possible deadlock in uart_write

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 8bac5040 Linux 4.14.167
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14d5db66e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6ffa08bc186ce2d1
dashboard link: https://syzkaller.appspot.com/bug?extid=5d27dc5bbf29770820f1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5d27dc...@syzkaller.appspotmail.com

============================================
WARNING: possible recursive locking detected
4.14.167-syzkaller #0 Not tainted
--------------------------------------------
syz-fuzzer/7447 is trying to acquire lock:
(&port_lock_key){-.-.}, at: [<ffffffff83532a8c>] uart_write+0x10c/0x4f0 drivers/tty/serial/serial_core.c:604

but task is already holding lock:
(&port_lock_key){-.-.}, at: [<ffffffff8354adc4>] serial8250_handle_irq.part.0+0x24/0x250 drivers/tty/serial/8250/8250_port.c:1872

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&port_lock_key);
lock(&port_lock_key);

*** DEADLOCK ***

May be due to missing lock nesting notation

3 locks held by syz-fuzzer/7447:
#0: (&(&i->lock)->rlock){-.-.}, at: [<ffffffff83539efc>] spin_lock include/linux/spinlock.h:317 [inline]
#0: (&(&i->lock)->rlock){-.-.}, at: [<ffffffff83539efc>] serial8250_interrupt+0x2c/0x1a0 drivers/tty/serial/8250/8250_core.c:119
#1: (&port_lock_key){-.-.}, at: [<ffffffff8354adc4>] serial8250_handle_irq.part.0+0x24/0x250 drivers/tty/serial/8250/8250_port.c:1872
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff834d6b30>] tty_ldisc_ref+0x20/0x80 drivers/tty/tty_ldisc.c:305

stack backtrace:
CPU: 0 PID: 7447 Comm: syz-fuzzer Not tainted 4.14.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
check_deadlock kernel/locking/lockdep.c:1843 [inline]
validate_chain kernel/locking/lockdep.c:2444 [inline]
__lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:160
uart_write+0x10c/0x4f0 drivers/tty/serial/serial_core.c:604
n_hdlc_send_frames+0x238/0x3e0 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x9f/0xc0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc9/0x100 drivers/tty/tty_io.c:533
tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:49
tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:389
uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:116
serial8250_tx_chars+0x40d/0xa10 drivers/tty/serial/8250/8250_port.c:1810
serial8250_handle_irq.part.0+0x206/0x250 drivers/tty/serial/8250/8250_port.c:1883
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1869 [inline]
serial8250_default_handle_irq+0xa1/0x120 drivers/tty/serial/8250/8250_port.c:1899
serial8250_interrupt+0xe9/0x1a0 drivers/tty/serial/8250/8250_core.c:129
__handle_irq_event_percpu+0x125/0x7f0 kernel/irq/handle.c:147
handle_irq_event_percpu+0x65/0x130 kernel/irq/handle.c:187
handle_irq_event+0xa7/0x134 kernel/irq/handle.c:204
handle_edge_irq+0x22b/0x840 kernel/irq/chip.c:770
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x39/0x50 arch/x86/kernel/irq_64.c:87
do_IRQ+0x99/0x1d0 arch/x86/kernel/irq.c:230
common_interrupt+0x96/0x96 arch/x86/entry/entry_64.S:576
</IRQ>
RIP: 0033:0x411e4b
RSP: 002b:000000c420149e38 EFLAGS: 00000202 ORIG_RAX: ffffffffffffffc8
RAX: 000000c420000000 RBX: 000000c425d56be0 RCX: 000000c420084480
RDX: 0000000000002eab RSI: 00007f5f078f3a20 RDI: 000000c425d56000
RBP: 000000c420149e80 R08: 0000000000000001 R09: 00000000004c37e0
R10: 0000000000000400 R11: 000000c425d56be0 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 32ee7492 Linux 4.19.101
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15dcae6ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=928a6b2d3f9b21f8
dashboard link: https://syzkaller.appspot.com/bug?extid=23b746f27f5e2f9fb1e8

compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:

Reported-by: syzbot+23b746...@syzkaller.appspotmail.com

netlink: 65377 bytes leftover after parsing attributes in process `syz-executor.1'.

============================================
WARNING: possible recursive locking detected

4.19.101-syzkaller #0 Not tainted
--------------------------------------------
udevd/12583 is trying to acquire lock:
000000001fae0281 (&port_lock_key){-.-.}, at: uart_write+0x1da/0x6e0 drivers/tty/serial/serial_core.c:591

but task is already holding lock:

000000001fae0281 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x2b0 drivers/tty/serial/8250/8250_port.c:1868

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&port_lock_key);
lock(&port_lock_key);

*** DEADLOCK ***

May be due to missing lock nesting notation

7 locks held by udevd/12583:
#0: 00000000490a64bf (&dup_mmap_sem){++++}, at: dup_mmap kernel/fork.c:435 [inline]
#0: 00000000490a64bf (&dup_mmap_sem){++++}, at: dup_mm kernel/fork.c:1288 [inline]
#0: 00000000490a64bf (&dup_mmap_sem){++++}, at: copy_mm kernel/fork.c:1344 [inline]
#0: 00000000490a64bf (&dup_mmap_sem){++++}, at: copy_process.part.0+0x2b90/0x7a60 kernel/fork.c:1897
#1: 00000000f4bee2ca (&mm->mmap_sem){++++}, at: dup_mmap kernel/fork.c:436 [inline]
#1: 00000000f4bee2ca (&mm->mmap_sem){++++}, at: dup_mm kernel/fork.c:1288 [inline]
#1: 00000000f4bee2ca (&mm->mmap_sem){++++}, at: copy_mm kernel/fork.c:1344 [inline]
#1: 00000000f4bee2ca (&mm->mmap_sem){++++}, at: copy_process.part.0+0x2bac/0x7a60 kernel/fork.c:1897
#2: 0000000048265e60 (&mm->mmap_sem/1){+.+.}, at: dup_mmap kernel/fork.c:445 [inline]
#2: 0000000048265e60 (&mm->mmap_sem/1){+.+.}, at: dup_mm kernel/fork.c:1288 [inline]
#2: 0000000048265e60 (&mm->mmap_sem/1){+.+.}, at: copy_mm kernel/fork.c:1344 [inline]
#2: 0000000048265e60 (&mm->mmap_sem/1){+.+.}, at: copy_process.part.0+0x2bf9/0x7a60 kernel/fork.c:1897
#3: 000000001854bba0 (&anon_vma->rwsem){++++}, at: lock_anon_vma_root mm/rmap.c:238 [inline]
#3: 000000001854bba0 (&anon_vma->rwsem){++++}, at: anon_vma_clone+0x143/0x480 mm/rmap.c:278
#4: 0000000061c87ba3 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:329 [inline]
#4: 0000000061c87ba3 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x30/0x1e0 drivers/tty/serial/8250/8250_core.c:115
#5: 000000001fae0281 (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x24/0x2b0 drivers/tty/serial/8250/8250_port.c:1868
#6: 00000000bd0059c2 (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x22/0x90 drivers/tty/tty_ldisc.c:293

stack backtrace:
CPU: 0 PID: 12583 Comm: udevd Not tainted 4.19.101-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>

__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_deadlock_bug kernel/locking/lockdep.c:1759 [inline]
check_deadlock kernel/locking/lockdep.c:1803 [inline]
validate_chain kernel/locking/lockdep.c:2399 [inline]
__lock_acquire.cold+0x20f/0x4a7 kernel/locking/lockdep.c:3411
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:152
uart_write+0x1da/0x6e0 drivers/tty/serial/serial_core.c:591
n_hdlc_send_frames+0x271/0x450 drivers/tty/n_hdlc.c:403
n_hdlc_tty_wakeup+0xae/0xd0 drivers/tty/n_hdlc.c:479
tty_wakeup+0xdc/0x110 drivers/tty/tty_io.c:534
tty_port_default_wakeup+0x2b/0x40 drivers/tty/tty_port.c:50
tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:390
uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:103
serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1806
serial8250_handle_irq.part.0+0x261/0x2b0 drivers/tty/serial/8250/8250_port.c:1879
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1865 [inline]
serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1895
serial8250_interrupt+0xfc/0x1e0 drivers/tty/serial/8250/8250_core.c:125
__handle_irq_event_percpu+0x144/0x8f0 kernel/irq/handle.c:149
handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:797
generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]
handle_irq+0x39/0x50 arch/x86/kernel/irq_64.c:87
do_IRQ+0x99/0x1d0 arch/x86/kernel/irq.c:246
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670
</IRQ>
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x54/0x90 kernel/locking/spinlock.c:192
Code: c0 58 57 f2 88 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 33 48 83 3d 6d 5f 9d 01 00 74 20 fb 66 0f 1f 44 00 00 <bf> 01 00 00 00 e8 22 d7 f3 f9 65 8b 05 cb f5 ac 78 85 c0 74 06 41
RSP: 0018:ffff888044f1f808 EFLAGS: 00000286 ORIG_RAX: ffffffffffffffd5
RAX: 1ffffffff11e4aeb RBX: ffff8880a8b5c280 RCX: 1ffff1101516b973
RDX: dffffc0000000000 RSI: ffff8880a8b5cb78 RDI: ffff8880a8b5cafc
RBP: ffff888044f1f810 R08: ffff8880a8b5c280 R09: ffff8880a8b5cb98
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880ae82c240
R13: ffff8880a790e240 R14: 0000000000000000 R15: 0000000000000002
finish_lock_switch kernel/sched/core.c:2576 [inline]
finish_task_switch+0x146/0x7c0 kernel/sched/core.c:2676
context_switch kernel/sched/core.c:2829 [inline]
__schedule+0x86e/0x1dc0 kernel/sched/core.c:3515
preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:3742
retint_kernel+0x1b/0x2d
RIP: 0010:avc_start_pgoff mm/interval_tree.c:64 [inline]
RIP: 0010:__anon_vma_interval_tree_insert mm/interval_tree.c:72 [inline]
RIP: 0010:anon_vma_interval_tree_insert+0x20a/0x410 mm/interval_tree.c:83
Code: 3c 30 00 0f 85 73 01 00 00 48 be 00 00 00 00 00 fc ff df 4d 8b 74 24 e0 49 8d be 98 00 00 00 48 89 f8 48 c1 e8 03 80 3c 30 00 <0f> 85 42 01 00 00 4d 8b b6 98 00 00 00 48 8b 7d d0 4c 89 f6 e8 fd
RSP: 0018:ffff888044f1fa38 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff11013c78e3c RBX: ffff8880955a3af0 RCX: ffffffff81935315
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffff88809e3c71e0
RBP: ffff888044f1fa70 R08: ffff8880a8b5c280 R09: ffffed1015d04733
R10: ffffed1015d04732 R11: ffff8880ae823993 R12: ffff8880a897e5d0
R13: ffff888098cb2608 R14: ffff88809e3c7148 R15: 0000000000000017
anon_vma_chain_link+0x154/0x1c0 mm/rmap.c:144
anon_vma_clone+0x15b/0x480 mm/rmap.c:279
anon_vma_fork+0x8f/0x4a0 mm/rmap.c:332
dup_mmap kernel/fork.c:504 [inline]
dup_mm kernel/fork.c:1288 [inline]
copy_mm kernel/fork.c:1344 [inline]
copy_process.part.0+0x3509/0x7a60 kernel/fork.c:1897
copy_process kernel/fork.c:1694 [inline]
_do_fork+0x257/0xfd0 kernel/fork.c:2207
__do_sys_clone kernel/fork.c:2314 [inline]
__se_sys_clone kernel/fork.c:2308 [inline]
__x64_sys_clone+0xbf/0x150 kernel/fork.c:2308
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f18e9aedf46
Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00
RSP: 002b:00007ffe95d5ce40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffe95d5ce40 RCX: 00007f18e9aedf46
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffe95d5cea0 R08: 0000000000003127 R09: 0000000000003127
R10: 00007f18ea40aa70 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe95d5ce60 R14: 0000000000000005 R15: 0000000000000005

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: 78d697fc Linux 4.14.172
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12435d29e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ad682bcda9b93f

dashboard link: https://syzkaller.appspot.com/bug?extid=5d27dc5bbf29770820f1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15fb9d09e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e67efde00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5d27dc...@syzkaller.appspotmail.com

batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready

============================================
WARNING: possible recursive locking detected

4.14.172-syzkaller #0 Not tainted
--------------------------------------------
swapper/0/0 is trying to acquire lock:
(&port_lock_key){-.-.}, at: [<ffffffff834031f9>] uart_write+0x109/0x4e0 drivers/tty/serial/serial_core.c:604

but task is already holding lock:

(&port_lock_key){-.-.}, at: [<ffffffff8341aaa0>] serial8250_handle_irq.part.0+0x20/0x240 drivers/tty/serial/8250/8250_port.c:1872

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&port_lock_key);
lock(&port_lock_key);

*** DEADLOCK ***

May be due to missing lock nesting notation

3 locks held by swapper/0/0:
#0: (&(&i->lock)->rlock){-.-.}, at: [<ffffffff8340a2ab>] spin_lock include/linux/spinlock.h:317 [inline]
#0: (&(&i->lock)->rlock){-.-.}, at: [<ffffffff8340a2ab>] serial8250_interrupt+0x2b/0x1a0 drivers/tty/serial/8250/8250_core.c:119
#1: (&port_lock_key){-.-.}, at: [<ffffffff8341aaa0>] serial8250_handle_irq.part.0+0x20/0x240 drivers/tty/serial/8250/8250_port.c:1872
#2: (&tty->ldisc_sem){++++}, at: [<ffffffff833aa84b>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305

stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.172-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:17 [inline]

dump_stack+0x13e/0x194 lib/dump_stack.c:58

print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
check_deadlock kernel/locking/lockdep.c:1843 [inline]
validate_chain kernel/locking/lockdep.c:2444 [inline]
__lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487

lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3994
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xbf kernel/locking/spinlock.c:160
uart_write+0x109/0x4e0 drivers/tty/serial/serial_core.c:604
n_hdlc_send_frames+0x23c/0x3f0 drivers/tty/n_hdlc.c:404
n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
tty_port_default_wakeup+0x26/0x40 drivers/tty/tty_port.c:49
serial8250_tx_chars+0x400/0x9e0 drivers/tty/serial/8250/8250_port.c:1810
serial8250_handle_irq.part.0+0x1f8/0x240 drivers/tty/serial/8250/8250_port.c:1883
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1869 [inline]
serial8250_default_handle_irq+0x96/0x110 drivers/tty/serial/8250/8250_port.c:1899
serial8250_interrupt+0xe4/0x1a0 drivers/tty/serial/8250/8250_core.c:129
__handle_irq_event_percpu+0x125/0x7e0 kernel/irq/handle.c:147
handle_irq_event_percpu+0x66/0x120 kernel/irq/handle.c:187
handle_irq_event+0xa2/0x12d kernel/irq/handle.c:204
handle_edge_irq+0x215/0x810 kernel/irq/chip.c:770
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87
do_IRQ+0x93/0x1d0 arch/x86/kernel/irq.c:230
common_interrupt+0x8f/0x8f arch/x86/entry/entry_64.S:576
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffffffff87c07e78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffc8
RAX: 1ffffffff0fa2ce4 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87c76abc
RBP: ffffffff87d16710 R08: 1ffffffff1124101 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff0f8ec48
R13: ffffffff87c76240 R14: 0000000000000000 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x47/0x370 arch/x86/kernel/process.c:566
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x250/0x3c0 kernel/sched/idle.c:246
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:351
start_kernel+0x659/0x676 init/main.c:708
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240

[syzbot]

syzbot has found a reproducer for the following crash on:

HEAD commit: a083db76 Linux 4.19.107
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15918331e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c32f76aaadd644de

dashboard link: https://syzkaller.appspot.com/bug?extid=23b746f27f5e2f9fb1e8
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14105c55e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13217d09e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+23b746...@syzkaller.appspotmail.com

batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready

============================================
WARNING: possible recursive locking detected

4.19.107-syzkaller #0 Not tainted
--------------------------------------------
swapper/0/0 is trying to acquire lock:
0000000053c8769e (&port_lock_key){-.-.}, at: uart_write+0x1c7/0x680 drivers/tty/serial/serial_core.c:591

but task is already holding lock:

0000000053c8769e (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x21/0x290 drivers/tty/serial/8250/8250_port.c:1868

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&port_lock_key);
lock(&port_lock_key);

*** DEADLOCK ***

May be due to missing lock nesting notation

3 locks held by swapper/0/0:

#0: 0000000058c89ec8 (&(&i->lock)->rlock){-.-.}, at: spin_lock include/linux/spinlock.h:329 [inline]
#0: 0000000058c89ec8 (&(&i->lock)->rlock){-.-.}, at: serial8250_interrupt+0x2b/0x1d0 drivers/tty/serial/8250/8250_core.c:115
#1: 0000000053c8769e (&port_lock_key){-.-.}, at: serial8250_handle_irq.part.0+0x21/0x290 drivers/tty/serial/8250/8250_port.c:1868
#2: 000000003d674e2f (&tty->ldisc_sem){++++}, at: tty_ldisc_ref+0x1d/0x80 drivers/tty/tty_ldisc.c:293

stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.107-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]

dump_stack+0x188/0x20d lib/dump_stack.c:118

print_deadlock_bug kernel/locking/lockdep.c:1759 [inline]
check_deadlock kernel/locking/lockdep.c:1803 [inline]
validate_chain kernel/locking/lockdep.c:2399 [inline]
__lock_acquire.cold+0x20f/0x4a7 kernel/locking/lockdep.c:3411

lock_acquire+0x170/0x400 kernel/locking/lockdep.c:3903
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x8c/0xbf kernel/locking/spinlock.c:152
uart_write+0x1c7/0x680 drivers/tty/serial/serial_core.c:591
n_hdlc_send_frames+0x276/0x450 drivers/tty/n_hdlc.c:403
n_hdlc_tty_wakeup+0xa0/0xc0 drivers/tty/n_hdlc.c:479
tty_wakeup+0xd4/0x110 drivers/tty/tty_io.c:534
tty_port_default_wakeup+0x26/0x40 drivers/tty/tty_port.c:50
serial8250_tx_chars+0x48f/0xae0 drivers/tty/serial/8250/8250_port.c:1806
serial8250_handle_irq.part.0+0x24b/0x290 drivers/tty/serial/8250/8250_port.c:1879
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1865 [inline]
serial8250_default_handle_irq+0xb5/0x140 drivers/tty/serial/8250/8250_port.c:1895
serial8250_interrupt+0xf2/0x1d0 drivers/tty/serial/8250/8250_core.c:125
__handle_irq_event_percpu+0x144/0x8e0 kernel/irq/handle.c:149
handle_irq_event_percpu+0x76/0x160 kernel/irq/handle.c:189
handle_irq_event+0xa2/0x12d kernel/irq/handle.c:206
handle_edge_irq+0x24b/0x8c0 kernel/irq/chip.c:797
generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]
handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87
do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246
common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: fa eb 82 90 90 90 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d f4 02 48 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d e4 02 48 00 fb f4 <c3> 90 41 56 41 55 41 54 55 53 e8 23 c2 36 fa e8 ce ce 35 fc 0f 1f
RSP: 0018:ffffffff88a07d40 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffd7
RAX: 1ffffffff1164ad4 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff88a7a73c
RBP: 0000000000000000 R08: ffffffff88a79ec0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff88b25690
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88a79ec0
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0x49/0x320 arch/x86/kernel/process.c:565
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x2ee/0x4b0 kernel/sched/idle.c:263
cpu_startup_entry+0xc6/0xd0 kernel/sched/idle.c:369
start_kernel+0x7e4/0x81c init/main.c:737
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243