[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 29.739036] FAULT_INJECTION: forcing a failure. [ 29.739036] name failslab, interval 1, probability 0, space 0, times 1 [ 29.750681] CPU: 1 PID: 7974 Comm: syz-executor268 Not tainted 4.14.303-syzkaller #0 [ 29.758531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 29.767871] Call Trace: [ 29.770440] dump_stack+0x1b2/0x281 [ 29.774059] should_fail.cold+0x10a/0x149 [ 29.778182] should_failslab+0xd6/0x130 [ 29.782141] __kmalloc+0x6d/0x400 [ 29.785655] ? tty_buffer_alloc+0xc0/0x270 [ 29.789870] tty_buffer_alloc+0xc0/0x270 [ 29.793910] __tty_buffer_request_room+0x12c/0x290 [ 29.798816] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.804327] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.810271] pty_write+0xc3/0xf0 [ 29.813608] tty_put_char+0xfe/0x120 [ 29.817291] ? dev_match_devt+0x80/0x80 [ 29.821246] ? pty_write_room+0xa9/0xd0 [ 29.825205] ? ptmx_open+0x300/0x300 [ 29.828895] __process_echoes+0x48c/0x8c0 [ 29.833023] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.838221] ? n_tty_receive_buf2+0x40/0x40 [ 29.842518] tty_ioctl+0xe8a/0x1430 [ 29.846132] ? tty_fasync+0x2c0/0x2c0 [ 29.849916] ? proc_fail_nth_write+0x7b/0x180 [ 29.854392] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 29.859309] ? fsnotify+0x974/0x11b0 [ 29.863011] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.867915] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.872915] ? tty_fasync+0x2c0/0x2c0 [ 29.876743] do_vfs_ioctl+0x75a/0xff0 [ 29.880522] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.884909] ? vfs_write+0x319/0x4d0 [ 29.888609] ? SyS_write+0x14d/0x210 [ 29.892304] ? security_file_ioctl+0x83/0xb0 [ 29.896708] SyS_ioctl+0x7f/0xb0 [ 29.900048] ? do_vfs_ioctl+0xff0/0xff0 [ 29.903995] do_syscall_64+0x1d5/0x640 [ 29.907872] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.913031] RIP: 0033:0x7fb39e75d789 [ 29.916732] RSP: 002b:00007ffdb7fc93b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.924412] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb39e75d789 [ 29.931665] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 29.939167] RBP: 00007ffdb7fc93d0 R08: 0000000000000001 R09: 0000000000000001 [ 29.946436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 29.953684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 29.960949] [ 29.960951] ====================================================== [ 29.960953] WARNING: possible circular locking dependency detected [ 29.960954] 4.14.303-syzkaller #0 Not tainted [ 29.960957] ------------------------------------------------------ [ 29.960958] syz-executor268/7974 is trying to acquire lock: [ 29.960959] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 29.960964] [ 29.960965] but task is already holding lock: [ 29.960966] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.960971] [ 29.960972] which lock already depends on the new lock. [ 29.960973] [ 29.960974] [ 29.960976] the existing dependency chain (in reverse order) is: [ 29.960976] [ 29.960977] -> #2 (&(&port->lock)->rlock){-.-.}: [ 29.960982] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.960983] tty_port_tty_get+0x1d/0x80 [ 29.960985] tty_port_default_wakeup+0x11/0x40 [ 29.960986] serial8250_tx_chars+0x3fe/0xc70 [ 29.960988] serial8250_handle_irq.part.0+0x2c7/0x390 [ 29.960989] serial8250_default_handle_irq+0x8a/0x1f0 [ 29.960991] serial8250_interrupt+0xf3/0x210 [ 29.960992] __handle_irq_event_percpu+0xee/0x7f0 [ 29.960994] handle_irq_event+0xed/0x240 [ 29.960995] handle_edge_irq+0x224/0xc40 [ 29.960997] handle_irq+0x35/0x50 [ 29.960998] do_IRQ+0x93/0x1d0 [ 29.960999] ret_from_intr+0x0/0x1e [ 29.961000] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 29.961002] uart_write+0x2dd/0x560 [ 29.961003] do_output_char+0x4f5/0x750 [ 29.961004] n_tty_write+0x3e3/0xda0 [ 29.961006] tty_write+0x410/0x740 [ 29.961007] redirected_tty_write+0x9c/0xb0 [ 29.961008] do_iter_write+0x3da/0x550 [ 29.961010] vfs_writev+0x125/0x290 [ 29.961011] do_writev+0xfc/0x2c0 [ 29.961012] do_syscall_64+0x1d5/0x640 [ 29.961014] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.961014] [ 29.961015] -> #1 (&port_lock_key){-.-.}: [ 29.961020] _raw_spin_lock_irqsave+0x8c/0xc0 [ 29.961021] serial8250_console_write+0x8cb/0xb40 [ 29.961023] console_unlock+0x99d/0xf20 [ 29.961024] vprintk_emit+0x224/0x620 [ 29.961026] vprintk_func+0x58/0x160 [ 29.961027] printk+0x9e/0xbc [ 29.961028] register_console+0x6f4/0xad0 [ 29.961030] univ8250_console_init+0x2f/0x3a [ 29.961031] console_init+0x46/0x53 [ 29.961033] start_kernel+0x521/0x763 [ 29.961034] secondary_startup_64+0xa5/0xb0 [ 29.961035] [ 29.961035] -> #0 (console_owner){....}: [ 29.961040] lock_acquire+0x170/0x3f0 [ 29.961041] console_unlock+0x36f/0xf20 [ 29.961042] vprintk_emit+0x224/0x620 [ 29.961044] vprintk_func+0x58/0x160 [ 29.961045] printk+0x9e/0xbc [ 29.961046] should_fail.cold+0xdf/0x149 [ 29.961047] should_failslab+0xd6/0x130 [ 29.961049] __kmalloc+0x6d/0x400 [ 29.961050] tty_buffer_alloc+0xc0/0x270 [ 29.961052] __tty_buffer_request_room+0x12c/0x290 [ 29.961053] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.961055] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.961056] pty_write+0xc3/0xf0 [ 29.961058] tty_put_char+0xfe/0x120 [ 29.961059] __process_echoes+0x48c/0x8c0 [ 29.961061] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.961062] tty_ioctl+0xe8a/0x1430 [ 29.961063] do_vfs_ioctl+0x75a/0xff0 [ 29.961064] SyS_ioctl+0x7f/0xb0 [ 29.961066] do_syscall_64+0x1d5/0x640 [ 29.961067] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.961068] [ 29.961069] other info that might help us debug this: [ 29.961070] [ 29.961071] Chain exists of: [ 29.961072] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 29.961077] [ 29.961078] Possible unsafe locking scenario: [ 29.961079] [ 29.961080] CPU0 CPU1 [ 29.961082] ---- ---- [ 29.961083] lock(&(&port->lock)->rlock); [ 29.961086] lock(&port_lock_key); [ 29.961089] lock(&(&port->lock)->rlock); [ 29.961091] lock(console_owner); [ 29.961093] [ 29.961094] *** DEADLOCK *** [ 29.961095] [ 29.961097] 6 locks held by syz-executor268/7974: [ 29.961097] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 29.961102] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 29.961108] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 29.961113] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_receive_buf_common+0x965/0x25a0 [ 29.961118] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 29.961123] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 29.961128] [ 29.961129] stack backtrace: [ 29.961131] CPU: 1 PID: 7974 Comm: syz-executor268 Not tainted 4.14.303-syzkaller #0 [ 29.961134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 29.961135] Call Trace: [ 29.961136] dump_stack+0x1b2/0x281 [ 29.961138] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 29.961139] __lock_acquire+0x2e0e/0x3f20 [ 29.961140] ? trace_hardirqs_on+0x10/0x10 [ 29.961141] ? snprintf+0xd0/0xd0 [ 29.961143] ? console_unlock+0x34a/0xf20 [ 29.961144] lock_acquire+0x170/0x3f0 [ 29.961145] ? console_unlock+0x307/0xf20 [ 29.961146] console_unlock+0x36f/0xf20 [ 29.961148] ? console_unlock+0x307/0xf20 [ 29.961149] vprintk_emit+0x224/0x620 [ 29.961150] vprintk_func+0x58/0x160 [ 29.961151] printk+0x9e/0xbc [ 29.961152] ? log_store.cold+0x16/0x16 [ 29.961154] ? ___ratelimit+0x2b5/0x510 [ 29.961155] should_fail.cold+0xdf/0x149 [ 29.961156] should_failslab+0xd6/0x130 [ 29.961157] __kmalloc+0x6d/0x400 [ 29.961159] ? tty_buffer_alloc+0xc0/0x270 [ 29.961160] tty_buffer_alloc+0xc0/0x270 [ 29.961161] __tty_buffer_request_room+0x12c/0x290 [ 29.961163] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 29.961165] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 29.961166] pty_write+0xc3/0xf0 [ 29.961167] tty_put_char+0xfe/0x120 [ 29.961168] ? dev_match_devt+0x80/0x80 [ 29.961170] ? pty_write_room+0xa9/0xd0 [ 29.961171] ? ptmx_open+0x300/0x300 [ 29.961172] __process_echoes+0x48c/0x8c0 [ 29.961174] n_tty_receive_buf_common+0x9a3/0x25a0 [ 29.961175] ? n_tty_receive_buf2+0x40/0x40 [ 29.961176] tty_ioctl+0xe8a/0x1430 [ 29.961177] ? tty_fasync+0x2c0/0x2c0 [ 29.961179] ? proc_fail_nth_write+0x7b/0x180 [ 29.961180] ? proc_tgid_io_accounting+0x6f0/0x7a0 [ 29.961182] ? fsnotify+0x974/0x11b0 [ 29.961183] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 29.961185] ? debug_check_no_obj_freed+0x2c0/0x680 [ 29.961186] ? tty_fasync+0x2c0/0x2c0 [ 29.961187] do_vfs_ioctl+0x75a/0xff0 [ 29.961188] ? ioctl_preallocate+0x1a0/0x1a0 [ 29.961190] ? vfs_write+0x319/0x4d0 [ 29.961191] ? SyS_write+0x14d/0x210 [ 29.961192] ? security_file_ioctl+0x83/0xb0 [ 29.961193] SyS_ioctl+0x7f/0xb0 [ 29.961195] ? do_vfs_ioctl+0xff0/0xff0 [ 29.961196] do_syscall_64+0x1d5/0x640 [ 29.961198] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 29.961199] RIP: 0033:0x7fb39e75d789 [ 29.961200] RSP: 002b:00007ffdb7fc93b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 29.961204] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb39e75d789 [ 29.961206] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 29.961208] RBP: 00007ffdb7fc93d0 R08: 0000000000000001 R09: 0000000000000001 [ 29.961210] R10: 0000000000000000 R11: 0000