Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.437296] FAULT_INJECTION: forcing a failure. [ 27.437296] name failslab, interval 1, probability 0, space 0, times 1 [ 27.448951] CPU: 0 PID: 7975 Comm: syz-executor324 Not tainted 4.14.302-syzkaller #0 [ 27.456806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.466128] Call Trace: [ 27.468688] dump_stack+0x1b2/0x281 [ 27.472287] should_fail.cold+0x10a/0x149 [ 27.476411] should_failslab+0xd6/0x130 [ 27.480358] __kmalloc+0x6d/0x400 [ 27.483782] ? tty_buffer_alloc+0xc0/0x270 [ 27.487998] tty_buffer_alloc+0xc0/0x270 [ 27.492030] __tty_buffer_request_room+0x12c/0x290 [ 27.496928] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.502438] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.508380] pty_write+0xc3/0xf0 [ 27.511735] ? tty_write_room+0x69/0x80 [ 27.515773] n_tty_write+0x352/0xda0 [ 27.519462] ? n_tty_open+0x160/0x160 [ 27.523237] ? do_wait_intr_irq+0x270/0x270 [ 27.527528] ? __might_fault+0x177/0x1b0 [ 27.531560] tty_write+0x410/0x740 [ 27.535069] ? n_tty_open+0x160/0x160 [ 27.538841] __vfs_write+0xe4/0x630 [ 27.542439] ? tty_compat_ioctl+0x240/0x240 [ 27.546733] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.551722] ? kernel_read+0x110/0x110 [ 27.555580] ? common_file_perm+0x3ee/0x580 [ 27.559875] ? security_file_permission+0x82/0x1e0 [ 27.564772] ? rw_verify_area+0xe1/0x2a0 [ 27.568804] vfs_write+0x17f/0x4d0 [ 27.572316] SyS_write+0xf2/0x210 [ 27.575742] ? SyS_read+0x210/0x210 [ 27.579340] ? do_syscall_64+0x4c/0x640 [ 27.583285] ? SyS_read+0x210/0x210 [ 27.586883] do_syscall_64+0x1d5/0x640 [ 27.590745] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.595905] RIP: 0033:0x7fb3c4d92789 [ 27.599586] RSP: 002b:00007fffc6ef5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.607263] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb3c4d92789 [ 27.614502] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 27.621745] RBP: 00007fffc6ef5c80 R08: 0000000000000001 R09: 0000000000000001 [ 27.628985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 27.636223] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.643485] [ 27.643487] ====================================================== [ 27.643489] WARNING: possible circular locking dependency detected [ 27.643490] 4.14.302-syzkaller #0 Not tainted [ 27.643492] ------------------------------------------------------ [ 27.643493] syz-executor324/7975 is trying to acquire lock: [ 27.643494] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.643498] [ 27.643499] but task is already holding lock: [ 27.643500] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.643505] [ 27.643506] which lock already depends on the new lock. [ 27.643507] [ 27.643508] [ 27.643509] the existing dependency chain (in reverse order) is: [ 27.643510] [ 27.643511] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.643515] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.643516] tty_port_tty_get+0x1d/0x80 [ 27.643518] tty_port_default_wakeup+0x11/0x40 [ 27.643519] serial8250_tx_chars+0x3fe/0xc70 [ 27.643521] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.643522] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.643523] serial8250_interrupt+0xf3/0x210 [ 27.643525] __handle_irq_event_percpu+0xee/0x7f0 [ 27.643526] handle_irq_event+0xed/0x240 [ 27.643527] handle_edge_irq+0x224/0xc40 [ 27.643529] handle_irq+0x35/0x50 [ 27.643530] do_IRQ+0x93/0x1d0 [ 27.643531] ret_from_intr+0x0/0x1e [ 27.643532] native_safe_halt+0xe/0x10 [ 27.643534] default_idle+0x47/0x370 [ 27.643535] do_idle+0x250/0x3c0 [ 27.643536] cpu_startup_entry+0x14/0x20 [ 27.643537] start_kernel+0x743/0x763 [ 27.643538] secondary_startup_64+0xa5/0xb0 [ 27.643539] [ 27.643540] -> #1 (&port_lock_key){-.-.}: [ 27.643544] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.643545] serial8250_console_write+0x8cb/0xb40 [ 27.643547] console_unlock+0x99d/0xf20 [ 27.643548] vprintk_emit+0x224/0x620 [ 27.643549] vprintk_func+0x58/0x160 [ 27.643550] printk+0x9e/0xbc [ 27.643551] register_console+0x6f4/0xad0 [ 27.643553] univ8250_console_init+0x2f/0x3a [ 27.643554] console_init+0x46/0x53 [ 27.643555] start_kernel+0x521/0x763 [ 27.643556] secondary_startup_64+0xa5/0xb0 [ 27.643557] [ 27.643558] -> #0 (console_owner){....}: [ 27.643562] lock_acquire+0x170/0x3f0 [ 27.643563] console_unlock+0x36f/0xf20 [ 27.643564] vprintk_emit+0x224/0x620 [ 27.643565] vprintk_func+0x58/0x160 [ 27.643566] printk+0x9e/0xbc [ 27.643568] should_fail.cold+0xdf/0x149 [ 27.643569] should_failslab+0xd6/0x130 [ 27.643570] __kmalloc+0x6d/0x400 [ 27.643571] tty_buffer_alloc+0xc0/0x270 [ 27.643573] __tty_buffer_request_room+0x12c/0x290 [ 27.643575] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.643576] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.643577] pty_write+0xc3/0xf0 [ 27.643579] n_tty_write+0x352/0xda0 [ 27.643580] tty_write+0x410/0x740 [ 27.643581] __vfs_write+0xe4/0x630 [ 27.643582] vfs_write+0x17f/0x4d0 [ 27.643583] SyS_write+0xf2/0x210 [ 27.643584] do_syscall_64+0x1d5/0x640 [ 27.643586] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.643587] [ 27.643588] other info that might help us debug this: [ 27.643589] [ 27.643590] Chain exists of: [ 27.643590] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.643595] [ 27.643597] Possible unsafe locking scenario: [ 27.643597] [ 27.643599] CPU0 CPU1 [ 27.643600] ---- ---- [ 27.643601] lock(&(&port->lock)->rlock); [ 27.643603] lock(&port_lock_key); [ 27.643606] lock(&(&port->lock)->rlock); [ 27.643609] lock(console_owner); [ 27.643611] [ 27.643612] *** DEADLOCK *** [ 27.643612] [ 27.643614] 6 locks held by syz-executor324/7975: [ 27.643615] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.643619] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 27.643623] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 27.643629] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 27.643633] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.643638] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.643642] [ 27.643643] stack backtrace: [ 27.643645] CPU: 0 PID: 7975 Comm: syz-executor324 Not tainted 4.14.302-syzkaller #0 [ 27.643647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.643648] Call Trace: [ 27.643650] dump_stack+0x1b2/0x281 [ 27.643651] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.643652] __lock_acquire+0x2e0e/0x3f20 [ 27.643654] ? trace_hardirqs_on+0x10/0x10 [ 27.643655] ? snprintf+0xd0/0xd0 [ 27.643656] ? console_unlock+0x34a/0xf20 [ 27.643657] lock_acquire+0x170/0x3f0 [ 27.643658] ? console_unlock+0x307/0xf20 [ 27.643659] console_unlock+0x36f/0xf20 [ 27.643661] ? console_unlock+0x307/0xf20 [ 27.643662] vprintk_emit+0x224/0x620 [ 27.643663] vprintk_func+0x58/0x160 [ 27.643664] printk+0x9e/0xbc [ 27.643665] ? log_store.cold+0x16/0x16 [ 27.643666] ? __lock_acquire+0x5fc/0x3f20 [ 27.643668] ? ___ratelimit+0x2b5/0x510 [ 27.643669] should_fail.cold+0xdf/0x149 [ 27.643670] should_failslab+0xd6/0x130 [ 27.643671] __kmalloc+0x6d/0x400 [ 27.643672] ? tty_buffer_alloc+0xc0/0x270 [ 27.643673] tty_buffer_alloc+0xc0/0x270 [ 27.643675] __tty_buffer_request_room+0x12c/0x290 [ 27.643676] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.643678] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.643679] pty_write+0xc3/0xf0 [ 27.643680] ? tty_write_room+0x69/0x80 [ 27.643681] n_tty_write+0x352/0xda0 [ 27.643682] ? n_tty_open+0x160/0x160 [ 27.643684] ? do_wait_intr_irq+0x270/0x270 [ 27.643685] ? __might_fault+0x177/0x1b0 [ 27.643686] tty_write+0x410/0x740 [ 27.643687] ? n_tty_open+0x160/0x160 [ 27.643688] __vfs_write+0xe4/0x630 [ 27.643690] ? tty_compat_ioctl+0x240/0x240 [ 27.643691] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.643692] ? kernel_read+0x110/0x110 [ 27.643693] ? common_file_perm+0x3ee/0x580 [ 27.643695] ? security_file_permission+0x82/0x1e0 [ 27.643696] ? rw_verify_area+0xe1/0x2a0 [ 27.643697] vfs_write+0x17f/0x4d0 [ 27.643698] SyS_write+0xf2/0x210 [ 27.643699] ? SyS_read+0x210/0x210 [ 27.643700] ? do_syscall_64+0x4c/0x640 [ 27.643702] ? SyS_read+0x210/0x210 [ 27.643703] do_syscall_64+0x1d5/0x640 [ 27.643704] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.643705] RIP: 0033:0x7fb3c4d92789 [ 27.643707] RSP: 002b:00007fffc6ef5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.643710] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb3c4d92789 [ 27.643712] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 27.643714] RBP: 00007fffc6ef5c80 R08: 0000000000000001 R09: 0000000000000001 [ 27.643716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 27.643717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000