[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.824448] FAULT_INJECTION: forcing a failure. [ 26.824448] name failslab, interval 1, probability 0, space 0, times 1 [ 26.836259] CPU: 1 PID: 7961 Comm: syz-executor351 Not tainted 4.14.302-syzkaller #0 [ 26.844115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.853438] Call Trace: [ 26.856003] dump_stack+0x1b2/0x281 [ 26.859608] should_fail.cold+0x10a/0x149 [ 26.863729] ? trace_hardirqs_on+0x10/0x10 [ 26.867956] should_failslab+0xd6/0x130 [ 26.871902] __kmalloc+0x6d/0x400 [ 26.875332] ? tty_buffer_alloc+0xc0/0x270 [ 26.879553] tty_buffer_alloc+0xc0/0x270 [ 26.883585] __tty_buffer_request_room+0x12c/0x290 [ 26.888487] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.893996] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.899939] pty_write+0xc3/0xf0 [ 26.903278] tty_send_xchar+0x245/0x360 [ 26.907224] ? tty_write_message+0x130/0x130 [ 26.911726] ? __ldsem_down_write_nested+0x631/0x700 [ 26.916802] n_tty_ioctl_helper+0x145/0x350 [ 26.921094] n_tty_ioctl+0x47/0x2e0 [ 26.924699] tty_ioctl+0x5af/0x1430 [ 26.928480] ? n_tty_poll+0x7d0/0x7d0 [ 26.932251] ? tty_fasync+0x2c0/0x2c0 [ 26.936022] ? proc_fail_nth_write+0x7b/0x180 [ 26.940489] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.945394] ? fsnotify+0x974/0x11b0 [ 26.949088] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.953990] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.958978] ? tty_fasync+0x2c0/0x2c0 [ 26.962756] do_vfs_ioctl+0x75a/0xff0 [ 26.966527] ? ioctl_preallocate+0x1a0/0x1a0 [ 26.970914] ? vfs_write+0x319/0x4d0 [ 26.974786] ? SyS_write+0x14d/0x210 [ 26.978473] ? security_file_ioctl+0x83/0xb0 [ 26.982855] SyS_ioctl+0x7f/0xb0 [ 26.986195] ? do_vfs_ioctl+0xff0/0xff0 [ 26.990148] do_syscall_64+0x1d5/0x640 [ 26.994015] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.999184] RIP: 0033:0x7fcc47a47699 [ 27.002865] RSP: 002b:00007fff4bfe2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.010542] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcc47a47699 [ 27.017781] RDX: 0000000000000003 RSI: 000000000000540a RDI: 0000000000000003 [ 27.025021] RBP: 00007fff4bfe2030 R08: 0000000000000001 R09: 00007fcc47a00031 [ 27.032275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 27.039514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.046763] [ 27.046766] ====================================================== [ 27.046767] WARNING: possible circular locking dependency detected [ 27.046769] 4.14.302-syzkaller #0 Not tainted [ 27.046771] ------------------------------------------------------ [ 27.046772] syz-executor351/7961 is trying to acquire lock: [ 27.046773] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.046777] [ 27.046778] but task is already holding lock: [ 27.046779] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.046784] [ 27.046785] which lock already depends on the new lock. [ 27.046786] [ 27.046787] [ 27.046788] the existing dependency chain (in reverse order) is: [ 27.046789] [ 27.046790] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.046794] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.046795] tty_port_tty_get+0x1d/0x80 [ 27.046797] tty_port_default_wakeup+0x11/0x40 [ 27.046798] serial8250_tx_chars+0x3fe/0xc70 [ 27.046799] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.046801] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.046802] serial8250_interrupt+0xf3/0x210 [ 27.046804] __handle_irq_event_percpu+0xee/0x7f0 [ 27.046805] handle_irq_event+0xed/0x240 [ 27.046806] handle_edge_irq+0x224/0xc40 [ 27.046807] handle_irq+0x35/0x50 [ 27.046808] do_IRQ+0x93/0x1d0 [ 27.046810] ret_from_intr+0x0/0x1e [ 27.046811] native_safe_halt+0xe/0x10 [ 27.046812] default_idle+0x47/0x370 [ 27.046813] do_idle+0x250/0x3c0 [ 27.046814] cpu_startup_entry+0x14/0x20 [ 27.046816] start_kernel+0x743/0x763 [ 27.046817] secondary_startup_64+0xa5/0xb0 [ 27.046817] [ 27.046818] -> #1 (&port_lock_key){-.-.}: [ 27.046822] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.046824] serial8250_console_write+0x8cb/0xb40 [ 27.046825] console_unlock+0x99d/0xf20 [ 27.046826] vprintk_emit+0x224/0x620 [ 27.046827] vprintk_func+0x58/0x160 [ 27.046828] printk+0x9e/0xbc [ 27.046830] register_console+0x6f4/0xad0 [ 27.046831] univ8250_console_init+0x2f/0x3a [ 27.046832] console_init+0x46/0x53 [ 27.046833] start_kernel+0x521/0x763 [ 27.046835] secondary_startup_64+0xa5/0xb0 [ 27.046835] [ 27.046836] -> #0 (console_owner){....}: [ 27.046840] lock_acquire+0x170/0x3f0 [ 27.046841] console_unlock+0x36f/0xf20 [ 27.046842] vprintk_emit+0x224/0x620 [ 27.046844] vprintk_func+0x58/0x160 [ 27.046845] printk+0x9e/0xbc [ 27.046846] should_fail.cold+0xdf/0x149 [ 27.046847] should_failslab+0xd6/0x130 [ 27.046848] __kmalloc+0x6d/0x400 [ 27.046850] tty_buffer_alloc+0xc0/0x270 [ 27.046851] __tty_buffer_request_room+0x12c/0x290 [ 27.046853] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.046855] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.046856] pty_write+0xc3/0xf0 [ 27.046857] tty_send_xchar+0x245/0x360 [ 27.046858] n_tty_ioctl_helper+0x145/0x350 [ 27.046860] n_tty_ioctl+0x47/0x2e0 [ 27.046861] tty_ioctl+0x5af/0x1430 [ 27.046862] do_vfs_ioctl+0x75a/0xff0 [ 27.046863] SyS_ioctl+0x7f/0xb0 [ 27.046864] do_syscall_64+0x1d5/0x640 [ 27.046866] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.046867] [ 27.046868] other info that might help us debug this: [ 27.046869] [ 27.046870] Chain exists of: [ 27.046870] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.046875] [ 27.046877] Possible unsafe locking scenario: [ 27.046877] [ 27.046879] CPU0 CPU1 [ 27.046880] ---- ---- [ 27.046881] lock(&(&port->lock)->rlock); [ 27.046883] lock(&port_lock_key); [ 27.046886] lock(&(&port->lock)->rlock); [ 27.046889] lock(console_owner); [ 27.046891] [ 27.046892] *** DEADLOCK *** [ 27.046892] [ 27.046894] 5 locks held by syz-executor351/7961: [ 27.046894] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.046899] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_send_xchar+0x1b5/0x360 [ 27.046904] #2: (&tty->termios_rwsem){++++}, at: [] tty_send_xchar+0x1e8/0x360 [ 27.046908] #3: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.046913] #4: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.046917] [ 27.046918] stack backtrace: [ 27.046920] CPU: 1 PID: 7961 Comm: syz-executor351 Not tainted 4.14.302-syzkaller #0 [ 27.046923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.046924] Call Trace: [ 27.046925] dump_stack+0x1b2/0x281 [ 27.046926] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.046928] __lock_acquire+0x2e0e/0x3f20 [ 27.046929] ? trace_hardirqs_on+0x10/0x10 [ 27.046930] ? snprintf+0xd0/0xd0 [ 27.046931] ? console_unlock+0x34a/0xf20 [ 27.046932] lock_acquire+0x170/0x3f0 [ 27.046934] ? console_unlock+0x307/0xf20 [ 27.046935] console_unlock+0x36f/0xf20 [ 27.046936] ? console_unlock+0x307/0xf20 [ 27.046937] vprintk_emit+0x224/0x620 [ 27.046938] vprintk_func+0x58/0x160 [ 27.046939] printk+0x9e/0xbc [ 27.046941] ? log_store.cold+0x16/0x16 [ 27.046942] ? ___ratelimit+0x2b5/0x510 [ 27.046943] should_fail.cold+0xdf/0x149 [ 27.046944] ? trace_hardirqs_on+0x10/0x10 [ 27.046945] should_failslab+0xd6/0x130 [ 27.046947] __kmalloc+0x6d/0x400 [ 27.046948] ? tty_buffer_alloc+0xc0/0x270 [ 27.046949] tty_buffer_alloc+0xc0/0x270 [ 27.046950] __tty_buffer_request_room+0x12c/0x290 [ 27.046952] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.046953] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.046955] pty_write+0xc3/0xf0 [ 27.046956] tty_send_xchar+0x245/0x360 [ 27.046957] ? tty_write_message+0x130/0x130 [ 27.046958] ? __ldsem_down_write_nested+0x631/0x700 [ 27.046960] n_tty_ioctl_helper+0x145/0x350 [ 27.046961] n_tty_ioctl+0x47/0x2e0 [ 27.046962] tty_ioctl+0x5af/0x1430 [ 27.046963] ? n_tty_poll+0x7d0/0x7d0 [ 27.046964] ? tty_fasync+0x2c0/0x2c0 [ 27.046966] ? proc_fail_nth_write+0x7b/0x180 [ 27.046967] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.046968] ? fsnotify+0x974/0x11b0 [ 27.046969] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 27.046971] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.046972] ? tty_fasync+0x2c0/0x2c0 [ 27.046973] do_vfs_ioctl+0x75a/0xff0 [ 27.046974] ? ioctl_preallocate+0x1a0/0x1a0 [ 27.046976] ? vfs_write+0x319/0x4d0 [ 27.046977] ? SyS_write+0x14d/0x210 [ 27.046978] ? security_file_ioctl+0x83/0xb0 [ 27.046979] SyS_ioctl+0x7f/0xb0 [ 27.046980] ? do_vfs_ioctl+0xff0/0xff0 [ 27.046981] do_syscall_64+0x1d5/0x640 [ 27.046983] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.046984] RIP: 0033:0x7fcc47a47699 [ 27.046985] RSP: 002b:00007fff4bfe2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.046989] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcc47a47699 [ 27.046991] RDX: 0000000000000003 RSI