Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.077392] FAULT_INJECTION: forcing a failure. [ 26.077392] name failslab, interval 1, probability 0, space 0, times 1 [ 26.088956] CPU: 0 PID: 7951 Comm: syz-executor182 Not tainted 4.14.302-syzkaller #0 [ 26.097067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.106404] Call Trace: [ 26.108982] dump_stack+0x1b2/0x281 [ 26.112594] should_fail.cold+0x10a/0x149 [ 26.116722] should_failslab+0xd6/0x130 [ 26.120670] __kmalloc+0x6d/0x400 [ 26.124102] ? tty_buffer_alloc+0xc0/0x270 [ 26.128314] tty_buffer_alloc+0xc0/0x270 [ 26.132346] __tty_buffer_request_room+0x12c/0x290 [ 26.137248] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.142756] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.148697] pty_write+0xc3/0xf0 [ 26.152035] n_tty_write+0x85e/0xda0 [ 26.155721] ? n_tty_open+0x160/0x160 [ 26.159493] ? do_wait_intr_irq+0x270/0x270 [ 26.163793] ? __might_fault+0x177/0x1b0 [ 26.167823] tty_write+0x410/0x740 [ 26.171333] ? n_tty_open+0x160/0x160 [ 26.175102] __vfs_write+0xe4/0x630 [ 26.178698] ? tty_compat_ioctl+0x240/0x240 [ 26.182991] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.187976] ? kernel_read+0x110/0x110 [ 26.191835] ? common_file_perm+0x3ee/0x580 [ 26.196307] ? security_file_permission+0x82/0x1e0 [ 26.201207] ? rw_verify_area+0xe1/0x2a0 [ 26.205238] vfs_write+0x17f/0x4d0 [ 26.208748] SyS_write+0xf2/0x210 [ 26.212170] ? SyS_read+0x210/0x210 [ 26.215766] ? __do_page_fault+0x159/0xad0 [ 26.219971] ? do_syscall_64+0x4c/0x640 [ 26.223912] ? SyS_read+0x210/0x210 [ 26.227511] do_syscall_64+0x1d5/0x640 [ 26.231370] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.236528] RIP: 0033:0x7f028c93b6f9 [ 26.240207] RSP: 002b:00007ffc28f6b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 26.247885] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f028c93b6f9 [ 26.255124] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003 [ 26.262374] RBP: 00007ffc28f6b4f0 R08: 0000000000000001 R09: 00007f028c8f0032 [ 26.269625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 26.276871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.284120] [ 26.284122] ====================================================== [ 26.284124] WARNING: possible circular locking dependency detected [ 26.284125] 4.14.302-syzkaller #0 Not tainted [ 26.284127] ------------------------------------------------------ [ 26.284128] syz-executor182/7951 is trying to acquire lock: [ 26.284129] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 26.284133] [ 26.284134] but task is already holding lock: [ 26.284135] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.284139] [ 26.284140] which lock already depends on the new lock. [ 26.284141] [ 26.284141] [ 26.284143] the existing dependency chain (in reverse order) is: [ 26.284143] [ 26.284144] -> #2 (&(&port->lock)->rlock){-.-.}: [ 26.284148] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.284149] tty_port_tty_get+0x1d/0x80 [ 26.284150] tty_port_default_wakeup+0x11/0x40 [ 26.284152] serial8250_tx_chars+0x3fe/0xc70 [ 26.284153] serial8250_handle_irq.part.0+0x2c7/0x390 [ 26.284154] serial8250_default_handle_irq+0x8a/0x1f0 [ 26.284156] serial8250_interrupt+0xf3/0x210 [ 26.284157] __handle_irq_event_percpu+0xee/0x7f0 [ 26.284158] handle_irq_event+0xed/0x240 [ 26.284159] handle_edge_irq+0x224/0xc40 [ 26.284160] handle_irq+0x35/0x50 [ 26.284161] do_IRQ+0x93/0x1d0 [ 26.284162] ret_from_intr+0x0/0x1e [ 26.284163] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 26.284165] uart_write+0x2dd/0x560 [ 26.284166] do_output_char+0x4f5/0x750 [ 26.284167] n_tty_write+0x3e3/0xda0 [ 26.284168] tty_write+0x410/0x740 [ 26.284169] redirected_tty_write+0x9c/0xb0 [ 26.284170] do_iter_write+0x3da/0x550 [ 26.284171] vfs_writev+0x125/0x290 [ 26.284172] do_writev+0xfc/0x2c0 [ 26.284173] do_syscall_64+0x1d5/0x640 [ 26.284175] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.284175] [ 26.284176] -> #1 (&port_lock_key){-.-.}: [ 26.284180] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.284181] serial8250_console_write+0x8cb/0xb40 [ 26.284182] console_unlock+0x99d/0xf20 [ 26.284183] vprintk_emit+0x224/0x620 [ 26.284184] vprintk_func+0x58/0x160 [ 26.284185] printk+0x9e/0xbc [ 26.284186] register_console+0x6f4/0xad0 [ 26.284187] univ8250_console_init+0x2f/0x3a [ 26.284188] console_init+0x46/0x53 [ 26.284189] start_kernel+0x521/0x763 [ 26.284191] secondary_startup_64+0xa5/0xb0 [ 26.284191] [ 26.284192] -> #0 (console_owner){....}: [ 26.284195] lock_acquire+0x170/0x3f0 [ 26.284197] console_unlock+0x36f/0xf20 [ 26.284198] vprintk_emit+0x224/0x620 [ 26.284199] vprintk_func+0x58/0x160 [ 26.284200] printk+0x9e/0xbc [ 26.284201] should_fail.cold+0xdf/0x149 [ 26.284202] should_failslab+0xd6/0x130 [ 26.284203] __kmalloc+0x6d/0x400 [ 26.284204] tty_buffer_alloc+0xc0/0x270 [ 26.284205] __tty_buffer_request_room+0x12c/0x290 [ 26.284207] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.284208] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.284209] pty_write+0xc3/0xf0 [ 26.284210] n_tty_write+0x85e/0xda0 [ 26.284211] tty_write+0x410/0x740 [ 26.284212] __vfs_write+0xe4/0x630 [ 26.284213] vfs_write+0x17f/0x4d0 [ 26.284214] SyS_write+0xf2/0x210 [ 26.284215] do_syscall_64+0x1d5/0x640 [ 26.284217] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.284217] [ 26.284219] other info that might help us debug this: [ 26.284219] [ 26.284220] Chain exists of: [ 26.284221] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 26.284225] [ 26.284227] Possible unsafe locking scenario: [ 26.284227] [ 26.284228] CPU0 CPU1 [ 26.284229] ---- ---- [ 26.284230] lock(&(&port->lock)->rlock); [ 26.284233] lock(&port_lock_key); [ 26.284235] lock(&(&port->lock)->rlock); [ 26.284238] lock(console_owner); [ 26.284240] [ 26.284240] *** DEADLOCK *** [ 26.284241] [ 26.284242] 6 locks held by syz-executor182/7951: [ 26.284243] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 26.284247] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 26.284251] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 26.284255] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 26.284259] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.284263] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 26.284267] [ 26.284268] stack backtrace: [ 26.284270] CPU: 0 PID: 7951 Comm: syz-executor182 Not tainted 4.14.302-syzkaller #0 [ 26.284272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.284273] Call Trace: [ 26.284274] dump_stack+0x1b2/0x281 [ 26.284275] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 26.284276] __lock_acquire+0x2e0e/0x3f20 [ 26.284278] ? trace_hardirqs_on+0x10/0x10 [ 26.284279] ? snprintf+0xd0/0xd0 [ 26.284280] ? console_unlock+0x34a/0xf20 [ 26.284281] lock_acquire+0x170/0x3f0 [ 26.284282] ? console_unlock+0x307/0xf20 [ 26.284283] console_unlock+0x36f/0xf20 [ 26.284284] ? console_unlock+0x307/0xf20 [ 26.284285] vprintk_emit+0x224/0x620 [ 26.284286] vprintk_func+0x58/0x160 [ 26.284287] printk+0x9e/0xbc [ 26.284288] ? log_store.cold+0x16/0x16 [ 26.284289] ? ___ratelimit+0x2b5/0x510 [ 26.284290] should_fail.cold+0xdf/0x149 [ 26.284291] should_failslab+0xd6/0x130 [ 26.284292] __kmalloc+0x6d/0x400 [ 26.284293] ? tty_buffer_alloc+0xc0/0x270 [ 26.284294] tty_buffer_alloc+0xc0/0x270 [ 26.284296] __tty_buffer_request_room+0x12c/0x290 [ 26.284297] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.284299] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.284299] pty_write+0xc3/0xf0 [ 26.284301] n_tty_write+0x85e/0xda0 [ 26.284302] ? n_tty_open+0x160/0x160 [ 26.284303] ? do_wait_intr_irq+0x270/0x270 [ 26.284304] ? __might_fault+0x177/0x1b0 [ 26.284305] tty_write+0x410/0x740 [ 26.284306] ? n_tty_open+0x160/0x160 [ 26.284307] __vfs_write+0xe4/0x630 [ 26.284308] ? tty_compat_ioctl+0x240/0x240 [ 26.284309] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.284310] ? kernel_read+0x110/0x110 [ 26.284312] ? common_file_perm+0x3ee/0x580 [ 26.284313] ? security_file_permission+0x82/0x1e0 [ 26.284314] ? rw_verify_area+0xe1/0x2a0 [ 26.284315] vfs_write+0x17f/0x4d0 [ 26.284316] SyS_write+0xf2/0x210 [ 26.284317] ? SyS_read+0x210/0x210 [ 26.284318] ? __do_page_fault+0x159/0xad0 [ 26.284319] ? do_syscall_64+0x4c/0x640 [ 26.284320] ? SyS_read+0x210/0x210 [ 26.284321] do_syscall_64+0x1d5/0x640 [ 26.284322] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.284323] RIP: 0033:0x7f028c93b6f9 [ 26.284325] RSP: 002b:00007ffc28f6b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 26.284327] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f028c93b6f9 [ 26.284329] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003 [ 26.284331] RBP: 00007ffc28f6b4f0 R08: 0000000000000001 R09: 00007f028c8f0032 [ 26.284333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 26.284334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000