[ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.369192] FAULT_INJECTION: forcing a failure. [ 26.369192] name failslab, interval 1, probability 0, space 0, times 1 [ 26.380852] CPU: 0 PID: 7973 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0 [ 26.388704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.398032] Call Trace: [ 26.400592] dump_stack+0x1b2/0x281 [ 26.404195] should_fail.cold+0x10a/0x149 [ 26.408320] should_failslab+0xd6/0x130 [ 26.412269] __kmalloc+0x6d/0x400 [ 26.415697] ? tty_buffer_alloc+0xc0/0x270 [ 26.419902] tty_buffer_alloc+0xc0/0x270 [ 26.423947] __tty_buffer_request_room+0x12c/0x290 [ 26.428848] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.434358] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.440299] pty_write+0xc3/0xf0 [ 26.443640] tty_put_char+0xfe/0x120 [ 26.447330] ? dev_match_devt+0x80/0x80 [ 26.451276] ? pty_write_room+0xa9/0xd0 [ 26.455222] ? ptmx_open+0x300/0x300 [ 26.458909] __process_echoes+0x48c/0x8c0 [ 26.463030] ? mark_held_locks+0xa6/0xf0 [ 26.467063] process_echoes+0xe9/0x1a0 [ 26.470936] n_tty_receive_char_special+0xe93/0x2500 [ 26.476042] ? lock_acquire+0x170/0x3f0 [ 26.480005] ? n_tty_receive_buf_common+0x91/0x25a0 [ 26.484993] n_tty_receive_buf_common+0x1ae8/0x25a0 [ 26.489986] ? n_tty_receive_buf2+0x40/0x40 [ 26.494285] tty_ioctl+0xe8a/0x1430 [ 26.497895] ? tty_fasync+0x2c0/0x2c0 [ 26.501684] ? proc_fail_nth_write+0x7b/0x180 [ 26.506154] ? proc_tgid_io_accounting+0x6e0/0x7a0 [ 26.511056] ? fsnotify+0x974/0x11b0 [ 26.514742] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.519645] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.524635] ? tty_fasync+0x2c0/0x2c0 [ 26.528406] do_vfs_ioctl+0x75a/0xff0 [ 26.532283] ? ioctl_preallocate+0x1a0/0x1a0 [ 26.536766] ? vfs_write+0x319/0x4d0 [ 26.540470] ? SyS_write+0x14d/0x210 [ 26.544240] ? security_file_ioctl+0x83/0xb0 [ 26.548631] SyS_ioctl+0x7f/0xb0 [ 26.551976] ? do_vfs_ioctl+0xff0/0xff0 [ 26.555945] do_syscall_64+0x1d5/0x640 [ 26.559810] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.564978] RIP: 0033:0x7f8b272a47c9 [ 26.568663] RSP: 002b:00007ffdb9f1eef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 26.576430] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8b272a47c9 [ 26.583684] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 26.590929] RBP: 00007ffdb9f1ef10 R08: 0000000000000001 R09: 0000000000000001 [ 26.598209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 26.605485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.612742] [ 26.612744] ====================================================== [ 26.612746] WARNING: possible circular locking dependency detected [ 26.612747] 4.14.302-syzkaller #0 Not tainted [ 26.612749] ------------------------------------------------------ [ 26.612751] syz-executor294/7973 is trying to acquire lock: [ 26.612751] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 26.612756] [ 26.612757] but task is already holding lock: [ 26.612758] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.612762] [ 26.612764] which lock already depends on the new lock. [ 26.612765] [ 26.612765] [ 26.612767] the existing dependency chain (in reverse order) is: [ 26.612768] [ 26.612768] -> #2 (&(&port->lock)->rlock){-.-.}: [ 26.612773] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.612774] tty_port_tty_get+0x1d/0x80 [ 26.612775] tty_port_default_wakeup+0x11/0x40 [ 26.612777] serial8250_tx_chars+0x3fe/0xc70 [ 26.612778] serial8250_handle_irq.part.0+0x2c7/0x390 [ 26.612780] serial8250_default_handle_irq+0x8a/0x1f0 [ 26.612781] serial8250_interrupt+0xf3/0x210 [ 26.612783] __handle_irq_event_percpu+0xee/0x7f0 [ 26.612784] handle_irq_event+0xed/0x240 [ 26.612785] handle_edge_irq+0x224/0xc40 [ 26.612786] handle_irq+0x35/0x50 [ 26.612787] do_IRQ+0x93/0x1d0 [ 26.612789] ret_from_intr+0x0/0x1e [ 26.612790] native_safe_halt+0xe/0x10 [ 26.612791] default_idle+0x47/0x370 [ 26.612792] do_idle+0x250/0x3c0 [ 26.612793] cpu_startup_entry+0x14/0x20 [ 26.612795] start_kernel+0x743/0x763 [ 26.612796] secondary_startup_64+0xa5/0xb0 [ 26.612797] [ 26.612797] -> #1 (&port_lock_key){-.-.}: [ 26.612801] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.612803] serial8250_console_write+0x8cb/0xb40 [ 26.612804] console_unlock+0x99d/0xf20 [ 26.612805] vprintk_emit+0x224/0x620 [ 26.612806] vprintk_func+0x58/0x160 [ 26.612807] printk+0x9e/0xbc [ 26.612809] register_console+0x6f4/0xad0 [ 26.612810] univ8250_console_init+0x2f/0x3a [ 26.612811] console_init+0x46/0x53 [ 26.612812] start_kernel+0x521/0x763 [ 26.612814] secondary_startup_64+0xa5/0xb0 [ 26.612814] [ 26.612815] -> #0 (console_owner){....}: [ 26.612819] lock_acquire+0x170/0x3f0 [ 26.612820] console_unlock+0x36f/0xf20 [ 26.612821] vprintk_emit+0x224/0x620 [ 26.612823] vprintk_func+0x58/0x160 [ 26.612824] printk+0x9e/0xbc [ 26.612825] should_fail.cold+0xdf/0x149 [ 26.612826] should_failslab+0xd6/0x130 [ 26.612827] __kmalloc+0x6d/0x400 [ 26.612829] tty_buffer_alloc+0xc0/0x270 [ 26.612830] __tty_buffer_request_room+0x12c/0x290 [ 26.612832] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.612833] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.612835] pty_write+0xc3/0xf0 [ 26.612836] tty_put_char+0xfe/0x120 [ 26.612837] __process_echoes+0x48c/0x8c0 [ 26.612838] process_echoes+0xe9/0x1a0 [ 26.612840] n_tty_receive_char_special+0xe93/0x2500 [ 26.612841] n_tty_receive_buf_common+0x1ae8/0x25a0 [ 26.612843] tty_ioctl+0xe8a/0x1430 [ 26.612844] do_vfs_ioctl+0x75a/0xff0 [ 26.612845] SyS_ioctl+0x7f/0xb0 [ 26.612846] do_syscall_64+0x1d5/0x640 [ 26.612848] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.612848] [ 26.612850] other info that might help us debug this: [ 26.612850] [ 26.612851] Chain exists of: [ 26.612852] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 26.612857] [ 26.612858] Possible unsafe locking scenario: [ 26.612859] [ 26.612860] CPU0 CPU1 [ 26.612862] ---- ---- [ 26.612862] lock(&(&port->lock)->rlock); [ 26.612865] lock(&port_lock_key); [ 26.612868] lock(&(&port->lock)->rlock); [ 26.612870] lock(console_owner); [ 26.612873] [ 26.612874] *** DEADLOCK *** [ 26.612874] [ 26.612876] 6 locks held by syz-executor294/7973: [ 26.612876] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 26.612881] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 26.612886] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 26.612891] #3: (&ldata->output_lock){+.+.}, at: [] process_echoes+0x9f/0x1a0 [ 26.612895] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.612900] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 26.612905] [ 26.612906] stack backtrace: [ 26.612908] CPU: 0 PID: 7973 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0 [ 26.612910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.612911] Call Trace: [ 26.612912] dump_stack+0x1b2/0x281 [ 26.612914] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 26.612915] __lock_acquire+0x2e0e/0x3f20 [ 26.612916] ? trace_hardirqs_on+0x10/0x10 [ 26.612917] ? snprintf+0xd0/0xd0 [ 26.612919] ? console_unlock+0x34a/0xf20 [ 26.612920] lock_acquire+0x170/0x3f0 [ 26.612921] ? console_unlock+0x307/0xf20 [ 26.612922] console_unlock+0x36f/0xf20 [ 26.612923] ? console_unlock+0x307/0xf20 [ 26.612925] vprintk_emit+0x224/0x620 [ 26.612926] vprintk_func+0x58/0x160 [ 26.612927] printk+0x9e/0xbc [ 26.612928] ? log_store.cold+0x16/0x16 [ 26.612929] ? ___ratelimit+0x2b5/0x510 [ 26.612930] should_fail.cold+0xdf/0x149 [ 26.612931] should_failslab+0xd6/0x130 [ 26.612932] __kmalloc+0x6d/0x400 [ 26.612934] ? tty_buffer_alloc+0xc0/0x270 [ 26.612935] tty_buffer_alloc+0xc0/0x270 [ 26.612936] __tty_buffer_request_room+0x12c/0x290 [ 26.612938] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.612939] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.612940] pty_write+0xc3/0xf0 [ 26.612942] tty_put_char+0xfe/0x120 [ 26.612943] ? dev_match_devt+0x80/0x80 [ 26.612944] ? pty_write_room+0xa9/0xd0 [ 26.612945] ? ptmx_open+0x300/0x300 [ 26.612946] __process_echoes+0x48c/0x8c0 [ 26.612948] ? mark_held_locks+0xa6/0xf0 [ 26.612949] process_echoes+0xe9/0x1a0 [ 26.612950] n_tty_receive_char_special+0xe93/0x2500 [ 26.612951] ? lock_acquire+0x170/0x3f0 [ 26.612953] ? n_tty_receive_buf_common+0x91/0x25a0 [ 26.612954] n_tty_receive_buf_common+0x1ae8/0x25a0 [ 26.612955] ? n_tty_receive_buf2+0x40/0x40 [ 26.612957] tty_ioctl+0xe8a/0x1430 [ 26.612958] ? tty_fasync+0x2c0/0x2c0 [ 26.612959] ? proc_fail_nth_write+0x7b/0x180 [ 26.612960] ? proc_tgid_io_accounting+0x6e0/0x7a0 [ 26.612962] ? fsnotify+0x974/0x11b0 [ 26.612963] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 26.612964] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.612966] ? tty_fasync+0x2c0/0x2c0 [ 26.612967] do_vfs_ioctl+0x75a/0xff0 [ 26.612968] ? ioctl_preallocate+0x1a0/0x1a0 [ 26.612969] ? vfs_write+0x319/0x4d0 [ 26.612970] ? SyS_write+0x14d/0x210 [ 26.612972] ? security_file_ioctl+0x83/0xb0 [ 26.612973] SyS_ioctl+0x7f/0xb0 [ 26.612974] ? do_vfs_ioctl+0xff0/0xff0 [ 26.612975] do_syscall_64+0x1d5/0x640 [ 26.612976] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.612977] RIP: 0033:0x7f8b272a47c9 [ 26.612979] RSP: 002b:00007ffdb9f1eef8 EFLAGS: 00000246 ORIG