[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.376059] FAULT_INJECTION: forcing a failure. [ 26.376059] name failslab, interval 1, probability 0, space 0, times 1 [ 26.387756] CPU: 0 PID: 7950 Comm: syz-executor762 Not tainted 4.14.302-syzkaller #0 [ 26.395691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.405228] Call Trace: [ 26.407800] dump_stack+0x1b2/0x281 [ 26.411403] should_fail.cold+0x10a/0x149 [ 26.415526] ? trace_hardirqs_on+0x10/0x10 [ 26.419735] should_failslab+0xd6/0x130 [ 26.423686] __kmalloc+0x6d/0x400 [ 26.427115] ? tty_buffer_alloc+0xc0/0x270 [ 26.431672] tty_buffer_alloc+0xc0/0x270 [ 26.435708] __tty_buffer_request_room+0x12c/0x290 [ 26.440612] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.446133] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.452074] pty_write+0xc3/0xf0 [ 26.455431] tty_send_xchar+0x245/0x360 [ 26.459379] ? tty_write_message+0x130/0x130 [ 26.463762] ? __ldsem_down_write_nested+0x633/0x700 [ 26.468837] n_tty_ioctl_helper+0x145/0x350 [ 26.473219] n_tty_ioctl+0x47/0x2e0 [ 26.476816] tty_ioctl+0x5af/0x1430 [ 26.480414] ? n_tty_poll+0x7d0/0x7d0 [ 26.484194] ? tty_fasync+0x2c0/0x2c0 [ 26.487974] ? proc_fail_nth_write+0x7b/0x180 [ 26.492440] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.497342] ? fsnotify+0x974/0x11b0 [ 26.501024] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.505924] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.510914] ? tty_fasync+0x2c0/0x2c0 [ 26.514686] do_vfs_ioctl+0x75a/0xff0 [ 26.518621] ? ioctl_preallocate+0x1a0/0x1a0 [ 26.523087] ? vfs_write+0x319/0x4d0 [ 26.526772] ? SyS_write+0x14d/0x210 [ 26.530458] ? security_file_ioctl+0x83/0xb0 [ 26.534836] SyS_ioctl+0x7f/0xb0 [ 26.538180] ? do_vfs_ioctl+0xff0/0xff0 [ 26.542124] do_syscall_64+0x1d5/0x640 [ 26.545983] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.551142] RIP: 0033:0x7f3df05fa679 [ 26.554822] RSP: 002b:00007ffed2ead6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 26.562516] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3df05fa679 [ 26.569756] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003 [ 26.576999] RBP: 00007ffed2ead6b0 R08: 0000000000000001 R09: 00007f3df05b0031 [ 26.584252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 26.591494] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.598741] [ 26.598743] ====================================================== [ 26.598745] WARNING: possible circular locking dependency detected [ 26.598746] 4.14.302-syzkaller #0 Not tainted [ 26.598748] ------------------------------------------------------ [ 26.598750] syz-executor762/7950 is trying to acquire lock: [ 26.598750] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 26.598755] [ 26.598756] but task is already holding lock: [ 26.598757] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.598761] [ 26.598763] which lock already depends on the new lock. [ 26.598764] [ 26.598764] [ 26.598766] the existing dependency chain (in reverse order) is: [ 26.598767] [ 26.598767] -> #2 (&(&port->lock)->rlock){-.-.}: [ 26.598772] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.598773] tty_port_tty_get+0x1d/0x80 [ 26.598774] tty_port_default_wakeup+0x11/0x40 [ 26.598776] serial8250_tx_chars+0x3fe/0xc70 [ 26.598777] serial8250_handle_irq.part.0+0x2c7/0x390 [ 26.598779] serial8250_default_handle_irq+0x8a/0x1f0 [ 26.598780] serial8250_interrupt+0xf3/0x210 [ 26.598781] __handle_irq_event_percpu+0xee/0x7f0 [ 26.598783] handle_irq_event+0xed/0x240 [ 26.598784] handle_edge_irq+0x224/0xc40 [ 26.598785] handle_irq+0x35/0x50 [ 26.598786] do_IRQ+0x93/0x1d0 [ 26.598787] ret_from_intr+0x0/0x1e [ 26.598789] native_safe_halt+0xe/0x10 [ 26.598790] default_idle+0x47/0x370 [ 26.598791] do_idle+0x250/0x3c0 [ 26.598792] cpu_startup_entry+0x14/0x20 [ 26.598793] start_kernel+0x743/0x763 [ 26.598795] secondary_startup_64+0xa5/0xb0 [ 26.598795] [ 26.598796] -> #1 (&port_lock_key){-.-.}: [ 26.598800] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.598802] serial8250_console_write+0x8cb/0xb40 [ 26.598803] console_unlock+0x99d/0xf20 [ 26.598804] vprintk_emit+0x224/0x620 [ 26.598805] vprintk_func+0x58/0x160 [ 26.598806] printk+0x9e/0xbc [ 26.598808] register_console+0x6f4/0xad0 [ 26.598809] univ8250_console_init+0x2f/0x3a [ 26.598810] console_init+0x46/0x53 [ 26.598811] start_kernel+0x521/0x763 [ 26.598813] secondary_startup_64+0xa5/0xb0 [ 26.598813] [ 26.598814] -> #0 (console_owner){....}: [ 26.598818] lock_acquire+0x170/0x3f0 [ 26.598819] console_unlock+0x36f/0xf20 [ 26.598820] vprintk_emit+0x224/0x620 [ 26.598822] vprintk_func+0x58/0x160 [ 26.598823] printk+0x9e/0xbc [ 26.598824] should_fail.cold+0xdf/0x149 [ 26.598825] should_failslab+0xd6/0x130 [ 26.598826] __kmalloc+0x6d/0x400 [ 26.598828] tty_buffer_alloc+0xc0/0x270 [ 26.598829] __tty_buffer_request_room+0x12c/0x290 [ 26.598831] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.598833] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.598834] pty_write+0xc3/0xf0 [ 26.598835] tty_send_xchar+0x245/0x360 [ 26.598836] n_tty_ioctl_helper+0x145/0x350 [ 26.598837] n_tty_ioctl+0x47/0x2e0 [ 26.598839] tty_ioctl+0x5af/0x1430 [ 26.598840] do_vfs_ioctl+0x75a/0xff0 [ 26.598841] SyS_ioctl+0x7f/0xb0 [ 26.598842] do_syscall_64+0x1d5/0x640 [ 26.598844] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.598844] [ 26.598846] other info that might help us debug this: [ 26.598846] [ 26.598847] Chain exists of: [ 26.598848] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 26.598853] [ 26.598854] Possible unsafe locking scenario: [ 26.598855] [ 26.598856] CPU0 CPU1 [ 26.598858] ---- ---- [ 26.598858] lock(&(&port->lock)->rlock); [ 26.598861] lock(&port_lock_key); [ 26.598864] lock(&(&port->lock)->rlock); [ 26.598866] lock(console_owner); [ 26.598869] [ 26.598870] *** DEADLOCK *** [ 26.598870] [ 26.598872] 5 locks held by syz-executor762/7950: [ 26.598872] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 26.598877] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_send_xchar+0x1b5/0x360 [ 26.598881] #2: (&tty->termios_rwsem){++++}, at: [] tty_send_xchar+0x1e8/0x360 [ 26.598886] #3: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.598894] #4: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 26.598899] [ 26.598900] stack backtrace: [ 26.598902] CPU: 0 PID: 7950 Comm: syz-executor762 Not tainted 4.14.302-syzkaller #0 [ 26.598904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.598905] Call Trace: [ 26.598906] dump_stack+0x1b2/0x281 [ 26.598908] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 26.598909] __lock_acquire+0x2e0e/0x3f20 [ 26.598910] ? trace_hardirqs_on+0x10/0x10 [ 26.598911] ? snprintf+0xd0/0xd0 [ 26.598913] ? console_unlock+0x34a/0xf20 [ 26.598914] lock_acquire+0x170/0x3f0 [ 26.598915] ? console_unlock+0x307/0xf20 [ 26.598916] console_unlock+0x36f/0xf20 [ 26.598917] ? console_unlock+0x307/0xf20 [ 26.598919] vprintk_emit+0x224/0x620 [ 26.598920] vprintk_func+0x58/0x160 [ 26.598921] printk+0x9e/0xbc [ 26.598922] ? log_store.cold+0x16/0x16 [ 26.598923] ? ___ratelimit+0x2b5/0x510 [ 26.598924] should_fail.cold+0xdf/0x149 [ 26.598926] ? trace_hardirqs_on+0x10/0x10 [ 26.598927] should_failslab+0xd6/0x130 [ 26.598928] __kmalloc+0x6d/0x400 [ 26.598929] ? tty_buffer_alloc+0xc0/0x270 [ 26.598930] tty_buffer_alloc+0xc0/0x270 [ 26.598932] __tty_buffer_request_room+0x12c/0x290 [ 26.598933] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.598935] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.598936] pty_write+0xc3/0xf0 [ 26.598937] tty_send_xchar+0x245/0x360 [ 26.598938] ? tty_write_message+0x130/0x130 [ 26.598940] ? __ldsem_down_write_nested+0x633/0x700 [ 26.598941] n_tty_ioctl_helper+0x145/0x350 [ 26.598942] n_tty_ioctl+0x47/0x2e0 [ 26.598943] tty_ioctl+0x5af/0x1430 [ 26.598945] ? n_tty_poll+0x7d0/0x7d0 [ 26.598946] ? tty_fasync+0x2c0/0x2c0 [ 26.598947] ? proc_fail_nth_write+0x7b/0x180 [ 26.598948] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.598950] ? fsnotify+0x974/0x11b0 [ 26.598951] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.598952] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.598954] ? tty_fasync+0x2c0/0x2c0 [ 26.598955] do_vfs_ioctl+0x75a/0xff0 [ 26.598956] ? ioctl_preallocate+0x1a0/0x1a0 [ 26.598957] ? vfs_write+0x319/0x4d0 [ 26.598958] ? SyS_write+0x14d/0x210 [ 26.598960] ? security_file_ioctl+0x83/0xb0 [ 26.598961] SyS_ioctl+0x7f/0xb0 [ 26.598962] ? do_vfs_ioctl+0xff0/0xff0 [ 26.598963] do_syscall_64+0x1d5/0x640 [ 26.598964] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.598966] RIP: 0033:0x7f3df05fa679 [ 26.598967] RSP: 002b:00007ffed2ead6a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 26.598970] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f3df05fa679 [ 26.598972] RDX: 0000000000000002 RSI: