======================================================
WARNING: possible circular locking dependency detected
5.11.0-syzkaller #0 Not tainted
------------------------------------------------------
kworker/1:3/2444 is trying to acquire lock:
ffff8881000608b8 (&buf->lock){+.+.}-{3:3}, at: tty_buffer_flush+0x2a/0x90 drivers/tty/tty_buffer.c:227

but task is already holding lock:
ffffffff837e8b60 (console_lock){+.+.}-{0:0}, at: vc_SAK+0xa/0x40 drivers/tty/vt/vt_ioctl.c:1044

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (console_lock){+.+.}-{0:0}:
       console_lock+0x2a/0x50 kernel/printk/printk.c:2387
       con_flush_chars drivers/tty/vt/vt.c:3332 [inline]
       con_flush_chars+0x18/0x30 drivers/tty/vt/vt.c:3324
       __receive_buf drivers/tty/n_tty.c:1651 [inline]
       n_tty_receive_buf_common+0x2e1/0xc60 drivers/tty/n_tty.c:1744
       tty_port_default_receive_buf+0x38/0x60 drivers/tty/tty_port.c:38
       receive_buf drivers/tty/tty_buffer.c:481 [inline]
       flush_to_ldisc+0x86/0xd0 drivers/tty/tty_buffer.c:533
       process_one_work+0x289/0x540 kernel/workqueue.c:2275
       worker_thread+0x4d/0x330 kernel/workqueue.c:2421
       kthread+0x127/0x140 kernel/kthread.c:292
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

-> #1 (&tty->termios_rwsem){++++}-{3:3}:
       down_read+0x23/0xc0 kernel/locking/rwsem.c:1353
       n_tty_receive_buf_common+0x43/0xc60 drivers/tty/n_tty.c:1707
       tty_port_default_receive_buf+0x38/0x60 drivers/tty/tty_port.c:38
       receive_buf drivers/tty/tty_buffer.c:481 [inline]
       flush_to_ldisc+0x86/0xd0 drivers/tty/tty_buffer.c:533
       process_one_work+0x289/0x540 kernel/workqueue.c:2275
       worker_thread+0x4d/0x330 kernel/workqueue.c:2421
       kthread+0x127/0x140 kernel/kthread.c:292
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

-> #0 (&buf->lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:2868 [inline]
       check_prevs_add kernel/locking/lockdep.c:2993 [inline]
       validate_chain kernel/locking/lockdep.c:3608 [inline]
       __lock_acquire+0x10e3/0x1aa0 kernel/locking/lockdep.c:4832
       lock_acquire kernel/locking/lockdep.c:5442 [inline]
       lock_acquire+0xbf/0x3b0 kernel/locking/lockdep.c:5407
       __mutex_lock_common kernel/locking/mutex.c:956 [inline]
       __mutex_lock+0x62/0x620 kernel/locking/mutex.c:1103
       tty_buffer_flush+0x2a/0x90 drivers/tty/tty_buffer.c:227
       tty_ldisc_flush+0x2e/0x60 drivers/tty/tty_ldisc.c:414
       __do_SAK.part.0+0x156/0x1a0 drivers/tty/tty_io.c:2928
       vc_SAK+0x24/0x40 drivers/tty/vt/vt_ioctl.c:1054
       process_one_work+0x289/0x540 kernel/workqueue.c:2275
       worker_thread+0x4d/0x330 kernel/workqueue.c:2421
       kthread+0x127/0x140 kernel/kthread.c:292
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

other info that might help us debug this:

Chain exists of:
  &buf->lock --> &tty->termios_rwsem --> console_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(console_lock);
                               lock(&tty->termios_rwsem);
                               lock(console_lock);
  lock(&buf->lock);

 *** DEADLOCK ***

4 locks held by kworker/1:3/2444:
 #0: ffff888100056738 ((wq_completion)events){+.+.}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline]
 #0: ffff888100056738 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1f2/0x540 kernel/workqueue.c:2238
 #1: ffffc900037cfe70 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: wake_up_worker kernel/workqueue.c:837 [inline]
 #1: ffffc900037cfe70 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work+0x1f2/0x540 kernel/workqueue.c:2238
 #2: ffffffff837e8b60 (console_lock){+.+.}-{0:0}, at: vc_SAK+0xa/0x40 drivers/tty/vt/vt_ioctl.c:1044
 #3: ffff88812791c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref drivers/tty/tty_ldisc.c:287 [inline]
 #3: ffff88812791c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x13/0x60 drivers/tty/tty_ldisc.c:412

stack backtrace:
CPU: 1 PID: 2444 Comm: kworker/1:3 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: events vc_SAK
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x77/0x97 lib/dump_stack.c:120
 check_noncircular+0xcc/0xe0 kernel/locking/lockdep.c:2117
 check_prev_add kernel/locking/lockdep.c:2868 [inline]
 check_prevs_add kernel/locking/lockdep.c:2993 [inline]
 validate_chain kernel/locking/lockdep.c:3608 [inline]
 __lock_acquire+0x10e3/0x1aa0 kernel/locking/lockdep.c:4832
 lock_acquire kernel/locking/lockdep.c:5442 [inline]
 lock_acquire+0xbf/0x3b0 kernel/locking/lockdep.c:5407
 __mutex_lock_common kernel/locking/mutex.c:956 [inline]
 __mutex_lock+0x62/0x620 kernel/locking/mutex.c:1103
 tty_buffer_flush+0x2a/0x90 drivers/tty/tty_buffer.c:227
 tty_ldisc_flush+0x2e/0x60 drivers/tty/tty_ldisc.c:414
 __do_SAK.part.0+0x156/0x1a0 drivers/tty/tty_io.c:2928
 vc_SAK+0x24/0x40 drivers/tty/vt/vt_ioctl.c:1054
 process_one_work+0x289/0x540 kernel/workqueue.c:2275
 worker_thread+0x4d/0x330 kernel/workqueue.c:2421
 kthread+0x127/0x140 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
tty tty1: SAK: killed process 5101 (syz.2.18): by fd#4
tty tty1: SAK: killed process 5102 (syz.2.18): by fd#4
tty tty1: SAK: killed process 5161 (syz.2.18): by fd#4
usb 6-1: USB disconnect, device number 2
usb 6-1: new high-speed USB device number 3 using dummy_hcd
usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 6-1: config 0 descriptor??
keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor
input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0009/input/input12
keytouch 0003:0926:3333.0009: input,hidraw4: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
usb 4-1: USB disconnect, device number 3
usb 4-1: new high-speed USB device number 4 using dummy_hcd
usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 4-1: config 0 descriptor??
keytouch 0003:0926:3333.000D: fixing up Keytouch IEC report descriptor
input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.000D/input/input16
keytouch 0003:0926:3333.000D: input,hidraw2: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
tty tty1: SAK: killed process 5185 (syz.2.26): by fd#4
tty tty1: SAK: killed process 5186 (syz.2.26): by fd#4
tty tty1: SAK: killed process 5195 (syz.2.26): by fd#4
usb 3-1: USB disconnect, device number 4
usb 3-1: new high-speed USB device number 5 using dummy_hcd
usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 3-1: config 0 descriptor??
keytouch 0003:0926:3333.0010: fixing up Keytouch IEC report descriptor
input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0010/input/input19
keytouch 0003:0926:3333.0010: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0