Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.56' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 57.176673][ T8475] IPVS: ftp: loaded support on port[0] = 21 [ 57.214023][ T8475] ttyprintk ttyprintk: tty_port_close_start: tty->count = 1 port count = 2 [ 57.224033][ C1] [ 57.224042][ C1] ====================================================== [ 57.224047][ C1] WARNING: possible circular locking dependency detected [ 57.224052][ C1] 5.11.0-rc6-syzkaller #0 Not tainted [ 57.224056][ C1] ------------------------------------------------------ [ 57.224061][ C1] syz-executor409/8475 is trying to acquire lock: [ 57.224065][ C1] ffffffff8b282c60 (console_owner){....}-{0:0}, at: console_unlock+0x2fb/0xbb0 [ 57.224083][ C1] [ 57.224086][ C1] but task is already holding lock: [ 57.224089][ C1] ffffffff8fc97778 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 57.224105][ C1] [ 57.224107][ C1] which lock already depends on the new lock. [ 57.224111][ C1] [ 57.224113][ C1] [ 57.224116][ C1] the existing dependency chain (in reverse order) is: [ 57.224119][ C1] [ 57.224121][ C1] -> #2 (&port->lock){-.-.}-{2:2}: [ 57.224134][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 57.224138][ C1] tty_port_tty_get+0x1f/0x100 [ 57.224142][ C1] tty_port_default_wakeup+0x11/0x40 [ 57.224146][ C1] serial8250_tx_chars+0x487/0xa80 [ 57.224150][ C1] serial8250_handle_irq.part.0+0x328/0x3d0 [ 57.224154][ C1] serial8250_default_handle_irq+0xb2/0x220 [ 57.224158][ C1] serial8250_interrupt+0xfd/0x200 [ 57.224162][ C1] __handle_irq_event_percpu+0x303/0x8f0 [ 57.224166][ C1] handle_irq_event+0x102/0x290 [ 57.224170][ C1] handle_edge_irq+0x25f/0xd00 [ 57.224173][ C1] asm_call_irq_on_stack+0xf/0x20 [ 57.224177][ C1] common_interrupt+0x120/0x200 [ 57.224181][ C1] asm_common_interrupt+0x1e/0x40 [ 57.224185][ C1] acpi_idle_do_entry+0x1c9/0x250 [ 57.224188][ C1] acpi_idle_enter+0x361/0x500 [ 57.224192][ C1] cpuidle_enter_state+0x1b1/0xc80 [ 57.224196][ C1] cpuidle_enter+0x4a/0xa0 [ 57.224199][ C1] do_idle+0x3e1/0x590 [ 57.224202][ C1] cpu_startup_entry+0x14/0x20 [ 57.224206][ C1] start_secondary+0x274/0x350 [ 57.224210][ C1] secondary_startup_64_no_verify+0xb0/0xbb [ 57.224213][ C1] [ 57.224215][ C1] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 57.224228][ C1] _raw_spin_lock_irqsave+0x39/0x50 [ 57.224232][ C1] serial8250_console_write+0x880/0xa90 [ 57.224236][ C1] console_unlock+0x841/0xbb0 [ 57.224239][ C1] vprintk_emit+0x189/0x490 [ 57.224243][ C1] vprintk_func+0x8d/0x1e0 [ 57.224246][ C1] printk+0xba/0xed [ 57.224249][ C1] register_console+0x5d1/0x800 [ 57.224253][ C1] univ8250_console_init+0x3a/0x46 [ 57.224257][ C1] console_init+0x3c7/0x596 [ 57.224260][ C1] start_kernel+0x2fc/0x48c [ 57.224264][ C1] secondary_startup_64_no_verify+0xb0/0xbb [ 57.224267][ C1] [ 57.224269][ C1] -> #0 (console_owner){....}-{0:0}: [ 57.224282][ C1] __lock_acquire+0x2b26/0x54f0 [ 57.224286][ C1] lock_acquire+0x1a8/0x720 [ 57.224289][ C1] console_unlock+0x37a/0xbb0 [ 57.224293][ C1] vprintk_emit+0x189/0x490 [ 57.224296][ C1] vprintk_func+0x8d/0x1e0 [ 57.224300][ C1] printk+0xba/0xed [ 57.224303][ C1] tty_port_close_start.part.0+0x503/0x550 [ 57.224307][ C1] tty_port_close+0x46/0x170 [ 57.224311][ C1] tty_release+0x45e/0x1210 [ 57.224314][ C1] __fput+0x283/0x920 [ 57.224317][ C1] task_work_run+0xdd/0x190 [ 57.224321][ C1] exit_to_user_mode_prepare+0x249/0x250 [ 57.224325][ C1] syscall_exit_to_user_mode+0x19/0x50 [ 57.224329][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.224332][ C1] [ 57.224335][ C1] other info that might help us debug this: [ 57.224338][ C1] [ 57.224340][ C1] Chain exists of: [ 57.224343][ C1] console_owner --> &port_lock_key --> &port->lock [ 57.224361][ C1] [ 57.224363][ C1] Possible unsafe locking scenario: [ 57.224366][ C1] [ 57.224368][ C1] CPU0 CPU1 [ 57.224372][ C1] ---- ---- [ 57.224375][ C1] lock(&port->lock); [ 57.224383][ C1] lock(&port_lock_key); [ 57.224392][ C1] lock(&port->lock); [ 57.224400][ C1] lock(console_owner); [ 57.224408][ C1] [ 57.224410][ C1] *** DEADLOCK *** [ 57.224412][ C1] [ 57.224415][ C1] 3 locks held by syz-executor409/8475: [ 57.224418][ C1] #0: ffff8880196951c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_lock+0xbd/0x120 [ 57.224435][ C1] #1: ffffffff8fc97778 (&port->lock){-.-.}-{2:2}, at: tty_port_close_start.part.0+0x28/0x550 [ 57.224453][ C1] #2: ffffffff8b362fe0 (console_lock){+.+.}-{0:0}, at: vprintk_func+0x8d/0x1e0 [ 57.224470][ C1] [ 57.224472][ C1] stack backtrace: [ 57.224475][ C1] CPU: 1 PID: 8475 Comm: syz-executor409 Not tainted 5.11.0-rc6-syzkaller #0 [ 57.224481][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.224486][ C1] Call Trace: [ 57.224489][ C1] dump_stack+0x107/0x163 [ 57.224492][ C1] check_noncircular+0x25f/0x2e0 [ 57.224495][ C1] ? stack_trace_consume_entry+0x160/0x160 [ 57.224499][ C1] ? print_circular_bug+0x480/0x480 [ 57.224503][ C1] ? memcpy+0x39/0x60 [ 57.224505][ C1] ? lockdep_lock+0xc6/0x200 [ 57.224509][ C1] ? call_rcu_zapped+0xb0/0xb0 [ 57.224512][ C1] __lock_acquire+0x2b26/0x54f0 [ 57.224516][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 57.224519][ C1] lock_acquire+0x1a8/0x720 [ 57.224522][ C1] ? console_unlock+0x2fb/0xbb0 [ 57.224526][ C1] ? lock_release+0x710/0x710 [ 57.224529][ C1] ? lock_downgrade+0x6d0/0x6d0 [ 57.224532][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 57.224536][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 57.224539][ C1] console_unlock+0x37a/0xbb0 [ 57.224542][ C1] ? console_unlock+0x2fb/0xbb0 [ 57.224546][ C1] ? devkmsg_read+0x740/0x740 [ 57.224549][ C1] ? lock_release+0x710/0x710 [ 57.224552][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 57.224556][ C1] ? vprintk_func+0x8d/0x1e0 [ 57.224559][ C1] vprintk_emit+0x189/0x490 [ 57.224562][ C1] vprintk_func+0x8d/0x1e0 [ 57.224565][ C1] printk+0xba/0xed [ 57.224568][ C1] ? record_print_text.cold+0x16/0x16 [ 57.224572][ C1] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 57.224576][ C1] tty_port_close_start.part.0+0x503/0x550 [ 57.224579][ C1] tty_port_close+0x46/0x170 [ 57.224582][ C1] ? tpk_open+0x60/0x60 [ 57.224585][ C1] tty_release+0x45e/0x1210 [ 57.224589][ C1] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80 [ 57.224593][ C1] __fput+0x283/0x920 [ 57.224596][ C1] ? tty_release_struct+0xe0/0xe0 [ 57.224599][ C1] task_work_run+0xdd/0x190 [ 57.224602][ C1] exit_to_user_mode_prepare+0x249/0x250 [ 57.224606][ C1] syscall_exit_to_user_mode+0x19/0x50 [ 57.224610][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.224613][ C1] RIP: 0033:0x4066cb [ 57.224619][ C1] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44 [ 57.224629][ C1] RSP: 002b:00007ffe1fb753d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 57.224637][ C1] RAX: 0000000000000000 RBX: 0000000000