[�[0;32m OK �[0m] Started Getty on tty2.
[�[0;32m OK �[0m] Reached target Login Prompts.
[�[0;32m OK �[0m] Started OpenBSD Secure Shell server.
[�[0;32m OK �[0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[�[0;32m OK �[0m] Reached target Multi-User System.
[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.123' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 27.080758] FAULT_INJECTION: forcing a failure.
[ 27.080758] name failslab, interval 1, probability 0, space 0, times 1
[ 27.092916] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0
[ 27.100772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 27.110099] Call Trace:
[ 27.112661] dump_stack+0x1b2/0x281
[ 27.116264] should_fail.cold+0x10a/0x149
[ 27.120386] should_failslab+0xd6/0x130
[ 27.124335] __kmalloc+0x6d/0x400
[ 27.127776] ? tty_buffer_alloc+0xc0/0x270
[ 27.131985] tty_buffer_alloc+0xc0/0x270
[ 27.136019] __tty_buffer_request_room+0x12c/0x290
[ 27.140923] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 27.146436] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 27.152381] pty_write+0xc3/0xf0
[ 27.155722] n_tty_write+0x85e/0xda0
[ 27.159412] ? n_tty_open+0x160/0x160
[ 27.163186] ? do_wait_intr_irq+0x270/0x270
[ 27.167479] ? __might_fault+0xf/0x1b0
[ 27.171338] tty_write+0x410/0x740
[ 27.174852] ? n_tty_open+0x160/0x160
[ 27.178626] __vfs_write+0xe4/0x630
[ 27.182225] ? tty_compat_ioctl+0x240/0x240
[ 27.186518] ? kernel_read+0x110/0x110
[ 27.190381] ? sanity+0x202/0x2f0
[ 27.193806] ? find_get_entry+0x339/0x630
[ 27.197927] ? copy_page_to_iter+0x42f/0xcd0
[ 27.202308] __kernel_write+0xf5/0x330
[ 27.206171] write_pipe_buf+0x143/0x1c0
[ 27.210121] ? default_file_splice_read+0x910/0x910
[ 27.215113] ? page_cache_pipe_buf_confirm+0x18f/0x260
[ 27.220368] __splice_from_pipe+0x326/0x7a0
[ 27.224664] ? default_file_splice_read+0x910/0x910
[ 27.229663] default_file_splice_write+0xc5/0x150
[ 27.234478] ? generic_splice_sendpage+0x110/0x110
[ 27.239383] ? rw_verify_area+0xe1/0x2a0
[ 27.243420] ? generic_splice_sendpage+0x110/0x110
[ 27.248325] direct_splice_actor+0x115/0x160
[ 27.252886] splice_direct_to_actor+0x27c/0x730
[ 27.257625] ? generic_pipe_buf_nosteal+0x10/0x10
[ 27.262454] ? do_splice_to+0x140/0x140
[ 27.266404] ? rw_verify_area+0xe1/0x2a0
[ 27.270438] do_splice_direct+0x164/0x210
[ 27.274561] ? splice_direct_to_actor+0x730/0x730
[ 27.279375] ? rw_verify_area+0xe1/0x2a0
[ 27.283410] do_sendfile+0x47f/0xb30
[ 27.287100] ? do_compat_writev+0x180/0x180
[ 27.291400] SyS_sendfile64+0xff/0x110
[ 27.295260] ? SyS_sendfile+0x130/0x130
[ 27.299295] ? do_syscall_64+0x4c/0x640
[ 27.303245] ? SyS_sendfile+0x130/0x130
[ 27.307191] do_syscall_64+0x1d5/0x640
[ 27.311233] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 27.316396] RIP: 0033:0x7f944c9a4719
[ 27.320086] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 27.328123] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719
[ 27.335370] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 27.342612] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432
[ 27.349948] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005
[ 27.357260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 27.364639]
[ 27.364642] ======================================================
[ 27.364643] WARNING: possible circular locking dependency detected
[ 27.364645] 4.14.301-syzkaller #0 Not tainted
[ 27.364646] ------------------------------------------------------
[ 27.364648] syz-executor372/7987 is trying to acquire lock:
[ 27.364649] (console_owner){....}, at: [<ffffffff81440a47>] console_unlock+0x307/0xf20
[ 27.364653]
[ 27.364654] but task is already holding lock:
[ 27.364655] (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356022b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 27.364660]
[ 27.364661] which lock already depends on the new lock.
[ 27.364662]
[ 27.364662]
[ 27.364664] the existing dependency chain (in reverse order) is:
[ 27.364665]
[ 27.364665] -> #2 (&(&port->lock)->rlock){-.-.}:
[ 27.364670] _raw_spin_lock_irqsave+0x8c/0xc0
[ 27.364671] tty_port_tty_get+0x1d/0x80
[ 27.364672] tty_port_default_wakeup+0x11/0x40
[ 27.364674] serial8250_tx_chars+0x3fe/0xc70
[ 27.364675] serial8250_handle_irq.part.0+0x2c7/0x390
[ 27.364677] serial8250_default_handle_irq+0x8a/0x1f0
[ 27.364678] serial8250_interrupt+0xf3/0x210
[ 27.364679] __handle_irq_event_percpu+0xee/0x7f0
[ 27.364681] handle_irq_event+0xed/0x240
[ 27.364682] handle_edge_irq+0x224/0xc40
[ 27.364683] handle_irq+0x35/0x50
[ 27.364684] do_IRQ+0x93/0x1d0
[ 27.364685] ret_from_intr+0x0/0x1e
[ 27.364687] _raw_spin_unlock_irqrestore+0xa3/0xe0
[ 27.364688] uart_write+0x2dd/0x560
[ 27.364689] do_output_char+0x4f5/0x750
[ 27.364690] n_tty_write+0x3e3/0xda0
[ 27.364691] tty_write+0x410/0x740
[ 27.364693] redirected_tty_write+0x9c/0xb0
[ 27.364694] do_iter_write+0x3da/0x550
[ 27.364695] vfs_writev+0x125/0x290
[ 27.364696] do_writev+0xfc/0x2c0
[ 27.364697] do_syscall_64+0x1d5/0x640
[ 27.364715] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 27.364716]
[ 27.364716] -> #1 (&port_lock_key){-.-.}:
[ 27.364721] _raw_spin_lock_irqsave+0x8c/0xc0
[ 27.364722] serial8250_console_write+0x8cb/0xb40
[ 27.364723] console_unlock+0x99d/0xf20
[ 27.364724] vprintk_emit+0x224/0x620
[ 27.364726] vprintk_func+0x58/0x160
[ 27.364727] printk+0x9e/0xbc
[ 27.364728] register_console+0x6f4/0xad0
[ 27.364729] univ8250_console_init+0x2f/0x3a
[ 27.364730] console_init+0x46/0x53
[ 27.364732] start_kernel+0x521/0x763
[ 27.364733] secondary_startup_64+0xa5/0xb0
[ 27.364734]
[ 27.364734] -> #0 (console_owner){....}:
[ 27.364738] lock_acquire+0x170/0x3f0
[ 27.364740] console_unlock+0x36f/0xf20
[ 27.364741] vprintk_emit+0x224/0x620
[ 27.364742] vprintk_func+0x58/0x160
[ 27.364743] printk+0x9e/0xbc
[ 27.364744] should_fail.cold+0xdf/0x149
[ 27.364746] should_failslab+0xd6/0x130
[ 27.364747] __kmalloc+0x6d/0x400
[ 27.364748] tty_buffer_alloc+0xc0/0x270
[ 27.364749] __tty_buffer_request_room+0x12c/0x290
[ 27.364751] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 27.364753] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 27.364754] pty_write+0xc3/0xf0
[ 27.364755] n_tty_write+0x85e/0xda0
[ 27.364756] tty_write+0x410/0x740
[ 27.364757] __vfs_write+0xe4/0x630
[ 27.364759] __kernel_write+0xf5/0x330
[ 27.364760] write_pipe_buf+0x143/0x1c0
[ 27.364765] __splice_from_pipe+0x326/0x7a0
[ 27.364767] default_file_splice_write+0xc5/0x150
[ 27.364768] direct_splice_actor+0x115/0x160
[ 27.364770] splice_direct_to_actor+0x27c/0x730
[ 27.364771] do_splice_direct+0x164/0x210
[ 27.364772] do_sendfile+0x47f/0xb30
[ 27.364773] SyS_sendfile64+0xff/0x110
[ 27.364774] do_syscall_64+0x1d5/0x640
[ 27.364776] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 27.364776]
[ 27.364778] other info that might help us debug this:
[ 27.364779]
[ 27.364780] Chain exists of:
[ 27.364780] console_owner --> &port_lock_key --> &(&port->lock)->rlock
[ 27.364785]
[ 27.364787] Possible unsafe locking scenario:
[ 27.364787]
[ 27.364789] CPU0 CPU1
[ 27.364790] ---- ----
[ 27.364790] lock(&(&port->lock)->rlock);
[ 27.364793] lock(&port_lock_key);
[ 27.364796] lock(&(&port->lock)->rlock);
[ 27.364799] lock(console_owner);
[ 27.364801]
[ 27.364802] *** DEADLOCK ***
[ 27.364802]
[ 27.364804] 6 locks held by syz-executor372/7987:
[ 27.364804] #0: (&tty->ldisc_sem){++++}, at: [<ffffffff8355c6a2>] tty_ldisc_ref_wait+0x22/0x80
[ 27.364809] #1: (&tty->atomic_write_lock){+.+.}, at: [<ffffffff8354531d>] tty_write+0x22d/0x740
[ 27.364813] #2: (&tty->termios_rwsem){++++}, at: [<ffffffff8355055a>] n_tty_write+0x18a/0xda0
[ 27.364818] #3: (&ldata->output_lock){+.+.}, at: [<ffffffff83550bfb>] n_tty_write+0x82b/0xda0
[ 27.364822] #4: (&(&port->lock)->rlock){-.-.}, at: [<ffffffff8356022b>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[ 27.364827] #5: (console_lock){+.+.}, at: [<ffffffff814443a8>] vprintk_func+0x58/0x160
[ 27.364831]
[ 27.364832] stack backtrace:
[ 27.364834] CPU: 0 PID: 7987 Comm: syz-executor372 Not tainted 4.14.301-syzkaller #0
[ 27.364837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 27.364838] Call Trace:
[ 27.364839] dump_stack+0x1b2/0x281
[ 27.364840] print_circular_bug.constprop.0.cold+0x2d7/0x41e
[ 27.364841] __lock_acquire+0x2e0e/0x3f20
[ 27.364843] ? trace_hardirqs_on+0x10/0x10
[ 27.364844] ? snprintf+0xd0/0xd0
[ 27.364845] ? console_unlock+0x34a/0xf20
[ 27.364846] lock_acquire+0x170/0x3f0
[ 27.364847] ? console_unlock+0x307/0xf20
[ 27.364848] console_unlock+0x36f/0xf20
[ 27.364850] ? console_unlock+0x307/0xf20
[ 27.364851] vprintk_emit+0x224/0x620
[ 27.364852] vprintk_func+0x58/0x160
[ 27.364853] printk+0x9e/0xbc
[ 27.364854] ? log_store.cold+0x16/0x16
[ 27.364855] ? __lock_acquire+0x5fc/0x3f20
[ 27.364857] ? ___ratelimit+0x2b5/0x510
[ 27.364858] should_fail.cold+0xdf/0x149
[ 27.364859] should_failslab+0xd6/0x130
[ 27.364860] __kmalloc+0x6d/0x400
[ 27.364861] ? tty_buffer_alloc+0xc0/0x270
[ 27.364862] tty_buffer_alloc+0xc0/0x270
[ 27.364864] __tty_buffer_request_room+0x12c/0x290
[ 27.364865] tty_insert_flip_string_fixed_flag+0x8b/0x210
[ 27.364867] tty_insert_flip_string_and_push_buffer+0x3e/0x160
[ 27.364868] pty_write+0xc3/0xf0
[ 27.364869] n_tty_write+0x85e/0xda0
[ 27.364870] ? n_tty_open+0x160/0x160
[ 27.364872] ? do_wait_intr_irq+0x270/0x270
[ 27.364873] ? __might_fault+0xf/0x1b0
[ 27.364874] tty_write+0x410/0x740
[ 27.364875] ? n_tty_open+0x160/0x160
[ 27.364876] __vfs_write+0xe4/0x630
[ 27.364877] ? tty_compat_ioctl+0x240/0x240
[ 27.364878] ? kernel_read+0x110/0x110
[ 27.364880] ? sanity+0x202/0x2f0
[ 27.364881] ? find_get_entry+0x339/0x630
[ 27.364882] ? copy_page_to_iter+0x42f/0xcd0
[ 27.364883] __kernel_write+0xf5/0x330
[ 27.364884] write_pipe_buf+0x143/0x1c0
[ 27.364886] ? default_file_splice_read+0x910/0x910
[ 27.364887] ? page_cache_pipe_buf_confirm+0x18f/0x260
[ 27.364889] __splice_from_pipe+0x326/0x7a0
[ 27.364890] ? default_file_splice_read+0x910/0x910
[ 27.364891] default_file_splice_write+0xc5/0x150
[ 27.364893] ? generic_splice_sendpage+0x110/0x110
[ 27.364894] ? rw_verify_area+0xe1/0x2a0
[ 27.364895] ? generic_splice_sendpage+0x110/0x110
[ 27.364897] direct_splice_actor+0x115/0x160
[ 27.364898] splice_direct_to_actor+0x27c/0x730
[ 27.364899] ? generic_pipe_buf_nosteal+0x10/0x10
[ 27.364900] ? do_splice_to+0x140/0x140
[ 27.364902] ? rw_verify_area+0xe1/0x2a0
[ 27.364903] do_splice_direct+0x164/0x210
[ 27.364904] ? splice_direct_to_actor+0x730/0x730
[ 27.364905] ? rw_verify_area+0xe1/0x2a0
[ 27.364906] do_sendfile+0x47f/0xb30
[ 27.364908] ? do_compat_writev+0x180/0x180
[ 27.364909] SyS_sendfile64+0xff/0x110
[ 27.364910] ? SyS_sendfile+0x130/0x130
[ 27.364911] ? do_syscall_64+0x4c/0x640
[ 27.364912] ? SyS_sendfile+0x130/0x130
[ 27.364914] do_syscall_64+0x1d5/0x640
[ 27.364915] entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[ 27.364916] RIP: 0033:0x7f944c9a4719
[ 27.364918] RSP: 002b:00007ffe0f6913d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 27.364921] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f944c9a4719
[ 27.364923] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 27.364925] RBP: 00007ffe0f6913e0 R08: 0000000000000002 R09: 00007f944c003432
[ 27.364927] R10: 0000000000007fff R11: 0000000000000246 R12: 0000000000000005
[ 27.364929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000