Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. syzkaller login: [ 27.412163] IPVS: ftp: loaded support on port[0] = 21 executing program [ 27.466610] FAULT_INJECTION: forcing a failure. [ 27.466610] name failslab, interval 1, probability 0, space 0, times 1 [ 27.478303] CPU: 1 PID: 7992 Comm: syz-executor225 Not tainted 4.14.305-syzkaller #0 [ 27.486154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 27.495481] Call Trace: [ 27.498046] dump_stack+0x1b2/0x281 [ 27.501652] should_fail.cold+0x10a/0x149 [ 27.505896] ? commit_echoes+0x4c/0x1e0 [ 27.510001] should_failslab+0xd6/0x130 [ 27.513952] __kmalloc+0x6d/0x400 [ 27.517400] ? tty_buffer_alloc+0xc0/0x270 [ 27.521612] tty_buffer_alloc+0xc0/0x270 [ 27.525647] __tty_buffer_request_room+0x12c/0x290 [ 27.530550] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.536063] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.542010] pty_write+0xc3/0xf0 [ 27.545348] ? commit_echoes+0x108/0x1e0 [ 27.549382] tty_put_char+0xfe/0x120 [ 27.553086] ? dev_match_devt+0x80/0x80 [ 27.557032] ? pty_write_room+0xa9/0xd0 [ 27.560978] ? ptmx_open+0x300/0x300 [ 27.564682] __process_echoes+0x48c/0x8c0 [ 27.568819] n_tty_receive_buf_common+0x9a3/0x25a0 [ 27.573722] ? n_tty_receive_buf2+0x40/0x40 [ 27.578018] tty_ioctl+0xe8a/0x1430 [ 27.581620] ? tty_fasync+0x2c0/0x2c0 [ 27.585392] ? proc_fail_nth_write+0x7b/0x180 [ 27.589881] ? proc_tgid_io_accounting+0x740/0x7a0 [ 27.594800] ? fsnotify+0x974/0x11b0 [ 27.598504] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.603413] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.608408] ? tty_fasync+0x2c0/0x2c0 [ 27.612185] do_vfs_ioctl+0x75a/0xff0 [ 27.616051] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.620438] ? vfs_write+0x319/0x4d0 [ 27.624125] ? SyS_write+0x14d/0x210 [ 27.627828] ? security_file_ioctl+0x83/0xb0 [ 27.632208] SyS_ioctl+0x7f/0xb0 [ 27.635565] ? do_vfs_ioctl+0xff0/0xff0 [ 27.639529] do_syscall_64+0x1d5/0x640 [ 27.643394] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.648580] RIP: 0033:0x7f26ad083d49 [ 27.652272] RSP: 002b:00007ffdb2f7aa18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.659973] RAX: ffffffffffffffda RBX: 00007f26ad0f1e50 RCX: 00007f26ad083d49 [ 27.667215] RDX: 0000000020000280 RSI: 0000000000005412 RDI: 0000000000000004 [ 27.674474] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007ffdb2f7aa48 [ 27.681730] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb2f7aa30 [ 27.688987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.696236] [ 27.696238] ====================================================== [ 27.696240] WARNING: possible circular locking dependency detected [ 27.696242] 4.14.305-syzkaller #0 Not tainted [ 27.696244] ------------------------------------------------------ [ 27.696245] syz-executor225/7992 is trying to acquire lock: [ 27.696246] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.696251] [ 27.696252] but task is already holding lock: [ 27.696253] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.696258] [ 27.696259] which lock already depends on the new lock. [ 27.696260] [ 27.696261] [ 27.696263] the existing dependency chain (in reverse order) is: [ 27.696263] [ 27.696264] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.696269] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.696270] tty_port_tty_get+0x1d/0x80 [ 27.696272] tty_port_default_wakeup+0x11/0x40 [ 27.696273] serial8250_tx_chars+0x3fe/0xc70 [ 27.696275] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.696276] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.696278] serial8250_interrupt+0xf3/0x210 [ 27.696279] __handle_irq_event_percpu+0xee/0x7f0 [ 27.696281] handle_irq_event+0xed/0x240 [ 27.696282] handle_edge_irq+0x224/0xc40 [ 27.696283] handle_irq+0x35/0x50 [ 27.696284] do_IRQ+0x93/0x1d0 [ 27.696285] ret_from_intr+0x0/0x1e [ 27.696287] native_safe_halt+0xe/0x10 [ 27.696288] default_idle+0x47/0x370 [ 27.696289] do_idle+0x250/0x3c0 [ 27.696291] cpu_startup_entry+0x14/0x20 [ 27.696292] start_kernel+0x743/0x763 [ 27.696293] secondary_startup_64+0xa5/0xb0 [ 27.696294] [ 27.696295] -> #1 (&port_lock_key){-.-.}: [ 27.696299] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.696300] serial8250_console_write+0x8cb/0xb40 [ 27.696302] console_unlock+0x99d/0xf20 [ 27.696303] vprintk_emit+0x224/0x620 [ 27.696304] vprintk_func+0x58/0x160 [ 27.696306] printk+0x9e/0xbc [ 27.696307] register_console+0x6f4/0xad0 [ 27.696308] univ8250_console_init+0x2f/0x3a [ 27.696310] console_init+0x46/0x53 [ 27.696311] start_kernel+0x521/0x763 [ 27.696312] secondary_startup_64+0xa5/0xb0 [ 27.696313] [ 27.696314] -> #0 (console_owner){....}: [ 27.696318] lock_acquire+0x170/0x3f0 [ 27.696319] console_unlock+0x36f/0xf20 [ 27.696320] vprintk_emit+0x224/0x620 [ 27.696322] vprintk_func+0x58/0x160 [ 27.696323] printk+0x9e/0xbc [ 27.696324] should_fail.cold+0xdf/0x149 [ 27.696325] should_failslab+0xd6/0x130 [ 27.696327] __kmalloc+0x6d/0x400 [ 27.696328] tty_buffer_alloc+0xc0/0x270 [ 27.696330] __tty_buffer_request_room+0x12c/0x290 [ 27.696331] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.696333] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.696334] pty_write+0xc3/0xf0 [ 27.696336] tty_put_char+0xfe/0x120 [ 27.696337] __process_echoes+0x48c/0x8c0 [ 27.696339] n_tty_receive_buf_common+0x9a3/0x25a0 [ 27.696340] tty_ioctl+0xe8a/0x1430 [ 27.696341] do_vfs_ioctl+0x75a/0xff0 [ 27.696342] SyS_ioctl+0x7f/0xb0 [ 27.696344] do_syscall_64+0x1d5/0x640 [ 27.696345] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.696346] [ 27.696347] other info that might help us debug this: [ 27.696348] [ 27.696349] Chain exists of: [ 27.696350] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.696355] [ 27.696357] Possible unsafe locking scenario: [ 27.696357] [ 27.696359] CPU0 CPU1 [ 27.696360] ---- ---- [ 27.696361] lock(&(&port->lock)->rlock); [ 27.696364] lock(&port_lock_key); [ 27.696367] lock(&(&port->lock)->rlock); [ 27.696369] lock(console_owner); [ 27.696371] [ 27.696372] *** DEADLOCK *** [ 27.696373] [ 27.696374] 6 locks held by syz-executor225/7992: [ 27.696375] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.696380] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 27.696385] #2: (&o_tty->termios_rwsem/1){++++}, at: [] isig+0x36d/0x420 [ 27.696390] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 27.696403] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.696408] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.696412] [ 27.696413] stack backtrace: [ 27.696416] CPU: 1 PID: 7992 Comm: syz-executor225 Not tainted 4.14.305-syzkaller #0 [ 27.696418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 27.696419] Call Trace: [ 27.696421] dump_stack+0x1b2/0x281 [ 27.696422] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.696424] __lock_acquire+0x2e0e/0x3f20 [ 27.696425] ? trace_hardirqs_on+0x10/0x10 [ 27.696426] ? snprintf+0xd0/0xd0 [ 27.696427] ? console_unlock+0x34a/0xf20 [ 27.696429] lock_acquire+0x170/0x3f0 [ 27.696430] ? console_unlock+0x307/0xf20 [ 27.696431] console_unlock+0x36f/0xf20 [ 27.696432] ? console_unlock+0x307/0xf20 [ 27.696434] vprintk_emit+0x224/0x620 [ 27.696435] vprintk_func+0x58/0x160 [ 27.696436] printk+0x9e/0xbc [ 27.696437] ? log_store.cold+0x16/0x16 [ 27.696438] ? ___ratelimit+0x2b5/0x510 [ 27.696440] should_fail.cold+0xdf/0x149 [ 27.696441] ? commit_echoes+0x4c/0x1e0 [ 27.696442] should_failslab+0xd6/0x130 [ 27.696443] __kmalloc+0x6d/0x400 [ 27.696445] ? tty_buffer_alloc+0xc0/0x270 [ 27.696446] tty_buffer_alloc+0xc0/0x270 [ 27.696448] __tty_buffer_request_room+0x12c/0x290 [ 27.696450] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.696452] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.696453] pty_write+0xc3/0xf0 [ 27.696454] ? commit_echoes+0x108/0x1e0 [ 27.696456] tty_put_char+0xfe/0x120 [ 27.696457] ? dev_match_devt+0x80/0x80 [ 27.696458] ? pty_write_room+0xa9/0xd0 [ 27.696460] ? ptmx_open+0x300/0x300 [ 27.696461] __process_echoes+0x48c/0x8c0 [ 27.696462] n_tty_receive_buf_common+0x9a3/0x25a0 [ 27.696464] ? n_tty_receive_buf2+0x40/0x40 [ 27.696465] tty_ioctl+0xe8a/0x1430 [ 27.696466] ? tty_fasync+0x2c0/0x2c0 [ 27.696468] ? proc_fail_nth_write+0x7b/0x180 [ 27.696469] ? proc_tgid_io_accounting+0x740/0x7a0 [ 27.696470] ? fsnotify+0x974/0x11b0 [ 27.696472] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.696473] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.696474] ? tty_fasync+0x2c0/0x2c0 [ 27.696476] do_vfs_ioctl+0x75a/0xff0 [ 27.696477] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.696478] ? vfs_write+0x319/0x4d0 [ 27.696479] ? SyS_write+0x14d/0x210 [ 27.696481] ? security_file_ioctl+0x83/0xb0 [ 27.696482] SyS_ioctl+0x7f/0xb0 [ 27.696483] ? do_vfs_ioctl+0xff0/0xff0 [ 27.696484] do_syscall_64+0x1d5/0x640 [ 27.696486] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.696487] RIP: 0033:0x7f26ad083d49 [ 27.696488] RSP: 002b:00007ffdb2f7aa18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.696492] RAX: ffffffffffffffda RBX: 00007f26ad0f1e50 RCX: 00007f26ad083d49 [ 27.696494] RDX: 0000000020000280 RSI: 0000000000005412 RDI: 0000000000000004 [ 27.696496] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007ffdb2f7aa48 [ 27.696498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb2f7aa30 [ 27.696500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000