===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.7.0-rc5-syzkaller-00270-g0e389834672c #0 Not tainted ----------------------------------------------------- syz-executor.1/18186 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8dff8698 (disc_data_lock){.+.+}-{2:2}, at: sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 and this task is already holding: ffffffff92a8faf8 (&port_lock_key){-.-.}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] ffffffff92a8faf8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x13b/0x5b0 drivers/tty/serial/serial_core.c:596 which would create a new lock dependency: (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock){.+.+}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x50 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] serial8250_handle_irq+0x91/0x760 drivers/tty/serial/8250/8250_port.c:1913 serial8250_default_handle_irq+0x94/0x210 drivers/tty/serial/8250/8250_port.c:1962 serial8250_interrupt+0xfc/0x200 drivers/tty/serial/8250/8250_core.c:127 __handle_irq_event_percpu+0x22a/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x261/0xcf0 kernel/irq/chip.c:831 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xdb/0x240 arch/x86/kernel/irq.c:257 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x1b/0x20 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x83/0x500 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:215 [inline] do_idle+0x319/0x400 kernel/sched/idle.c:282 cpu_startup_entry+0x50/0x60 kernel/sched/idle.c:380 start_secondary+0x20e/0x2a0 arch/x86/kernel/smpboot.c:336 secondary_startup_64_no_verify+0x166/0x16b to a HARDIRQ-irq-unsafe lock: (disc_data_lock){.+.+}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_receive_buf drivers/net/hamradio/6pack.c:439 [inline] sixpack_receive_buf+0x59/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(disc_data_lock); local_irq_disable(); lock(&port_lock_key); lock(disc_data_lock); lock(&port_lock_key); *** DEADLOCK *** 4 locks held by syz-executor.1/18186: #0: ffff88803306e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 drivers/tty/tty_ldisc.c:243 #1: ffff88801c950ce8 (&buf->lock){+.+.}-{3:3}, at: tiocsti drivers/tty/tty_io.c:2293 [inline] #1: ffff88801c950ce8 (&buf->lock){+.+.}-{3:3}, at: tty_ioctl+0x51e/0x1580 drivers/tty/tty_io.c:2694 #2: ffffffff92a8faf8 (&port_lock_key){-.-.}-{2:2}, at: uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] #2: ffffffff92a8faf8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x13b/0x5b0 drivers/tty/serial/serial_core.c:596 #3: ffff88803306e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 drivers/tty/tty_ldisc.c:263 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x50 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] serial8250_handle_irq+0x91/0x760 drivers/tty/serial/8250/8250_port.c:1913 serial8250_default_handle_irq+0x94/0x210 drivers/tty/serial/8250/8250_port.c:1962 serial8250_interrupt+0xfc/0x200 drivers/tty/serial/8250/8250_core.c:127 __handle_irq_event_percpu+0x22a/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x261/0xcf0 kernel/irq/chip.c:831 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xdb/0x240 arch/x86/kernel/irq.c:257 common_interrupt+0xab/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:86 [inline] acpi_safe_halt+0x1b/0x20 drivers/acpi/processor_idle.c:112 acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:707 cpuidle_enter_state+0x83/0x500 drivers/cpuidle/cpuidle.c:267 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388 cpuidle_idle_call kernel/sched/idle.c:215 [inline] do_idle+0x319/0x400 kernel/sched/idle.c:282 cpu_startup_entry+0x50/0x60 kernel/sched/idle.c:380 start_secondary+0x20e/0x2a0 arch/x86/kernel/smpboot.c:336 secondary_startup_64_no_verify+0x166/0x16b IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x50 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] serial8250_handle_irq+0x91/0x760 drivers/tty/serial/8250/8250_port.c:1913 serial8250_default_handle_irq+0x94/0x210 drivers/tty/serial/8250/8250_port.c:1962 serial8250_interrupt+0xfc/0x200 drivers/tty/serial/8250/8250_core.c:127 __handle_irq_event_percpu+0x22a/0x750 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210 handle_edge_irq+0x261/0xcf0 kernel/irq/chip.c:831 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0xdb/0x240 arch/x86/kernel/irq.c:257 common_interrupt+0x52/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:640 variable_ffs arch/x86/include/asm/bitops.h:321 [inline] __do_softirq+0x1e0/0x8de kernel/softirq.c:541 invoke_softirq kernel/softirq.c:427 [inline] __irq_exit_rcu kernel/softirq.c:632 [inline] irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202 spin_unlock_irq include/linux/spinlock.h:401 [inline] seccomp_set_mode_filter kernel/seccomp.c:1980 [inline] do_seccomp+0xae1/0x25a0 kernel/seccomp.c:2055 prctl_set_seccomp+0x4b/0x70 kernel/seccomp.c:2108 __do_sys_prctl+0xd11/0x1f70 kernel/sys.c:2513 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x50 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:616 [inline] serial8250_do_set_termios+0x334/0x1240 drivers/tty/serial/8250/8250_port.c:2793 serial8250_set_termios+0x6b/0x80 drivers/tty/serial/8250/8250_port.c:2912 uart_set_options+0x316/0x5f0 drivers/tty/serial/serial_core.c:2285 serial8250_console_setup+0x18a/0x430 drivers/tty/serial/8250/8250_port.c:3507 univ8250_console_setup+0x168/0x210 drivers/tty/serial/8250/8250_core.c:632 try_enable_preferred_console+0x24d/0x470 kernel/printk/printk.c:3302 register_console+0x30a/0x1060 kernel/printk/printk.c:3479 univ8250_console_init+0x35/0x50 drivers/tty/serial/8250/8250_core.c:717 console_init+0xba/0x5d0 kernel/printk/printk.c:3688 start_kernel+0x25a/0x480 init/main.c:1008 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:555 x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:536 secondary_startup_64_no_verify+0x166/0x16b } ... key at: [] port_lock_key+0x0/0x40 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (disc_data_lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_receive_buf drivers/net/hamradio/6pack.c:439 [inline] sixpack_receive_buf+0x59/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_receive_buf drivers/net/hamradio/6pack.c:439 [inline] sixpack_receive_buf+0x59/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326 sixpack_close+0x1e/0x2e0 drivers/net/hamradio/6pack.c:653 tty_ldisc_close+0x111/0x190 drivers/tty/tty_ldisc.c:455 tty_ldisc_kill+0x8e/0x150 drivers/tty/tty_ldisc.c:607 tty_ldisc_release+0x17b/0x2a0 drivers/tty/tty_ldisc.c:775 tty_release_struct+0x23/0xe0 drivers/tty/tty_io.c:1692 tty_release+0xe2c/0x1420 drivers/tty/tty_io.c:1863 __fput+0x270/0xb70 fs/file_table.c:394 __fput_sync+0x47/0x50 fs/file_table.c:475 __do_sys_close fs/open.c:1587 [inline] __se_sys_close fs/open.c:1572 [inline] __x64_sys_close+0x87/0xf0 fs/open.c:1572 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_receive_buf drivers/net/hamradio/6pack.c:439 [inline] sixpack_receive_buf+0x59/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b } ... key at: [] disc_data_lock+0x18/0xfc0 ... acquired at: lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_write_wakeup+0x20/0x390 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xe5/0x120 drivers/tty/tty_io.c:523 tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69 serial8250_tx_chars+0x542/0x890 drivers/tty/serial/8250/8250_port.c:1835 __start_tx+0x3cb/0x480 drivers/tty/serial/8250/8250_port.c:1544 serial8250_start_tx+0x35d/0x530 drivers/tty/serial/8250/8250_port.c:1653 __uart_start+0x289/0x470 drivers/tty/serial/serial_core.c:160 uart_write+0x2ff/0x5b0 drivers/tty/serial/serial_core.c:616 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf drivers/net/hamradio/6pack.c:453 [inline] sixpack_receive_buf+0x3fa/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b stack backtrace: CPU: 0 PID: 18186 Comm: syz-executor.1 Not tainted 6.7.0-rc5-syzkaller-00270-g0e389834672c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage+0xe18/0x1470 kernel/locking/lockdep.c:2865 check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain kernel/locking/lockdep.c:3869 [inline] __lock_acquire+0x2449/0x3b20 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1ae/0x520 kernel/locking/lockdep.c:5719 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 sp_get+0x18/0xf0 drivers/net/hamradio/6pack.c:376 sixpack_write_wakeup+0x20/0x390 drivers/net/hamradio/6pack.c:397 tty_wakeup+0xe5/0x120 drivers/tty/tty_io.c:523 tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69 serial8250_tx_chars+0x542/0x890 drivers/tty/serial/8250/8250_port.c:1835 __start_tx+0x3cb/0x480 drivers/tty/serial/8250/8250_port.c:1544 serial8250_start_tx+0x35d/0x530 drivers/tty/serial/8250/8250_port.c:1653 __uart_start+0x289/0x470 drivers/tty/serial/serial_core.c:160 uart_write+0x2ff/0x5b0 drivers/tty/serial/serial_core.c:616 decode_prio_command drivers/net/hamradio/6pack.c:888 [inline] sixpack_decode drivers/net/hamradio/6pack.c:963 [inline] sixpack_receive_buf drivers/net/hamradio/6pack.c:453 [inline] sixpack_receive_buf+0x3fa/0x1c60 drivers/net/hamradio/6pack.c:430 tiocsti drivers/tty/tty_io.c:2295 [inline] tty_ioctl+0x58a/0x1580 drivers/tty/tty_io.c:2694 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl fs/ioctl.c:857 [inline] __x64_sys_ioctl+0x18f/0x210 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f411b07cba9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f411bcee0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f411b19bf80 RCX: 00007f411b07cba9 RDX: 0000000020000100 RSI: 0000000000005412 RDI: 0000000000000008 RBP: 00007f411b0c847a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f411b19bf80 R15: 00007fff9fab1d58