[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.192954] FAULT_INJECTION: forcing a failure. [ 27.192954] name failslab, interval 1, probability 0, space 0, times 1 [ 27.204620] CPU: 1 PID: 7965 Comm: syz-executor205 Not tainted 4.14.300-syzkaller #0 [ 27.212468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.221797] Call Trace: [ 27.224359] dump_stack+0x1b2/0x281 [ 27.227959] should_fail.cold+0x10a/0x149 [ 27.232077] should_failslab+0xd6/0x130 [ 27.236020] __kmalloc+0x6d/0x400 [ 27.239445] ? tty_buffer_alloc+0xc0/0x270 [ 27.243649] tty_buffer_alloc+0xc0/0x270 [ 27.247679] __tty_buffer_request_room+0x12c/0x290 [ 27.252578] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.258087] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.264028] pty_write+0xc3/0xf0 [ 27.267365] ? tty_write_room+0x69/0x80 [ 27.271320] n_tty_write+0x352/0xda0 [ 27.275012] ? n_tty_open+0x160/0x160 [ 27.278783] ? do_wait_intr_irq+0x270/0x270 [ 27.283076] ? __might_fault+0x177/0x1b0 [ 27.287107] tty_write+0x410/0x740 [ 27.290625] ? n_tty_open+0x160/0x160 [ 27.294398] __vfs_write+0xe4/0x630 [ 27.297994] ? tty_compat_ioctl+0x240/0x240 [ 27.302298] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.307283] ? kernel_read+0x110/0x110 [ 27.311160] ? common_file_perm+0x3ee/0x580 [ 27.315454] ? security_file_permission+0x82/0x1e0 [ 27.320352] ? rw_verify_area+0xe1/0x2a0 [ 27.324383] vfs_write+0x17f/0x4d0 [ 27.327902] SyS_write+0xf2/0x210 [ 27.331339] ? SyS_read+0x210/0x210 [ 27.334941] ? do_syscall_64+0x4c/0x640 [ 27.338885] ? SyS_read+0x210/0x210 [ 27.342482] do_syscall_64+0x1d5/0x640 [ 27.346347] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.351535] [ 27.351538] ====================================================== [ 27.351541] WARNING: possible circular locking dependency detected [ 27.351543] 4.14.300-syzkaller #0 Not tainted [ 27.351546] ------------------------------------------------------ [ 27.351549] syz-executor205/7965 is trying to acquire lock: [ 27.351550] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.351557] [ 27.351559] but task is already holding lock: [ 27.351560] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.351565] [ 27.351566] which lock already depends on the new lock. [ 27.351567] [ 27.351568] [ 27.351569] the existing dependency chain (in reverse order) is: [ 27.351570] [ 27.351571] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.351575] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.351576] tty_port_tty_get+0x1d/0x80 [ 27.351578] tty_port_default_wakeup+0x11/0x40 [ 27.351579] serial8250_tx_chars+0x3fe/0xc70 [ 27.351581] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.351582] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.351584] serial8250_interrupt+0xf3/0x210 [ 27.351585] __handle_irq_event_percpu+0xee/0x7f0 [ 27.351587] handle_irq_event+0xed/0x240 [ 27.351588] handle_edge_irq+0x224/0xc40 [ 27.351589] handle_irq+0x35/0x50 [ 27.351590] do_IRQ+0x93/0x1d0 [ 27.351591] ret_from_intr+0x0/0x1e [ 27.351592] [ 27.351593] -> #1 (&port_lock_key){-.-.}: [ 27.351597] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.351598] serial8250_console_write+0x8cb/0xb40 [ 27.351599] console_unlock+0x99d/0xf20 [ 27.351601] vprintk_emit+0x224/0x620 [ 27.351602] vprintk_func+0x58/0x160 [ 27.351603] printk+0x9e/0xbc [ 27.351604] register_console+0x6f4/0xad0 [ 27.351605] univ8250_console_init+0x2f/0x3a [ 27.351607] console_init+0x46/0x53 [ 27.351608] start_kernel+0x521/0x763 [ 27.351609] secondary_startup_64+0xa5/0xb0 [ 27.351610] [ 27.351610] -> #0 (console_owner){....}: [ 27.351614] lock_acquire+0x170/0x3f0 [ 27.351616] console_unlock+0x36f/0xf20 [ 27.351617] vprintk_emit+0x224/0x620 [ 27.351618] vprintk_func+0x58/0x160 [ 27.351619] printk+0x9e/0xbc [ 27.351620] should_fail.cold+0xdf/0x149 [ 27.351622] should_failslab+0xd6/0x130 [ 27.351623] __kmalloc+0x6d/0x400 [ 27.351624] tty_buffer_alloc+0xc0/0x270 [ 27.351625] __tty_buffer_request_room+0x12c/0x290 [ 27.351628] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.351629] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.351630] pty_write+0xc3/0xf0 [ 27.351632] n_tty_write+0x352/0xda0 [ 27.351633] tty_write+0x410/0x740 [ 27.351634] __vfs_write+0xe4/0x630 [ 27.351635] vfs_write+0x17f/0x4d0 [ 27.351636] SyS_write+0xf2/0x210 [ 27.351638] do_syscall_64+0x1d5/0x640 [ 27.351639] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.351640] [ 27.351641] other info that might help us debug this: [ 27.351642] [ 27.351643] Chain exists of: [ 27.351643] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.351649] [ 27.351650] Possible unsafe locking scenario: [ 27.351651] [ 27.351652] CPU0 CPU1 [ 27.351653] ---- ---- [ 27.351654] lock(&(&port->lock)->rlock); [ 27.351657] lock(&port_lock_key); [ 27.351660] lock(&(&port->lock)->rlock); [ 27.351662] lock(console_owner); [ 27.351664] [ 27.351665] *** DEADLOCK *** [ 27.351666] [ 27.351667] 6 locks held by syz-executor205/7965: [ 27.351668] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.351672] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 27.351677] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 27.351682] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 27.351686] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.351691] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.351696] [ 27.351696] stack backtrace: [ 27.351699] CPU: 1 PID: 7965 Comm: syz-executor205 Not tainted 4.14.300-syzkaller #0 [ 27.351701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.351702] Call Trace: [ 27.351703] dump_stack+0x1b2/0x281 [ 27.351704] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.351706] __lock_acquire+0x2e0e/0x3f20 [ 27.351707] ? trace_hardirqs_on+0x10/0x10 [ 27.351708] ? snprintf+0xd0/0xd0 [ 27.351709] ? console_unlock+0x34a/0xf20 [ 27.351710] lock_acquire+0x170/0x3f0 [ 27.351712] ? console_unlock+0x307/0xf20 [ 27.351713] console_unlock+0x36f/0xf20 [ 27.351714] ? console_unlock+0x307/0xf20 [ 27.351715] vprintk_emit+0x224/0x620 [ 27.351716] vprintk_func+0x58/0x160 [ 27.351717] printk+0x9e/0xbc [ 27.351719] ? log_store.cold+0x16/0x16 [ 27.351720] ? __lock_acquire+0x5fc/0x3f20 [ 27.351721] ? ___ratelimit+0x2b5/0x510 [ 27.351722] should_fail.cold+0xdf/0x149 [ 27.351723] should_failslab+0xd6/0x130 [ 27.351724] __kmalloc+0x6d/0x400 [ 27.351726] ? tty_buffer_alloc+0xc0/0x270 [ 27.351727] tty_buffer_alloc+0xc0/0x270 [ 27.351728] __tty_buffer_request_room+0x12c/0x290 [ 27.351730] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.351731] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.351732] pty_write+0xc3/0xf0 [ 27.351734] ? tty_write_room+0x69/0x80 [ 27.351735] n_tty_write+0x352/0xda0 [ 27.351736] ? n_tty_open+0x160/0x160 [ 27.351737] ? do_wait_intr_irq+0x270/0x270 [ 27.351738] ? __might_fault+0x177/0x1b0 [ 27.351740] tty_write+0x410/0x740 [ 27.351741] ? n_tty_open+0x160/0x160 [ 27.351742] __vfs_write+0xe4/0x630 [ 27.351743] ? tty_compat_ioctl+0x240/0x240 [ 27.351744] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.351746] ? kernel_read+0x110/0x110 [ 27.351747] ? common_file_perm+0x3ee/0x580 [ 27.351748] ? security_file_permission+0x82/0x1e0 [ 27.351750] ? rw_verify_area+0xe1/0x2a0 [ 27.351751] vfs_write+0x17f/0x4d0 [ 27.351752] SyS_write+0xf2/0x210 [ 27.351753] ? SyS_read+0x210/0x210 [ 27.351754] ? do_syscall_64+0x4c/0x640 [ 27.351755] ? SyS_read+0x210/0x210 [ 27.351756] do_syscall_64+0x1d5/0x640 [ 27.351758] entry_SYSCALL_64_after_hwframe+0x5e/0xd3