[ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.408507] FAULT_INJECTION: forcing a failure. [ 27.408507] name failslab, interval 1, probability 0, space 0, times 1 [ 27.420341] CPU: 0 PID: 8001 Comm: syz-executor119 Not tainted 4.14.302-syzkaller #0 [ 27.428213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.437539] Call Trace: [ 27.440124] dump_stack+0x1b2/0x281 [ 27.443723] should_fail.cold+0x10a/0x149 [ 27.447842] should_failslab+0xd6/0x130 [ 27.451791] __kmalloc+0x6d/0x400 [ 27.455217] ? tty_buffer_alloc+0xc0/0x270 [ 27.459423] tty_buffer_alloc+0xc0/0x270 [ 27.463455] __tty_buffer_request_room+0x12c/0x290 [ 27.468358] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.473868] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.479810] pty_write+0xc3/0xf0 [ 27.483149] ? tty_write_room+0x69/0x80 [ 27.487095] n_tty_write+0x352/0xda0 [ 27.490784] ? n_tty_open+0x160/0x160 [ 27.494562] ? do_wait_intr_irq+0x270/0x270 [ 27.498856] ? __might_fault+0x177/0x1b0 [ 27.502888] tty_write+0x410/0x740 [ 27.506397] ? n_tty_open+0x160/0x160 [ 27.510173] __vfs_write+0xe4/0x630 [ 27.513773] ? tty_compat_ioctl+0x240/0x240 [ 27.518067] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.523056] ? kernel_read+0x110/0x110 [ 27.526916] ? common_file_perm+0x3ee/0x580 [ 27.531212] ? security_file_permission+0x82/0x1e0 [ 27.536111] ? rw_verify_area+0xe1/0x2a0 [ 27.540148] vfs_write+0x17f/0x4d0 [ 27.543659] SyS_write+0xf2/0x210 [ 27.547084] ? SyS_read+0x210/0x210 [ 27.550701] ? do_syscall_64+0x4c/0x640 [ 27.554649] ? SyS_read+0x210/0x210 [ 27.558246] do_syscall_64+0x1d5/0x640 [ 27.562109] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.567269] RIP: 0033:0x7f8da34fd789 [ 27.570949] RSP: 002b:00007ffdd26192b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.578627] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8da34fd789 [ 27.585869] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 27.593110] RBP: 00007ffdd26192d0 R08: 0000000000000001 R09: 0000000000000001 [ 27.600353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 27.607595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.614864] [ 27.614866] ====================================================== [ 27.614868] WARNING: possible circular locking dependency detected [ 27.614869] 4.14.302-syzkaller #0 Not tainted [ 27.614871] ------------------------------------------------------ [ 27.614873] syz-executor119/8001 is trying to acquire lock: [ 27.614873] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.614878] [ 27.614879] but task is already holding lock: [ 27.614880] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.614884] [ 27.614886] which lock already depends on the new lock. [ 27.614887] [ 27.614887] [ 27.614889] the existing dependency chain (in reverse order) is: [ 27.614890] [ 27.614890] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.614895] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.614896] tty_port_tty_get+0x1d/0x80 [ 27.614897] tty_port_default_wakeup+0x11/0x40 [ 27.614899] serial8250_tx_chars+0x3fe/0xc70 [ 27.614900] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.614902] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.614903] serial8250_interrupt+0xf3/0x210 [ 27.614905] __handle_irq_event_percpu+0xee/0x7f0 [ 27.614906] handle_irq_event+0xed/0x240 [ 27.614907] handle_edge_irq+0x224/0xc40 [ 27.614908] handle_irq+0x35/0x50 [ 27.614910] do_IRQ+0x93/0x1d0 [ 27.614911] ret_from_intr+0x0/0x1e [ 27.614912] native_safe_halt+0xe/0x10 [ 27.614913] default_idle+0x47/0x370 [ 27.614914] do_idle+0x250/0x3c0 [ 27.614916] cpu_startup_entry+0x14/0x20 [ 27.614917] start_kernel+0x743/0x763 [ 27.614918] secondary_startup_64+0xa5/0xb0 [ 27.614919] [ 27.614919] -> #1 (&port_lock_key){-.-.}: [ 27.614924] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.614925] serial8250_console_write+0x8cb/0xb40 [ 27.614926] console_unlock+0x99d/0xf20 [ 27.614927] vprintk_emit+0x224/0x620 [ 27.614929] vprintk_func+0x58/0x160 [ 27.614930] printk+0x9e/0xbc [ 27.614931] register_console+0x6f4/0xad0 [ 27.614932] univ8250_console_init+0x2f/0x3a [ 27.614933] console_init+0x46/0x53 [ 27.614935] start_kernel+0x521/0x763 [ 27.614936] secondary_startup_64+0xa5/0xb0 [ 27.614937] [ 27.614937] -> #0 (console_owner){....}: [ 27.614941] lock_acquire+0x170/0x3f0 [ 27.614942] console_unlock+0x36f/0xf20 [ 27.614944] vprintk_emit+0x224/0x620 [ 27.614945] vprintk_func+0x58/0x160 [ 27.614946] printk+0x9e/0xbc [ 27.614947] should_fail.cold+0xdf/0x149 [ 27.614948] should_failslab+0xd6/0x130 [ 27.614950] __kmalloc+0x6d/0x400 [ 27.614951] tty_buffer_alloc+0xc0/0x270 [ 27.614952] __tty_buffer_request_room+0x12c/0x290 [ 27.614954] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.614956] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.614957] pty_write+0xc3/0xf0 [ 27.614958] n_tty_write+0x352/0xda0 [ 27.614959] tty_write+0x410/0x740 [ 27.614960] __vfs_write+0xe4/0x630 [ 27.614961] vfs_write+0x17f/0x4d0 [ 27.614963] SyS_write+0xf2/0x210 [ 27.614964] do_syscall_64+0x1d5/0x640 [ 27.614965] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.614966] [ 27.614967] other info that might help us debug this: [ 27.614968] [ 27.614969] Chain exists of: [ 27.614970] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.614975] [ 27.614976] Possible unsafe locking scenario: [ 27.614977] [ 27.614978] CPU0 CPU1 [ 27.614979] ---- ---- [ 27.614980] lock(&(&port->lock)->rlock); [ 27.614983] lock(&port_lock_key); [ 27.614986] lock(&(&port->lock)->rlock); [ 27.614988] lock(console_owner); [ 27.614990] [ 27.614991] *** DEADLOCK *** [ 27.614992] [ 27.614994] 6 locks held by syz-executor119/8001: [ 27.614994] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.614999] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 27.615003] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 27.615008] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 27.615013] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.615018] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.615022] [ 27.615023] stack backtrace: [ 27.615025] CPU: 0 PID: 8001 Comm: syz-executor119 Not tainted 4.14.302-syzkaller #0 [ 27.615027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.615028] Call Trace: [ 27.615029] dump_stack+0x1b2/0x281 [ 27.615031] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.615032] __lock_acquire+0x2e0e/0x3f20 [ 27.615033] ? trace_hardirqs_on+0x10/0x10 [ 27.615035] ? snprintf+0xd0/0xd0 [ 27.615036] ? console_unlock+0x34a/0xf20 [ 27.615037] lock_acquire+0x170/0x3f0 [ 27.615038] ? console_unlock+0x307/0xf20 [ 27.615039] console_unlock+0x36f/0xf20 [ 27.615040] ? console_unlock+0x307/0xf20 [ 27.615042] vprintk_emit+0x224/0x620 [ 27.615043] vprintk_func+0x58/0x160 [ 27.615044] printk+0x9e/0xbc [ 27.615045] ? log_store.cold+0x16/0x16 [ 27.615046] ? __lock_acquire+0x5fc/0x3f20 [ 27.615047] ? ___ratelimit+0x2b5/0x510 [ 27.615049] should_fail.cold+0xdf/0x149 [ 27.615050] should_failslab+0xd6/0x130 [ 27.615051] __kmalloc+0x6d/0x400 [ 27.615052] ? tty_buffer_alloc+0xc0/0x270 [ 27.615053] tty_buffer_alloc+0xc0/0x270 [ 27.615055] __tty_buffer_request_room+0x12c/0x290 [ 27.615056] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.615058] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.615059] pty_write+0xc3/0xf0 [ 27.615060] ? tty_write_room+0x69/0x80 [ 27.615061] n_tty_write+0x352/0xda0 [ 27.615062] ? n_tty_open+0x160/0x160 [ 27.615064] ? do_wait_intr_irq+0x270/0x270 [ 27.615065] ? __might_fault+0x177/0x1b0 [ 27.615066] tty_write+0x410/0x740 [ 27.615067] ? n_tty_open+0x160/0x160 [ 27.615068] __vfs_write+0xe4/0x630 [ 27.615069] ? tty_compat_ioctl+0x240/0x240 [ 27.615071] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.615072] ? kernel_read+0x110/0x110 [ 27.615073] ? common_file_perm+0x3ee/0x580 [ 27.615075] ? security_file_permission+0x82/0x1e0 [ 27.615076] ? rw_verify_area+0xe1/0x2a0 [ 27.615077] vfs_write+0x17f/0x4d0 [ 27.615078] SyS_write+0xf2/0x210 [ 27.615079] ? SyS_read+0x210/0x210 [ 27.615080] ? do_syscall_64+0x4c/0x640 [ 27.615081] ? SyS_read+0x210/0x210 [ 27.615083] do_syscall_64+0x1d5/0x640 [ 27.615084] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.615085] RIP: 0033:0x7f8da34fd789 [ 27.615087] RSP: 002b:00007ffdd26192b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 27.615090] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8da34fd789 [ 27.615092] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 27.615094] RBP: 00007ffdd26192d0 R08: 0000000000000001 R09: 0000000000000001 [ 27.615096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 27.615097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000