RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007f49d340eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000016
R13: 00007ffe7192d33f R14: 00007f49d340f9c0 R15: 000000000119bf8c
======================================================
WARNING: possible circular locking dependency detected
4.14.213-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.2/32649 is trying to acquire lock:
 (console_owner){-.-.}, at: [<ffffffff8145aa4a>] console_trylock_spinning kernel/printk/printk.c:1658 [inline]
 (console_owner){-.-.}, at: [<ffffffff8145aa4a>] vprintk_emit+0x32a/0x620 kernel/printk/printk.c:1922

but task is already holding lock:
 (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835f0cab>] pty_write+0xdb/0x1d0 drivers/tty/pty.c:120

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&(&port->lock)->rlock){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
       tty_port_tty_get+0x1d/0x80 drivers/tty/tty_port.c:288
       tty_port_default_wakeup+0x11/0x40 drivers/tty/tty_port.c:46
       serial8250_tx_chars+0x3fe/0xbf0 drivers/tty/serial/8250/8250_port.c:1810
       serial8250_handle_irq.part.0+0x28d/0x330 drivers/tty/serial/8250/8250_port.c:1897
       serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1870 [inline]
       serial8250_default_handle_irq+0x8a/0x1f0 drivers/tty/serial/8250/8250_port.c:1913
       serial8250_interrupt+0xf3/0x210 drivers/tty/serial/8250/8250_core.c:129
       __handle_irq_event_percpu+0xee/0x7f0 kernel/irq/handle.c:147
       handle_irq_event_percpu kernel/irq/handle.c:187 [inline]
       handle_irq_event+0xf0/0x246 kernel/irq/handle.c:204
       handle_edge_irq+0x224/0xc40 kernel/irq/chip.c:770
       generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
       handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87
       do_IRQ+0x93/0x1d0 arch/x86/kernel/irq.c:230
       ret_from_intr+0x0/0x1e
       arch_local_irq_enable arch/x86/include/asm/paravirt.h:789 [inline]
       __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline]
       _raw_spin_unlock_irq+0x50/0x80 kernel/locking/spinlock.c:200
       finish_lock_switch kernel/sched/sched.h:1346 [inline]
       finish_task_switch+0x178/0x610 kernel/sched/core.c:2675
       context_switch kernel/sched/core.c:2811 [inline]
       __schedule+0x893/0x1de0 kernel/sched/core.c:3384
       schedule+0x8d/0x1b0 kernel/sched/core.c:3428
       schedule_timeout+0x4af/0xe90 kernel/time/timer.c:1747
       rcu_gp_kthread+0xc0a/0x1e60 kernel/rcu/tree.c:2255
       kthread+0x30d/0x420 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

-> #1 (&port_lock_key){-.-.}:
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
       serial8250_console_write+0x7a7/0x9d0 drivers/tty/serial/8250/8250_port.c:3253
       call_console_drivers kernel/printk/printk.c:1725 [inline]
       console_unlock+0x99d/0xf20 kernel/printk/printk.c:2400
       vprintk_emit+0x224/0x620 kernel/printk/printk.c:1923
       vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
       printk+0x9e/0xbc kernel/printk/printk.c:1996
       register_console+0x6f4/0xad0 kernel/printk/printk.c:2719
       univ8250_console_init+0x2f/0x3a drivers/tty/serial/8250/8250_core.c:691
       console_init+0x46/0x53 kernel/printk/printk.c:2800
       start_kernel+0x52e/0x770 init/main.c:634
       secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240

-> #0 (console_owner){-.-.}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       console_trylock_spinning kernel/printk/printk.c:1679 [inline]
       vprintk_emit+0x367/0x620 kernel/printk/printk.c:1922
       vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
       printk+0x9e/0xbc kernel/printk/printk.c:1996
       fail_dump lib/fault-inject.c:44 [inline]
       should_fail.cold+0xdf/0x154 lib/fault-inject.c:149
       should_failslab+0xd6/0x130 mm/failslab.c:32
       slab_pre_alloc_hook mm/slab.h:421 [inline]
       slab_alloc mm/slab.c:3376 [inline]
       __do_kmalloc mm/slab.c:3718 [inline]
       __kmalloc+0x6d/0x400 mm/slab.c:3729
       kmalloc include/linux/slab.h:493 [inline]
       tty_buffer_alloc+0xc0/0x270 drivers/tty/tty_buffer.c:169
       __tty_buffer_request_room+0x12c/0x290 drivers/tty/tty_buffer.c:267
       tty_insert_flip_string_fixed_flag+0x8b/0x210 drivers/tty/tty_buffer.c:312
       tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
       pty_write+0x10d/0x1d0 drivers/tty/pty.c:122
       n_tty_write+0x85e/0xda0 drivers/tty/n_tty.c:2356
       do_tty_write drivers/tty/tty_io.c:959 [inline]
       tty_write+0x410/0x740 drivers/tty/tty_io.c:1043
       __vfs_write+0xe4/0x630 fs/read_write.c:480
       __kernel_write+0xf5/0x330 fs/read_write.c:501
       write_pipe_buf+0x143/0x1c0 fs/splice.c:797
       splice_from_pipe_feed fs/splice.c:502 [inline]
       __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
       splice_from_pipe fs/splice.c:661 [inline]
       default_file_splice_write+0xc5/0x150 fs/splice.c:809
       do_splice_from fs/splice.c:851 [inline]
       direct_splice_actor+0x115/0x160 fs/splice.c:1018
       splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
       do_splice_direct+0x164/0x210 fs/splice.c:1061
       do_sendfile+0x47f/0xb30 fs/read_write.c:1441
       SYSC_sendfile64 fs/read_write.c:1502 [inline]
       SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

Chain exists of:
  console_owner --> &port_lock_key --> &(&port->lock)->rlock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&port->lock)->rlock);
                               lock(&port_lock_key);
                               lock(&(&port->lock)->rlock);
  lock(console_owner);

 *** DEADLOCK ***

5 locks held by syz-executor.2/32649:
 #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff835e4e32>] tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:284
 #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff835cd0cd>] tty_write_lock drivers/tty/tty_io.c:885 [inline]
 #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff835cd0cd>] do_tty_write drivers/tty/tty_io.c:908 [inline]
 #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff835cd0cd>] tty_write+0x22d/0x740 drivers/tty/tty_io.c:1043
 #2:  (&tty->termios_rwsem){++++}, at: [<ffffffff835d8cba>] n_tty_write+0x18a/0xda0 drivers/tty/n_tty.c:2316
 #3:  (&ldata->output_lock){+.+.}, at: [<ffffffff835d935b>] n_tty_write+0x82b/0xda0 drivers/tty/n_tty.c:2355
 #4:  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835f0cab>] pty_write+0xdb/0x1d0 drivers/tty/pty.c:120

stack backtrace:
CPU: 1 PID: 32649 Comm: syz-executor.2 Not tainted 4.14.213-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 console_trylock_spinning kernel/printk/printk.c:1679 [inline]
 vprintk_emit+0x367/0x620 kernel/printk/printk.c:1922
 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
 printk+0x9e/0xbc kernel/printk/printk.c:1996
 fail_dump lib/fault-inject.c:44 [inline]
 should_fail.cold+0xdf/0x154 lib/fault-inject.c:149
 should_failslab+0xd6/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 __do_kmalloc mm/slab.c:3718 [inline]
 __kmalloc+0x6d/0x400 mm/slab.c:3729
 kmalloc include/linux/slab.h:493 [inline]
 tty_buffer_alloc+0xc0/0x270 drivers/tty/tty_buffer.c:169
 __tty_buffer_request_room+0x12c/0x290 drivers/tty/tty_buffer.c:267
 tty_insert_flip_string_fixed_flag+0x8b/0x210 drivers/tty/tty_buffer.c:312
 tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
 pty_write+0x10d/0x1d0 drivers/tty/pty.c:122
 n_tty_write+0x85e/0xda0 drivers/tty/n_tty.c:2356
 do_tty_write drivers/tty/tty_io.c:959 [inline]
 tty_write+0x410/0x740 drivers/tty/tty_io.c:1043
 __vfs_write+0xe4/0x630 fs/read_write.c:480
 __kernel_write+0xf5/0x330 fs/read_write.c:501
 write_pipe_buf+0x143/0x1c0 fs/splice.c:797
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x326/0x7a0 fs/splice.c:626
 splice_from_pipe fs/splice.c:661 [inline]
 default_file_splice_write+0xc5/0x150 fs/splice.c:809
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x115/0x160 fs/splice.c:1018
 splice_direct_to_actor+0x27c/0x730 fs/splice.c:973
 do_splice_direct+0x164/0x210 fs/splice.c:1061
 do_sendfile+0x47f/0xb30 fs/read_write.c:1441
 SYSC_sendfile64 fs/read_write.c:1502 [inline]
 SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45e219
RSP: 002b:00007f49d340ec68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007f49d340eca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000001 R11: 0000000000000246 R12: 0000000000000016
R13: 00007ffe7192d33f R14: 00007f49d340f9c0 R15: 000000000119bf8c
EXT4-fs (loop0): VFS: Can't find ext4 filesystem
netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 25 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
audit: type=1804 audit(1609757551.422:221): pid=330 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir441774489/syzkaller.8PmFw5/13/bus" dev="sda1" ino=16874 res=1
audit: type=1804 audit(1609757551.432:222): pid=330 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir441774489/syzkaller.8PmFw5/13/bus" dev="sda1" ino=16874 res=1
audit: type=1804 audit(1609757551.452:223): pid=330 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir441774489/syzkaller.8PmFw5/13/bus" dev="sda1" ino=16874 res=1
audit: type=1804 audit(1609757551.462:224): pid=330 uid=0 auid=0 ses=4 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir441774489/syzkaller.8PmFw5/13/bus" dev="sda1" ino=16874 res=1
audit: type=1804 audit(1609757551.462:225): pid=341 uid=0 auid=0 ses=4 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir441774489/syzkaller.8PmFw5/13/bus" dev="sda1" ino=16874 res=1
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
BTRFS: device fsid f90cac8b-044b-4fa8-8bee-4b8d3da88dc2 devid 0 transid 0 /dev/loop1
BTRFS error (device loop1): superblock checksum mismatch
BTRFS error (device loop1): open_ctree failed
BTRFS error (device loop1): superblock checksum mismatch
BTRFS error (device loop1): open_ctree failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
FAULT_INJECTION: forcing a failure.
name fail_page_alloc, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 693 Comm: syz-executor.1 Not tainted 4.14.213-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
 should_fail_alloc_page mm/page_alloc.c:2898 [inline]
 prepare_alloc_pages mm/page_alloc.c:4131 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179
 alloc_pages_vma+0xd2/0x6d0 mm/mempolicy.c:2077
 alloc_zeroed_user_highpage_movable include/linux/highmem.h:184 [inline]
 do_anonymous_page mm/memory.c:3226 [inline]
 handle_pte_fault mm/memory.c:4080 [inline]
 __handle_mm_fault+0x25fa/0x4620 mm/memory.c:4206
 handle_mm_fault+0x306/0x7a0 mm/memory.c:4243
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1123
RIP: e33bb30f:0x7fb5f9baf9c0
RSP: 119bf80:00007fb5f9baeca0 EFLAGS: 00000000
syz-executor.1 invoked oom-killer: gfp_mask=0x0(), nodemask=(null),  order=0, oom_score_adj=1000
syz-executor.1 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 693 Comm: syz-executor.1 Not tainted 4.14.213-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 dump_header+0x178/0x82f mm/oom_kill.c:424
 oom_kill_process.cold+0x10/0xa69 mm/oom_kill.c:863
 out_of_memory mm/oom_kill.c:1075 [inline]
 out_of_memory+0xe3e/0x1190 mm/oom_kill.c:1025
 pagefault_out_of_memory+0xbb/0xc9 mm/oom_kill.c:1117
 mm_fault_error+0xad/0x2c0 arch/x86/mm/fault.c:1070
 __do_page_fault+0x93c/0xad0 arch/x86/mm/fault.c:1470
 page_fault+0x45/0x50 arch/x86/entry/entry_64.S:1123
RIP: e33bb30f:0x7fb5f9baf9c0
RSP: 119bf80:00007fb5f9baeca0 EFLAGS: 00000000
Mem-Info:
active_anon:203979 inactive_anon:4694 isolated_anon:0
 active_file:30579 inactive_file:101300 isolated_file:0
 unevictable:0 dirty:365 writeback:0 unstable:0
 slab_reclaimable:13396 slab_unreclaimable:130282
 mapped:61953 shmem:5057 pagetables:2488 bounce:0
 free:1147400 free_pcp:291 free_cma:0
Node 0 active_anon:815904kB inactive_anon:18776kB active_file:114124kB inactive_file:405188kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:247776kB dirty:1452kB writeback:0kB shmem:20228kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 323584kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 1 active_anon:12kB inactive_anon:0kB active_file:8192kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
Node 0 DMA free:15908kB min:204kB low:252kB high:300kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2717 2718 2718 2718
Node 0 DMA32 free:551032kB min:36200kB low:45248kB high:54296kB active_anon:815904kB inactive_anon:18776kB active_file:114124kB inactive_file:405188kB unevictable:0kB writepending:1456kB present:3129332kB managed:2788168kB mlocked:0kB kernel_stack:9472kB pagetables:9948kB bounce:0kB free_pcp:1160kB local_pcp:624kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 Normal free:0kB min:4kB low:4kB high:4kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:520kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:4022476kB min:53696kB low:67120kB high:80544kB active_anon:12kB inactive_anon:0kB active_file:8192kB inactive_file:12kB unevictable:0kB writepending:8kB present:4194304kB managed:4128256kB mlocked:0kB kernel_stack:64kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UME) = 15908kB
Node 0 DMA32: 1983*4kB (UMEH) 1421*8kB (UMEH) 733*16kB (UMEH) 332*32kB (UMEH) 284*64kB (UMEH) 99*128kB (UMEH) 58*256kB (UM) 21*512kB (UM) 8*1024kB (UM) 3*2048kB (UM) 107*4096kB (UM) = 550708kB
Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 1 Normal: 125*4kB (UME) 453*8kB (UME) 337*16kB (UME) 121*32kB (UME) 62*64kB (UME) 42*128kB (UME) 24*256kB (UM) 10*512kB (UME) 5*1024kB (UME) 3*2048kB (UM) 971*4096kB (UM) = 4022476kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=1 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
45796 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
2097051 pages RAM
0 pages HighMem/MovableOnly
363838 pages reserved
0 pages cma reserved
Out of memory (oom_kill_allocating_task): Kill process 693 (syz-executor.1) score 0 or sacrifice child
Killed process 690 (syz-executor.1) total-vm:93348kB, anon-rss:3816kB, file-rss:34816kB, shmem-rss:0kB
oom_reaper: reaped process 690 (syz-executor.1), now anon-rss:0kB, file-rss:4kB, shmem-rss:0kB