[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.231102] FAULT_INJECTION: forcing a failure. [ 35.231102] name failslab, interval 1, probability 0, space 0, times 1 [ 35.243233] CPU: 1 PID: 7987 Comm: syz-executor406 Not tainted 4.14.305-syzkaller #0 [ 35.251098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 35.260438] Call Trace: [ 35.263014] dump_stack+0x1b2/0x281 [ 35.266723] should_fail.cold+0x10a/0x149 [ 35.270856] ? trace_hardirqs_on+0x10/0x10 [ 35.275077] should_failslab+0xd6/0x130 [ 35.279036] __kmalloc+0x6d/0x400 [ 35.282571] ? tty_buffer_alloc+0xc0/0x270 [ 35.286878] tty_buffer_alloc+0xc0/0x270 [ 35.291022] __tty_buffer_request_room+0x12c/0x290 [ 35.295941] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.301466] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.307456] pty_write+0xc3/0xf0 [ 35.310818] tty_send_xchar+0x245/0x360 [ 35.314779] ? tty_write_message+0x130/0x130 [ 35.319293] ? __ldsem_down_write_nested+0x6c3/0x700 [ 35.324405] n_tty_ioctl_helper+0x145/0x350 [ 35.328748] n_tty_ioctl+0x47/0x2e0 [ 35.332397] tty_ioctl+0x5af/0x1430 [ 35.336010] ? n_tty_poll+0x7d0/0x7d0 [ 35.339997] ? tty_fasync+0x2c0/0x2c0 [ 35.344064] ? proc_fail_nth_write+0x7b/0x180 [ 35.348572] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 35.353496] ? fsnotify+0x974/0x11b0 [ 35.357292] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 35.362218] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.367233] ? tty_fasync+0x2c0/0x2c0 [ 35.371043] do_vfs_ioctl+0x75a/0xff0 [ 35.375030] ? ioctl_preallocate+0x1a0/0x1a0 [ 35.379437] ? vfs_write+0x319/0x4d0 [ 35.383138] ? SyS_write+0x14d/0x210 [ 35.386855] ? security_file_ioctl+0x83/0xb0 [ 35.391268] SyS_ioctl+0x7f/0xb0 [ 35.394632] ? do_vfs_ioctl+0xff0/0xff0 [ 35.399996] do_syscall_64+0x1d5/0x640 [ 35.403980] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.409164] RIP: 0033:0x7f6d28001699 [ 35.412890] RSP: 002b:00007ffcb2860638 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 35.420684] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f6d28001699 [ 35.428043] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003 [ 35.435295] RBP: 00007ffcb2860640 R08: 0000000000000001 R09: 00007f6d27fc0031 [ 35.442585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 35.449866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.457146] [ 35.457150] ====================================================== [ 35.457154] WARNING: possible circular locking dependency detected [ 35.457156] 4.14.305-syzkaller #0 Not tainted [ 35.457160] ------------------------------------------------------ [ 35.457164] syz-executor406/7987 is trying to acquire lock: [ 35.457165] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 35.457173] [ 35.457176] but task is already holding lock: [ 35.457177] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.457187] [ 35.457190] which lock already depends on the new lock. [ 35.457191] [ 35.457192] [ 35.457196] the existing dependency chain (in reverse order) is: [ 35.457197] [ 35.457198] -> #2 (&(&port->lock)->rlock){-.-.}: [ 35.457207] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.457216] tty_port_tty_get+0x1d/0x80 [ 35.457219] tty_port_default_wakeup+0x11/0x40 [ 35.457222] serial8250_tx_chars+0x3fe/0xc70 [ 35.457225] serial8250_handle_irq.part.0+0x2c7/0x390 [ 35.457228] serial8250_default_handle_irq+0x8a/0x1f0 [ 35.457231] serial8250_interrupt+0xf3/0x210 [ 35.457234] __handle_irq_event_percpu+0xee/0x7f0 [ 35.457237] handle_irq_event+0xed/0x240 [ 35.457239] handle_edge_irq+0x224/0xc40 [ 35.457242] handle_irq+0x35/0x50 [ 35.457244] do_IRQ+0x93/0x1d0 [ 35.457246] ret_from_intr+0x0/0x1e [ 35.457249] native_safe_halt+0xe/0x10 [ 35.457251] default_idle+0x47/0x370 [ 35.457254] do_idle+0x250/0x3c0 [ 35.457256] cpu_startup_entry+0x14/0x20 [ 35.457259] start_kernel+0x743/0x763 [ 35.457262] secondary_startup_64+0xa5/0xb0 [ 35.457263] [ 35.457264] -> #1 (&port_lock_key){-.-.}: [ 35.457272] _raw_spin_lock_irqsave+0x8c/0xc0 [ 35.457275] serial8250_console_write+0x8cb/0xb40 [ 35.457278] console_unlock+0x99d/0xf20 [ 35.457281] vprintk_emit+0x224/0x620 [ 35.457283] vprintk_func+0x58/0x160 [ 35.457285] printk+0x9e/0xbc [ 35.457288] register_console+0x6f4/0xad0 [ 35.457291] univ8250_console_init+0x2f/0x3a [ 35.457293] console_init+0x46/0x53 [ 35.457296] start_kernel+0x521/0x763 [ 35.457298] secondary_startup_64+0xa5/0xb0 [ 35.457299] [ 35.457301] -> #0 (console_owner){....}: [ 35.457309] lock_acquire+0x170/0x3f0 [ 35.457311] console_unlock+0x36f/0xf20 [ 35.457314] vprintk_emit+0x224/0x620 [ 35.457316] vprintk_func+0x58/0x160 [ 35.457318] printk+0x9e/0xbc [ 35.457321] should_fail.cold+0xdf/0x149 [ 35.457324] should_failslab+0xd6/0x130 [ 35.457326] __kmalloc+0x6d/0x400 [ 35.457329] tty_buffer_alloc+0xc0/0x270 [ 35.457332] __tty_buffer_request_room+0x12c/0x290 [ 35.457335] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.457339] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.457341] pty_write+0xc3/0xf0 [ 35.457344] tty_send_xchar+0x245/0x360 [ 35.457346] n_tty_ioctl_helper+0x145/0x350 [ 35.457349] n_tty_ioctl+0x47/0x2e0 [ 35.457351] tty_ioctl+0x5af/0x1430 [ 35.457354] do_vfs_ioctl+0x75a/0xff0 [ 35.457356] SyS_ioctl+0x7f/0xb0 [ 35.457359] do_syscall_64+0x1d5/0x640 [ 35.457362] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.457363] [ 35.457366] other info that might help us debug this: [ 35.457367] [ 35.457369] Chain exists of: [ 35.457370] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 35.457380] [ 35.457383] Possible unsafe locking scenario: [ 35.457384] [ 35.457387] CPU0 CPU1 [ 35.457390] ---- ---- [ 35.457391] lock(&(&port->lock)->rlock); [ 35.457397] lock(&port_lock_key); [ 35.457403] lock(&(&port->lock)->rlock); [ 35.457407] lock(console_owner); [ 35.457411] [ 35.457413] *** DEADLOCK *** [ 35.457415] [ 35.457417] 5 locks held by syz-executor406/7987: [ 35.457419] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 35.457428] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_send_xchar+0x1b5/0x360 [ 35.457437] #2: (&tty->termios_rwsem){++++}, at: [] tty_send_xchar+0x1e8/0x360 [ 35.457446] #3: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 35.457457] #4: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 35.457465] [ 35.457467] stack backtrace: [ 35.457472] CPU: 1 PID: 7987 Comm: syz-executor406 Not tainted 4.14.305-syzkaller #0 [ 35.457477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 35.457479] Call Trace: [ 35.457481] dump_stack+0x1b2/0x281 [ 35.457485] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 35.457487] __lock_acquire+0x2e0e/0x3f20 [ 35.457490] ? trace_hardirqs_on+0x10/0x10 [ 35.457492] ? snprintf+0xd0/0xd0 [ 35.457494] ? console_unlock+0x34a/0xf20 [ 35.457497] lock_acquire+0x170/0x3f0 [ 35.457499] ? console_unlock+0x307/0xf20 [ 35.457502] console_unlock+0x36f/0xf20 [ 35.457504] ? console_unlock+0x307/0xf20 [ 35.457507] vprintk_emit+0x224/0x620 [ 35.457509] vprintk_func+0x58/0x160 [ 35.457511] printk+0x9e/0xbc [ 35.457514] ? log_store.cold+0x16/0x16 [ 35.457516] ? ___ratelimit+0x2b5/0x510 [ 35.457518] should_fail.cold+0xdf/0x149 [ 35.457521] ? trace_hardirqs_on+0x10/0x10 [ 35.457523] should_failslab+0xd6/0x130 [ 35.457526] __kmalloc+0x6d/0x400 [ 35.457528] ? tty_buffer_alloc+0xc0/0x270 [ 35.457531] tty_buffer_alloc+0xc0/0x270 [ 35.457534] __tty_buffer_request_room+0x12c/0x290 [ 35.457537] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 35.457540] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 35.457543] pty_write+0xc3/0xf0 [ 35.457545] tty_send_xchar+0x245/0x360 [ 35.457548] ? tty_write_message+0x130/0x130 [ 35.457551] ? __ldsem_down_write_nested+0x6c3/0x700 [ 35.457553] n_tty_ioctl_helper+0x145/0x350 [ 35.457556] n_tty_ioctl+0x47/0x2e0 [ 35.457558] tty_ioctl+0x5af/0x1430 [ 35.457560] ? n_tty_poll+0x7d0/0x7d0 [ 35.457563] ? tty_fasync+0x2c0/0x2c0 [ 35.457565] ? proc_fail_nth_write+0x7b/0x180 [ 35.457568] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 35.457571] ? fsnotify+0x974/0x11b0 [ 35.457574] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 35.457577] ? debug_check_no_obj_freed+0x2c0/0x680 [ 35.457579] ? tty_fasync+0x2c0/0x2c0 [ 35.457581] do_vfs_ioctl+0x75a/0xff0 [ 35.457584] ? ioctl_preallocate+0x1a0/0x1a0 [ 35.457586] ? vfs_write+0x319/0x4d0 [ 35.457589] ? SyS_write+0x14d/0x210 [ 35.457591] ? security_file_ioctl+0x83/0xb0 [ 35.457594] SyS_ioctl+0x7f/0xb0 [ 35.457596] ? do_vfs_ioctl+0xff0/0xff0 [ 35.457598] do_syscall_64+0x1d5/0x640 [ 35.457601] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 35.457604] RIP: 0033:0x7f6d28001699 [ 35.457607] RSP: 002b:00007ffcb2860638 EFLAGS: 00000