[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.121' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.237721] FAULT_INJECTION: forcing a failure.
[   28.237721] name failslab, interval 1, probability 0, space 0, times 1
[   28.249914] CPU: 1 PID: 7951 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0
[   28.257772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   28.267099] Call Trace:
[   28.269666]  dump_stack+0x1b2/0x281
[   28.273269]  should_fail.cold+0x10a/0x149
[   28.277391]  should_failslab+0xd6/0x130
[   28.281342]  __kmalloc+0x6d/0x400
[   28.284786]  ? tty_buffer_alloc+0xc0/0x270
[   28.289017]  tty_buffer_alloc+0xc0/0x270
[   28.293053]  __tty_buffer_request_room+0x12c/0x290
[   28.297957]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   28.303476]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   28.309425]  pty_write+0xc3/0xf0
[   28.312762]  n_tty_write+0x85e/0xda0
[   28.316463]  ? n_tty_open+0x160/0x160
[   28.320247]  ? do_wait_intr_irq+0x270/0x270
[   28.324546]  ? __might_fault+0x177/0x1b0
[   28.328578]  tty_write+0x410/0x740
[   28.332103]  ? n_tty_open+0x160/0x160
[   28.335878]  __vfs_write+0xe4/0x630
[   28.339482]  ? tty_compat_ioctl+0x240/0x240
[   28.343784]  ? debug_check_no_obj_freed+0x2c0/0x680
[   28.348771]  ? kernel_read+0x110/0x110
[   28.352633]  ? common_file_perm+0x3ee/0x580
[   28.356951]  ? security_file_permission+0x82/0x1e0
[   28.361859]  ? rw_verify_area+0xe1/0x2a0
[   28.365921]  vfs_write+0x17f/0x4d0
[   28.369433]  SyS_write+0xf2/0x210
[   28.372860]  ? SyS_read+0x210/0x210
[   28.376462]  ? __do_page_fault+0x159/0xad0
[   28.380669]  ? do_syscall_64+0x4c/0x640
[   28.384616]  ? SyS_read+0x210/0x210
[   28.388213]  do_syscall_64+0x1d5/0x640
[   28.392074]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   28.397235] RIP: 0033:0x7f0469895679
[   28.400917] RSP: 002b:00007ffcf811fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   28.408594] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0469895679
[   28.415835] RDX: 000000000000ff2e RSI: 00000000200000c0 RDI: 0000000000000003
[   28.423097] RBP: 00007ffcf811fb60 R08: 0000000000000001 R09: 00007f0469850033
[   28.430340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   28.437581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.444847] 
[   28.444849] ======================================================
[   28.444851] WARNING: possible circular locking dependency detected
[   28.444852] 4.14.302-syzkaller #0 Not tainted
[   28.444854] ------------------------------------------------------
[   28.444856] syz-executor294/7951 is trying to acquire lock:
[   28.444856]  (console_owner){....}, at: [<ffffffff81440a47>] console_unlock+0x307/0xf20
[   28.444861] 
[   28.444862] but task is already holding lock:
[   28.444863]  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835603ab>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   28.444867] 
[   28.444869] which lock already depends on the new lock.
[   28.444869] 
[   28.444870] 
[   28.444872] the existing dependency chain (in reverse order) is:
[   28.444872] 
[   28.444873] -> #2 (&(&port->lock)->rlock){-.-.}:
[   28.444877]        _raw_spin_lock_irqsave+0x8c/0xc0
[   28.444879]        tty_port_tty_get+0x1d/0x80
[   28.444880]        tty_port_default_wakeup+0x11/0x40
[   28.444881]        serial8250_tx_chars+0x3fe/0xc70
[   28.444883]        serial8250_handle_irq.part.0+0x2c7/0x390
[   28.444884]        serial8250_default_handle_irq+0x8a/0x1f0
[   28.444886]        serial8250_interrupt+0xf3/0x210
[   28.444887]        __handle_irq_event_percpu+0xee/0x7f0
[   28.444889]        handle_irq_event+0xed/0x240
[   28.444890]        handle_edge_irq+0x224/0xc40
[   28.444891]        handle_irq+0x35/0x50
[   28.444892]        do_IRQ+0x93/0x1d0
[   28.444894]        ret_from_intr+0x0/0x1e
[   28.444895]        _raw_spin_unlock_irqrestore+0xa3/0xe0
[   28.444896]        uart_write+0x2dd/0x560
[   28.444897]        do_output_char+0x4f5/0x750
[   28.444899]        n_tty_write+0x3e3/0xda0
[   28.444900]        tty_write+0x410/0x740
[   28.444901]        redirected_tty_write+0x9c/0xb0
[   28.444902]        do_iter_write+0x3da/0x550
[   28.444903]        vfs_writev+0x125/0x290
[   28.444905]        do_writev+0xfc/0x2c0
[   28.444906]        do_syscall_64+0x1d5/0x640
[   28.444907]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   28.444908] 
[   28.444909] -> #1 (&port_lock_key){-.-.}:
[   28.444913]        _raw_spin_lock_irqsave+0x8c/0xc0
[   28.444914]        serial8250_console_write+0x8cb/0xb40
[   28.444916]        console_unlock+0x99d/0xf20
[   28.444917]        vprintk_emit+0x224/0x620
[   28.444918]        vprintk_func+0x58/0x160
[   28.444919]        printk+0x9e/0xbc
[   28.444920]        register_console+0x6f4/0xad0
[   28.444922]        univ8250_console_init+0x2f/0x3a
[   28.444923]        console_init+0x46/0x53
[   28.444924]        start_kernel+0x521/0x763
[   28.444925]        secondary_startup_64+0xa5/0xb0
[   28.444926] 
[   28.444927] -> #0 (console_owner){....}:
[   28.444931]        lock_acquire+0x170/0x3f0
[   28.444932]        console_unlock+0x36f/0xf20
[   28.444933]        vprintk_emit+0x224/0x620
[   28.444934]        vprintk_func+0x58/0x160
[   28.444935]        printk+0x9e/0xbc
[   28.444937]        should_fail.cold+0xdf/0x149
[   28.444938]        should_failslab+0xd6/0x130
[   28.444939]        __kmalloc+0x6d/0x400
[   28.444940]        tty_buffer_alloc+0xc0/0x270
[   28.444942]        __tty_buffer_request_room+0x12c/0x290
[   28.444943]        tty_insert_flip_string_fixed_flag+0x8b/0x210
[   28.444945]        tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   28.444946]        pty_write+0xc3/0xf0
[   28.444948]        n_tty_write+0x85e/0xda0
[   28.444949]        tty_write+0x410/0x740
[   28.444950]        __vfs_write+0xe4/0x630
[   28.444951]        vfs_write+0x17f/0x4d0
[   28.444952]        SyS_write+0xf2/0x210
[   28.444953]        do_syscall_64+0x1d5/0x640
[   28.444955]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   28.444956] 
[   28.444957] other info that might help us debug this:
[   28.444958] 
[   28.444958] Chain exists of:
[   28.444959]   console_owner --> &port_lock_key --> &(&port->lock)->rlock
[   28.444964] 
[   28.444966]  Possible unsafe locking scenario:
[   28.444966] 
[   28.444968]        CPU0                    CPU1
[   28.444969]        ----                    ----
[   28.444969]   lock(&(&port->lock)->rlock);
[   28.444972]                                lock(&port_lock_key);
[   28.444975]                                lock(&(&port->lock)->rlock);
[   28.444978]   lock(console_owner);
[   28.444980] 
[   28.444981]  *** DEADLOCK ***
[   28.444981] 
[   28.444983] 6 locks held by syz-executor294/7951:
[   28.444983]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8355c822>] tty_ldisc_ref_wait+0x22/0x80
[   28.444988]  #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff8354549d>] tty_write+0x22d/0x740
[   28.444992]  #2:  (&tty->termios_rwsem){++++}, at: [<ffffffff835506da>] n_tty_write+0x18a/0xda0
[   28.444997]  #3:  (&ldata->output_lock){+.+.}, at: [<ffffffff83550d7b>] n_tty_write+0x82b/0xda0
[   28.445001]  #4:  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835603ab>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   28.445006]  #5:  (console_lock){+.+.}, at: [<ffffffff814443a8>] vprintk_func+0x58/0x160
[   28.445010] 
[   28.445011] stack backtrace:
[   28.445013] CPU: 1 PID: 7951 Comm: syz-executor294 Not tainted 4.14.302-syzkaller #0
[   28.445016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   28.445017] Call Trace:
[   28.445018]  dump_stack+0x1b2/0x281
[   28.445020]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   28.445021]  __lock_acquire+0x2e0e/0x3f20
[   28.445022]  ? trace_hardirqs_on+0x10/0x10
[   28.445023]  ? snprintf+0xd0/0xd0
[   28.445025]  ? console_unlock+0x34a/0xf20
[   28.445026]  lock_acquire+0x170/0x3f0
[   28.445027]  ? console_unlock+0x307/0xf20
[   28.445028]  console_unlock+0x36f/0xf20
[   28.445029]  ? console_unlock+0x307/0xf20
[   28.445031]  vprintk_emit+0x224/0x620
[   28.445032]  vprintk_func+0x58/0x160
[   28.445033]  printk+0x9e/0xbc
[   28.445034]  ? log_store.cold+0x16/0x16
[   28.445035]  ? __lock_acquire+0x5fc/0x3f20
[   28.445036]  ? ___ratelimit+0x2b5/0x510
[   28.445037]  should_fail.cold+0xdf/0x149
[   28.445039]  should_failslab+0xd6/0x130
[   28.445040]  __kmalloc+0x6d/0x400
[   28.445041]  ? tty_buffer_alloc+0xc0/0x270
[   28.445042]  tty_buffer_alloc+0xc0/0x270
[   28.445044]  __tty_buffer_request_room+0x12c/0x290
[   28.445045]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   28.445047]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   28.445048]  pty_write+0xc3/0xf0
[   28.445049]  n_tty_write+0x85e/0xda0
[   28.445050]  ? n_tty_open+0x160/0x160
[   28.445051]  ? do_wait_intr_irq+0x270/0x270
[   28.445053]  ? __might_fault+0x177/0x1b0
[   28.445054]  tty_write+0x410/0x740
[   28.445055]  ? n_tty_open+0x160/0x160
[   28.445056]  __vfs_write+0xe4/0x630
[   28.445057]  ? tty_compat_ioctl+0x240/0x240
[   28.445059]  ? debug_check_no_obj_freed+0x2c0/0x680
[   28.445060]  ? kernel_read+0x110/0x110
[   28.445061]  ? common_file_perm+0x3ee/0x580
[   28.445062]  ? security_file_permission+0x82/0x1e0
[   28.445064]  ? rw_verify_area+0xe1/0x2a0
[   28.445065]  vfs_write+0x17f/0x4d0
[   28.445066]  SyS_write+0xf2/0x210
[   28.445067]  ? SyS_read+0x210/0x210
[   28.445068]  ? __do_page_fault+0x159/0xad0
[   28.445069]  ? do_syscall_64+0x4c/0x640
[   28.445070]  ? SyS_read+0x210/0x210
[   28.445072]  do_syscall_64+0x1d5/0x640
[   28.445073]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   28.445074] RIP: 0033:0x7f0469895679
[   28.445076] RSP: 002b:00007ffcf811fb58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   28.445079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0469895679
[   28.445081] RDX: 000000000000ff2e RSI: 00000000200000c0 RDI: 0000000000000003
[   28.445083] RBP: 00007ffcf811fb60 R08: 0000000000000001 R09: 00007f0469850033
[   28.445085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   28.445086] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000