[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.142883] FAULT_INJECTION: forcing a failure. [ 37.142883] name failslab, interval 1, probability 0, space 0, times 1 [ 37.154579] CPU: 0 PID: 7974 Comm: syz-executor309 Not tainted 4.14.302-syzkaller #0 [ 37.162434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 37.171764] Call Trace: [ 37.174334] dump_stack+0x1b2/0x281 [ 37.177950] should_fail.cold+0x10a/0x149 [ 37.182080] should_failslab+0xd6/0x130 [ 37.186031] __kmalloc+0x6d/0x400 [ 37.189460] ? tty_buffer_alloc+0xc0/0x270 [ 37.193669] tty_buffer_alloc+0xc0/0x270 [ 37.197705] __tty_buffer_request_room+0x12c/0x290 [ 37.202608] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 37.208116] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 37.214060] pty_write+0xc3/0xf0 [ 37.217400] ? tty_write_room+0x69/0x80 [ 37.221363] n_tty_write+0x352/0xda0 [ 37.225048] ? n_tty_open+0x160/0x160 [ 37.228821] ? do_wait_intr_irq+0x270/0x270 [ 37.233112] ? __might_fault+0x177/0x1b0 [ 37.237146] tty_write+0x410/0x740 [ 37.240655] ? n_tty_open+0x160/0x160 [ 37.244436] __vfs_write+0xe4/0x630 [ 37.248033] ? tty_compat_ioctl+0x240/0x240 [ 37.252326] ? debug_check_no_obj_freed+0x2c0/0x680 [ 37.257313] ? kernel_read+0x110/0x110 [ 37.261171] ? common_file_perm+0x3ee/0x580 [ 37.265465] ? security_file_permission+0x82/0x1e0 [ 37.270363] ? rw_verify_area+0xe1/0x2a0 [ 37.274396] vfs_write+0x17f/0x4d0 [ 37.277908] SyS_write+0xf2/0x210 [ 37.281342] ? SyS_read+0x210/0x210 [ 37.284942] ? do_syscall_64+0x4c/0x640 [ 37.288888] ? SyS_read+0x210/0x210 [ 37.292487] do_syscall_64+0x1d5/0x640 [ 37.296351] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 37.301512] RIP: 0033:0x7f299f69e789 [ 37.305192] RSP: 002b:00007ffd29ac9e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 37.312870] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f299f69e789 [ 37.320198] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 37.327440] RBP: 00007ffd29ac9eb0 R08: 0000000000000001 R09: 0000000000000001 [ 37.334681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 37.341922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.349192] [ 37.349194] ====================================================== [ 37.349196] WARNING: possible circular locking dependency detected [ 37.349197] 4.14.302-syzkaller #0 Not tainted [ 37.349199] ------------------------------------------------------ [ 37.349201] syz-executor309/7974 is trying to acquire lock: [ 37.349201] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 37.349206] [ 37.349207] but task is already holding lock: [ 37.349208] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 37.349212] [ 37.349214] which lock already depends on the new lock. [ 37.349214] [ 37.349215] [ 37.349217] the existing dependency chain (in reverse order) is: [ 37.349218] [ 37.349219] -> #2 (&(&port->lock)->rlock){-.-.}: [ 37.349224] _raw_spin_lock_irqsave+0x8c/0xc0 [ 37.349225] tty_port_tty_get+0x1d/0x80 [ 37.349227] tty_port_default_wakeup+0x11/0x40 [ 37.349228] serial8250_tx_chars+0x3fe/0xc70 [ 37.349230] serial8250_handle_irq.part.0+0x2c7/0x390 [ 37.349231] serial8250_default_handle_irq+0x8a/0x1f0 [ 37.349232] serial8250_interrupt+0xf3/0x210 [ 37.349234] __handle_irq_event_percpu+0xee/0x7f0 [ 37.349235] handle_irq_event+0xed/0x240 [ 37.349236] handle_edge_irq+0x224/0xc40 [ 37.349238] handle_irq+0x35/0x50 [ 37.349239] do_IRQ+0x93/0x1d0 [ 37.349240] ret_from_intr+0x0/0x1e [ 37.349241] native_safe_halt+0xe/0x10 [ 37.349242] default_idle+0x47/0x370 [ 37.349243] do_idle+0x250/0x3c0 [ 37.349245] cpu_startup_entry+0x14/0x20 [ 37.349246] start_kernel+0x743/0x763 [ 37.349247] secondary_startup_64+0xa5/0xb0 [ 37.349248] [ 37.349248] -> #1 (&port_lock_key){-.-.}: [ 37.349253] _raw_spin_lock_irqsave+0x8c/0xc0 [ 37.349254] serial8250_console_write+0x8cb/0xb40 [ 37.349255] console_unlock+0x99d/0xf20 [ 37.349257] vprintk_emit+0x224/0x620 [ 37.349258] vprintk_func+0x58/0x160 [ 37.349259] printk+0x9e/0xbc [ 37.349260] register_console+0x6f4/0xad0 [ 37.349261] univ8250_console_init+0x2f/0x3a [ 37.349263] console_init+0x46/0x53 [ 37.349264] start_kernel+0x521/0x763 [ 37.349265] secondary_startup_64+0xa5/0xb0 [ 37.349266] [ 37.349266] -> #0 (console_owner){....}: [ 37.349270] lock_acquire+0x170/0x3f0 [ 37.349272] console_unlock+0x36f/0xf20 [ 37.349273] vprintk_emit+0x224/0x620 [ 37.349274] vprintk_func+0x58/0x160 [ 37.349275] printk+0x9e/0xbc [ 37.349276] should_fail.cold+0xdf/0x149 [ 37.349278] should_failslab+0xd6/0x130 [ 37.349279] __kmalloc+0x6d/0x400 [ 37.349280] tty_buffer_alloc+0xc0/0x270 [ 37.349281] __tty_buffer_request_room+0x12c/0x290 [ 37.349283] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 37.349285] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 37.349286] pty_write+0xc3/0xf0 [ 37.349287] n_tty_write+0x352/0xda0 [ 37.349288] tty_write+0x410/0x740 [ 37.349289] __vfs_write+0xe4/0x630 [ 37.349290] vfs_write+0x17f/0x4d0 [ 37.349292] SyS_write+0xf2/0x210 [ 37.349293] do_syscall_64+0x1d5/0x640 [ 37.349294] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 37.349295] [ 37.349296] other info that might help us debug this: [ 37.349297] [ 37.349298] Chain exists of: [ 37.349298] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 37.349304] [ 37.349305] Possible unsafe locking scenario: [ 37.349306] [ 37.349307] CPU0 CPU1 [ 37.349308] ---- ---- [ 37.349309] lock(&(&port->lock)->rlock); [ 37.349312] lock(&port_lock_key); [ 37.349315] lock(&(&port->lock)->rlock); [ 37.349317] lock(console_owner); [ 37.349319] [ 37.349320] *** DEADLOCK *** [ 37.349321] [ 37.349322] 6 locks held by syz-executor309/7974: [ 37.349323] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 37.349327] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 37.349332] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 37.349337] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 37.349341] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 37.349346] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 37.349351] [ 37.349352] stack backtrace: [ 37.349354] CPU: 0 PID: 7974 Comm: syz-executor309 Not tainted 4.14.302-syzkaller #0 [ 37.349356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 37.349357] Call Trace: [ 37.349358] dump_stack+0x1b2/0x281 [ 37.349360] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 37.349361] __lock_acquire+0x2e0e/0x3f20 [ 37.349362] ? trace_hardirqs_on+0x10/0x10 [ 37.349363] ? snprintf+0xd0/0xd0 [ 37.349364] ? console_unlock+0x34a/0xf20 [ 37.349366] lock_acquire+0x170/0x3f0 [ 37.349367] ? console_unlock+0x307/0xf20 [ 37.349368] console_unlock+0x36f/0xf20 [ 37.349369] ? console_unlock+0x307/0xf20 [ 37.349370] vprintk_emit+0x224/0x620 [ 37.349371] vprintk_func+0x58/0x160 [ 37.349372] printk+0x9e/0xbc [ 37.349374] ? log_store.cold+0x16/0x16 [ 37.349375] ? __lock_acquire+0x5fc/0x3f20 [ 37.349376] ? ___ratelimit+0x2b5/0x510 [ 37.349377] should_fail.cold+0xdf/0x149 [ 37.349378] should_failslab+0xd6/0x130 [ 37.349380] __kmalloc+0x6d/0x400 [ 37.349381] ? tty_buffer_alloc+0xc0/0x270 [ 37.349382] tty_buffer_alloc+0xc0/0x270 [ 37.349383] __tty_buffer_request_room+0x12c/0x290 [ 37.349385] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 37.349387] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 37.349388] pty_write+0xc3/0xf0 [ 37.349389] ? tty_write_room+0x69/0x80 [ 37.349390] n_tty_write+0x352/0xda0 [ 37.349391] ? n_tty_open+0x160/0x160 [ 37.349392] ? do_wait_intr_irq+0x270/0x270 [ 37.349394] ? __might_fault+0x177/0x1b0 [ 37.349395] tty_write+0x410/0x740 [ 37.349396] ? n_tty_open+0x160/0x160 [ 37.349397] __vfs_write+0xe4/0x630 [ 37.349398] ? tty_compat_ioctl+0x240/0x240 [ 37.349400] ? debug_check_no_obj_freed+0x2c0/0x680 [ 37.349401] ? kernel_read+0x110/0x110 [ 37.349402] ? common_file_perm+0x3ee/0x580 [ 37.349403] ? security_file_permission+0x82/0x1e0 [ 37.349405] ? rw_verify_area+0xe1/0x2a0 [ 37.349406] vfs_write+0x17f/0x4d0 [ 37.349407] SyS_write+0xf2/0x210 [ 37.349408] ? SyS_read+0x210/0x210 [ 37.349409] ? do_syscall_64+0x4c/0x640 [ 37.349410] ? SyS_read+0x210/0x210 [ 37.349411] do_syscall_64+0x1d5/0x640 [ 37.349413] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 37.349414] RIP: 0033:0x7f299f69e789 [ 37.349415] RSP: 002b:00007ffd29ac9e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 37.349419] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f299f69e789 [ 37.349421] RDX: 00000000fffffedf RSI: 0000000020000000 RDI: 0000000000000004 [ 37.349422] RBP: 00007ffd29ac9eb0 R08: 0000000000000001 R09: 0000000000000001 [ 37.349424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 37.349426] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000