[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. syzkaller login: [ 159.546852][ T8429] IPVS: ftp: loaded support on port[0] = 21 [ 159.672333][ T229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.680822][ T229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.692536][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready executing program [ 159.717022][ T297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.725786][ T297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.735964][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 159.751561][ T8429] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 159.761313][ C0] [ 159.761323][ C0] ====================================================== [ 159.761328][ C0] WARNING: possible circular locking dependency detected [ 159.761333][ C0] 5.11.0-syzkaller #0 Not tainted [ 159.761337][ C0] ------------------------------------------------------ [ 159.761342][ C0] syz-executor034/8429 is trying to acquire lock: [ 159.761347][ C0] ffffffff8bc82ca0 (console_owner){....}-{0:0}, at: console_unlock+0x2fb/0xbb0 [ 159.761364][ C0] [ 159.761367][ C0] but task is already holding lock: [ 159.761371][ C0] ffffffff906974f8 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 159.761386][ C0] [ 159.761389][ C0] which lock already depends on the new lock. [ 159.761393][ C0] [ 159.761395][ C0] [ 159.761398][ C0] the existing dependency chain (in reverse order) is: [ 159.761401][ C0] [ 159.761403][ C0] -> #2 (&port->lock){-.-.}-{2:2}: [ 159.761417][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 159.761421][ C0] tty_port_tty_get+0x1f/0x100 [ 159.761424][ C0] tty_port_default_wakeup+0x11/0x40 [ 159.761428][ C0] serial8250_tx_chars+0x487/0xa80 [ 159.761432][ C0] serial8250_handle_irq.part.0+0x328/0x3d0 [ 159.761437][ C0] serial8250_default_handle_irq+0xb2/0x220 [ 159.761441][ C0] serial8250_interrupt+0xfd/0x200 [ 159.761445][ C0] __handle_irq_event_percpu+0x303/0x8f0 [ 159.761449][ C0] handle_irq_event+0x102/0x290 [ 159.761452][ C0] handle_edge_irq+0x25f/0xd00 [ 159.761456][ C0] asm_call_irq_on_stack+0xf/0x20 [ 159.761460][ C0] common_interrupt+0x120/0x200 [ 159.761464][ C0] asm_common_interrupt+0x1e/0x40 [ 159.761468][ C0] acpi_idle_do_entry+0x1c9/0x250 [ 159.761471][ C0] acpi_idle_enter+0x361/0x500 [ 159.761475][ C0] cpuidle_enter_state+0x1b1/0xc80 [ 159.761479][ C0] cpuidle_enter+0x4a/0xa0 [ 159.761482][ C0] do_idle+0x3e1/0x590 [ 159.761485][ C0] cpu_startup_entry+0x14/0x20 [ 159.761489][ C0] start_secondary+0x274/0x350 [ 159.761493][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 159.761497][ C0] [ 159.761498][ C0] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 159.761512][ C0] _raw_spin_lock_irqsave+0x39/0x50 [ 159.761516][ C0] serial8250_console_write+0x880/0xa90 [ 159.761520][ C0] console_unlock+0x841/0xbb0 [ 159.761523][ C0] vprintk_emit+0x189/0x490 [ 159.761527][ C0] vprintk_func+0x8d/0x1e0 [ 159.761530][ C0] printk+0xba/0xed [ 159.761533][ C0] register_console+0x5d1/0x800 [ 159.761537][ C0] univ8250_console_init+0x3a/0x46 [ 159.761541][ C0] console_init+0x3c7/0x596 [ 159.761544][ C0] start_kernel+0x2fc/0x48c [ 159.761548][ C0] secondary_startup_64_no_verify+0xb0/0xbb [ 159.761552][ C0] [ 159.761554][ C0] -> #0 (console_owner){....}-{0:0}: [ 159.761567][ C0] __lock_acquire+0x2b26/0x54f0 [ 159.761571][ C0] lock_acquire+0x1a8/0x720 [ 159.761574][ C0] console_unlock+0x37a/0xbb0 [ 159.761578][ C0] vprintk_emit+0x189/0x490 [ 159.761581][ C0] vprintk_func+0x8d/0x1e0 [ 159.761585][ C0] printk+0xba/0xed [ 159.761588][ C0] tty_port_close_start.part.0+0x503/0x550 [ 159.761592][ C0] tty_port_close+0x46/0x170 [ 159.761596][ C0] tty_release+0x45e/0x1210 [ 159.761599][ C0] __fput+0x283/0x920 [ 159.761602][ C0] task_work_run+0xdd/0x190 [ 159.761606][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 159.761610][ C0] syscall_exit_to_user_mode+0x19/0x50 [ 159.761614][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 159.761618][ C0] [ 159.761621][ C0] other info that might help us debug this: [ 159.761624][ C0] [ 159.761626][ C0] Chain exists of: [ 159.761628][ C0] console_owner --> &port_lock_key --> &port->lock [ 159.761646][ C0] [ 159.761649][ C0] Possible unsafe locking scenario: [ 159.761652][ C0] [ 159.761654][ C0] CPU0 CPU1 [ 159.761658][ C0] ---- ---- [ 159.761661][ C0] lock(&port->lock); [ 159.761669][ C0] lock(&port_lock_key); [ 159.761678][ C0] lock(&port->lock); [ 159.761687][ C0] lock(console_owner); [ 159.761694][ C0] [ 159.761697][ C0] *** DEADLOCK *** [ 159.761699][ C0] [ 159.761702][ C0] 3 locks held by syz-executor034/8429: [ 159.761705][ C0] #0: ffff8881438d41c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 159.761722][ C0] #1: ffffffff906974f8 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 159.761740][ C0] #2: ffffffff8bd63020 (console_lock){+.+.}-{0:0}, at: vprintk_func+0x8d/0x1e0 [ 159.761757][ C0] [ 159.761760][ C0] stack backtrace: [ 159.761763][ C0] CPU: 0 PID: 8429 Comm: syz-executor034 Not tainted 5.11.0-syzkaller #0 [ 159.761775][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.761780][ C0] Call Trace: [ 159.761782][ C0] dump_stack+0x107/0x163 [ 159.761786][ C0] check_noncircular+0x25f/0x2e0 [ 159.761789][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 159.761793][ C0] ? print_circular_bug+0x480/0x480 [ 159.761796][ C0] ? memcpy+0x39/0x60 [ 159.761799][ C0] ? lockdep_lock+0xc6/0x200 [ 159.761803][ C0] ? call_rcu_zapped+0xb0/0xb0 [ 159.761806][ C0] __lock_acquire+0x2b26/0x54f0 [ 159.761810][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 159.761813][ C0] lock_acquire+0x1a8/0x720 [ 159.761816][ C0] ? console_unlock+0x2fb/0xbb0 [ 159.761820][ C0] ? lock_release+0x710/0x710 [ 159.761823][ C0] ? lock_downgrade+0x6d0/0x6d0 [ 159.761827][ C0] ? do_raw_spin_lock+0x120/0x2b0 [ 159.761830][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 159.761833][ C0] console_unlock+0x37a/0xbb0 [ 159.761837][ C0] ? console_unlock+0x2fb/0xbb0 [ 159.761840][ C0] ? devkmsg_read+0x740/0x740 [ 159.761843][ C0] ? lock_release+0x710/0x710 [ 159.761847][ C0] ? do_raw_spin_unlock+0x171/0x230 [ 159.761850][ C0] ? vprintk_func+0x8d/0x1e0 [ 159.761853][ C0] vprintk_emit+0x189/0x490 [ 159.761856][ C0] vprintk_func+0x8d/0x1e0 [ 159.761859][ C0] printk+0xba/0xed [ 159.761863][ C0] ? record_print_text.cold+0x16/0x16 [ 159.761866][ C0] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 159.761870][ C0] tty_port_close_start.part.0+0x503/0x550 [ 159.761874][ C0] tty_port_close+0x46/0x170 [ 159.761877][ C0] ? tpk_open+0x60/0x60 [ 159.761880][ C0] tty_release+0x45e/0x1210 [ 159.761883][ C0] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 159.761887][ C0] __fput+0x283/0x920 [ 159.761890][ C0] ? tty_release_struct+0xe0/0xe0 [ 159.761894][ C0] task_work_run+0xdd/0x190 [ 159.761897][ C0] exit_to_user_mode_prepare+0x249/0x250 [ 159.761901][ C0] syscall_exit_to_user_mode+0x19/0x50 [ 159.761905][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 159.761908][ C0] RIP: 0033:0x407abb [ 159.761914][ C0] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 159.761924][ C0] RSP: 002b:00007ffe9d8a04c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 159.761932][ C0] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000407abb [ 159.761937][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 159.761942][ C0] RBP: 00000000004cc4fc R08: 0000000000000000 R09: 0000000000000001 [ 159.761948][ C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 159.761953][ C0] R13: 00007ffe9d8a0560 R14: 0000000000000002 R15: 00007ffe9d8a05e0