[ 42.677648][ T26] audit: type=1800 audit(1561073208.179:26): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 42.736018][ T26] audit: type=1800 audit(1561073208.179:27): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 42.759883][ T26] audit: type=1800 audit(1561073208.179:28): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 43.453265][ T26] audit: type=1800 audit(1561073208.989:29): pid=7791 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.080567][ T7942] FAULT_INJECTION: forcing a failure. [ 57.080567][ T7942] name failslab, interval 1, probability 0, space 0, times 1 [ 57.094393][ T7942] CPU: 1 PID: 7942 Comm: syz-executor216 Not tainted 5.2.0-rc5+ #4 [ 57.102522][ T7942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.112579][ T7942] Call Trace: [ 57.115858][ T7942] dump_stack+0x1d8/0x2f8 [ 57.120174][ T7942] should_fail+0x608/0x860 [ 57.124581][ T7942] ? setup_fault_attr+0x2b0/0x2b0 [ 57.129640][ T7942] ? trace_lock_acquire+0x190/0x190 [ 57.134832][ T7942] __should_failslab+0x11a/0x160 [ 57.139761][ T7942] ? __tty_buffer_request_room+0x1ef/0x560 [ 57.145891][ T7942] should_failslab+0x9/0x20 [ 57.150385][ T7942] __kmalloc+0x7a/0x310 [ 57.154529][ T7942] __tty_buffer_request_room+0x1ef/0x560 [ 57.160158][ T7942] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 57.166434][ T7942] pty_write+0xe2/0x190 [ 57.170965][ T7942] n_tty_write+0xd6c/0x12d0 [ 57.175579][ T7942] ? n_tty_read+0x1c80/0x1c80 [ 57.180252][ T7942] ? wait_woken+0x2c0/0x2c0 [ 57.184742][ T7942] ? kasan_check_write+0x14/0x20 [ 57.189906][ T7942] ? _copy_from_user+0xe0/0x120 [ 57.194959][ T7942] tty_write+0x581/0x860 [ 57.199197][ T7942] ? n_tty_read+0x1c80/0x1c80 [ 57.203929][ T7942] ? redirected_tty_write+0xb0/0xb0 [ 57.209146][ T7942] __vfs_write+0xf9/0x7d0 [ 57.213623][ T7942] ? __kernel_write+0x330/0x330 [ 57.218467][ T7942] ? vfs_write+0x448/0x510 [ 57.222866][ T7942] ? security_file_permission+0x148/0x350 [ 57.228713][ T7942] ? rw_verify_area+0x1c2/0x360 [ 57.233559][ T7942] vfs_write+0x227/0x510 [ 57.237886][ T7942] ksys_write+0x16b/0x2a0 [ 57.242286][ T7942] ? __ia32_sys_read+0x90/0x90 [ 57.247041][ T7942] ? prepare_exit_to_usermode+0x1e1/0x4f0 [ 57.252790][ T7942] ? tomoyo_file_ioctl+0x23/0x30 [ 57.257712][ T7942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.263152][ T7942] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 57.269159][ T7942] ? do_syscall_64+0x1d/0x140 [ 57.273835][ T7942] __x64_sys_write+0x7b/0x90 [ 57.278411][ T7942] do_syscall_64+0xfe/0x140 [ 57.282905][ T7942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.292746][ T7942] RIP: 0033:0x440689 [ 57.298093][ T7942] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.329305][ T7942] RSP: 002b:00007ffc27fb23d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.337713][ T7942] RAX: ffffffffffffffda RBX: 00007ffc27fb23f0 RCX: 0000000000440689 [ 57.345885][ T7942] RDX: 00000000ffffff86 RSI: 0000000020000000 RDI: 0000000000000005 [ 57.353889][ T7942] RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2 [ 57.361857][ T7942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f50 [ 57.371312][ T7942] R13: 0000000000401fe0 R14: 0000000000000000 R15: 0000000000000000 [ 57.379373][ C1] [ 57.379375][ C1] ====================================================== [ 57.379377][ C1] WARNING: possible circular locking dependency detected [ 57.379379][ C1] 5.2.0-rc5+ #4 Not tainted [ 57.379380][ C1] ------------------------------------------------------ [ 57.379382][ C1] syz-executor216/7942 is trying to acquire lock: [ 57.379383][ C1] 00000000b812fd9a (console_owner){-.-.}, at: console_lock_spinning_enable+0x31/0x60 [ 57.379389][ C1] [ 57.379390][ C1] but task is already holding lock: [ 57.379391][ C1] 000000000b1b0c63 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xbd/0x190 [ 57.379396][ C1] [ 57.379398][ C1] which lock already depends on the new lock. [ 57.379399][ C1] [ 57.379400][ C1] [ 57.379402][ C1] the existing dependency chain (in reverse order) is: [ 57.379403][ C1] [ 57.379403][ C1] -> #2 (&(&port->lock)->rlock){-.-.}: [ 57.379408][ C1] _raw_spin_lock_irqsave+0xa1/0xc0 [ 57.379410][ C1] tty_port_default_wakeup+0x20/0xa0 [ 57.379411][ C1] tty_port_tty_wakeup+0x5a/0x70 [ 57.379413][ C1] uart_write_wakeup+0x48/0x60 [ 57.379414][ C1] serial8250_tx_chars+0x623/0x830 [ 57.379415][ C1] serial8250_handle_irq+0x255/0x390 [ 57.379417][ C1] serial8250_default_handle_irq+0xc5/0x1d0 [ 57.379419][ C1] serial8250_interrupt+0xad/0x190 [ 57.379420][ C1] __handle_irq_event_percpu+0x113/0x560 [ 57.379422][ C1] handle_irq_event+0x10a/0x2f0 [ 57.379423][ C1] handle_edge_irq+0x29f/0xca0 [ 57.379429][ C1] handle_irq+0x3e/0x50 [ 57.379430][ C1] do_IRQ+0xc4/0x1a0 [ 57.379432][ C1] ret_from_intr+0x0/0x1e [ 57.379433][ C1] native_safe_halt+0xe/0x10 [ 57.379434][ C1] arch_cpu_idle+0xa/0x10 [ 57.379435][ C1] do_idle+0x18a/0x760 [ 57.379437][ C1] cpu_startup_entry+0x25/0x30 [ 57.379439][ C1] start_secondary+0x425/0x4c0 [ 57.379440][ C1] secondary_startup_64+0xa4/0xb0 [ 57.379441][ C1] [ 57.379442][ C1] -> #1 (&port_lock_key){-.-.}: [ 57.379447][ C1] _raw_spin_lock_irqsave+0xa1/0xc0 [ 57.379448][ C1] serial8250_console_write+0x1d1/0xba0 [ 57.379450][ C1] univ8250_console_write+0x50/0x70 [ 57.379451][ C1] console_unlock+0x95f/0xf20 [ 57.379452][ C1] vprintk_emit+0x239/0x3a0 [ 57.379454][ C1] vprintk_default+0x28/0x30 [ 57.379455][ C1] vprintk_func+0x158/0x170 [ 57.379457][ C1] printk+0xc4/0x11d [ 57.379458][ C1] register_console+0xa81/0xe30 [ 57.379460][ C1] univ8250_console_init+0x4b/0x4d [ 57.379461][ C1] console_init+0x56/0x9c [ 57.379466][ C1] start_kernel+0x49e/0x860 [ 57.379468][ C1] x86_64_start_reservations+0x18/0x2e [ 57.379469][ C1] x86_64_start_kernel+0x7a/0x7d [ 57.379471][ C1] secondary_startup_64+0xa4/0xb0 [ 57.379472][ C1] [ 57.379472][ C1] -> #0 (console_owner){-.-.}: [ 57.379477][ C1] lock_acquire+0x158/0x250 [ 57.379479][ C1] console_lock_spinning_enable+0x56/0x60 [ 57.379480][ C1] console_unlock+0x79f/0xf20 [ 57.379482][ C1] vprintk_emit+0x239/0x3a0 [ 57.379483][ C1] vprintk_default+0x28/0x30 [ 57.379485][ C1] vprintk_func+0x158/0x170 [ 57.379486][ C1] printk+0xc4/0x11d [ 57.379487][ C1] should_fail+0x5c5/0x860 [ 57.379489][ C1] __should_failslab+0x11a/0x160 [ 57.379490][ C1] should_failslab+0x9/0x20 [ 57.379491][ C1] __kmalloc+0x7a/0x310 [ 57.379493][ C1] __tty_buffer_request_room+0x1ef/0x560 [ 57.379495][ C1] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 57.379496][ C1] pty_write+0xe2/0x190 [ 57.379497][ C1] n_tty_write+0xd6c/0x12d0 [ 57.379498][ C1] tty_write+0x581/0x860 [ 57.379500][ C1] __vfs_write+0xf9/0x7d0 [ 57.379501][ C1] vfs_write+0x227/0x510 [ 57.379502][ C1] ksys_write+0x16b/0x2a0 [ 57.379504][ C1] __x64_sys_write+0x7b/0x90 [ 57.379505][ C1] do_syscall_64+0xfe/0x140 [ 57.379507][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.379507][ C1] [ 57.379509][ C1] other info that might help us debug this: [ 57.379510][ C1] [ 57.379511][ C1] Chain exists of: [ 57.379512][ C1] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 57.379518][ C1] [ 57.379519][ C1] Possible unsafe locking scenario: [ 57.379520][ C1] [ 57.379522][ C1] CPU0 CPU1 [ 57.379523][ C1] ---- ---- [ 57.379524][ C1] lock(&(&port->lock)->rlock); [ 57.379527][ C1] lock(&port_lock_key); [ 57.379530][ C1] lock(&(&port->lock)->rlock); [ 57.379533][ C1] lock(console_owner); [ 57.379536][ C1] [ 57.379537][ C1] *** DEADLOCK *** [ 57.379538][ C1] [ 57.379539][ C1] 6 locks held by syz-executor216/7942: [ 57.379540][ C1] #0: 00000000a4ee0c1b (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 57.379546][ C1] #1: 000000008f28fb12 (&tty->atomic_write_lock){+.+.}, at: tty_write+0x21d/0x860 [ 57.379551][ C1] #2: 00000000da5bf69e (&o_tty->termios_rwsem/1){++++}, at: n_tty_write+0x22e/0x12d0 [ 57.379558][ C1] #3: 000000002136c14a (&ldata->output_lock){+.+.}, at: n_tty_write+0x69e/0x12d0 [ 57.379563][ C1] #4: 000000000b1b0c63 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xbd/0x190 [ 57.379569][ C1] #5: 000000000be34f20 (console_lock){+.+.}, at: vprintk_emit+0x21c/0x3a0 [ 57.379574][ C1] [ 57.379575][ C1] stack backtrace: [ 57.379577][ C1] CPU: 1 PID: 7942 Comm: syz-executor216 Not tainted 5.2.0-rc5+ #4 [ 57.379579][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.379580][ C1] Call Trace: [ 57.379582][ C1] dump_stack+0x1d8/0x2f8 [ 57.379583][ C1] print_circular_bug+0xd34/0xf20 [ 57.379584][ C1] ? check_noncircular+0x4d0/0x4d0 [ 57.379586][ C1] ? stack_trace_save+0x111/0x1e0 [ 57.379587][ C1] ? stack_trace_snprint+0x150/0x150 [ 57.379589][ C1] ? graph_lock+0x9a/0x280 [ 57.379590][ C1] ? find_first_zero_bit+0xd8/0x100 [ 57.379591][ C1] validate_chain+0x59d0/0x84f0 [ 57.379593][ C1] ? match_held_lock+0x280/0x280 [ 57.379594][ C1] ? match_held_lock+0x280/0x280 [ 57.379595][ C1] ? match_held_lock+0x280/0x280 [ 57.379597][ C1] ? match_held_lock+0x280/0x280 [ 57.379598][ C1] ? __read_once_size_nocheck+0x10/0x10 [ 57.379600][ C1] ? unwind_next_frame+0x415/0x870 [ 57.379601][ C1] ? match_held_lock+0x280/0x280 [ 57.379602][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 57.379604][ C1] ? __read_once_size_nocheck+0x10/0x10 [ 57.379605][ C1] ? unwind_next_frame+0x415/0x870 [ 57.379606][ C1] ? put_dec_trunc8+0x1c4/0x2d0 [ 57.379608][ C1] ? put_dec+0xd1/0xe0 [ 57.379609][ C1] ? skip_atoi+0xba/0xd0 [ 57.379610][ C1] ? format_decode+0x454/0x1b20 [ 57.379611][ C1] ? __bfs+0x550/0x550 [ 57.379612][ C1] ? __bfs+0x550/0x550 [ 57.379614][ C1] ? vsnprintf+0x1f3/0x1c50 [ 57.379616][ C1] ? memcpy+0x49/0x60 [ 57.379618][ C1] ? vsnprintf+0x1ba2/0x1c50 [ 57.379619][ C1] __lock_acquire+0xcf7/0x1a40 [ 57.379620][ C1] ? trace_lock_acquire+0x190/0x190 [ 57.379622][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 57.379623][ C1] ? msg_print_text+0x38c/0x550 [ 57.379624][ C1] ? memcpy+0x49/0x60 [ 57.379625][ C1] ? msg_print_text+0x3fd/0x550 [ 57.379627][ C1] ? kasan_check_write+0x14/0x20 [ 57.379628][ C1] ? trace_lock_acquire+0x11c/0x190 [ 57.379629][ C1] lock_acquire+0x158/0x250 [ 57.379631][ C1] ? console_lock_spinning_enable+0x31/0x60 [ 57.379632][ C1] console_lock_spinning_enable+0x56/0x60 [ 57.379634][ C1] ? console_lock_spinning_enable+0x31/0x60 [ 57.379635][ C1] console_unlock+0x79f/0xf20 [ 57.379637][ C1] ? trace_lock_acquire+0x11c/0x190 [ 57.379638][ C1] ? console_trylock_spinning+0x390/0x390 [ 57.379639][ C1] ? vprintk_emit+0x21c/0x3a0 [ 57.379641][ C1] ? __down_trylock_console_sem+0x180/0x1b0 [ 57.379642][ C1] ? vprintk_emit+0x21c/0x3a0 [ 57.379644][ C1] ? vprintk_emit+0x21c/0x3a0 [ 57.379645][ C1] vprintk_emit+0x239/0x3a0 [ 57.379646][ C1] vprintk_default+0x28/0x30 [ 57.379647][ C1] vprintk_func+0x158/0x170 [ 57.379648][ C1] printk+0xc4/0x11d [ 57.379650][ C1] ? stack_trace_save+0x1e0/0x1e0 [ 57.379651][ C1] ? log_buf_vmcoreinfo_setup+0x153/0x153 [ 57.379653][ C1] ? ___ratelimit+0x126/0x5d0 [ 57.379654][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 57.379655][ C1] should_fail+0x5c5/0x860 [ 57.379656][ C1] ? setup_fault_attr+0x2b0/0x2b0 [ 57.379658][ C1] ? trace_lock_acquire+0x190/0x190 [ 57.379659][ C1] __should_failslab+0x11a/0x160 [ 57.379660][ C1] ? __tty_buffer_request_room+0x1ef/0x560 [ 57.379662][ C1] should_failslab+0x9/0x20 [ 57.379663][ C1] __kmalloc+0x7a/0x310 [ 57.379664][ C1] __tty_buffer_request_room+0x1ef/0x560 [ 57.379666][ C1] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 57.379667][ C1] pty_write+0xe2/0x190 [ 57.379668][ C1] n_tty_write+0xd6c/0x12d0 [ 57.379669][ C1] ? n_tty_read+0x1c80/0x1c80 [ 57.379671][ C1] ? wait_woken+0x2c0/0x2c0 [ 57.379672][ C1] ? kasan_check_write+0x14/0x20 [ 57.379673][ C1] ? _copy_from_user+0xe0/0x120 [ 57.379674][ C1] tty_write+0x581/0x860 [ 57.379676][ C1] ? n_tty_read+0x1c80/0x1c80 [ 57.379677][ C1] ? redirected_tty_write+0xb0/0xb0 [ 57.379678][ C1] __vfs_write+0xf9/0x7d0 [ 57.379680][ C1] ? __kernel_write+0x330/0x330 [ 57.379681][ C1] ? vfs_write+0x448/0x510 [ 57.379682][ C1] ? security_file_permission+0x148/0x350 [ 57.379684][ C1] ? rw_verify_area+0x1c2/0x360 [ 57.379685][ C1] vfs_write+0x227/0x510 [ 57.379686][ C1] ksys_write+0x16b/0x2a0 [ 57.379687][ C1] ? __ia32_sys_read+0x90/0x90 [ 57.379689][ C1] ? prepare_exit_to_usermode+0x1e1/0x4f0 [ 57.379690][ C1] ? tomoyo_file_ioctl+0x23/0x30 [ 57.379691][ C1] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 57.379693][ C1] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 57.379694][ C1] ? do_syscall_64+0x1d/0x140 [ 57.379696][ C1] __x64_sys_write+0x7b/0x90 [ 57.379697][ C1] do_syscall_64+0xfe/0x140 [ 57.379698][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.379700][ C1] RIP: 0033:0x440689 [ 57.379704][ C1] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.379706][ C1] RSP: 002b:00007ffc27fb23d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.379709][ C1] RAX: ffffffffffffffda RBX: 00007ffc27fb23f0 RCX: 0000000000440689 [ 57.379711][ C1] RDX: 00000000ffffff86 RSI: 0000000020000000 RDI: 0000000000000005 [ 57.379713][ C1] RBP: 0000000000000006 R08: 0000000000000001 R09: 00000000000000c2 [ 57.379715][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f50 [ 57.379717][ C1] R13: 0000000000401fe0 R14: 0000000000000