[  OK  ] Started Getty on tty2.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started OpenBSD Secure Shell server.
[  OK  ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[  OK  ] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   27.080758] FAULT_INJECTION: forcing a failure.
[   27.080758] name failslab, interval 1, probability 0, space 0, times 1
[   27.092916] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0
[   27.100772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   27.110099] Call Trace:
[   27.112661]  dump_stack+0x1b2/0x281
[   27.116264]  should_fail.cold+0x10a/0x149
[   27.120386]  should_failslab+0xd6/0x130
[   27.124335]  __kmalloc+0x6d/0x400
[   27.127776]  ? tty_buffer_alloc+0xc0/0x270
[   27.131985]  tty_buffer_alloc+0xc0/0x270
[   27.136019]  __tty_buffer_request_room+0x12c/0x290
[   27.140923]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   27.146436]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   27.152381]  pty_write+0xc3/0xf0
[   27.155722]  n_tty_write+0x85e/0xda0
[   27.159412]  ? n_tty_open+0x160/0x160
[   27.163186]  ? do_wait_intr_irq+0x270/0x270
[   27.167479]  ? __might_fault+0xf/0x1b0
[   27.171338]  tty_write+0x410/0x740
[   27.174852]  ? n_tty_open+0x160/0x160
[   27.178626]  __vfs_write+0xe4/0x630
[   27.182225]  ? tty_compat_ioctl+0x240/0x240
[   27.186518]  ? kernel_read+0x110/0x110
[   27.190381]  ? sanity+0x202/0x2f0
[   27.193806]  ? find_get_entry+0x339/0x630
[   27.197927]  ? copy_page_to_iter+0x42f/0xcd0
[   27.202308]  __kernel_write+0xf5/0x330
[   27.206171]  write_pipe_buf+0x143/0x1c0
[   27.210121]  ? default_file_splice_read+0x910/0x910
[   27.215113]  ? page_cache_pipe_buf_confirm+0x18f/0x260
[   27.220368]  __splice_from_pipe+0x326/0x7a0
[   27.224664]  ? default_file_splice_read+0x910/0x910
[   27.229663]  default_file_splice_write+0xc5/0x150
[   27.234478]  ? generic_splice_sendpage+0x110/0x110
[   27.239383]  ? rw_verify_area+0xe1/0x2a0
[   27.243420]  ? generic_splice_sendpage+0x110/0x110
[   27.248325]  direct_splice_actor+0x115/0x160
[   27.252886]  splice_direct_to_actor+0x27c/0x730
[   27.257625]  ? generic_pipe_buf_nosteal+0x10/0x10
[   27.262454]  ? do_splice_to+0x140/0x140
[   27.266404]  ? rw_verify_area+0xe1/0x2a0
[   27.270438]  do_splice_direct+0x164/0x210
[   27.274561]  ? splice_direct_to_actor+0x730/0x730
[   27.279375]  ? rw_verify_area+0xe1/0x2a0
[   27.283410]  do_sendfile+0x47f/0xb30
[   27.287100]  ? do_compat_writev+0x180/0x180
[   27.291400]  SyS_sendfile64+0xff/0x110
[   27.295260]  ? SyS_sendfile+0x130/0x130
[   27.299295]  ? do_syscall_64+0x4c/0x640
[   27.303245]  ? SyS_sendfile+0x130/0x130
[   27.307191]  do_syscall_64+0x1d5/0x640
[   27.311233]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.316396] RIP: 0033:0x7f944c9a4719
[   27.320086] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   27.328123] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719
[   27.335370] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[   27.342612] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432
[   27.349948] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005
[   27.357260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.364639] 
[   27.364642] ======================================================
[   27.364643] WARNING: possible circular locking dependency detected
[   27.364645] 4.14.301-syzkaller #0 Not tainted
[   27.364646] ------------------------------------------------------
[   27.364648] syz-executor372/7987 is trying to acquire lock:
[   27.364649]  (console_owner){....}, at: [<ffffffff81440a47>] console_unlock+0x307/0xf20
[   27.364653] 
[   27.364654] but task is already holding lock:
[   27.364655]  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356022b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   27.364660] 
[   27.364661] which lock already depends on the new lock.
[   27.364662] 
[   27.364662] 
[   27.364664] the existing dependency chain (in reverse order) is:
[   27.364665] 
[   27.364665] -> #2 (&(&port->lock)->rlock){-.-.}:
[   27.364670]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.364671]        tty_port_tty_get+0x1d/0x80
[   27.364672]        tty_port_default_wakeup+0x11/0x40
[   27.364674]        serial8250_tx_chars+0x3fe/0xc70
[   27.364675]        serial8250_handle_irq.part.0+0x2c7/0x390
[   27.364677]        serial8250_default_handle_irq+0x8a/0x1f0
[   27.364678]        serial8250_interrupt+0xf3/0x210
[   27.364679]        __handle_irq_event_percpu+0xee/0x7f0
[   27.364681]        handle_irq_event+0xed/0x240
[   27.364682]        handle_edge_irq+0x224/0xc40
[   27.364683]        handle_irq+0x35/0x50
[   27.364684]        do_IRQ+0x93/0x1d0
[   27.364685]        ret_from_intr+0x0/0x1e
[   27.364687]        _raw_spin_unlock_irqrestore+0xa3/0xe0
[   27.364688]        uart_write+0x2dd/0x560
[   27.364689]        do_output_char+0x4f5/0x750
[   27.364690]        n_tty_write+0x3e3/0xda0
[   27.364691]        tty_write+0x410/0x740
[   27.364693]        redirected_tty_write+0x9c/0xb0
[   27.364694]        do_iter_write+0x3da/0x550
[   27.364695]        vfs_writev+0x125/0x290
[   27.364696]        do_writev+0xfc/0x2c0
[   27.364697]        do_syscall_64+0x1d5/0x640
[   27.364715]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.364716] 
[   27.364716] -> #1 (&port_lock_key){-.-.}:
[   27.364721]        _raw_spin_lock_irqsave+0x8c/0xc0
[   27.364722]        serial8250_console_write+0x8cb/0xb40
[   27.364723]        console_unlock+0x99d/0xf20
[   27.364724]        vprintk_emit+0x224/0x620
[   27.364726]        vprintk_func+0x58/0x160
[   27.364727]        printk+0x9e/0xbc
[   27.364728]        register_console+0x6f4/0xad0
[   27.364729]        univ8250_console_init+0x2f/0x3a
[   27.364730]        console_init+0x46/0x53
[   27.364732]        start_kernel+0x521/0x763
[   27.364733]        secondary_startup_64+0xa5/0xb0
[   27.364734] 
[   27.364734] -> #0 (console_owner){....}:
[   27.364738]        lock_acquire+0x170/0x3f0
[   27.364740]        console_unlock+0x36f/0xf20
[   27.364741]        vprintk_emit+0x224/0x620
[   27.364742]        vprintk_func+0x58/0x160
[   27.364743]        printk+0x9e/0xbc
[   27.364744]        should_fail.cold+0xdf/0x149
[   27.364746]        should_failslab+0xd6/0x130
[   27.364747]        __kmalloc+0x6d/0x400
[   27.364748]        tty_buffer_alloc+0xc0/0x270
[   27.364749]        __tty_buffer_request_room+0x12c/0x290
[   27.364751]        tty_insert_flip_string_fixed_flag+0x8b/0x210
[   27.364753]        tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   27.364754]        pty_write+0xc3/0xf0
[   27.364755]        n_tty_write+0x85e/0xda0
[   27.364756]        tty_write+0x410/0x740
[   27.364757]        __vfs_write+0xe4/0x630
[   27.364759]        __kernel_write+0xf5/0x330
[   27.364760]        write_pipe_buf+0x143/0x1c0
[   27.364765]        __splice_from_pipe+0x326/0x7a0
[   27.364767]        default_file_splice_write+0xc5/0x150
[   27.364768]        direct_splice_actor+0x115/0x160
[   27.364770]        splice_direct_to_actor+0x27c/0x730
[   27.364771]        do_splice_direct+0x164/0x210
[   27.364772]        do_sendfile+0x47f/0xb30
[   27.364773]        SyS_sendfile64+0xff/0x110
[   27.364774]        do_syscall_64+0x1d5/0x640
[   27.364776]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.364776] 
[   27.364778] other info that might help us debug this:
[   27.364779] 
[   27.364780] Chain exists of:
[   27.364780]   console_owner --> &port_lock_key --> &(&port->lock)->rlock
[   27.364785] 
[   27.364787]  Possible unsafe locking scenario:
[   27.364787] 
[   27.364789]        CPU0                    CPU1
[   27.364790]        ----                    ----
[   27.364790]   lock(&(&port->lock)->rlock);
[   27.364793]                                lock(&port_lock_key);
[   27.364796]                                lock(&(&port->lock)->rlock);
[   27.364799]   lock(console_owner);
[   27.364801] 
[   27.364802]  *** DEADLOCK ***
[   27.364802] 
[   27.364804] 6 locks held by syz-executor372/7987:
[   27.364804]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8355c6a2>] tty_ldisc_ref_wait+0x22/0x80
[   27.364809]  #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff8354531d>] tty_write+0x22d/0x740
[   27.364813]  #2:  (&tty->termios_rwsem){++++}, at: [<ffffffff8355055a>] n_tty_write+0x18a/0xda0
[   27.364818]  #3:  (&ldata->output_lock){+.+.}, at: [<ffffffff83550bfb>] n_tty_write+0x82b/0xda0
[   27.364822]  #4:  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356022b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   27.364827]  #5:  (console_lock){+.+.}, at: [<ffffffff814443a8>] vprintk_func+0x58/0x160
[   27.364831] 
[   27.364832] stack backtrace:
[   27.364834] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0
[   27.364837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   27.364838] Call Trace:
[   27.364839]  dump_stack+0x1b2/0x281
[   27.364840]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   27.364841]  __lock_acquire+0x2e0e/0x3f20
[   27.364843]  ? trace_hardirqs_on+0x10/0x10
[   27.364844]  ? snprintf+0xd0/0xd0
[   27.364845]  ? console_unlock+0x34a/0xf20
[   27.364846]  lock_acquire+0x170/0x3f0
[   27.364847]  ? console_unlock+0x307/0xf20
[   27.364848]  console_unlock+0x36f/0xf20
[   27.364850]  ? console_unlock+0x307/0xf20
[   27.364851]  vprintk_emit+0x224/0x620
[   27.364852]  vprintk_func+0x58/0x160
[   27.364853]  printk+0x9e/0xbc
[   27.364854]  ? log_store.cold+0x16/0x16
[   27.364855]  ? __lock_acquire+0x5fc/0x3f20
[   27.364857]  ? ___ratelimit+0x2b5/0x510
[   27.364858]  should_fail.cold+0xdf/0x149
[   27.364859]  should_failslab+0xd6/0x130
[   27.364860]  __kmalloc+0x6d/0x400
[   27.364861]  ? tty_buffer_alloc+0xc0/0x270
[   27.364862]  tty_buffer_alloc+0xc0/0x270
[   27.364864]  __tty_buffer_request_room+0x12c/0x290
[   27.364865]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   27.364867]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   27.364868]  pty_write+0xc3/0xf0
[   27.364869]  n_tty_write+0x85e/0xda0
[   27.364870]  ? n_tty_open+0x160/0x160
[   27.364872]  ? do_wait_intr_irq+0x270/0x270
[   27.364873]  ? __might_fault+0xf/0x1b0
[   27.364874]  tty_write+0x410/0x740
[   27.364875]  ? n_tty_open+0x160/0x160
[   27.364876]  __vfs_write+0xe4/0x630
[   27.364877]  ? tty_compat_ioctl+0x240/0x240
[   27.364878]  ? kernel_read+0x110/0x110
[   27.364880]  ? sanity+0x202/0x2f0
[   27.364881]  ? find_get_entry+0x339/0x630
[   27.364882]  ? copy_page_to_iter+0x42f/0xcd0
[   27.364883]  __kernel_write+0xf5/0x330
[   27.364884]  write_pipe_buf+0x143/0x1c0
[   27.364886]  ? default_file_splice_read+0x910/0x910
[   27.364887]  ? page_cache_pipe_buf_confirm+0x18f/0x260
[   27.364889]  __splice_from_pipe+0x326/0x7a0
[   27.364890]  ? default_file_splice_read+0x910/0x910
[   27.364891]  default_file_splice_write+0xc5/0x150
[   27.364893]  ? generic_splice_sendpage+0x110/0x110
[   27.364894]  ? rw_verify_area+0xe1/0x2a0
[   27.364895]  ? generic_splice_sendpage+0x110/0x110
[   27.364897]  direct_splice_actor+0x115/0x160
[   27.364898]  splice_direct_to_actor+0x27c/0x730
[   27.364899]  ? generic_pipe_buf_nosteal+0x10/0x10
[   27.364900]  ? do_splice_to+0x140/0x140
[   27.364902]  ? rw_verify_area+0xe1/0x2a0
[   27.364903]  do_splice_direct+0x164/0x210
[   27.364904]  ? splice_direct_to_actor+0x730/0x730
[   27.364905]  ? rw_verify_area+0xe1/0x2a0
[   27.364906]  do_sendfile+0x47f/0xb30
[   27.364908]  ? do_compat_writev+0x180/0x180
[   27.364909]  SyS_sendfile64+0xff/0x110
[   27.364910]  ? SyS_sendfile+0x130/0x130
[   27.364911]  ? do_syscall_64+0x4c/0x640
[   27.364912]  ? SyS_sendfile+0x130/0x130
[   27.364914]  do_syscall_64+0x1d5/0x640
[   27.364915]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   27.364916] RIP: 0033:0x7f944c9a4719
[   27.364918] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   27.364921] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719
[   27.364923] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[   27.364925] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432
[   27.364927] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005
[   27.364929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000