[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.438316] FAULT_INJECTION: forcing a failure. [ 40.438316] name failslab, interval 1, probability 0, space 0, times 1 [ 40.450193] CPU: 0 PID: 8078 Comm: syz-executor243 Not tainted 4.19.211-syzkaller #0 [ 40.458061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 40.467403] Call Trace: [ 40.469981] dump_stack+0x1fc/0x2ef [ 40.473694] should_fail.cold+0xa/0xf [ 40.477486] ? setup_fault_attr+0x200/0x200 [ 40.481797] ? mark_held_locks+0xf0/0xf0 [ 40.485836] ? lock_acquire+0x170/0x3c0 [ 40.489787] __should_failslab+0x115/0x180 [ 40.493999] should_failslab+0x5/0x10 [ 40.497777] __kmalloc+0x6d/0x3c0 [ 40.501211] ? tty_buffer_alloc+0x23f/0x2a0 [ 40.505513] ? __mutex_lock+0x368/0x1190 [ 40.509554] tty_buffer_alloc+0x23f/0x2a0 [ 40.513691] __tty_buffer_request_room+0x156/0x2a0 [ 40.518614] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.524150] ? do_raw_spin_lock+0xcb/0x220 [ 40.528398] pty_write+0x126/0x1f0 [ 40.531915] ? ptmx_open+0x350/0x350 [ 40.535611] n_tty_write+0x3c0/0xff0 [ 40.539303] ? n_tty_open+0x160/0x160 [ 40.543085] ? do_wait_intr_irq+0x270/0x270 [ 40.547383] ? __might_fault+0x192/0x1d0 [ 40.551441] tty_write+0x496/0x810 [ 40.554960] ? n_tty_open+0x160/0x160 [ 40.558744] __vfs_write+0xf7/0x770 [ 40.562347] ? tty_compat_ioctl+0x270/0x270 [ 40.566642] ? common_file_perm+0x4e5/0x850 [ 40.571028] ? kernel_read+0x110/0x110 [ 40.574892] ? trace_hardirqs_off+0x64/0x200 [ 40.579409] ? apparmor_getprocattr+0x11e0/0x11e0 [ 40.584229] ? vfs_write+0x3d7/0x540 [ 40.587926] ? security_file_permission+0x1c0/0x220 [ 40.592922] vfs_write+0x1f3/0x540 [ 40.596440] ksys_write+0x12b/0x2a0 [ 40.600051] ? __ia32_sys_read+0xb0/0xb0 [ 40.604088] ? trace_hardirqs_off_caller+0x6e/0x210 [ 40.609253] ? do_syscall_64+0x21/0x620 [ 40.613207] do_syscall_64+0xf9/0x620 [ 40.616984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.622145] RIP: 0033:0x7fcb43fa6789 [ 40.626014] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.644895] RSP: 002b:00007ffd4d208848 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.652576] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcb43fa6789 [ 40.659820] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 40.667078] RBP: 00007ffd4d208860 R08: 0000000000000001 R09: 0000000000000001 [ 40.674320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 40.681570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.688838] [ 40.688841] ====================================================== [ 40.688843] WARNING: possible circular locking dependency detected [ 40.688845] 4.19.211-syzkaller #0 Not tainted [ 40.688848] ------------------------------------------------------ [ 40.688850] syz-executor243/8078 is trying to acquire lock: [ 40.688851] 000000003902dc60 (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 40.688858] [ 40.688860] but task is already holding lock: [ 40.688861] 00000000ca953e91 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 40.688868] [ 40.688870] which lock already depends on the new lock. [ 40.688871] [ 40.688872] [ 40.688874] the existing dependency chain (in reverse order) is: [ 40.688875] [ 40.688876] -> #2 (&(&port->lock)->rlock){-.-.}: [ 40.688883] tty_port_tty_get+0x1d/0x80 [ 40.688885] tty_port_default_wakeup+0x11/0x40 [ 40.688887] serial8250_tx_chars+0x490/0xaf0 [ 40.688889] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 40.688891] serial8250_default_handle_irq+0xae/0x220 [ 40.688893] serial8250_interrupt+0x101/0x240 [ 40.688895] __handle_irq_event_percpu+0x27e/0x8e0 [ 40.688897] handle_irq_event+0x102/0x290 [ 40.688899] handle_edge_irq+0x260/0xcf0 [ 40.688900] handle_irq+0x35/0x50 [ 40.688902] do_IRQ+0x93/0x1c0 [ 40.688904] ret_from_intr+0x0/0x1e [ 40.688906] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 40.688907] uart_write+0x3bb/0x6f0 [ 40.688909] do_output_char+0x5de/0x850 [ 40.688911] n_tty_write+0x46e/0xff0 [ 40.688913] tty_write+0x496/0x810 [ 40.688914] redirected_tty_write+0xaa/0xb0 [ 40.688916] do_iter_write+0x461/0x5d0 [ 40.688918] vfs_writev+0x153/0x2e0 [ 40.688920] do_writev+0x136/0x330 [ 40.688921] do_syscall_64+0xf9/0x620 [ 40.688924] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.688924] [ 40.688926] -> #1 (&port_lock_key){-.-.}: [ 40.688932] serial8250_console_write+0x90e/0xb70 [ 40.688934] console_unlock+0xbb6/0x1110 [ 40.688936] vprintk_emit+0x2d1/0x740 [ 40.688937] vprintk_func+0x79/0x180 [ 40.688939] printk+0xba/0xed [ 40.688941] register_console+0x87f/0xc90 [ 40.688943] univ8250_console_init+0x3a/0x46 [ 40.688944] console_init+0x4cb/0x718 [ 40.688946] start_kernel+0x686/0x911 [ 40.688948] secondary_startup_64+0xa4/0xb0 [ 40.688949] [ 40.688950] -> #0 (console_owner){....}: [ 40.688956] console_unlock+0x411/0x1110 [ 40.688958] vprintk_emit+0x2d1/0x740 [ 40.688960] vprintk_func+0x79/0x180 [ 40.688961] printk+0xba/0xed [ 40.688963] should_fail+0x66b/0x7b0 [ 40.688965] __should_failslab+0x115/0x180 [ 40.688967] should_failslab+0x5/0x10 [ 40.688968] __kmalloc+0x6d/0x3c0 [ 40.688970] tty_buffer_alloc+0x23f/0x2a0 [ 40.688972] __tty_buffer_request_room+0x156/0x2a0 [ 40.688974] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.688976] pty_write+0x126/0x1f0 [ 40.688978] n_tty_write+0x3c0/0xff0 [ 40.688979] tty_write+0x496/0x810 [ 40.688981] __vfs_write+0xf7/0x770 [ 40.688983] vfs_write+0x1f3/0x540 [ 40.688985] ksys_write+0x12b/0x2a0 [ 40.688986] do_syscall_64+0xf9/0x620 [ 40.688988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.688989] [ 40.688991] other info that might help us debug this: [ 40.688992] [ 40.688994] Chain exists of: [ 40.688995] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 40.689003] [ 40.689005] Possible unsafe locking scenario: [ 40.689006] [ 40.689007] CPU0 CPU1 [ 40.689009] ---- ---- [ 40.689010] lock(&(&port->lock)->rlock); [ 40.689015] lock(&port_lock_key); [ 40.689019] lock(&(&port->lock)->rlock); [ 40.689023] lock(console_owner); [ 40.689026] [ 40.689027] *** DEADLOCK *** [ 40.689028] [ 40.689030] 6 locks held by syz-executor243/8078: [ 40.689031] #0: 000000003c95725c (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 40.689039] #1: 000000000c3ab773 (&tty->atomic_write_lock){+.+.}, at: tty_write+0x24e/0x810 [ 40.689046] #2: 0000000044ee1913 (&o_tty->termios_rwsem/1){++++}, at: n_tty_write+0x1b5/0xff0 [ 40.689054] #3: 0000000081752db6 (&ldata->output_lock){+.+.}, at: n_tty_write+0x4e3/0xff0 [ 40.689062] #4: 00000000ca953e91 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 40.689069] #5: 000000001a69fb36 (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 40.689076] [ 40.689077] stack backtrace: [ 40.689080] CPU: 0 PID: 8078 Comm: syz-executor243 Not tainted 4.19.211-syzkaller #0 [ 40.689084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 40.689085] Call Trace: [ 40.689087] dump_stack+0x1fc/0x2ef [ 40.689089] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 40.689091] __lock_acquire+0x30c9/0x3ff0 [ 40.689093] ? mark_held_locks+0xf0/0xf0 [ 40.689094] ? snprintf+0xf0/0xf0 [ 40.689096] ? console_unlock+0x3ec/0x1110 [ 40.689098] lock_acquire+0x170/0x3c0 [ 40.689100] ? console_unlock+0x3a9/0x1110 [ 40.689102] console_unlock+0x411/0x1110 [ 40.689104] ? console_unlock+0x3a9/0x1110 [ 40.689105] vprintk_emit+0x2d1/0x740 [ 40.689107] vprintk_func+0x79/0x180 [ 40.689109] printk+0xba/0xed [ 40.689110] ? log_store.cold+0x16/0x16 [ 40.689112] ? set_next_entity+0xb52/0x1dc0 [ 40.689114] ? __lock_acquire+0x6de/0x3ff0 [ 40.689116] ? ___ratelimit+0x319/0x590 [ 40.689117] should_fail+0x66b/0x7b0 [ 40.689119] ? setup_fault_attr+0x200/0x200 [ 40.689121] ? mark_held_locks+0xf0/0xf0 [ 40.689123] ? lock_acquire+0x170/0x3c0 [ 40.689125] __should_failslab+0x115/0x180 [ 40.689127] should_failslab+0x5/0x10 [ 40.689128] __kmalloc+0x6d/0x3c0 [ 40.689130] ? tty_buffer_alloc+0x23f/0x2a0 [ 40.689132] ? __mutex_lock+0x368/0x1190 [ 40.689134] tty_buffer_alloc+0x23f/0x2a0 [ 40.689136] __tty_buffer_request_room+0x156/0x2a0 [ 40.689138] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.689140] ? do_raw_spin_lock+0xcb/0x220 [ 40.689141] pty_write+0x126/0x1f0 [ 40.689143] ? ptmx_open+0x350/0x350 [ 40.689145] n_tty_write+0x3c0/0xff0 [ 40.689147] ? n_tty_open+0x160/0x160 [ 40.689148] ? do_wait_intr_irq+0x270/0x270 [ 40.689150] ? __might_fault+0x192/0x1d0 [ 40.689152] tty_write+0x496/0x810 [ 40.689154] ? n_tty_open+0x160/0x160 [ 40.689155] __vfs_write+0xf7/0x770 [ 40.689157] ? tty_compat_ioctl+0x270/0x270 [ 40.689159] ? common_file_perm+0x4e5/0x850 [ 40.689161] ? kernel_read+0x110/0x110 [ 40.689163] ? trace_hardirqs_off+0x64/0x200 [ 40.689165] ? apparmor_getprocattr+0x11e0/0x11e0 [ 40.689167] ? vfs_write+0x3d7/0x540 [ 40.689169] ? security_file_permission+0x1c0/0x220 [ 40.689170] vfs_write+0x1f3/0x540 [ 40.689172] ksys_write+0x12b/0x2a0 [ 40.689174] ? __ia32_sys_read+0xb0/0xb0 [ 40.689176] ? trace_hardirqs_off_caller+0x6e/0x210 [ 40.689178] ? do_syscall_64+0x21/0x620 [ 40.689179] do_syscall_64+0xf9/0x620 [ 40.689182] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.689183] RIP: 0033:0x7fcb43fa6789 [ 40.689189] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.689191] RSP: 002b:00007ffd4d208848 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.689196] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcb43fa6789 [ 40.689199] RDX: 00000000fffffdc9 RSI: 0000000020000000 RDI: 0000000000000004 [ 40.689201] RBP: 00007ffd4d208860 R08: 0000000000000001 R09: 0000000000000001 [ 40.689204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 40.689207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000