[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.057685] FAULT_INJECTION: forcing a failure. [ 27.057685] name failslab, interval 1, probability 0, space 0, times 1 [ 27.069350] CPU: 1 PID: 7966 Comm: syz-executor271 Not tainted 4.14.300-syzkaller #0 [ 27.077210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.086537] Call Trace: [ 27.089104] dump_stack+0x1b2/0x281 [ 27.092710] should_fail.cold+0x10a/0x149 [ 27.096834] should_failslab+0xd6/0x130 [ 27.100787] __kmalloc+0x6d/0x400 [ 27.104215] ? tty_buffer_alloc+0xc0/0x270 [ 27.108422] tty_buffer_alloc+0xc0/0x270 [ 27.112455] __tty_buffer_request_room+0x12c/0x290 [ 27.117358] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.122870] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.128812] pty_write+0xc3/0xf0 [ 27.132169] ? tty_write_room+0x69/0x80 [ 27.136132] n_tty_write+0x352/0xda0 [ 27.139826] ? n_tty_open+0x160/0x160 [ 27.143605] ? do_wait_intr_irq+0x270/0x270 [ 27.147900] ? __might_fault+0x177/0x1b0 [ 27.151932] tty_write+0x410/0x740 [ 27.155447] ? n_tty_open+0x160/0x160 [ 27.159219] __vfs_write+0xe4/0x630 [ 27.162818] ? tty_compat_ioctl+0x240/0x240 [ 27.167110] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.172099] ? kernel_read+0x110/0x110 [ 27.175960] ? common_file_perm+0x3ee/0x580 [ 27.180255] ? security_file_permission+0x82/0x1e0 [ 27.185154] ? rw_verify_area+0xe1/0x2a0 [ 27.189186] vfs_write+0x17f/0x4d0 [ 27.192700] SyS_write+0xf2/0x210 [ 27.196125] ? SyS_read+0x210/0x210 [ 27.199727] ? do_syscall_64+0x4c/0x640 [ 27.203674] ? SyS_read+0x210/0x210 [ 27.207307] do_syscall_64+0x1d5/0x640 [ 27.211176] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.216365] [ 27.216367] ====================================================== [ 27.216369] WARNING: possible circular locking dependency detected [ 27.216370] 4.14.300-syzkaller #0 Not tainted [ 27.216372] ------------------------------------------------------ [ 27.216373] syz-executor271/7966 is trying to acquire lock: [ 27.216374] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 27.216378] [ 27.216380] but task is already holding lock: [ 27.216381] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.216385] [ 27.216387] which lock already depends on the new lock. [ 27.216387] [ 27.216388] [ 27.216390] the existing dependency chain (in reverse order) is: [ 27.216391] [ 27.216391] -> #2 (&(&port->lock)->rlock){-.-.}: [ 27.216396] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.216397] tty_port_tty_get+0x1d/0x80 [ 27.216398] tty_port_default_wakeup+0x11/0x40 [ 27.216400] serial8250_tx_chars+0x3fe/0xc70 [ 27.216401] serial8250_handle_irq.part.0+0x2c7/0x390 [ 27.216403] serial8250_default_handle_irq+0x8a/0x1f0 [ 27.216404] serial8250_interrupt+0xf3/0x210 [ 27.216405] __handle_irq_event_percpu+0xee/0x7f0 [ 27.216407] handle_irq_event+0xed/0x240 [ 27.216408] handle_edge_irq+0x224/0xc40 [ 27.216409] handle_irq+0x35/0x50 [ 27.216410] do_IRQ+0x93/0x1d0 [ 27.216411] ret_from_intr+0x0/0x1e [ 27.216412] [ 27.216413] -> #1 (&port_lock_key){-.-.}: [ 27.216417] _raw_spin_lock_irqsave+0x8c/0xc0 [ 27.216418] serial8250_console_write+0x8cb/0xb40 [ 27.216420] console_unlock+0x99d/0xf20 [ 27.216421] vprintk_emit+0x224/0x620 [ 27.216422] vprintk_func+0x58/0x160 [ 27.216423] printk+0x9e/0xbc [ 27.216424] register_console+0x6f4/0xad0 [ 27.216426] univ8250_console_init+0x2f/0x3a [ 27.216427] console_init+0x46/0x53 [ 27.216428] start_kernel+0x521/0x763 [ 27.216429] secondary_startup_64+0xa5/0xb0 [ 27.216430] [ 27.216431] -> #0 (console_owner){....}: [ 27.216435] lock_acquire+0x170/0x3f0 [ 27.216436] console_unlock+0x36f/0xf20 [ 27.216437] vprintk_emit+0x224/0x620 [ 27.216438] vprintk_func+0x58/0x160 [ 27.216439] printk+0x9e/0xbc [ 27.216441] should_fail.cold+0xdf/0x149 [ 27.216442] should_failslab+0xd6/0x130 [ 27.216443] __kmalloc+0x6d/0x400 [ 27.216444] tty_buffer_alloc+0xc0/0x270 [ 27.216446] __tty_buffer_request_room+0x12c/0x290 [ 27.216447] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.216449] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.216450] pty_write+0xc3/0xf0 [ 27.216452] n_tty_write+0x352/0xda0 [ 27.216453] tty_write+0x410/0x740 [ 27.216454] __vfs_write+0xe4/0x630 [ 27.216455] vfs_write+0x17f/0x4d0 [ 27.216456] SyS_write+0xf2/0x210 [ 27.216458] do_syscall_64+0x1d5/0x640 [ 27.216459] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 27.216460] [ 27.216461] other info that might help us debug this: [ 27.216462] [ 27.216463] Chain exists of: [ 27.216463] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 27.216469] [ 27.216470] Possible unsafe locking scenario: [ 27.216471] [ 27.216472] CPU0 CPU1 [ 27.216473] ---- ---- [ 27.216474] lock(&(&port->lock)->rlock); [ 27.216477] lock(&port_lock_key); [ 27.216480] lock(&(&port->lock)->rlock); [ 27.216482] lock(console_owner); [ 27.216484] [ 27.216485] *** DEADLOCK *** [ 27.216486] [ 27.216488] 6 locks held by syz-executor271/7966: [ 27.216488] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 27.216493] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 27.216497] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 27.216502] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 27.216507] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 27.216512] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 27.216516] [ 27.216517] stack backtrace: [ 27.216519] CPU: 1 PID: 7966 Comm: syz-executor271 Not tainted 4.14.300-syzkaller #0 [ 27.216521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 27.216522] Call Trace: [ 27.216523] dump_stack+0x1b2/0x281 [ 27.216525] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 27.216526] __lock_acquire+0x2e0e/0x3f20 [ 27.216528] ? trace_hardirqs_on+0x10/0x10 [ 27.216529] ? snprintf+0xd0/0xd0 [ 27.216530] ? console_unlock+0x34a/0xf20 [ 27.216531] lock_acquire+0x170/0x3f0 [ 27.216532] ? console_unlock+0x307/0xf20 [ 27.216533] console_unlock+0x36f/0xf20 [ 27.216535] ? console_unlock+0x307/0xf20 [ 27.216536] vprintk_emit+0x224/0x620 [ 27.216537] vprintk_func+0x58/0x160 [ 27.216538] printk+0x9e/0xbc [ 27.216539] ? log_store.cold+0x16/0x16 [ 27.216540] ? __lock_acquire+0x5fc/0x3f20 [ 27.216542] ? ___ratelimit+0x2b5/0x510 [ 27.216543] should_fail.cold+0xdf/0x149 [ 27.216544] should_failslab+0xd6/0x130 [ 27.216545] __kmalloc+0x6d/0x400 [ 27.216546] ? tty_buffer_alloc+0xc0/0x270 [ 27.216547] tty_buffer_alloc+0xc0/0x270 [ 27.216549] __tty_buffer_request_room+0x12c/0x290 [ 27.216550] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 27.216552] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 27.216553] pty_write+0xc3/0xf0 [ 27.216554] ? tty_write_room+0x69/0x80 [ 27.216555] n_tty_write+0x352/0xda0 [ 27.216557] ? n_tty_open+0x160/0x160 [ 27.216558] ? do_wait_intr_irq+0x270/0x270 [ 27.216559] ? __might_fault+0x177/0x1b0 [ 27.216560] tty_write+0x410/0x740 [ 27.216561] ? n_tty_open+0x160/0x160 [ 27.216562] __vfs_write+0xe4/0x630 [ 27.216564] ? tty_compat_ioctl+0x240/0x240 [ 27.216565] ? debug_check_no_obj_freed+0x2c0/0x680 [ 27.216566] ? kernel_read+0x110/0x110 [ 27.216567] ? common_file_perm+0x3ee/0x580 [ 27.216569] ? security_file_permission+0x82/0x1e0 [ 27.216570] ? rw_verify_area+0xe1/0x2a0 [ 27.216571] vfs_write+0x17f/0x4d0 [ 27.216572] SyS_write+0xf2/0x210 [ 27.216573] ? SyS_read+0x210/0x210 [ 27.216575] ? do_syscall_64+0x4c/0x640 [ 27.216576] ? SyS_read+0x210/0x210 [ 27.216577] do_syscall_64+0x1d5/0x640 [ 27.216578] entry_SYSCALL_64_after_hwframe+0x5e/0xd3