[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.121' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.237721] FAULT_INJECTION: forcing a failure. [ 28.237721] name failslab, interval 1, probability 0, space 0, times 1 [ 28.249914] CPU: 1 PID: 7951 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0 [ 28.257772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.267099] Call Trace: [ 28.269666] dump_stack+0x1b2/0x281 [ 28.273269] should_fail.cold+0x10a/0x149 [ 28.277391] should_failslab+0xd6/0x130 [ 28.281342] __kmalloc+0x6d/0x400 [ 28.284786] ? tty_buffer_alloc+0xc0/0x270 [ 28.289017] tty_buffer_alloc+0xc0/0x270 [ 28.293053] __tty_buffer_request_room+0x12c/0x290 [ 28.297957] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.303476] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.309425] pty_write+0xc3/0xf0 [ 28.312762] n_tty_write+0x85e/0xda0 [ 28.316463] ? n_tty_open+0x160/0x160 [ 28.320247] ? do_wait_intr_irq+0x270/0x270 [ 28.324546] ? __might_fault+0x177/0x1b0 [ 28.328578] tty_write+0x410/0x740 [ 28.332103] ? n_tty_open+0x160/0x160 [ 28.335878] __vfs_write+0xe4/0x630 [ 28.339482] ? tty_compat_ioctl+0x240/0x240 [ 28.343784] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.348771] ? kernel_read+0x110/0x110 [ 28.352633] ? common_file_perm+0x3ee/0x580 [ 28.356951] ? security_file_permission+0x82/0x1e0 [ 28.361859] ? rw_verify_area+0xe1/0x2a0 [ 28.365921] vfs_write+0x17f/0x4d0 [ 28.369433] SyS_write+0xf2/0x210 [ 28.372860] ? SyS_read+0x210/0x210 [ 28.376462] ? __do_page_fault+0x159/0xad0 [ 28.380669] ? do_syscall_64+0x4c/0x640 [ 28.384616] ? SyS_read+0x210/0x210 [ 28.388213] do_syscall_64+0x1d5/0x640 [ 28.392074] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.397235] RIP: 0033:0x7f0469895679 [ 28.400917] RSP: 002b:00007ffcf811fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.408594] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0469895679 [ 28.415835] RDX: 000000000000ff2e RSI: 00000000200000c0 RDI: 0000000000000003 [ 28.423097] RBP: 00007ffcf811fb60 R08: 0000000000000001 R09: 00007f0469850033 [ 28.430340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 28.437581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.444847] [ 28.444849] ====================================================== [ 28.444851] WARNING: possible circular locking dependency detected [ 28.444852] 4.14.302-syzkaller #0 Not tainted [ 28.444854] ------------------------------------------------------ [ 28.444856] syz-executor294/7951 is trying to acquire lock: [ 28.444856] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 28.444861] [ 28.444862] but task is already holding lock: [ 28.444863] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.444867] [ 28.444869] which lock already depends on the new lock. [ 28.444869] [ 28.444870] [ 28.444872] the existing dependency chain (in reverse order) is: [ 28.444872] [ 28.444873] -> #2 (&(&port->lock)->rlock){-.-.}: [ 28.444877] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.444879] tty_port_tty_get+0x1d/0x80 [ 28.444880] tty_port_default_wakeup+0x11/0x40 [ 28.444881] serial8250_tx_chars+0x3fe/0xc70 [ 28.444883] serial8250_handle_irq.part.0+0x2c7/0x390 [ 28.444884] serial8250_default_handle_irq+0x8a/0x1f0 [ 28.444886] serial8250_interrupt+0xf3/0x210 [ 28.444887] __handle_irq_event_percpu+0xee/0x7f0 [ 28.444889] handle_irq_event+0xed/0x240 [ 28.444890] handle_edge_irq+0x224/0xc40 [ 28.444891] handle_irq+0x35/0x50 [ 28.444892] do_IRQ+0x93/0x1d0 [ 28.444894] ret_from_intr+0x0/0x1e [ 28.444895] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 28.444896] uart_write+0x2dd/0x560 [ 28.444897] do_output_char+0x4f5/0x750 [ 28.444899] n_tty_write+0x3e3/0xda0 [ 28.444900] tty_write+0x410/0x740 [ 28.444901] redirected_tty_write+0x9c/0xb0 [ 28.444902] do_iter_write+0x3da/0x550 [ 28.444903] vfs_writev+0x125/0x290 [ 28.444905] do_writev+0xfc/0x2c0 [ 28.444906] do_syscall_64+0x1d5/0x640 [ 28.444907] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.444908] [ 28.444909] -> #1 (&port_lock_key){-.-.}: [ 28.444913] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.444914] serial8250_console_write+0x8cb/0xb40 [ 28.444916] console_unlock+0x99d/0xf20 [ 28.444917] vprintk_emit+0x224/0x620 [ 28.444918] vprintk_func+0x58/0x160 [ 28.444919] printk+0x9e/0xbc [ 28.444920] register_console+0x6f4/0xad0 [ 28.444922] univ8250_console_init+0x2f/0x3a [ 28.444923] console_init+0x46/0x53 [ 28.444924] start_kernel+0x521/0x763 [ 28.444925] secondary_startup_64+0xa5/0xb0 [ 28.444926] [ 28.444927] -> #0 (console_owner){....}: [ 28.444931] lock_acquire+0x170/0x3f0 [ 28.444932] console_unlock+0x36f/0xf20 [ 28.444933] vprintk_emit+0x224/0x620 [ 28.444934] vprintk_func+0x58/0x160 [ 28.444935] printk+0x9e/0xbc [ 28.444937] should_fail.cold+0xdf/0x149 [ 28.444938] should_failslab+0xd6/0x130 [ 28.444939] __kmalloc+0x6d/0x400 [ 28.444940] tty_buffer_alloc+0xc0/0x270 [ 28.444942] __tty_buffer_request_room+0x12c/0x290 [ 28.444943] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.444945] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.444946] pty_write+0xc3/0xf0 [ 28.444948] n_tty_write+0x85e/0xda0 [ 28.444949] tty_write+0x410/0x740 [ 28.444950] __vfs_write+0xe4/0x630 [ 28.444951] vfs_write+0x17f/0x4d0 [ 28.444952] SyS_write+0xf2/0x210 [ 28.444953] do_syscall_64+0x1d5/0x640 [ 28.444955] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.444956] [ 28.444957] other info that might help us debug this: [ 28.444958] [ 28.444958] Chain exists of: [ 28.444959] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 28.444964] [ 28.444966] Possible unsafe locking scenario: [ 28.444966] [ 28.444968] CPU0 CPU1 [ 28.444969] ---- ---- [ 28.444969] lock(&(&port->lock)->rlock); [ 28.444972] lock(&port_lock_key); [ 28.444975] lock(&(&port->lock)->rlock); [ 28.444978] lock(console_owner); [ 28.444980] [ 28.444981] *** DEADLOCK *** [ 28.444981] [ 28.444983] 6 locks held by syz-executor294/7951: [ 28.444983] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 28.444988] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 28.444992] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 28.444997] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 28.445001] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.445006] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 28.445010] [ 28.445011] stack backtrace: [ 28.445013] CPU: 1 PID: 7951 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0 [ 28.445016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.445017] Call Trace: [ 28.445018] dump_stack+0x1b2/0x281 [ 28.445020] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.445021] __lock_acquire+0x2e0e/0x3f20 [ 28.445022] ? trace_hardirqs_on+0x10/0x10 [ 28.445023] ? snprintf+0xd0/0xd0 [ 28.445025] ? console_unlock+0x34a/0xf20 [ 28.445026] lock_acquire+0x170/0x3f0 [ 28.445027] ? console_unlock+0x307/0xf20 [ 28.445028] console_unlock+0x36f/0xf20 [ 28.445029] ? console_unlock+0x307/0xf20 [ 28.445031] vprintk_emit+0x224/0x620 [ 28.445032] vprintk_func+0x58/0x160 [ 28.445033] printk+0x9e/0xbc [ 28.445034] ? log_store.cold+0x16/0x16 [ 28.445035] ? __lock_acquire+0x5fc/0x3f20 [ 28.445036] ? ___ratelimit+0x2b5/0x510 [ 28.445037] should_fail.cold+0xdf/0x149 [ 28.445039] should_failslab+0xd6/0x130 [ 28.445040] __kmalloc+0x6d/0x400 [ 28.445041] ? tty_buffer_alloc+0xc0/0x270 [ 28.445042] tty_buffer_alloc+0xc0/0x270 [ 28.445044] __tty_buffer_request_room+0x12c/0x290 [ 28.445045] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.445047] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.445048] pty_write+0xc3/0xf0 [ 28.445049] n_tty_write+0x85e/0xda0 [ 28.445050] ? n_tty_open+0x160/0x160 [ 28.445051] ? do_wait_intr_irq+0x270/0x270 [ 28.445053] ? __might_fault+0x177/0x1b0 [ 28.445054] tty_write+0x410/0x740 [ 28.445055] ? n_tty_open+0x160/0x160 [ 28.445056] __vfs_write+0xe4/0x630 [ 28.445057] ? tty_compat_ioctl+0x240/0x240 [ 28.445059] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.445060] ? kernel_read+0x110/0x110 [ 28.445061] ? common_file_perm+0x3ee/0x580 [ 28.445062] ? security_file_permission+0x82/0x1e0 [ 28.445064] ? rw_verify_area+0xe1/0x2a0 [ 28.445065] vfs_write+0x17f/0x4d0 [ 28.445066] SyS_write+0xf2/0x210 [ 28.445067] ? SyS_read+0x210/0x210 [ 28.445068] ? __do_page_fault+0x159/0xad0 [ 28.445069] ? do_syscall_64+0x4c/0x640 [ 28.445070] ? SyS_read+0x210/0x210 [ 28.445072] do_syscall_64+0x1d5/0x640 [ 28.445073] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.445074] RIP: 0033:0x7f0469895679 [ 28.445076] RSP: 002b:00007ffcf811fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 28.445079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0469895679 [ 28.445081] RDX: 000000000000ff2e RSI: 00000000200000c0 RDI: 0000000000000003 [ 28.445083] RBP: 00007ffcf811fb60 R08: 0000000000000001 R09: 00007f0469850033 [ 28.445085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 28.445086] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000