[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 47.630409][ T26] audit: type=1800 audit(1560957560.445:25): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 47.673025][ T26] audit: type=1800 audit(1560957560.445:26): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 47.711870][ T26] audit: type=1800 audit(1560957560.445:27): pid=8056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.152' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.122917][ T8208] FAULT_INJECTION: forcing a failure. [ 72.122917][ T8208] name failslab, interval 1, probability 0, space 0, times 1 [ 72.138017][ T8208] CPU: 1 PID: 8208 Comm: syz-executor423 Not tainted 5.2.0-rc5+ #3 [ 72.145894][ T8208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.155946][ T8208] Call Trace: [ 72.159278][ T8208] dump_stack+0x1d8/0x2f8 [ 72.163619][ T8208] should_fail+0x608/0x860 [ 72.168124][ T8208] ? setup_fault_attr+0x2b0/0x2b0 [ 72.173151][ T8208] ? trace_lock_acquire+0x190/0x190 [ 72.178336][ T8208] __should_failslab+0x11a/0x160 [ 72.183277][ T8208] ? __tty_buffer_request_room+0x1ef/0x560 [ 72.189102][ T8208] should_failslab+0x9/0x20 [ 72.193604][ T8208] __kmalloc+0x7a/0x310 [ 72.197746][ T8208] __tty_buffer_request_room+0x1ef/0x560 [ 72.203365][ T8208] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 72.210140][ T8208] pty_write+0xe2/0x190 [ 72.214287][ T8208] n_tty_write+0x5f5/0x12d0 [ 72.218862][ T8208] ? __might_fault+0xf9/0x160 [ 72.223780][ T8208] ? n_tty_read+0x1c80/0x1c80 [ 72.228439][ T8208] ? wait_woken+0x2c0/0x2c0 [ 72.232924][ T8208] ? kasan_check_write+0x14/0x20 [ 72.237843][ T8208] ? _copy_from_user+0xe0/0x120 [ 72.242792][ T8208] tty_write+0x581/0x860 [ 72.247021][ T8208] ? n_tty_read+0x1c80/0x1c80 [ 72.251680][ T8208] ? redirected_tty_write+0xb0/0xb0 [ 72.256862][ T8208] __vfs_write+0xf9/0x7d0 [ 72.261173][ T8208] ? __kernel_write+0x330/0x330 [ 72.266006][ T8208] ? vfs_write+0x448/0x510 [ 72.270407][ T8208] ? security_file_permission+0x148/0x350 [ 72.276142][ T8208] ? rw_verify_area+0x1c2/0x360 [ 72.281182][ T8208] vfs_write+0x227/0x510 [ 72.285415][ T8208] ksys_write+0x16b/0x2a0 [ 72.289730][ T8208] ? __ia32_sys_read+0x90/0x90 [ 72.294521][ T8208] ? prepare_exit_to_usermode+0x1e1/0x4f0 [ 72.300257][ T8208] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 72.305702][ T8208] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 72.311428][ T8208] ? do_syscall_64+0x1d/0x140 [ 72.316104][ T8208] __x64_sys_write+0x7b/0x90 [ 72.320669][ T8208] do_syscall_64+0xfe/0x140 [ 72.325160][ T8208] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.331147][ T8208] RIP: 0033:0x4404c9 [ 72.335036][ T8208] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.354815][ T8208] RSP: 002b:00007ffd67920e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.363215][ T8208] RAX: ffffffffffffffda RBX: 00007ffd67920ea0 RCX: 00000000004404c9 [ 72.371217][ T8208] RDX: 00000000ffffff78 RSI: 00000000200000c0 RDI: 0000000000000003 [ 72.379227][ T8208] RBP: 0000000000000004 R08: 0000000000000001 R09: 00007ffd67920032 [ 72.387191][ T8208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401db0 [ 72.395205][ T8208] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000 [ 72.403848][ C1] [ 72.403850][ C1] ====================================================== [ 72.403852][ C1] WARNING: possible circular locking dependency detected [ 72.403854][ C1] 5.2.0-rc5+ #3 Not tainted [ 72.403855][ C1] ------------------------------------------------------ [ 72.403857][ C1] syz-executor423/8208 is trying to acquire lock: [ 72.403859][ C1] 0000000094bc2798 (console_owner){-.-.}, at: console_lock_spinning_enable+0x31/0x60 [ 72.403864][ C1] [ 72.403866][ C1] but task is already holding lock: [ 72.403867][ C1] 0000000007643134 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xbd/0x190 [ 72.403872][ C1] [ 72.403874][ C1] which lock already depends on the new lock. [ 72.403874][ C1] [ 72.403876][ C1] [ 72.403877][ C1] the existing dependency chain (in reverse order) is: [ 72.403878][ C1] [ 72.403879][ C1] -> #2 (&(&port->lock)->rlock){-.-.}: [ 72.403884][ C1] _raw_spin_lock_irqsave+0xa1/0xc0 [ 72.403886][ C1] tty_port_default_wakeup+0x20/0xa0 [ 72.403887][ C1] tty_port_tty_wakeup+0x5a/0x70 [ 72.403888][ C1] uart_write_wakeup+0x48/0x60 [ 72.403890][ C1] serial8250_tx_chars+0x623/0x830 [ 72.403891][ C1] serial8250_handle_irq+0x255/0x390 [ 72.403893][ C1] serial8250_default_handle_irq+0xc5/0x1d0 [ 72.403894][ C1] serial8250_interrupt+0xad/0x190 [ 72.403896][ C1] __handle_irq_event_percpu+0x113/0x560 [ 72.403897][ C1] handle_irq_event+0x10a/0x2f0 [ 72.403899][ C1] handle_edge_irq+0x29f/0xca0 [ 72.403900][ C1] handle_irq+0x3e/0x50 [ 72.403901][ C1] do_IRQ+0xc4/0x1a0 [ 72.403902][ C1] ret_from_intr+0x0/0x1e [ 72.403904][ C1] native_safe_halt+0xe/0x10 [ 72.403905][ C1] arch_cpu_idle+0xa/0x10 [ 72.403906][ C1] do_idle+0x18a/0x760 [ 72.403908][ C1] cpu_startup_entry+0x25/0x30 [ 72.403910][ C1] start_secondary+0x425/0x4c0 [ 72.403911][ C1] secondary_startup_64+0xa4/0xb0 [ 72.403912][ C1] [ 72.403913][ C1] -> #1 (&port_lock_key){-.-.}: [ 72.403918][ C1] _raw_spin_lock_irqsave+0xa1/0xc0 [ 72.403919][ C1] serial8250_console_write+0x1d1/0xba0 [ 72.403921][ C1] univ8250_console_write+0x50/0x70 [ 72.403923][ C1] console_unlock+0x95f/0xf20 [ 72.403924][ C1] vprintk_emit+0x239/0x3a0 [ 72.403926][ C1] vprintk_default+0x28/0x30 [ 72.403927][ C1] vprintk_func+0x158/0x170 [ 72.403928][ C1] printk+0xc4/0x11d [ 72.403930][ C1] register_console+0xa81/0xe30 [ 72.403931][ C1] univ8250_console_init+0x4b/0x4d [ 72.403933][ C1] console_init+0x56/0x9c [ 72.403934][ C1] start_kernel+0x49e/0x860 [ 72.403935][ C1] x86_64_start_reservations+0x18/0x2e [ 72.403937][ C1] x86_64_start_kernel+0x7a/0x7d [ 72.403938][ C1] secondary_startup_64+0xa4/0xb0 [ 72.403939][ C1] [ 72.403940][ C1] -> #0 (console_owner){-.-.}: [ 72.403945][ C1] lock_acquire+0x158/0x250 [ 72.403946][ C1] console_lock_spinning_enable+0x56/0x60 [ 72.403948][ C1] console_unlock+0x79f/0xf20 [ 72.403949][ C1] vprintk_emit+0x239/0x3a0 [ 72.403950][ C1] vprintk_default+0x28/0x30 [ 72.403952][ C1] vprintk_func+0x158/0x170 [ 72.403953][ C1] printk+0xc4/0x11d [ 72.403954][ C1] should_fail+0x5c5/0x860 [ 72.403955][ C1] __should_failslab+0x11a/0x160 [ 72.403957][ C1] should_failslab+0x9/0x20 [ 72.403958][ C1] __kmalloc+0x7a/0x310 [ 72.403960][ C1] __tty_buffer_request_room+0x1ef/0x560 [ 72.403961][ C1] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 72.403963][ C1] pty_write+0xe2/0x190 [ 72.403964][ C1] n_tty_write+0x5f5/0x12d0 [ 72.403965][ C1] tty_write+0x581/0x860 [ 72.403966][ C1] __vfs_write+0xf9/0x7d0 [ 72.403968][ C1] vfs_write+0x227/0x510 [ 72.403969][ C1] ksys_write+0x16b/0x2a0 [ 72.403970][ C1] __x64_sys_write+0x7b/0x90 [ 72.403972][ C1] do_syscall_64+0xfe/0x140 [ 72.403973][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.403974][ C1] [ 72.403976][ C1] other info that might help us debug this: [ 72.403976][ C1] [ 72.403978][ C1] Chain exists of: [ 72.403978][ C1] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 72.403985][ C1] [ 72.403986][ C1] Possible unsafe locking scenario: [ 72.403987][ C1] [ 72.403988][ C1] CPU0 CPU1 [ 72.403990][ C1] ---- ---- [ 72.403990][ C1] lock(&(&port->lock)->rlock); [ 72.403994][ C1] lock(&port_lock_key); [ 72.403997][ C1] lock(&(&port->lock)->rlock); [ 72.404000][ C1] lock(console_owner); [ 72.404002][ C1] [ 72.404003][ C1] *** DEADLOCK *** [ 72.404004][ C1] [ 72.404006][ C1] 6 locks held by syz-executor423/8208: [ 72.404007][ C1] #0: 00000000cef2c391 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x25/0x70 [ 72.404012][ C1] #1: 00000000a7608faf (&tty->atomic_write_lock){+.+.}, at: tty_write+0x21d/0x860 [ 72.404018][ C1] #2: 00000000c1195898 (&tty->termios_rwsem){++++}, at: n_tty_write+0x22e/0x12d0 [ 72.404023][ C1] #3: 00000000fc5a138e (&ldata->output_lock){+.+.}, at: n_tty_write+0x5a9/0x12d0 [ 72.404029][ C1] #4: 0000000007643134 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xbd/0x190 [ 72.404035][ C1] #5: 00000000a1673955 (console_lock){+.+.}, at: vprintk_emit+0x21c/0x3a0 [ 72.404040][ C1] [ 72.404041][ C1] stack backtrace: [ 72.404043][ C1] CPU: 1 PID: 8208 Comm: syz-executor423 Not tainted 5.2.0-rc5+ #3 [ 72.404045][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.404046][ C1] Call Trace: [ 72.404048][ C1] dump_stack+0x1d8/0x2f8 [ 72.404049][ C1] print_circular_bug+0xd34/0xf20 [ 72.404051][ C1] ? check_noncircular+0x4d0/0x4d0 [ 72.404052][ C1] ? stack_trace_save+0x111/0x1e0 [ 72.404054][ C1] ? stack_trace_snprint+0x150/0x150 [ 72.404055][ C1] ? graph_lock+0x9a/0x280 [ 72.404056][ C1] ? find_first_zero_bit+0xd8/0x100 [ 72.404058][ C1] validate_chain+0x59d0/0x84f0 [ 72.404059][ C1] ? match_held_lock+0x280/0x280 [ 72.404061][ C1] ? match_held_lock+0x280/0x280 [ 72.404062][ C1] ? match_held_lock+0x280/0x280 [ 72.404063][ C1] ? match_held_lock+0x280/0x280 [ 72.404065][ C1] ? __read_once_size_nocheck+0x10/0x10 [ 72.404066][ C1] ? unwind_next_frame+0x415/0x870 [ 72.404068][ C1] ? match_held_lock+0x280/0x280 [ 72.404069][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 72.404070][ C1] ? kasan_check_write+0x14/0x20 [ 72.404072][ C1] ? graph_lock+0x9a/0x280 [ 72.404073][ C1] ? put_dec_trunc8+0x1c4/0x2d0 [ 72.404074][ C1] ? put_dec+0xd1/0xe0 [ 72.404075][ C1] ? skip_atoi+0xba/0xd0 [ 72.404077][ C1] ? format_decode+0x454/0x1b20 [ 72.404078][ C1] ? __bfs+0x550/0x550 [ 72.404079][ C1] ? __bfs+0x550/0x550 [ 72.404080][ C1] ? vsnprintf+0x1f3/0x1c50 [ 72.404081][ C1] ? memcpy+0x49/0x60 [ 72.404083][ C1] ? vsnprintf+0x1ba2/0x1c50 [ 72.404084][ C1] __lock_acquire+0xcf7/0x1a40 [ 72.404085][ C1] ? trace_lock_acquire+0x190/0x190 [ 72.404087][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 72.404088][ C1] ? msg_print_text+0x38c/0x550 [ 72.404089][ C1] ? memcpy+0x49/0x60 [ 72.404090][ C1] ? msg_print_text+0x3fd/0x550 [ 72.404092][ C1] ? kasan_check_write+0x14/0x20 [ 72.404093][ C1] ? trace_lock_acquire+0x11c/0x190 [ 72.404094][ C1] lock_acquire+0x158/0x250 [ 72.404096][ C1] ? console_lock_spinning_enable+0x31/0x60 [ 72.404097][ C1] console_lock_spinning_enable+0x56/0x60 [ 72.404099][ C1] ? console_lock_spinning_enable+0x31/0x60 [ 72.404100][ C1] console_unlock+0x79f/0xf20 [ 72.404101][ C1] ? trace_lock_acquire+0x11c/0x190 [ 72.404103][ C1] ? console_trylock_spinning+0x390/0x390 [ 72.404104][ C1] ? vprintk_emit+0x21c/0x3a0 [ 72.404105][ C1] ? __down_trylock_console_sem+0x180/0x1b0 [ 72.404107][ C1] ? vprintk_emit+0x21c/0x3a0 [ 72.404108][ C1] ? vprintk_emit+0x21c/0x3a0 [ 72.404109][ C1] vprintk_emit+0x239/0x3a0 [ 72.404110][ C1] vprintk_default+0x28/0x30 [ 72.404112][ C1] vprintk_func+0x158/0x170 [ 72.404113][ C1] printk+0xc4/0x11d [ 72.404114][ C1] ? stack_trace_save+0x1e0/0x1e0 [ 72.404116][ C1] ? log_buf_vmcoreinfo_setup+0x153/0x153 [ 72.404117][ C1] ? ___ratelimit+0x126/0x5d0 [ 72.404118][ C1] ? __lock_acquire+0xcf7/0x1a40 [ 72.404119][ C1] should_fail+0x5c5/0x860 [ 72.404121][ C1] ? setup_fault_attr+0x2b0/0x2b0 [ 72.404122][ C1] ? trace_lock_acquire+0x190/0x190 [ 72.404123][ C1] __should_failslab+0x11a/0x160 [ 72.404125][ C1] ? __tty_buffer_request_room+0x1ef/0x560 [ 72.404126][ C1] should_failslab+0x9/0x20 [ 72.404127][ C1] __kmalloc+0x7a/0x310 [ 72.404129][ C1] __tty_buffer_request_room+0x1ef/0x560 [ 72.404130][ C1] tty_insert_flip_string_fixed_flag+0xa4/0x2b0 [ 72.404131][ C1] pty_write+0xe2/0x190 [ 72.404133][ C1] n_tty_write+0x5f5/0x12d0 [ 72.404134][ C1] ? __might_fault+0xf9/0x160 [ 72.404135][ C1] ? n_tty_read+0x1c80/0x1c80 [ 72.404136][ C1] ? wait_woken+0x2c0/0x2c0 [ 72.404138][ C1] ? kasan_check_write+0x14/0x20 [ 72.404139][ C1] ? _copy_from_user+0xe0/0x120 [ 72.404140][ C1] tty_write+0x581/0x860 [ 72.404141][ C1] ? n_tty_read+0x1c80/0x1c80 [ 72.404143][ C1] ? redirected_tty_write+0xb0/0xb0 [ 72.404144][ C1] __vfs_write+0xf9/0x7d0 [ 72.404145][ C1] ? __kernel_write+0x330/0x330 [ 72.404147][ C1] ? vfs_write+0x448/0x510 [ 72.404148][ C1] ? security_file_permission+0x148/0x350 [ 72.404149][ C1] ? rw_verify_area+0x1c2/0x360 [ 72.404150][ C1] vfs_write+0x227/0x510 [ 72.404152][ C1] ksys_write+0x16b/0x2a0 [ 72.404153][ C1] ? __ia32_sys_read+0x90/0x90 [ 72.404154][ C1] ? prepare_exit_to_usermode+0x1e1/0x4f0 [ 72.404156][ C1] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 72.404158][ C1] ? trace_irq_disable_rcuidle+0x23/0x1c0 [ 72.404159][ C1] ? do_syscall_64+0x1d/0x140 [ 72.404161][ C1] __x64_sys_write+0x7b/0x90 [ 72.404162][ C1] do_syscall_64+0xfe/0x140 [ 72.404164][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.404165][ C1] RIP: 0033:0x4404c9 [ 72.404169][ C1] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.404171][ C1] RSP: 002b:00007ffd67920e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.404174][ C1] RAX: ffffffffffffffda RBX: 00007ffd67920ea0 RCX: 00000000004404c9 [ 72.404176][ C1] RDX: 00000000ffffff78 RSI: 00000000200000c0 RDI: 0000000000000003 [ 72.404178][ C1] RBP: 0000000000000004 R08: 0000000000000001 R09: 00007ffd67920032 [ 72.404180][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401db0 [ 72.404182][ C1] R13: 0000000000401e40 R14: 0000000000000000 R15: 0000000000000000