Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.867766] FAULT_INJECTION: forcing a failure. [ 28.867766] name failslab, interval 1, probability 0, space 0, times 1 [ 28.879789] CPU: 1 PID: 7986 Comm: syz-executor281 Not tainted 4.14.302-syzkaller #0 [ 28.887643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.896973] Call Trace: [ 28.899537] dump_stack+0x1b2/0x281 [ 28.903151] should_fail.cold+0x10a/0x149 [ 28.907273] should_failslab+0xd6/0x130 [ 28.911220] __kmalloc+0x6d/0x400 [ 28.914648] ? tty_buffer_alloc+0xc0/0x270 [ 28.918862] tty_buffer_alloc+0xc0/0x270 [ 28.922908] __tty_buffer_request_room+0x12c/0x290 [ 28.927821] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.933333] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.939276] pty_write+0xc3/0xf0 [ 28.942620] n_tty_write+0x85e/0xda0 [ 28.946329] ? n_tty_open+0x160/0x160 [ 28.950110] ? do_wait_intr_irq+0x270/0x270 [ 28.954413] ? __might_fault+0x177/0x1b0 [ 28.958456] tty_write+0x410/0x740 [ 28.961976] ? n_tty_open+0x160/0x160 [ 28.965752] __vfs_write+0xe4/0x630 [ 28.969353] ? tty_compat_ioctl+0x240/0x240 [ 28.973648] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.978641] ? kernel_read+0x110/0x110 [ 28.982500] ? common_file_perm+0x3ee/0x580 [ 28.986846] ? security_file_permission+0x82/0x1e0 [ 28.991748] ? rw_verify_area+0xe1/0x2a0 [ 28.995884] vfs_write+0x17f/0x4d0 [ 28.999396] SyS_write+0xf2/0x210 [ 29.002823] ? SyS_read+0x210/0x210 [ 29.006422] ? __do_page_fault+0x159/0xad0 [ 29.010634] ? do_syscall_64+0x4c/0x640 [ 29.014583] ? SyS_read+0x210/0x210 [ 29.018183] do_syscall_64+0x1d5/0x640 [ 29.022044] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.027212] RIP: 0033:0x7fcfbd04c679 [ 29.030896] RSP: 002b:00007ffc6d09b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.038583] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfbd04c679 [ 29.045829] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 29.053072] RBP: 00007ffc6d09b220 R08: 0000000000000001 R09: 00007fcfbd010033 [ 29.060315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 29.067558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.074823] [ 29.074825] ====================================================== [ 29.074827] WARNING: possible circular locking dependency detected [ 29.074828] 4.14.302-syzkaller #0 Not tainted [ 29.074830] ------------------------------------------------------ [ 29.074832] syz-executor281/7986 is trying to acquire lock: [ 29.074832] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.074837] [ 29.074838] but task is already holding lock: [ 29.074839] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.074843] [ 29.074845] which lock already depends on the new lock. [ 29.074845] [ 29.074846] [ 29.074848] the existing dependency chain (in reverse order) is: [ 29.074849] [ 29.074849] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.074854] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.074855] tty_port_tty_get+0x1d/0x80 [ 29.074856] tty_port_default_wakeup+0x11/0x40 [ 29.074858] serial8250_tx_chars+0x3fe/0xc70 [ 29.074859] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.074861] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.074862] serial8250_interrupt+0xf3/0x210 [ 29.074863] __handle_irq_event_percpu+0xee/0x7f0 [ 29.074865] handle_irq_event+0xed/0x240 [ 29.074866] handle_edge_irq+0x224/0xc40 [ 29.074867] handle_irq+0x35/0x50 [ 29.074868] do_IRQ+0x93/0x1d0 [ 29.074869] ret_from_intr+0x0/0x1e [ 29.074871] native_safe_halt+0xe/0x10 [ 29.074872] default_idle+0x47/0x370 [ 29.074873] do_idle+0x250/0x3c0 [ 29.074874] cpu_startup_entry+0x14/0x20 [ 29.074876] start_kernel+0x743/0x763 [ 29.074877] secondary_startup_64+0xa5/0xb0 [ 29.074878] [ 29.074878] -> #1 (&port_lock_key){-.-.}: [ 29.074882] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.074884] serial8250_console_write+0x8cb/0xb40 [ 29.074885] console_unlock+0x99d/0xf20 [ 29.074886] vprintk_emit+0x224/0x620 [ 29.074887] vprintk_func+0x58/0x160 [ 29.074888] printk+0x9e/0xbc [ 29.074890] register_console+0x6f4/0xad0 [ 29.074891] univ8250_console_init+0x2f/0x3a [ 29.074892] console_init+0x46/0x53 [ 29.074893] start_kernel+0x521/0x763 [ 29.074895] secondary_startup_64+0xa5/0xb0 [ 29.074895] [ 29.074896] -> #0 (console_owner){....}: [ 29.074900] lock_acquire+0x170/0x3f0 [ 29.074901] console_unlock+0x36f/0xf20 [ 29.074903] vprintk_emit+0x224/0x620 [ 29.074904] vprintk_func+0x58/0x160 [ 29.074905] printk+0x9e/0xbc [ 29.074906] should_fail.cold+0xdf/0x149 [ 29.074907] should_failslab+0xd6/0x130 [ 29.074908] __kmalloc+0x6d/0x400 [ 29.074910] tty_buffer_alloc+0xc0/0x270 [ 29.074911] __tty_buffer_request_room+0x12c/0x290 [ 29.074913] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.074915] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.074916] pty_write+0xc3/0xf0 [ 29.074917] n_tty_write+0x85e/0xda0 [ 29.074918] tty_write+0x410/0x740 [ 29.074919] __vfs_write+0xe4/0x630 [ 29.074920] vfs_write+0x17f/0x4d0 [ 29.074922] SyS_write+0xf2/0x210 [ 29.074923] do_syscall_64+0x1d5/0x640 [ 29.074924] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.074925] [ 29.074926] other info that might help us debug this: [ 29.074927] [ 29.074928] Chain exists of: [ 29.074929] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.074934] [ 29.074935] Possible unsafe locking scenario: [ 29.074936] [ 29.074937] CPU0 CPU1 [ 29.074938] ---- ---- [ 29.074939] lock(&(&port->lock)->rlock); [ 29.074942] lock(&port_lock_key); [ 29.074945] lock(&(&port->lock)->rlock); [ 29.074947] lock(console_owner); [ 29.074949] [ 29.074950] *** DEADLOCK *** [ 29.074951] [ 29.074952] 6 locks held by syz-executor281/7986: [ 29.074953] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.074957] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 29.074962] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 29.074966] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 29.074971] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.074976] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.074980] [ 29.074981] stack backtrace: [ 29.074983] CPU: 1 PID: 7986 Comm: syz-executor281 Not tainted 4.14.302-syzkaller #0 [ 29.074986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.074987] Call Trace: [ 29.074988] dump_stack+0x1b2/0x281 [ 29.074989] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.074990] __lock_acquire+0x2e0e/0x3f20 [ 29.074992] ? trace_hardirqs_on+0x10/0x10 [ 29.074993] ? snprintf+0xd0/0xd0 [ 29.074994] ? console_unlock+0x34a/0xf20 [ 29.074995] lock_acquire+0x170/0x3f0 [ 29.074996] ? console_unlock+0x307/0xf20 [ 29.074998] console_unlock+0x36f/0xf20 [ 29.074999] ? console_unlock+0x307/0xf20 [ 29.075000] vprintk_emit+0x224/0x620 [ 29.075001] vprintk_func+0x58/0x160 [ 29.075002] printk+0x9e/0xbc [ 29.075003] ? log_store.cold+0x16/0x16 [ 29.075005] ? __lock_acquire+0x5fc/0x3f20 [ 29.075006] ? ___ratelimit+0x2b5/0x510 [ 29.075007] should_fail.cold+0xdf/0x149 [ 29.075008] should_failslab+0xd6/0x130 [ 29.075009] __kmalloc+0x6d/0x400 [ 29.075010] ? tty_buffer_alloc+0xc0/0x270 [ 29.075012] tty_buffer_alloc+0xc0/0x270 [ 29.075013] __tty_buffer_request_room+0x12c/0x290 [ 29.075015] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.075016] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.075017] pty_write+0xc3/0xf0 [ 29.075018] n_tty_write+0x85e/0xda0 [ 29.075020] ? n_tty_open+0x160/0x160 [ 29.075021] ? do_wait_intr_irq+0x270/0x270 [ 29.075022] ? __might_fault+0x177/0x1b0 [ 29.075023] tty_write+0x410/0x740 [ 29.075024] ? n_tty_open+0x160/0x160 [ 29.075025] __vfs_write+0xe4/0x630 [ 29.075027] ? tty_compat_ioctl+0x240/0x240 [ 29.075028] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.075029] ? kernel_read+0x110/0x110 [ 29.075030] ? common_file_perm+0x3ee/0x580 [ 29.075032] ? security_file_permission+0x82/0x1e0 [ 29.075033] ? rw_verify_area+0xe1/0x2a0 [ 29.075034] vfs_write+0x17f/0x4d0 [ 29.075035] SyS_write+0xf2/0x210 [ 29.075036] ? SyS_read+0x210/0x210 [ 29.075038] ? __do_page_fault+0x159/0xad0 [ 29.075039] ? do_syscall_64+0x4c/0x640 [ 29.075040] ? SyS_read+0x210/0x210 [ 29.075041] do_syscall_64+0x1d5/0x640 [ 29.075042] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.075044] RIP: 0033:0x7fcfbd04c679 [ 29.075045] RSP: 002b:00007ffc6d09b218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.075048] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfbd04c679 [ 29.075050] RDX: 000000000000ff2e RSI: 0000000020000080 RDI: 0000000000000003 [ 29.075052] RBP: 00007ffc6d09b220 R08: 0000000000000001 R09: 00007fcfbd010033 [ 29.075054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 29.075056] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000