_unlock+0x9bc/0xdd0 [ 51.441761][ T3600] vprintk_emit+0x1b4/0x5f0 [ 51.441773][ T3600] vprintk+0x80/0x90 [ 51.441786][ T3600] _printk+0xba/0xed [ 51.441798][ T3600] register_console+0x410/0x7c0 [ 51.441811][ T3600] univ8250_console_init+0x3a/0x46 [ 51.441825][ T3600] console_init+0x3c1/0x58d [ 51.441839][ T3600] start_kernel+0x30b/0x4a0 [ 51.441849][ T3600] secondary_startup_64_no_verify+0xc3/0xcb [ 51.441862][ T3600] [ 51.441862][ T3600] -> #0 (console_owner){....}-{0:0}: [ 51.441876][ T3600] __lock_acquire+0x2ac6/0x56c0 [ 51.441890][ T3600] lock_acquire+0x1ab/0x510 [ 51.441902][ T3600] console_unlock+0x3b1/0xdd0 [ 51.441915][ T3600] vprintk_emit+0x1b4/0x5f0 [ 51.441928][ T3600] vprintk+0x80/0x90 [ 51.441940][ T3600] _printk+0xba/0xed [ 51.441951][ T3600] should_fail+0x472/0x5a0 [ 51.441962][ T3600] should_failslab+0x5/0x10 [ 51.441974][ T3600] __kmalloc+0x7e/0x350 [ 51.441985][ T3600] tty_buffer_alloc+0x23f/0x2a0 [ 51.441997][ T3600] __tty_buffer_request_room+0x156/0x2a0 [ 51.442009][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 51.442022][ T3600] pty_write+0x11c/0x1e0 [ 51.442034][ T3600] n_tty_write+0xa7a/0xfc0 [ 51.442044][ T3600] file_tty_write.constprop.0+0x520/0x900 [ 51.442059][ T3600] new_sync_write+0x38a/0x560 [ 51.442070][ T3600] vfs_write+0x7c0/0xac0 [ 51.442086][ T3600] ksys_write+0x127/0x250 [ 51.442096][ T3600] do_syscall_64+0x35/0xb0 [ 51.442109][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.442122][ T3600] [ 51.442122][ T3600] other info that might help us debug this: [ 51.442122][ T3600] [ 51.442125][ T3600] Chain exists of: [ 51.442125][ T3600] console_owner --> &port_lock_key --> &port->lock [ 51.442125][ T3600] [ 51.442141][ T3600] Possible unsafe locking scenario: [ 51.442141][ T3600] [ 51.442143][ T3600] CPU0 CPU1 [ 51.442145][ T3600] ---- ---- [ 51.442148][ T3600] lock(&port->lock); [ 51.442154][ T3600] lock(&port_lock_key); [ 51.442161][ T3600] lock(&port->lock); [ 51.442167][ T3600] lock(console_owner); [ 51.442173][ T3600] [ 51.442173][ T3600] *** DEADLOCK *** [ 51.442173][ T3600] [ 51.442175][ T3600] 6 locks held by syz-executor145/3600: [ 51.442182][ T3600] #0: ffff88807acc7098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 51.442210][ T3600] #1: ffff88807acc7130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x299/0x900 [ 51.442241][ T3600] #2: ffff88807acc72e8 (&tty->termios_rwsem){++++}-{3:3}, at: n_tty_write+0x1bf/0xfc0 [ 51.442268][ T3600] #3: ffffc900013e8378 (&ldata->output_lock){+.+.}-{3:3}, at: n_tty_write+0xa47/0xfc0 [ 51.442294][ T3600] #4: ffff88807adec958 (&port->lock){-.-.}-{2:2}, at: pty_write+0xea/0x1e0 [ 51.442331][ T3600] #5: ffffffff8bd70b40 (console_lock){+.+.}-{0:0}, at: vprintk+0x80/0x90 [ 51.442371][ T3600] [ 51.442371][ T3600] stack backtrace: [ 51.442374][ T3600] CPU: 0 PID: 3600 Comm: syz-executor145 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0 [ 51.442388][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.442396][ T3600] Call Trace: [ 51.442400][ T3600] [ 51.442405][ T3600] dump_stack_lvl+0xcd/0x134 [ 51.442422][ T3600] check_noncircular+0x25f/0x2e0 [ 51.442435][ T3600] ? filter_irq_stacks+0x90/0x90 [ 51.442451][ T3600] ? print_circular_bug+0x1e0/0x1e0 [ 51.442465][ T3600] ? pointer+0x950/0x950 [ 51.442479][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.442494][ T3600] ? add_lock_to_list.constprop.0+0x185/0x370 [ 51.442510][ T3600] __lock_acquire+0x2ac6/0x56c0 [ 51.442526][ T3600] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 51.442541][ T3600] ? msg_add_ext_text+0x1d0/0x1d0 [ 51.442557][ T3600] lock_acquire+0x1ab/0x510 [ 51.442570][ T3600] ? console_unlock+0x35e/0xdd0 [ 51.442584][ T3600] ? lock_release+0x720/0x720 [ 51.442598][ T3600] ? lock_downgrade+0x6e0/0x6e0 [ 51.442612][ T3600] ? do_raw_spin_lock+0x120/0x2a0 [ 51.442626][ T3600] ? rwlock_bug.part.0+0x90/0x90 [ 51.442641][ T3600] ? prb_final_commit+0x64/0xa0 [ 51.442656][ T3600] console_unlock+0x3b1/0xdd0 [ 51.442670][ T3600] ? console_unlock+0x35e/0xdd0 [ 51.442684][ T3600] ? devkmsg_read+0x730/0x730 [ 51.442698][ T3600] ? lock_release+0x720/0x720 [ 51.442714][ T3600] ? vprintk+0x80/0x90 [ 51.442729][ T3600] vprintk_emit+0x1b4/0x5f0 [ 51.442742][ T3600] ? add_lock_to_list.constprop.0+0x185/0x370 [ 51.442757][ T3600] vprintk+0x80/0x90 [ 51.442771][ T3600] _printk+0xba/0xed [ 51.442783][ T3600] ? record_print_text.cold+0x16/0x16 [ 51.442798][ T3600] ? ___ratelimit+0x222/0x4b0 [ 51.442811][ T3600] should_fail+0x472/0x5a0 [ 51.442823][ T3600] should_failslab+0x5/0x10 [ 51.442834][ T3600] __kmalloc+0x7e/0x350 [ 51.442845][ T3600] ? tty_buffer_alloc+0x23f/0x2a0 [ 51.442858][ T3600] tty_buffer_alloc+0x23f/0x2a0 [ 51.442871][ T3600] __tty_buffer_request_room+0x156/0x2a0 [ 51.442885][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 51.442901][ T3600] pty_write+0x11c/0x1e0 [ 51.442915][ T3600] n_tty_write+0xa7a/0xfc0 [ 51.442927][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 51.442939][ T3600] ? _copy_from_iter+0x12b/0x15a0 [ 51.442953][ T3600] ? n_tty_check_unthrottle+0x440/0x440 [ 51.442965][ T3600] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.442980][ T3600] ? __init_waitqueue_head+0xd0/0xd0 [ 51.442994][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.443006][ T3600] ? __phys_addr+0xc4/0x140 [ 51.443020][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 51.443033][ T3600] ? __phys_addr_symbol+0x2c/0x70 [ 51.443046][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 51.443058][ T3600] ? __check_object_size+0x16c/0x4f0 [ 51.443072][ T3600] file_tty_write.constprop.0+0x520/0x900 [ 51.443092][ T3600] ? n_tty_check_unthrottle+0x440/0x440 [ 51.443106][ T3600] new_sync_write+0x38a/0x560 [ 51.443117][ T3600] ? new_sync_read+0x5f0/0x5f0 [ 51.443129][ T3600] ? _raw_spin_lock_irq+0x41/0x50 [ 51.443144][ T3600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 51.443156][ T3600] ? security_file_permission+0xab/0xd0 [ 51.443173][ T3600] vfs_write+0x7c0/0xac0 [ 51.443185][ T3600] ksys_write+0x127/0x250 [ 51.443196][ T3600] ? __ia32_sys_read+0xb0/0xb0 [ 51.443207][ T3600] ? lockdep_hardirqs_on+0x79/0x100 [ 51.443219][ T3600] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.443232][ T3600] ? ptrace_notify+0xfa/0x140 [ 51.443248][ T3600] do_syscall_64+0x35/0xb0 [ 51.443262][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 51.443276][ T3600] RIP: 0033:0x7fc251b468c9 [ 51.443286][ T3600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.443298][ T3600] RSP: 002b:00007ffe0f8edbc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.443310][ T3600] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc251b468c9 [ 51.443318][ T3600] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 51.443326][ T3600] RBP: 00007ffe0f8edc20 R08: 0000000000000001 R09: 0000000000000000 [ 51.443334][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 51.443341][ T3600] R13: 00007ffe0f8edc0a R14: 00007ffe0f8edc40 R15: 0000000000000046 [ 51.443353][ T3600] [ 52.404248][ T3600] CPU: 0 PID: 3600 Comm: syz-executor145 Not tainted 5.18.0-rc6-syzkaller-00007-g9be9ed2612b5 #0 [ 52.414730][ T3600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.424767][ T3600] Call Trace: [ 52.428036][ T3600] [ 52.430952][ T3600] dump_stack_lvl+0xcd/0x134 [ 52.435543][ T3600] should_fail.cold+0x5/0xa [ 52.440035][ T3600] should_failslab+0x5/0x10 [ 52.444536][ T3600] __kmalloc+0x7e/0x350 [ 52.448675][ T3600] ? tty_buffer_alloc+0x23f/0x2a0 [ 52.453687][ T3600] tty_buffer_alloc+0x23f/0x2a0 [ 52.458526][ T3600] __tty_buffer_request_room+0x156/0x2a0 [ 52.464240][ T3600] tty_insert_flip_string_fixed_flag+0x8c/0x240 [ 52.470472][ T3600] pty_write+0x11c/0x1e0 [ 52.474705][ T3600] n_tty_write+0xa7a/0xfc0 [ 52.479106][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 52.484809][ T3600] ? _copy_from_iter+0x12b/0x15a0 [ 52.489824][ T3600] ? n_tty_check_unthrottle+0x440/0x440 [ 52.495352][ T3600] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.500887][ T3600] ? __init_waitqueue_head+0xd0/0xd0 [ 52.506249][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.512473][ T3600] ? __phys_addr+0xc4/0x140 [ 52.516989][ T3600] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 52.523224][ T3600] ? __phys_addr_symbol+0x2c/0x70 [ 52.528235][ T3600] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 52.533939][ T3600] ? __check_object_size+0x16c/0x4f0 [ 52.539221][ T3600] file_tty_write.constprop.0+0x520/0x900 [ 52.544932][ T3600] ? n_tty_check_unthrottle+0x440/0x440 [ 52.550466][ T3600] new_sync_write+0x38a/0x560 [ 52.555129][ T3600] ? new_sync_read+0x5f0/0x5f0 [ 52.559876][ T3600] ? _raw_spin_lock_irq+0x41/0x50 [ 52.564895][ T3600] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 52.571121][ T3600] ? security_file_permission+0xab/0xd0 [ 52.576655][ T3600] vfs_write+0x7c0/0xac0 [ 52.580884][ T3600] ksys_write+0x127/0x250 [ 52.585198][ T3600] ? __ia32_sys_read+0xb0/0xb0 [ 52.589953][ T3600] ? lockdep_hardirqs_on+0x79/0x100 [ 52.595144][ T3600] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.600327][ T3600] ? ptrace_notify+0xfa/0x140 [ 52.605003][ T3600] do_syscall_64+0x35/0xb0 [ 52.609414][ T3600] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 52.615303][ T3600] RIP: 0033:0x7fc251b468c9 [ 52.619703][ T3600] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.639295][ T3600] RSP: 002b:00007ffe0f8edbc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.647694][ T3600] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc251b468c9 [ 52.655647][ T3600] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 52.663603][ T3600] RBP: 00007ffe0f8edc20 R08: 0000000000000001 R09: 0000000000000000 [ 52.671644][ T3600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.679600][ T3600] R13: 00007ffe0f8edc0a R14: 00007ffe0f8edc40 R15: 0000000000000046 [ 52.687650][ T3600]