Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.252' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.426227] FAULT_INJECTION: forcing a failure. [ 28.426227] name failslab, interval 1, probability 0, space 0, times 1 [ 28.438304] CPU: 0 PID: 7964 Comm: syz-executor233 Not tainted 4.14.303-syzkaller #0 [ 28.446773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 28.456597] Call Trace: [ 28.459167] dump_stack+0x1b2/0x281 [ 28.462775] should_fail.cold+0x10a/0x149 [ 28.466991] should_failslab+0xd6/0x130 [ 28.471043] __kmalloc+0x6d/0x400 [ 28.475109] ? tty_buffer_alloc+0xc0/0x270 [ 28.479327] tty_buffer_alloc+0xc0/0x270 [ 28.483364] __tty_buffer_request_room+0x12c/0x290 [ 28.488267] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.493888] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.499992] pty_write+0xc3/0xf0 [ 28.503340] tty_put_char+0xfe/0x120 [ 28.507041] ? dev_match_devt+0x80/0x80 [ 28.511020] ? pty_write_room+0xa9/0xd0 [ 28.514989] ? ptmx_open+0x300/0x300 [ 28.518683] __process_echoes+0x48c/0x8c0 [ 28.522838] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.527764] ? n_tty_receive_buf2+0x40/0x40 [ 28.532066] tty_ioctl+0xe8a/0x1430 [ 28.535670] ? tty_fasync+0x2c0/0x2c0 [ 28.539455] ? proc_fail_nth_write+0x7b/0x180 [ 28.544031] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 28.549129] ? fsnotify+0x974/0x11b0 [ 28.552823] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.557728] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.562718] ? tty_fasync+0x2c0/0x2c0 [ 28.566493] do_vfs_ioctl+0x75a/0xff0 [ 28.570266] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.574651] ? vfs_write+0x319/0x4d0 [ 28.578425] ? SyS_write+0x14d/0x210 [ 28.582131] ? security_file_ioctl+0x83/0xb0 [ 28.586514] SyS_ioctl+0x7f/0xb0 [ 28.589857] ? do_vfs_ioctl+0xff0/0xff0 [ 28.593805] do_syscall_64+0x1d5/0x640 [ 28.597670] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.603006] RIP: 0033:0x7fb3afecd789 [ 28.606706] RSP: 002b:00007ffc00531b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.614477] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb3afecd789 [ 28.621737] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 28.628979] RBP: 00007ffc00531b20 R08: 0000000000000001 R09: 0000000000000001 [ 28.636308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 28.643551] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.650802] [ 28.650804] ====================================================== [ 28.650806] WARNING: possible circular locking dependency detected [ 28.650808] 4.14.303-syzkaller #0 Not tainted [ 28.650810] ------------------------------------------------------ [ 28.650811] syz-executor233/7964 is trying to acquire lock: [ 28.650812] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 28.650817] [ 28.650818] but task is already holding lock: [ 28.650819] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.650824] [ 28.650825] which lock already depends on the new lock. [ 28.650826] [ 28.650827] [ 28.650829] the existing dependency chain (in reverse order) is: [ 28.650829] [ 28.650830] -> #2 (&(&port->lock)->rlock){-.-.}: [ 28.650835] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.650836] tty_port_tty_get+0x1d/0x80 [ 28.650837] tty_port_default_wakeup+0x11/0x40 [ 28.650839] serial8250_tx_chars+0x3fe/0xc70 [ 28.650841] serial8250_handle_irq.part.0+0x2c7/0x390 [ 28.650842] serial8250_default_handle_irq+0x8a/0x1f0 [ 28.650844] serial8250_interrupt+0xf3/0x210 [ 28.650845] __handle_irq_event_percpu+0xee/0x7f0 [ 28.650847] handle_irq_event+0xed/0x240 [ 28.650848] handle_edge_irq+0x224/0xc40 [ 28.650849] handle_irq+0x35/0x50 [ 28.650851] do_IRQ+0x93/0x1d0 [ 28.650852] ret_from_intr+0x0/0x1e [ 28.650854] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 28.650855] uart_write+0x2dd/0x560 [ 28.650857] do_output_char+0x4f5/0x750 [ 28.650858] n_tty_write+0x3e3/0xda0 [ 28.650859] tty_write+0x410/0x740 [ 28.650861] redirected_tty_write+0x9c/0xb0 [ 28.650862] do_iter_write+0x3da/0x550 [ 28.650863] vfs_writev+0x125/0x290 [ 28.650865] do_writev+0xfc/0x2c0 [ 28.650866] do_syscall_64+0x1d5/0x640 [ 28.650868] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.650868] [ 28.650869] -> #1 (&port_lock_key){-.-.}: [ 28.650873] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.650875] serial8250_console_write+0x8cb/0xb40 [ 28.650876] console_unlock+0x99d/0xf20 [ 28.650877] vprintk_emit+0x224/0x620 [ 28.650879] vprintk_func+0x58/0x160 [ 28.650880] printk+0x9e/0xbc [ 28.650881] register_console+0x6f4/0xad0 [ 28.650883] univ8250_console_init+0x2f/0x3a [ 28.650884] console_init+0x46/0x53 [ 28.650885] start_kernel+0x521/0x763 [ 28.650887] secondary_startup_64+0xa5/0xb0 [ 28.650887] [ 28.650888] -> #0 (console_owner){....}: [ 28.650892] lock_acquire+0x170/0x3f0 [ 28.650894] console_unlock+0x36f/0xf20 [ 28.650895] vprintk_emit+0x224/0x620 [ 28.650896] vprintk_func+0x58/0x160 [ 28.650897] printk+0x9e/0xbc [ 28.650899] should_fail.cold+0xdf/0x149 [ 28.650900] should_failslab+0xd6/0x130 [ 28.650901] __kmalloc+0x6d/0x400 [ 28.650903] tty_buffer_alloc+0xc0/0x270 [ 28.650904] __tty_buffer_request_room+0x12c/0x290 [ 28.650906] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.650908] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.650909] pty_write+0xc3/0xf0 [ 28.650910] tty_put_char+0xfe/0x120 [ 28.650912] __process_echoes+0x48c/0x8c0 [ 28.650913] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.650914] tty_ioctl+0xe8a/0x1430 [ 28.650916] do_vfs_ioctl+0x75a/0xff0 [ 28.650917] SyS_ioctl+0x7f/0xb0 [ 28.650918] do_syscall_64+0x1d5/0x640 [ 28.650920] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.650920] [ 28.650922] other info that might help us debug this: [ 28.650922] [ 28.650923] Chain exists of: [ 28.650924] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 28.650930] [ 28.650931] Possible unsafe locking scenario: [ 28.650932] [ 28.650933] CPU0 CPU1 [ 28.650934] ---- ---- [ 28.650935] lock(&(&port->lock)->rlock); [ 28.650938] lock(&port_lock_key); [ 28.650941] lock(&(&port->lock)->rlock); [ 28.650944] lock(console_owner); [ 28.650946] [ 28.650947] *** DEADLOCK *** [ 28.650948] [ 28.650949] 6 locks held by syz-executor233/7964: [ 28.650950] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 28.650954] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 28.650960] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 28.650965] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 28.650970] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.650975] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 28.650980] [ 28.650981] stack backtrace: [ 28.650983] CPU: 0 PID: 7964 Comm: syz-executor233 Not tainted 4.14.303-syzkaller #0 [ 28.650986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 28.650987] Call Trace: [ 28.650988] dump_stack+0x1b2/0x281 [ 28.650990] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.650991] __lock_acquire+0x2e0e/0x3f20 [ 28.650992] ? trace_hardirqs_on+0x10/0x10 [ 28.650993] ? snprintf+0xd0/0xd0 [ 28.650995] ? console_unlock+0x34a/0xf20 [ 28.650996] lock_acquire+0x170/0x3f0 [ 28.650997] ? console_unlock+0x307/0xf20 [ 28.650998] console_unlock+0x36f/0xf20 [ 28.651000] ? console_unlock+0x307/0xf20 [ 28.651001] vprintk_emit+0x224/0x620 [ 28.651002] vprintk_func+0x58/0x160 [ 28.651003] printk+0x9e/0xbc [ 28.651004] ? log_store.cold+0x16/0x16 [ 28.651006] ? ___ratelimit+0x2b5/0x510 [ 28.651007] should_fail.cold+0xdf/0x149 [ 28.651009] should_failslab+0xd6/0x130 [ 28.651011] __kmalloc+0x6d/0x400 [ 28.651013] ? tty_buffer_alloc+0xc0/0x270 [ 28.651014] tty_buffer_alloc+0xc0/0x270 [ 28.651017] __tty_buffer_request_room+0x12c/0x290 [ 28.651019] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.651020] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.651022] pty_write+0xc3/0xf0 [ 28.651023] tty_put_char+0xfe/0x120 [ 28.651024] ? dev_match_devt+0x80/0x80 [ 28.651025] ? pty_write_room+0xa9/0xd0 [ 28.651027] ? ptmx_open+0x300/0x300 [ 28.651028] __process_echoes+0x48c/0x8c0 [ 28.651029] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.651031] ? n_tty_receive_buf2+0x40/0x40 [ 28.651032] tty_ioctl+0xe8a/0x1430 [ 28.651033] ? tty_fasync+0x2c0/0x2c0 [ 28.651034] ? proc_fail_nth_write+0x7b/0x180 [ 28.651036] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 28.651037] ? fsnotify+0x974/0x11b0 [ 28.651039] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.651040] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.651042] ? tty_fasync+0x2c0/0x2c0 [ 28.651043] do_vfs_ioctl+0x75a/0xff0 [ 28.651044] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.651045] ? vfs_write+0x319/0x4d0 [ 28.651047] ? SyS_write+0x14d/0x210 [ 28.651048] ? security_file_ioctl+0x83/0xb0 [ 28.651049] SyS_ioctl+0x7f/0xb0 [ 28.651051] ? do_vfs_ioctl+0xff0/0xff0 [ 28.651052] do_syscall_64+0x1d5/0x640 [ 28.651054] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.651055] RIP: 0033:0x7fb3afecd789 [ 28.651056] RSP: 002b:00007ffc00531b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.651060] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb3afecd789 [ 28.651062] RDX: 0000000020000180 RSI: