Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   26.077392] FAULT_INJECTION: forcing a failure.
[   26.077392] name failslab, interval 1, probability 0, space 0, times 1
[   26.088956] CPU: 0 PID: 7951 Comm: syz-executor182 Not tainted 4.14.302-syzkaller #0
[   26.097067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   26.106404] Call Trace:
[   26.108982]  dump_stack+0x1b2/0x281
[   26.112594]  should_fail.cold+0x10a/0x149
[   26.116722]  should_failslab+0xd6/0x130
[   26.120670]  __kmalloc+0x6d/0x400
[   26.124102]  ? tty_buffer_alloc+0xc0/0x270
[   26.128314]  tty_buffer_alloc+0xc0/0x270
[   26.132346]  __tty_buffer_request_room+0x12c/0x290
[   26.137248]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   26.142756]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   26.148697]  pty_write+0xc3/0xf0
[   26.152035]  n_tty_write+0x85e/0xda0
[   26.155721]  ? n_tty_open+0x160/0x160
[   26.159493]  ? do_wait_intr_irq+0x270/0x270
[   26.163793]  ? __might_fault+0x177/0x1b0
[   26.167823]  tty_write+0x410/0x740
[   26.171333]  ? n_tty_open+0x160/0x160
[   26.175102]  __vfs_write+0xe4/0x630
[   26.178698]  ? tty_compat_ioctl+0x240/0x240
[   26.182991]  ? debug_check_no_obj_freed+0x2c0/0x680
[   26.187976]  ? kernel_read+0x110/0x110
[   26.191835]  ? common_file_perm+0x3ee/0x580
[   26.196307]  ? security_file_permission+0x82/0x1e0
[   26.201207]  ? rw_verify_area+0xe1/0x2a0
[   26.205238]  vfs_write+0x17f/0x4d0
[   26.208748]  SyS_write+0xf2/0x210
[   26.212170]  ? SyS_read+0x210/0x210
[   26.215766]  ? __do_page_fault+0x159/0xad0
[   26.219971]  ? do_syscall_64+0x4c/0x640
[   26.223912]  ? SyS_read+0x210/0x210
[   26.227511]  do_syscall_64+0x1d5/0x640
[   26.231370]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   26.236528] RIP: 0033:0x7f028c93b6f9
[   26.240207] RSP: 002b:00007ffc28f6b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   26.247885] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f028c93b6f9
[   26.255124] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003
[   26.262374] RBP: 00007ffc28f6b4f0 R08: 0000000000000001 R09: 00007f028c8f0032
[   26.269625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   26.276871] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.284120] 
[   26.284122] ======================================================
[   26.284124] WARNING: possible circular locking dependency detected
[   26.284125] 4.14.302-syzkaller #0 Not tainted
[   26.284127] ------------------------------------------------------
[   26.284128] syz-executor182/7951 is trying to acquire lock:
[   26.284129]  (console_owner){....}, at: [<ffffffff81440a47>] console_unlock+0x307/0xf20
[   26.284133] 
[   26.284134] but task is already holding lock:
[   26.284135]  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835603ab>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   26.284139] 
[   26.284140] which lock already depends on the new lock.
[   26.284141] 
[   26.284141] 
[   26.284143] the existing dependency chain (in reverse order) is:
[   26.284143] 
[   26.284144] -> #2 (&(&port->lock)->rlock){-.-.}:
[   26.284148]        _raw_spin_lock_irqsave+0x8c/0xc0
[   26.284149]        tty_port_tty_get+0x1d/0x80
[   26.284150]        tty_port_default_wakeup+0x11/0x40
[   26.284152]        serial8250_tx_chars+0x3fe/0xc70
[   26.284153]        serial8250_handle_irq.part.0+0x2c7/0x390
[   26.284154]        serial8250_default_handle_irq+0x8a/0x1f0
[   26.284156]        serial8250_interrupt+0xf3/0x210
[   26.284157]        __handle_irq_event_percpu+0xee/0x7f0
[   26.284158]        handle_irq_event+0xed/0x240
[   26.284159]        handle_edge_irq+0x224/0xc40
[   26.284160]        handle_irq+0x35/0x50
[   26.284161]        do_IRQ+0x93/0x1d0
[   26.284162]        ret_from_intr+0x0/0x1e
[   26.284163]        _raw_spin_unlock_irqrestore+0xa3/0xe0
[   26.284165]        uart_write+0x2dd/0x560
[   26.284166]        do_output_char+0x4f5/0x750
[   26.284167]        n_tty_write+0x3e3/0xda0
[   26.284168]        tty_write+0x410/0x740
[   26.284169]        redirected_tty_write+0x9c/0xb0
[   26.284170]        do_iter_write+0x3da/0x550
[   26.284171]        vfs_writev+0x125/0x290
[   26.284172]        do_writev+0xfc/0x2c0
[   26.284173]        do_syscall_64+0x1d5/0x640
[   26.284175]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   26.284175] 
[   26.284176] -> #1 (&port_lock_key){-.-.}:
[   26.284180]        _raw_spin_lock_irqsave+0x8c/0xc0
[   26.284181]        serial8250_console_write+0x8cb/0xb40
[   26.284182]        console_unlock+0x99d/0xf20
[   26.284183]        vprintk_emit+0x224/0x620
[   26.284184]        vprintk_func+0x58/0x160
[   26.284185]        printk+0x9e/0xbc
[   26.284186]        register_console+0x6f4/0xad0
[   26.284187]        univ8250_console_init+0x2f/0x3a
[   26.284188]        console_init+0x46/0x53
[   26.284189]        start_kernel+0x521/0x763
[   26.284191]        secondary_startup_64+0xa5/0xb0
[   26.284191] 
[   26.284192] -> #0 (console_owner){....}:
[   26.284195]        lock_acquire+0x170/0x3f0
[   26.284197]        console_unlock+0x36f/0xf20
[   26.284198]        vprintk_emit+0x224/0x620
[   26.284199]        vprintk_func+0x58/0x160
[   26.284200]        printk+0x9e/0xbc
[   26.284201]        should_fail.cold+0xdf/0x149
[   26.284202]        should_failslab+0xd6/0x130
[   26.284203]        __kmalloc+0x6d/0x400
[   26.284204]        tty_buffer_alloc+0xc0/0x270
[   26.284205]        __tty_buffer_request_room+0x12c/0x290
[   26.284207]        tty_insert_flip_string_fixed_flag+0x8b/0x210
[   26.284208]        tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   26.284209]        pty_write+0xc3/0xf0
[   26.284210]        n_tty_write+0x85e/0xda0
[   26.284211]        tty_write+0x410/0x740
[   26.284212]        __vfs_write+0xe4/0x630
[   26.284213]        vfs_write+0x17f/0x4d0
[   26.284214]        SyS_write+0xf2/0x210
[   26.284215]        do_syscall_64+0x1d5/0x640
[   26.284217]        entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   26.284217] 
[   26.284219] other info that might help us debug this:
[   26.284219] 
[   26.284220] Chain exists of:
[   26.284221]   console_owner --> &port_lock_key --> &(&port->lock)->rlock
[   26.284225] 
[   26.284227]  Possible unsafe locking scenario:
[   26.284227] 
[   26.284228]        CPU0                    CPU1
[   26.284229]        ----                    ----
[   26.284230]   lock(&(&port->lock)->rlock);
[   26.284233]                                lock(&port_lock_key);
[   26.284235]                                lock(&(&port->lock)->rlock);
[   26.284238]   lock(console_owner);
[   26.284240] 
[   26.284240]  *** DEADLOCK ***
[   26.284241] 
[   26.284242] 6 locks held by syz-executor182/7951:
[   26.284243]  #0:  (&tty->ldisc_sem){++++}, at: [<ffffffff8355c822>] tty_ldisc_ref_wait+0x22/0x80
[   26.284247]  #1:  (&tty->atomic_write_lock){+.+.}, at: [<ffffffff8354549d>] tty_write+0x22d/0x740
[   26.284251]  #2:  (&tty->termios_rwsem){++++}, at: [<ffffffff835506da>] n_tty_write+0x18a/0xda0
[   26.284255]  #3:  (&ldata->output_lock){+.+.}, at: [<ffffffff83550d7b>] n_tty_write+0x82b/0xda0
[   26.284259]  #4:  (&(&port->lock)->rlock){-.-.}, at: [<ffffffff835603ab>] tty_insert_flip_string_and_push_buffer+0x2b/0x160
[   26.284263]  #5:  (console_lock){+.+.}, at: [<ffffffff814443a8>] vprintk_func+0x58/0x160
[   26.284267] 
[   26.284268] stack backtrace:
[   26.284270] CPU: 0 PID: 7951 Comm: syz-executor182 Not tainted 4.14.302-syzkaller #0
[   26.284272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   26.284273] Call Trace:
[   26.284274]  dump_stack+0x1b2/0x281
[   26.284275]  print_circular_bug.constprop.0.cold+0x2d7/0x41e
[   26.284276]  __lock_acquire+0x2e0e/0x3f20
[   26.284278]  ? trace_hardirqs_on+0x10/0x10
[   26.284279]  ? snprintf+0xd0/0xd0
[   26.284280]  ? console_unlock+0x34a/0xf20
[   26.284281]  lock_acquire+0x170/0x3f0
[   26.284282]  ? console_unlock+0x307/0xf20
[   26.284283]  console_unlock+0x36f/0xf20
[   26.284284]  ? console_unlock+0x307/0xf20
[   26.284285]  vprintk_emit+0x224/0x620
[   26.284286]  vprintk_func+0x58/0x160
[   26.284287]  printk+0x9e/0xbc
[   26.284288]  ? log_store.cold+0x16/0x16
[   26.284289]  ? ___ratelimit+0x2b5/0x510
[   26.284290]  should_fail.cold+0xdf/0x149
[   26.284291]  should_failslab+0xd6/0x130
[   26.284292]  __kmalloc+0x6d/0x400
[   26.284293]  ? tty_buffer_alloc+0xc0/0x270
[   26.284294]  tty_buffer_alloc+0xc0/0x270
[   26.284296]  __tty_buffer_request_room+0x12c/0x290
[   26.284297]  tty_insert_flip_string_fixed_flag+0x8b/0x210
[   26.284299]  tty_insert_flip_string_and_push_buffer+0x3e/0x160
[   26.284299]  pty_write+0xc3/0xf0
[   26.284301]  n_tty_write+0x85e/0xda0
[   26.284302]  ? n_tty_open+0x160/0x160
[   26.284303]  ? do_wait_intr_irq+0x270/0x270
[   26.284304]  ? __might_fault+0x177/0x1b0
[   26.284305]  tty_write+0x410/0x740
[   26.284306]  ? n_tty_open+0x160/0x160
[   26.284307]  __vfs_write+0xe4/0x630
[   26.284308]  ? tty_compat_ioctl+0x240/0x240
[   26.284309]  ? debug_check_no_obj_freed+0x2c0/0x680
[   26.284310]  ? kernel_read+0x110/0x110
[   26.284312]  ? common_file_perm+0x3ee/0x580
[   26.284313]  ? security_file_permission+0x82/0x1e0
[   26.284314]  ? rw_verify_area+0xe1/0x2a0
[   26.284315]  vfs_write+0x17f/0x4d0
[   26.284316]  SyS_write+0xf2/0x210
[   26.284317]  ? SyS_read+0x210/0x210
[   26.284318]  ? __do_page_fault+0x159/0xad0
[   26.284319]  ? do_syscall_64+0x4c/0x640
[   26.284320]  ? SyS_read+0x210/0x210
[   26.284321]  do_syscall_64+0x1d5/0x640
[   26.284322]  entry_SYSCALL_64_after_hwframe+0x5e/0xd3
[   26.284323] RIP: 0033:0x7f028c93b6f9
[   26.284325] RSP: 002b:00007ffc28f6b4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   26.284327] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f028c93b6f9
[   26.284329] RDX: 0000000000000020 RSI: 0000000020000000 RDI: 0000000000000003
[   26.284331] RBP: 00007ffc28f6b4f0 R08: 0000000000000001 R09: 00007f028c8f0032
[   26.284333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[   26.284334] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000