===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:1/11 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8d5910f8 (disc_data_lock){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline] ffffffff8d5910f8 (disc_data_lock){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 and this task is already holding: ffffffff96f70fa8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 which would create a new lock dependency: (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock){.+.+}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 to a HARDIRQ-irq-unsafe lock: (disc_data_lock){.+.+}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 tty_ldisc_hangup+0xd6/0x4a0 drivers/tty/tty_ldisc.c:701 __tty_hangup+0x3e5/0x620 drivers/tty/tty_io.c:631 tty_vhangup drivers/tty/tty_io.c:701 [inline] tty_ioctl+0x430/0xba0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(disc_data_lock); local_irq_disable(); lock(&port_lock_key); lock(disc_data_lock); lock(&port_lock_key); *** DEADLOCK *** 6 locks held by kworker/u4:1/11: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #1: ffffc90000107d00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #2: ffff888023d90ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 drivers/tty/tty_buffer.c:537 #3: ffff888056b38098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 #4: ffffffff96f70fa8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 #5: ffff888056b38098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 IN-SOFTIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 invoke_rcu_core+0x67/0x240 kernel/rcu/tree.c:2604 rcu_core+0x104e/0x16a0 kernel/rcu/tree.c:2560 handle_softirqs+0x2a1/0x920 kernel/softirq.c:596 run_ksoftirqd+0x98/0xf0 kernel/softirq.c:963 smpboot_thread_fn+0x64a/0xa40 kernel/smpboot.c:164 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_do_set_termios+0x544/0x17d0 drivers/tty/serial/8250/8250_port.c:2794 uart_set_options+0x3c2/0x5d0 drivers/tty/serial/serial_core.c:2283 serial8250_console_setup+0x2ce/0x3a0 drivers/tty/serial/8250/8250_port.c:3536 univ8250_console_setup+0xe9/0x180 drivers/tty/serial/8250/8250_core.c:602 console_call_setup kernel/printk/printk.c:3063 [inline] try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3104 register_console+0x1b0/0x9c0 kernel/printk/printk.c:3211 univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687 console_init+0x1bc/0x78e kernel/printk/printk.c:3359 start_kernel+0x303/0x539 init/main.c:1076 secondary_startup_64_no_verify+0xcf/0xdb } ... key at: [] port_lock_key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (disc_data_lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 tty_ldisc_hangup+0xd6/0x4a0 drivers/tty/tty_ldisc.c:701 __tty_hangup+0x3e5/0x620 drivers/tty/tty_io.c:631 tty_vhangup drivers/tty/tty_io.c:701 [inline] tty_ioctl+0x430/0xba0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 SOFTIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 tty_ldisc_hangup+0xd6/0x4a0 drivers/tty/tty_ldisc.c:701 __tty_hangup+0x3e5/0x620 drivers/tty/tty_io.c:631 tty_vhangup drivers/tty/tty_io.c:701 [inline] tty_ioctl+0x430/0xba0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:326 sixpack_close+0x28/0x290 drivers/net/hamradio/6pack.c:653 tty_ldisc_kill+0xa6/0x1a0 drivers/tty/tty_ldisc.c:614 tty_ldisc_hangup+0x392/0x4a0 drivers/tty/tty_ldisc.c:730 __tty_hangup+0x3e5/0x620 drivers/tty/tty_io.c:631 tty_vhangup drivers/tty/tty_io.c:701 [inline] tty_ioctl+0x430/0xba0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL READ USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 tty_ldisc_hangup+0xd6/0x4a0 drivers/tty/tty_ldisc.c:701 __tty_hangup+0x3e5/0x620 drivers/tty/tty_io.c:631 tty_vhangup drivers/tty/tty_io.c:701 [inline] tty_ioctl+0x430/0xba0 drivers/tty/tty_io.c:2716 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 } ... key at: [] disc_data_lock+0x18/0x100 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 stack backtrace: CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: events_unbound flush_to_ldisc Call Trace: dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline] check_irq_usage kernel/locking/lockdep.c:2843 [inline] check_prev_add kernel/locking/lockdep.c:3094 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x660b/0x7c50 kernel/locking/lockdep.c:5049 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295