[ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.593690] FAULT_INJECTION: forcing a failure. [ 32.593690] name failslab, interval 1, probability 0, space 0, times 1 [ 32.606007] CPU: 0 PID: 8104 Comm: syz-executor123 Not tainted 4.19.211-syzkaller #0 [ 32.613866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.623324] Call Trace: [ 32.625898] dump_stack+0x1fc/0x2ef [ 32.629513] should_fail.cold+0xa/0xf [ 32.633294] ? setup_fault_attr+0x200/0x200 [ 32.637598] ? mark_held_locks+0xf0/0xf0 [ 32.641636] ? mark_held_locks+0xf0/0xf0 [ 32.645676] __should_failslab+0x115/0x180 [ 32.649891] should_failslab+0x5/0x10 [ 32.653676] __kmalloc+0x6d/0x3c0 [ 32.657120] ? tty_buffer_alloc+0x23f/0x2a0 [ 32.661419] tty_buffer_alloc+0x23f/0x2a0 [ 32.665547] __tty_buffer_request_room+0x156/0x2a0 [ 32.670455] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 32.675968] ? do_raw_spin_lock+0xcb/0x220 [ 32.680182] pty_write+0x126/0x1f0 [ 32.683704] tty_put_char+0x122/0x150 [ 32.687541] ? dev_match_devt+0x90/0x90 [ 32.691490] ? tty_buffer_space_avail+0x7e/0xb0 [ 32.696138] ? pty_write_room+0xbe/0xe0 [ 32.700088] ? ptmx_open+0x350/0x350 [ 32.703783] __process_echoes+0x577/0x9f0 [ 32.707911] n_tty_receive_buf_common+0xc0c/0x2a90 [ 32.712822] ? n_tty_receive_buf2+0x40/0x40 [ 32.717209] tty_ioctl+0x1026/0x1630 [ 32.720909] ? tty_fasync+0x300/0x300 [ 32.724775] ? get_pid_task+0xf4/0x190 [ 32.728639] ? proc_fail_nth_write+0x95/0x1d0 [ 32.733119] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 32.738028] ? debug_check_no_obj_freed+0x201/0x490 [ 32.743023] ? __vfs_write+0xff/0x770 [ 32.746800] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 32.751709] ? common_file_perm+0x4e5/0x850 [ 32.756016] ? tty_fasync+0x300/0x300 [ 32.759794] do_vfs_ioctl+0xcdb/0x12e0 [ 32.763665] ? vfs_write+0x3d7/0x540 [ 32.767357] ? ioctl_preallocate+0x200/0x200 [ 32.771740] ? lock_downgrade+0x720/0x720 [ 32.775866] ? check_preemption_disabled+0x41/0x280 [ 32.780857] ? vfs_write+0x393/0x540 [ 32.784548] ? ksys_write+0x1c8/0x2a0 [ 32.788323] ksys_ioctl+0x9b/0xc0 [ 32.791756] __x64_sys_ioctl+0x6f/0xb0 [ 32.795619] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.800179] do_syscall_64+0xf9/0x620 [ 32.803986] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.809153] RIP: 0033:0x7f03870336f9 [ 32.812845] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.831727] RSP: 002b:00007fff7ee18658 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 32.839504] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f03870336f9 [ 32.846751] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 32.854002] RBP: 00007fff7ee18660 R08: 0000000000000001 R09: 00007f0386ff0031 [ 32.861253] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 32.868498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.875756] [ 32.875760] ====================================================== [ 32.875762] WARNING: possible circular locking dependency detected [ 32.875764] 4.19.211-syzkaller #0 Not tainted [ 32.875767] ------------------------------------------------------ [ 32.875770] syz-executor123/8104 is trying to acquire lock: [ 32.875772] 000000005e7b4315 (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 32.875779] [ 32.875781] but task is already holding lock: [ 32.875783] 0000000000c0cfca (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 32.875790] [ 32.875793] which lock already depends on the new lock. [ 32.875794] [ 32.875795] [ 32.875798] the existing dependency chain (in reverse order) is: [ 32.875799] [ 32.875800] -> #2 (&(&port->lock)->rlock){-.-.}: [ 32.875808] tty_port_tty_get+0x1d/0x80 [ 32.875810] tty_port_default_wakeup+0x11/0x40 [ 32.875812] serial8250_tx_chars+0x490/0xaf0 [ 32.875814] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 32.875817] serial8250_default_handle_irq+0xae/0x220 [ 32.875819] serial8250_interrupt+0x101/0x240 [ 32.875821] __handle_irq_event_percpu+0x27e/0x8e0 [ 32.875824] handle_irq_event+0x102/0x290 [ 32.875826] handle_edge_irq+0x260/0xcf0 [ 32.875828] handle_irq+0x35/0x50 [ 32.875829] do_IRQ+0x93/0x1c0 [ 32.875831] ret_from_intr+0x0/0x1e [ 32.875834] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 32.875836] uart_write+0x3bb/0x6f0 [ 32.875838] do_output_char+0x5de/0x850 [ 32.875840] n_tty_write+0x46e/0xff0 [ 32.875842] tty_write+0x496/0x810 [ 32.875844] redirected_tty_write+0xaa/0xb0 [ 32.875846] do_iter_write+0x461/0x5d0 [ 32.875848] vfs_writev+0x153/0x2e0 [ 32.875850] do_writev+0x136/0x330 [ 32.875852] do_syscall_64+0xf9/0x620 [ 32.875854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.875855] [ 32.875856] -> #1 (&port_lock_key){-.-.}: [ 32.875863] serial8250_console_write+0x90e/0xb70 [ 32.875866] console_unlock+0xbb6/0x1110 [ 32.875868] vprintk_emit+0x2d1/0x740 [ 32.875869] vprintk_func+0x79/0x180 [ 32.875871] printk+0xba/0xed [ 32.875873] register_console+0x87f/0xc90 [ 32.875875] univ8250_console_init+0x3a/0x46 [ 32.875877] console_init+0x4cb/0x718 [ 32.875879] start_kernel+0x686/0x911 [ 32.875882] secondary_startup_64+0xa4/0xb0 [ 32.875883] [ 32.875884] -> #0 (console_owner){....}: [ 32.875891] console_unlock+0x411/0x1110 [ 32.875893] vprintk_emit+0x2d1/0x740 [ 32.875895] vprintk_func+0x79/0x180 [ 32.875897] printk+0xba/0xed [ 32.875898] should_fail+0x66b/0x7b0 [ 32.875901] __should_failslab+0x115/0x180 [ 32.875903] should_failslab+0x5/0x10 [ 32.875905] __kmalloc+0x6d/0x3c0 [ 32.875907] tty_buffer_alloc+0x23f/0x2a0 [ 32.875909] __tty_buffer_request_room+0x156/0x2a0 [ 32.875912] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 32.875914] pty_write+0x126/0x1f0 [ 32.875916] tty_put_char+0x122/0x150 [ 32.875918] __process_echoes+0x577/0x9f0 [ 32.875920] n_tty_receive_buf_common+0xc0c/0x2a90 [ 32.875922] tty_ioctl+0x1026/0x1630 [ 32.875924] do_vfs_ioctl+0xcdb/0x12e0 [ 32.875926] ksys_ioctl+0x9b/0xc0 [ 32.875928] __x64_sys_ioctl+0x6f/0xb0 [ 32.875930] do_syscall_64+0xf9/0x620 [ 32.875932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.875933] [ 32.875936] other info that might help us debug this: [ 32.875937] [ 32.875938] Chain exists of: [ 32.875939] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 32.875949] [ 32.875951] Possible unsafe locking scenario: [ 32.875952] [ 32.875954] CPU0 CPU1 [ 32.875956] ---- ---- [ 32.875957] lock(&(&port->lock)->rlock); [ 32.875962] lock(&port_lock_key); [ 32.875967] lock(&(&port->lock)->rlock); [ 32.875971] lock(console_owner); [ 32.875975] [ 32.875976] *** DEADLOCK *** [ 32.875977] [ 32.875980] 6 locks held by syz-executor123/8104: [ 32.875981] #0: 00000000183a68d8 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 32.875989] #1: 000000002239e0c8 (&port->buf.lock/1){+.+.}, at: tty_ioctl+0xfbc/0x1630 [ 32.875999] #2: 00000000b21f2233 (&o_tty->termios_rwsem/1){++++}, at: n_tty_receive_buf_common+0x84/0x2a90 [ 32.876009] #3: 0000000080a1c05c (&ldata->output_lock){+.+.}, at: n_tty_receive_buf_common+0xbce/0x2a90 [ 32.876018] #4: 0000000000c0cfca (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 32.876026] #5: 0000000069fb5bf3 (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 32.876035] [ 32.876036] stack backtrace: [ 32.876040] CPU: 0 PID: 8104 Comm: syz-executor123 Not tainted 4.19.211-syzkaller #0 [ 32.876043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.876045] Call Trace: [ 32.876047] dump_stack+0x1fc/0x2ef [ 32.876050] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 32.876052] __lock_acquire+0x30c9/0x3ff0 [ 32.876054] ? mark_held_locks+0xf0/0xf0 [ 32.876056] ? snprintf+0xf0/0xf0 [ 32.876058] ? console_unlock+0x3ec/0x1110 [ 32.876060] lock_acquire+0x170/0x3c0 [ 32.876062] ? console_unlock+0x3a9/0x1110 [ 32.876064] console_unlock+0x411/0x1110 [ 32.876066] ? console_unlock+0x3a9/0x1110 [ 32.876068] vprintk_emit+0x2d1/0x740 [ 32.876070] vprintk_func+0x79/0x180 [ 32.876071] printk+0xba/0xed [ 32.876073] ? log_store.cold+0x16/0x16 [ 32.876076] ? __lock_acquire+0x22f9/0x3ff0 [ 32.876078] ? ___ratelimit+0x319/0x590 [ 32.876080] should_fail+0x66b/0x7b0 [ 32.876082] ? setup_fault_attr+0x200/0x200 [ 32.876084] ? mark_held_locks+0xf0/0xf0 [ 32.876086] ? mark_held_locks+0xf0/0xf0 [ 32.876088] __should_failslab+0x115/0x180 [ 32.876092] should_failslab+0x5/0x10 [ 32.876094] __kmalloc+0x6d/0x3c0 [ 32.876098] ? tty_buffer_alloc+0x23f/0x2a0 [ 32.876101] tty_buffer_alloc+0x23f/0x2a0 [ 32.876105] __tty_buffer_request_room+0x156/0x2a0 [ 32.876108] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 32.876112] ? do_raw_spin_lock+0xcb/0x220 [ 32.876115] pty_write+0x126/0x1f0 [ 32.876118] tty_put_char+0x122/0x150 [ 32.876121] ? dev_match_devt+0x90/0x90 [ 32.876124] ? tty_buffer_space_avail+0x7e/0xb0 [ 32.876127] ? pty_write_room+0xbe/0xe0 [ 32.876130] ? ptmx_open+0x350/0x350 [ 32.876133] __process_echoes+0x577/0x9f0 [ 32.876137] n_tty_receive_buf_common+0xc0c/0x2a90 [ 32.876140] ? n_tty_receive_buf2+0x40/0x40 [ 32.876143] tty_ioctl+0x1026/0x1630 [ 32.876146] ? tty_fasync+0x300/0x300 [ 32.876149] ? get_pid_task+0xf4/0x190 [ 32.876152] ? proc_fail_nth_write+0x95/0x1d0 [ 32.876155] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 32.876159] ? debug_check_no_obj_freed+0x201/0x490 [ 32.876162] ? __vfs_write+0xff/0x770 [ 32.876166] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 32.876168] ? common_file_perm+0x4e5/0x850 [ 32.876170] ? tty_fasync+0x300/0x300 [ 32.876172] do_vfs_ioctl+0xcdb/0x12e0 [ 32.876174] ? vfs_write+0x3d7/0x540 [ 32.876176] ? ioctl_preallocate+0x200/0x200 [ 32.876178] ? lock_downgrade+0x720/0x720 [ 32.876181] ? check_preemption_disabled+0x41/0x280 [ 32.876183] ? vfs_write+0x393/0x540 [ 32.876184] ? ksys_write+0x1c8/0x2a0 [ 32.876186] ksys_ioctl+0x9b/0xc0 [ 32.876188] __x64_sys_ioctl+0x6f/0xb0 [ 32.876190] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.876192] do_syscall_64+0xf9/0x620 [ 32.876195] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.876197] RIP: 0033:0x7f03870336f9 [ 32.876204] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.876206] RSP: 002b:00007fff7ee18658 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 32.876215] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f03870336f9 [ 32.876219] RDX: 0000000020000180 RSI: 0000000000005412 RDI: 0000000000000004 [ 32.876222] RBP: 00007fff7ee18660 R08: 0000000000000001 R09: 00007f0386ff