syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in tty_buffer_flush serial | 4 | 1 | 1737d | 1733d | 0/29 | auto-closed as invalid on 2021/11/21 00:33 | |||
| upstream | possible deadlock in tty_buffer_flush (2) serial | 4 | 7 | 1606d | 1607d | 0/29 | auto-closed as invalid on 2022/03/31 16:04 | |||
| upstream | possible deadlock in tty_buffer_flush (3) serial | 4 | C | done | 131 | 9d18h | 593d | 0/29 | upstream: reported C repro on 2024/09/09 04:46 |
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/0:1/9 is trying to acquire lock:
ffff8880186510b8 (&buf->lock){+.+.}-{3:3}, at: tty_buffer_flush+0x79/0x3f0 drivers/tty/tty_buffer.c:229
but task is already holding lock:
ffffffff8d126400 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 drivers/tty/vt/vt_ioctl.c:985
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (console_lock){+.+.}-{0:0}:
console_lock+0x164/0x1b0 kernel/printk/printk.c:2686
con_flush_chars+0x4b/0x280 drivers/tty/vt/vt.c:3315
__receive_buf drivers/tty/n_tty.c:1650 [inline]
n_tty_receive_buf_common+0xc77/0x12d0 drivers/tty/n_tty.c:1745
tiocsti+0x221/0x2a0 drivers/tty/tty_io.c:2291
tty_ioctl+0x62e/0xdd0 drivers/tty/tty_io.c:2693
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:871 [inline]
__se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
-> #1 (&tty->termios_rwsem){++++}-{3:3}:
down_write+0x97/0x200 kernel/locking/rwsem.c:1573
n_tty_flush_buffer+0x30/0x230 drivers/tty/n_tty.c:363
tty_buffer_flush+0x328/0x3f0 drivers/tty/tty_buffer.c:241
tty_ldisc_flush+0x6b/0xc0 drivers/tty/tty_ldisc.c:388
tty_port_close_start+0x2da/0x540 drivers/tty/tty_port.c:660
tty_port_close+0x2a/0x140 drivers/tty/tty_port.c:715
tty_release+0x387/0x1600 drivers/tty/tty_io.c:1752
__fput+0x234/0x970 fs/file_table.c:384
__do_sys_close fs/open.c:1573 [inline]
__se_sys_close+0x15f/0x220 fs/open.c:1558
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
-> #0 (&buf->lock){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x136/0xcc0 kernel/locking/mutex.c:747
tty_buffer_flush+0x79/0x3f0 drivers/tty/tty_buffer.c:229
__do_SAK+0x135/0x6a0 drivers/tty/tty_io.c:3014
vc_SAK+0x78/0x220 drivers/tty/vt/vt_ioctl.c:995
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
other info that might help us debug this:
Chain exists of:
&buf->lock --> &tty->termios_rwsem --> console_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(console_lock);
lock(&tty->termios_rwsem);
lock(console_lock);
lock(&buf->lock);
*** DEADLOCK ***
3 locks held by kworker/0:1/9:
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#0: ffff888017c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#1: ffffc900000e7d00 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2628 [inline]
#1: ffffc900000e7d00 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 kernel/workqueue.c:2730
#2: ffffffff8d126400 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x28/0x220 drivers/tty/vt/vt_ioctl.c:985
stack backtrace:
CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events vc_SAK
Call Trace:
<TASK>
dump_stack_lvl+0x18c/0x250 lib/dump_stack.c:106
check_noncircular+0x2fc/0x400 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2df1/0x7d40 kernel/locking/lockdep.c:5137
lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x136/0xcc0 kernel/locking/mutex.c:747
tty_buffer_flush+0x79/0x3f0 drivers/tty/tty_buffer.c:229
__do_SAK+0x135/0x6a0 drivers/tty/tty_io.c:3014
vc_SAK+0x78/0x220 drivers/tty/vt/vt_ioctl.c:995
process_one_work kernel/workqueue.c:2653 [inline]
process_scheduled_works+0xa5d/0x15d0 kernel/workqueue.c:2730
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2811
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/04/25 08:07 | linux-6.6.y | 9760bf04666d | 9c2d0995 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-6-kasan | possible deadlock in tty_buffer_flush |