=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.1.148-syzkaller #0 Not tainted
-----------------------------------------------------
kworker/u4:2/40 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8d5911f8 (disc_data_lock#4){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline]
ffffffff8d5911f8 (disc_data_lock#4){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397
and this task is already holding:
ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581
which would create a new lock dependency:
(&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#4){.+.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&port_lock_key){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932
serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981
serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:233 [inline]
__common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252
common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242
asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602
process_output_block drivers/tty/n_tty.c:586 [inline]
n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377
do_tty_write drivers/tty/tty_io.c:1018 [inline]
file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089
call_write_iter include/linux/fs.h:2265 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x44c/0x960 fs/read_write.c:584
ksys_write+0x143/0x240 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
to a HARDIRQ-irq-unsafe lock:
(disc_data_lock#4){.+.+}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(disc_data_lock#4);
local_irq_disable();
lock(&port_lock_key);
lock(disc_data_lock#4);
<Interrupt>
lock(&port_lock_key);
*** DEADLOCK ***
6 locks held by kworker/u4:2/40:
#0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
#1: ffffc90000b17d00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
#2: ffff888024590ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 drivers/tty/tty_buffer.c:537
#3: ffff888076472098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264
#4: ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581
#5: ffff888076472098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&port_lock_key){-.-.}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932
serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981
serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:233 [inline]
__common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252
common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242
asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602
process_output_block drivers/tty/n_tty.c:586 [inline]
n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377
do_tty_write drivers/tty/tty_io.c:1018 [inline]
file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089
call_write_iter include/linux/fs.h:2265 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x44c/0x960 fs/read_write.c:584
ksys_write+0x143/0x240 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
IN-SOFTIRQ-W at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932
serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981
serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:233 [inline]
__common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252
common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242
asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682
unwind_next_frame+0x10fa/0x20b0 arch/x86/kernel/unwind_orc.c:598
__unwind_start+0x5bb/0x740 arch/x86/kernel/unwind_orc.c:717
unwind_start arch/x86/include/asm/unwind.h:64 [inline]
arch_stack_walk+0xda/0x140 arch/x86/kernel/stacktrace.c:24
stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4b/0x70 mm/kasan/common.c:52
kasan_save_free_info+0x2d/0x50 mm/kasan/generic.c:516
____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_hook+0x131/0x1a0 mm/slub.c:1750
slab_free mm/slub.c:3661 [inline]
kmem_cache_free+0xf7/0x290 mm/slub.c:3683
rcu_do_batch kernel/rcu/tree.c:2297 [inline]
rcu_core+0x9c0/0x16a0 kernel/rcu/tree.c:2557
handle_softirqs+0x2a1/0x920 kernel/softirq.c:596
run_ksoftirqd+0x98/0xf0 kernel/softirq.c:963
smpboot_thread_fn+0x64a/0xa40 kernel/smpboot.c:164
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162
serial8250_do_set_termios+0x544/0x17d0 drivers/tty/serial/8250/8250_port.c:2795
uart_set_options+0x3c2/0x5d0 drivers/tty/serial/serial_core.c:2283
serial8250_console_setup+0x2ce/0x3a0 drivers/tty/serial/8250/8250_port.c:3537
univ8250_console_setup+0xe9/0x180 drivers/tty/serial/8250/8250_core.c:602
console_call_setup kernel/printk/printk.c:3063 [inline]
try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3104
register_console+0x1b0/0x9c0 kernel/printk/printk.c:3211
univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687
console_init+0x1bc/0x78e kernel/printk/printk.c:3359
start_kernel+0x303/0x539 init/main.c:1076
secondary_startup_64_no_verify+0xcf/0xdb
}
... key at: [<ffffffff96f6c400>] port_lock_key+0x0/0x20
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (disc_data_lock#4){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
SOFTIRQ-ON-R at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
INITIAL USE at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline]
_raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:326
sixpack_close+0x28/0x290 drivers/net/hamradio/6pack.c:653
tty_ldisc_kill+0xa6/0x1a0 drivers/tty/tty_ldisc.c:614
tty_ldisc_release+0x170/0x200 drivers/tty/tty_ldisc.c:782
tty_release_struct+0x26/0xd0 drivers/tty/tty_io.c:1689
tty_release+0xc72/0x1600 drivers/tty/tty_io.c:1860
__fput+0x22c/0x920 fs/file_table.c:320
task_work_run+0x1ca/0x250 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
INITIAL READ USE at:
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
}
... key at: [<ffffffff8d5911f8>] disc_data_lock+0x18/0x100
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524
tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71
serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854
__start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline]
serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676
__uart_start drivers/tty/serial/serial_core.c:139 [inline]
uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
stack backtrace:
CPU: 1 PID: 40 Comm: kworker/u4:2 Not tainted 6.1.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound flush_to_ldisc
Call Trace:
<TASK>
dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline]
check_irq_usage kernel/locking/lockdep.c:2843 [inline]
check_prev_add kernel/locking/lockdep.c:3094 [inline]
check_prevs_add kernel/locking/lockdep.c:3209 [inline]
validate_chain kernel/locking/lockdep.c:3825 [inline]
__lock_acquire+0x660b/0x7c50 kernel/locking/lockdep.c:5049
lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524
tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71
serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854
__start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline]
serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676
__uart_start drivers/tty/serial/serial_core.c:139 [inline]
uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461
tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39
receive_buf drivers/tty/tty_buffer.c:515 [inline]
flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565
process_one_work+0x898/0x1160 kernel/workqueue.c:2292
worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
kthread+0x29d/0x330 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>