[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.080758] FAULT_INJECTION: forcing a failure. [ 27.080758] name failslab, interval 1, probability 0, space 0, times 1 [ 27.092916] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0 [ 27.100772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.110099] Call Trace: [ 27.112661] dump_stack+0x1b2/0x281 [ 27.116264] should_fail.cold+0x10a/0x149 [ 27.120386] should_failslab+0xd6/0x130 [ 27.124335] __kmalloc+0x6d/0x400 [ 27.127776] ? tty_buffer_alloc+0xc0/0x270 [ 27.131985] tty_buffer_alloc+0xc0/0x270 [ 27.136019] __tty_buffer_request_room+0x12c/0x290 [ 27.140923] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.146436] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.152381] pty_write+0xc3/0xf0 [ 27.155722] n_tty_write+0x85e/0xda0 [ 27.159412] ? n_tty_open+0x160/0x160 [ 27.163186] ? do_wait_intr_irq+0x270/0x270 [ 27.167479] ? __might_fault+0xf/0x1b0 [ 27.171338] tty_write+0x410/0x740 [ 27.174852] ? n_tty_open+0x160/0x160 [ 27.178626] __vfs_write+0xe4/0x630 [ 27.182225] ? tty_compat_ioctl+0x240/0x240 [ 27.186518] ? kernel_read+0x110/0x110 [ 27.190381] ? sanity+0x202/0x2f0 [ 27.193806] ? find_get_entry+0x339/0x630 [ 27.197927] ? copy_page_to_iter+0x42f/0xcd0 [ 27.202308] __kernel_write+0xf5/0x330 [ 27.206171] write_pipe_buf+0x143/0x1c0 [ 27.210121] ? default_file_splice_read+0x910/0x910 [ 27.215113] ? page_cache_pipe_buf_confirm+0x18f/0x260 [ 27.220368] __splice_from_pipe+0x326/0x7a0 [ 27.224664] ? default_file_splice_read+0x910/0x910 [ 27.229663] default_file_splice_write+0xc5/0x150 [ 27.234478] ? generic_splice_sendpage+0x110/0x110 [ 27.239383] ? rw_verify_area+0xe1/0x2a0 [ 27.243420] ? generic_splice_sendpage+0x110/0x110 [ 27.248325] direct_splice_actor+0x115/0x160 [ 27.252886] splice_direct_to_actor+0x27c/0x730 [ 27.257625] ? generic_pipe_buf_nosteal+0x10/0x10 [ 27.262454] ? do_splice_to+0x140/0x140 [ 27.266404] ? rw_verify_area+0xe1/0x2a0 [ 27.270438] do_splice_direct+0x164/0x210 [ 27.274561] ? splice_direct_to_actor+0x730/0x730 [ 27.279375] ? rw_verify_area+0xe1/0x2a0 [ 27.283410] do_sendfile+0x47f/0xb30 [ 27.287100] ? do_compat_writev+0x180/0x180 [ 27.291400] SyS_sendfile64+0xff/0x110 [ 27.295260] ? SyS_sendfile+0x130/0x130 [ 27.299295] ? do_syscall_64+0x4c/0x640 [ 27.303245] ? SyS_sendfile+0x130/0x130 [ 27.307191] do_syscall_64+0x1d5/0x640 [ 27.311233] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.316396] RIP: 0033:0x7f944c9a4719 [ 27.320086] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 27.328123] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719 [ 27.335370] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 27.342612] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432 [ 27.349948] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005 [ 27.357260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.364639] [ 27.364642] ====================================================== [ 27.364643] WARNING: possible circular locking dependency detected [ 27.364645] 4.14.301-syzkaller #0 Not tainted [ 27.364646] ------------------------------------------------------ [ 27.364648] syz-executor372/7987 is trying to acquire lock: [ 27.364649] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.364653] [ 27.364654] but task is already holding lock: [ 27.364655] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.364660] [ 27.364661] which lock already depends on the new lock. [ 27.364662] [ 27.364662] [ 27.364664] the existing dependency chain (in reverse order) is: [ 27.364665] [ 27.364665] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.364670] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.364671] tty_port_tty_get+0x1d/0x80 [ 27.364672] tty_port_default_wakeup+0x11/0x40 [ 27.364674] serial8250_tx_chars+0x3fe/0xc70 [ 27.364675] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.364677] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.364678] serial8250_interrupt+0xf3/0x210 [ 27.364679] __handle_irq_event_percpu+0xee/0x7f0 [ 27.364681] handle_irq_event+0xed/0x240 [ 27.364682] handle_edge_irq+0x224/0xc40 [ 27.364683] handle_irq+0x35/0x50 [ 27.364684] do_IRQ+0x93/0x1d0 [ 27.364685] ret_from_intr+0x0/0x1e [ 27.364687] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 27.364688] uart_write+0x2dd/0x560 [ 27.364689] do_output_char+0x4f5/0x750 [ 27.364690] n_tty_write+0x3e3/0xda0 [ 27.364691] tty_write+0x410/0x740 [ 27.364693] redirected_tty_write+0x9c/0xb0 [ 27.364694] do_iter_write+0x3da/0x550 [ 27.364695] vfs_writev+0x125/0x290 [ 27.364696] do_writev+0xfc/0x2c0 [ 27.364697] do_syscall_64+0x1d5/0x640 [ 27.364715] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.364716] [ 27.364716] -> #1 (&port_lock_key){-.-.}: [ 27.364721] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.364722] serial8250_console_write+0x8cb/0xb40 [ 27.364723] console_unlock+0x99d/0xf20 [ 27.364724] vprintk_emit+0x224/0x620 [ 27.364726] vprintk_func+0x58/0x160 [ 27.364727] printk+0x9e/0xbc [ 27.364728] register_console+0x6f4/0xad0 [ 27.364729] univ8250_console_init+0x2f/0x3a [ 27.364730] console_init+0x46/0x53 [ 27.364732] start_kernel+0x521/0x763 [ 27.364733] secondary_startup_64+0xa5/0xb0 [ 27.364734] [ 27.364734] -> #0 (console_owner){....}: [ 27.364738] lock_acquire+0x170/0x3f0 [ 27.364740] console_unlock+0x36f/0xf20 [ 27.364741] vprintk_emit+0x224/0x620 [ 27.364742] vprintk_func+0x58/0x160 [ 27.364743] printk+0x9e/0xbc [ 27.364744] should_fail.cold+0xdf/0x149 [ 27.364746] should_failslab+0xd6/0x130 [ 27.364747] __kmalloc+0x6d/0x400 [ 27.364748] tty_buffer_alloc+0xc0/0x270 [ 27.364749] __tty_buffer_request_room+0x12c/0x290 [ 27.364751] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.364753] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.364754] pty_write+0xc3/0xf0 [ 27.364755] n_tty_write+0x85e/0xda0 [ 27.364756] tty_write+0x410/0x740 [ 27.364757] __vfs_write+0xe4/0x630 [ 27.364759] __kernel_write+0xf5/0x330 [ 27.364760] write_pipe_buf+0x143/0x1c0 [ 27.364765] __splice_from_pipe+0x326/0x7a0 [ 27.364767] default_file_splice_write+0xc5/0x150 [ 27.364768] direct_splice_actor+0x115/0x160 [ 27.364770] splice_direct_to_actor+0x27c/0x730 [ 27.364771] do_splice_direct+0x164/0x210 [ 27.364772] do_sendfile+0x47f/0xb30 [ 27.364773] SyS_sendfile64+0xff/0x110 [ 27.364774] do_syscall_64+0x1d5/0x640 [ 27.364776] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.364776] [ 27.364778] other info that might help us debug this: [ 27.364779] [ 27.364780] Chain exists of: [ 27.364780] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.364785] [ 27.364787] Possible unsafe locking scenario: [ 27.364787] [ 27.364789] CPU0 CPU1 [ 27.364790] ---- ---- [ 27.364790] lock(&(&port->lock)->rlock); [ 27.364793] lock(&port_lock_key); [ 27.364796] lock(&(&port->lock)->rlock); [ 27.364799] lock(console_owner); [ 27.364801] [ 27.364802] *** DEADLOCK *** [ 27.364802] [ 27.364804] 6 locks held by syz-executor372/7987: [ 27.364804] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.364809] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 27.364813] #2: (&tty->termios_rwsem){++++}, at: [] n_tty_write+0x18a/0xda0 [ 27.364818] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x82b/0xda0 [ 27.364822] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.364827] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.364831] [ 27.364832] stack backtrace: [ 27.364834] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0 [ 27.364837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.364838] Call Trace: [ 27.364839] dump_stack+0x1b2/0x281 [ 27.364840] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.364841] __lock_acquire+0x2e0e/0x3f20 [ 27.364843] ? trace_hardirqs_on+0x10/0x10 [ 27.364844] ? snprintf+0xd0/0xd0 [ 27.364845] ? console_unlock+0x34a/0xf20 [ 27.364846] lock_acquire+0x170/0x3f0 [ 27.364847] ? console_unlock+0x307/0xf20 [ 27.364848] console_unlock+0x36f/0xf20 [ 27.364850] ? console_unlock+0x307/0xf20 [ 27.364851] vprintk_emit+0x224/0x620 [ 27.364852] vprintk_func+0x58/0x160 [ 27.364853] printk+0x9e/0xbc [ 27.364854] ? log_store.cold+0x16/0x16 [ 27.364855] ? __lock_acquire+0x5fc/0x3f20 [ 27.364857] ? ___ratelimit+0x2b5/0x510 [ 27.364858] should_fail.cold+0xdf/0x149 [ 27.364859] should_failslab+0xd6/0x130 [ 27.364860] __kmalloc+0x6d/0x400 [ 27.364861] ? tty_buffer_alloc+0xc0/0x270 [ 27.364862] tty_buffer_alloc+0xc0/0x270 [ 27.364864] __tty_buffer_request_room+0x12c/0x290 [ 27.364865] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.364867] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.364868] pty_write+0xc3/0xf0 [ 27.364869] n_tty_write+0x85e/0xda0 [ 27.364870] ? n_tty_open+0x160/0x160 [ 27.364872] ? do_wait_intr_irq+0x270/0x270 [ 27.364873] ? __might_fault+0xf/0x1b0 [ 27.364874] tty_write+0x410/0x740 [ 27.364875] ? n_tty_open+0x160/0x160 [ 27.364876] __vfs_write+0xe4/0x630 [ 27.364877] ? tty_compat_ioctl+0x240/0x240 [ 27.364878] ? kernel_read+0x110/0x110 [ 27.364880] ? sanity+0x202/0x2f0 [ 27.364881] ? find_get_entry+0x339/0x630 [ 27.364882] ? copy_page_to_iter+0x42f/0xcd0 [ 27.364883] __kernel_write+0xf5/0x330 [ 27.364884] write_pipe_buf+0x143/0x1c0 [ 27.364886] ? default_file_splice_read+0x910/0x910 [ 27.364887] ? page_cache_pipe_buf_confirm+0x18f/0x260 [ 27.364889] __splice_from_pipe+0x326/0x7a0 [ 27.364890] ? default_file_splice_read+0x910/0x910 [ 27.364891] default_file_splice_write+0xc5/0x150 [ 27.364893] ? generic_splice_sendpage+0x110/0x110 [ 27.364894] ? rw_verify_area+0xe1/0x2a0 [ 27.364895] ? generic_splice_sendpage+0x110/0x110 [ 27.364897] direct_splice_actor+0x115/0x160 [ 27.364898] splice_direct_to_actor+0x27c/0x730 [ 27.364899] ? generic_pipe_buf_nosteal+0x10/0x10 [ 27.364900] ? do_splice_to+0x140/0x140 [ 27.364902] ? rw_verify_area+0xe1/0x2a0 [ 27.364903] do_splice_direct+0x164/0x210 [ 27.364904] ? splice_direct_to_actor+0x730/0x730 [ 27.364905] ? rw_verify_area+0xe1/0x2a0 [ 27.364906] do_sendfile+0x47f/0xb30 [ 27.364908] ? do_compat_writev+0x180/0x180 [ 27.364909] SyS_sendfile64+0xff/0x110 [ 27.364910] ? SyS_sendfile+0x130/0x130 [ 27.364911] ? do_syscall_64+0x4c/0x640 [ 27.364912] ? SyS_sendfile+0x130/0x130 [ 27.364914] do_syscall_64+0x1d5/0x640 [ 27.364915] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.364916] RIP: 0033:0x7f944c9a4719 [ 27.364918] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 27.364921] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719 [ 27.364923] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 27.364925] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432 [ 27.364927] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005 [ 27.364929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000