202157 – deadlock in console_unlock

Bug 202157 - deadlock in console_unlock

Summary: deadlock in console_unlock

Status:	NEW

Alias:	None

Product:	Other
Classification:	Unclassified
Component:	Modules (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	other_modules

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-05 08:33 UTC by Moe
Modified:	2019-01-05 08:33 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.20(21)
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
PoC code to reproduce deadlock hang. (1.52 KB, text/plain) 2019-01-05 08:33 UTC, Moe	Details
Add an attachment (proposed patch, testcase, etc.)

Description Moe 2019-01-05 08:33:10 UTC

Created attachment 280281 [details]
PoC code to reproduce deadlock hang.

RBP: 00000000006cb018 R08: 0000000000000001 R09: 0000000000000031
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000

======================================================
WARNING: possible circular locking dependency detected
4.20.0-rc7+ #8 Not tainted
------------------------------------------------------
syz-executor579/2028 is trying to acquire lock:
00000000e478796d (console_owner){-.-.}, at: log_next kernel/printk/printk.c:489 [inline]
00000000e478796d (console_owner){-.-.}, at: console_unlock+0x33d/0xd30 kernel/printk/printk.c:2401

but task is already holding lock:
0000000030388923 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xcd/0x1d0 drivers/tty/pty.c:120

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&(&port->lock)->rlock){-.-.}:
       tty_port_tty_get+0x1b/0x80 drivers/tty/tty_port.c:287
       tty_port_default_wakeup+0x11/0x40 drivers/tty/tty_port.c:47
       serial8250_tx_chars+0x4b9/0xa00 drivers/tty/serial/8250/8250_port.c:1825
       serial8250_handle_irq.part.20+0x18d/0x210 drivers/tty/serial/8250/8250_port.c:1898
       serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1918 [inline]
       serial8250_default_handle_irq+0xe9/0x110 drivers/tty/serial/8250/8250_port.c:1914
       serial8250_interrupt+0xe2/0x180 drivers/tty/serial/8250/8250_core.c:125
       __handle_irq_event_percpu+0x16e/0x860 kernel/irq/handle.c:149
       handle_irq_event_percpu+0x96/0x1b0 kernel/irq/handle.c:189
       handle_irq_event+0xa1/0x130 kernel/irq/handle.c:206
       handle_edge_irq+0x1d3/0x7a0 kernel/irq/chip.c:791
       generic_handle_irq_desc include/linux/irqdesc.h:154 [inline]
       handle_irq+0x16d/0x300 arch/x86/kernel/irq_64.c:78
       do_IRQ+0x71/0x190 arch/x86/kernel/irq.c:246
       ret_from_intr+0x0/0x1d
       native_safe_halt arch/x86/include/asm/irqflags.h:57 [inline]
       arch_safe_halt arch/x86/include/asm/irqflags.h:99 [inline]
       default_idle+0x81/0x3c0 arch/x86/kernel/process.c:561
       cpuidle_idle_call kernel/sched/idle.c:153 [inline]
       do_idle+0x287/0x3c0 kernel/sched/idle.c:262
       cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:353
       start_secondary+0x39d/0x490 arch/x86/kernel/smpboot.c:271
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

-> #1 (&port_lock_key){-.-.}:
       serial8250_console_write+0x6d5/0x8b0 drivers/tty/serial/8250/8250_port.c:3266
       call_console_drivers kernel/printk/printk.c:1728 [inline]
       console_unlock+0x847/0xd30 kernel/printk/printk.c:2414
       vprintk_emit+0x214/0x590 kernel/printk/printk.c:1922
       vprintk_func+0x52/0xe0 kernel/printk/printk_safe.c:398
       printk+0xb2/0xdd kernel/printk/printk.c:1997
       register_console+0x6b3/0xb40 kernel/printk/printk.c:2729
       univ8250_console_init+0x2c/0x35 drivers/tty/serial/8250/8250_core.c:681
       console_init+0x4fc/0x72d kernel/printk/printk.c:2815
       start_kernel+0x527/0x80f init/main.c:667
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

-> #0 (console_owner){-.-.}:
       console_lock_spinning_enable kernel/printk/printk.c:1591 [inline]
       console_unlock+0x3a9/0xd30 kernel/printk/printk.c:2411
       vprintk_emit+0x214/0x590 kernel/printk/printk.c:1922
       vprintk_func+0x52/0xe0 kernel/printk/printk_safe.c:398
       printk+0xb2/0xdd kernel/printk/printk.c:1997
       fail_dump lib/fault-inject.c:44 [inline]
       should_fail+0x911/0xa90 lib/fault-inject.c:149
       __should_failslab+0xe3/0x120 mm/failslab.c:32
       should_failslab+0x5/0x10 mm/slab_common.c:1578
       slab_pre_alloc_hook mm/slab.h:423 [inline]
       slab_alloc_node mm/slub.c:2670 [inline]
       slab_alloc mm/slub.c:2752 [inline]
       __kmalloc+0x6d/0x2d0 mm/slub.c:3783
       kmalloc include/linux/slab.h:551 [inline]
       tty_buffer_alloc drivers/tty/tty_buffer.c:175 [inline]
       __tty_buffer_request_room+0x265/0x700 drivers/tty/tty_buffer.c:273
       tty_insert_flip_string_fixed_flag+0x83/0x1c0 drivers/tty/tty_buffer.c:318
       tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
       pty_write+0xff/0x1d0 drivers/tty/pty.c:122
       tty_send_xchar+0x1d7/0x2c0 drivers/tty/tty_io.c:1092
       n_tty_ioctl_helper+0x107/0x340 drivers/tty/tty_ioctl.c:927
       n_tty_ioctl+0x14c/0x2e0 drivers/tty/n_tty.c:2464
       tty_ioctl+0x329/0x1570 drivers/tty/tty_io.c:2653
       vfs_ioctl fs/ioctl.c:46 [inline]
       do_vfs_ioctl+0x19e/0x14c0 fs/ioctl.c:698
       ksys_ioctl+0x84/0x90 fs/ioctl.c:713
       __do_sys_ioctl fs/ioctl.c:720 [inline]
       __se_sys_ioctl fs/ioctl.c:718 [inline]
       __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
       do_syscall_64+0x141/0x5f0 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  console_owner --> &port_lock_key --> &(&port->lock)->rlock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&(&port->lock)->rlock);
                               lock(&port_lock_key);
                               lock(&(&port->lock)->rlock);
  lock(console_owner);

 *** DEADLOCK ***

5 locks held by syz-executor579/2028:
 #0: 00000000bc8dd2b4 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x20/0x80 drivers/tty/tty_ldisc.c:263
 #1: 00000000924a8679 (&tty->atomic_write_lock){+.+.}, at: tty_write_lock+0x1b/0x60 drivers/tty/tty_io.c:885
 #2: 0000000000cf4898 (&tty->termios_rwsem){++++}, at: tty_send_xchar+0x17f/0x2c0 drivers/tty/tty_io.c:1089
 #3: 0000000030388923 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xcd/0x1d0 drivers/tty/pty.c:120
 #4: 000000002c728420 (console_lock){+.+.}, at: console_trylock_spinning kernel/printk/printk.c:1653 [inline]
 #4: 000000002c728420 (console_lock){+.+.}, at: vprintk_emit+0x206/0x590 kernel/printk/printk.c:1921

stack backtrace:
CPU: 0 PID: 2028 Comm: syz-executor579 Not tainted 4.20.0-rc7+ #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0xfa/0x1ce lib/dump_stack.c:113
 print_circular_bug.isra.34+0x31a/0x353 kernel/locking/lockdep.c:1221
 check_prev_add kernel/locking/lockdep.c:1863 [inline]
 check_prevs_add kernel/locking/lockdep.c:1976 [inline]
 validate_chain kernel/locking/lockdep.c:2347 [inline]
 __lock_acquire+0x3256/0x41e0 kernel/locking/lockdep.c:3341
 lock_acquire+0x15b/0x420 kernel/locking/lockdep.c:3844
 console_lock_spinning_enable kernel/printk/printk.c:1591 [inline]
 console_unlock+0x3a9/0xd30 kernel/printk/printk.c:2411
 vprintk_emit+0x214/0x590 kernel/printk/printk.c:1922
 vprintk_func+0x52/0xe0 kernel/printk/printk_safe.c:398
 printk+0xb2/0xdd kernel/printk/printk.c:1997
 fail_dump lib/fault-inject.c:44 [inline]
 should_fail+0x911/0xa90 lib/fault-inject.c:149
 __should_failslab+0xe3/0x120 mm/failslab.c:32
 should_failslab+0x5/0x10 mm/slab_common.c:1578
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc_node mm/slub.c:2670 [inline]
 slab_alloc mm/slub.c:2752 [inline]
 __kmalloc+0x6d/0x2d0 mm/slub.c:3783
 kmalloc include/linux/slab.h:551 [inline]
 tty_buffer_alloc drivers/tty/tty_buffer.c:175 [inline]
 __tty_buffer_request_room+0x265/0x700 drivers/tty/tty_buffer.c:273
 tty_insert_flip_string_fixed_flag+0x83/0x1c0 drivers/tty/tty_buffer.c:318
 tty_insert_flip_string include/linux/tty_flip.h:37 [inline]
 pty_write+0xff/0x1d0 drivers/tty/pty.c:122
 tty_send_xchar+0x1d7/0x2c0 drivers/tty/tty_io.c:1092
 n_tty_ioctl_helper+0x107/0x340 drivers/tty/tty_ioctl.c:927
 n_tty_ioctl+0x14c/0x2e0 drivers/tty/n_tty.c:2464
 tty_ioctl+0x329/0x1570 drivers/tty/tty_io.c:2653
 vfs_ioctl fs/ioctl.c:46 [inline]
 do_vfs_ioctl+0x19e/0x14c0 fs/ioctl.c:698
 ksys_ioctl+0x84/0x90 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
 do_syscall_64+0x141/0x5f0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4402e9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd52f4ba48 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004402e9
RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000000000001 R09: 0000000000000031
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000

Note You need to log in before you can comment on or make changes to this bug.