Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.582670] FAULT_INJECTION: forcing a failure. [ 30.582670] name failslab, interval 1, probability 0, space 0, times 1 [ 30.594184] CPU: 1 PID: 7981 Comm: syz-executor393 Not tainted 4.14.300-syzkaller #0 [ 30.602036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.611357] Call Trace: [ 30.613916] dump_stack+0x1b2/0x281 [ 30.617511] should_fail.cold+0x10a/0x149 [ 30.621628] should_failslab+0xd6/0x130 [ 30.625581] __kmalloc+0x6d/0x400 [ 30.629011] ? tty_buffer_alloc+0xc0/0x270 [ 30.633216] tty_buffer_alloc+0xc0/0x270 [ 30.637249] __tty_buffer_request_room+0x12c/0x290 [ 30.642150] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.647658] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.653599] pty_write+0xc3/0xf0 [ 30.656935] n_tty_write+0x85e/0xda0 [ 30.660708] ? n_tty_open+0x160/0x160 [ 30.664478] ? do_wait_intr_irq+0x270/0x270 [ 30.668771] ? __might_fault+0x177/0x1b0 [ 30.672800] tty_write+0x410/0x740 [ 30.676310] ? n_tty_open+0x160/0x160 [ 30.680080] __vfs_write+0xe4/0x630 [ 30.683676] ? tty_compat_ioctl+0x240/0x240 [ 30.687967] ? __handle_mm_fault+0x80f/0x4620 [ 30.692432] ? kernel_read+0x110/0x110 [ 30.696298] ? common_file_perm+0x3ee/0x580 [ 30.700602] ? security_file_permission+0x82/0x1e0 [ 30.705506] ? rw_verify_area+0xe1/0x2a0 [ 30.709539] vfs_write+0x17f/0x4d0 [ 30.713061] SyS_write+0xf2/0x210 [ 30.716485] ? SyS_read+0x210/0x210 [ 30.720088] ? __do_page_fault+0x159/0xad0 [ 30.724303] ? do_syscall_64+0x4c/0x640 [ 30.728245] ? SyS_read+0x210/0x210 [ 30.731843] do_syscall_64+0x1d5/0x640 [ 30.735701] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.740873] [ 30.740875] ====================================================== [ 30.740876] WARNING: possible circular locking dependency detected [ 30.740878] 4.14.300-syzkaller #0 Not tainted [ 30.740880] ------------------------------------------------------ [ 30.740881] syz-executor393/7981 is trying to acquire lock: [ 30.740882] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 30.740886] [ 30.740887] but task is already holding lock: [ 30.740888] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.740892] [ 30.740893] which lock already depends on the new lock. [ 30.740894] [ 30.740894] [ 30.740896] the existing dependency chain (in reverse order) is: [ 30.740896] [ 30.740897] -> #2 (&(&port->lock)->rlock){-.-.}: [ 30.740901] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.740902] tty_port_tty_get+0x1d/0x80 [ 30.740903] tty_port_default_wakeup+0x11/0x40 [ 30.740905] serial8250_tx_chars+0x3fe/0xc70 [ 30.740906] serial8250_handle_irq.part.0+0x2c7/0x390 [ 30.740907] serial8250_default_handle_irq+0x8a/0x1f0 [ 30.740909] serial8250_interrupt+0xf3/0x210 [ 30.740910] __handle_irq_event_percpu+0xee/0x7f0 [ 30.740911] handle_irq_event+0xed/0x240 [ 30.740912] handle_edge_irq+0x224/0xc40 [ 30.740913] handle_irq+0x35/0x50 [ 30.740914] do_IRQ+0x93/0x1d0 [ 30.740915] ret_from_intr+0x0/0x1e [ 30.740916] [ 30.740917] -> #1 (&port_lock_key){-.-.}: [ 30.740920] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.740922] serial8250_console_write+0x8cb/0xb40 [ 30.740923] console_unlock+0x99d/0xf20 [ 30.740924] vprintk_emit+0x224/0x620 [ 30.740925] vprintk_func+0x58/0x160 [ 30.740926] printk+0x9e/0xbc [ 30.740927] register_console+0x6f4/0xad0 [ 30.740928] univ8250_console_init+0x2f/0x3a [ 30.740929] console_init+0x46/0x53 [ 30.740931] start_kernel+0x521/0x763 [ 30.740932] secondary_startup_64+0xa5/0xb0 [ 30.740932] [ 30.740933] -> #0 (console_owner){....}: [ 30.740937] lock_acquire+0x170/0x3f0 [ 30.740938] console_unlock+0x36f/0xf20 [ 30.740939] vprintk_emit+0x224/0x620 [ 30.740940] vprintk_func+0x58/0x160 [ 30.740941] printk+0x9e/0xbc [ 30.740942] should_fail.cold+0xdf/0x149 [ 30.740943] should_failslab+0xd6/0x130 [ 30.740944] __kmalloc+0x6d/0x400 [ 30.740945] tty_buffer_alloc+0xc0/0x270 [ 30.740947] __tty_buffer_request_room+0x12c/0x290 [ 30.740948] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.740950] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.740951] pty_write+0xc3/0xf0 [ 30.740952] n_tty_write+0x85e/0xda0 [ 30.740953] tty_write+0x410/0x740 [ 30.740954] __vfs_write+0xe4/0x630 [ 30.740955] vfs_write+0x17f/0x4d0 [ 30.740956] SyS_write+0xf2/0x210 [ 30.740957] do_syscall_64+0x1d5/0x640 [ 30.740958] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.740959] [ 30.740960] other info that might help us debug this: [ 30.740961] [ 30.740962] Chain exists of: [ 30.740962] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 30.740967] [ 30.740968] Possible unsafe locking scenario: [ 30.740969] [ 30.740970] CPU0 CPU1 [ 30.740971] ---- ---- [ 30.740972] lock(&(&port->lock)->rlock); [ 30.740975] lock(&port_lock_key); [ 30.740977] lock(&(&port->lock)->rlock); [ 30.740979] lock(console_owner); [ 30.740981] [ 30.740982] *** DEADLOCK *** [ 30.740983] [ 30.740984] 6 locks held by syz-executor393/7981: [ 30.740985] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 30.740989] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 30.740993] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 30.740997] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 30.741001] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.741005] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 30.741009] [ 30.741010] stack backtrace: [ 30.741012] CPU: 1 PID: 7981 Comm: syz-executor393 Not tainted 4.14.300-syzkaller #0 [ 30.741014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 30.741015] Call Trace: [ 30.741016] dump_stack+0x1b2/0x281 [ 30.741017] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.741019] __lock_acquire+0x2e0e/0x3f20 [ 30.741020] ? trace_hardirqs_on+0x10/0x10 [ 30.741021] ? snprintf+0xd0/0xd0 [ 30.741022] ? console_unlock+0x34a/0xf20 [ 30.741023] lock_acquire+0x170/0x3f0 [ 30.741024] ? console_unlock+0x307/0xf20 [ 30.741025] console_unlock+0x36f/0xf20 [ 30.741026] ? console_unlock+0x307/0xf20 [ 30.741027] vprintk_emit+0x224/0x620 [ 30.741028] vprintk_func+0x58/0x160 [ 30.741029] printk+0x9e/0xbc [ 30.741030] ? log_store.cold+0x16/0x16 [ 30.741031] ? ___ratelimit+0x2b5/0x510 [ 30.741032] should_fail.cold+0xdf/0x149 [ 30.741033] should_failslab+0xd6/0x130 [ 30.741034] __kmalloc+0x6d/0x400 [ 30.741036] ? tty_buffer_alloc+0xc0/0x270 [ 30.741037] tty_buffer_alloc+0xc0/0x270 [ 30.741038] __tty_buffer_request_room+0x12c/0x290 [ 30.741039] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.741041] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.741042] pty_write+0xc3/0xf0 [ 30.741043] n_tty_write+0x85e/0xda0 [ 30.741044] ? n_tty_open+0x160/0x160 [ 30.741045] ? do_wait_intr_irq+0x270/0x270 [ 30.741046] ? __might_fault+0x177/0x1b0 [ 30.741047] tty_write+0x410/0x740 [ 30.741048] ? n_tty_open+0x160/0x160 [ 30.741049] __vfs_write+0xe4/0x630 [ 30.741050] ? tty_compat_ioctl+0x240/0x240 [ 30.741051] ? __handle_mm_fault+0x80f/0x4620 [ 30.741052] ? kernel_read+0x110/0x110 [ 30.741053] ? common_file_perm+0x3ee/0x580 [ 30.741055] ? security_file_permission+0x82/0x1e0 [ 30.741056] ? rw_verify_area+0xe1/0x2a0 [ 30.741057] vfs_write+0x17f/0x4d0 [ 30.741058] SyS_write+0xf2/0x210 [ 30.741059] ? SyS_read+0x210/0x210 [ 30.741060] ? __do_page_fault+0x159/0xad0 [ 30.741061] ? do_syscall_64+0x4c/0x640 [ 30.741062] ? SyS_read+0x210/0x210 [ 30.741063] do_syscall_64+0x1d5/0x640 [ 30.741064] entry_SYSCALL_64_after_hwframe+0x5e/0xd3