Warning: Permanently added '10.128.1.130' (ECDSA) to the list of known hosts. executing program [ 29.295510] FAULT_INJECTION: forcing a failure. [ 29.295510] name failslab, interval 1, probability 0, space 0, times 1 [ 29.307242] CPU: 1 PID: 7973 Comm: syz-executor174 Not tainted 4.14.301-syzkaller #0 [ 29.315096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.324423] Call Trace: [ 29.326986] dump_stack+0x1b2/0x281 [ 29.330586] should_fail.cold+0x10a/0x149 [ 29.334711] should_failslab+0xd6/0x130 [ 29.338662] __kmalloc+0x6d/0x400 [ 29.342090] ? tty_buffer_alloc+0xc0/0x270 [ 29.346301] tty_buffer_alloc+0xc0/0x270 [ 29.350338] __tty_buffer_request_room+0x12c/0x290 [ 29.355243] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.360754] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.366702] pty_write+0xc3/0xf0 [ 29.370264] tty_put_char+0xfe/0x120 [ 29.373954] ? dev_match_devt+0x80/0x80 [ 29.377905] ? pty_write_room+0xa9/0xd0 [ 29.381853] ? ptmx_open+0x300/0x300 [ 29.385540] __process_echoes+0x48c/0x8c0 [ 29.389665] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.394571] ? n_tty_receive_buf2+0x40/0x40 [ 29.398863] tty_ioctl+0xe8a/0x1430 [ 29.402464] ? tty_fasync+0x2c0/0x2c0 [ 29.406243] ? proc_fail_nth_write+0x7b/0x180 [ 29.410711] ? proc_tgid_io_accounting+0x730/0x7a0 [ 29.415617] ? fsnotify+0x974/0x11b0 [ 29.419304] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.424211] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.429208] ? tty_fasync+0x2c0/0x2c0 [ 29.432986] do_vfs_ioctl+0x75a/0xff0 [ 29.436759] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.441152] ? vfs_write+0x319/0x4d0 [ 29.444840] ? SyS_write+0x14d/0x210 [ 29.448527] ? security_file_ioctl+0x83/0xb0 [ 29.452911] SyS_ioctl+0x7f/0xb0 [ 29.456252] ? do_vfs_ioctl+0xff0/0xff0 [ 29.460202] do_syscall_64+0x1d5/0x640 [ 29.464067] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.469233] RIP: 0033:0x7f5df6a636f9 [ 29.472915] RSP: 002b:00007fff11420d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.480596] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5df6a636f9 [ 29.487838] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 29.495083] RBP: 00007fff11420d80 R08: 0000000000000001 R09: 00007f5df6a20031 [ 29.502325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 29.509569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.516818] [ 29.516821] ====================================================== [ 29.516822] WARNING: possible circular locking dependency detected [ 29.516824] 4.14.301-syzkaller #0 Not tainted [ 29.516825] ------------------------------------------------------ [ 29.516827] syz-executor174/7973 is trying to acquire lock: [ 29.516828] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.516832] [ 29.516833] but task is already holding lock: [ 29.516834] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.516838] [ 29.516840] which lock already depends on the new lock. [ 29.516841] [ 29.516841] [ 29.516843] the existing dependency chain (in reverse order) is: [ 29.516844] [ 29.516844] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.516849] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.516850] tty_port_tty_get+0x1d/0x80 [ 29.516851] tty_port_default_wakeup+0x11/0x40 [ 29.516853] serial8250_tx_chars+0x3fe/0xc70 [ 29.516854] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.516856] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.516857] serial8250_interrupt+0xf3/0x210 [ 29.516858] __handle_irq_event_percpu+0xee/0x7f0 [ 29.516859] handle_irq_event+0xed/0x240 [ 29.516861] handle_edge_irq+0x224/0xc40 [ 29.516862] handle_irq+0x35/0x50 [ 29.516863] do_IRQ+0x93/0x1d0 [ 29.516864] ret_from_intr+0x0/0x1e [ 29.516866] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 29.516867] uart_write+0x2dd/0x560 [ 29.516868] do_output_char+0x4f5/0x750 [ 29.516869] n_tty_write+0x3e3/0xda0 [ 29.516870] tty_write+0x410/0x740 [ 29.516872] redirected_tty_write+0x9c/0xb0 [ 29.516873] do_iter_write+0x3da/0x550 [ 29.516874] vfs_writev+0x125/0x290 [ 29.516875] do_writev+0xfc/0x2c0 [ 29.516876] do_syscall_64+0x1d5/0x640 [ 29.516878] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.516878] [ 29.516879] -> #1 (&port_lock_key){-.-.}: [ 29.516883] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.516885] serial8250_console_write+0x8cb/0xb40 [ 29.516886] console_unlock+0x99d/0xf20 [ 29.516887] vprintk_emit+0x224/0x620 [ 29.516888] vprintk_func+0x58/0x160 [ 29.516889] printk+0x9e/0xbc [ 29.516891] register_console+0x6f4/0xad0 [ 29.516892] univ8250_console_init+0x2f/0x3a [ 29.516893] console_init+0x46/0x53 [ 29.516894] start_kernel+0x521/0x763 [ 29.516896] secondary_startup_64+0xa5/0xb0 [ 29.516896] [ 29.516897] -> #0 (console_owner){....}: [ 29.516901] lock_acquire+0x170/0x3f0 [ 29.516902] console_unlock+0x36f/0xf20 [ 29.516903] vprintk_emit+0x224/0x620 [ 29.516905] vprintk_func+0x58/0x160 [ 29.516906] printk+0x9e/0xbc [ 29.516907] should_fail.cold+0xdf/0x149 [ 29.516908] should_failslab+0xd6/0x130 [ 29.516909] __kmalloc+0x6d/0x400 [ 29.516911] tty_buffer_alloc+0xc0/0x270 [ 29.516912] __tty_buffer_request_room+0x12c/0x290 [ 29.516914] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.516915] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.516916] pty_write+0xc3/0xf0 [ 29.516918] tty_put_char+0xfe/0x120 [ 29.516919] __process_echoes+0x48c/0x8c0 [ 29.516920] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.516921] tty_ioctl+0xe8a/0x1430 [ 29.516923] do_vfs_ioctl+0x75a/0xff0 [ 29.516924] SyS_ioctl+0x7f/0xb0 [ 29.516925] do_syscall_64+0x1d5/0x640 [ 29.516926] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.516927] [ 29.516928] other info that might help us debug this: [ 29.516929] [ 29.516930] Chain exists of: [ 29.516931] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.516936] [ 29.516937] Possible unsafe locking scenario: [ 29.516938] [ 29.516939] CPU0 CPU1 [ 29.516940] ---- ---- [ 29.516941] lock(&(&port->lock)->rlock); [ 29.516944] lock(&port_lock_key); [ 29.516947] lock(&(&port->lock)->rlock); [ 29.516949] lock(console_owner); [ 29.516951] [ 29.516952] *** DEADLOCK *** [ 29.516953] [ 29.516954] 6 locks held by syz-executor174/7973: [ 29.516955] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.516959] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 29.516964] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 29.516970] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 29.516975] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.516979] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.516984] [ 29.516985] stack backtrace: [ 29.516987] CPU: 1 PID: 7973 Comm: syz-executor174 Not tainted 4.14.301-syzkaller #0 [ 29.516989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.516990] Call Trace: [ 29.516991] dump_stack+0x1b2/0x281 [ 29.516993] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.516994] __lock_acquire+0x2e0e/0x3f20 [ 29.516995] ? trace_hardirqs_on+0x10/0x10 [ 29.516996] ? snprintf+0xd0/0xd0 [ 29.516997] ? console_unlock+0x34a/0xf20 [ 29.516999] lock_acquire+0x170/0x3f0 [ 29.517000] ? console_unlock+0x307/0xf20 [ 29.517001] console_unlock+0x36f/0xf20 [ 29.517002] ? console_unlock+0x307/0xf20 [ 29.517003] vprintk_emit+0x224/0x620 [ 29.517004] vprintk_func+0x58/0x160 [ 29.517005] printk+0x9e/0xbc [ 29.517007] ? log_store.cold+0x16/0x16 [ 29.517008] ? ___ratelimit+0x2b5/0x510 [ 29.517009] should_fail.cold+0xdf/0x149 [ 29.517010] should_failslab+0xd6/0x130 [ 29.517011] __kmalloc+0x6d/0x400 [ 29.517012] ? tty_buffer_alloc+0xc0/0x270 [ 29.517014] tty_buffer_alloc+0xc0/0x270 [ 29.517015] __tty_buffer_request_room+0x12c/0x290 [ 29.517017] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.517018] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.517019] pty_write+0xc3/0xf0 [ 29.517020] tty_put_char+0xfe/0x120 [ 29.517022] ? dev_match_devt+0x80/0x80 [ 29.517023] ? pty_write_room+0xa9/0xd0 [ 29.517024] ? ptmx_open+0x300/0x300 [ 29.517025] __process_echoes+0x48c/0x8c0 [ 29.517026] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.517028] ? n_tty_receive_buf2+0x40/0x40 [ 29.517029] tty_ioctl+0xe8a/0x1430 [ 29.517030] ? tty_fasync+0x2c0/0x2c0 [ 29.517031] ? proc_fail_nth_write+0x7b/0x180 [ 29.517033] ? proc_tgid_io_accounting+0x730/0x7a0 [ 29.517034] ? fsnotify+0x974/0x11b0 [ 29.517035] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.517037] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.517038] ? tty_fasync+0x2c0/0x2c0 [ 29.517039] do_vfs_ioctl+0x75a/0xff0 [ 29.517040] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.517041] ? vfs_write+0x319/0x4d0 [ 29.517042] ? SyS_write+0x14d/0x210 [ 29.517044] ? security_file_ioctl+0x83/0xb0 [ 29.517045] SyS_ioctl+0x7f/0xb0 [ 29.517046] ? do_vfs_ioctl+0xff0/0xff0 [ 29.517047] do_syscall_64+0x1d5/0x640 [ 29.517049] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.517050] RIP: 0033:0x7f5df6a636f9 [ 29.517051] RSP: 002b:00007fff11420d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.517054] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f5df6a636f9 [ 29.517056] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 29.517058] RBP: 00007fff11420d80 R08: 0000000000000001 R09: 00007f5df6a20031 [ 29.517060] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000