============================================ WARNING: possible recursive locking detected 4.19.211-syzkaller #0 Not tainted -------------------------------------------- syz-executor.4/22736 is trying to acquire lock: 00000000580ef3f8 (&port_lock_key){-.-.}, at: uart_write+0x1ce/0x6f0 drivers/tty/serial/serial_core.c:591 EXT4-fs (loop0): Ignoring removed oldalloc option but task is already holding lock: 00000000580ef3f8 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x21/0x3d0 drivers/tty/serial/8250/8250_port.c:1876 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- EXT4-fs (loop0): can't mount with dioread_nolock if block size != PAGE_SIZE lock(&port_lock_key); lock(&port_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.4/22736: #0: 00000000c7c21a35 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:329 [inline] #0: 00000000c7c21a35 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x3a/0x240 drivers/tty/serial/8250/8250_core.c:115 #1: 00000000580ef3f8 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x21/0x3d0 drivers/tty/serial/8250/8250_port.c:1876 #2: 00000000f86723d8 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x1d/0x80 drivers/tty/tty_ldisc.c:293 stack backtrace: CPU: 1 PID: 22736 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline] check_deadlock kernel/locking/lockdep.c:1808 [inline] validate_chain kernel/locking/lockdep.c:2404 [inline] __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 uart_write+0x1ce/0x6f0 drivers/tty/serial/serial_core.c:591 n_hdlc_send_frames+0x278/0x470 drivers/tty/n_hdlc.c:403 n_hdlc_tty_wakeup+0xa0/0xc0 drivers/tty/n_hdlc.c:479 tty_wakeup+0xd4/0x110 drivers/tty/tty_io.c:534 tty_port_default_wakeup+0x26/0x40 drivers/tty/tty_port.c:50 serial8250_tx_chars+0x490/0xaf0 drivers/tty/serial/8250/8250_port.c:1813 serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1900 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1873 [inline] serial8250_default_handle_irq+0xae/0x220 drivers/tty/serial/8250/8250_port.c:1916 serial8250_interrupt+0x101/0x240 drivers/tty/serial/8250/8250_core.c:125 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] RIP: 0010:slab_alloc mm/slab.c:3390 [inline] RIP: 0010:kmem_cache_alloc_trace+0x2d2/0x380 mm/slab.c:3623 Code: 48 c7 c7 03 6c b8 89 e8 bc 58 a9 ff e9 af fd ff ff e8 c2 8c cf ff 48 83 3d 02 66 59 08 00 0f 84 af 00 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 e9 18 fe ff ff 65 ff 05 ad c2 69 7e 48 8b 05 de df RSP: 0018:ffff8880a507fbf0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffd5 RAX: 0000000000000007 RBX: 00000000006080c0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000286 RBP: 00000000006080c0 R08: ffffffff8cd233c0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a8d39e00 R13: ffff88813bff04c0 R14: 0000000000000048 R15: ffff88813bff04c0 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] aa_alloc_file_ctx security/apparmor/include/file.h:60 [inline] apparmor_file_alloc_security+0x394/0xad0 security/apparmor/lsm.c:438 security_file_alloc+0x40/0x90 security/security.c:880 __alloc_file+0xd8/0x340 fs/file_table.c:105 alloc_empty_file+0x6d/0x170 fs/file_table.c:150 alloc_file+0x5e/0x4d0 fs/file_table.c:192 alloc_file_pseudo+0x165/0x250 fs/file_table.c:231 anon_inode_getfile fs/anon_inodes.c:87 [inline] anon_inode_getfile+0xc8/0x1f0 fs/anon_inodes.c:70 anon_inode_getfd+0x4c/0xa0 fs/anon_inodes.c:132 __do_sys_fanotify_init fs/notify/fanotify/fanotify_user.c:789 [inline] __se_sys_fanotify_init+0x55a/0x7f0 fs/notify/fanotify/fanotify_user.c:682 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fdc82be00c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdc81152168 EFLAGS: 00000246 ORIG_RAX: 000000000000012c RAX: ffffffffffffffda RBX: 00007fdc82cfff80 RCX: 00007fdc82be00c9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fdc82c3bae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe72302c1f R14: 00007fdc81152300 R15: 0000000000022000 ---------------- Code disassembly (best guess): 0: 48 c7 c7 03 6c b8 89 mov $0xffffffff89b86c03,%rdi 7: e8 bc 58 a9 ff callq 0xffa958c8 c: e9 af fd ff ff jmpq 0xfffffdc0 11: e8 c2 8c cf ff callq 0xffcf8cd8 16: 48 83 3d 02 66 59 08 cmpq $0x0,0x8596602(%rip) # 0x8596620 1d: 00 1e: 0f 84 af 00 00 00 je 0xd3 24: 48 8b 3c 24 mov (%rsp),%rdi 28: 57 push %rdi 29: 9d popfq * 2a: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) <-- trapping instruction 2f: e9 18 fe ff ff jmpq 0xfffffe4c 34: 65 ff 05 ad c2 69 7e incl %gs:0x7e69c2ad(%rip) # 0x7e69c2e8 3b: 48 rex.W 3c: 8b .byte 0x8b 3d: 05 .byte 0x5 3e: de df (bad)