======================================================
WARNING: possible circular locking dependency detected
5.17.0-rc5-next-20220222-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/3628 is trying to acquire lock:
ffff8880b9c395d8 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x366/0x1140 kernel/workqueue.c:1474
but task is already holding lock:
ffffffff9061a530 (&port_lock_key){-.-.}-{2:2}, at: serial8250_handle_irq.part.0+0x21/0x3d0 drivers/tty/serial/8250/8250_port.c:1916
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&port_lock_key){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
serial8250_console_write+0x91a/0xb70 drivers/tty/serial/8250/8250_port.c:3359
call_console_drivers kernel/printk/printk.c:1953 [inline]
console_unlock+0x9bc/0xdd0 kernel/printk/printk.c:2775
vprintk_emit+0x1b4/0x5f0 kernel/printk/printk.c:2273
vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
_printk+0xba/0xed kernel/printk/printk.c:2294
register_console kernel/printk/printk.c:3132 [inline]
register_console+0x410/0x7c0 kernel/printk/printk.c:3013
univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:679
console_init+0x3c1/0x58d kernel/printk/printk.c:3232
start_kernel+0x30b/0x4a0 init/main.c:1068
secondary_startup_64_no_verify+0xc3/0xcb
-> #1 (console_owner){....}-{0:0}:
console_lock_spinning_enable kernel/printk/printk.c:1795 [inline]
console_unlock+0x3b1/0xdd0 kernel/printk/printk.c:2772
vprintk_emit+0x1b4/0x5f0 kernel/printk/printk.c:2273
vprintk+0x80/0x90 kernel/printk/printk_safe.c:50
_printk+0xba/0xed kernel/printk/printk.c:2294
warn_flush_attempt kernel/workqueue.c:2613 [inline]
check_flush_dependency.cold+0x18/0x4e kernel/workqueue.c:2635
start_flush_work kernel/workqueue.c:3049 [inline]
__flush_work+0x25a/0xb10 kernel/workqueue.c:3091
flush_all_cpus_locked+0x148/0x1b0 mm/slub.c:2728
flush_all mm/slub.c:2737 [inline]
__kmem_cache_shrink+0x11/0x20 mm/slub.c:4640
acpi_os_purge_cache+0x11/0x20 drivers/acpi/osl.c:1666
acpi_purge_cached_objects+0x37/0xd0 drivers/acpi/acpica/utxface.c:237
acpi_initialize_objects+0x2b/0x95 drivers/acpi/acpica/utxfinit.c:250
acpi_bus_init drivers/acpi/bus.c:1237 [inline]
acpi_init+0x1d2/0x976 drivers/acpi/bus.c:1325
do_one_initcall+0x103/0x650 init/main.c:1302
do_initcall_level init/main.c:1375 [inline]
do_initcalls init/main.c:1391 [inline]
do_basic_setup init/main.c:1410 [inline]
kernel_init_freeable+0x6b1/0x73a init/main.c:1615
kernel_init+0x1a/0x1d0 init/main.c:1504
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
-> #0 (&pool->lock){-.-.}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3096 [inline]
check_prevs_add kernel/locking/lockdep.c:3219 [inline]
validate_chain kernel/locking/lockdep.c:3834 [inline]
__lock_acquire+0x2ac6/0x56c0 kernel/locking/lockdep.c:5060
lock_acquire kernel/locking/lockdep.c:5672 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5637
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
__queue_work+0x366/0x1140 kernel/workqueue.c:1474
queue_work_on+0xee/0x110 kernel/workqueue.c:1545
uart_handle_dcd_change+0x1e1/0x2b0 drivers/tty/serial/serial_core.c:3090
serial8250_modem_status+0x277/0x2c0 drivers/tty/serial/8250/8250_port.c:1880
serial8250_handle_irq.part.0+0xa1/0x3d0 drivers/tty/serial/8250/8250_port.c:1937
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1913 [inline]
serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1957
serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x22b/0x880 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0xa7/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:817
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
arch_atomic64_try_cmpxchg arch/x86/include/asm/atomic64_64.h:190 [inline]
arch_atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-long.h:443 [inline]
atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1781 [inline]
rwsem_write_trylock kernel/locking/rwsem.c:254 [inline]
__down_write_common kernel/locking/rwsem.c:1258 [inline]
__down_write kernel/locking/rwsem.c:1268 [inline]
down_write+0xc5/0x150 kernel/locking/rwsem.c:1515
inode_lock include/linux/fs.h:777 [inline]
__sock_release+0x86/0x280 net/socket.c:649
sock_close+0x18/0x20 net/socket.c:1318
__fput+0x286/0x9f0 fs/file_table.c:317
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:176 [inline]
exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:301
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Chain exists of:
&pool->lock --> console_owner --> &port_lock_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&port_lock_key);
lock(console_owner);
lock(&port_lock_key);
lock(&pool->lock);
*** DEADLOCK ***
4 locks held by syz-executor.1/3628:
#0: ffff88804485ca10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:777 [inline]
#0: ffff88804485ca10 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:649
#1: ffff888018bd8730 (&i->lock){-.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
#1: ffff888018bd8730 (&i->lock){-.-.}-{2:2}, at: serial8250_interrupt+0x3a/0x200 drivers/tty/serial/8250/8250_core.c:116
#2: ffffffff9061a530 (&port_lock_key){-.-.}-{2:2}, at: serial8250_handle_irq.part.0+0x21/0x3d0 drivers/tty/serial/8250/8250_port.c:1916
#3: ffffffff8bb866a0 (rcu_read_lock){....}-{1:2}, at: __queue_work+0xd0/0x1140 kernel/workqueue.c:1437
stack backtrace:
CPU: 0 PID: 3628 Comm: syz-executor.1 Not tainted 5.17.0-rc5-next-20220222-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2176
check_prev_add kernel/locking/lockdep.c:3096 [inline]
check_prevs_add kernel/locking/lockdep.c:3219 [inline]
validate_chain kernel/locking/lockdep.c:3834 [inline]
__lock_acquire+0x2ac6/0x56c0 kernel/locking/lockdep.c:5060
lock_acquire kernel/locking/lockdep.c:5672 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5637
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
__queue_work+0x366/0x1140 kernel/workqueue.c:1474
queue_work_on+0xee/0x110 kernel/workqueue.c:1545
uart_handle_dcd_change+0x1e1/0x2b0 drivers/tty/serial/serial_core.c:3090
serial8250_modem_status+0x277/0x2c0 drivers/tty/serial/8250/8250_port.c:1880
serial8250_handle_irq.part.0+0xa1/0x3d0 drivers/tty/serial/8250/8250_port.c:1937
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1913 [inline]
serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1957
serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x22b/0x880 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0xa7/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x25f/0xd00 kernel/irq/chip.c:817
generic_handle_irq_desc include/linux/irqdesc.h:158 [inline]
handle_irq arch/x86/kernel/irq.c:231 [inline]
__common_interrupt+0x9d/0x210 arch/x86/kernel/irq.c:250
common_interrupt+0xa4/0xc0 arch/x86/kernel/irq.c:240
asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629
RIP: 0010:arch_atomic64_try_cmpxchg arch/x86/include/asm/atomic64_64.h:190 [inline]
RIP: 0010:arch_atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-long.h:443 [inline]
RIP: 0010:atomic_long_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1781 [inline]
RIP: 0010:rwsem_write_trylock kernel/locking/rwsem.c:254 [inline]
RIP: 0010:__down_write_common kernel/locking/rwsem.c:1258 [inline]
RIP: 0010:__down_write kernel/locking/rwsem.c:1268 [inline]
RIP: 0010:down_write+0xc5/0x150 kernel/locking/rwsem.c:1515
Code: 24 28 00 00 00 00 e8 aa 89 6f f8 be 08 00 00 00 48 8d 7c 24 28 e8 9b 89 6f f8 ba 01 00 00 00 48 8b 44 24 28 f0 48 0f b1 55 00 <0f> 94 c0 5a 84 c0 74 5b 4c 8d 6d 08 be 08 00 00 00 4c 89 ef e8 72
RSP: 0018:ffffc9000418fd88 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff92000831fb2 RCX: ffffffff89515535
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000418fdb0
RBP: ffff88804485c9a0 R08: 0000000000000001 R09: ffffc9000418fdb7
R10: fffff52000831fb6 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88804485c820 R14: 0000000000000000 R15: ffff888010f96620
inode_lock include/linux/fs.h:777 [inline]
__sock_release+0x86/0x280 net/socket.c:649
sock_close+0x18/0x20 net/socket.c:1318
__fput+0x286/0x9f0 fs/file_table.c:317
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:176 [inline]
exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:301
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fe6d783bc9b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffec46accb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007ffec46acd50 RCX: 00007fe6d783bc9b
RDX: 0000000000000000 RSI: 00000017ecd3dda8 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: ff78736871746264
R10: 0000000000000010 R11: 0000000000000293 R12: 0000000000000032
R13: 000000000002b451 R14: 0000000000000001 R15: 00007ffec46acd90
----------------
Code disassembly (best guess):
0: 24 28 and $0x28,%al
2: 00 00 add %al,(%rax)
4: 00 00 add %al,(%rax)
6: e8 aa 89 6f f8 callq 0xf86f89b5
b: be 08 00 00 00 mov $0x8,%esi
10: 48 8d 7c 24 28 lea 0x28(%rsp),%rdi
15: e8 9b 89 6f f8 callq 0xf86f89b5
1a: ba 01 00 00 00 mov $0x1,%edx
1f: 48 8b 44 24 28 mov 0x28(%rsp),%rax
24: f0 48 0f b1 55 00 lock cmpxchg %rdx,0x0(%rbp)
* 2a: 0f 94 c0 sete %al <-- trapping instruction
2d: 5a pop %rdx
2e: 84 c0 test %al,%al
30: 74 5b je 0x8d
32: 4c 8d 6d 08 lea 0x8(%rbp),%r13
36: be 08 00 00 00 mov $0x8,%esi
3b: 4c 89 ef mov %r13,%rdi
3e: e8 .byte 0xe8
3f: 72 .byte 0x72