Insufficient stack space to handle exception! ====================================================== WARNING: possible circular locking dependency detected 6.8.0-rc1-syzkaller-00017-gd82f32202e0d #0 Not tainted ------------------------------------------------------ syz-fuzzer/3003 is trying to acquire lock: ffffffff87694ae0 (console_owner){-.-.}-{0:0}, at: console_emit_next_record kernel/printk/printk.c:2894 [inline] ffffffff87694ae0 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x49e/0xca0 kernel/printk/printk.c:2967 but task is already holding lock: ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:559 [inline] ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1385 [inline] ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1699 [inline] ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: scheduler_tick+0xf8/0x3c2 kernel/sched/core.c:5670 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&rq->__lock){-.-.}-{2:2}: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 _raw_spin_lock_nested+0x36/0x4e kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0x22/0x34 kernel/sched/core.c:559 raw_spin_rq_lock kernel/sched/sched.h:1385 [inline] rq_lock kernel/sched/sched.h:1699 [inline] task_fork_fair+0xba/0x16e kernel/sched/fair.c:12647 sched_cgroup_fork+0x3de/0x550 kernel/sched/core.c:4836 copy_process+0x47de/0x6b54 kernel/fork.c:2603 kernel_clone+0x11e/0xa16 kernel/fork.c:2901 user_mode_thread+0xea/0x11a kernel/fork.c:2979 rest_init+0x34/0x2dc init/main.c:695 arch_post_acpi_subsys_init+0x0/0x30 init/main.c:827 console_on_rootfs+0x0/0x96 init/main.c:1072 -> #3 (&p->pi_lock){-.-.}-{2:2}: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3e/0x62 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:553 [inline] try_to_wake_up+0xa0/0x1744 kernel/sched/core.c:4253 default_wake_function+0x28/0x4c kernel/sched/core.c:7059 woken_wake_function+0x38/0x64 kernel/sched/wait.c:444 __wake_up_common+0x106/0x184 kernel/sched/wait.c:89 __wake_up_common_lock kernel/sched/wait.c:106 [inline] __wake_up+0x32/0x58 kernel/sched/wait.c:127 tty_wakeup+0x60/0xfc drivers/tty/tty_io.c:527 tty_port_default_wakeup+0x2c/0x44 drivers/tty/tty_port.c:69 tty_port_tty_wakeup+0x52/0x72 drivers/tty/tty_port.c:435 uart_write_wakeup+0x40/0x5e drivers/tty/serial/serial_core.c:120 serial8250_tx_chars+0x590/0x7e4 drivers/tty/serial/8250/8250_port.c:1835 serial8250_handle_irq+0x526/0x69c drivers/tty/serial/8250/8250_port.c:1942 serial8250_default_handle_irq+0x8c/0x1c6 drivers/tty/serial/8250/8250_port.c:1962 serial8250_interrupt+0xd8/0x1ec drivers/tty/serial/8250/8250_core.c:127 __handle_irq_event_percpu+0x24a/0x87a kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xb4/0x1ec kernel/irq/handle.c:210 handle_fasteoi_irq+0x306/0xc84 kernel/irq/chip.c:720 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq_desc kernel/irq/irqdesc.c:672 [inline] generic_handle_domain_irq+0x84/0xb2 kernel/irq/irqdesc.c:728 plic_handle_irq+0x16e/0x360 drivers/irqchip/irq-sifive-plic.c:371 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq_desc kernel/irq/irqdesc.c:672 [inline] generic_handle_domain_irq+0x84/0xb2 kernel/irq/irqdesc.c:728 riscv_intc_irq+0x70/0xa6 drivers/irqchip/irq-riscv-intc.c:30 handle_riscv_irq+0x2e/0x4c arch/riscv/kernel/traps.c:361 call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:258 -> #2 (&tty->write_wait){-.-.}-{2:2}: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3e/0x62 kernel/locking/spinlock.c:162 __wake_up_common_lock kernel/sched/wait.c:105 [inline] __wake_up+0x22/0x58 kernel/sched/wait.c:127 tty_wakeup+0x60/0xfc drivers/tty/tty_io.c:527 tty_port_default_wakeup+0x2c/0x44 drivers/tty/tty_port.c:69 tty_port_tty_wakeup+0x52/0x72 drivers/tty/tty_port.c:435 uart_write_wakeup+0x40/0x5e drivers/tty/serial/serial_core.c:120 serial8250_tx_chars+0x590/0x7e4 drivers/tty/serial/8250/8250_port.c:1835 serial8250_handle_irq+0x526/0x69c drivers/tty/serial/8250/8250_port.c:1942 serial8250_default_handle_irq+0x8c/0x1c6 drivers/tty/serial/8250/8250_port.c:1962 serial8250_interrupt+0xd8/0x1ec drivers/tty/serial/8250/8250_core.c:127 __handle_irq_event_percpu+0x24a/0x87a kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xb4/0x1ec kernel/irq/handle.c:210 handle_fasteoi_irq+0x306/0xc84 kernel/irq/chip.c:720 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq_desc kernel/irq/irqdesc.c:672 [inline] generic_handle_domain_irq+0x84/0xb2 kernel/irq/irqdesc.c:728 plic_handle_irq+0x16e/0x360 drivers/irqchip/irq-sifive-plic.c:371 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq_desc kernel/irq/irqdesc.c:672 [inline] generic_handle_domain_irq+0x84/0xb2 kernel/irq/irqdesc.c:728 riscv_intc_irq+0x70/0xa6 drivers/irqchip/irq-riscv-intc.c:30 handle_riscv_irq+0x2e/0x4c arch/riscv/kernel/traps.c:361 call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:258 -> #1 (&port_lock_key){-.-.}-{2:2}: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3e/0x62 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] serial8250_console_write+0x56a/0xe48 drivers/tty/serial/8250/8250_port.c:3403 univ8250_console_write+0x66/0x7e drivers/tty/serial/8250/8250_core.c:600 console_emit_next_record kernel/printk/printk.c:2901 [inline] console_flush_all+0x516/0xca0 kernel/printk/printk.c:2967 console_unlock+0x13c/0x27c kernel/printk/printk.c:3036 vprintk_emit+0x198/0x668 kernel/printk/printk.c:2303 vprintk_default+0x26/0x32 kernel/printk/printk.c:2318 vprintk+0x220/0x26e kernel/printk/printk_safe.c:45 _printk+0x98/0xc0 kernel/printk/printk.c:2328 register_console+0x85e/0xe86 kernel/printk/printk.c:3542 uart_configure_port drivers/tty/serial/serial_core.c:2641 [inline] serial_core_add_one_port drivers/tty/serial/serial_core.c:3169 [inline] serial_core_register_port+0x18bc/0x194c drivers/tty/serial/serial_core.c:3398 serial_ctrl_register_port+0x20/0x2c drivers/tty/serial/serial_ctrl.c:41 uart_add_one_port+0x20/0x2c drivers/tty/serial/serial_port.c:75 serial8250_register_8250_port+0x1090/0x1c66 drivers/tty/serial/8250/8250_core.c:1138 of_platform_serial_probe+0x846/0xc32 drivers/tty/serial/8250/8250_of.c:234 platform_probe+0xfa/0x1e8 drivers/base/platform.c:1404 call_driver_probe drivers/base/dd.c:579 [inline] really_probe+0x234/0xbbc drivers/base/dd.c:658 __driver_probe_device+0x1d4/0x458 drivers/base/dd.c:800 driver_probe_device+0x60/0x1ce drivers/base/dd.c:830 __driver_attach+0x250/0x4ee drivers/base/dd.c:1216 bus_for_each_dev+0x124/0x1ba drivers/base/bus.c:368 driver_attach+0x3e/0x52 drivers/base/dd.c:1233 bus_add_driver+0x2a4/0x594 drivers/base/bus.c:673 driver_register+0x18e/0x3ee drivers/base/driver.c:246 __platform_driver_register+0x5e/0x7e drivers/base/platform.c:867 of_platform_serial_driver_init+0x22/0x2a drivers/tty/serial/8250/8250_of.c:342 do_one_initcall+0x194/0x90c init/main.c:1236 do_initcall_level init/main.c:1298 [inline] do_initcalls init/main.c:1314 [inline] do_basic_setup init/main.c:1333 [inline] kernel_init_freeable+0x686/0x72a init/main.c:1551 kernel_init+0x28/0x21c init/main.c:1441 ret_from_fork+0xe/0x1c arch/riscv/kernel/entry.S:229 -> #0 (console_owner){-.-.}-{0:0}: check_noncircular+0x2b6/0x350 kernel/locking/lockdep.c:2187 check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x2b86/0x784c kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 console_lock_spinning_enable kernel/printk/printk.c:1854 [inline] console_emit_next_record kernel/printk/printk.c:2895 [inline] console_flush_all+0x4f8/0xca0 kernel/printk/printk.c:2967 console_unlock+0x13c/0x27c kernel/printk/printk.c:3036 vprintk_emit+0x198/0x668 kernel/printk/printk.c:2303 vprintk_default+0x26/0x32 kernel/printk/printk.c:2318 vprintk+0x220/0x26e kernel/printk/printk_safe.c:45 _printk+0x98/0xc0 kernel/printk/printk.c:2328 handle_bad_stack+0x96/0xf4 arch/riscv/kernel/traps.c:405 trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x44c/0x9c2 kernel/locking/lockdep.c:5725 other info that might help us debug this: Chain exists of: console_owner --> &p->pi_lock --> &rq->__lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&rq->__lock); lock(&p->pi_lock); lock(&rq->__lock); lock(console_owner); *** DEADLOCK *** 11 locks held by syz-fuzzer/3003: #0: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: INIT_LIST_HEAD include/linux/list.h:38 [inline] #0: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: list_splice_init include/linux/list.h:573 [inline] #0: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: netif_receive_skb_list_internal+0x33c/0xc12 net/core/dev.c:5751 #1: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: __skb_pull include/linux/skbuff.h:2662 [inline] #1: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: ip_local_deliver_finish+0x1e2/0x536 net/ipv4/ip_input.c:230 #2: ff600000159aa570 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x34ae/0x3b0a net/ipv4/tcp_ipv4.c:2325 #3: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: read_pnet include/net/net_namespace.h:385 [inline] #3: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: sock_net include/net/sock.h:634 [inline] #3: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: __ip_queue_xmit+0x52/0x1ed2 net/ipv4/ip_output.c:460 #4: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:98 [inline] #4: ffffffff87780680 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x444/0x2b10 net/ipv4/ip_output.c:221 #5: ffffffff877806e0 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x256/0x4428 net/core/dev.c:4270 #6: ff60000011a32258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline] #6: ff60000011a32258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:195 [inline] #6: ff60000011a32258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:192 [inline] #6: ff60000011a32258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3763 [inline] #6: ff60000011a32258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x134c/0x4428 net/core/dev.c:4317 #7: ff6000000bad7cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #7: ff6000000bad7cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4452 [inline] #7: ff6000000bad7cd8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x302/0x51c net/sched/sch_generic.c:340 #8: ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested kernel/sched/core.c:559 [inline] #8: ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock kernel/sched/sched.h:1385 [inline] #8: ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: rq_lock kernel/sched/sched.h:1699 [inline] #8: ff6000007ccfc018 (&rq->__lock){-.-.}-{2:2}, at: scheduler_tick+0xf8/0x3c2 kernel/sched/core.c:5670 #9: ffffffff87694820 (console_lock){+.+.}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1923 [inline] #9: ffffffff87694820 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x178/0x668 kernel/printk/printk.c:2302 #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: arch_atomic_read arch/riscv/include/asm/atomic.h:30 [inline] #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline] #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: panic_in_progress kernel/printk/printk.c:347 [inline] #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: other_cpu_in_panic kernel/printk/printk.c:2612 [inline] #10: ffffffff87694970 (console_srcu){....}-{0:0}, at: console_flush_all+0x110/0xca0 kernel/printk/printk.c:2985 stack backtrace: CPU: 0 PID: 3003 Comm: syz-fuzzer Not tainted 6.8.0-rc1-syzkaller-00017-gd82f32202e0d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe8/0x154 lib/dump_stack.c:106 [] dump_stack+0x1c/0x24 lib/dump_stack.c:113 [] print_circular_bug+0x692/0x718 kernel/locking/lockdep.c:2060 [] check_noncircular+0x2b6/0x350 kernel/locking/lockdep.c:2187 [] check_prev_add kernel/locking/lockdep.c:3134 [inline] [] check_prevs_add kernel/locking/lockdep.c:3253 [inline] [] validate_chain kernel/locking/lockdep.c:3869 [inline] [] __lock_acquire+0x2b86/0x784c kernel/locking/lockdep.c:5137 [] lock_acquire kernel/locking/lockdep.c:5754 [inline] [] lock_acquire+0x35c/0x9c2 kernel/locking/lockdep.c:5719 [] console_lock_spinning_enable kernel/printk/printk.c:1854 [inline] [] console_emit_next_record kernel/printk/printk.c:2895 [inline] [] console_flush_all+0x4f8/0xca0 kernel/printk/printk.c:2967 [] console_unlock+0x13c/0x27c kernel/printk/printk.c:3036 [] vprintk_emit+0x198/0x668 kernel/printk/printk.c:2303 [] vprintk_default+0x26/0x32 kernel/printk/printk.c:2318 [] vprintk+0x220/0x26e kernel/printk/printk_safe.c:45 [] _printk+0x98/0xc0 kernel/printk/printk.c:2328 [] handle_bad_stack+0x96/0xf4 arch/riscv/kernel/traps.c:405 [] trace_lock_acquire include/trace/events/lock.h:24 [inline] [] lock_acquire+0x44c/0x9c2 kernel/locking/lockdep.c:5725 Task stack: [0xff20000004408000..0xff2000000440c000] Overflow stack: [0xff6000007cce8070..0xff6000007cce9070] CPU: 0 PID: 3003 Comm: syz-fuzzer Not tainted 6.8.0-rc1-syzkaller-00017-gd82f32202e0d #0 Hardware name: riscv-virtio,qemu (DT) epc : rcu_is_watching+0xe/0x15e kernel/rcu/tree.c:696 ra : trace_lock_acquire include/trace/events/lock.h:24 [inline] ra : lock_acquire+0x44c/0x9c2 kernel/locking/lockdep.c:5725 epc : ffffffff8027fcbe ra : ffffffff8021e1b6 sp : ff1fffffffffffe0 gp : ffffffff8863e360 tp : 0000000000000000 t0 : 0319389ccb94a62e t1 : ffe3ffff0000000c t2 : 0000000000000000 s0 : ff20000000000170 s1 : 1fe400000000000c a0 : ff60000016620008 a1 : 0000000000000000 a2 : 0000000000000001 a3 : 0000000000000000 a4 : 1ffffffff10cd2c8 a5 : ffffffffdfffffff a6 : ffffffff807f82d8 a7 : fffffffff3f3f3f3 s2 : 0000000000000000 s3 : 0000000000000001 s4 : 0000000000000001 s5 : ff6000007cd00d58 s6 : 0000000000000000 s7 : ffffffff807f82d8 s8 : 0000000000000000 s9 : ff20000000000100 s10: 0000000000000000 s11: ffffffff88669640 t3 : ffffffff8021dd6a t4 : ffe3ffff0000001c t5 : ffe3ffff0000001d t6 : 1fe40000000000a9 status: 0000000200000100 badaddr: ff1ffffffffffff8 cause: 000000000000000f