[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.67' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.965837] FAULT_INJECTION: forcing a failure. [ 28.965837] name failslab, interval 1, probability 0, space 0, times 1 [ 28.977468] CPU: 1 PID: 7963 Comm: syz-executor385 Not tainted 4.14.302-syzkaller #0 [ 28.985321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.994652] Call Trace: [ 28.997219] dump_stack+0x1b2/0x281 [ 29.000826] should_fail.cold+0x10a/0x149 [ 29.004950] should_failslab+0xd6/0x130 [ 29.008906] __kmalloc+0x6d/0x400 [ 29.012343] ? tty_buffer_alloc+0xc0/0x270 [ 29.016553] tty_buffer_alloc+0xc0/0x270 [ 29.020595] __tty_buffer_request_room+0x12c/0x290 [ 29.025501] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.031015] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.036963] pty_write+0xc3/0xf0 [ 29.040307] n_tty_write+0x85e/0xda0 [ 29.044021] ? n_tty_open+0x160/0x160 [ 29.047809] ? do_wait_intr_irq+0x270/0x270 [ 29.052109] ? __might_fault+0x177/0x1b0 [ 29.056146] tty_write+0x410/0x740 [ 29.059664] ? n_tty_open+0x160/0x160 [ 29.063443] __vfs_write+0xe4/0x630 [ 29.067048] ? tty_compat_ioctl+0x240/0x240 [ 29.071346] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.076337] ? kernel_read+0x110/0x110 [ 29.080200] ? common_file_perm+0x3ee/0x580 [ 29.084502] ? security_file_permission+0x82/0x1e0 [ 29.089416] ? rw_verify_area+0xe1/0x2a0 [ 29.093463] vfs_write+0x17f/0x4d0 [ 29.096981] SyS_write+0xf2/0x210 [ 29.100410] ? SyS_read+0x210/0x210 [ 29.104012] ? __do_page_fault+0x159/0xad0 [ 29.108222] ? do_syscall_64+0x4c/0x640 [ 29.112169] ? SyS_read+0x210/0x210 [ 29.115770] do_syscall_64+0x1d5/0x640 [ 29.119667] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.124832] RIP: 0033:0x7faa8ec2e3b9 [ 29.128516] RSP: 002b:00007fffaa8893b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.136199] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007faa8ec2e3b9 [ 29.143447] RDX: 000000000000ff2e RSI: 0000000020000900 RDI: 0000000000000003 [ 29.150693] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000033363937 [ 29.157935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaa8894c0 [ 29.165181] R13: 00007fffaa8893e0 R14: 00007faa8ec6a0a1 R15: 0000000000000000 [ 29.172439] [ 29.172441] ====================================================== [ 29.172443] WARNING: possible circular locking dependency detected [ 29.172445] 4.14.302-syzkaller #0 Not tainted [ 29.172446] ------------------------------------------------------ [ 29.172448] syz-executor385/7963 is trying to acquire lock: [ 29.172449] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.172453] [ 29.172454] but task is already holding lock: [ 29.172455] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.172460] [ 29.172461] which lock already depends on the new lock. [ 29.172462] [ 29.172463] [ 29.172464] the existing dependency chain (in reverse order) is: [ 29.172465] [ 29.172466] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.172470] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.172471] tty_port_tty_get+0x1d/0x80 [ 29.172473] tty_port_default_wakeup+0x11/0x40 [ 29.172474] serial8250_tx_chars+0x3fe/0xc70 [ 29.172476] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.172477] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.172479] serial8250_interrupt+0xf3/0x210 [ 29.172480] __handle_irq_event_percpu+0xee/0x7f0 [ 29.172481] handle_irq_event+0xed/0x240 [ 29.172483] handle_edge_irq+0x224/0xc40 [ 29.172484] handle_irq+0x35/0x50 [ 29.172485] do_IRQ+0x93/0x1d0 [ 29.172486] ret_from_intr+0x0/0x1e [ 29.172487] native_safe_halt+0xe/0x10 [ 29.172489] default_idle+0x47/0x370 [ 29.172490] do_idle+0x250/0x3c0 [ 29.172491] cpu_startup_entry+0x14/0x20 [ 29.172492] start_kernel+0x743/0x763 [ 29.172493] secondary_startup_64+0xa5/0xb0 [ 29.172494] [ 29.172495] -> #1 (&port_lock_key){-.-.}: [ 29.172499] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.172500] serial8250_console_write+0x8cb/0xb40 [ 29.172502] console_unlock+0x99d/0xf20 [ 29.172503] vprintk_emit+0x224/0x620 [ 29.172504] vprintk_func+0x58/0x160 [ 29.172505] printk+0x9e/0xbc [ 29.172506] register_console+0x6f4/0xad0 [ 29.172508] univ8250_console_init+0x2f/0x3a [ 29.172509] console_init+0x46/0x53 [ 29.172510] start_kernel+0x521/0x763 [ 29.172511] secondary_startup_64+0xa5/0xb0 [ 29.172512] [ 29.172513] -> #0 (console_owner){....}: [ 29.172517] lock_acquire+0x170/0x3f0 [ 29.172518] console_unlock+0x36f/0xf20 [ 29.172519] vprintk_emit+0x224/0x620 [ 29.172520] vprintk_func+0x58/0x160 [ 29.172521] printk+0x9e/0xbc [ 29.172523] should_fail.cold+0xdf/0x149 [ 29.172524] should_failslab+0xd6/0x130 [ 29.172525] __kmalloc+0x6d/0x400 [ 29.172526] tty_buffer_alloc+0xc0/0x270 [ 29.172528] __tty_buffer_request_room+0x12c/0x290 [ 29.172530] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.172531] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.172532] pty_write+0xc3/0xf0 [ 29.172534] n_tty_write+0x85e/0xda0 [ 29.172535] tty_write+0x410/0x740 [ 29.172536] __vfs_write+0xe4/0x630 [ 29.172537] vfs_write+0x17f/0x4d0 [ 29.172538] SyS_write+0xf2/0x210 [ 29.172539] do_syscall_64+0x1d5/0x640 [ 29.172541] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.172542] [ 29.172543] other info that might help us debug this: [ 29.172544] [ 29.172545] Chain exists of: [ 29.172545] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.172550] [ 29.172552] Possible unsafe locking scenario: [ 29.172552] [ 29.172554] CPU0 CPU1 [ 29.172555] ---- ---- [ 29.172556] lock(&(&port->lock)->rlock); [ 29.172558] lock(&port_lock_key); [ 29.172561] lock(&(&port->lock)->rlock); [ 29.172564] lock(console_owner); [ 29.172566] [ 29.172567] *** DEADLOCK *** [ 29.172567] [ 29.172569] 6 locks held by syz-executor385/7963: [ 29.172569] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.172574] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 29.172578] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 29.172583] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 29.172587] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.172592] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.172597] [ 29.172598] stack backtrace: [ 29.172600] CPU: 1 PID: 7963 Comm: syz-executor385 Not tainted 4.14.302-syzkaller #0 [ 29.172602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.172603] Call Trace: [ 29.172604] dump_stack+0x1b2/0x281 [ 29.172606] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.172607] __lock_acquire+0x2e0e/0x3f20 [ 29.172608] ? trace_hardirqs_on+0x10/0x10 [ 29.172609] ? snprintf+0xd0/0xd0 [ 29.172610] ? console_unlock+0x34a/0xf20 [ 29.172611] lock_acquire+0x170/0x3f0 [ 29.172613] ? console_unlock+0x307/0xf20 [ 29.172614] console_unlock+0x36f/0xf20 [ 29.172615] ? console_unlock+0x307/0xf20 [ 29.172616] vprintk_emit+0x224/0x620 [ 29.172617] vprintk_func+0x58/0x160 [ 29.172618] printk+0x9e/0xbc [ 29.172620] ? log_store.cold+0x16/0x16 [ 29.172621] ? ___ratelimit+0x2b5/0x510 [ 29.172622] should_fail.cold+0xdf/0x149 [ 29.172623] should_failslab+0xd6/0x130 [ 29.172624] __kmalloc+0x6d/0x400 [ 29.172625] ? tty_buffer_alloc+0xc0/0x270 [ 29.172627] tty_buffer_alloc+0xc0/0x270 [ 29.172628] __tty_buffer_request_room+0x12c/0x290 [ 29.172630] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.172631] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.172632] pty_write+0xc3/0xf0 [ 29.172633] n_tty_write+0x85e/0xda0 [ 29.172635] ? n_tty_open+0x160/0x160 [ 29.172636] ? do_wait_intr_irq+0x270/0x270 [ 29.172637] ? __might_fault+0x177/0x1b0 [ 29.172638] tty_write+0x410/0x740 [ 29.172639] ? n_tty_open+0x160/0x160 [ 29.172640] __vfs_write+0xe4/0x630 [ 29.172642] ? tty_compat_ioctl+0x240/0x240 [ 29.172643] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.172644] ? kernel_read+0x110/0x110 [ 29.172646] ? common_file_perm+0x3ee/0x580 [ 29.172647] ? security_file_permission+0x82/0x1e0 [ 29.172648] ? rw_verify_area+0xe1/0x2a0 [ 29.172649] vfs_write+0x17f/0x4d0 [ 29.172650] SyS_write+0xf2/0x210 [ 29.172651] ? SyS_read+0x210/0x210 [ 29.172653] ? __do_page_fault+0x159/0xad0 [ 29.172654] ? do_syscall_64+0x4c/0x640 [ 29.172655] ? SyS_read+0x210/0x210 [ 29.172656] do_syscall_64+0x1d5/0x640 [ 29.172658] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.172659] RIP: 0033:0x7faa8ec2e3b9 [ 29.172660] RSP: 002b:00007fffaa8893b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 29.172663] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007faa8ec2e3b9 [ 29.172665] RDX: 000000000000ff2e RSI: 0000000020000900 RDI: 0000000000000003 [ 29.172667] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000033363937 [ 29.172669] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffaa8894c0 [ 29.172671] R13: 00007fffaa8893e0 R14: 00007faa8ec6a0a1 R15: 0000000000000000