[v6.6] possible deadlock in serial8250_handle_irq
4 views
Skip to first unread message
syzbot
Jul 5, 2025, 4:56:29 AMJul 5
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f5b4c104b7d Linux 6.6.95
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ef3d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=747dbf84b0ecd30c
dashboard link: https://syzkaller.appspot.com/bug?extid=2c1ea2e094eb602fe8b9
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/421f6e2d0cd1/disk-3f5b4c10.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90250695b20b/vmlinux-3f5b4c10.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32250e77bce9/bzImage-3f5b4c10.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2c1ea2...@syzkaller.appspotmail.com
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.6.95-syzkaller #0 Not tainted
-----------------------------------------------------
kworker/u4:7/1132 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8d7d9338 (disc_data_lock#2){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline]
ffffffff8d7d9338 (disc_data_lock#2){.+.+}-{2:2}, at: sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
and this task is already holding:
ffffffff971d60b8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0xfb/0x5d0 drivers/tty/serial/serial_core.c:613
which would create a new lock dependency:
(&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#2){.+.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&port_lock_key){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0xb4/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
to a HARDIRQ-irq-unsafe lock:
(disc_data_lock#2){.+.+}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(disc_data_lock#2);
local_irq_disable();
lock(&port_lock_key);
lock(disc_data_lock#2);
<Interrupt>
lock(&port_lock_key);
*** DEADLOCK ***
6 locks held by kworker/u4:7/1132:
#0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#1: ffffc900045ffd00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc900045ffd00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#2: ffff888020c30ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x38/0x830 drivers/tty/tty_buffer.c:467
#3: ffff88802a3b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 drivers/tty/tty_ldisc.c:263
#4: ffffffff971d60b8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0xfb/0x5d0 drivers/tty/serial/serial_core.c:613
#5: ffff88802a3b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 drivers/tty/tty_ldisc.c:263
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&port_lock_key){-.-.}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0xb4/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
IN-SOFTIRQ-W at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0x5d/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_irq_enable arch/x86/include/asm/irqflags.h:-1 [inline]
arch_local_irq_enable arch/x86/include/asm/irqflags.h:99 [inline]
handle_softirqs+0x1b0/0x820 kernel/softirq.c:562
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
INITIAL USE at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_do_set_termios+0x548/0x17e0 drivers/tty/serial/8250/8250_port.c:2804
uart_set_options+0x3bc/0x5b0 drivers/tty/serial/serial_core.c:2339
serial8250_console_setup+0x2d2/0x3a0 drivers/tty/serial/8250/8250_port.c:3538
univ8250_console_setup+0x3c4/0x480 drivers/tty/serial/8250/8250_core.c:632
console_call_setup kernel/printk/printk.c:3311 [inline]
try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3352
register_console+0x3be/0xe60 kernel/printk/printk.c:3526
univ8250_console_init+0x45/0x50 drivers/tty/serial/8250/8250_core.c:717
console_init+0x17b/0x5e0 kernel/printk/printk.c:3726
start_kernel+0x2c0/0x4e0 init/main.c:1010
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
}
... key at: [<ffffffff971d54c0>] port_lock_key+0x0/0x20
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (disc_data_lock#2){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
SOFTIRQ-ON-R at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
INITIAL READ USE at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
}
... key at: [<ffffffff8d7d9338>] disc_data_lock+0x18/0x100
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb8/0x100 drivers/tty/tty_io.c:523
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x6bd/0x8a0 drivers/tty/serial/8250/8250_port.c:1837
__start_tx+0x313/0x450 drivers/tty/serial/8250/8250_port.c:1546
__uart_start+0x23a/0x3e0 drivers/tty/serial/serial_core.c:160
uart_write+0x449/0x5d0 drivers/tty/serial/serial_core.c:633
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x424/0x1360 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
stack backtrace:
CPU: 1 PID: 1132 Comm: kworker/u4:7 Not tainted 6.6.95-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_to_ldisc
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline]
check_irq_usage kernel/locking/lockdep.c:2865 [inline]
check_prev_add kernel/locking/lockdep.c:3138 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x678f/0x7c80 kernel/locking/lockdep.c:5137
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb8/0x100 drivers/tty/tty_io.c:523
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x6bd/0x8a0 drivers/tty/serial/8250/8250_port.c:1837
__start_tx+0x313/0x450 drivers/tty/serial/8250/8250_port.c:1546
__uart_start+0x23a/0x3e0 drivers/tty/serial/serial_core.c:160
uart_write+0x449/0x5d0 drivers/tty/serial/serial_core.c:633
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x424/0x1360 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3f5b4c104b7d Linux 6.6.95
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ef3d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=747dbf84b0ecd30c
dashboard link: https://syzkaller.appspot.com/bug?extid=2c1ea2e094eb602fe8b9
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/421f6e2d0cd1/disk-3f5b4c10.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90250695b20b/vmlinux-3f5b4c10.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32250e77bce9/bzImage-3f5b4c10.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2c1ea2...@syzkaller.appspotmail.com
=====================================================
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.6.95-syzkaller #0 Not tainted
-----------------------------------------------------
kworker/u4:7/1132 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
ffffffff8d7d9338 (disc_data_lock#2){.+.+}-{2:2}, at: sp_get drivers/net/hamradio/6pack.c:376 [inline]
ffffffff8d7d9338 (disc_data_lock#2){.+.+}-{2:2}, at: sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
and this task is already holding:
ffffffff971d60b8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0xfb/0x5d0 drivers/tty/serial/serial_core.c:613
which would create a new lock dependency:
(&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#2){.+.+}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(&port_lock_key){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0xb4/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
to a HARDIRQ-irq-unsafe lock:
(disc_data_lock#2){.+.+}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(disc_data_lock#2);
local_irq_disable();
lock(&port_lock_key);
lock(disc_data_lock#2);
<Interrupt>
lock(&port_lock_key);
*** DEADLOCK ***
6 locks held by kworker/u4:7/1132:
#0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#0: ffff888017871538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#1: ffffc900045ffd00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:2609 [inline]
#1: ffffc900045ffd00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0 kernel/workqueue.c:2711
#2: ffff888020c30ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x38/0x830 drivers/tty/tty_buffer.c:467
#3: ffff88802a3b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 drivers/tty/tty_ldisc.c:263
#4: ffffffff971d60b8 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0xfb/0x5d0 drivers/tty/serial/serial_core.c:613
#5: ffff88802a3b50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 drivers/tty/tty_ldisc.c:263
the dependencies between HARDIRQ-irq-safe lock and the holding lock:
-> (&port_lock_key){-.-.}-{2:2} {
IN-HARDIRQ-W at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0xb4/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
IN-SOFTIRQ-W at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_handle_irq+0x7a/0x6e0 drivers/tty/serial/8250/8250_port.c:1915
serial8250_default_handle_irq+0xb8/0x1a0 drivers/tty/serial/8250/8250_port.c:1964
serial8250_interrupt+0x9f/0x1c0 drivers/tty/serial/8250/8250_core.c:127
__handle_irq_event_percpu+0x276/0x930 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0x8b/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x247/0xb30 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:240 [inline]
__common_interrupt+0x13b/0x230 arch/x86/kernel/irq.c:259
common_interrupt+0x5d/0xd0 arch/x86/kernel/irq.c:249
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:678
native_irq_enable arch/x86/include/asm/irqflags.h:-1 [inline]
arch_local_irq_enable arch/x86/include/asm/irqflags.h:99 [inline]
handle_softirqs+0x1b0/0x820 kernel/softirq.c:562
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:147
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:753
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
INITIAL USE at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xa8/0xf0 kernel/locking/spinlock.c:162
serial8250_do_set_termios+0x548/0x17e0 drivers/tty/serial/8250/8250_port.c:2804
uart_set_options+0x3bc/0x5b0 drivers/tty/serial/serial_core.c:2339
serial8250_console_setup+0x2d2/0x3a0 drivers/tty/serial/8250/8250_port.c:3538
univ8250_console_setup+0x3c4/0x480 drivers/tty/serial/8250/8250_core.c:632
console_call_setup kernel/printk/printk.c:3311 [inline]
try_enable_preferred_console+0x48a/0x600 kernel/printk/printk.c:3352
register_console+0x3be/0xe60 kernel/printk/printk.c:3526
univ8250_console_init+0x45/0x50 drivers/tty/serial/8250/8250_core.c:717
console_init+0x17b/0x5e0 kernel/printk/printk.c:3726
start_kernel+0x2c0/0x4e0 init/main.c:1010
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
copy_bootdata+0x0/0xe0 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
}
... key at: [<ffffffff971d54c0>] port_lock_key+0x0/0x20
the dependencies between the lock to be acquired
and HARDIRQ-irq-unsafe lock:
-> (disc_data_lock#2){.+.+}-{2:2} {
HARDIRQ-ON-R at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
SOFTIRQ-ON-R at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
INITIAL READ USE at:
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_receive_buf+0x59/0x1360 drivers/net/hamradio/6pack.c:439
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
}
... key at: [<ffffffff8d7d9338>] disc_data_lock+0x18/0x100
... acquired at:
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb8/0x100 drivers/tty/tty_io.c:523
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x6bd/0x8a0 drivers/tty/serial/8250/8250_port.c:1837
__start_tx+0x313/0x450 drivers/tty/serial/8250/8250_port.c:1546
__uart_start+0x23a/0x3e0 drivers/tty/serial/serial_core.c:160
uart_write+0x449/0x5d0 drivers/tty/serial/serial_core.c:633
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x424/0x1360 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
stack backtrace:
CPU: 1 PID: 1132 Comm: kworker/u4:7 Not tainted 6.6.95-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_to_ldisc
Call Trace:
<TASK>
dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline]
check_irq_usage kernel/locking/lockdep.c:2865 [inline]
check_prev_add kernel/locking/lockdep.c:3138 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x678f/0x7c80 kernel/locking/lockdep.c:5137
lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
__raw_read_lock include/linux/rwlock_api_smp.h:150 [inline]
_raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228
sp_get drivers/net/hamradio/6pack.c:376 [inline]
sixpack_write_wakeup+0x30/0x480 drivers/net/hamradio/6pack.c:397
tty_wakeup+0xb8/0x100 drivers/tty/tty_io.c:523
tty_port_default_wakeup+0xa2/0xf0 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x6bd/0x8a0 drivers/tty/serial/8250/8250_port.c:1837
__start_tx+0x313/0x450 drivers/tty/serial/8250/8250_port.c:1546
__uart_start+0x23a/0x3e0 drivers/tty/serial/serial_core.c:160
uart_write+0x449/0x5d0 drivers/tty/serial/serial_core.c:633
decode_prio_command drivers/net/hamradio/6pack.c:888 [inline]
sixpack_decode drivers/net/hamradio/6pack.c:963 [inline]
sixpack_receive_buf+0x424/0x1360 drivers/net/hamradio/6pack.c:453
tty_ldisc_receive_buf+0x117/0x160 drivers/tty/tty_buffer.c:391
tty_port_default_receive_buf+0x6e/0xa0 drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:445 [inline]
flush_to_ldisc+0x2f2/0x830 drivers/tty/tty_buffer.c:495
process_one_work kernel/workqueue.c:2634 [inline]
process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
kthread+0x2fa/0x390 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 14, 2025, 9:08:20 AM (3 days ago) Oct 14
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages