FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 ====================================================== WARNING: possible circular locking dependency detected 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted ------------------------------------------------------ syz-executor.1/3498 is trying to acquire lock: ffffffff84a888e0 (console_owner){....}-{0:0}, at: console_unlock+0x2b2/0x97a kernel/printk/printk.c:2707 but task is already holding lock: ffffaf80087a8158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xaa/0x114 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&port->lock){-.-.}-{2:2}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3e/0x62 kernel/locking/spinlock.c:162 tty_port_tty_get+0x2c/0xfa drivers/tty/tty_port.c:305 tty_port_default_wakeup+0x1a/0x44 drivers/tty/tty_port.c:48 tty_port_tty_wakeup+0x3a/0x46 drivers/tty/tty_port.c:413 uart_write_wakeup+0x34/0x48 drivers/tty/serial/serial_core.c:106 serial8250_tx_chars+0x322/0x592 drivers/tty/serial/8250/8250_port.c:1845 serial8250_handle_irq.part.0+0x284/0x286 drivers/tty/serial/8250/8250_port.c:1932 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1905 [inline] serial8250_default_handle_irq+0xac/0x142 drivers/tty/serial/8250/8250_port.c:1949 serial8250_interrupt+0xbe/0x1a6 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x16e/0x6ec kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x6a/0xfa kernel/irq/handle.c:210 handle_fasteoi_irq+0x1c0/0x4d6 kernel/irq/chip.c:715 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:646 [inline] generic_handle_domain_irq+0x7c/0x9c kernel/irq/irqdesc.c:680 plic_handle_irq+0x122/0x242 drivers/irqchip/irq-sifive-plic.c:242 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq_desc kernel/irq/irqdesc.c:646 [inline] generic_handle_domain_irq+0x7c/0x9c kernel/irq/irqdesc.c:680 riscv_intc_irq+0x7e/0xc8 drivers/irqchip/irq-riscv-intc.c:40 generic_handle_arch_irq+0x36/0x54 kernel/irq/handle.c:238 ret_from_exception+0x0/0x10 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline] _raw_spin_unlock_irqrestore+0x68/0x98 kernel/locking/spinlock.c:194 -> #1 (&port_lock_key){-.-.}-{2:2}: lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3e/0x62 kernel/locking/spinlock.c:162 serial8250_console_write+0x848/0x8e6 drivers/tty/serial/8250/8250_port.c:3387 univ8250_console_write+0x46/0x54 drivers/tty/serial/8250/8250_core.c:575 call_console_drivers kernel/printk/printk.c:1929 [inline] console_unlock+0x666/0x97a kernel/printk/printk.c:2711 register_console+0x250/0x534 kernel/printk/printk.c:3054 uart_configure_port drivers/tty/serial/serial_core.c:2402 [inline] uart_add_one_port+0xbf2/0xc14 drivers/tty/serial/serial_core.c:2917 serial8250_register_8250_port+0x8ce/0xc6e drivers/tty/serial/8250/8250_core.c:1082 of_platform_serial_probe+0x7ae/0xa9c drivers/tty/serial/8250/8250_of.c:232 platform_probe+0xc8/0x172 drivers/base/platform.c:1416 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x1a6/0x89e drivers/base/dd.c:596 __driver_probe_device+0x24a/0x2d4 drivers/base/dd.c:752 driver_probe_device+0x60/0x1a4 drivers/base/dd.c:782 __driver_attach+0x178/0x33e drivers/base/dd.c:1141 bus_for_each_dev+0x122/0x194 drivers/base/bus.c:301 driver_attach+0x32/0x3c drivers/base/dd.c:1158 bus_add_driver+0x2c6/0x41a drivers/base/bus.c:618 driver_register+0x144/0x286 drivers/base/driver.c:171 __platform_driver_register+0x46/0x52 drivers/base/platform.c:863 of_platform_serial_driver_init+0x22/0x2a drivers/tty/serial/8250/8250_of.c:341 do_one_initcall+0x13a/0x7ea init/main.c:1300 do_initcall_level init/main.c:1373 [inline] do_initcalls init/main.c:1389 [inline] do_basic_setup init/main.c:1408 [inline] kernel_init_freeable+0x510/0x5b4 init/main.c:1613 kernel_init+0x28/0x21c init/main.c:1502 ret_from_exception+0x0/0x10 -> #0 (console_owner){....}-{0:0}: check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143 check_prev_add kernel/locking/lockdep.c:3063 [inline] check_prevs_add kernel/locking/lockdep.c:3186 [inline] validate_chain kernel/locking/lockdep.c:3801 [inline] __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027 lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639 lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612 console_lock_spinning_enable kernel/printk/printk.c:1781 [inline] console_unlock+0x304/0x97a kernel/printk/printk.c:2708 vprintk_emit+0xd2/0x416 kernel/printk/printk.c:2245 vprintk_default+0x22/0x2e kernel/printk/printk.c:2256 vprintk+0x108/0x13e kernel/printk/printk_safe.c:50 _printk+0xa0/0xc8 kernel/printk/printk.c:2266 fail_dump lib/fault-inject.c:45 [inline] should_fail+0x27c/0x2ae lib/fault-inject.c:146 __should_failslab+0x72/0x94 mm/failslab.c:33 should_failslab+0xc/0x1c mm/slab_common.c:1304 slab_pre_alloc_hook mm/slab.h:707 [inline] slab_alloc_node mm/slub.c:3144 [inline] slab_alloc mm/slub.c:3238 [inline] __kmalloc+0x72/0x318 mm/slub.c:4420 kmalloc include/linux/slab.h:586 [inline] tty_buffer_alloc+0x154/0x15c drivers/tty/tty_buffer.c:178 __tty_buffer_request_room+0xe0/0x17a drivers/tty/tty_buffer.c:274 tty_insert_flip_string_fixed_flag+0x6c/0x162 drivers/tty/tty_buffer.c:321 tty_insert_flip_string include/linux/tty_flip.h:41 [inline] pty_write+0xc4/0x114 drivers/tty/pty.c:122 tty_send_xchar+0x1ec/0x26a drivers/tty/tty_io.c:1168 n_tty_ioctl_helper+0x144/0x20c drivers/tty/tty_ioctl.c:890 n_tty_ioctl+0x64/0x356 drivers/tty/n_tty.c:2383 tty_ioctl+0x53a/0x118a drivers/tty/tty_io.c:2787 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 ret_from_syscall+0x0/0x2 other info that might help us debug this: Chain exists of: console_owner --> &port_lock_key --> &port->lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&port->lock); lock(&port_lock_key); lock(&port->lock); lock(console_owner); *** DEADLOCK *** 5 locks held by syz-executor.1/3498: #0: ffffaf800a09c098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 drivers/tty/tty_ldsem.c:340 #1: ffffaf800a09c130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_write_lock drivers/tty/tty_io.c:950 [inline] #1: ffffaf800a09c130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: tty_send_xchar+0x15a/0x26a drivers/tty/tty_io.c:1162 #2: ffffaf800a09c2e8 (&tty->termios_rwsem){++++}-{3:3}, at: tty_send_xchar+0x1ac/0x26a drivers/tty/tty_io.c:1165 #3: ffffaf80087a8158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xaa/0x114 drivers/tty/pty.c:120 #4: ffffffff84a88600 (console_lock){+.+.}-{0:0}, at: vprintk_default+0x22/0x2e kernel/printk/printk.c:2256 stack backtrace: CPU: 0 PID: 3498 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_circular_bug+0x34e/0x3d8 kernel/locking/lockdep.c:2021 [] check_noncircular+0x1de/0x1fe kernel/locking/lockdep.c:2143 [] check_prev_add kernel/locking/lockdep.c:3063 [inline] [] check_prevs_add kernel/locking/lockdep.c:3186 [inline] [] validate_chain kernel/locking/lockdep.c:3801 [inline] [] __lock_acquire+0x19a4/0x333e kernel/locking/lockdep.c:5027 [] lock_acquire.part.0+0x1d0/0x424 kernel/locking/lockdep.c:5639 [] lock_acquire+0x54/0x6a kernel/locking/lockdep.c:5612 [] console_lock_spinning_enable kernel/printk/printk.c:1781 [inline] [] console_unlock+0x304/0x97a kernel/printk/printk.c:2708 [] vprintk_emit+0xd2/0x416 kernel/printk/printk.c:2245 [] vprintk_default+0x22/0x2e kernel/printk/printk.c:2256 [] vprintk+0x108/0x13e kernel/printk/printk_safe.c:50 [] _printk+0xa0/0xc8 kernel/printk/printk.c:2266 [] fail_dump lib/fault-inject.c:45 [inline] [] should_fail+0x27c/0x2ae lib/fault-inject.c:146 [] __should_failslab+0x72/0x94 mm/failslab.c:33 [] should_failslab+0xc/0x1c mm/slab_common.c:1304 [] slab_pre_alloc_hook mm/slab.h:707 [inline] [] slab_alloc_node mm/slub.c:3144 [inline] [] slab_alloc mm/slub.c:3238 [inline] [] __kmalloc+0x72/0x318 mm/slub.c:4420 [] kmalloc include/linux/slab.h:586 [inline] [] tty_buffer_alloc+0x154/0x15c drivers/tty/tty_buffer.c:178 [] __tty_buffer_request_room+0xe0/0x17a drivers/tty/tty_buffer.c:274 [] tty_insert_flip_string_fixed_flag+0x6c/0x162 drivers/tty/tty_buffer.c:321 [] tty_insert_flip_string include/linux/tty_flip.h:41 [inline] [] pty_write+0xc4/0x114 drivers/tty/pty.c:122 [] tty_send_xchar+0x1ec/0x26a drivers/tty/tty_io.c:1168 [] n_tty_ioctl_helper+0x144/0x20c drivers/tty/tty_ioctl.c:890 [] n_tty_ioctl+0x64/0x356 drivers/tty/n_tty.c:2383 [] tty_ioctl+0x53a/0x118a drivers/tty/tty_io.c:2787 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 [] ret_from_syscall+0x0/0x2 CPU: 0 PID: 3498 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] fail_dump lib/fault-inject.c:52 [inline] [] should_fail+0x296/0x2ae lib/fault-inject.c:146 [] __should_failslab+0x72/0x94 mm/failslab.c:33 [] should_failslab+0xc/0x1c mm/slab_common.c:1304 [] slab_pre_alloc_hook mm/slab.h:707 [inline] [] slab_alloc_node mm/slub.c:3144 [inline] [] slab_alloc mm/slub.c:3238 [inline] [] __kmalloc+0x72/0x318 mm/slub.c:4420 [] kmalloc include/linux/slab.h:586 [inline] [] tty_buffer_alloc+0x154/0x15c drivers/tty/tty_buffer.c:178 [] __tty_buffer_request_room+0xe0/0x17a drivers/tty/tty_buffer.c:274 [] tty_insert_flip_string_fixed_flag+0x6c/0x162 drivers/tty/tty_buffer.c:321 [] tty_insert_flip_string include/linux/tty_flip.h:41 [inline] [] pty_write+0xc4/0x114 drivers/tty/pty.c:122 [] tty_send_xchar+0x1ec/0x26a drivers/tty/tty_io.c:1168 [] n_tty_ioctl_helper+0x144/0x20c drivers/tty/tty_ioctl.c:890 [] n_tty_ioctl+0x64/0x356 drivers/tty/n_tty.c:2383 [] tty_ioctl+0x53a/0x118a drivers/tty/tty_io.c:2787 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 [] ret_from_syscall+0x0/0x2