[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.102' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.123062] FAULT_INJECTION: forcing a failure. [ 30.123062] name failslab, interval 1, probability 0, space 0, times 1 [ 30.135024] CPU: 0 PID: 7977 Comm: syz-executor309 Not tainted 4.14.303-syzkaller #0 [ 30.142900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 30.152257] Call Trace: [ 30.154831] dump_stack+0x1b2/0x281 [ 30.158434] should_fail.cold+0x10a/0x149 [ 30.162581] should_failslab+0xd6/0x130 [ 30.166542] __kmalloc+0x6d/0x400 [ 30.169969] ? tty_buffer_alloc+0xc0/0x270 [ 30.174174] tty_buffer_alloc+0xc0/0x270 [ 30.178214] __tty_buffer_request_room+0x12c/0x290 [ 30.183121] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.188631] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.194580] pty_write+0xc3/0xf0 [ 30.197927] tty_put_char+0xfe/0x120 [ 30.201629] ? dev_match_devt+0x80/0x80 [ 30.205599] ? pty_write_room+0xa9/0xd0 [ 30.209624] ? ptmx_open+0x300/0x300 [ 30.213399] __process_echoes+0x48c/0x8c0 [ 30.217537] n_tty_receive_buf_common+0x9a3/0x25a0 [ 30.222458] ? n_tty_receive_buf2+0x40/0x40 [ 30.226754] tty_ioctl+0xe8a/0x1430 [ 30.230352] ? tty_fasync+0x2c0/0x2c0 [ 30.234235] ? proc_fail_nth_write+0x7b/0x180 [ 30.238699] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 30.243614] ? fsnotify+0x974/0x11b0 [ 30.247451] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 30.252363] ? debug_check_no_obj_freed+0x2c0/0x680 [ 30.257370] ? tty_fasync+0x2c0/0x2c0 [ 30.261155] do_vfs_ioctl+0x75a/0xff0 [ 30.264930] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.269315] ? vfs_write+0x319/0x4d0 [ 30.273004] ? SyS_write+0x14d/0x210 [ 30.276690] ? security_file_ioctl+0x83/0xb0 [ 30.281076] SyS_ioctl+0x7f/0xb0 [ 30.284414] ? do_vfs_ioctl+0xff0/0xff0 [ 30.288382] do_syscall_64+0x1d5/0x640 [ 30.292248] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.297408] RIP: 0033:0x7f8f9197c789 [ 30.301089] RSP: 002b:00007ffe00c9a8c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.308771] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8f9197c789 [ 30.316015] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 30.323263] RBP: 00007ffe00c9a8e0 R08: 0000000000000001 R09: 0000000000000001 [ 30.330517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 30.337761] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.345020] [ 30.345022] ====================================================== [ 30.345024] WARNING: possible circular locking dependency detected [ 30.345026] 4.14.303-syzkaller #0 Not tainted [ 30.345028] ------------------------------------------------------ [ 30.345030] syz-executor309/7977 is trying to acquire lock: [ 30.345030] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 30.345035] [ 30.345036] but task is already holding lock: [ 30.345037] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.345042] [ 30.345044] which lock already depends on the new lock. [ 30.345044] [ 30.345045] [ 30.345047] the existing dependency chain (in reverse order) is: [ 30.345048] [ 30.345048] -> #2 (&(&port->lock)->rlock){-.-.}: [ 30.345053] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.345055] tty_port_tty_get+0x1d/0x80 [ 30.345056] tty_port_default_wakeup+0x11/0x40 [ 30.345057] serial8250_tx_chars+0x3fe/0xc70 [ 30.345059] serial8250_handle_irq.part.0+0x2c7/0x390 [ 30.345061] serial8250_default_handle_irq+0x8a/0x1f0 [ 30.345062] serial8250_interrupt+0xf3/0x210 [ 30.345064] __handle_irq_event_percpu+0xee/0x7f0 [ 30.345065] handle_irq_event+0xed/0x240 [ 30.345066] handle_edge_irq+0x224/0xc40 [ 30.345068] handle_irq+0x35/0x50 [ 30.345069] do_IRQ+0x93/0x1d0 [ 30.345070] ret_from_intr+0x0/0x1e [ 30.345072] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 30.345073] uart_write+0x2dd/0x560 [ 30.345075] do_output_char+0x4f5/0x750 [ 30.345076] n_tty_write+0x3e3/0xda0 [ 30.345077] tty_write+0x410/0x740 [ 30.345079] redirected_tty_write+0x9c/0xb0 [ 30.345080] do_iter_write+0x3da/0x550 [ 30.345081] vfs_writev+0x125/0x290 [ 30.345082] do_writev+0xfc/0x2c0 [ 30.345084] do_syscall_64+0x1d5/0x640 [ 30.345085] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.345086] [ 30.345087] -> #1 (&port_lock_key){-.-.}: [ 30.345091] _raw_spin_lock_irqsave+0x8c/0xc0 [ 30.345093] serial8250_console_write+0x8cb/0xb40 [ 30.345094] console_unlock+0x99d/0xf20 [ 30.345095] vprintk_emit+0x224/0x620 [ 30.345096] vprintk_func+0x58/0x160 [ 30.345098] printk+0x9e/0xbc [ 30.345099] register_console+0x6f4/0xad0 [ 30.345100] univ8250_console_init+0x2f/0x3a [ 30.345102] console_init+0x46/0x53 [ 30.345103] start_kernel+0x521/0x763 [ 30.345104] secondary_startup_64+0xa5/0xb0 [ 30.345105] [ 30.345106] -> #0 (console_owner){....}: [ 30.345110] lock_acquire+0x170/0x3f0 [ 30.345111] console_unlock+0x36f/0xf20 [ 30.345113] vprintk_emit+0x224/0x620 [ 30.345114] vprintk_func+0x58/0x160 [ 30.345115] printk+0x9e/0xbc [ 30.345116] should_fail.cold+0xdf/0x149 [ 30.345118] should_failslab+0xd6/0x130 [ 30.345119] __kmalloc+0x6d/0x400 [ 30.345120] tty_buffer_alloc+0xc0/0x270 [ 30.345122] __tty_buffer_request_room+0x12c/0x290 [ 30.345124] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.345126] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.345127] pty_write+0xc3/0xf0 [ 30.345129] tty_put_char+0xfe/0x120 [ 30.345130] __process_echoes+0x48c/0x8c0 [ 30.345132] n_tty_receive_buf_common+0x9a3/0x25a0 [ 30.345133] tty_ioctl+0xe8a/0x1430 [ 30.345135] do_vfs_ioctl+0x75a/0xff0 [ 30.345136] SyS_ioctl+0x7f/0xb0 [ 30.345137] do_syscall_64+0x1d5/0x640 [ 30.345139] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.345140] [ 30.345141] other info that might help us debug this: [ 30.345142] [ 30.345143] Chain exists of: [ 30.345144] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 30.345150] [ 30.345151] Possible unsafe locking scenario: [ 30.345152] [ 30.345153] CPU0 CPU1 [ 30.345155] ---- ---- [ 30.345156] lock(&(&port->lock)->rlock); [ 30.345159] lock(&port_lock_key); [ 30.345162] lock(&(&port->lock)->rlock); [ 30.345165] lock(console_owner); [ 30.345167] [ 30.345168] *** DEADLOCK *** [ 30.345169] [ 30.345171] 6 locks held by syz-executor309/7977: [ 30.345171] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 30.345176] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 30.345182] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 30.345188] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 30.345193] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 30.345199] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 30.345204] [ 30.345205] stack backtrace: [ 30.345208] CPU: 0 PID: 7977 Comm: syz-executor309 Not tainted 4.14.303-syzkaller #0 [ 30.345210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 30.345211] Call Trace: [ 30.345213] dump_stack+0x1b2/0x281 [ 30.345214] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.345216] __lock_acquire+0x2e0e/0x3f20 [ 30.345217] ? trace_hardirqs_on+0x10/0x10 [ 30.345218] ? snprintf+0xd0/0xd0 [ 30.345220] ? console_unlock+0x34a/0xf20 [ 30.345221] lock_acquire+0x170/0x3f0 [ 30.345222] ? console_unlock+0x307/0xf20 [ 30.345223] console_unlock+0x36f/0xf20 [ 30.345225] ? console_unlock+0x307/0xf20 [ 30.345226] vprintk_emit+0x224/0x620 [ 30.345227] vprintk_func+0x58/0x160 [ 30.345228] printk+0x9e/0xbc [ 30.345229] ? log_store.cold+0x16/0x16 [ 30.345231] ? ___ratelimit+0x2b5/0x510 [ 30.345232] should_fail.cold+0xdf/0x149 [ 30.345233] should_failslab+0xd6/0x130 [ 30.345234] __kmalloc+0x6d/0x400 [ 30.345236] ? tty_buffer_alloc+0xc0/0x270 [ 30.345237] tty_buffer_alloc+0xc0/0x270 [ 30.345238] __tty_buffer_request_room+0x12c/0x290 [ 30.345240] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 30.345242] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 30.345243] pty_write+0xc3/0xf0 [ 30.345244] tty_put_char+0xfe/0x120 [ 30.345245] ? dev_match_devt+0x80/0x80 [ 30.345247] ? pty_write_room+0xa9/0xd0 [ 30.345248] ? ptmx_open+0x300/0x300 [ 30.345249] __process_echoes+0x48c/0x8c0 [ 30.345251] n_tty_receive_buf_common+0x9a3/0x25a0 [ 30.345253] ? n_tty_receive_buf2+0x40/0x40 [ 30.345254] tty_ioctl+0xe8a/0x1430 [ 30.345255] ? tty_fasync+0x2c0/0x2c0 [ 30.345257] ? proc_fail_nth_write+0x7b/0x180 [ 30.345258] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 30.345260] ? fsnotify+0x974/0x11b0 [ 30.345261] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 30.345263] ? debug_check_no_obj_freed+0x2c0/0x680 [ 30.345264] ? tty_fasync+0x2c0/0x2c0 [ 30.345266] do_vfs_ioctl+0x75a/0xff0 [ 30.345267] ? ioctl_preallocate+0x1a0/0x1a0 [ 30.345268] ? vfs_write+0x319/0x4d0 [ 30.345270] ? SyS_write+0x14d/0x210 [ 30.345271] ? security_file_ioctl+0x83/0xb0 [ 30.345272] SyS_ioctl+0x7f/0xb0 [ 30.345274] ? do_vfs_ioctl+0xff0/0xff0 [ 30.345275] do_syscall_64+0x1d5/0x640 [ 30.345277] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 30.345278] RIP: 0033:0x7f8f9197c789 [ 30.345280] RSP: 002b:00007ffe00c9a8c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.345284] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8f9197c789 [ 30.345286] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 30.345288] RBP: 00007ffe00c9a8e0 R08: 0000000000000001 R09: 0000000000000001 [ 30.345290] R10: 0000000000000000 R11: 0000000000000