====================================================== WARNING: possible circular locking dependency detected 4.14.0-next-20171124+ #51 Not tainted ------------------------------------------------------ syz-executor4/11579 is trying to acquire lock: (console_lock){+.+.}, at: [] vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397 but task is already holding lock: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #2 (sb_writers){.+.+}: rq_lock kernel/sched/sched.h:1766 [inline] __schedule+0x24e/0x2060 kernel/sched/core.c:3312 -> #1 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 vcs_make_sysfs+0x35/0x60 drivers/tty/vt/vc_screen.c:629 vc_allocate+0x4b7/0x6b0 drivers/tty/vt/vt.c:797 con_install+0x52/0x440 drivers/tty/vt/vt.c:2876 tty_driver_install_tty drivers/tty/tty_io.c:1215 [inline] tty_init_dev+0xf6/0x4a0 drivers/tty/tty_io.c:1315 tty_open_by_driver drivers/tty/tty_io.c:1942 [inline] tty_open+0x608/0xab0 drivers/tty/tty_io.c:1990 chrdev_open+0x257/0x730 fs/char_dev.c:417 do_dentry_open+0x682/0xd70 fs/open.c:752 vfs_open+0x107/0x230 fs/open.c:866 do_last fs/namei.c:3388 [inline] path_openat+0x1157/0x3530 fs/namei.c:3528 do_filp_open+0x25b/0x3b0 fs/namei.c:3563 do_sys_open+0x502/0x6d0 fs/open.c:1059 SYSC_open fs/open.c:1077 [inline] SyS_open+0x2d/0x40 fs/open.c:1072 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #0 (console_lock){+.+.}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 console_lock+0x4b/0x80 kernel/printk/printk.c:2047 vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397 __vfs_write+0xef/0x970 fs/read_write.c:480 __kernel_write+0xfe/0x350 fs/read_write.c:501 write_pipe_buf+0x175/0x220 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x328/0x730 fs/splice.c:626 splice_from_pipe+0x1e9/0x330 fs/splice.c:661 default_file_splice_write+0x40/0x90 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: console_lock --> sb_writers --> &pipe->mutex/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pipe->mutex/1); lock(sb_writers); lock(&pipe->mutex/1); lock(console_lock); *** DEADLOCK *** 1 lock held by syz-executor4/11579: #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock_nested fs/pipe.c:67 [inline] #0: (&pipe->mutex/1){+.+.}, at: [] pipe_lock+0x56/0x70 fs/pipe.c:75 stack backtrace: CPU: 0 PID: 11579 Comm: syz-executor4 Not tainted 4.14.0-next-20171124+ #51 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 console_lock+0x4b/0x80 kernel/printk/printk.c:2047 vcs_write+0x14d/0xca0 drivers/tty/vt/vc_screen.c:397 __vfs_write+0xef/0x970 fs/read_write.c:480 __kernel_write+0xfe/0x350 fs/read_write.c:501 write_pipe_buf+0x175/0x220 fs/splice.c:797 splice_from_pipe_feed fs/splice.c:502 [inline] __splice_from_pipe+0x328/0x730 fs/splice.c:626 splice_from_pipe+0x1e9/0x330 fs/splice.c:661 default_file_splice_write+0x40/0x90 fs/splice.c:809 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f6fdbbedbe8 EFLAGS: 00000212 ORIG_RAX: 0000000000000113 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000013 RSI: 0000000000000000 RDI: 0000000000000014 RBP: 0000000000000086 R08: 00000000fffff5fc R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a6f7ff R14: 00007f6fdbbee9c0 R15: 0000000000000000 netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor6'. device gre0 entered promiscuous mode device gre0 entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. Option ' kauditd_printk_skb: 161 callbacks suppressed audit: type=1326 audit(1511577684.211:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.212:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=2 compat=0 ip=0x40cbb1 code=0x7ffc0000 audit: type=1326 audit(1511577684.212:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.214:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.223:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.224:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=33 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.224:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.226:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.227:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452879 code=0x7ffc0000 audit: type=1326 audit(1511577684.229:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=11870 comm="syz-executor4" exe="/root/syz-executor4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452879 code=0x7ffc0000 Option ' SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12026 comm=syz-executor7 device gre0 entered promiscuous mode QAT: Invalid ioctl nla_parse: 6 callbacks suppressed netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. QAT: Invalid ioctl netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12311 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12311 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=12311 comm=syz-executor0 device gre0 entered promiscuous mode SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12317 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=12311 comm=syz-executor0 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=202 sclass=netlink_route_socket pig=12356 comm=syz-executor0 TCP: request_sock_TCP: Possible SYN flooding on port 20018. Sending cookies. Check SNMP counters. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl RDS: rds_bind could not find a transport for 0.0.0.7, load rds_tcp or rds_rdma? RDS: rds_bind could not find a transport for 0.0.0.7, load rds_tcp or rds_rdma? device eql entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 1 CPU: 0 PID: 12796 Comm: syz-executor6 Not tainted 4.14.0-next-20171124+ #51 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] __do_kmalloc mm/slab.c:3710 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3727 memdup_user+0x2c/0x90 mm/util.c:164 xfrm_user_policy+0xcf/0x6d0 net/xfrm/xfrm_state.c:2055 do_ipv6_setsockopt.isra.9+0x20df/0x39c0 net/ipv6/ipv6_sockglue.c:810 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:921 udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1452 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1851 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1830 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f1f9fd39be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000023 RSI: 0000000000000029 RDI: 0000000000000014 RBP: 00007f1f9fd39a20 R08: 00000000000000e8 R09: 0000000000000000 R10: 0000000020d51f18 R11: 0000000000000212 R12: 00000000004b757e R13: 00007f1f9fd39b58 R14: 00000000004b758e R15: 0000000000000000 device eql entered promiscuous mode IPv4: Oversized IP packet from 127.0.0.1 IPv4: Oversized IP packet from 127.0.0.1 device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 CPU: 0 PID: 13010 Comm: syz-executor5 Not tainted 4.14.0-next-20171124+ #51 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 fail_dump lib/fault-inject.c:51 [inline] should_fail+0x8c0/0xa40 lib/fault-inject.c:149 should_failslab+0xec/0x120 mm/failslab.c:32 slab_pre_alloc_hook mm/slab.h:425 [inline] slab_alloc mm/slab.c:3372 [inline] __do_kmalloc mm/slab.c:3710 [inline] __kmalloc_track_caller+0x5f/0x760 mm/slab.c:3727 memdup_user+0x2c/0x90 mm/util.c:164 do_ipv6_setsockopt.isra.9+0x1f8c/0x39c0 net/ipv6/ipv6_sockglue.c:745 ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:921 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2968 SYSC_setsockopt net/socket.c:1851 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1830 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452879 RSP: 002b:00007f0e8fa53be8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879 RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000014 RBP: 00007f0e8fa53a20 R08: 0000000000000e5d R09: 0000000000000000 R10: 0000000020000000 R11: 0000000000000212 R12: 00000000004b757e R13: 00007f0e8fa53b58 R14: 00000000004b758e R15: 0000000000000000 device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode device eql entered promiscuous mode