[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.139' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.657234] FAULT_INJECTION: forcing a failure. [ 30.657234] name failslab, interval 1, probability 0, space 0, times 1 [ 30.669296] CPU: 0 PID: 8088 Comm: syz-executor228 Not tainted 4.19.211-syzkaller #0 [ 30.677218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 30.686556] Call Trace: [ 30.689144] dump_stack+0x1fc/0x2ef [ 30.692753] should_fail.cold+0xa/0xf [ 30.696543] ? setup_fault_attr+0x200/0x200 [ 30.700867] ? __lock_acquire+0x6de/0x3ff0 [ 30.705078] ? mark_held_locks+0xf0/0xf0 [ 30.709119] __should_failslab+0x115/0x180 [ 30.713337] should_failslab+0x5/0x10 [ 30.717117] __kmalloc+0x6d/0x3c0 [ 30.720547] ? tty_buffer_alloc+0x23f/0x2a0 [ 30.724846] tty_buffer_alloc+0x23f/0x2a0 [ 30.728985] __tty_buffer_request_room+0x156/0x2a0 [ 30.733896] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 30.739411] ? do_raw_spin_lock+0xcb/0x220 [ 30.743627] pty_write+0x126/0x1f0 [ 30.747171] tty_send_xchar+0x28d/0x3b0 [ 30.751121] ? tty_write_message+0x140/0x140 [ 30.755505] ? _kstrtoull+0x297/0x540 [ 30.759306] n_tty_ioctl_helper+0x18d/0x3a0 [ 30.763607] n_tty_ioctl+0x56/0x360 [ 30.767226] tty_ioctl+0x65d/0x1630 [ 30.770853] ? n_tty_poll+0x8f0/0x8f0 [ 30.774651] ? tty_fasync+0x300/0x300 [ 30.778451] ? get_pid_task+0xf4/0x190 [ 30.782313] ? proc_fail_nth_write+0x95/0x1d0 [ 30.786803] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 30.791714] ? debug_check_no_obj_freed+0x201/0x490 [ 30.796708] ? __vfs_write+0xff/0x770 [ 30.800483] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 30.805388] ? common_file_perm+0x4e5/0x850 [ 30.809688] ? tty_fasync+0x300/0x300 [ 30.813477] do_vfs_ioctl+0xcdb/0x12e0 [ 30.817350] ? vfs_write+0x3d7/0x540 [ 30.821039] ? ioctl_preallocate+0x200/0x200 [ 30.825422] ? lock_downgrade+0x720/0x720 [ 30.829546] ? check_preemption_disabled+0x41/0x280 [ 30.834537] ? vfs_write+0x393/0x540 [ 30.838226] ? ksys_write+0x1c8/0x2a0 [ 30.842009] ksys_ioctl+0x9b/0xc0 [ 30.845433] __x64_sys_ioctl+0x6f/0xb0 [ 30.849295] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 30.853852] do_syscall_64+0xf9/0x620 [ 30.857628] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.862793] RIP: 0033:0x7f9204d80699 [ 30.866486] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.885362] RSP: 002b:00007ffe82619258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.893050] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9204d80699 [ 30.900297] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003 [ 30.907542] RBP: 00007ffe82619260 R08: 0000000000000001 R09: 00007f9204d40031 [ 30.914794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 30.922043] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.929308] [ 30.929311] ====================================================== [ 30.929313] WARNING: possible circular locking dependency detected [ 30.929315] 4.19.211-syzkaller #0 Not tainted [ 30.929317] ------------------------------------------------------ [ 30.929320] syz-executor228/8088 is trying to acquire lock: [ 30.929321] 00000000136d8a2c (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 30.929327] [ 30.929329] but task is already holding lock: [ 30.929331] 000000008749073c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 30.929337] [ 30.929339] which lock already depends on the new lock. [ 30.929340] [ 30.929341] [ 30.929343] the existing dependency chain (in reverse order) is: [ 30.929344] [ 30.929345] -> #2 (&(&port->lock)->rlock){-.-.}: [ 30.929351] tty_port_tty_get+0x1d/0x80 [ 30.929353] tty_port_default_wakeup+0x11/0x40 [ 30.929355] serial8250_tx_chars+0x490/0xaf0 [ 30.929357] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 30.929359] serial8250_default_handle_irq+0xae/0x220 [ 30.929361] serial8250_interrupt+0x101/0x240 [ 30.929363] __handle_irq_event_percpu+0x27e/0x8e0 [ 30.929365] handle_irq_event+0x102/0x290 [ 30.929366] handle_edge_irq+0x260/0xcf0 [ 30.929368] handle_irq+0x35/0x50 [ 30.929369] do_IRQ+0x93/0x1c0 [ 30.929371] ret_from_intr+0x0/0x1e [ 30.929373] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 30.929375] uart_write+0x3bb/0x6f0 [ 30.929376] do_output_char+0x5de/0x850 [ 30.929378] n_tty_write+0x46e/0xff0 [ 30.929380] tty_write+0x496/0x810 [ 30.929381] redirected_tty_write+0xaa/0xb0 [ 30.929383] do_iter_write+0x461/0x5d0 [ 30.929385] vfs_writev+0x153/0x2e0 [ 30.929386] do_writev+0x136/0x330 [ 30.929388] do_syscall_64+0xf9/0x620 [ 30.929390] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.929391] [ 30.929392] -> #1 (&port_lock_key){-.-.}: [ 30.929398] serial8250_console_write+0x90e/0xb70 [ 30.929400] console_unlock+0xbb6/0x1110 [ 30.929401] vprintk_emit+0x2d1/0x740 [ 30.929403] vprintk_func+0x79/0x180 [ 30.929404] printk+0xba/0xed [ 30.929406] register_console+0x87f/0xc90 [ 30.929408] univ8250_console_init+0x3a/0x46 [ 30.929410] console_init+0x4cb/0x718 [ 30.929411] start_kernel+0x686/0x911 [ 30.929413] secondary_startup_64+0xa4/0xb0 [ 30.929414] [ 30.929415] -> #0 (console_owner){....}: [ 30.929421] console_unlock+0x411/0x1110 [ 30.929423] vprintk_emit+0x2d1/0x740 [ 30.929424] vprintk_func+0x79/0x180 [ 30.929426] printk+0xba/0xed [ 30.929428] should_fail+0x66b/0x7b0 [ 30.929429] __should_failslab+0x115/0x180 [ 30.929431] should_failslab+0x5/0x10 [ 30.929433] __kmalloc+0x6d/0x3c0 [ 30.929434] tty_buffer_alloc+0x23f/0x2a0 [ 30.929436] __tty_buffer_request_room+0x156/0x2a0 [ 30.929455] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 30.929457] pty_write+0x126/0x1f0 [ 30.929459] tty_send_xchar+0x28d/0x3b0 [ 30.929461] n_tty_ioctl_helper+0x18d/0x3a0 [ 30.929463] n_tty_ioctl+0x56/0x360 [ 30.929464] tty_ioctl+0x65d/0x1630 [ 30.929466] do_vfs_ioctl+0xcdb/0x12e0 [ 30.929468] ksys_ioctl+0x9b/0xc0 [ 30.929470] __x64_sys_ioctl+0x6f/0xb0 [ 30.929471] do_syscall_64+0xf9/0x620 [ 30.929474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.929475] [ 30.929477] other info that might help us debug this: [ 30.929478] [ 30.929479] Chain exists of: [ 30.929480] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 30.929501] [ 30.929503] Possible unsafe locking scenario: [ 30.929504] [ 30.929505] CPU0 CPU1 [ 30.929507] ---- ---- [ 30.929508] lock(&(&port->lock)->rlock); [ 30.929512] lock(&port_lock_key); [ 30.929516] lock(&(&port->lock)->rlock); [ 30.929520] lock(console_owner); [ 30.929523] [ 30.929524] *** DEADLOCK *** [ 30.929525] [ 30.929527] 5 locks held by syz-executor228/8088: [ 30.929528] #0: 000000006b761e2b (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 30.929535] #1: 00000000a42c8795 (&tty->atomic_write_lock){+.+.}, at: tty_send_xchar+0x1d9/0x3b0 [ 30.929543] #2: 000000008fc8ce07 (&tty->termios_rwsem){++++}, at: tty_send_xchar+0x226/0x3b0 [ 30.929550] #3: 000000008749073c (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 30.929557] #4: 00000000551a309e (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 30.929564] [ 30.929565] stack backtrace: [ 30.929568] CPU: 0 PID: 8088 Comm: syz-executor228 Not tainted 4.19.211-syzkaller #0 [ 30.929571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 30.929573] Call Trace: [ 30.929574] dump_stack+0x1fc/0x2ef [ 30.929576] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 30.929578] __lock_acquire+0x30c9/0x3ff0 [ 30.929580] ? mark_held_locks+0xf0/0xf0 [ 30.929582] ? snprintf+0xf0/0xf0 [ 30.929583] ? console_unlock+0x3ec/0x1110 [ 30.929585] lock_acquire+0x170/0x3c0 [ 30.929587] ? console_unlock+0x3a9/0x1110 [ 30.929588] console_unlock+0x411/0x1110 [ 30.929590] ? console_unlock+0x3a9/0x1110 [ 30.929592] vprintk_emit+0x2d1/0x740 [ 30.929594] vprintk_func+0x79/0x180 [ 30.929595] printk+0xba/0xed [ 30.929597] ? log_store.cold+0x16/0x16 [ 30.929599] ? __lock_acquire+0x22f9/0x3ff0 [ 30.929600] ? ___ratelimit+0x319/0x590 [ 30.929602] should_fail+0x66b/0x7b0 [ 30.929604] ? setup_fault_attr+0x200/0x200 [ 30.929605] ? __lock_acquire+0x6de/0x3ff0 [ 30.929607] ? mark_held_locks+0xf0/0xf0 [ 30.929609] __should_failslab+0x115/0x180 [ 30.929611] should_failslab+0x5/0x10 [ 30.929612] __kmalloc+0x6d/0x3c0 [ 30.929614] ? tty_buffer_alloc+0x23f/0x2a0 [ 30.929616] tty_buffer_alloc+0x23f/0x2a0 [ 30.929618] __tty_buffer_request_room+0x156/0x2a0 [ 30.929620] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 30.929622] ? do_raw_spin_lock+0xcb/0x220 [ 30.929623] pty_write+0x126/0x1f0 [ 30.929625] tty_send_xchar+0x28d/0x3b0 [ 30.929627] ? tty_write_message+0x140/0x140 [ 30.929628] ? _kstrtoull+0x297/0x540 [ 30.929630] n_tty_ioctl_helper+0x18d/0x3a0 [ 30.929632] n_tty_ioctl+0x56/0x360 [ 30.929633] tty_ioctl+0x65d/0x1630 [ 30.929635] ? n_tty_poll+0x8f0/0x8f0 [ 30.929637] ? tty_fasync+0x300/0x300 [ 30.929638] ? get_pid_task+0xf4/0x190 [ 30.929640] ? proc_fail_nth_write+0x95/0x1d0 [ 30.929642] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 30.929644] ? debug_check_no_obj_freed+0x201/0x490 [ 30.929646] ? __vfs_write+0xff/0x770 [ 30.929648] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 30.929650] ? common_file_perm+0x4e5/0x850 [ 30.929651] ? tty_fasync+0x300/0x300 [ 30.929653] do_vfs_ioctl+0xcdb/0x12e0 [ 30.929654] ? vfs_write+0x3d7/0x540 [ 30.929656] ? ioctl_preallocate+0x200/0x200 [ 30.929658] ? lock_downgrade+0x720/0x720 [ 30.929660] ? check_preemption_disabled+0x41/0x280 [ 30.929662] ? vfs_write+0x393/0x540 [ 30.929663] ? ksys_write+0x1c8/0x2a0 [ 30.929665] ksys_ioctl+0x9b/0xc0 [ 30.929667] __x64_sys_ioctl+0x6f/0xb0 [ 30.929668] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 30.929670] do_syscall_64+0xf9/0x620 [ 30.929672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 30.929674] RIP: 0033:0x7f9204d80699 [ 30.929680] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 30.929682] RSP: 002b:00007ffe82619258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.929686] RAX: ffffffffffffffda RBX: 00