[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.253970] FAULT_INJECTION: forcing a failure. [ 36.253970] name failslab, interval 1, probability 0, space 0, times 1 [ 36.268011] CPU: 1 PID: 7962 Comm: syz-executor372 Not tainted 4.14.302-syzkaller #0 [ 36.276187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 36.286665] Call Trace: [ 36.291806] dump_stack+0x1b2/0x281 [ 36.295668] should_fail.cold+0x10a/0x149 [ 36.299801] should_failslab+0xd6/0x130 [ 36.303776] __kmalloc+0x6d/0x400 [ 36.307764] ? tty_buffer_alloc+0xc0/0x270 [ 36.312084] tty_buffer_alloc+0xc0/0x270 [ 36.316238] __tty_buffer_request_room+0x12c/0x290 [ 36.321174] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 36.326886] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 36.332852] pty_write+0xc3/0xf0 [ 36.336460] n_tty_write+0x85e/0xda0 [ 36.340253] ? n_tty_open+0x160/0x160 [ 36.344187] ? do_wait_intr_irq+0x270/0x270 [ 36.349863] ? __might_fault+0x177/0x1b0 [ 36.354178] tty_write+0x410/0x740 [ 36.357837] ? n_tty_open+0x160/0x160 [ 36.361640] __vfs_write+0xe4/0x630 [ 36.367170] ? tty_compat_ioctl+0x240/0x240 [ 36.371843] ? debug_check_no_obj_freed+0x2c0/0x680 [ 36.376952] ? kernel_read+0x110/0x110 [ 36.381124] ? common_file_perm+0x3ee/0x580 [ 36.385966] ? security_file_permission+0x82/0x1e0 [ 36.390913] ? rw_verify_area+0xe1/0x2a0 [ 36.395154] vfs_write+0x17f/0x4d0 [ 36.398691] SyS_write+0xf2/0x210 [ 36.402134] ? SyS_read+0x210/0x210 [ 36.405760] ? __do_page_fault+0x159/0xad0 [ 36.409971] ? do_syscall_64+0x4c/0x640 [ 36.413916] ? SyS_read+0x210/0x210 [ 36.417543] do_syscall_64+0x1d5/0x640 [ 36.421435] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 36.426703] RIP: 0033:0x7fc7bba1c6f9 [ 36.431381] RSP: 002b:00007fff41d6feb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 36.439110] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc7bba1c6f9 [ 36.446546] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003 [ 36.454073] RBP: 00007fff41d6fec0 R08: 0000000000000001 R09: 00007fc7bb9e0032 [ 36.461341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 36.468987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 36.476531] [ 36.476533] ====================================================== [ 36.476535] WARNING: possible circular locking dependency detected [ 36.476536] 4.14.302-syzkaller #0 Not tainted [ 36.476537] ------------------------------------------------------ [ 36.476539] syz-executor372/7962 is trying to acquire lock: [ 36.476540] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 36.476544] [ 36.476545] but task is already holding lock: [ 36.476546] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 36.476550] [ 36.476551] which lock already depends on the new lock. [ 36.476552] [ 36.476552] [ 36.476554] the existing dependency chain (in reverse order) is: [ 36.476555] [ 36.476555] -> #2 (&(&port->lock)->rlock){-.-.}: [ 36.476559] _raw_spin_lock_irqsave+0x8c/0xc0 [ 36.476560] tty_port_tty_get+0x1d/0x80 [ 36.476562] tty_port_default_wakeup+0x11/0x40 [ 36.476563] serial8250_tx_chars+0x3fe/0xc70 [ 36.476564] serial8250_handle_irq.part.0+0x2c7/0x390 [ 36.476566] serial8250_default_handle_irq+0x8a/0x1f0 [ 36.476567] serial8250_interrupt+0xf3/0x210 [ 36.476568] __handle_irq_event_percpu+0xee/0x7f0 [ 36.476569] handle_irq_event+0xed/0x240 [ 36.476571] handle_edge_irq+0x224/0xc40 [ 36.476572] handle_irq+0x35/0x50 [ 36.476573] do_IRQ+0x93/0x1d0 [ 36.476574] ret_from_intr+0x0/0x1e [ 36.476575] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 36.476576] uart_write+0x2dd/0x560 [ 36.476577] do_output_char+0x4f5/0x750 [ 36.476578] n_tty_write+0x3e3/0xda0 [ 36.476579] tty_write+0x410/0x740 [ 36.476580] redirected_tty_write+0x9c/0xb0 [ 36.476582] do_iter_write+0x3da/0x550 [ 36.476583] vfs_writev+0x125/0x290 [ 36.476584] do_writev+0xfc/0x2c0 [ 36.476585] do_syscall_64+0x1d5/0x640 [ 36.476586] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 36.476587] [ 36.476587] -> #1 (&port_lock_key){-.-.}: [ 36.476591] _raw_spin_lock_irqsave+0x8c/0xc0 [ 36.476592] serial8250_console_write+0x8cb/0xb40 [ 36.476593] console_unlock+0x99d/0xf20 [ 36.476594] vprintk_emit+0x224/0x620 [ 36.476596] vprintk_func+0x58/0x160 [ 36.476596] printk+0x9e/0xbc [ 36.476598] register_console+0x6f4/0xad0 [ 36.476599] univ8250_console_init+0x2f/0x3a [ 36.476600] console_init+0x46/0x53 [ 36.476601] start_kernel+0x521/0x763 [ 36.476602] secondary_startup_64+0xa5/0xb0 [ 36.476603] [ 36.476603] -> #0 (console_owner){....}: [ 36.476607] lock_acquire+0x170/0x3f0 [ 36.476608] console_unlock+0x36f/0xf20 [ 36.476609] vprintk_emit+0x224/0x620 [ 36.476610] vprintk_func+0x58/0x160 [ 36.476611] printk+0x9e/0xbc [ 36.476612] should_fail.cold+0xdf/0x149 [ 36.476613] should_failslab+0xd6/0x130 [ 36.476614] __kmalloc+0x6d/0x400 [ 36.476615] tty_buffer_alloc+0xc0/0x270 [ 36.476617] __tty_buffer_request_room+0x12c/0x290 [ 36.476618] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 36.476620] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 36.476621] pty_write+0xc3/0xf0 [ 36.476622] n_tty_write+0x85e/0xda0 [ 36.476623] tty_write+0x410/0x740 [ 36.476624] __vfs_write+0xe4/0x630 [ 36.476625] vfs_write+0x17f/0x4d0 [ 36.476626] SyS_write+0xf2/0x210 [ 36.476627] do_syscall_64+0x1d5/0x640 [ 36.476628] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 36.476629] [ 36.476630] other info that might help us debug this: [ 36.476631] [ 36.476632] Chain exists of: [ 36.476632] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 36.476637] [ 36.476638] Possible unsafe locking scenario: [ 36.476639] [ 36.476640] CPU0 CPU1 [ 36.476641] ---- ---- [ 36.476642] lock(&(&port->lock)->rlock); [ 36.476644] lock(&port_lock_key); [ 36.476647] lock(&(&port->lock)->rlock); [ 36.476649] lock(console_owner); [ 36.476651] [ 36.476652] *** DEADLOCK *** [ 36.476653] [ 36.476654] 6 locks held by syz-executor372/7962: [ 36.476655] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 36.476659] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 36.476663] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 36.476667] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 36.476670] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 36.476675] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 36.476679] [ 36.476680] stack backtrace: [ 36.476682] CPU: 1 PID: 7962 Comm: syz-executor372 Not tainted 4.14.302-syzkaller #0 [ 36.476684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 36.476685] Call Trace: [ 36.476686] dump_stack+0x1b2/0x281 [ 36.476687] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 36.476688] __lock_acquire+0x2e0e/0x3f20 [ 36.476689] ? trace_hardirqs_on+0x10/0x10 [ 36.476690] ? snprintf+0xd0/0xd0 [ 36.476691] ? console_unlock+0x34a/0xf20 [ 36.476692] lock_acquire+0x170/0x3f0 [ 36.476694] ? console_unlock+0x307/0xf20 [ 36.476695] console_unlock+0x36f/0xf20 [ 36.476696] ? console_unlock+0x307/0xf20 [ 36.476697] vprintk_emit+0x224/0x620 [ 36.476698] vprintk_func+0x58/0x160 [ 36.476699] printk+0x9e/0xbc [ 36.476700] ? log_store.cold+0x16/0x16 [ 36.476701] ? ___ratelimit+0x2b5/0x510 [ 36.476702] should_fail.cold+0xdf/0x149 [ 36.476703] should_failslab+0xd6/0x130 [ 36.476704] __kmalloc+0x6d/0x400 [ 36.476705] ? tty_buffer_alloc+0xc0/0x270 [ 36.476706] tty_buffer_alloc+0xc0/0x270 [ 36.476708] __tty_buffer_request_room+0x12c/0x290 [ 36.476709] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 36.476710] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 36.476711] pty_write+0xc3/0xf0 [ 36.476712] n_tty_write+0x85e/0xda0 [ 36.476713] ? n_tty_open+0x160/0x160 [ 36.476715] ? do_wait_intr_irq+0x270/0x270 [ 36.476716] ? __might_fault+0x177/0x1b0 [ 36.476717] tty_write+0x410/0x740 [ 36.476718] ? n_tty_open+0x160/0x160 [ 36.476719] __vfs_write+0xe4/0x630 [ 36.476720] ? tty_compat_ioctl+0x240/0x240 [ 36.476721] ? debug_check_no_obj_freed+0x2c0/0x680 [ 36.476722] ? kernel_read+0x110/0x110 [ 36.476723] ? common_file_perm+0x3ee/0x580 [ 36.476725] ? security_file_permission+0x82/0x1e0 [ 36.476726] ? rw_verify_area+0xe1/0x2a0 [ 36.476727] vfs_write+0x17f/0x4d0 [ 36.476728] SyS_write+0xf2/0x210 [ 36.476729] ? SyS_read+0x210/0x210 [ 36.476730] ? __do_page_fault+0x159/0xad0 [ 36.476731] ? do_syscall_64+0x4c/0x640 [ 36.476732] ? SyS_read+0x210/0x210 [ 36.476733] do_syscall_64+0x1d5/0x640 [ 36.476734] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 36.476735] RIP: 0033:0x7fc7bba1c6f9 [ 36.476737] RSP: 002b:00007fff41d6feb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 36.476740] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc7bba1c6f9 [ 36.476741] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003 [ 36.476743] RBP: 00007fff41d6fec0 R08: 0000000000000001 R09: 00007fc7bb9e0032 [ 36.476745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 36.476746] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000