[ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.98' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.809242] FAULT_INJECTION: forcing a failure. [ 26.809242] name failslab, interval 1, probability 0, space 0, times 1 [ 26.821004] CPU: 0 PID: 7975 Comm: syz-executor247 Not tainted 4.14.300-syzkaller #0 [ 26.828945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.838274] Call Trace: [ 26.840839] dump_stack+0x1b2/0x281 [ 26.844443] should_fail.cold+0x10a/0x149 [ 26.848564] should_failslab+0xd6/0x130 [ 26.852512] __kmalloc+0x6d/0x400 [ 26.855939] ? tty_buffer_alloc+0xc0/0x270 [ 26.860145] tty_buffer_alloc+0xc0/0x270 [ 26.864179] __tty_buffer_request_room+0x12c/0x290 [ 26.869079] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.874600] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.880549] pty_write+0xc3/0xf0 [ 26.883990] ? tty_write_room+0x69/0x80 [ 26.887937] n_tty_write+0x352/0xda0 [ 26.891626] ? n_tty_open+0x160/0x160 [ 26.895410] ? do_wait_intr_irq+0x270/0x270 [ 26.899704] ? __might_fault+0x177/0x1b0 [ 26.903738] tty_write+0x410/0x740 [ 26.907258] ? n_tty_open+0x160/0x160 [ 26.911035] __vfs_write+0xe4/0x630 [ 26.914632] ? tty_compat_ioctl+0x240/0x240 [ 26.918928] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.923914] ? kernel_read+0x110/0x110 [ 26.927777] ? common_file_perm+0x3ee/0x580 [ 26.932075] ? security_file_permission+0x82/0x1e0 [ 26.936976] ? rw_verify_area+0xe1/0x2a0 [ 26.941010] vfs_write+0x17f/0x4d0 [ 26.944524] SyS_write+0xf2/0x210 [ 26.947949] ? SyS_read+0x210/0x210 [ 26.951585] ? do_syscall_64+0x4c/0x640 [ 26.955532] ? SyS_read+0x210/0x210 [ 26.959133] do_syscall_64+0x1d5/0x640 [ 26.962994] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.968184] [ 26.968186] ====================================================== [ 26.968187] WARNING: possible circular locking dependency detected [ 26.968189] 4.14.300-syzkaller #0 Not tainted [ 26.968191] ------------------------------------------------------ [ 26.968192] syz-executor247/7975 is trying to acquire lock: [ 26.968193] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 26.968197] [ 26.968199] but task is already holding lock: [ 26.968199] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.968204] [ 26.968206] which lock already depends on the new lock. [ 26.968206] [ 26.968207] [ 26.968209] the existing dependency chain (in reverse order) is: [ 26.968209] [ 26.968210] -> #2 (&(&port->lock)->rlock){-.-.}: [ 26.968214] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.968216] tty_port_tty_get+0x1d/0x80 [ 26.968217] tty_port_default_wakeup+0x11/0x40 [ 26.968218] serial8250_tx_chars+0x3fe/0xc70 [ 26.968220] serial8250_handle_irq.part.0+0x2c7/0x390 [ 26.968221] serial8250_default_handle_irq+0x8a/0x1f0 [ 26.968223] serial8250_interrupt+0xf3/0x210 [ 26.968224] __handle_irq_event_percpu+0xee/0x7f0 [ 26.968225] handle_irq_event+0xed/0x240 [ 26.968227] handle_edge_irq+0x224/0xc40 [ 26.968228] handle_irq+0x35/0x50 [ 26.968229] do_IRQ+0x93/0x1d0 [ 26.968230] ret_from_intr+0x0/0x1e [ 26.968231] [ 26.968231] -> #1 (&port_lock_key){-.-.}: [ 26.968236] _raw_spin_lock_irqsave+0x8c/0xc0 [ 26.968237] serial8250_console_write+0x8cb/0xb40 [ 26.968238] console_unlock+0x99d/0xf20 [ 26.968239] vprintk_emit+0x224/0x620 [ 26.968241] vprintk_func+0x58/0x160 [ 26.968242] printk+0x9e/0xbc [ 26.968243] register_console+0x6f4/0xad0 [ 26.968244] univ8250_console_init+0x2f/0x3a [ 26.968246] console_init+0x46/0x53 [ 26.968247] start_kernel+0x521/0x763 [ 26.968248] secondary_startup_64+0xa5/0xb0 [ 26.968249] [ 26.968249] -> #0 (console_owner){....}: [ 26.968253] lock_acquire+0x170/0x3f0 [ 26.968255] console_unlock+0x36f/0xf20 [ 26.968256] vprintk_emit+0x224/0x620 [ 26.968257] vprintk_func+0x58/0x160 [ 26.968259] printk+0x9e/0xbc [ 26.968260] should_fail.cold+0xdf/0x149 [ 26.968261] should_failslab+0xd6/0x130 [ 26.968262] __kmalloc+0x6d/0x400 [ 26.968263] tty_buffer_alloc+0xc0/0x270 [ 26.968265] __tty_buffer_request_room+0x12c/0x290 [ 26.968266] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.968268] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.968269] pty_write+0xc3/0xf0 [ 26.968271] n_tty_write+0x352/0xda0 [ 26.968272] tty_write+0x410/0x740 [ 26.968273] __vfs_write+0xe4/0x630 [ 26.968274] vfs_write+0x17f/0x4d0 [ 26.968275] SyS_write+0xf2/0x210 [ 26.968276] do_syscall_64+0x1d5/0x640 [ 26.968278] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 26.968279] [ 26.968280] other info that might help us debug this: [ 26.968281] [ 26.968282] Chain exists of: [ 26.968282] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 26.968287] [ 26.968289] Possible unsafe locking scenario: [ 26.968290] [ 26.968291] CPU0 CPU1 [ 26.968292] ---- ---- [ 26.968293] lock(&(&port->lock)->rlock); [ 26.968296] lock(&port_lock_key); [ 26.968299] lock(&(&port->lock)->rlock); [ 26.968301] lock(console_owner); [ 26.968303] [ 26.968304] *** DEADLOCK *** [ 26.968305] [ 26.968306] 6 locks held by syz-executor247/7975: [ 26.968307] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 26.968311] #1: (&tty->atomic_write_lock){+.+.}, at: [] tty_write+0x22d/0x740 [ 26.968316] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_write+0x18a/0xda0 [ 26.968321] #3: (&ldata->output_lock){+.+.}, at: [] n_tty_write+0x43f/0xda0 [ 26.968325] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 26.968330] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 26.968335] [ 26.968336] stack backtrace: [ 26.968338] CPU: 0 PID: 7975 Comm: syz-executor247 Not tainted 4.14.300-syzkaller #0 [ 26.968340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 26.968341] Call Trace: [ 26.968342] dump_stack+0x1b2/0x281 [ 26.968344] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 26.968345] __lock_acquire+0x2e0e/0x3f20 [ 26.968346] ? trace_hardirqs_on+0x10/0x10 [ 26.968347] ? snprintf+0xd0/0xd0 [ 26.968349] ? console_unlock+0x34a/0xf20 [ 26.968350] lock_acquire+0x170/0x3f0 [ 26.968351] ? console_unlock+0x307/0xf20 [ 26.968352] console_unlock+0x36f/0xf20 [ 26.968353] ? console_unlock+0x307/0xf20 [ 26.968355] vprintk_emit+0x224/0x620 [ 26.968356] vprintk_func+0x58/0x160 [ 26.968357] printk+0x9e/0xbc [ 26.968358] ? log_store.cold+0x16/0x16 [ 26.968359] ? __lock_acquire+0x5fc/0x3f20 [ 26.968360] ? ___ratelimit+0x2b5/0x510 [ 26.968362] should_fail.cold+0xdf/0x149 [ 26.968363] should_failslab+0xd6/0x130 [ 26.968364] __kmalloc+0x6d/0x400 [ 26.968365] ? tty_buffer_alloc+0xc0/0x270 [ 26.968366] tty_buffer_alloc+0xc0/0x270 [ 26.968368] __tty_buffer_request_room+0x12c/0x290 [ 26.968369] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 26.968371] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 26.968372] pty_write+0xc3/0xf0 [ 26.968373] ? tty_write_room+0x69/0x80 [ 26.968374] n_tty_write+0x352/0xda0 [ 26.968376] ? n_tty_open+0x160/0x160 [ 26.968377] ? do_wait_intr_irq+0x270/0x270 [ 26.968378] ? __might_fault+0x177/0x1b0 [ 26.968379] tty_write+0x410/0x740 [ 26.968380] ? n_tty_open+0x160/0x160 [ 26.968382] __vfs_write+0xe4/0x630 [ 26.968383] ? tty_compat_ioctl+0x240/0x240 [ 26.968384] ? debug_check_no_obj_freed+0x2c0/0x680 [ 26.968385] ? kernel_read+0x110/0x110 [ 26.968387] ? common_file_perm+0x3ee/0x580 [ 26.968388] ? security_file_permission+0x82/0x1e0 [ 26.968389] ? rw_verify_area+0xe1/0x2a0 [ 26.968390] vfs_write+0x17f/0x4d0 [ 26.968391] SyS_write+0xf2/0x210 [ 26.968393] ? SyS_read+0x210/0x210 [ 26.968394] ? do_syscall_64+0x4c/0x640 [ 26.968395] ? SyS_read+0x210/0x210 [ 26.968396] do_syscall_64+0x1d5/0x640 [ 26.968397] entry_SYSCALL_64_after_hwframe+0x5e/0xd3