[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts. syzkaller login: [ 28.462408] IPVS: ftp: loaded support on port[0] = 21 executing program [ 28.543871] FAULT_INJECTION: forcing a failure. [ 28.543871] name failslab, interval 1, probability 0, space 0, times 1 [ 28.555685] CPU: 0 PID: 7984 Comm: syz-executor329 Not tainted 4.14.303-syzkaller #0 [ 28.563545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 28.572978] Call Trace: [ 28.575553] dump_stack+0x1b2/0x281 [ 28.579521] should_fail.cold+0x10a/0x149 [ 28.584007] ? commit_echoes+0x4c/0x1e0 [ 28.587985] should_failslab+0xd6/0x130 [ 28.592137] __kmalloc+0x6d/0x400 [ 28.595583] ? tty_buffer_alloc+0xc0/0x270 [ 28.599833] tty_buffer_alloc+0xc0/0x270 [ 28.604410] __tty_buffer_request_room+0x12c/0x290 [ 28.609691] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.615226] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.621205] pty_write+0xc3/0xf0 [ 28.624581] ? commit_echoes+0x108/0x1e0 [ 28.628636] tty_put_char+0xfe/0x120 [ 28.632335] ? dev_match_devt+0x80/0x80 [ 28.636319] ? pty_write_room+0xa9/0xd0 [ 28.640280] ? ptmx_open+0x300/0x300 [ 28.643992] __process_echoes+0x48c/0x8c0 [ 28.648240] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.653258] ? n_tty_receive_buf2+0x40/0x40 [ 28.657674] tty_ioctl+0xe8a/0x1430 [ 28.661292] ? tty_fasync+0x2c0/0x2c0 [ 28.665087] ? proc_fail_nth_write+0x7b/0x180 [ 28.669691] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 28.674595] ? fsnotify+0x974/0x11b0 [ 28.678284] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.683287] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.688640] ? tty_fasync+0x2c0/0x2c0 [ 28.692437] do_vfs_ioctl+0x75a/0xff0 [ 28.696211] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.700595] ? vfs_write+0x319/0x4d0 [ 28.704294] ? SyS_write+0x14d/0x210 [ 28.707988] ? security_file_ioctl+0x83/0xb0 [ 28.712490] SyS_ioctl+0x7f/0xb0 [ 28.715835] ? do_vfs_ioctl+0xff0/0xff0 [ 28.719783] do_syscall_64+0x1d5/0x640 [ 28.723646] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.728826] RIP: 0033:0x7fb90efc8d49 [ 28.732510] RSP: 002b:00007ffeb7125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.740279] RAX: ffffffffffffffda RBX: 00007fb90f036e50 RCX: 00007fb90efc8d49 [ 28.747524] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000004 [ 28.754783] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007ffeb7125068 [ 28.762046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb7125050 [ 28.769297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.776567] [ 28.776569] ====================================================== [ 28.776571] WARNING: possible circular locking dependency detected [ 28.776572] 4.14.303-syzkaller #0 Not tainted [ 28.776575] ------------------------------------------------------ [ 28.776576] syz-executor329/7984 is trying to acquire lock: [ 28.776577] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 28.776582] [ 28.776583] but task is already holding lock: [ 28.776584] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.776589] [ 28.776590] which lock already depends on the new lock. [ 28.776591] [ 28.776592] [ 28.776593] the existing dependency chain (in reverse order) is: [ 28.776594] [ 28.776595] -> #2 (&(&port->lock)->rlock){-.-.}: [ 28.776599] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.776601] tty_port_tty_get+0x1d/0x80 [ 28.776602] tty_port_default_wakeup+0x11/0x40 [ 28.776604] serial8250_tx_chars+0x3fe/0xc70 [ 28.776605] serial8250_handle_irq.part.0+0x2c7/0x390 [ 28.776607] serial8250_default_handle_irq+0x8a/0x1f0 [ 28.776609] serial8250_interrupt+0xf3/0x210 [ 28.776610] __handle_irq_event_percpu+0xee/0x7f0 [ 28.776611] handle_irq_event+0xed/0x240 [ 28.776613] handle_edge_irq+0x224/0xc40 [ 28.776614] handle_irq+0x35/0x50 [ 28.776615] do_IRQ+0x93/0x1d0 [ 28.776616] ret_from_intr+0x0/0x1e [ 28.776618] native_safe_halt+0xe/0x10 [ 28.776619] default_idle+0x47/0x370 [ 28.776620] do_idle+0x250/0x3c0 [ 28.776621] cpu_startup_entry+0x14/0x20 [ 28.776623] start_kernel+0x743/0x763 [ 28.776624] secondary_startup_64+0xa5/0xb0 [ 28.776625] [ 28.776625] -> #1 (&port_lock_key){-.-.}: [ 28.776630] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.776631] serial8250_console_write+0x8cb/0xb40 [ 28.776633] console_unlock+0x99d/0xf20 [ 28.776634] vprintk_emit+0x224/0x620 [ 28.776635] vprintk_func+0x58/0x160 [ 28.776636] printk+0x9e/0xbc [ 28.776638] register_console+0x6f4/0xad0 [ 28.776639] univ8250_console_init+0x2f/0x3a [ 28.776640] console_init+0x46/0x53 [ 28.776642] start_kernel+0x521/0x763 [ 28.776643] secondary_startup_64+0xa5/0xb0 [ 28.776644] [ 28.776644] -> #0 (console_owner){....}: [ 28.776649] lock_acquire+0x170/0x3f0 [ 28.776650] console_unlock+0x36f/0xf20 [ 28.776651] vprintk_emit+0x224/0x620 [ 28.776652] vprintk_func+0x58/0x160 [ 28.776654] printk+0x9e/0xbc [ 28.776655] should_fail.cold+0xdf/0x149 [ 28.776656] should_failslab+0xd6/0x130 [ 28.776657] __kmalloc+0x6d/0x400 [ 28.776659] tty_buffer_alloc+0xc0/0x270 [ 28.776661] __tty_buffer_request_room+0x12c/0x290 [ 28.776662] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.776664] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.776665] pty_write+0xc3/0xf0 [ 28.776667] tty_put_char+0xfe/0x120 [ 28.776668] __process_echoes+0x48c/0x8c0 [ 28.776670] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.776671] tty_ioctl+0xe8a/0x1430 [ 28.776673] do_vfs_ioctl+0x75a/0xff0 [ 28.776674] SyS_ioctl+0x7f/0xb0 [ 28.776675] do_syscall_64+0x1d5/0x640 [ 28.776677] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.776678] [ 28.776679] other info that might help us debug this: [ 28.776680] [ 28.776681] Chain exists of: [ 28.776682] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 28.776688] [ 28.776689] Possible unsafe locking scenario: [ 28.776690] [ 28.776691] CPU0 CPU1 [ 28.776693] ---- ---- [ 28.776693] lock(&(&port->lock)->rlock); [ 28.776697] lock(&port_lock_key); [ 28.776700] lock(&(&port->lock)->rlock); [ 28.776703] lock(console_owner); [ 28.776705] [ 28.776706] *** DEADLOCK *** [ 28.776707] [ 28.776708] 6 locks held by syz-executor329/7984: [ 28.776709] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 28.776713] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 28.776719] #2: (&o_tty->termios_rwsem/1){++++}, at: [] isig+0x36d/0x420 [ 28.776724] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 28.776729] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.776734] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 28.776739] [ 28.776740] stack backtrace: [ 28.776742] CPU: 0 PID: 7984 Comm: syz-executor329 Not tainted 4.14.303-syzkaller #0 [ 28.776744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 28.776745] Call Trace: [ 28.776747] dump_stack+0x1b2/0x281 [ 28.776748] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.776750] __lock_acquire+0x2e0e/0x3f20 [ 28.776751] ? trace_hardirqs_on+0x10/0x10 [ 28.776752] ? snprintf+0xd0/0xd0 [ 28.776754] ? console_unlock+0x34a/0xf20 [ 28.776755] lock_acquire+0x170/0x3f0 [ 28.776756] ? console_unlock+0x307/0xf20 [ 28.776758] console_unlock+0x36f/0xf20 [ 28.776759] ? console_unlock+0x307/0xf20 [ 28.776760] vprintk_emit+0x224/0x620 [ 28.776761] vprintk_func+0x58/0x160 [ 28.776763] printk+0x9e/0xbc [ 28.776764] ? log_store.cold+0x16/0x16 [ 28.776765] ? ___ratelimit+0x2b5/0x510 [ 28.776767] should_fail.cold+0xdf/0x149 [ 28.776768] ? commit_echoes+0x4c/0x1e0 [ 28.776769] should_failslab+0xd6/0x130 [ 28.776770] __kmalloc+0x6d/0x400 [ 28.776772] ? tty_buffer_alloc+0xc0/0x270 [ 28.776773] tty_buffer_alloc+0xc0/0x270 [ 28.776774] __tty_buffer_request_room+0x12c/0x290 [ 28.776776] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.776778] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.776779] pty_write+0xc3/0xf0 [ 28.776780] ? commit_echoes+0x108/0x1e0 [ 28.776782] tty_put_char+0xfe/0x120 [ 28.776783] ? dev_match_devt+0x80/0x80 [ 28.776784] ? pty_write_room+0xa9/0xd0 [ 28.776786] ? ptmx_open+0x300/0x300 [ 28.776787] __process_echoes+0x48c/0x8c0 [ 28.776789] n_tty_receive_buf_common+0x9a3/0x25a0 [ 28.776790] ? n_tty_receive_buf2+0x40/0x40 [ 28.776791] tty_ioctl+0xe8a/0x1430 [ 28.776793] ? tty_fasync+0x2c0/0x2c0 [ 28.776794] ? proc_fail_nth_write+0x7b/0x180 [ 28.776796] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 28.776797] ? fsnotify+0x974/0x11b0 [ 28.776799] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.776801] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.776802] ? tty_fasync+0x2c0/0x2c0 [ 28.776803] do_vfs_ioctl+0x75a/0xff0 [ 28.776805] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.776806] ? vfs_write+0x319/0x4d0 [ 28.776807] ? SyS_write+0x14d/0x210 [ 28.776809] ? security_file_ioctl+0x83/0xb0 [ 28.776810] SyS_ioctl+0x7f/0xb0 [ 28.776811] ? do_vfs_ioctl+0xff0/0xff0 [ 28.776813] do_syscall_64+0x1d5/0x640 [ 28.776815] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.776816] RIP: 0033:0x7fb90efc8d49 [ 28.776817] RSP: 002b:00007ffeb7125038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.776821] RAX: ffffffffffffffda RBX: 00007fb90f036e50 RCX: 00007fb90efc8d49 [ 28.776824] RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000004 [ 28.776826] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007ffeb7125068 [ 28.776828] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb7125050 [ 28.