[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
syzkaller login: [ 29.967207] IPVS: ftp: loaded support on port[0] = 21
executing program
[ 30.064942] FAULT_INJECTION: forcing a failure.
[ 30.064942] name failslab, interval 1, probability 0, space 0, times 1
[ 30.076947] CPU: 1 PID: 7967 Comm: syz-executor183 Not tainted 4.14.304-syzkaller #0
[ 30.084818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 30.094164] Call Trace:
[ 30.096737] dump_stack+0x1b2/0x281
[ 30.100357] should_fail.cold+0x10a/0x149
[ 30.104486] ? commit_echoes+0x4c/0x1e0
[ 30.108440] should_failslab+0xd6/0x130
[ 30.112393] __kmalloc+0x6d/0x400
[ 30.115823] ? tty_buffer_alloc+0xc0/0x270
[ 30.120033] tty_buffer_alloc+0xc0/0x270
[ 30.124066] __tty_buffer_request_room+0x12c/0x290
[ 30.128999] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 30.134530] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 30.140618] pty_write+0xc3/0xf0
[ 30.143982] ? commit_echoes+0x108/0x1e0
[ 30.148042] tty_put_char+0xfe/0x120
[ 30.151742] ? dev_match_devt+0x80/0x80
[ 30.155698] ? pty_write_room+0xa9/0xd0
[ 30.159650] ? ptmx_open+0x300/0x300
[ 30.163343] __process_echoes+0x48c/0x8c0
[ 30.167470] n_tty_receive_buf_common+0x9a3/0x25a0
[ 30.172389] ? n_tty_receive_buf2+0x40/0x40
[ 30.176684] tty_ioctl+0xe8a/0x1430
[ 30.180284] ? tty_fasync+0x2c0/0x2c0
[ 30.184058] ? proc_fail_nth_write+0x7b/0x180
[ 30.188523] ? proc_tgid_io_accounting+0x760/0x7a0
[ 30.193424] ? fsnotify+0x974/0x11b0
[ 30.197109] ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 30.202011] ? debug_check_no_obj_freed+0x2c0/0x680
[ 30.207000] ? tty_fasync+0x2c0/0x2c0
[ 30.210772] do_vfs_ioctl+0x75a/0xff0
[ 30.214567] ? ioctl_preallocate+0x1a0/0x1a0
[ 30.219215] ? vfs_write+0x319/0x4d0
[ 30.222902] ? SyS_write+0x14d/0x210
[ 30.226590] ? security_file_ioctl+0x83/0xb0
[ 30.231176] SyS_ioctl+0x7f/0xb0
[ 30.234633] ? do_vfs_ioctl+0xff0/0xff0
[ 30.238584] do_syscall_64+0x1d5/0x640
[ 30.242456] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 30.247630] RIP: 0033:0x7f82f217ad39
[ 30.251312] RSP: 002b:00007fffa3484628 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 30.258991] RAX: ffffffffffffffda RBX: 00007f82f21e8e50 RCX: 00007f82f217ad39
[ 30.266883] RDX: 00000000200000c0 RSI: 0000000000005412 RDI: 0000000000000004
[ 30.274437] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007fffa3484658
[ 30.281683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa3484640
[ 30.288927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 30.296285]
[ 30.296287] ======================================================
[ 30.296289] WARNING: possible circular locking dependency detected
[ 30.296291] 4.14.304-syzkaller #0 Not tainted
[ 30.296292] ------------------------------------------------------
[ 30.296294] syz-executor183/7967 is trying to acquire lock:
[ 30.296295] (console_owner){....}, at: [<ffffffff814408f7>] console_unlock+0x307/0xf20
[ 30.296299]
[ 30.296301] but task is already holding lock:
[ 30.296301] (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356097b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 30.296306]
[ 30.296307] which lock already depends on the new lock.
[ 30.296308]
[ 30.296309]
[ 30.296311] the existing dependency chain (in reverse order) is:
[ 30.296311]
[ 30.296312] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 30.296316] _raw_spin_lock_irqsave+0x8c/0xc0
[ 30.296318] tty_port_tty_get+0x1d/0x80
[ 30.296319] tty_port_default_wakeup+0x11/0x40
[ 30.296320] serial8250_tx_chars+0x3fe/0xc70
[ 30.296322] serial8250_handle_irq.part.0+0x2c7/0x390
[ 30.296323] serial8250_default_handle_irq+0x8a/0x1f0
[ 30.296325] serial8250_interrupt+0xf3/0x210
[ 30.296326] __handle_irq_event_percpu+0xee/0x7f0
[ 30.296327] handle_irq_event+0xed/0x240
[ 30.296329] handle_edge_irq+0x224/0xc40
[ 30.296330] handle_irq+0x35/0x50
[ 30.296331] do_IRQ+0x93/0x1d0
[ 30.296332] ret_from_intr+0x0/0x1e
[ 30.296333] native_safe_halt+0xe/0x10
[ 30.296335] default_idle+0x47/0x370
[ 30.296336] do_idle+0x250/0x3c0
[ 30.296337] cpu_startup_entry+0x14/0x20
[ 30.296338] start_kernel+0x743/0x763
[ 30.296340] secondary_startup_64+0xa5/0xb0
[ 30.296340]
[ 30.296341] -> #1 (&port_lock_key){-.-.}:
[ 30.296345] _raw_spin_lock_irqsave+0x8c/0xc0
[ 30.296346] serial8250_console_write+0x8cb/0xb40
[ 30.296348] console_unlock+0x99d/0xf20
[ 30.296349] vprintk_emit+0x224/0x620
[ 30.296350] vprintk_func+0x58/0x160
[ 30.296351] printk+0x9e/0xbc
[ 30.296352] register_console+0x6f4/0xad0
[ 30.296354] univ8250_console_init+0x2f/0x3a
[ 30.296355] console_init+0x46/0x53
[ 30.296356] start_kernel+0x521/0x763
[ 30.296357] secondary_startup_64+0xa5/0xb0
[ 30.296358]
[ 30.296359] -> #0 (console_owner){....}:
[ 30.296363] lock_acquire+0x170/0x3f0
[ 30.296364] console_unlock+0x36f/0xf20
[ 30.296365] vprintk_emit+0x224/0x620
[ 30.296366] vprintk_func+0x58/0x160
[ 30.296368] printk+0x9e/0xbc
[ 30.296369] should_fail.cold+0xdf/0x149
[ 30.296370] should_failslab+0xd6/0x130
[ 30.296371] __kmalloc+0x6d/0x400
[ 30.296373] tty_buffer_alloc+0xc0/0x270
[ 30.296374] __tty_buffer_request_room+0x12c/0x290
[ 30.296376] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 30.296377] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 30.296379] pty_write+0xc3/0xf0
[ 30.296380] tty_put_char+0xfe/0x120
[ 30.296381] __process_echoes+0x48c/0x8c0
[ 30.296383] n_tty_receive_buf_common+0x9a3/0x25a0
[ 30.296384] tty_ioctl+0xe8a/0x1430
[ 30.296385] do_vfs_ioctl+0x75a/0xff0
[ 30.296386] SyS_ioctl+0x7f/0xb0
[ 30.296387] do_syscall_64+0x1d5/0x640
[ 30.296389] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 30.296390]
[ 30.296391] other info that might help us debug this:
[ 30.296392]
[ 30.296393] Chain exists of:
[ 30.296393] console_owner --> &port_lock_key --> &(&port->lock)->rlock
[ 30.296399]
[ 30.296400] Possible unsafe locking scenario:
[ 30.296400]
[ 30.296402] CPU0 CPU1
[ 30.296403] ---- ----
[ 30.296404] lock(&(&port->lock)->rlock);
[ 30.296407] lock(&port_lock_key);
[ 30.296409] lock(&(&port->lock)->rlock);
[ 30.296412] lock(console_owner);
[ 30.296414]
[ 30.296415] *** DEADLOCK ***
[ 30.296416]
[ 30.296417] 6 locks held by syz-executor183/7967:
[ 30.296418] #0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355cdf2>] tty_ldisc_ref_wait+0x22/0x80
[ 30.296422] #1: (&port->buf.lock/1){+.+.}, at: [<ffffffff8354adb0>] tty_ioctl+0xe20/0x1430
[ 30.296427] #2: (&o_tty->termios_rwsem/1){++++}, at: [<ffffffff8355397d>] isig+0x36d/0x420
[ 30.296432] #3: (&ldata->output_lock){+.+.}, at: [<ffffffff83557a65>] n_tty_receive_buf_common+0x965/0x25a0
[ 30.296437] #4: (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356097b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 30.296442] #5: (console_lock){+.+.}, at: [<ffffffff81444258>] vprintk_func+0x58/0x160
[ 30.296446]
[ 30.296447] stack backtrace:
[ 30.296449] CPU: 1 PID: 7967 Comm: syz-executor183 Not tainted 4.14.304-syzkaller #0
[ 30.296452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 30.296453] Call Trace:
[ 30.296454] dump_stack+0x1b2/0x281
[ 30.296455] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 30.296457] __lock_acquire+0x2e0e/0x3f20
[ 30.296458] ? trace_hardirqs_on+0x10/0x10
[ 30.296459] ? snprintf+0xd0/0xd0
[ 30.296460] ? console_unlock+0x34a/0xf20
[ 30.296461] lock_acquire+0x170/0x3f0
[ 30.296463] ? console_unlock+0x307/0xf20
[ 30.296464] console_unlock+0x36f/0xf20
[ 30.296465] ? console_unlock+0x307/0xf20
[ 30.296466] vprintk_emit+0x224/0x620
[ 30.296467] vprintk_func+0x58/0x160
[ 30.296468] printk+0x9e/0xbc
[ 30.296474] ? log_store.cold+0x16/0x16
[ 30.296475] ? ___ratelimit+0x2b5/0x510
[ 30.296476] should_fail.cold+0xdf/0x149
[ 30.296478] ? commit_echoes+0x4c/0x1e0
[ 30.296479] should_failslab+0xd6/0x130
[ 30.296480] __kmalloc+0x6d/0x400
[ 30.296481] ? tty_buffer_alloc+0xc0/0x270
[ 30.296482] tty_buffer_alloc+0xc0/0x270
[ 30.296484] __tty_buffer_request_room+0x12c/0x290
[ 30.296485] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 30.296487] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 30.296488] pty_write+0xc3/0xf0
[ 30.296489] ? commit_echoes+0x108/0x1e0
[ 30.296491] tty_put_char+0xfe/0x120
[ 30.296492] ? dev_match_devt+0x80/0x80
[ 30.296493] ? pty_write_room+0xa9/0xd0
[ 30.296494] ? ptmx_open+0x300/0x300
[ 30.296495] __process_echoes+0x48c/0x8c0
[ 30.296497] n_tty_receive_buf_common+0x9a3/0x25a0
[ 30.296498] ? n_tty_receive_buf2+0x40/0x40
[ 30.296499] tty_ioctl+0xe8a/0x1430
[ 30.296500] ? tty_fasync+0x2c0/0x2c0
[ 30.296502] ? proc_fail_nth_write+0x7b/0x180
[ 30.296503] ? proc_tgid_io_accounting+0x760/0x7a0
[ 30.296505] ? fsnotify+0x974/0x11b0
[ 30.296506] ? proc_tgid_io_accounting+0x7a0/0x7a0
[ 30.296507] ? debug_check_no_obj_freed+0x2c0/0x680
[ 30.296509] ? tty_fasync+0x2c0/0x2c0
[ 30.296510] do_vfs_ioctl+0x75a/0xff0
[ 30.296511] ? ioctl_preallocate+0x1a0/0x1a0
[ 30.296512] ? vfs_write+0x319/0x4d0
[ 30.296513] ? SyS_write+0x14d/0x210
[ 30.296515] ? security_file_ioctl+0x83/0xb0
[ 30.296516] SyS_ioctl+0x7f/0xb0
[ 30.296517] ? do_vfs_ioctl+0xff0/0xff0
[ 30.296518] do_syscall_64+0x1d5/0x640
[ 30.296520] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 30.296521] RIP: 0033:0x7f82f217ad39
[ 30.296522] RSP: 002b:00007fffa3484628 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 30.296525] RAX: ffffffffffffffda RBX: 00007f82f21e8e50 RCX: 00007f82f217ad39
[ 30.296527] RDX: 00000000200000c0 RSI: 0000000000005412 RDI: 0000000000000004
[ 30.296529] RBP: 0000000000000001 R08: 0000000000000001 R09: 00007fffa3484658
[ 30.296531] R10: 0000000000000000 R11: 0000000000000246