[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.190' (ECDSA) to the list of known hosts. syzkaller login: [ 37.984495] IPVS: ftp: loaded support on port[0] = 21 executing program [ 38.099747] FAULT_INJECTION: forcing a failure. [ 38.099747] name failslab, interval 1, probability 0, space 0, times 1 [ 38.111992] CPU: 1 PID: 8139 Comm: syz-executor425 Not tainted 4.19.211-syzkaller #0 [ 38.119857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 38.129186] Call Trace: [ 38.131756] dump_stack+0x1fc/0x2ef [ 38.135368] should_fail.cold+0xa/0xf [ 38.139152] ? setup_fault_attr+0x200/0x200 [ 38.143712] ? mark_held_locks+0xf0/0xf0 [ 38.147751] ? mark_held_locks+0xf0/0xf0 [ 38.151792] __should_failslab+0x115/0x180 [ 38.156011] should_failslab+0x5/0x10 [ 38.159799] __kmalloc+0x6d/0x3c0 [ 38.163240] ? tty_buffer_alloc+0x23f/0x2a0 [ 38.167547] tty_buffer_alloc+0x23f/0x2a0 [ 38.171671] __tty_buffer_request_room+0x156/0x2a0 [ 38.176590] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 38.182208] ? do_raw_spin_lock+0xcb/0x220 [ 38.186435] pty_write+0x126/0x1f0 [ 38.189967] tty_put_char+0x122/0x150 [ 38.193748] ? dev_match_devt+0x90/0x90 [ 38.197731] ? tty_buffer_space_avail+0x7e/0xb0 [ 38.202382] ? pty_write_room+0xbe/0xe0 [ 38.206339] ? ptmx_open+0x350/0x350 [ 38.210043] __process_echoes+0x577/0x9f0 [ 38.214179] n_tty_receive_buf_common+0xc0c/0x2a90 [ 38.219089] ? n_tty_receive_buf2+0x40/0x40 [ 38.223388] tty_ioctl+0x1026/0x1630 [ 38.227082] ? tty_fasync+0x300/0x300 [ 38.230860] ? get_pid_task+0xf4/0x190 [ 38.234727] ? mark_held_locks+0xf0/0xf0 [ 38.238766] ? proc_fail_nth_write+0x95/0x1d0 [ 38.243238] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.248147] ? __fdget_pos+0x26f/0x310 [ 38.252015] ? ksys_write+0x241/0x2a0 [ 38.255804] ? tty_fasync+0x300/0x300 [ 38.259596] do_vfs_ioctl+0xcdb/0x12e0 [ 38.263468] ? lock_downgrade+0x720/0x720 [ 38.267593] ? check_preemption_disabled+0x41/0x280 [ 38.272587] ? ioctl_preallocate+0x200/0x200 [ 38.276975] ? __fget+0x356/0x510 [ 38.280421] ? do_dup2+0x450/0x450 [ 38.283940] ? vfs_write+0x393/0x540 [ 38.287651] ? fput+0x2b/0x190 [ 38.290833] ksys_ioctl+0x9b/0xc0 [ 38.294276] __x64_sys_ioctl+0x6f/0xb0 [ 38.298140] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.302700] do_syscall_64+0xf9/0x620 [ 38.306481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.311734] RIP: 0033:0x7f10c63cd9d9 [ 38.315429] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 38.334318] RSP: 002b:00007f10c635e268 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 38.342007] RAX: ffffffffffffffda RBX: 00007f10c64574d0 RCX: 00007f10c63cd9d9 [ 38.349256] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 38.356863] RBP: 00007f10c642415c R08: 0000000000000001 R09: 0000000000000000 [ 38.364124] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10c635e280 [ 38.371460] R13: 00007f10c64574d8 R14: 00007f10c635e27c R15: 0000000000000001 [ 38.378721] [ 38.378724] ====================================================== [ 38.378727] WARNING: possible circular locking dependency detected [ 38.378729] 4.19.211-syzkaller #0 Not tainted [ 38.378732] ------------------------------------------------------ [ 38.378735] syz-executor425/8139 is trying to acquire lock: [ 38.378736] 0000000004a2adf9 (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 38.378744] [ 38.378746] but task is already holding lock: [ 38.378748] 00000000b3b4cbb5 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 38.378755] [ 38.378757] which lock already depends on the new lock. [ 38.378759] [ 38.378760] [ 38.378762] the existing dependency chain (in reverse order) is: [ 38.378764] [ 38.378765] -> #2 (&(&port->lock)->rlock){-.-.}: [ 38.378772] tty_port_tty_get+0x1d/0x80 [ 38.378774] tty_port_default_wakeup+0x11/0x40 [ 38.378776] serial8250_tx_chars+0x490/0xaf0 [ 38.378779] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 38.378781] serial8250_default_handle_irq+0xae/0x220 [ 38.378784] serial8250_interrupt+0x101/0x240 [ 38.378786] __handle_irq_event_percpu+0x27e/0x8e0 [ 38.378788] handle_irq_event+0x102/0x290 [ 38.378790] handle_edge_irq+0x260/0xcf0 [ 38.378792] handle_irq+0x35/0x50 [ 38.378794] do_IRQ+0x93/0x1c0 [ 38.378796] ret_from_intr+0x0/0x1e [ 38.378798] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 38.378800] uart_write+0x3bb/0x6f0 [ 38.378802] do_output_char+0x5de/0x850 [ 38.378804] n_tty_write+0x46e/0xff0 [ 38.378806] tty_write+0x496/0x810 [ 38.378808] redirected_tty_write+0xaa/0xb0 [ 38.378810] do_iter_write+0x461/0x5d0 [ 38.378812] vfs_writev+0x153/0x2e0 [ 38.378814] do_writev+0x136/0x330 [ 38.378816] do_syscall_64+0xf9/0x620 [ 38.378818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.378819] [ 38.378820] -> #1 (&port_lock_key){-.-.}: [ 38.378828] serial8250_console_write+0x90e/0xb70 [ 38.378830] console_unlock+0xbb6/0x1110 [ 38.378832] vprintk_emit+0x2d1/0x740 [ 38.378834] vprintk_func+0x79/0x180 [ 38.378836] printk+0xba/0xed [ 38.378838] register_console+0x87f/0xc90 [ 38.378840] univ8250_console_init+0x3a/0x46 [ 38.378842] console_init+0x4cb/0x718 [ 38.378844] start_kernel+0x686/0x911 [ 38.378846] secondary_startup_64+0xa4/0xb0 [ 38.378847] [ 38.378848] -> #0 (console_owner){....}: [ 38.378855] console_unlock+0x411/0x1110 [ 38.378857] vprintk_emit+0x2d1/0x740 [ 38.378859] vprintk_func+0x79/0x180 [ 38.378861] printk+0xba/0xed [ 38.378863] should_fail+0x66b/0x7b0 [ 38.378865] __should_failslab+0x115/0x180 [ 38.378867] should_failslab+0x5/0x10 [ 38.378869] __kmalloc+0x6d/0x3c0 [ 38.378871] tty_buffer_alloc+0x23f/0x2a0 [ 38.378873] __tty_buffer_request_room+0x156/0x2a0 [ 38.378876] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 38.378878] pty_write+0x126/0x1f0 [ 38.378880] tty_put_char+0x122/0x150 [ 38.378882] __process_echoes+0x577/0x9f0 [ 38.378884] n_tty_receive_buf_common+0xc0c/0x2a90 [ 38.378886] tty_ioctl+0x1026/0x1630 [ 38.378888] do_vfs_ioctl+0xcdb/0x12e0 [ 38.378890] ksys_ioctl+0x9b/0xc0 [ 38.378892] __x64_sys_ioctl+0x6f/0xb0 [ 38.378894] do_syscall_64+0xf9/0x620 [ 38.378897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.378898] [ 38.378900] other info that might help us debug this: [ 38.378901] [ 38.378903] Chain exists of: [ 38.378904] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 38.378913] [ 38.378915] Possible unsafe locking scenario: [ 38.378916] [ 38.378918] CPU0 CPU1 [ 38.378920] ---- ---- [ 38.378921] lock(&(&port->lock)->rlock); [ 38.378926] lock(&port_lock_key); [ 38.378931] lock(&(&port->lock)->rlock); [ 38.378935] lock(console_owner); [ 38.378939] [ 38.378940] *** DEADLOCK *** [ 38.378942] [ 38.378944] 6 locks held by syz-executor425/8139: [ 38.378945] #0: 000000008e9e91f9 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 38.378953] #1: 000000008526086e (&port->buf.lock/1){+.+.}, at: tty_ioctl+0xfbc/0x1630 [ 38.378963] #2: 000000007a3fbb7b (&o_tty->termios_rwsem/1){++++}, at: isig+0x37d/0x430 [ 38.378972] #3: 00000000ae76bc65 (&ldata->output_lock){+.+.}, at: n_tty_receive_buf_common+0xbce/0x2a90 [ 38.378981] #4: 00000000b3b4cbb5 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 38.378989] #5: 000000002f11b544 (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 38.378998] [ 38.378999] stack backtrace: [ 38.379003] CPU: 1 PID: 8139 Comm: syz-executor425 Not tainted 4.19.211-syzkaller #0 [ 38.379006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 38.379008] Call Trace: [ 38.379010] dump_stack+0x1fc/0x2ef [ 38.379013] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 38.379015] __lock_acquire+0x30c9/0x3ff0 [ 38.379017] ? mark_held_locks+0xf0/0xf0 [ 38.379019] ? snprintf+0xf0/0xf0 [ 38.379021] ? console_unlock+0x3ec/0x1110 [ 38.379023] lock_acquire+0x170/0x3c0 [ 38.379025] ? console_unlock+0x3a9/0x1110 [ 38.379027] console_unlock+0x411/0x1110 [ 38.379029] ? console_unlock+0x3a9/0x1110 [ 38.379031] vprintk_emit+0x2d1/0x740 [ 38.379033] vprintk_func+0x79/0x180 [ 38.379035] printk+0xba/0xed [ 38.379037] ? log_store.cold+0x16/0x16 [ 38.379039] ? __lock_acquire+0x22f9/0x3ff0 [ 38.379041] ? ___ratelimit+0x319/0x590 [ 38.379043] should_fail+0x66b/0x7b0 [ 38.379045] ? setup_fault_attr+0x200/0x200 [ 38.379047] ? mark_held_locks+0xf0/0xf0 [ 38.379049] ? mark_held_locks+0xf0/0xf0 [ 38.379051] __should_failslab+0x115/0x180 [ 38.379053] should_failslab+0x5/0x10 [ 38.379055] __kmalloc+0x6d/0x3c0 [ 38.379057] ? tty_buffer_alloc+0x23f/0x2a0 [ 38.379059] tty_buffer_alloc+0x23f/0x2a0 [ 38.379061] __tty_buffer_request_room+0x156/0x2a0 [ 38.379064] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 38.379066] ? do_raw_spin_lock+0xcb/0x220 [ 38.379068] pty_write+0x126/0x1f0 [ 38.379070] tty_put_char+0x122/0x150 [ 38.379072] ? dev_match_devt+0x90/0x90 [ 38.379074] ? tty_buffer_space_avail+0x7e/0xb0 [ 38.379076] ? pty_write_room+0xbe/0xe0 [ 38.379078] ? ptmx_open+0x350/0x350 [ 38.379080] __process_echoes+0x577/0x9f0 [ 38.379082] n_tty_receive_buf_common+0xc0c/0x2a90 [ 38.379085] ? n_tty_receive_buf2+0x40/0x40 [ 38.379087] tty_ioctl+0x1026/0x1630 [ 38.379089] ? tty_fasync+0x300/0x300 [ 38.379090] ? get_pid_task+0xf4/0x190 [ 38.379093] ? mark_held_locks+0xf0/0xf0 [ 38.379095] ? proc_fail_nth_write+0x95/0x1d0 [ 38.379097] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 38.379099] ? __fdget_pos+0x26f/0x310 [ 38.379101] ? ksys_write+0x241/0x2a0 [ 38.379103] ? tty_fasync+0x300/0x300 [ 38.379105] do_vfs_ioctl+0xcdb/0x12e0 [ 38.379107] ? lock_downgrade+0x720/0x720 [ 38.379109] ? check_preemption_disabled+0x41/0x280 [ 38.379111] ? ioctl_preallocate+0x200/0x200 [ 38.379113] ? __fget+0x356/0x510 [ 38.379115] ? do_dup2+0x450/0x450 [ 38.379117] ? vfs_write+0x393/0x540 [ 38.379119] ? fput+0x2b/0x190 [ 38.379121] ksys_ioctl+0x9b/0xc0 [ 38.379123] __x64_sys_ioctl+0x6f/0xb0 [ 38.379125] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 38.379127] do_syscall_64+0xf9/0x620 [ 38.379129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 38.379131] RIP: 0033:0x7f10c63cd9d9 [ 38.379138] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 38.379141] RSP: 002b:00007f10c635e268 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 38.379146] RAX: ffffffffffffffda RBX: 00007f10c64574d0 RCX: 00007f10c63cd9d9 [ 38.379149] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 38.379152] RBP: 00007f10c642415c R08: 0000000000000001 R09: 0000000000000000 [ 38.379155] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10c635e280 [ 38.379159] R13: 00007f10