Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program [ 30.314615] FAULT_INJECTION: forcing a failure. [ 30.314615] name failslab, interval 1, probability 0, space 0, times 1 [ 30.326331] CPU: 1 PID: 7980 Comm: syz-executor121 Not tainted 4.14.301-syzkaller #0 [ 30.334183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.343615] Call Trace: [ 30.346184] dump_stack+0x1b2/0x281 [ 30.349790] should_fail.cold+0x10a/0x149 [ 30.353923] should_failslab+0xd6/0x130 [ 30.357891] __kmalloc+0x6d/0x400 [ 30.361325] ? tty_buffer_alloc+0xc0/0x270 [ 30.365536] tty_buffer_alloc+0xc0/0x270 [ 30.369575] __tty_buffer_request_room+0x12c/0x290 [ 30.374476] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.379988] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.385933] pty_write+0xc3/0xf0 [ 30.389281] ? tty_write_room+0x69/0x80 [ 30.393230] n_tty_write+0x352/0xda0 [ 30.396920] ? n_tty_open+0x160/0x160 [ 30.400695] ? do_wait_intr_irq+0x270/0x270 [ 30.404988] ? __might_fault+0x177/0x1b0 [ 30.409041] tty_write+0x410/0x740 [ 30.412564] ? n_tty_open+0x160/0x160 [ 30.416347] __vfs_write+0xe4/0x630 [ 30.419957] ? tty_compat_ioctl+0x240/0x240 [ 30.424255] ? debug_check_no_obj_freed+0x2c0/0x680 [ 30.429247] ? kernel_read+0x110/0x110 [ 30.433109] ? common_file_perm+0x3ee/0x580 [ 30.437403] ? security_file_permission+0x82/0x1e0 [ 30.442306] ? rw_verify_area+0xe1/0x2a0 [ 30.446336] vfs_write+0x17f/0x4d0 [ 30.449848] SyS_write+0xf2/0x210 [ 30.453273] ? SyS_read+0x210/0x210 [ 30.456874] ? do_syscall_64+0x4c/0x640 [ 30.460819] ? SyS_read+0x210/0x210 [ 30.464425] do_syscall_64+0x1d5/0x640 [ 30.468287] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.473462] RIP: 0033:0x7f0f627d97a9 [ 30.477144] RSP: 002b:00007fffdd4fc378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.484823] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0f627d97a9 [ 30.492063] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 30.499305] RBP: 00007fffdd4fc390 R08: 0000000000000001 R09: 0000000000000001 [ 30.506552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 30.513794] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.521060] [ 30.521062] ====================================================== [ 30.521064] WARNING: possible circular locking dependency detected [ 30.521065] 4.14.301-syzkaller #0 Not tainted [ 30.521067] ------------------------------------------------------ [ 30.521069] syz-executor121/7980 is trying to acquire lock: [ 30.521070] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 30.521074] [ 30.521075] but task is already holding lock: [ 30.521076] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.521080] [ 30.521082] which lock already depends on the new lock. [ 30.521083] [ 30.521083] [ 30.521085] the existing dependency chain (in reverse order) is: [ 30.521086] [ 30.521086] -> #2 (&(&port->lock)->rlock){-.-.}: [ 30.521091] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.521092] tty_port_tty_get+0x1d/0x80 [ 30.521093] tty_port_default_wakeup+0x11/0x40 [ 30.521095] serial8250_tx_chars+0x3fe/0xc70 [ 30.521096] serial8250_handle_irq.part.0+0x2c7/0x390 [ 30.521098] serial8250_default_handle_irq+0x8a/0x1f0 [ 30.521099] serial8250_interrupt+0xf3/0x210 [ 30.521100] __handle_irq_event_percpu+0xee/0x7f0 [ 30.521102] handle_irq_event+0xed/0x240 [ 30.521103] handle_edge_irq+0x224/0xc40 [ 30.521104] handle_irq+0x35/0x50 [ 30.521105] do_IRQ+0x93/0x1d0 [ 30.521106] ret_from_intr+0x0/0x1e [ 30.521108] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 30.521109] uart_write+0x2dd/0x560 [ 30.521110] do_output_char+0x4f5/0x750 [ 30.521111] n_tty_write+0x3e3/0xda0 [ 30.521112] tty_write+0x410/0x740 [ 30.521114] redirected_tty_write+0x9c/0xb0 [ 30.521115] do_iter_write+0x3da/0x550 [ 30.521116] vfs_writev+0x125/0x290 [ 30.521117] do_writev+0xfc/0x2c0 [ 30.521118] do_syscall_64+0x1d5/0x640 [ 30.521120] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.521121] [ 30.521121] -> #1 (&port_lock_key){-.-.}: [ 30.521125] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.521127] serial8250_console_write+0x8cb/0xb40 [ 30.521128] console_unlock+0x99d/0xf20 [ 30.521129] vprintk_emit+0x224/0x620 [ 30.521130] vprintk_func+0x58/0x160 [ 30.521131] printk+0x9e/0xbc [ 30.521133] register_console+0x6f4/0xad0 [ 30.521134] univ8250_console_init+0x2f/0x3a [ 30.521135] console_init+0x46/0x53 [ 30.521136] start_kernel+0x521/0x763 [ 30.521138] secondary_startup_64+0xa5/0xb0 [ 30.521138] [ 30.521139] -> #0 (console_owner){....}: [ 30.521143] lock_acquire+0x170/0x3f0 [ 30.521144] console_unlock+0x36f/0xf20 [ 30.521146] vprintk_emit+0x224/0x620 [ 30.521147] vprintk_func+0x58/0x160 [ 30.521148] printk+0x9e/0xbc [ 30.521149] should_fail.cold+0xdf/0x149 [ 30.521150] should_failslab+0xd6/0x130 [ 30.521151] __kmalloc+0x6d/0x400 [ 30.521153] tty_buffer_alloc+0xc0/0x270 [ 30.521154] __tty_buffer_request_room+0x12c/0x290 [ 30.521156] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.521157] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.521159] pty_write+0xc3/0xf0 [ 30.521160] n_tty_write+0x352/0xda0 [ 30.521161] tty_write+0x410/0x740 [ 30.521162] __vfs_write+0xe4/0x630 [ 30.521163] vfs_write+0x17f/0x4d0 [ 30.521164] SyS_write+0xf2/0x210 [ 30.521166] do_syscall_64+0x1d5/0x640 [ 30.521167] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.521168] [ 30.521169] other info that might help us debug this: [ 30.521170] [ 30.521171] Chain exists of: [ 30.521171] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 30.521176] [ 30.521178] Possible unsafe locking scenario: [ 30.521178] [ 30.521180] CPU0 CPU1 [ 30.521181] ---- ---- [ 30.521182] lock(&(&port->lock)->rlock); [ 30.521184] lock(&port_lock_key); [ 30.521187] lock(&(&port->lock)->rlock); [ 30.521190] lock(console_owner); [ 30.521192] [ 30.521193] *** DEADLOCK *** [ 30.521193] [ 30.521195] 6 locks held by syz-executor121/7980: [ 30.521195] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 30.521200] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 30.521204] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 30.521209] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 30.521214] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.521219] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 30.521223] [ 30.521224] stack backtrace: [ 30.521226] CPU: 1 PID: 7980 Comm: syz-executor121 Not tainted 4.14.301-syzkaller #0 [ 30.521228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.521229] Call Trace: [ 30.521230] dump_stack+0x1b2/0x281 [ 30.521232] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.521233] __lock_acquire+0x2e0e/0x3f20 [ 30.521234] ? trace_hardirqs_on+0x10/0x10 [ 30.521235] ? snprintf+0xd0/0xd0 [ 30.521237] ? console_unlock+0x34a/0xf20 [ 30.521238] lock_acquire+0x170/0x3f0 [ 30.521239] ? console_unlock+0x307/0xf20 [ 30.521240] console_unlock+0x36f/0xf20 [ 30.521241] ? console_unlock+0x307/0xf20 [ 30.521242] vprintk_emit+0x224/0x620 [ 30.521244] vprintk_func+0x58/0x160 [ 30.521245] printk+0x9e/0xbc [ 30.521246] ? log_store.cold+0x16/0x16 [ 30.521247] ? __lock_acquire+0x5fc/0x3f20 [ 30.521248] ? ___ratelimit+0x2b5/0x510 [ 30.521249] should_fail.cold+0xdf/0x149 [ 30.521251] should_failslab+0xd6/0x130 [ 30.521252] __kmalloc+0x6d/0x400 [ 30.521253] ? tty_buffer_alloc+0xc0/0x270 [ 30.521254] tty_buffer_alloc+0xc0/0x270 [ 30.521255] __tty_buffer_request_room+0x12c/0x290 [ 30.521257] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.521259] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.521260] pty_write+0xc3/0xf0 [ 30.521261] ? tty_write_room+0x69/0x80 [ 30.521262] n_tty_write+0x352/0xda0 [ 30.521263] ? n_tty_open+0x160/0x160 [ 30.521264] ? do_wait_intr_irq+0x270/0x270 [ 30.521265] ? __might_fault+0x177/0x1b0 [ 30.521267] tty_write+0x410/0x740 [ 30.521268] ? n_tty_open+0x160/0x160 [ 30.521269] __vfs_write+0xe4/0x630 [ 30.521270] ? tty_compat_ioctl+0x240/0x240 [ 30.521271] ? debug_check_no_obj_freed+0x2c0/0x680 [ 30.521273] ? kernel_read+0x110/0x110 [ 30.521274] ? common_file_perm+0x3ee/0x580 [ 30.521275] ? security_file_permission+0x82/0x1e0 [ 30.521276] ? rw_verify_area+0xe1/0x2a0 [ 30.521278] vfs_write+0x17f/0x4d0 [ 30.521279] SyS_write+0xf2/0x210 [ 30.521280] ? SyS_read+0x210/0x210 [ 30.521281] ? do_syscall_64+0x4c/0x640 [ 30.521282] ? SyS_read+0x210/0x210 [ 30.521283] do_syscall_64+0x1d5/0x640 [ 30.521285] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.521286] RIP: 0033:0x7f0f627d97a9 [ 30.521287] RSP: 002b:00007fffdd4fc378 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 30.521290] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0f627d97a9 [ 30.521292] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 30.521294] RBP: 00007fffdd4fc390 R08: 0000000000000001 R09: 0000000000000001 [ 30.521296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 30.521298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000