[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.72' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.179773] FAULT_INJECTION: forcing a failure. [ 29.179773] name failslab, interval 1, probability 0, space 0, times 1 [ 29.191462] CPU: 1 PID: 7956 Comm: syz-executor413 Not tainted 4.14.302-syzkaller #0 [ 29.199321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.209699] Call Trace: [ 29.212272] dump_stack+0x1b2/0x281 [ 29.215879] should_fail.cold+0x10a/0x149 [ 29.220002] ? trace_hardirqs_on+0x10/0x10 [ 29.224348] should_failslab+0xd6/0x130 [ 29.228310] __kmalloc+0x6d/0x400 [ 29.231745] ? tty_buffer_alloc+0xc0/0x270 [ 29.235964] tty_buffer_alloc+0xc0/0x270 [ 29.240000] __tty_buffer_request_room+0x12c/0x290 [ 29.244905] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.250415] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.256391] pty_write+0xc3/0xf0 [ 29.259731] tty_send_xchar+0x245/0x360 [ 29.263678] ? tty_write_message+0x130/0x130 [ 29.268057] ? __ldsem_down_write_nested+0x631/0x700 [ 29.273131] n_tty_ioctl_helper+0x145/0x350 [ 29.277427] n_tty_ioctl+0x47/0x2e0 [ 29.281032] tty_ioctl+0x5af/0x1430 [ 29.284636] ? n_tty_poll+0x7d0/0x7d0 [ 29.288407] ? tty_fasync+0x2c0/0x2c0 [ 29.292180] ? proc_fail_nth_write+0x7b/0x180 [ 29.296654] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.301574] ? fsnotify+0x974/0x11b0 [ 29.306045] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.310946] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.315936] ? tty_fasync+0x2c0/0x2c0 [ 29.319712] do_vfs_ioctl+0x75a/0xff0 [ 29.323495] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.327876] ? vfs_write+0x319/0x4d0 [ 29.331562] ? SyS_write+0x14d/0x210 [ 29.335252] ? security_file_ioctl+0x83/0xb0 [ 29.339632] SyS_ioctl+0x7f/0xb0 [ 29.342971] ? do_vfs_ioctl+0xff0/0xff0 [ 29.346922] do_syscall_64+0x1d5/0x640 [ 29.350785] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.355959] RIP: 0033:0x7f9937108679 [ 29.359643] RSP: 002b:00007ffec6830e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.367330] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9937108679 [ 29.374575] RDX: 0000000000000003 RSI: 000000000000540a RDI: 0000000000000003 [ 29.381821] RBP: 00007ffec6830ea0 R08: 0000000000000001 R09: 00007f99370c0031 [ 29.389062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 29.396309] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.403571] [ 29.403573] ====================================================== [ 29.403575] WARNING: possible circular locking dependency detected [ 29.403576] 4.14.302-syzkaller #0 Not tainted [ 29.403578] ------------------------------------------------------ [ 29.403579] syz-executor413/7956 is trying to acquire lock: [ 29.403580] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.403585] [ 29.403586] but task is already holding lock: [ 29.403587] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.403591] [ 29.403593] which lock already depends on the new lock. [ 29.403593] [ 29.403594] [ 29.403596] the existing dependency chain (in reverse order) is: [ 29.403596] [ 29.403597] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.403601] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.403603] tty_port_tty_get+0x1d/0x80 [ 29.403604] tty_port_default_wakeup+0x11/0x40 [ 29.403605] serial8250_tx_chars+0x3fe/0xc70 [ 29.403607] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.403609] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.403610] serial8250_interrupt+0xf3/0x210 [ 29.403611] __handle_irq_event_percpu+0xee/0x7f0 [ 29.403613] handle_irq_event+0xed/0x240 [ 29.403614] handle_edge_irq+0x224/0xc40 [ 29.403615] handle_irq+0x35/0x50 [ 29.403616] do_IRQ+0x93/0x1d0 [ 29.403617] ret_from_intr+0x0/0x1e [ 29.403619] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 29.403620] uart_write+0x2dd/0x560 [ 29.403621] do_output_char+0x4f5/0x750 [ 29.403622] n_tty_write+0x3e3/0xda0 [ 29.403623] tty_write+0x410/0x740 [ 29.403625] redirected_tty_write+0x9c/0xb0 [ 29.403626] do_iter_write+0x3da/0x550 [ 29.403627] vfs_writev+0x125/0x290 [ 29.403628] do_writev+0xfc/0x2c0 [ 29.403630] do_syscall_64+0x1d5/0x640 [ 29.403631] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.403632] [ 29.403632] -> #1 (&port_lock_key){-.-.}: [ 29.403637] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.403638] serial8250_console_write+0x8cb/0xb40 [ 29.403639] console_unlock+0x99d/0xf20 [ 29.403641] vprintk_emit+0x224/0x620 [ 29.403642] vprintk_func+0x58/0x160 [ 29.403643] printk+0x9e/0xbc [ 29.403644] register_console+0x6f4/0xad0 [ 29.403645] univ8250_console_init+0x2f/0x3a [ 29.403647] console_init+0x46/0x53 [ 29.403648] start_kernel+0x521/0x763 [ 29.403649] secondary_startup_64+0xa5/0xb0 [ 29.403650] [ 29.403651] -> #0 (console_owner){....}: [ 29.403655] lock_acquire+0x170/0x3f0 [ 29.403656] console_unlock+0x36f/0xf20 [ 29.403657] vprintk_emit+0x224/0x620 [ 29.403658] vprintk_func+0x58/0x160 [ 29.403659] printk+0x9e/0xbc [ 29.403661] should_fail.cold+0xdf/0x149 [ 29.403662] should_failslab+0xd6/0x130 [ 29.403663] __kmalloc+0x6d/0x400 [ 29.403664] tty_buffer_alloc+0xc0/0x270 [ 29.403666] __tty_buffer_request_room+0x12c/0x290 [ 29.403667] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.403669] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.403670] pty_write+0xc3/0xf0 [ 29.403672] tty_send_xchar+0x245/0x360 [ 29.403673] n_tty_ioctl_helper+0x145/0x350 [ 29.403674] n_tty_ioctl+0x47/0x2e0 [ 29.403675] tty_ioctl+0x5af/0x1430 [ 29.403677] do_vfs_ioctl+0x75a/0xff0 [ 29.403678] SyS_ioctl+0x7f/0xb0 [ 29.403679] do_syscall_64+0x1d5/0x640 [ 29.403680] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.403681] [ 29.403682] other info that might help us debug this: [ 29.403683] [ 29.403684] Chain exists of: [ 29.403685] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.403690] [ 29.403691] Possible unsafe locking scenario: [ 29.403692] [ 29.403693] CPU0 CPU1 [ 29.403694] ---- ---- [ 29.403695] lock(&(&port->lock)->rlock); [ 29.403698] lock(&port_lock_key); [ 29.403701] lock(&(&port->lock)->rlock); [ 29.403703] lock(console_owner); [ 29.403705] [ 29.403706] *** DEADLOCK *** [ 29.403707] [ 29.403708] 5 locks held by syz-executor413/7956: [ 29.403709] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.403713] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_send_xchar+0x1b5/0x360 [ 29.403718] #2: (&tty->termios_rwsem){++++}, at: [] tty_send_xchar+0x1e8/0x360 [ 29.403723] #3: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.403728] #4: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.403732] [ 29.403733] stack backtrace: [ 29.403735] CPU: 1 PID: 7956 Comm: syz-executor413 Not tainted 4.14.302-syzkaller #0 [ 29.403737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 29.403738] Call Trace: [ 29.403740] dump_stack+0x1b2/0x281 [ 29.403741] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.403742] __lock_acquire+0x2e0e/0x3f20 [ 29.403744] ? trace_hardirqs_on+0x10/0x10 [ 29.403745] ? snprintf+0xd0/0xd0 [ 29.403746] ? console_unlock+0x34a/0xf20 [ 29.403747] lock_acquire+0x170/0x3f0 [ 29.403748] ? console_unlock+0x307/0xf20 [ 29.403750] console_unlock+0x36f/0xf20 [ 29.403751] ? console_unlock+0x307/0xf20 [ 29.403752] vprintk_emit+0x224/0x620 [ 29.403753] vprintk_func+0x58/0x160 [ 29.403754] printk+0x9e/0xbc [ 29.403755] ? log_store.cold+0x16/0x16 [ 29.403756] ? ___ratelimit+0x2b5/0x510 [ 29.403758] should_fail.cold+0xdf/0x149 [ 29.403759] ? trace_hardirqs_on+0x10/0x10 [ 29.403760] should_failslab+0xd6/0x130 [ 29.403761] __kmalloc+0x6d/0x400 [ 29.403762] ? tty_buffer_alloc+0xc0/0x270 [ 29.403763] tty_buffer_alloc+0xc0/0x270 [ 29.403765] __tty_buffer_request_room+0x12c/0x290 [ 29.403766] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.403768] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.403769] pty_write+0xc3/0xf0 [ 29.403770] tty_send_xchar+0x245/0x360 [ 29.403772] ? tty_write_message+0x130/0x130 [ 29.403773] ? __ldsem_down_write_nested+0x631/0x700 [ 29.403774] n_tty_ioctl_helper+0x145/0x350 [ 29.403775] n_tty_ioctl+0x47/0x2e0 [ 29.403777] tty_ioctl+0x5af/0x1430 [ 29.403778] ? n_tty_poll+0x7d0/0x7d0 [ 29.403779] ? tty_fasync+0x2c0/0x2c0 [ 29.403780] ? proc_fail_nth_write+0x7b/0x180 [ 29.403782] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.403783] ? fsnotify+0x974/0x11b0 [ 29.403784] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.403786] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.403787] ? tty_fasync+0x2c0/0x2c0 [ 29.403788] do_vfs_ioctl+0x75a/0xff0 [ 29.403789] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.403790] ? vfs_write+0x319/0x4d0 [ 29.403791] ? SyS_write+0x14d/0x210 [ 29.403793] ? security_file_ioctl+0x83/0xb0 [ 29.403794] SyS_ioctl+0x7f/0xb0 [ 29.403795] ? do_vfs_ioctl+0xff0/0xff0 [ 29.403796] do_syscall_64+0x1d5/0x640 [ 29.403798] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.403799] RIP: 0033:0x7f9937108679 [ 29.403800] RSP: 002b:00007ffec6830e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.403803] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9937108679 [ 29.403805] RDX: 0000000000000003 RSI: 000000000000540a RDI: 0000000000000003 [ 29.403807] RBP: 00007ffec6830ea0 R08: 0000000000000001 R09: 00007f99370c0031 [ 29.403809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 29.403811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000