Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. executing program [ 34.978000] FAULT_INJECTION: forcing a failure. [ 34.978000] name failslab, interval 1, probability 0, space 0, times 1 [ 34.990489] CPU: 0 PID: 7969 Comm: syz-executor113 Not tainted 4.14.303-syzkaller #0 [ 34.998377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 35.007823] Call Trace: [ 35.010400] dump_stack+0x1b2/0x281 [ 35.014021] should_fail.cold+0x10a/0x149 [ 35.018166] should_failslab+0xd6/0x130 [ 35.022127] __kmalloc+0x6d/0x400 [ 35.025567] ? tty_buffer_alloc+0xc0/0x270 [ 35.029831] tty_buffer_alloc+0xc0/0x270 [ 35.034138] __tty_buffer_request_room+0x12c/0x290 [ 35.039057] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.044583] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.050759] pty_write+0xc3/0xf0 [ 35.054122] n_tty_write+0x85e/0xda0 [ 35.057832] ? n_tty_open+0x160/0x160 [ 35.061619] ? do_wait_intr_irq+0x270/0x270 [ 35.065935] ? __might_fault+0x177/0x1b0 [ 35.069980] tty_write+0x410/0x740 [ 35.073513] ? n_tty_open+0x160/0x160 [ 35.077299] __vfs_write+0xe4/0x630 [ 35.080910] ? tty_compat_ioctl+0x240/0x240 [ 35.085218] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.090233] ? kernel_read+0x110/0x110 [ 35.094115] ? common_file_perm+0x3ee/0x580 [ 35.098424] ? security_file_permission+0x82/0x1e0 [ 35.103453] ? rw_verify_area+0xe1/0x2a0 [ 35.107544] vfs_write+0x17f/0x4d0 [ 35.111270] SyS_write+0xf2/0x210 [ 35.114728] ? SyS_read+0x210/0x210 [ 35.118438] ? __do_page_fault+0x159/0xad0 [ 35.122668] ? do_syscall_64+0x4c/0x640 [ 35.126626] ? SyS_read+0x210/0x210 [ 35.130238] do_syscall_64+0x1d5/0x640 [ 35.134204] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.139380] RIP: 0033:0x7f0c3f985679 [ 35.143075] RSP: 002b:00007fff079e1a08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.150774] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0c3f985679 [ 35.158047] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 35.165301] RBP: 00007fff079e1a10 R08: 0000000000000001 R09: 00007f0c3f940033 [ 35.172561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.179944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.187335] [ 35.187339] ====================================================== [ 35.187342] WARNING: possible circular locking dependency detected [ 35.187345] 4.14.303-syzkaller #0 Not tainted [ 35.187349] ------------------------------------------------------ [ 35.187352] syz-executor113/7969 is trying to acquire lock: [ 35.187354] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 35.187362] [ 35.187365] but task is already holding lock: [ 35.187366] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.187375] [ 35.187378] which lock already depends on the new lock. [ 35.187380] [ 35.187381] [ 35.187384] the existing dependency chain (in reverse order) is: [ 35.187385] [ 35.187387] -> #2 (&(&port->lock)->rlock){-.-.}: [ 35.187395] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.187398] tty_port_tty_get+0x1d/0x80 [ 35.187401] tty_port_default_wakeup+0x11/0x40 [ 35.187404] serial8250_tx_chars+0x3fe/0xc70 [ 35.187407] serial8250_handle_irq.part.0+0x2c7/0x390 [ 35.187410] serial8250_default_handle_irq+0x8a/0x1f0 [ 35.187413] serial8250_interrupt+0xf3/0x210 [ 35.187416] __handle_irq_event_percpu+0xee/0x7f0 [ 35.187419] handle_irq_event+0xed/0x240 [ 35.187422] handle_edge_irq+0x224/0xc40 [ 35.187424] handle_irq+0x35/0x50 [ 35.187426] do_IRQ+0x93/0x1d0 [ 35.187429] ret_from_intr+0x0/0x1e [ 35.187432] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 35.187434] uart_write+0x2dd/0x560 [ 35.187437] do_output_char+0x4f5/0x750 [ 35.187439] n_tty_write+0x3e3/0xda0 [ 35.187442] tty_write+0x410/0x740 [ 35.187444] redirected_tty_write+0x9c/0xb0 [ 35.187447] do_iter_write+0x3da/0x550 [ 35.187449] vfs_writev+0x125/0x290 [ 35.187452] do_writev+0xfc/0x2c0 [ 35.187454] do_syscall_64+0x1d5/0x640 [ 35.187458] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.187459] [ 35.187460] -> #1 (&port_lock_key){-.-.}: [ 35.187469] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.187472] serial8250_console_write+0x8cb/0xb40 [ 35.187474] console_unlock+0x99d/0xf20 [ 35.187477] vprintk_emit+0x224/0x620 [ 35.187479] vprintk_func+0x58/0x160 [ 35.187481] printk+0x9e/0xbc [ 35.187484] register_console+0x6f4/0xad0 [ 35.187487] univ8250_console_init+0x2f/0x3a [ 35.187489] console_init+0x46/0x53 [ 35.187492] start_kernel+0x521/0x763 [ 35.187495] secondary_startup_64+0xa5/0xb0 [ 35.187496] [ 35.187497] -> #0 (console_owner){....}: [ 35.187505] lock_acquire+0x170/0x3f0 [ 35.187508] console_unlock+0x36f/0xf20 [ 35.187510] vprintk_emit+0x224/0x620 [ 35.187513] vprintk_func+0x58/0x160 [ 35.187515] printk+0x9e/0xbc [ 35.187518] should_fail.cold+0xdf/0x149 [ 35.187520] should_failslab+0xd6/0x130 [ 35.187522] __kmalloc+0x6d/0x400 [ 35.187525] tty_buffer_alloc+0xc0/0x270 [ 35.187528] __tty_buffer_request_room+0x12c/0x290 [ 35.187532] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.187535] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.187538] pty_write+0xc3/0xf0 [ 35.187540] n_tty_write+0x85e/0xda0 [ 35.187543] tty_write+0x410/0x740 [ 35.187545] __vfs_write+0xe4/0x630 [ 35.187547] vfs_write+0x17f/0x4d0 [ 35.187550] SyS_write+0xf2/0x210 [ 35.187552] do_syscall_64+0x1d5/0x640 [ 35.187556] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.187557] [ 35.187560] other info that might help us debug this: [ 35.187561] [ 35.187563] Chain exists of: [ 35.187564] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 35.187574] [ 35.187577] Possible unsafe locking scenario: [ 35.187578] [ 35.187581] CPU0 CPU1 [ 35.187583] ---- ---- [ 35.187585] lock(&(&port->lock)->rlock); [ 35.187591] lock(&port_lock_key); [ 35.187596] lock(&(&port->lock)->rlock); [ 35.187601] lock(console_owner); [ 35.187605] [ 35.187607] *** DEADLOCK *** [ 35.187608] [ 35.187611] 6 locks held by syz-executor113/7969: [ 35.187612] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 35.187622] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 35.187631] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 35.187640] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 35.187649] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.187660] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 35.187668] [ 35.187670] stack backtrace: [ 35.187675] CPU: 0 PID: 7969 Comm: syz-executor113 Not tainted 4.14.303-syzkaller #0 [ 35.187680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 35.187682] Call Trace: [ 35.187684] dump_stack+0x1b2/0x281 [ 35.187687] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.187690] __lock_acquire+0x2e0e/0x3f20 [ 35.187693] ? trace_hardirqs_on+0x10/0x10 [ 35.187695] ? snprintf+0xd0/0xd0 [ 35.187697] ? console_unlock+0x34a/0xf20 [ 35.187700] lock_acquire+0x170/0x3f0 [ 35.187702] ? console_unlock+0x307/0xf20 [ 35.187705] console_unlock+0x36f/0xf20 [ 35.187707] ? console_unlock+0x307/0xf20 [ 35.187710] vprintk_emit+0x224/0x620 [ 35.187712] vprintk_func+0x58/0x160 [ 35.187714] printk+0x9e/0xbc [ 35.187717] ? log_store.cold+0x16/0x16 [ 35.187719] ? __lock_acquire+0x5fc/0x3f20 [ 35.187722] ? ___ratelimit+0x2b5/0x510 [ 35.187724] should_fail.cold+0xdf/0x149 [ 35.187727] should_failslab+0xd6/0x130 [ 35.187729] __kmalloc+0x6d/0x400 [ 35.187731] ? tty_buffer_alloc+0xc0/0x270 [ 35.187734] tty_buffer_alloc+0xc0/0x270 [ 35.187737] __tty_buffer_request_room+0x12c/0x290 [ 35.187740] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.187744] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.187746] pty_write+0xc3/0xf0 [ 35.187748] n_tty_write+0x85e/0xda0 [ 35.187751] ? n_tty_open+0x160/0x160 [ 35.187753] ? do_wait_intr_irq+0x270/0x270 [ 35.187756] ? __might_fault+0x177/0x1b0 [ 35.187758] tty_write+0x410/0x740 [ 35.187761] ? n_tty_open+0x160/0x160 [ 35.187763] __vfs_write+0xe4/0x630 [ 35.187773] ? tty_compat_ioctl+0x240/0x240 [ 35.187776] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.187778] ? kernel_read+0x110/0x110 [ 35.187781] ? common_file_perm+0x3ee/0x580 [ 35.187784] ? security_file_permission+0x82/0x1e0 [ 35.187787] ? rw_verify_area+0xe1/0x2a0 [ 35.187789] vfs_write+0x17f/0x4d0 [ 35.187791] SyS_write+0xf2/0x210 [ 35.187793] ? SyS_read+0x210/0x210 [ 35.187796] ? __do_page_fault+0x159/0xad0 [ 35.187798] ? do_syscall_64+0x4c/0x640 [ 35.187801] ? SyS_read+0x210/0x210 [ 35.187803] do_syscall_64+0x1d5/0x640 [ 35.187806] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.187808] RIP: 0033:0x7f0c3f985679 [ 35.187811] RSP: 002b:00007fff079e1a08 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 35.187818] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0c3f985679 [ 35.187822] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 35.187826] RBP: 00007fff079e1a10 R08: 0000000000000001 R09: 00007f0c3f940033 [ 35.187831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.187835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000