* [syzbot] [serial?] possible deadlock in uart_write (2)
@ 2024-04-25 4:00 syzbot
2024-05-23 6:23 ` syzbot
0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2024-04-25 4:00 UTC (permalink / raw
To: gregkh, jirislaby, linux-kernel, linux-serial, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 7b4f2bc91c15 Add linux-next specific files for 20240418
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=15db8e10980000
kernel config: https://syzkaller.appspot.com/x/.config?x=ae644165a243bf62
dashboard link: https://syzkaller.appspot.com/bug?extid=57cc2f20a84cb4346354
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/524a18e6c5be/disk-7b4f2bc9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/029f1b84d653/vmlinux-7b4f2bc9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c02d1542e886/bzImage-7b4f2bc9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57cc2f20a84cb4346354@syzkaller.appspotmail.com
sp0: Synchronizing with TNC
------------[ cut here ]------------
======================================================
WARNING: possible circular locking dependency detected
6.9.0-rc4-next-20240418-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/6662 is trying to acquire lock:
ffffffff8e327d60 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1994 [inline]
ffffffff8e327d60 (console_owner){....}-{0:0}, at: vprintk_emit+0x3cf/0x770 kernel/printk/printk.c:2344
but task is already holding lock:
ffffffff94aa1878 (&port_lock_key){-.-.}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
ffffffff94aa1878 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x10e/0x320 drivers/tty/serial/serial_core.c:604
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&port_lock_key){-.-.}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
serial8250_console_write+0x1a8/0x1770 drivers/tty/serial/8250/8250_port.c:3352
console_emit_next_record kernel/printk/printk.c:2928 [inline]
console_flush_all+0x867/0xfd0 kernel/printk/printk.c:2994
console_unlock+0x13b/0x4d0 kernel/printk/printk.c:3063
vprintk_emit+0x5a6/0x770 kernel/printk/printk.c:2345
_printk+0xd5/0x120 kernel/printk/printk.c:2370
register_console+0x722/0xce0 kernel/printk/printk.c:3596
univ8250_console_init+0x49/0x50 drivers/tty/serial/8250/8250_core.c:723
console_init+0x1b8/0x6f0 kernel/printk/printk.c:3742
start_kernel+0x2d3/0x500 init/main.c:1034
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x147
-> #0 (console_owner){....}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
console_trylock_spinning kernel/printk/printk.c:1994 [inline]
vprintk_emit+0x3ec/0x770 kernel/printk/printk.c:2344
_printk+0xd5/0x120 kernel/printk/printk.c:2370
__report_bug lib/bug.c:195 [inline]
report_bug+0x346/0x500 lib/bug.c:219
handle_bug+0x3e/0x70 arch/x86/kernel/traps.c:239
exc_invalid_op+0x1a/0x50 arch/x86/kernel/traps.c:260
asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
uart_write+0x2b0/0x320 drivers/tty/serial/serial_core.c:605
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x790/0xa80 drivers/net/hamradio/6pack.c:628
tty_ldisc_open drivers/tty/tty_ldisc.c:432 [inline]
tty_ldisc_reinit+0x2d4/0x4a0 drivers/tty/tty_ldisc.c:661
tty_reopen+0x20b/0x2d0 drivers/tty/tty_io.c:1366
tty_open_by_driver drivers/tty/tty_io.c:2082 [inline]
tty_open+0xa26/0xdf0 drivers/tty/tty_io.c:2135
chrdev_open+0x5b0/0x630 fs/char_dev.c:414
do_dentry_open+0x95a/0x1720 fs/open.c:955
do_open fs/namei.c:3650 [inline]
path_openat+0x289f/0x3280 fs/namei.c:3807
do_filp_open+0x235/0x490 fs/namei.c:3834
do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
do_sys_open fs/open.c:1420 [inline]
__do_sys_openat fs/open.c:1436 [inline]
__se_sys_openat fs/open.c:1431 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1431
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&port_lock_key);
lock(console_owner);
lock(&port_lock_key);
lock(console_owner);
*** DEADLOCK ***
3 locks held by syz-executor.4/6662:
#0: ffff88805f95e1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock_interruptible+0x68/0xc0 drivers/tty/tty_mutex.c:27
#1: ffff88805f95e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#1: ffff88805f95e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x6c/0xc0 drivers/tty/tty_ldisc.c:313
#2: ffffffff94aa1878 (&port_lock_key){-.-.}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
#2: ffffffff94aa1878 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x10e/0x320 drivers/tty/serial/serial_core.c:604
stack backtrace:
CPU: 0 PID: 6662 Comm: syz-executor.4 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
console_trylock_spinning kernel/printk/printk.c:1994 [inline]
vprintk_emit+0x3ec/0x770 kernel/printk/printk.c:2344
_printk+0xd5/0x120 kernel/printk/printk.c:2370
__report_bug lib/bug.c:195 [inline]
report_bug+0x346/0x500 lib/bug.c:219
handle_bug+0x3e/0x70 arch/x86/kernel/traps.c:239
exc_invalid_op+0x1a/0x50 arch/x86/kernel/traps.c:260
asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
RIP: 0010:uart_write+0x2b0/0x320 drivers/tty/serial/serial_core.c:605
Code: 74 08 48 89 df e8 a0 9e be fc 48 83 3b 00 74 74 e8 05 4e 59 fc eb 97 e8 fe 4d 59 fc 45 31 e4 eb 08 e8 f4 4d 59 fc 45 31 ed 90 <0f> 0b 90 45 84 e4 74 0a e8 e3 4d 59 fc 45 31 f6 eb 84 e8 d9 4d 59
RSP: 0018:ffffc90009fcf4b8 EFLAGS: 00010046
RAX: ffffffff853d0f92 RBX: dffffc0000000000 RCX: 0000000000040000
RDX: ffffc90013601000 RSI: 000000000001ba5f RDI: 000000000001ba60
RBP: ffff88801f720f48 R08: 0000000000000003 R09: fffff520013f9e74
R10: dffffc0000000000 R11: fffff520013f9e74 R12: 0000000000000000
R13: 0000000000000246 R14: ffff88801f720be8 R15: ffffffff94aa1860
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x790/0xa80 drivers/net/hamradio/6pack.c:628
tty_ldisc_open drivers/tty/tty_ldisc.c:432 [inline]
tty_ldisc_reinit+0x2d4/0x4a0 drivers/tty/tty_ldisc.c:661
tty_reopen+0x20b/0x2d0 drivers/tty/tty_io.c:1366
tty_open_by_driver drivers/tty/tty_io.c:2082 [inline]
tty_open+0xa26/0xdf0 drivers/tty/tty_io.c:2135
chrdev_open+0x5b0/0x630 fs/char_dev.c:414
do_dentry_open+0x95a/0x1720 fs/open.c:955
do_open fs/namei.c:3650 [inline]
path_openat+0x289f/0x3280 fs/namei.c:3807
do_filp_open+0x235/0x490 fs/namei.c:3834
do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
do_sys_open fs/open.c:1420 [inline]
__do_sys_openat fs/open.c:1436 [inline]
__se_sys_openat fs/open.c:1431 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1431
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd50cc7dea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd50d96c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fd50cdabf80 RCX: 00007fd50cc7dea9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 00007fd50ccca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fd50cdabf80 R15: 00007ffeacd13b38
</TASK>
WARNING: CPU: 0 PID: 6662 at drivers/tty/serial/serial_core.c:605 uart_write+0x2b0/0x320 drivers/tty/serial/serial_core.c:605
Modules linked in:
CPU: 0 PID: 6662 Comm: syz-executor.4 Not tainted 6.9.0-rc4-next-20240418-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:uart_write+0x2b0/0x320 drivers/tty/serial/serial_core.c:605
Code: 74 08 48 89 df e8 a0 9e be fc 48 83 3b 00 74 74 e8 05 4e 59 fc eb 97 e8 fe 4d 59 fc 45 31 e4 eb 08 e8 f4 4d 59 fc 45 31 ed 90 <0f> 0b 90 45 84 e4 74 0a e8 e3 4d 59 fc 45 31 f6 eb 84 e8 d9 4d 59
RSP: 0018:ffffc90009fcf4b8 EFLAGS: 00010046
RAX: ffffffff853d0f92 RBX: dffffc0000000000 RCX: 0000000000040000
RDX: ffffc90013601000 RSI: 000000000001ba5f RDI: 000000000001ba60
RBP: ffff88801f720f48 R08: 0000000000000003 R09: fffff520013f9e74
R10: dffffc0000000000 R11: fffff520013f9e74 R12: 0000000000000000
R13: 0000000000000246 R14: ffff88801f720be8 R15: ffffffff94aa1860
FS: 00007fd50d96c6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd65b98000 CR3: 0000000011650000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x790/0xa80 drivers/net/hamradio/6pack.c:628
tty_ldisc_open drivers/tty/tty_ldisc.c:432 [inline]
tty_ldisc_reinit+0x2d4/0x4a0 drivers/tty/tty_ldisc.c:661
tty_reopen+0x20b/0x2d0 drivers/tty/tty_io.c:1366
tty_open_by_driver drivers/tty/tty_io.c:2082 [inline]
tty_open+0xa26/0xdf0 drivers/tty/tty_io.c:2135
chrdev_open+0x5b0/0x630 fs/char_dev.c:414
do_dentry_open+0x95a/0x1720 fs/open.c:955
do_open fs/namei.c:3650 [inline]
path_openat+0x289f/0x3280 fs/namei.c:3807
do_filp_open+0x235/0x490 fs/namei.c:3834
do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
do_sys_open fs/open.c:1420 [inline]
__do_sys_openat fs/open.c:1436 [inline]
__se_sys_openat fs/open.c:1431 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1431
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd50cc7dea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd50d96c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fd50cdabf80 RCX: 00007fd50cc7dea9
RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 00007fd50ccca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fd50cdabf80 R15: 00007ffeacd13b38
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [serial?] possible deadlock in uart_write (2)
2024-04-25 4:00 [syzbot] [serial?] possible deadlock in uart_write (2) syzbot
@ 2024-05-23 6:23 ` syzbot
2024-05-23 11:30 ` Hillf Danton
0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2024-05-23 6:23 UTC (permalink / raw
To: gregkh, jirislaby, linux-kernel, linux-serial, syzkaller-bugs
syzbot has found a reproducer for the following issue on:
HEAD commit: de7e71ef8bed mm: simplify and improve print_vma_addr() out..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1358d748980000
kernel config: https://syzkaller.appspot.com/x/.config?x=45d62832ec0fc911
dashboard link: https://syzkaller.appspot.com/bug?extid=57cc2f20a84cb4346354
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10cd9414980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140480ec980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-de7e71ef.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0c97829b07ce/vmlinux-de7e71ef.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e91040d0f4f3/bzImage-de7e71ef.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57cc2f20a84cb4346354@syzkaller.appspotmail.com
------------[ cut here ]------------
======================================================
WARNING: possible circular locking dependency detected
6.9.0-syzkaller-11924-gde7e71ef8bed #0 Not tainted
------------------------------------------------------
syz-executor379/5188 is trying to acquire lock:
ffffffff8dabed20 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1994 [inline]
ffffffff8dabed20 (console_owner){....}-{0:0}, at: vprintk_emit kernel/printk/printk.c:2344 [inline]
ffffffff8dabed20 (console_owner){....}-{0:0}, at: vprintk_emit+0x42d/0x5a0 kernel/printk/printk.c:2300
but task is already holding lock:
ffffffff94de6f38 (&port_lock_key){-...}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
ffffffff94de6f38 (&port_lock_key){-...}-{2:2}, at: uart_write+0x134/0x3e0 drivers/tty/serial/serial_core.c:624
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&port_lock_key){-...}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
serial8250_console_write+0xaa6/0x1090 drivers/tty/serial/8250/8250_port.c:3352
console_emit_next_record kernel/printk/printk.c:2928 [inline]
console_flush_all+0x53f/0xd70 kernel/printk/printk.c:2994
console_unlock+0xae/0x290 kernel/printk/printk.c:3063
vprintk_emit kernel/printk/printk.c:2345 [inline]
vprintk_emit+0x11a/0x5a0 kernel/printk/printk.c:2300
vprintk+0x7f/0xa0 kernel/printk/printk_safe.c:45
_printk+0xc8/0x100 kernel/printk/printk.c:2370
register_console+0xa88/0x10a0 kernel/printk/printk.c:3596
univ8250_console_init+0x35/0x50 drivers/tty/serial/8250/8250_core.c:719
console_init+0xcc/0x680 kernel/printk/printk.c:3742
start_kernel+0x295/0x4c0 init/main.c:1038
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x148
-> #0 (console_owner){....}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
console_trylock_spinning kernel/printk/printk.c:1994 [inline]
vprintk_emit kernel/printk/printk.c:2344 [inline]
vprintk_emit+0x442/0x5a0 kernel/printk/printk.c:2300
vprintk+0x7f/0xa0 kernel/printk/printk_safe.c:45
_printk+0xc8/0x100 kernel/printk/printk.c:2370
__report_bug lib/bug.c:195 [inline]
report_bug+0x4ac/0x580 lib/bug.c:219
handle_bug+0x3d/0x70 arch/x86/kernel/traps.c:239
exc_invalid_op+0x17/0x50 arch/x86/kernel/traps.c:260
asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
uart_write+0x2bf/0x3e0 drivers/tty/serial/serial_core.c:625
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x93b/0xb30 drivers/net/hamradio/6pack.c:628
tty_ldisc_open+0x9c/0x120 drivers/tty/tty_ldisc.c:432
tty_set_ldisc+0x318/0x720 drivers/tty/tty_ldisc.c:563
tiocsetd drivers/tty/tty_io.c:2439 [inline]
tty_ioctl+0xbdc/0x15f0 drivers/tty/tty_io.c:2739
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&port_lock_key);
lock(console_owner);
lock(&port_lock_key);
lock(console_owner);
*** DEADLOCK ***
3 locks held by syz-executor379/5188:
#0: ffff888011ccc1c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_set_ldisc+0x8b/0x720 drivers/tty/tty_ldisc.c:528
#1: ffff888011ccc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:289 [inline]
#1: ffff888011ccc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x65/0xb0 drivers/tty/tty_ldisc.c:313
#2: ffffffff94de6f38 (&port_lock_key){-...}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:618 [inline]
#2: ffffffff94de6f38 (&port_lock_key){-...}-{2:2}, at: uart_write+0x134/0x3e0 drivers/tty/serial/serial_core.c:624
stack backtrace:
CPU: 2 PID: 5188 Comm: syz-executor379 Not tainted 6.9.0-syzkaller-11924-gde7e71ef8bed #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
console_trylock_spinning kernel/printk/printk.c:1994 [inline]
vprintk_emit kernel/printk/printk.c:2344 [inline]
vprintk_emit+0x442/0x5a0 kernel/printk/printk.c:2300
vprintk+0x7f/0xa0 kernel/printk/printk_safe.c:45
_printk+0xc8/0x100 kernel/printk/printk.c:2370
__report_bug lib/bug.c:195 [inline]
report_bug+0x4ac/0x580 lib/bug.c:219
handle_bug+0x3d/0x70 arch/x86/kernel/traps.c:239
exc_invalid_op+0x17/0x50 arch/x86/kernel/traps.c:260
asm_exc_invalid_op+0x1a/0x20 arch/x86/include/asm/idtentry.h:621
RIP: 0010:uart_write+0x2bf/0x3e0 drivers/tty/serial/serial_core.c:625
Code: 6b fc e9 4e ff ff ff e8 ef e1 90 fc 90 0f 0b 90 49 c7 c4 d2 ff ff ff e9 39 ff ff ff e8 da e1 90 fc 45 31 ff e8 d2 e1 90 fc 90 <0f> 0b 90 48 85 ed 74 8c e8 c4 e1 90 fc 4c 8d a5 08 01 00 00 4c 89
RSP: 0018:ffffc90003137bd8 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff88801f908be8 RCX: ffffffff816c49ad
RDX: ffff88802a360000 RSI: ffffffff84fd0abe RDI: ffff88801f908f48
RBP: ffffffff94de6f20 R08: 0000000000000001 R09: fffff52000626f69
R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000001
R13: 0000000000000001 R14: ffff888024980f01 R15: 0000000000000293
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x93b/0xb30 drivers/net/hamradio/6pack.c:628
tty_ldisc_open+0x9c/0x120 drivers/tty/tty_ldisc.c:432
tty_set_ldisc+0x318/0x720 drivers/tty/tty_ldisc.c:563
tiocsetd drivers/tty/tty_io.c:2439 [inline]
tty_ioctl+0xbdc/0x15f0 drivers/tty/tty_io.c:2739
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f956812d2e9
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeea498a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffeea498c18 RCX: 00007f956812d2e9
RDX: 0000000020000080 RSI: 0000000000005423 RDI: 0000000000000003
RBP: 00007f95681a0610 R08: 0000000000000000 R09: 00007ffeea498c18
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffeea498c08 R14: 0000000000000001 R15: 0000000000000001
</TASK>
WARNING: CPU: 2 PID: 5188 at drivers/tty/serial/serial_core.c:625 uart_write+0x2bf/0x3e0 drivers/tty/serial/serial_core.c:625
Modules linked in:
CPU: 2 PID: 5188 Comm: syz-executor379 Not tainted 6.9.0-syzkaller-11924-gde7e71ef8bed #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:uart_write+0x2bf/0x3e0 drivers/tty/serial/serial_core.c:625
Code: 6b fc e9 4e ff ff ff e8 ef e1 90 fc 90 0f 0b 90 49 c7 c4 d2 ff ff ff e9 39 ff ff ff e8 da e1 90 fc 45 31 ff e8 d2 e1 90 fc 90 <0f> 0b 90 48 85 ed 74 8c e8 c4 e1 90 fc 4c 8d a5 08 01 00 00 4c 89
RSP: 0018:ffffc90003137bd8 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffff88801f908be8 RCX: ffffffff816c49ad
RDX: ffff88802a360000 RSI: ffffffff84fd0abe RDI: ffff88801f908f48
RBP: ffffffff94de6f20 R08: 0000000000000001 R09: fffff52000626f69
R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000001
R13: 0000000000000001 R14: ffff888024980f01 R15: 0000000000000293
FS: 0000555560c5f380(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 000000001e942000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x93b/0xb30 drivers/net/hamradio/6pack.c:628
tty_ldisc_open+0x9c/0x120 drivers/tty/tty_ldisc.c:432
tty_set_ldisc+0x318/0x720 drivers/tty/tty_ldisc.c:563
tiocsetd drivers/tty/tty_io.c:2439 [inline]
tty_ioctl+0xbdc/0x15f0 drivers/tty/tty_io.c:2739
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f956812d2e9
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeea498a48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffeea498c18 RCX: 00007f956812d2e9
RDX: 0000000020000080 RSI: 0000000000005423 RDI: 0000000000000003
RBP: 00007f95681a0610 R08: 0000000000000000 R09: 00007ffeea498c18
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffeea498c08 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [serial?] possible deadlock in uart_write (2)
2024-05-23 6:23 ` syzbot
@ 2024-05-23 11:30 ` Hillf Danton
2024-05-23 11:51 ` syzbot
0 siblings, 1 reply; 4+ messages in thread
From: Hillf Danton @ 2024-05-23 11:30 UTC (permalink / raw
To: syzbot; +Cc: linux-kernel, syzkaller-bugs
On Wed, 22 May 2024 23:23:26 -0700
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: de7e71ef8bed mm: simplify and improve print_vma_addr() out..
> git tree: upstream
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140480ec980000
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git de7e71ef8bed
--- x/drivers/tty/serial/serial_core.c
+++ y/drivers/tty/serial/serial_core.c
@@ -622,8 +622,9 @@ static ssize_t uart_write(struct tty_str
return -EL3HLT;
port = uart_port_lock(state, flags);
- if (WARN_ON_ONCE(!state->port.xmit_buf)) {
+ if (!state->port.xmit_buf) {
uart_port_unlock(port, flags);
+ WARN_ON_ONCE(1);
return 0;
}
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [syzbot] [serial?] possible deadlock in uart_write (2)
2024-05-23 11:30 ` Hillf Danton
@ 2024-05-23 11:51 ` syzbot
0 siblings, 0 replies; 4+ messages in thread
From: syzbot @ 2024-05-23 11:51 UTC (permalink / raw
To: hdanton, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in uart_write
sp0: Synchronizing with TNC
------------[ cut here ]------------
WARNING: CPU: 2 PID: 5387 at drivers/tty/serial/serial_core.c:627 uart_write+0x2c3/0x3e0 drivers/tty/serial/serial_core.c:627
Modules linked in:
CPU: 2 PID: 5387 Comm: syz-executor Not tainted 6.9.0-syzkaller-11924-gde7e71ef8bed-dirty #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:uart_write+0x2c3/0x3e0 drivers/tty/serial/serial_core.c:627
Code: 00 00 48 8d 98 9c 03 00 00 48 89 df e8 e6 c9 ec fc f0 ff 0b 0f 94 c3 31 ff 89 de e8 77 dc 90 fc 84 db 75 72 e8 ce e1 90 fc 90 <0f> 0b 90 31 ed e9 23 ff ff ff e8 be e1 90 fc 4c 89 ea 48 b8 00 00
RSP: 0018:ffffc900036a7bd8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88801f5a8f00 RCX: ffffffff84fd0ab9
RDX: ffff888021d00000 RSI: ffffffff84fd0ac2 RDI: 0000000000000001
RBP: ffffffff94de7028 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000002 R12: ffffffff94de6f20
R13: 0000000000000001 R14: ffff88801231cf01 R15: 0000000000000293
FS: 00007f2677c386c0(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555575a07788 CR3: 0000000020ab6000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
tnc_init drivers/net/hamradio/6pack.c:531 [inline]
sixpack_open+0x93b/0xb30 drivers/net/hamradio/6pack.c:628
tty_ldisc_open+0x9c/0x120 drivers/tty/tty_ldisc.c:432
tty_set_ldisc+0x318/0x720 drivers/tty/tty_ldisc.c:563
tiocsetd drivers/tty/tty_io.c:2439 [inline]
tty_ioctl+0xbdc/0x15f0 drivers/tty/tty_io.c:2739
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl fs/ioctl.c:893 [inline]
__x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2676e7cee9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2677c380c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2676fabf80 RCX: 00007f2676e7cee9
RDX: 0000000020000080 RSI: 0000000000005423 RDI: 0000000000000003
RBP: 00007f2676ec949e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f2676fabf80 R15: 00007ffeb4e97fa8
</TASK>
Tested on:
commit: de7e71ef mm: simplify and improve print_vma_addr() out..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16d0ae1a980000
kernel config: https://syzkaller.appspot.com/x/.config?x=45d62832ec0fc911
dashboard link: https://syzkaller.appspot.com/bug?extid=57cc2f20a84cb4346354
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=11a3a51a980000
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-05-23 11:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-25 4:00 [syzbot] [serial?] possible deadlock in uart_write (2) syzbot
2024-05-23 6:23 ` syzbot
2024-05-23 11:30 ` Hillf Danton
2024-05-23 11:51 ` syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).