===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected syzkaller #0 Not tainted ----------------------------------------------------- kworker/u4:20/9437 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8d591558 (disc_data_lock#2){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline] ffffffff8d591558 (disc_data_lock#2){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 and this task is already holding: ffffffff96f70fa8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 which would create a new lock dependency: (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#2){.+.+}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 to a HARDIRQ-irq-unsafe lock: (disc_data_lock#2){.+.+}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_ioctl+0x81/0x540 drivers/net/hamradio/6pack.c:689 tty_ioctl+0x87c/0xba0 drivers/tty/tty_io.c:2785 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(disc_data_lock#2); local_irq_disable(); lock(&port_lock_key); lock(disc_data_lock#2); lock(&port_lock_key); *** DEADLOCK *** 6 locks held by kworker/u4:20/9437: #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #1: ffffc900039ffd00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267 #2: ffff888024660ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 drivers/tty/tty_buffer.c:537 #3: ffff88805abb8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 #4: ffffffff96f70fa8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 drivers/tty/serial/serial_core.c:581 #5: ffff88805abb8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:264 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_write+0x68a/0x910 drivers/tty/serial/serial_core.c:602 process_output_block drivers/tty/n_tty.c:586 [inline] n_tty_write+0xd1a/0x11c0 drivers/tty/n_tty.c:2377 do_tty_write drivers/tty/tty_io.c:1018 [inline] file_tty_write+0x4dd/0x860 drivers/tty/tty_io.c:1089 call_write_iter include/linux/fs.h:2265 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x44c/0x960 fs/read_write.c:584 ksys_write+0x143/0x240 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 IN-SOFTIRQ-W at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_handle_irq+0x7a/0x6d0 drivers/tty/serial/8250/8250_port.c:1932 serial8250_default_handle_irq+0xb4/0x1a0 drivers/tty/serial/8250/8250_port.c:1981 serial8250_interrupt+0x9b/0x1c0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x298/0xa30 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0x87/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x243/0xb20 kernel/irq/chip.c:819 generic_handle_irq_desc include/linux/irqdesc.h:158 [inline] handle_irq arch/x86/kernel/irq.c:233 [inline] __common_interrupt+0xd7/0x1e0 arch/x86/kernel/irq.c:252 common_interrupt+0x59/0xd0 arch/x86/kernel/irq.c:242 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:682 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194 __mod_timer+0x91e/0xd00 kernel/time/timer.c:1134 call_timer_fn+0x1a0/0x670 kernel/time/timer.c:1700 expire_timers kernel/time/timer.c:1751 [inline] __run_timers+0x529/0x7d0 kernel/time/timer.c:2022 handle_softirqs+0x2a1/0x920 kernel/softirq.c:596 __do_softirq kernel/softirq.c:630 [inline] invoke_softirq kernel/softirq.c:470 [inline] __irq_exit_rcu+0x12f/0x220 kernel/softirq.c:679 irq_exit_rcu+0x5/0x20 kernel/softirq.c:691 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline] sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691 tomoyo_cred_prepare+0x0/0x140 security_prepare_creds+0xef/0x130 security/security.c:1743 prepare_creds+0x450/0x610 kernel/cred.c:291 prepare_exec_creds+0x14/0x220 kernel/cred.c:311 prepare_bprm_creds fs/exec.c:1503 [inline] bprm_execve+0xf1/0x18a0 fs/exec.c:1842 do_execveat_common+0x51b/0x6c0 fs/exec.c:1979 do_execve fs/exec.c:2053 [inline] __do_sys_execve fs/exec.c:2129 [inline] __se_sys_execve fs/exec.c:2124 [inline] __x64_sys_execve+0x8e/0xa0 fs/exec.c:2124 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa4/0xf0 kernel/locking/spinlock.c:162 serial8250_do_set_termios+0x544/0x17d0 drivers/tty/serial/8250/8250_port.c:2794 uart_set_options+0x3c2/0x5d0 drivers/tty/serial/serial_core.c:2283 serial8250_console_setup+0x2ce/0x3a0 drivers/tty/serial/8250/8250_port.c:3536 univ8250_console_setup+0xe9/0x180 drivers/tty/serial/8250/8250_core.c:602 console_call_setup kernel/printk/printk.c:3063 [inline] try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3104 register_console+0x1b0/0x9c0 kernel/printk/printk.c:3211 univ8250_console_init+0x41/0x43 drivers/tty/serial/8250/8250_core.c:687 console_init+0x1bc/0x78e kernel/printk/printk.c:3359 start_kernel+0x303/0x539 init/main.c:1088 secondary_startup_64_no_verify+0xcf/0xdb } ... key at: [] port_lock_key+0x0/0x20 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (disc_data_lock#2){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_ioctl+0x81/0x540 drivers/net/hamradio/6pack.c:689 tty_ioctl+0x87c/0xba0 drivers/tty/tty_io.c:2785 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 SOFTIRQ-ON-R at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_ioctl+0x81/0x540 drivers/net/hamradio/6pack.c:689 tty_ioctl+0x87c/0xba0 drivers/tty/tty_io.c:2785 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:326 sixpack_close+0x28/0x290 drivers/net/hamradio/6pack.c:653 tty_ldisc_kill+0xa6/0x1a0 drivers/tty/tty_ldisc.c:614 tty_ldisc_release+0x1a0/0x200 drivers/tty/tty_ldisc.c:782 tty_release_struct+0x26/0xd0 drivers/tty/tty_io.c:1689 tty_release+0xc72/0x1600 drivers/tty/tty_io.c:1860 __fput+0x22c/0x920 fs/file_table.c:320 task_work_run+0x1ca/0x250 kernel/task_work.c:203 get_signal+0x11a6/0x1350 kernel/signal.c:2648 arch_do_signal_or_restart+0xb7/0x1240 arch/x86/kernel/signal.c:871 exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174 exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline] syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:87 entry_SYSCALL_64_after_hwframe+0x68/0xd2 INITIAL READ USE at: lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_ioctl+0x81/0x540 drivers/net/hamradio/6pack.c:689 tty_ioctl+0x87c/0xba0 drivers/tty/tty_io.c:2785 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 } ... key at: [] disc_data_lock+0x18/0x100 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 stack backtrace: CPU: 1 PID: 9437 Comm: kworker/u4:20 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 Workqueue: events_unbound flush_to_ldisc Call Trace: dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2604 [inline] check_irq_usage kernel/locking/lockdep.c:2843 [inline] check_prev_add kernel/locking/lockdep.c:3094 [inline] check_prevs_add kernel/locking/lockdep.c:3209 [inline] validate_chain kernel/locking/lockdep.c:3825 [inline] __lock_acquire+0x660b/0x7c50 kernel/locking/lockdep.c:5049 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x32/0x40 kernel/locking/spinlock.c:228 sp_get drivers/net/hamradio/6pack.c:376 [inline] sixpack_write_wakeup+0x2c/0x460 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xb4/0xf0 drivers/tty/tty_io.c:524 tty_port_default_wakeup+0x9e/0xf0 drivers/tty/tty_port.c:71 serial8250_tx_chars+0x629/0x830 drivers/tty/serial/8250/8250_port.c:1854 __start_tx drivers/tty/serial/8250/8250_port.c:1570 [inline] serial8250_start_tx+0x6a9/0x8a0 drivers/tty/serial/8250/8250_port.c:1676 __uart_start drivers/tty/serial/serial_core.c:139 [inline] uart_write+0x67d/0x910 drivers/tty/serial/serial_core.c:601 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf+0x438/0x1430 drivers/net/hamradio/6pack.c:453 tty_ldisc_receive_buf+0x113/0x150 drivers/tty/tty_buffer.c:461 tty_port_default_receive_buf+0x69/0x90 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:515 [inline] flush_to_ldisc+0x2f7/0x860 drivers/tty/tty_buffer.c:565 process_one_work+0x898/0x1160 kernel/workqueue.c:2292 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295