Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.077070] FAULT_INJECTION: forcing a failure. [ 35.077070] name failslab, interval 1, probability 0, space 0, times 1 [ 35.089325] CPU: 1 PID: 7969 Comm: syz-executor518 Not tainted 4.14.302-syzkaller #0 [ 35.097356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.106685] Call Trace: [ 35.109247] dump_stack+0x1b2/0x281 [ 35.112858] should_fail.cold+0x10a/0x149 [ 35.117067] should_failslab+0xd6/0x130 [ 35.121011] __kmalloc+0x6d/0x400 [ 35.124464] ? tty_buffer_alloc+0xc0/0x270 [ 35.128671] tty_buffer_alloc+0xc0/0x270 [ 35.132704] __tty_buffer_request_room+0x12c/0x290 [ 35.137620] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.143814] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.149754] pty_write+0xc3/0xf0 [ 35.153092] n_tty_write+0x85e/0xda0 [ 35.156778] ? n_tty_open+0x160/0x160 [ 35.160552] ? do_wait_intr_irq+0x270/0x270 [ 35.164852] ? __might_fault+0x177/0x1b0 [ 35.168886] tty_write+0x410/0x740 [ 35.172491] ? n_tty_open+0x160/0x160 [ 35.176263] __vfs_write+0xe4/0x630 [ 35.179859] ? tty_compat_ioctl+0x240/0x240 [ 35.184149] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.189137] ? kernel_read+0x110/0x110 [ 35.193001] ? common_file_perm+0x3ee/0x580 [ 35.197305] ? security_file_permission+0x82/0x1e0 [ 35.202380] ? rw_verify_area+0xe1/0x2a0 [ 35.206412] vfs_write+0x17f/0x4d0 [ 35.209926] SyS_write+0xf2/0x210 [ 35.213356] ? SyS_read+0x210/0x210 [ 35.217736] ? __do_page_fault+0x159/0xad0 [ 35.221943] ? do_syscall_64+0x4c/0x640 [ 35.225890] ? SyS_read+0x210/0x210 [ 35.229493] do_syscall_64+0x1d5/0x640 [ 35.233531] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.238693] RIP: 0033:0x7f310e26f679 [ 35.242387] RSP: 002b:00007fffd237be38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.250064] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f310e26f679 [ 35.257307] RDX: 000000000000ff2e RSI: 0000000020000000 RDI: 0000000000000003 [ 35.264811] RBP: 00007fffd237be40 R08: 0000000000000001 R09: 00007f310e230033 [ 35.272056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.279297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.286568] [ 35.286570] ====================================================== [ 35.286572] WARNING: possible circular locking dependency detected [ 35.286573] 4.14.302-syzkaller #0 Not tainted [ 35.286575] ------------------------------------------------------ [ 35.286577] syz-executor518/7969 is trying to acquire lock: [ 35.286577] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 35.286582] [ 35.286583] but task is already holding lock: [ 35.286584] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.286588] [ 35.286590] which lock already depends on the new lock. [ 35.286591] [ 35.286591] [ 35.286593] the existing dependency chain (in reverse order) is: [ 35.286594] [ 35.286594] -> #2 (&(&port->lock)->rlock){-.-.}: [ 35.286599] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.286600] tty_port_tty_get+0x1d/0x80 [ 35.286601] tty_port_default_wakeup+0x11/0x40 [ 35.286603] serial8250_tx_chars+0x3fe/0xc70 [ 35.286604] serial8250_handle_irq.part.0+0x2c7/0x390 [ 35.286606] serial8250_default_handle_irq+0x8a/0x1f0 [ 35.286607] serial8250_interrupt+0xf3/0x210 [ 35.286608] __handle_irq_event_percpu+0xee/0x7f0 [ 35.286610] handle_irq_event+0xed/0x240 [ 35.286611] handle_edge_irq+0x224/0xc40 [ 35.286612] handle_irq+0x35/0x50 [ 35.286613] do_IRQ+0x93/0x1d0 [ 35.286614] ret_from_intr+0x0/0x1e [ 35.286616] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 35.286617] uart_write+0x2dd/0x560 [ 35.286618] do_output_char+0x4f5/0x750 [ 35.286619] n_tty_write+0x3e3/0xda0 [ 35.286621] tty_write+0x410/0x740 [ 35.286622] redirected_tty_write+0x9c/0xb0 [ 35.286623] do_iter_write+0x3da/0x550 [ 35.286624] vfs_writev+0x125/0x290 [ 35.286625] do_writev+0xfc/0x2c0 [ 35.286627] do_syscall_64+0x1d5/0x640 [ 35.286628] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.286629] [ 35.286629] -> #1 (&port_lock_key){-.-.}: [ 35.286634] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.286635] serial8250_console_write+0x8cb/0xb40 [ 35.286636] console_unlock+0x99d/0xf20 [ 35.286638] vprintk_emit+0x224/0x620 [ 35.286639] vprintk_func+0x58/0x160 [ 35.286640] printk+0x9e/0xbc [ 35.286641] register_console+0x6f4/0xad0 [ 35.286642] univ8250_console_init+0x2f/0x3a [ 35.286644] console_init+0x46/0x53 [ 35.286645] start_kernel+0x521/0x763 [ 35.286646] secondary_startup_64+0xa5/0xb0 [ 35.286647] [ 35.286647] -> #0 (console_owner){....}: [ 35.286652] lock_acquire+0x170/0x3f0 [ 35.286653] console_unlock+0x36f/0xf20 [ 35.286654] vprintk_emit+0x224/0x620 [ 35.286655] vprintk_func+0x58/0x160 [ 35.286656] printk+0x9e/0xbc [ 35.286658] should_fail.cold+0xdf/0x149 [ 35.286659] should_failslab+0xd6/0x130 [ 35.286660] __kmalloc+0x6d/0x400 [ 35.286661] tty_buffer_alloc+0xc0/0x270 [ 35.286663] __tty_buffer_request_room+0x12c/0x290 [ 35.286664] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.286666] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.286667] pty_write+0xc3/0xf0 [ 35.286668] n_tty_write+0x85e/0xda0 [ 35.286669] tty_write+0x410/0x740 [ 35.286671] __vfs_write+0xe4/0x630 [ 35.286672] vfs_write+0x17f/0x4d0 [ 35.286673] SyS_write+0xf2/0x210 [ 35.286674] do_syscall_64+0x1d5/0x640 [ 35.286676] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.286676] [ 35.286678] other info that might help us debug this: [ 35.286678] [ 35.286679] Chain exists of: [ 35.286680] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 35.286685] [ 35.286686] Possible unsafe locking scenario: [ 35.286687] [ 35.286688] CPU0 CPU1 [ 35.286690] ---- ---- [ 35.286690] lock(&(&port->lock)->rlock); [ 35.286693] lock(&port_lock_key); [ 35.286696] lock(&(&port->lock)->rlock); [ 35.286698] lock(console_owner); [ 35.286701] [ 35.286702] *** DEADLOCK *** [ 35.286702] [ 35.286704] 6 locks held by syz-executor518/7969: [ 35.286704] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 35.286709] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 35.286713] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 35.286718] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 35.286722] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.286727] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 35.286731] [ 35.286732] stack backtrace: [ 35.286734] CPU: 1 PID: 7969 Comm: syz-executor518 Not tainted 4.14.302-syzkaller #0 [ 35.286737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.286738] Call Trace: [ 35.286739] dump_stack+0x1b2/0x281 [ 35.286741] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.286742] __lock_acquire+0x2e0e/0x3f20 [ 35.286743] ? trace_hardirqs_on+0x10/0x10 [ 35.286744] ? snprintf+0xd0/0xd0 [ 35.286745] ? console_unlock+0x34a/0xf20 [ 35.286746] lock_acquire+0x170/0x3f0 [ 35.286748] ? console_unlock+0x307/0xf20 [ 35.286749] console_unlock+0x36f/0xf20 [ 35.286750] ? console_unlock+0x307/0xf20 [ 35.286751] vprintk_emit+0x224/0x620 [ 35.286752] vprintk_func+0x58/0x160 [ 35.286753] printk+0x9e/0xbc [ 35.286755] ? log_store.cold+0x16/0x16 [ 35.286756] ? __lock_acquire+0x5fc/0x3f20 [ 35.286757] ? ___ratelimit+0x2b5/0x510 [ 35.286758] should_fail.cold+0xdf/0x149 [ 35.286759] should_failslab+0xd6/0x130 [ 35.286760] __kmalloc+0x6d/0x400 [ 35.286762] ? tty_buffer_alloc+0xc0/0x270 [ 35.286763] tty_buffer_alloc+0xc0/0x270 [ 35.286764] __tty_buffer_request_room+0x12c/0x290 [ 35.286766] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.286767] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.286768] pty_write+0xc3/0xf0 [ 35.286770] n_tty_write+0x85e/0xda0 [ 35.286771] ? n_tty_open+0x160/0x160 [ 35.286772] ? do_wait_intr_irq+0x270/0x270 [ 35.286773] ? __might_fault+0x177/0x1b0 [ 35.286774] tty_write+0x410/0x740 [ 35.286776] ? n_tty_open+0x160/0x160 [ 35.286777] __vfs_write+0xe4/0x630 [ 35.286778] ? tty_compat_ioctl+0x240/0x240 [ 35.286779] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.286781] ? kernel_read+0x110/0x110 [ 35.286782] ? common_file_perm+0x3ee/0x580 [ 35.286783] ? security_file_permission+0x82/0x1e0 [ 35.286784] ? rw_verify_area+0xe1/0x2a0 [ 35.286785] vfs_write+0x17f/0x4d0 [ 35.286787] SyS_write+0xf2/0x210 [ 35.286788] ? SyS_read+0x210/0x210 [ 35.286789] ? __do_page_fault+0x159/0xad0 [ 35.286790] ? do_syscall_64+0x4c/0x640 [ 35.286791] ? SyS_read+0x210/0x210 [ 35.286792] do_syscall_64+0x1d5/0x640 [ 35.286794] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.286795] RIP: 0033:0x7f310e26f679 [ 35.286796] RSP: 002b:00007fffd237be38 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.286800] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f310e26f679 [ 35.286801] RDX: 000000000000ff2e RSI: 0000000020000000 RDI: 0000000000000003 [ 35.286803] RBP: 00007fffd237be40 R08: 0000000000000001 R09: 00007f310e230033 [ 35.286805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.286807] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000