[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.112' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.134194] FAULT_INJECTION: forcing a failure. [ 28.134194] name failslab, interval 1, probability 0, space 0, times 1 [ 28.145970] CPU: 1 PID: 7986 Comm: syz-executor177 Not tainted 4.14.301-syzkaller #0 [ 28.153827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.163158] Call Trace: [ 28.165725] dump_stack+0x1b2/0x281 [ 28.169329] should_fail.cold+0x10a/0x149 [ 28.173453] should_failslab+0xd6/0x130 [ 28.177406] __kmalloc+0x6d/0x400 [ 28.180833] ? tty_buffer_alloc+0xc0/0x270 [ 28.185038] tty_buffer_alloc+0xc0/0x270 [ 28.189071] __tty_buffer_request_room+0x12c/0x290 [ 28.193972] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.199483] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.205423] pty_write+0xc3/0xf0 [ 28.208760] tty_put_char+0xfe/0x120 [ 28.212445] ? dev_match_devt+0x80/0x80 [ 28.216389] ? pty_write_room+0xa9/0xd0 [ 28.220334] ? ptmx_open+0x300/0x300 [ 28.224019] __process_echoes+0x48c/0x8c0 [ 28.228145] ? mark_held_locks+0xa6/0xf0 [ 28.232176] process_echoes+0xe9/0x1a0 [ 28.236035] n_tty_receive_char_special+0x735/0x2500 [ 28.241108] ? n_tty_receive_buf_common+0x91/0x25a0 [ 28.246105] n_tty_receive_buf_common+0x88e/0x25a0 [ 28.251012] ? n_tty_receive_buf2+0x40/0x40 [ 28.255302] tty_ioctl+0xe8a/0x1430 [ 28.258944] ? tty_fasync+0x2c0/0x2c0 [ 28.262718] ? proc_fail_nth_write+0x7b/0x180 [ 28.267183] ? proc_tgid_io_accounting+0x730/0x7a0 [ 28.272088] ? fsnotify+0x974/0x11b0 [ 28.275773] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.280671] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.285657] ? tty_fasync+0x2c0/0x2c0 [ 28.289429] do_vfs_ioctl+0x75a/0xff0 [ 28.293204] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.297584] ? vfs_write+0x319/0x4d0 [ 28.301266] ? SyS_write+0x14d/0x210 [ 28.304952] ? security_file_ioctl+0x83/0xb0 [ 28.309331] SyS_ioctl+0x7f/0xb0 [ 28.312666] ? do_vfs_ioctl+0xff0/0xff0 [ 28.316696] do_syscall_64+0x1d5/0x640 [ 28.320558] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.325717] RIP: 0033:0x7f538116d839 [ 28.329576] RSP: 002b:00007ffd1d7d6898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.337253] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f538116d839 [ 28.344497] RDX: 0000000020000140 RSI: 0000000000005412 RDI: 0000000000000004 [ 28.351743] RBP: 00007ffd1d7d68b0 R08: 0000000000000001 R09: 0000000000000001 [ 28.358982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 28.366224] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.373475] [ 28.373477] ====================================================== [ 28.373479] WARNING: possible circular locking dependency detected [ 28.373480] 4.14.301-syzkaller #0 Not tainted [ 28.373482] ------------------------------------------------------ [ 28.373484] syz-executor177/7986 is trying to acquire lock: [ 28.373484] (console_owner){....}, at: [] console_unlock+0x307/0xf20 [ 28.373489] [ 28.373490] but task is already holding lock: [ 28.373491] (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.373495] [ 28.373497] which lock already depends on the new lock. [ 28.373497] [ 28.373498] [ 28.373500] the existing dependency chain (in reverse order) is: [ 28.373501] [ 28.373501] -> #2 (&(&port->lock)->rlock){-.-.}: [ 28.373506] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.373507] tty_port_tty_get+0x1d/0x80 [ 28.373508] tty_port_default_wakeup+0x11/0x40 [ 28.373510] serial8250_tx_chars+0x3fe/0xc70 [ 28.373511] serial8250_handle_irq.part.0+0x2c7/0x390 [ 28.373513] serial8250_default_handle_irq+0x8a/0x1f0 [ 28.373514] serial8250_interrupt+0xf3/0x210 [ 28.373515] __handle_irq_event_percpu+0xee/0x7f0 [ 28.373517] handle_irq_event+0xed/0x240 [ 28.373518] handle_edge_irq+0x224/0xc40 [ 28.373519] handle_irq+0x35/0x50 [ 28.373520] do_IRQ+0x93/0x1d0 [ 28.373521] ret_from_intr+0x0/0x1e [ 28.373522] native_safe_halt+0xe/0x10 [ 28.373524] default_idle+0x47/0x370 [ 28.373525] do_idle+0x250/0x3c0 [ 28.373526] cpu_startup_entry+0x14/0x20 [ 28.373527] start_kernel+0x743/0x763 [ 28.373528] secondary_startup_64+0xa5/0xb0 [ 28.373529] [ 28.373530] -> #1 (&port_lock_key){-.-.}: [ 28.373534] _raw_spin_lock_irqsave+0x8c/0xc0 [ 28.373535] serial8250_console_write+0x8cb/0xb40 [ 28.373536] console_unlock+0x99d/0xf20 [ 28.373538] vprintk_emit+0x224/0x620 [ 28.373539] vprintk_func+0x58/0x160 [ 28.373540] printk+0x9e/0xbc [ 28.373541] register_console+0x6f4/0xad0 [ 28.373542] univ8250_console_init+0x2f/0x3a [ 28.373544] console_init+0x46/0x53 [ 28.373545] start_kernel+0x521/0x763 [ 28.373546] secondary_startup_64+0xa5/0xb0 [ 28.373547] [ 28.373547] -> #0 (console_owner){....}: [ 28.373551] lock_acquire+0x170/0x3f0 [ 28.373553] console_unlock+0x36f/0xf20 [ 28.373554] vprintk_emit+0x224/0x620 [ 28.373555] vprintk_func+0x58/0x160 [ 28.373556] printk+0x9e/0xbc [ 28.373557] should_fail.cold+0xdf/0x149 [ 28.373559] should_failslab+0xd6/0x130 [ 28.373560] __kmalloc+0x6d/0x400 [ 28.373561] tty_buffer_alloc+0xc0/0x270 [ 28.373563] __tty_buffer_request_room+0x12c/0x290 [ 28.373564] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.373566] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.373567] pty_write+0xc3/0xf0 [ 28.373568] tty_put_char+0xfe/0x120 [ 28.373569] __process_echoes+0x48c/0x8c0 [ 28.373571] process_echoes+0xe9/0x1a0 [ 28.373572] n_tty_receive_char_special+0x735/0x2500 [ 28.373574] n_tty_receive_buf_common+0x88e/0x25a0 [ 28.373575] tty_ioctl+0xe8a/0x1430 [ 28.373576] do_vfs_ioctl+0x75a/0xff0 [ 28.373577] SyS_ioctl+0x7f/0xb0 [ 28.373578] do_syscall_64+0x1d5/0x640 [ 28.373580] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.373580] [ 28.373582] other info that might help us debug this: [ 28.373582] [ 28.373583] Chain exists of: [ 28.373584] console_owner --> &port_lock_key --> &(&port->lock)->rlock [ 28.373589] [ 28.373590] Possible unsafe locking scenario: [ 28.373591] [ 28.373592] CPU0 CPU1 [ 28.373594] ---- ---- [ 28.373594] lock(&(&port->lock)->rlock); [ 28.373597] lock(&port_lock_key); [ 28.373600] lock(&(&port->lock)->rlock); [ 28.373602] lock(console_owner); [ 28.373605] [ 28.373606] *** DEADLOCK *** [ 28.373606] [ 28.373608] 6 locks held by syz-executor177/7986: [ 28.373608] #0: (&tty->ldisc_sem){++++}, at: [] tty_ldisc_ref_wait+0x22/0x80 [ 28.373613] #1: (&port->buf.lock/1){+.+.}, at: [] tty_ioctl+0xe20/0x1430 [ 28.373618] #2: (&o_tty->termios_rwsem/1){++++}, at: [] n_tty_receive_buf_common+0x91/0x25a0 [ 28.373623] #3: (&ldata->output_lock){+.+.}, at: [] process_echoes+0x9f/0x1a0 [ 28.373627] #4: (&(&port->lock)->rlock){-.-.}, at: [] tty_insert_flip_string_and_push_buffer+0x2b/0x160 [ 28.373632] #5: (console_lock){+.+.}, at: [] vprintk_func+0x58/0x160 [ 28.373637] [ 28.373638] stack backtrace: [ 28.373640] CPU: 1 PID: 7986 Comm: syz-executor177 Not tainted 4.14.301-syzkaller #0 [ 28.373642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 28.373643] Call Trace: [ 28.373644] dump_stack+0x1b2/0x281 [ 28.373646] print_circular_bug.constprop.0.cold+0x2d7/0x41e [ 28.373647] __lock_acquire+0x2e0e/0x3f20 [ 28.373648] ? trace_hardirqs_on+0x10/0x10 [ 28.373649] ? snprintf+0xd0/0xd0 [ 28.373651] ? console_unlock+0x34a/0xf20 [ 28.373652] lock_acquire+0x170/0x3f0 [ 28.373653] ? console_unlock+0x307/0xf20 [ 28.373654] console_unlock+0x36f/0xf20 [ 28.373655] ? console_unlock+0x307/0xf20 [ 28.373656] vprintk_emit+0x224/0x620 [ 28.373658] vprintk_func+0x58/0x160 [ 28.373659] printk+0x9e/0xbc [ 28.373660] ? log_store.cold+0x16/0x16 [ 28.373661] ? ___ratelimit+0x2b5/0x510 [ 28.373662] should_fail.cold+0xdf/0x149 [ 28.373663] should_failslab+0xd6/0x130 [ 28.373664] __kmalloc+0x6d/0x400 [ 28.373666] ? tty_buffer_alloc+0xc0/0x270 [ 28.373667] tty_buffer_alloc+0xc0/0x270 [ 28.373668] __tty_buffer_request_room+0x12c/0x290 [ 28.373670] tty_insert_flip_string_fixed_flag+0x8b/0x210 [ 28.373671] tty_insert_flip_string_and_push_buffer+0x3e/0x160 [ 28.373672] pty_write+0xc3/0xf0 [ 28.373674] tty_put_char+0xfe/0x120 [ 28.373675] ? dev_match_devt+0x80/0x80 [ 28.373676] ? pty_write_room+0xa9/0xd0 [ 28.373677] ? ptmx_open+0x300/0x300 [ 28.373678] __process_echoes+0x48c/0x8c0 [ 28.373679] ? mark_held_locks+0xa6/0xf0 [ 28.373681] process_echoes+0xe9/0x1a0 [ 28.373682] n_tty_receive_char_special+0x735/0x2500 [ 28.373683] ? n_tty_receive_buf_common+0x91/0x25a0 [ 28.373685] n_tty_receive_buf_common+0x88e/0x25a0 [ 28.373686] ? n_tty_receive_buf2+0x40/0x40 [ 28.373687] tty_ioctl+0xe8a/0x1430 [ 28.373688] ? tty_fasync+0x2c0/0x2c0 [ 28.373690] ? proc_fail_nth_write+0x7b/0x180 [ 28.373691] ? proc_tgid_io_accounting+0x730/0x7a0 [ 28.373692] ? fsnotify+0x974/0x11b0 [ 28.373693] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 28.373695] ? debug_check_no_obj_freed+0x2c0/0x680 [ 28.373696] ? tty_fasync+0x2c0/0x2c0 [ 28.373697] do_vfs_ioctl+0x75a/0xff0 [ 28.373698] ? ioctl_preallocate+0x1a0/0x1a0 [ 28.373700] ? vfs_write+0x319/0x4d0 [ 28.373701] ? SyS_write+0x14d/0x210 [ 28.373702] ? security_file_ioctl+0x83/0xb0 [ 28.373703] SyS_ioctl+0x7f/0xb0 [ 28.373704] ? do_vfs_ioctl+0xff0/0xff0 [ 28.373705] do_syscall_64+0x1d5/0x640 [ 28.373707] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 28.373708] RIP: 0033:0x7f538116d839 [ 28.373709] RSP: 002b:00007ffd1d7d6898 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 28.373712] RAX: ffffffffffffffda RBX: 0000000000000001 RC