===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.1.147-syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:9/7007 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8d590f58 (disc_data_lock#3){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline] ffffffff8d590f58 (disc_data_lock#3){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 and this task is already holding: ffffffff96f6bf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 which would create a new lock dependency: (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#3){.+.+}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 to a HARDIRQ-irq-unsafe lock: (disc_data_lock#3){.+.+}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(disc_data_lock#3); local_irq_disable(); lock(&port_lock_key); lock(disc_data_lock#3); lock(&port_lock_key); *** DEADLOCK *** 6 locks held by kworker/u4:9/7007: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #1: ffffc90003967d00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #2: ffff888024350ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 drivers/tty/tty_buffer.c:537 #3: ffff88807cd2d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 #4: ffffffff96f6bf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 #5: ffff88807cd2d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 IN-SOFTIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_console_write+0x169/0x17a0 drivers/tty/serial/8250/8250_port.c:3433 call_console_driver kernel/printk/printk.c:1977 [inline] console_emit_next_record+0x947/0xc90 kernel/printk/printk.c:2777 console_flush_all kernel/printk/printk.c:-1 [inline] console_unlock+0x223/0x630 kernel/printk/printk.c:2906 vprintk_emit+0x489/0x680 kernel/printk/printk.c:2303 dev_vprintk_emit+0x32d/0x3d3 drivers/base/core.c:4933 dev_printk_emit+0xdd/0x11d drivers/base/core.c:4944 _dev_warn+0x107/0x14e drivers/base/core.c:5000 __usb_hcd_giveback_urb+0x35f/0x520 drivers/usb/core/hcd.c:1675 dummy_timer+0x888/0x31b0 drivers/usb/gadget/udc/dummy_hcd.c:1994 __run_hrtimer kernel/time/hrtimer.c:1752 [inline] __hrtimer_run_queues+0x554/0xd60 kernel/time/hrtimer.c:1816 hrtimer_run_softirq+0x183/0x2a0 kernel/time/hrtimer.c:1833 handle_softirqs+0x2a1/0x920 kernel/softirq.c:596 __do_softirq kernel/softirq.c:630 [inline] invoke_softirq kernel/softirq.c:470 [inline] __irq_exit_rcu+0x12f/0x220 kernel/softirq.c:679 irq_exit_rcu+0x5/0x20 kernel/softirq.c:691 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline] sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691 lock_acquire+0x20f/0x490 kernel/locking/lockdep.c:5666 rcu_lock_acquire include/linux/rcupdate.h:350 [inline] rcu_read_lock_sched include/linux/rcupdate.h:883 [inline] pfn_valid+0xe9/0x420 include/linux/mmzone.h:1857 page_table_check_set+0x25/0x6d0 mm/page_table_check.c:108 page_table_check_pte_set include/linux/page_table_check.h:83 [inline] set_pte_at arch/x86/include/asm/pgtable.h:1009 [inline] copy_present_pte mm/memory.c:1000 [inline] copy_pte_range mm/memory.c:1091 [inline] copy_pmd_range mm/memory.c:1177 [inline] copy_pud_range mm/memory.c:1214 [inline] copy_p4d_range mm/memory.c:1238 [inline] copy_page_range+0x26b3/0x39e0 mm/memory.c:1336 dup_mmap kernel/fork.c:697 [inline] dup_mm kernel/fork.c:1541 [inline] copy_mm+0xde1/0x15c0 kernel/fork.c:1590 copy_process+0x1953/0x4020 kernel/fork.c:2351 kernel_clone+0x225/0x8b0 kernel/fork.c:2757 __do_sys_clone kernel/fork.c:2898 [inline] __se_sys_clone kernel/fork.c:2882 [inline] __x64_sys_clone+0x17c/0x1d0 kernel/fork.c:2882 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_do_set_termios+0x544/0x17d0 drivers/tty/serial/8250/8250_port.c:2795 uart_set_options+0x3c2/0x5d0 drivers/tty/serial/serial_core.c:2283 serial8250_console_setup+0x2ce/0x3a0 drivers/tty/serial/8250/8250_port.c:3537 univ8250_console_setup+0xe9/0x180 drivers/tty/serial/8250/8250_core.c:602 console_call_setup kernel/printk/printk.c:3063 [inline] try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3104 register_console+0x1b0/0x9c0 kernel/printk/printk.c:3211 univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687 console_init+0x1bc/0x78e kernel/printk/printk.c:3359 start_kernel+0x303/0x539 init/main.c:1076 secondary_startup_64_no_verify+0xcf/0xdb } ... key at: [] port_lock_key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (disc_data_lock#3){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 SOFTIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INITIAL READ USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_receive_buf+0x50/0x1430 drivers/net/hamradio/6pack.c:439 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 } ... key at: [] disc_data_lock+0x18/0x100 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 stack backtrace: CPU: 0 PID: 7007 Comm: kworker/u4:9 Not tainted 6.1.147-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: events_unbound flush_to_ldisc Call Trace: dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline] check_irq_usage kernel/locking/lockdep.c:2843 [inline] check_prev_add kernel/locking/lockdep.c:3094 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x660b/0x7c50 kernel/locking/lockdep.c:5049 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295