[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.396723] FAULT_INJECTION: forcing a failure. [ 40.396723] name failslab, interval 1, probability 0, space 0, times 1 [ 40.408750] CPU: 0 PID: 8098 Comm: syz-executor380 Not tainted 4.19.211-syzkaller #0 [ 40.416609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 40.425949] Call Trace: [ 40.428525] dump_stack+0x1fc/0x2ef [ 40.432134] should_fail.cold+0xa/0xf [ 40.435945] ? setup_fault_attr+0x200/0x200 [ 40.440246] ? __lock_acquire+0x6de/0x3ff0 [ 40.444463] ? mark_held_locks+0xf0/0xf0 [ 40.448503] __should_failslab+0x115/0x180 [ 40.452725] should_failslab+0x5/0x10 [ 40.456504] __kmalloc+0x6d/0x3c0 [ 40.459936] ? tty_buffer_alloc+0x23f/0x2a0 [ 40.464239] tty_buffer_alloc+0x23f/0x2a0 [ 40.468366] __tty_buffer_request_room+0x156/0x2a0 [ 40.473273] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.478788] ? do_raw_spin_lock+0xcb/0x220 [ 40.483003] pty_write+0x126/0x1f0 [ 40.486525] tty_send_xchar+0x28d/0x3b0 [ 40.490486] ? tty_write_message+0x140/0x140 [ 40.494873] ? _kstrtoull+0x297/0x540 [ 40.498653] n_tty_ioctl_helper+0x18d/0x3a0 [ 40.502956] n_tty_ioctl+0x56/0x360 [ 40.506563] tty_ioctl+0x65d/0x1630 [ 40.510169] ? n_tty_poll+0x8f0/0x8f0 [ 40.513948] ? tty_fasync+0x300/0x300 [ 40.517739] ? get_pid_task+0xf4/0x190 [ 40.521612] ? proc_fail_nth_write+0x95/0x1d0 [ 40.526088] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 40.530995] ? debug_check_no_obj_freed+0x201/0x490 [ 40.535988] ? __vfs_write+0xff/0x770 [ 40.539766] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 40.544677] ? common_file_perm+0x4e5/0x850 [ 40.548975] ? tty_fasync+0x300/0x300 [ 40.552759] do_vfs_ioctl+0xcdb/0x12e0 [ 40.556650] ? vfs_write+0x3d7/0x540 [ 40.560344] ? ioctl_preallocate+0x200/0x200 [ 40.564737] ? lock_downgrade+0x720/0x720 [ 40.568868] ? check_preemption_disabled+0x41/0x280 [ 40.573867] ? vfs_write+0x393/0x540 [ 40.577560] ? ksys_write+0x1c8/0x2a0 [ 40.581341] ksys_ioctl+0x9b/0xc0 [ 40.584774] __x64_sys_ioctl+0x6f/0xb0 [ 40.588639] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 40.593200] do_syscall_64+0xf9/0x620 [ 40.596984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.602149] RIP: 0033:0x7fb6d35ed679 [ 40.605841] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.624727] RSP: 002b:00007ffde26e54f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.632412] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fb6d35ed679 [ 40.639658] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003 [ 40.646905] RBP: 00007ffde26e5500 R08: 0000000000000001 R09: 00007fb6d35b0031 [ 40.654152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 40.661397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.668655] [ 40.668659] ====================================================== [ 40.668661] WARNING: possible circular locking dependency detected [ 40.668664] 4.19.211-syzkaller #0 Not tainted [ 40.668666] ------------------------------------------------------ [ 40.668669] syz-executor380/8098 is trying to acquire lock: [ 40.668671] 00000000f574d3f9 (console_owner){....}, at: console_unlock+0x3a9/0x1110 [ 40.668678] [ 40.668680] but task is already holding lock: [ 40.668682] 000000007f4c8bb8 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 40.668689] [ 40.668692] which lock already depends on the new lock. [ 40.668693] [ 40.668694] [ 40.668697] the existing dependency chain (in reverse order) is: [ 40.668698] [ 40.668699] -> #2 (&(&port->lock)->rlock){-.-.}: [ 40.668706] tty_port_tty_get+0x1d/0x80 [ 40.668709] tty_port_default_wakeup+0x11/0x40 [ 40.668711] serial8250_tx_chars+0x490/0xaf0 [ 40.668713] serial8250_handle_irq.part.0+0x31f/0x3d0 [ 40.668716] serial8250_default_handle_irq+0xae/0x220 [ 40.668718] serial8250_interrupt+0x101/0x240 [ 40.668720] __handle_irq_event_percpu+0x27e/0x8e0 [ 40.668722] handle_irq_event+0x102/0x290 [ 40.668724] handle_edge_irq+0x260/0xcf0 [ 40.668726] handle_irq+0x35/0x50 [ 40.668728] do_IRQ+0x93/0x1c0 [ 40.668730] ret_from_intr+0x0/0x1e [ 40.668732] _raw_spin_unlock_irqrestore+0xa3/0xe0 [ 40.668734] uart_write+0x3bb/0x6f0 [ 40.668736] do_output_char+0x5de/0x850 [ 40.668738] n_tty_write+0x46e/0xff0 [ 40.668740] tty_write+0x496/0x810 [ 40.668742] redirected_tty_write+0xaa/0xb0 [ 40.668744] do_iter_write+0x461/0x5d0 [ 40.668746] vfs_writev+0x153/0x2e0 [ 40.668748] do_writev+0x136/0x330 [ 40.668750] do_syscall_64+0xf9/0x620 [ 40.668752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.668753] [ 40.668755] -> #1 (&port_lock_key){-.-.}: [ 40.668762] serial8250_console_write+0x90e/0xb70 [ 40.668764] console_unlock+0xbb6/0x1110 [ 40.668766] vprintk_emit+0x2d1/0x740 [ 40.668768] vprintk_func+0x79/0x180 [ 40.668770] printk+0xba/0xed [ 40.668772] register_console+0x87f/0xc90 [ 40.668774] univ8250_console_init+0x3a/0x46 [ 40.668776] console_init+0x4cb/0x718 [ 40.668778] start_kernel+0x686/0x911 [ 40.668780] secondary_startup_64+0xa4/0xb0 [ 40.668781] [ 40.668782] -> #0 (console_owner){....}: [ 40.668789] console_unlock+0x411/0x1110 [ 40.668791] vprintk_emit+0x2d1/0x740 [ 40.668793] vprintk_func+0x79/0x180 [ 40.668795] printk+0xba/0xed [ 40.668797] should_fail+0x66b/0x7b0 [ 40.668799] __should_failslab+0x115/0x180 [ 40.668801] should_failslab+0x5/0x10 [ 40.668803] __kmalloc+0x6d/0x3c0 [ 40.668805] tty_buffer_alloc+0x23f/0x2a0 [ 40.668807] __tty_buffer_request_room+0x156/0x2a0 [ 40.668810] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.668812] pty_write+0x126/0x1f0 [ 40.668814] tty_send_xchar+0x28d/0x3b0 [ 40.668816] n_tty_ioctl_helper+0x18d/0x3a0 [ 40.668818] n_tty_ioctl+0x56/0x360 [ 40.668820] tty_ioctl+0x65d/0x1630 [ 40.668822] do_vfs_ioctl+0xcdb/0x12e0 [ 40.668824] ksys_ioctl+0x9b/0xc0 [ 40.668826] __x64_sys_ioctl+0x6f/0xb0 [ 40.668828] do_syscall_64+0xf9/0x620 [ 40.668830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.668831] [ 40.668834] other info that might help us debug this: [ 40.668835] [ 40.668836] Chain exists of: [ 40.668837] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 40.668851] [ 40.668853] Possible unsafe locking scenario: [ 40.668854] [ 40.668856] CPU0 CPU1 [ 40.668858] ---- ---- [ 40.668860] lock(&(&port->lock)->rlock); [ 40.668865] lock(&port_lock_key); [ 40.668869] lock(&(&port->lock)->rlock); [ 40.668873] lock(console_owner); [ 40.668877] [ 40.668879] *** DEADLOCK *** [ 40.668880] [ 40.668882] 5 locks held by syz-executor380/8098: [ 40.668883] #0: 00000000bd86b79b (&tty->ldisc_sem){++++}, at: tty_ldisc_ref_wait+0x22/0x80 [ 40.668892] #1: 00000000f5e917cb (&tty->atomic_write_lock){+.+.}, at: tty_send_xchar+0x1d9/0x3b0 [ 40.668900] #2: 000000008dd2e585 (&tty->termios_rwsem){++++}, at: tty_send_xchar+0x226/0x3b0 [ 40.668909] #3: 000000007f4c8bb8 (&(&port->lock)->rlock){-.-.}, at: pty_write+0xf4/0x1f0 [ 40.668917] #4: 000000008cedd938 (console_lock){+.+.}, at: vprintk_func+0x79/0x180 [ 40.668926] [ 40.668927] stack backtrace: [ 40.668931] CPU: 0 PID: 8098 Comm: syz-executor380 Not tainted 4.19.211-syzkaller #0 [ 40.668934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 40.668936] Call Trace: [ 40.668938] dump_stack+0x1fc/0x2ef [ 40.668941] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 40.668943] __lock_acquire+0x30c9/0x3ff0 [ 40.668945] ? mark_held_locks+0xf0/0xf0 [ 40.668947] ? snprintf+0xf0/0xf0 [ 40.668949] ? console_unlock+0x3ec/0x1110 [ 40.668951] lock_acquire+0x170/0x3c0 [ 40.668953] ? console_unlock+0x3a9/0x1110 [ 40.668955] console_unlock+0x411/0x1110 [ 40.668957] ? console_unlock+0x3a9/0x1110 [ 40.668959] vprintk_emit+0x2d1/0x740 [ 40.668961] vprintk_func+0x79/0x180 [ 40.668963] printk+0xba/0xed [ 40.668965] ? log_store.cold+0x16/0x16 [ 40.668967] ? __lock_acquire+0x22f9/0x3ff0 [ 40.668969] ? ___ratelimit+0x319/0x590 [ 40.668971] should_fail+0x66b/0x7b0 [ 40.668973] ? setup_fault_attr+0x200/0x200 [ 40.668975] ? __lock_acquire+0x6de/0x3ff0 [ 40.668977] ? mark_held_locks+0xf0/0xf0 [ 40.668979] __should_failslab+0x115/0x180 [ 40.668981] should_failslab+0x5/0x10 [ 40.668983] __kmalloc+0x6d/0x3c0 [ 40.668985] ? tty_buffer_alloc+0x23f/0x2a0 [ 40.668987] tty_buffer_alloc+0x23f/0x2a0 [ 40.668990] __tty_buffer_request_room+0x156/0x2a0 [ 40.668992] tty_insert_flip_string_fixed_flag+0x93/0x250 [ 40.668994] ? do_raw_spin_lock+0xcb/0x220 [ 40.668996] pty_write+0x126/0x1f0 [ 40.668998] tty_send_xchar+0x28d/0x3b0 [ 40.669000] ? tty_write_message+0x140/0x140 [ 40.669002] ? _kstrtoull+0x297/0x540 [ 40.669004] n_tty_ioctl_helper+0x18d/0x3a0 [ 40.669006] n_tty_ioctl+0x56/0x360 [ 40.669008] tty_ioctl+0x65d/0x1630 [ 40.669010] ? n_tty_poll+0x8f0/0x8f0 [ 40.669012] ? tty_fasync+0x300/0x300 [ 40.669014] ? get_pid_task+0xf4/0x190 [ 40.669016] ? proc_fail_nth_write+0x95/0x1d0 [ 40.669019] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 40.669021] ? debug_check_no_obj_freed+0x201/0x490 [ 40.669023] ? __vfs_write+0xff/0x770 [ 40.669025] ? proc_tgid_io_accounting+0x7f0/0x7f0 [ 40.669027] ? common_file_perm+0x4e5/0x850 [ 40.669029] ? tty_fasync+0x300/0x300 [ 40.669031] do_vfs_ioctl+0xcdb/0x12e0 [ 40.669033] ? vfs_write+0x3d7/0x540 [ 40.669035] ? ioctl_preallocate+0x200/0x200 [ 40.669038] ? lock_downgrade+0x720/0x720 [ 40.669040] ? check_preemption_disabled+0x41/0x280 [ 40.669042] ? vfs_write+0x393/0x540 [ 40.669044] ? ksys_write+0x1c8/0x2a0 [ 40.669046] ksys_ioctl+0x9b/0xc0 [ 40.669048] __x64_sys_ioctl+0x6f/0xb0 [ 40.669050] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 40.669052] do_syscall_64+0xf9/0x620 [ 40.669054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.669056] RIP: 0033:0x7fb6d35ed679 [ 40.669063] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.669066] RSP: 002b:00007ffde26e54f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.669071] RAX: ffffffffffffffda RBX: