RDX: 0000000020000440 RSI: 0000000000005408 RDI: 0000000000000003 RBP: 00007fa775cef1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffef372109f R14: 00007fa775cef300 R15: 0000000000022000 ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/6121 is trying to acquire lock: 00000000d7a70400 (console_owner){-.-.}, at: console_trylock_spinning kernel/printk/printk.c:1697 [inline] 00000000d7a70400 (console_owner){-.-.}, at: vprintk_emit+0x3fe/0x740 kernel/printk/printk.c:1964 but task is already holding lock: 00000000f7177e8e (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&(&port->lock)->rlock){-.-.}: tty_port_tty_get+0x1d/0x80 drivers/tty/tty_port.c:289 tty_port_default_wakeup+0x11/0x40 drivers/tty/tty_port.c:47 serial8250_tx_chars+0x490/0xaf0 drivers/tty/serial/8250/8250_port.c:1813 serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1900 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1873 [inline] serial8250_default_handle_irq+0xae/0x220 drivers/tty/serial/8250/8250_port.c:1916 serial8250_interrupt+0x101/0x240 drivers/tty/serial/8250/8250_core.c:125 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:60 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x49/0x310 arch/x86/kernel/process.c:557 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ec/0x4b0 kernel/sched/idle.c:263 cpu_startup_entry+0xc5/0xe0 kernel/sched/idle.c:369 start_secondary+0x435/0x5c0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 -> #1 (&port_lock_key){-.-.}: serial8250_console_write+0x90e/0xb70 drivers/tty/serial/8250/8250_port.c:3290 call_console_drivers kernel/printk/printk.c:1764 [inline] console_unlock+0xbb6/0x1110 kernel/printk/printk.c:2460 vprintk_emit+0x2d1/0x740 kernel/printk/printk.c:1965 vprintk_func+0x79/0x180 kernel/printk/printk_safe.c:405 printk+0xba/0xed kernel/printk/printk.c:2040 register_console+0x87f/0xc90 kernel/printk/printk.c:2776 univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:684 console_init+0x4cb/0x718 kernel/printk/printk.c:2862 start_kernel+0x686/0x911 init/main.c:659 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 -> #0 (console_owner){-.-.}: console_trylock_spinning kernel/printk/printk.c:1718 [inline] vprintk_emit+0x43b/0x740 kernel/printk/printk.c:1964 vprintk_func+0x79/0x180 kernel/printk/printk_safe.c:405 printk+0xba/0xed kernel/printk/printk.c:2040 fail_dump lib/fault-inject.c:44 [inline] should_fail+0x66b/0x7b0 lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x6d/0x3c0 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] tty_buffer_alloc+0x23f/0x2a0 drivers/tty/tty_buffer.c:170 __tty_buffer_request_room+0x156/0x2a0 drivers/tty/tty_buffer.c:268 tty_insert_flip_string_fixed_flag+0x93/0x250 drivers/tty/tty_buffer.c:313 tty_insert_flip_string include/linux/tty_flip.h:37 [inline] pty_write+0x126/0x1f0 drivers/tty/pty.c:122 tty_put_char+0x122/0x150 drivers/tty/tty_io.c:2893 __process_echoes+0x577/0x9f0 drivers/tty/n_tty.c:726 process_echoes+0xf9/0x1c0 drivers/tty/n_tty.c:809 n_tty_set_termios+0x718/0xe10 drivers/tty/n_tty.c:1868 tty_set_termios+0x5eb/0x830 drivers/tty/tty_ioctl.c:341 set_termios.part.0+0x2b1/0x4c0 drivers/tty/tty_ioctl.c:414 set_termios drivers/tty/tty_ioctl.c:368 [inline] tty_mode_ioctl+0x859/0xb60 drivers/tty/tty_ioctl.c:777 n_tty_ioctl_helper+0x55/0x3a0 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x56/0x360 drivers/tty/n_tty.c:2464 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &(&port->lock)->rlock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&port->lock)->rlock); lock(&port_lock_key); lock(&(&port->lock)->rlock); lock(console_owner); *** DEADLOCK *** 5 locks held by syz-executor.3/6121: #0: 00000000ac5eff87 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 drivers/tty/tty_ldisc.c:272 #1: 00000000a10dbcf4 (&o_tty->termios_rwsem/1){++++}, at: tty_set_termios+0xec/0x830 drivers/tty/tty_ioctl.c:328 #2: 0000000087821e9a (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x1d/0x80 drivers/tty/tty_ldisc.c:293 #3: 0000000055bd10bd (&ldata->output_lock){+.+.}, at: process_echoes+0xaf/0x1c0 drivers/tty/n_tty.c:807 #4: 00000000f7177e8e (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120 stack backtrace: CPU: 0 PID: 6121 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 console_trylock_spinning kernel/printk/printk.c:1718 [inline] vprintk_emit+0x43b/0x740 kernel/printk/printk.c:1964 vprintk_func+0x79/0x180 kernel/printk/printk_safe.c:405 printk+0xba/0xed kernel/printk/printk.c:2040 fail_dump lib/fault-inject.c:44 [inline] should_fail+0x66b/0x7b0 lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] __do_kmalloc mm/slab.c:3725 [inline] __kmalloc+0x6d/0x3c0 mm/slab.c:3736 kmalloc include/linux/slab.h:520 [inline] tty_buffer_alloc+0x23f/0x2a0 drivers/tty/tty_buffer.c:170 __tty_buffer_request_room+0x156/0x2a0 drivers/tty/tty_buffer.c:268 tty_insert_flip_string_fixed_flag+0x93/0x250 drivers/tty/tty_buffer.c:313 tty_insert_flip_string include/linux/tty_flip.h:37 [inline] pty_write+0x126/0x1f0 drivers/tty/pty.c:122 tty_put_char+0x122/0x150 drivers/tty/tty_io.c:2893 __process_echoes+0x577/0x9f0 drivers/tty/n_tty.c:726 process_echoes+0xf9/0x1c0 drivers/tty/n_tty.c:809 n_tty_set_termios+0x718/0xe10 drivers/tty/n_tty.c:1868 tty_set_termios+0x5eb/0x830 drivers/tty/tty_ioctl.c:341 set_termios.part.0+0x2b1/0x4c0 drivers/tty/tty_ioctl.c:414 set_termios drivers/tty/tty_ioctl.c:368 [inline] tty_mode_ioctl+0x859/0xb60 drivers/tty/tty_ioctl.c:777 n_tty_ioctl_helper+0x55/0x3a0 drivers/tty/tty_ioctl.c:940 n_tty_ioctl+0x56/0x360 drivers/tty/n_tty.c:2464 tty_ioctl+0x65d/0x1630 drivers/tty/tty_io.c:2678 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa776d9aae9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa775cef188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fa776eae028 RCX: 00007fa776d9aae9 RDX: 0000000020000440 RSI: 0000000000005408 RDI: 0000000000000003 RBP: 00007fa775cef1d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffef372109f R14: 00007fa775cef300 R15: 0000000000022000 Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 11520 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 Bearer : already 2 bearers with priority 0 CPU: 0 PID: 6149 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 fail_dump lib/fault-inject.c:51 [inline] should_fail.cold+0xa/0xf lib/fault-inject.c:149 __should_failslab+0x115/0x180 mm/failslab.c:32 Enabling of bearer rejected, cannot adjust to lower should_failslab+0x5/0x10 mm/slab_common.c:1590 slab_pre_alloc_hook mm/slab.h:424 [inline] slab_alloc mm/slab.c:3383 [inline] kmem_cache_alloc+0x3f/0x370 mm/slab.c:3557 skb_clone+0x151/0x3d0 net/core/skbuff.c:1293 __netlink_deliver_tap_skb net/netlink/af_netlink.c:296 [inline] __netlink_deliver_tap net/netlink/af_netlink.c:321 [inline] netlink_deliver_tap+0x955/0xb00 net/netlink/af_netlink.c:334 netlink_deliver_tap_kernel net/netlink/af_netlink.c:343 [inline] netlink_unicast_kernel net/netlink/af_netlink.c:1324 [inline] netlink_unicast+0x545/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2227 __sys_sendmsg net/socket.c:2265 [inline] __do_sys_sendmsg net/socket.c:2274 [inline] __se_sys_sendmsg net/socket.c:2272 [inline] __x64_sys_sendmsg+0x132/0x220 net/socket.c:2272 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fa54c3faae9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa54b370188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fa54c50df60 RCX: 00007fa54c3faae9 RDX: 00000000040408c4 RSI: 0000000020000280 RDI: 0000000000000004 RBP: 00007fa54b3701d0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffcf1c727ef R14: 00007fa54b370300 R15: 0000000000022000 Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 22016 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 23296 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 131328 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 196608 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled EXT4-fs (loop5): bad geometry: block count 196864 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 327680 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 327936 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 393216 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 393472 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower EXT4-fs (loop5): bad geometry: block count 458752 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 459008 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 524544 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 589824 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 590080 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 655360 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled EXT4-fs (loop5): bad geometry: block count 655616 exceeds size of device (512 blocks) device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode EXT4-fs (loop5): bad geometry: block count 720896 exceeds size of device (512 blocks) device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 786432 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode EXT4-fs (loop5): bad geometry: block count 786688 exceeds size of device (512 blocks) device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 851968 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 852224 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled Unknown ioctl -1070571007 EXT4-fs (loop5): bad geometry: block count 917504 exceeds size of device (512 blocks) device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode Unknown ioctl -1070571007 device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 917760 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 983040 exceeds size of device (512 blocks) Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Enabling of bearer rejected, already enabled EXT4-fs (loop5): bad geometry: block count 983296 exceeds size of device (512 blocks) device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 1048064 exceeds size of device (512 blocks) Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode Bearer : already 2 bearers with priority 0 EXT4-fs (loop5): bad geometry: block count 1048832 exceeds size of device (512 blocks) Enabling of bearer rejected, cannot adjust to lower Enabling of bearer rejected, already enabled Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode EXT4-fs (loop5): bad geometry: block count 1114368 exceeds size of device (512 blocks) EXT4-fs (loop5): bad geometry: block count 1179648 exceeds size of device (512 blocks) UDF-fs: bad mount option "partition=00000000000000004095" or missing value UDF-fs: bad mount option "partition=00000000000000004095" or missing value Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Bearer : already 2 bearers with priority 0 Enabling of bearer rejected, cannot adjust to lower Enabling of bearer rejected, already enabled device ip6gre0 entered promiscuous mode device vlan2 entered promiscuous mode device ip6gre0 left promiscuous mode