Warning: Permanently added '10.128.1.105' (ECDSA) to the list of known hosts. executing program [ 35.714520] FAULT_INJECTION: forcing a failure. [ 35.714520] name failslab, interval 1, probability 0, space 0, times 1 [ 35.726606] CPU: 1 PID: 8113 Comm: syz-executor329 Not tainted 4.19.211-syzkaller #0 [ 35.734607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 35.743948] Call Trace: [ 35.746536] dump_stack+0x1fc/0x2ef [ 35.750145] should_fail.cold+0xa/0xf [ 35.754041] ? setup_fault_attr+0x200/0x200 [ 35.758346] ? mark_held_locks+0xf0/0xf0 [ 35.762390] __should_failslab+0x115/0x180 [ 35.766627] should_failslab+0x5/0x10 [ 35.770409] __kmalloc+0x6d/0x3c0 [ 35.773845] ? tty_buffer_alloc+0x23f/0x2a0 [ 35.778149] ? commit_echoes+0x4c/0x210 [ 35.782105] tty_buffer_alloc+0x23f/0x2a0 [ 35.786241] __tty_buffer_request_room+0x156/0x2a0 [ 35.791153] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 35.796676] ? do_raw_spin_lock+0xcb/0x220 [ 35.800894] pty_write+0x126/0x1f0 [ 35.804415] tty_put_char+0x122/0x150 [ 35.808210] ? dev_match_devt+0x90/0x90 [ 35.812190] ? n_tty_receive_buf_common+0xbce/0x2a90 [ 35.817277] ? mutex_trylock+0x1a0/0x1a0 [ 35.821323] do_output_char+0x155/0x850 [ 35.825278] ? ptmx_open+0x350/0x350 [ 35.828972] __process_echoes+0x38e/0x9f0 [ 35.833099] n_tty_receive_buf_common+0xc0c/0x2a90 [ 35.838007] ? n_tty_receive_buf2+0x40/0x40 [ 35.842305] tty_ioctl+0x1026/0x1630 [ 35.845996] ? tty_fasync+0x300/0x300 [ 35.849772] ? get_pid_task+0xf4/0x190 [ 35.853638] ? mark_held_locks+0xf0/0xf0 [ 35.857690] ? proc_fail_nth_write+0x95/0x1d0 [ 35.862182] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 35.867092] ? __fdget_pos+0x26f/0x310 [ 35.870960] ? ksys_write+0x241/0x2a0 [ 35.874741] ? tty_fasync+0x300/0x300 [ 35.878518] do_vfs_ioctl+0xcdb/0x12e0 [ 35.882386] ? lock_downgrade+0x720/0x720 [ 35.886514] ? check_preemption_disabled+0x41/0x280 [ 35.891508] ? ioctl_preallocate+0x200/0x200 [ 35.895894] ? __fget+0x356/0x510 [ 35.899343] ? do_dup2+0x450/0x450 [ 35.902860] ? vfs_write+0x393/0x540 [ 35.906552] ? fput+0x2b/0x190 [ 35.909724] ksys_ioctl+0x9b/0xc0 [ 35.913156] __x64_sys_ioctl+0x6f/0xb0 [ 35.917023] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.921583] do_syscall_64+0xf9/0x620 [ 35.925365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.930533] RIP: 0033:0x7fa5a5c7b419 [ 35.934225] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.953105] RSP: 002b:00007fa5a5c0c268 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.960789] RAX: ffffffffffffffda RBX: 00007fa5a5d034d0 RCX: 00007fa5a5c7b419 [ 35.968035] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 35.975282] RBP: 00007fa5a5cd1040 R08: 0000000000000001 R09: 0000000000000000 [ 35.982530] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a5c0c280 [ 35.989775] R13: 00007fa5a5d034d8 R14: 00007fa5a5c0c27c R15: 0000000000000001 [ 35.997033] [ 35.997036] ====================================================== [ 35.997039] WARNING: possible circular locking dependency detected [ 35.997041] 4.19.211-syzkaller #0 Not tainted [ 35.997044] ------------------------------------------------------ [ 35.997046] syz-executor329/8113 is trying to acquire lock: [ 35.997048] 000000003cbb66e9 (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 35.997056] [ 35.997058] but task is already holding lock: [ 35.997059] 000000007f80d721 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 35.997067] [ 35.997069] which lock already depends on the new lock. [ 35.997070] [ 35.997071] [ 35.997074] the existing dependency chain (in reverse order) is: [ 35.997075] [ 35.997076] -> #2 (&(&port->lock)->rlock){-.-.}: [ 35.997084] tty_port_tty_get+0x1d/0x80 [ 35.997086] tty_port_default_wakeup+0x11/0x40 [ 35.997088] serial8250_tx_chars+0x490/0xaf0 [ 35.997090] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 35.997093] serial8250_default_handle_irq+0xae/0x220 [ 35.997095] serial8250_interrupt+0x101/0x240 [ 35.997098] __handle_irq_event_percpu+0x27e/0x8e0 [ 35.997100] handle_irq_event+0x102/0x290 [ 35.997102] handle_edge_irq+0x260/0xcf0 [ 35.997103] handle_irq+0x35/0x50 [ 35.997105] do_IRQ+0x93/0x1c0 [ 35.997107] ret_from_intr+0x0/0x1e [ 35.997110] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 35.997111] uart_write+0x3bb/0x6f0 [ 35.997113] do_output_char+0x5de/0x850 [ 35.997115] n_tty_write+0x46e/0xff0 [ 35.997117] tty_write+0x496/0x810 [ 35.997119] redirected_tty_write+0xaa/0xb0 [ 35.997121] do_iter_write+0x461/0x5d0 [ 35.997123] vfs_writev+0x153/0x2e0 [ 35.997125] do_writev+0x136/0x330 [ 35.997127] do_syscall_64+0xf9/0x620 [ 35.997130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.997131] [ 35.997132] -> #1 (&port_lock_key){-.-.}: [ 35.997139] serial8250_console_write+0x90e/0xb70 [ 35.997141] console_unlock+0xbb6/0x1110 [ 35.997143] vprintk_emit+0x2d1/0x740 [ 35.997145] vprintk_func+0x79/0x180 [ 35.997147] printk+0xba/0xed [ 35.997149] register_console+0x87f/0xc90 [ 35.997151] univ8250_console_init+0x3a/0x46 [ 35.997153] console_init+0x4cb/0x718 [ 35.997155] start_kernel+0x686/0x911 [ 35.997157] secondary_startup_64+0xa4/0xb0 [ 35.997158] [ 35.997159] -> #0 (console_owner){....}: [ 35.997167] console_unlock+0x411/0x1110 [ 35.997169] vprintk_emit+0x2d1/0x740 [ 35.997170] vprintk_func+0x79/0x180 [ 35.997172] printk+0xba/0xed [ 35.997174] should_fail+0x66b/0x7b0 [ 35.997176] __should_failslab+0x115/0x180 [ 35.997178] should_failslab+0x5/0x10 [ 35.997180] __kmalloc+0x6d/0x3c0 [ 35.997182] tty_buffer_alloc+0x23f/0x2a0 [ 35.997185] __tty_buffer_request_room+0x156/0x2a0 [ 35.997187] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 35.997189] pty_write+0x126/0x1f0 [ 35.997191] tty_put_char+0x122/0x150 [ 35.997193] do_output_char+0x155/0x850 [ 35.997195] __process_echoes+0x38e/0x9f0 [ 35.997198] n_tty_receive_buf_common+0xc0c/0x2a90 [ 35.997200] tty_ioctl+0x1026/0x1630 [ 35.997202] do_vfs_ioctl+0xcdb/0x12e0 [ 35.997203] ksys_ioctl+0x9b/0xc0 [ 35.997205] __x64_sys_ioctl+0x6f/0xb0 [ 35.997207] do_syscall_64+0xf9/0x620 [ 35.997210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.997211] [ 35.997213] other info that might help us debug this: [ 35.997214] [ 35.997216] Chain exists of: [ 35.997217] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 35.997226] [ 35.997228] Possible unsafe locking scenario: [ 35.997229] [ 35.997231] CPU0 CPU1 [ 35.997233] ---- ---- [ 35.997235] lock(&(&port->lock)->rlock); [ 35.997240] lock(&port_lock_key); [ 35.997244] lock(&(&port->lock)->rlock); [ 35.997248] lock(console_owner); [ 35.997252] [ 35.997254] *** DEADLOCK *** [ 35.997255] [ 35.997257] 6 locks held by syz-executor329/8113: [ 35.997258] #0: 000000001181e331 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 35.997267] #1: 000000004737781d (&port->buf.lock/1){+.+.}, at: tty_ioctl+0xfbc/0x1630 [ 35.997276] #2: 00000000b04c3297 (&o_tty->termios_rwsem/1){++++}, at: n_tty_receive_buf_common+0x84/0x2a90 [ 35.997286] #3: 00000000a5207b42 (&ldata->output_lock){+.+.}, at: n_tty_receive_buf_common+0xbce/0x2a90 [ 35.997295] #4: 000000007f80d721 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 35.997303] #5: 00000000189d0903 (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 35.997312] [ 35.997313] stack backtrace: [ 35.997316] CPU: 1 PID: 8113 Comm: syz-executor329 Not tainted 4.19.211-syzkaller #0 [ 35.997320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 35.997322] Call Trace: [ 35.997324] dump_stack+0x1fc/0x2ef [ 35.997327] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.997329] __lock_acquire+0x30c9/0x3ff0 [ 35.997331] ? mark_held_locks+0xf0/0xf0 [ 35.997333] ? snprintf+0xf0/0xf0 [ 35.997335] ? console_unlock+0x3ec/0x1110 [ 35.997337] lock_acquire+0x170/0x3c0 [ 35.997339] ? console_unlock+0x3a9/0x1110 [ 35.997341] console_unlock+0x411/0x1110 [ 35.997343] ? console_unlock+0x3a9/0x1110 [ 35.997345] vprintk_emit+0x2d1/0x740 [ 35.997347] vprintk_func+0x79/0x180 [ 35.997349] printk+0xba/0xed [ 35.997351] ? log_store.cold+0x16/0x16 [ 35.997353] ? __lock_acquire+0x22f9/0x3ff0 [ 35.997355] ? ___ratelimit+0x319/0x590 [ 35.997357] should_fail+0x66b/0x7b0 [ 35.997359] ? setup_fault_attr+0x200/0x200 [ 35.997361] ? mark_held_locks+0xf0/0xf0 [ 35.997363] __should_failslab+0x115/0x180 [ 35.997365] should_failslab+0x5/0x10 [ 35.997367] __kmalloc+0x6d/0x3c0 [ 35.997369] ? tty_buffer_alloc+0x23f/0x2a0 [ 35.997371] ? commit_echoes+0x4c/0x210 [ 35.997373] tty_buffer_alloc+0x23f/0x2a0 [ 35.997375] __tty_buffer_request_room+0x156/0x2a0 [ 35.997378] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 35.997380] ? do_raw_spin_lock+0xcb/0x220 [ 35.997382] pty_write+0x126/0x1f0 [ 35.997384] tty_put_char+0x122/0x150 [ 35.997386] ? dev_match_devt+0x90/0x90 [ 35.997388] ? n_tty_receive_buf_common+0xbce/0x2a90 [ 35.997390] ? mutex_trylock+0x1a0/0x1a0 [ 35.997392] do_output_char+0x155/0x850 [ 35.997394] ? ptmx_open+0x350/0x350 [ 35.997396] __process_echoes+0x38e/0x9f0 [ 35.997399] n_tty_receive_buf_common+0xc0c/0x2a90 [ 35.997401] ? n_tty_receive_buf2+0x40/0x40 [ 35.997403] tty_ioctl+0x1026/0x1630 [ 35.997405] ? tty_fasync+0x300/0x300 [ 35.997407] ? get_pid_task+0xf4/0x190 [ 35.997409] ? mark_held_locks+0xf0/0xf0 [ 35.997411] ? proc_fail_nth_write+0x95/0x1d0 [ 35.997413] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 35.997415] ? __fdget_pos+0x26f/0x310 [ 35.997417] ? ksys_write+0x241/0x2a0 [ 35.997419] ? tty_fasync+0x300/0x300 [ 35.997421] do_vfs_ioctl+0xcdb/0x12e0 [ 35.997423] ? lock_downgrade+0x720/0x720 [ 35.997426] ? check_preemption_disabled+0x41/0x280 [ 35.997428] ? ioctl_preallocate+0x200/0x200 [ 35.997430] ? __fget+0x356/0x510 [ 35.997432] ? do_dup2+0x450/0x450 [ 35.997433] ? vfs_write+0x393/0x540 [ 35.997435] ? fput+0x2b/0x190 [ 35.997437] ksys_ioctl+0x9b/0xc0 [ 35.997439] __x64_sys_ioctl+0x6f/0xb0 [ 35.997441] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 35.997443] do_syscall_64+0xf9/0x620 [ 35.997446] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.997448] RIP: 0033:0x7fa5a5c7b419 [ 35.997455] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.997457] RSP: 002b:00007fa5a5c0c268 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.997462] RAX: ffffffffffffffda RBX: 00007fa5a5d034d0 RCX: 00007fa5a5c7b419 [ 35.997465] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 35.997468] RBP: 00007fa5a5cd1040 R08: 0000000000000001 R09: 0000000000000000 [ 35.997472] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a5c0c280 [ 35.997475] R13: 00007fa5a5d034d8 R14: 00007fa5a5c0c27c R15: 0000000000000001