===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.1.148-syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:2/40 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8d5911f8 (disc_data_lock#4){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline] ffffffff8d5911f8 (disc_data_lock#4){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 and this task is already holding: ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 which would create a new lock dependency: (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#4){.+.+}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 to a HARDIRQ-irq-unsafe lock: (disc_data_lock#4){.+.+}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(disc_data_lock#4); local_irq_disable(); lock(&port_lock_key); lock(disc_data_lock#4); lock(&port_lock_key); *** DEADLOCK *** 6 locks held by kworker/u4:2/40: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #1: ffffc90000b17d00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #2: ffff888024590ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 drivers/tty/tty_buffer.c:537 #3: ffff888076472098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 #4: ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 #5: ffff888076472098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 IN-SOFTIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 unwind_next_frame+0x10fa/0x20b0 arch/x86/kernel/unwind_orc.c:598 __unwind_start+0x5bb/0x740 arch/x86/kernel/unwind_orc.c:717 unwind_start arch/x86/include/asm/unwind.h:64 [inline] arch_stack_walk+0xda/0x140 arch/x86/kernel/stacktrace.c:24 stack_trace_save+0x98/0xe0 kernel/stacktrace.c:122 kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x2d/0x50 mm/kasan/generic.c:516 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1724 [inline] slab_free_freelist_hook+0x131/0x1a0 mm/slub.c:1750 slab_free mm/slub.c:3661 [inline] kmem_cache_free+0xf7/0x290 mm/slub.c:3683 rcu_do_batch kernel/rcu/tree.c:2297 [inline] rcu_core+0x9c0/0x16a0 kernel/rcu/tree.c:2557 handle_softirqs+0x2a1/0x920 kernel/softirq.c:596 run_ksoftirqd+0x98/0xf0 kernel/softirq.c:963 smpboot_thread_fn+0x64a/0xa40 kernel/smpboot.c:164 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_do_set_termios+0x544/0x17d0 drivers/tty/serial/8250/8250_port.c:2795 uart_set_options+0x3c2/0x5d0 drivers/tty/serial/serial_core.c:2283 serial8250_console_setup+0x2ce/0x3a0 drivers/tty/serial/8250/8250_port.c:3537 univ8250_console_setup+0xe9/0x180 drivers/tty/serial/8250/8250_core.c:602 console_call_setup kernel/printk/printk.c:3063 [inline] try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3104 register_console+0x1b0/0x9c0 kernel/printk/printk.c:3211 univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687 console_init+0x1bc/0x78e kernel/printk/printk.c:3359 start_kernel+0x303/0x539 init/main.c:1076 secondary_startup_64_no_verify+0xcf/0xdb } ... key at: [] port_lock_key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (disc_data_lock#4){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 SOFTIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:326 sixpack_close+0x28/0x290 drivers/net/hamradio/6pack.c:653 tty_ldisc_kill+0xa6/0x1a0 drivers/tty/tty_ldisc.c:614 tty_ldisc_release+0x170/0x200 drivers/tty/tty_ldisc.c:782 tty_release_struct+0x26/0xd0 drivers/tty/tty_io.c:1689 tty_release+0xc72/0x1600 drivers/tty/tty_io.c:1860 __fput+0x22c/0x920 fs/file_table.c:320 task_work_run+0x1ca/0x250 kernel/task_work.c:203 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL READ USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 } ... key at: [] disc_data_lock+0x18/0x100 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 stack backtrace: CPU: 1 PID: 40 Comm: kworker/u4:2 Not tainted 6.1.148-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: events_unbound flush_to_ldisc Call Trace: dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline] check_irq_usage kernel/locking/lockdep.c:2843 [inline] check_prev_add kernel/locking/lockdep.c:3094 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x660b/0x7c50 kernel/locking/lockdep.c:5049 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295