====================================================== WARNING: possible circular locking dependency detected 6.12.0-syzkaller-12128-gf788b5ef1ca9 #0 Not tainted ------------------------------------------------------ kworker/2:2/5314 is trying to acquire lock: ffff88801b0b10b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x72/0x310 drivers/tty/tty_buffer.c:229 but task is already holding lock: ffffffff8e1a8c40 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310 drivers/tty/vt/vt_ioctl.c:983 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (console_lock){+.+.}-{0:0}: console_lock+0x7a/0xa0 kernel/printk/printk.c:2833 con_flush_chars+0x5e/0x80 drivers/tty/vt/vt.c:3503 __receive_buf drivers/tty/n_tty.c:1644 [inline] n_tty_receive_buf_common+0xa99/0x1980 drivers/tty/n_tty.c:1739 tiocsti drivers/tty/tty_io.c:2299 [inline] tty_ioctl+0x575/0x15d0 drivers/tty/tty_io.c:2717 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&tty->termios_rwsem){++++}-{4:4}: down_write+0x93/0x200 kernel/locking/rwsem.c:1577 n_tty_flush_buffer+0x25/0x1b0 drivers/tty/n_tty.c:358 tty_buffer_flush+0x236/0x310 drivers/tty/tty_buffer.c:241 tty_ldisc_flush+0x64/0xe0 drivers/tty/tty_ldisc.c:388 tty_port_close_start+0x337/0x540 drivers/tty/tty_port.c:663 tty_port_close+0x26/0x160 drivers/tty/tty_port.c:718 tty_release+0x3a8/0x1410 drivers/tty/tty_io.c:1754 __fput+0x3f8/0xb60 fs/file_table.c:450 task_work_run+0x14e/0x250 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xadd/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 get_signal+0x24ed/0x26c0 kernel/signal.c:3017 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&buf->lock){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735 tty_buffer_flush+0x72/0x310 drivers/tty/tty_buffer.c:229 tty_ldisc_flush+0x64/0xe0 drivers/tty/tty_ldisc.c:388 __do_SAK+0x6a1/0x800 drivers/tty/tty_io.c:3038 vc_SAK+0x7f/0x310 drivers/tty/vt/vt_ioctl.c:993 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Chain exists of: &buf->lock --> &tty->termios_rwsem --> console_lock Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(console_lock); lock(&tty->termios_rwsem); lock(console_lock); lock(&buf->lock); *** DEADLOCK *** 4 locks held by kworker/2:2/5314: #0: ffff88801b088948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 kernel/workqueue.c:3204 #1: ffffc90025dd7d80 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 kernel/workqueue.c:3205 #2: ffffffff8e1a8c40 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310 drivers/tty/vt/vt_ioctl.c:983 #3: ffff8880509390a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref drivers/tty/tty_ldisc.c:263 [inline] #3: ffff8880509390a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x1c/0xe0 drivers/tty/tty_ldisc.c:386 stack backtrace: CPU: 2 UID: 0 PID: 5314 Comm: kworker/2:2 Not tainted 6.12.0-syzkaller-12128-gf788b5ef1ca9 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events vc_SAK Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain kernel/locking/lockdep.c:3904 [inline] __lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735 tty_buffer_flush+0x72/0x310 drivers/tty/tty_buffer.c:229 tty_ldisc_flush+0x64/0xe0 drivers/tty/tty_ldisc.c:388 __do_SAK+0x6a1/0x800 drivers/tty/tty_io.c:3038 vc_SAK+0x7f/0x310 drivers/tty/vt/vt_ioctl.c:993 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 tty tty1: SAK: killed process 10287 (syz.1.1439): by fd#13 tty tty1: SAK: killed process 10288 (syz.1.1439): by fd#13 tty tty1: SAK: killed process 10293 (syz.1.1439): by fd#13 tty tty1: SAK: killed process 10294 (syz.1.1439): by fd#13