Warning: Permanently added '10.128.1.19' (ECDSA) to the list of known hosts. syzkaller login: [ 53.816029][ T8377] IPVS: ftp: loaded support on port[0] = 21 [ 53.940512][ T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.948651][ T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 53.980724][ T282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 53.994133][ T282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.009777][ T8406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 54.018634][ T8406] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 54.033648][ T8377] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 54.043095][ C1] [ 54.043105][ C1] ====================================================== [ 54.043114][ C1] WARNING: possible circular locking dependency detected [ 54.043120][ C1] 5.12.0-rc7-syzkaller #0 Not tainted [ 54.043126][ C1] ------------------------------------------------------ [ 54.043132][ C1] syz-executor482/8377 is trying to acquire lock: [ 54.043138][ C1] ffffffff8be830a0 (console_owner){....}-{0:0}, at: console_unlock+0x2f2/0xc80 [ 54.043159][ C1] [ 54.043163][ C1] but task is already holding lock: [ 54.043167][ C1] ffffffff90106d38 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 54.043187][ C1] [ 54.043190][ C1] which lock already depends on the new lock. [ 54.043194][ C1] [ 54.043197][ C1] [ 54.043201][ C1] the existing dependency chain (in reverse order) is: [ 54.043205][ C1] [ 54.043208][ C1] -> #2 (&port->lock){-.-.}-{2:2}: [ 54.043224][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 54.043229][ C1] tty_port_tty_get+0x1f/0x100 [ 54.043234][ C1] tty_port_default_wakeup+0x11/0x40 [ 54.043239][ C1] serial8250_tx_chars+0x487/0xa80 [ 54.043244][ C1] serial8250_handle_irq.part.0+0x328/0x3d0 [ 54.043250][ C1] serial8250_default_handle_irq+0xb2/0x220 [ 54.043255][ C1] serial8250_interrupt+0xfd/0x200 [ 54.043260][ C1] __handle_irq_event_percpu+0x303/0x8f0 [ 54.043265][ C1] handle_irq_event+0x102/0x290 [ 54.043270][ C1] handle_edge_irq+0x25f/0xd00 [ 54.043275][ C1] __common_interrupt+0x9e/0x200 [ 54.043279][ C1] common_interrupt+0x9f/0xd0 [ 54.043284][ C1] asm_common_interrupt+0x1e/0x40 [ 54.043289][ C1] _raw_spin_unlock_irqrestore+0x38/0x70 [ 54.043294][ C1] uart_write+0x30d/0x570 [ 54.043299][ C1] do_output_char+0x5de/0x850 [ 54.043303][ C1] n_tty_write+0x4c3/0xfd0 [ 54.043308][ C1] file_tty_write.constprop.0+0x526/0x910 [ 54.043313][ C1] redirected_tty_write+0xa1/0xc0 [ 54.043317][ C1] do_iter_readv_writev+0x46f/0x740 [ 54.043322][ C1] do_iter_write+0x188/0x670 [ 54.043327][ C1] vfs_writev+0x1aa/0x630 [ 54.043331][ C1] do_writev+0x139/0x300 [ 54.043335][ C1] do_syscall_64+0x2d/0x70 [ 54.043340][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.043345][ C1] [ 54.043347][ C1] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 54.043364][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 54.043369][ C1] serial8250_console_write+0x8b2/0xae0 [ 54.043374][ C1] console_unlock+0x895/0xc80 [ 54.043378][ C1] vprintk_emit+0x1ca/0x560 [ 54.043383][ C1] vprintk_func+0x8d/0x1e0 [ 54.043387][ C1] printk+0xba/0xed [ 54.043391][ C1] register_console+0x606/0x840 [ 54.043396][ C1] univ8250_console_init+0x3a/0x46 [ 54.043400][ C1] console_init+0x3c7/0x596 [ 54.043405][ C1] start_kernel+0x306/0x496 [ 54.043410][ C1] secondary_startup_64_no_verify+0xb0/0xbb [ 54.043414][ C1] [ 54.043417][ C1] -> #0 (console_owner){....}-{0:0}: [ 54.043433][ C1] __lock_acquire+0x2b14/0x54c0 [ 54.043437][ C1] lock_acquire+0x1ab/0x740 [ 54.043442][ C1] console_unlock+0x371/0xc80 [ 54.043447][ C1] vprintk_emit+0x1ca/0x560 [ 54.043451][ C1] vprintk_func+0x8d/0x1e0 [ 54.043455][ C1] printk+0xba/0xed [ 54.043460][ C1] tty_port_close_start.part.0+0x503/0x550 [ 54.043465][ C1] tty_port_close+0x46/0x170 [ 54.043469][ C1] tty_release+0x45e/0x1210 [ 54.043474][ C1] __fput+0x288/0x920 [ 54.043478][ C1] task_work_run+0xdd/0x1a0 [ 54.043483][ C1] exit_to_user_mode_prepare+0x249/0x250 [ 54.043488][ C1] syscall_exit_to_user_mode+0x19/0x60 [ 54.043493][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.043498][ C1] [ 54.043501][ C1] other info that might help us debug this: [ 54.043505][ C1] [ 54.043508][ C1] Chain exists of: [ 54.043511][ C1] console_owner --> &port_lock_key --> &port->lock [ 54.043533][ C1] [ 54.043536][ C1] Possible unsafe locking scenario: [ 54.043540][ C1] [ 54.043543][ C1] CPU0 CPU1 [ 54.043548][ C1] ---- ---- [ 54.043552][ C1] lock(&port->lock); [ 54.043573][ C1] lock(&port_lock_key); [ 54.043585][ C1] lock(&port->lock); [ 54.043595][ C1] lock(console_owner); [ 54.043605][ C1] [ 54.043607][ C1] *** DEADLOCK *** [ 54.043610][ C1] [ 54.043613][ C1] 3 locks held by syz-executor482/8377: [ 54.043618][ C1] #0: ffff8881417751c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 54.043639][ C1] #1: ffffffff90106d38 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 54.043662][ C1] #2: ffffffff8bf63420 (console_lock){+.+.}-{0:0}, at: vprintk_func+0x8d/0x1e0 [ 54.043683][ C1] [ 54.043685][ C1] stack backtrace: [ 54.043690][ C1] CPU: 1 PID: 8377 Comm: syz-executor482 Not tainted 5.12.0-rc7-syzkaller #0 [ 54.043698][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.043705][ C1] Call Trace: [ 54.043708][ C1] dump_stack+0x141/0x1d7 [ 54.043712][ C1] check_noncircular+0x25f/0x2e0 [ 54.043717][ C1] ? stack_trace_consume_entry+0x160/0x160 [ 54.043722][ C1] ? print_circular_bug+0x480/0x480 [ 54.043726][ C1] ? memcpy+0x39/0x60 [ 54.043730][ C1] ? lockdep_lock+0xc6/0x200 [ 54.043734][ C1] ? call_rcu_zapped+0xb0/0xb0 [ 54.043738][ C1] __lock_acquire+0x2b14/0x54c0 [ 54.043743][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 54.043747][ C1] lock_acquire+0x1ab/0x740 [ 54.043752][ C1] ? console_unlock+0x2f2/0xc80 [ 54.043756][ C1] ? lock_release+0x720/0x720 [ 54.043760][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 54.043764][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 54.043769][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 54.043773][ C1] console_unlock+0x371/0xc80 [ 54.043777][ C1] ? console_unlock+0x2f2/0xc80 [ 54.043782][ C1] ? devkmsg_read+0x730/0x730 [ 54.043786][ C1] ? lock_release+0x720/0x720 [ 54.043790][ C1] ? vprintk_func+0x8d/0x1e0 [ 54.043794][ C1] vprintk_emit+0x1ca/0x560 [ 54.043798][ C1] vprintk_func+0x8d/0x1e0 [ 54.043802][ C1] printk+0xba/0xed [ 54.043806][ C1] ? record_print_text.cold+0x16/0x16 [ 54.043816][ C1] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 54.043821][ C1] tty_port_close_start.part.0+0x503/0x550 [ 54.043826][ C1] tty_port_close+0x46/0x170 [ 54.043830][ C1] ? tpk_open+0x60/0x60 [ 54.043833][ C1] tty_release+0x45e/0x1210 [ 54.043838][ C1] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 54.043843][ C1] __fput+0x288/0x920 [ 54.043847][ C1] ? tty_release_struct+0xe0/0xe0 [ 54.043851][ C1] task_work_run+0xdd/0x1a0 [ 54.043855][ C1] exit_to_user_mode_prepare+0x249/0x250 [ 54.043860][ C1] syscall_exit_to_user_mode+0x19/0x60 [ 54.043865][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 54.043870][ C1] RIP: 0033:0x40716b [ 54.043877][ C1] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 54.043890][ C1] RSP: 002b:00007fff4d7157f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 54.043900][ C1] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000040716b [ 54.043907][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 54.043914][ C1] RBP: 00000000004cb3fc R08: 0000000000000000 R09: 0000000000000020 [ 54.043921][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 00