============================= WARNING: suspicious RCU usage 6.0.0-rc1-next-20220818-syzkaller #0 Not tainted ----------------------------- include/net/sock.h:592 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 5 locks held by syz-executor.0/9230: #0: ffff88802be66810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline] #0: ffff88802be66810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:649 #1: ffff8880262d6730 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1687 [inline] #1: ffff8880262d6730 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1e/0xc0 net/ipv4/tcp.c:3025 #2: ffffc9000131f890 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #2: ffffc9000131f890 (&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_unhash+0x345/0x680 net/ipv4/inet_hashtables.c:651 #3: ffffffff8d7beb78 (reuseport_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:354 [inline] #3: ffffffff8d7beb78 (reuseport_lock){+...}-{2:2}, at: reuseport_detach_sock+0x22/0x4a0 net/core/sock_reuseport.c:346 #4: ffff8880262d69b8 (clock-AF_INET6){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 kernel/bpf/reuseport_array.c:26 stack backtrace: CPU: 1 PID: 9230 Comm: syz-executor.0 Not tainted 6.0.0-rc1-next-20220818-syzkaller #0 ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.0.0-rc1-next-20220818-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.0/9230 [HC0[0]:SC0[4]:HE0:SE0] is trying to acquire: ffff888026968ff0 (&mm->arg_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] ffff888026968ff0 (&mm->arg_lock){+.+.}-{2:2}, at: get_mm_cmdline.part.0+0x90/0x620 fs/proc/base.c:264 and this task is already holding: ffff8880262d69b8 (clock-AF_INET6){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 kernel/bpf/reuseport_array.c:26 which would create a new lock dependency: (clock-AF_INET6){++..}-{2:2} -> (&mm->arg_lock){+.+.}-{2:2} but this new dependency connects a SOFTIRQ-irq-safe lock: (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] __inet_inherit_port+0x163/0xa90 net/ipv4/inet_hashtables.c:141 tcp_v4_syn_recv_sock+0xb57/0x14b0 net/ipv4/tcp_ipv4.c:1568 tcp_check_req+0x62e/0x1aa0 net/ipv4/tcp_minisocks.c:764 tcp_v4_rcv+0x2435/0x3930 net/ipv4/tcp_ipv4.c:2006 ip_protocol_deliver_rcu+0x9b/0x7c0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e8/0x4c0 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip_local_deliver+0x1aa/0x200 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_sublist_rcv_finish+0x9a/0x2c0 net/ipv4/ip_input.c:575 ip_list_rcv_finish net/ipv4/ip_input.c:625 [inline] ip_sublist_rcv+0x533/0x980 net/ipv4/ip_input.c:633 ip_list_rcv+0x31a/0x470 net/ipv4/ip_input.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5528 [inline] __netif_receive_skb_list_core+0x548/0x8f0 net/core/dev.c:5576 __netif_receive_skb_list net/core/dev.c:5628 [inline] netif_receive_skb_list_internal+0x75b/0xd80 net/core/dev.c:5719 gro_normal_list include/net/gro.h:430 [inline] gro_normal_list include/net/gro.h:426 [inline] napi_complete_done+0x1f1/0x880 net/core/dev.c:6060 virtqueue_napi_complete drivers/net/virtio_net.c:398 [inline] virtnet_poll+0xd0c/0x1310 drivers/net/virtio_net.c:1675 __napi_poll+0xb3/0x6d0 net/core/dev.c:6511 napi_poll net/core/dev.c:6578 [inline] net_rx_action+0x9c1/0xd90 net/core/dev.c:6689 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] acpi_safe_halt+0x6f/0xb0 drivers/acpi/processor_idle.c:112 acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline] acpi_idle_enter+0x524/0x6a0 drivers/acpi/processor_idle.c:692 cpuidle_enter_state+0x1ab/0xd30 drivers/cpuidle/cpuidle.c:239 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:356 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x3e8/0x590 kernel/sched/idle.c:303 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:400 rest_init+0x169/0x270 init/main.c:729 arch_call_rest_init+0xf/0x14 init/main.c:887 start_kernel+0x46e/0x48f init/main.c:1142 secondary_startup_64_no_verify+0xce/0xdb to a SOFTIRQ-irq-unsafe lock: (&mm->arg_lock){+.+.}-{2:2} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] prctl_set_mm+0x363/0x8e0 kernel/sys.c:2148 __do_sys_prctl+0x925/0x1380 kernel/sys.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd other info that might help us debug this: Chain exists of: &tcp_hashinfo.bhash[i].lock --> clock-AF_INET6 --> &mm->arg_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mm->arg_lock); local_irq_disable(); lock(&tcp_hashinfo.bhash[i].lock); lock(clock-AF_INET6); lock(&tcp_hashinfo.bhash[i].lock); *** DEADLOCK *** 5 locks held by syz-executor.0/9230: #0: ffff88802be66810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline] #0: ffff88802be66810 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 net/socket.c:649 #1: ffff8880262d6730 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1687 [inline] #1: ffff8880262d6730 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1e/0xc0 net/ipv4/tcp.c:3025 #2: ffffc9000131f890 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #2: ffffc9000131f890 (&h->lhash2[i].lock){+.+.}-{2:2}, at: inet_unhash+0x345/0x680 net/ipv4/inet_hashtables.c:651 #3: ffffffff8d7beb78 (reuseport_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:354 [inline] #3: ffffffff8d7beb78 (reuseport_lock){+...}-{2:2}, at: reuseport_detach_sock+0x22/0x4a0 net/core/sock_reuseport.c:346 #4: ffff8880262d69b8 (clock-AF_INET6){++..}-{2:2}, at: bpf_sk_reuseport_detach+0x26/0x190 kernel/bpf/reuseport_array.c:26 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&tcp_hashinfo.bhash[i].lock){+.-.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:354 [inline] inet_csk_get_port+0x602/0x15e0 net/ipv4/inet_connection_sock.c:388 __inet6_bind+0x621/0x1b20 net/ipv6/af_inet6.c:406 inet6_bind+0x173/0x220 net/ipv6/af_inet6.c:465 rds_tcp_listen_init+0x2a5/0x4d0 net/rds/tcp_listen.c:307 rds_tcp_init_net+0x219/0x4f0 net/rds/tcp.c:573 ops_init+0xaf/0x470 net/core/net_namespace.c:135 __register_pernet_operations net/core/net_namespace.c:1151 [inline] register_pernet_operations+0x331/0x1110 net/core/net_namespace.c:1222 register_pernet_device+0x26/0x70 net/core/net_namespace.c:1309 rds_tcp_init+0x77/0xe0 net/rds/tcp.c:731 do_one_initcall+0xfe/0x650 init/main.c:1300 do_initcall_level init/main.c:1375 [inline] do_initcalls init/main.c:1391 [inline] do_basic_setup init/main.c:1410 [inline] kernel_init_freeable+0x6ac/0x735 init/main.c:1619 kernel_init+0x1a/0x1d0 init/main.c:1506 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] __inet_inherit_port+0x163/0xa90 net/ipv4/inet_hashtables.c:141 tcp_v4_syn_recv_sock+0xb57/0x14b0 net/ipv4/tcp_ipv4.c:1568 tcp_check_req+0x62e/0x1aa0 net/ipv4/tcp_minisocks.c:764 tcp_v4_rcv+0x2435/0x3930 net/ipv4/tcp_ipv4.c:2006 ip_protocol_deliver_rcu+0x9b/0x7c0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2e8/0x4c0 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip_local_deliver+0x1aa/0x200 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [inline] ip_sublist_rcv_finish+0x9a/0x2c0 net/ipv4/ip_input.c:575 ip_list_rcv_finish net/ipv4/ip_input.c:625 [inline] ip_sublist_rcv+0x533/0x980 net/ipv4/ip_input.c:633 ip_list_rcv+0x31a/0x470 net/ipv4/ip_input.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5528 [inline] __netif_receive_skb_list_core+0x548/0x8f0 net/core/dev.c:5576 __netif_receive_skb_list net/core/dev.c:5628 [inline] netif_receive_skb_list_internal+0x75b/0xd80 net/core/dev.c:5719 gro_normal_list include/net/gro.h:430 [inline] gro_normal_list include/net/gro.h:426 [inline] napi_complete_done+0x1f1/0x880 net/core/dev.c:6060 virtqueue_napi_complete drivers/net/virtio_net.c:398 [inline] virtnet_poll+0xd0c/0x1310 drivers/net/virtio_net.c:1675 __napi_poll+0xb3/0x6d0 net/core/dev.c:6511 napi_poll net/core/dev.c:6578 [inline] net_rx_action+0x9c1/0xd90 net/core/dev.c:6689 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] acpi_safe_halt+0x6f/0xb0 drivers/acpi/processor_idle.c:112 acpi_idle_do_entry drivers/acpi/processor_idle.c:555 [inline] acpi_idle_enter+0x524/0x6a0 drivers/acpi/processor_idle.c:692 cpuidle_enter_state+0x1ab/0xd30 drivers/cpuidle/cpuidle.c:239 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:356 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x3e8/0x590 kernel/sched/idle.c:303 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:400 rest_init+0x169/0x270 init/main.c:729 arch_call_rest_init+0xf/0x14 init/main.c:887 start_kernel+0x46e/0x48f init/main.c:1142 secondary_startup_64_no_verify+0xce/0xdb INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:354 [inline] inet_csk_get_port+0x602/0x15e0 net/ipv4/inet_connection_sock.c:388 __inet6_bind+0x621/0x1b20 net/ipv6/af_inet6.c:406 inet6_bind+0x173/0x220 net/ipv6/af_inet6.c:465 rds_tcp_listen_init+0x2a5/0x4d0 net/rds/tcp_listen.c:307 rds_tcp_init_net+0x219/0x4f0 net/rds/tcp.c:573 ops_init+0xaf/0x470 net/core/net_namespace.c:135 __register_pernet_operations net/core/net_namespace.c:1151 [inline] register_pernet_operations+0x331/0x1110 net/core/net_namespace.c:1222 register_pernet_device+0x26/0x70 net/core/net_namespace.c:1309 rds_tcp_init+0x77/0xe0 net/rds/tcp.c:731 do_one_initcall+0xfe/0x650 init/main.c:1300 do_initcall_level init/main.c:1375 [inline] do_initcalls init/main.c:1391 [inline] do_basic_setup init/main.c:1410 [inline] kernel_init_freeable+0x6ac/0x735 init/main.c:1619 kernel_init+0x1a/0x1d0 init/main.c:1506 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 } ... key at: [] __key.0+0x0/0x40 -> (clock-AF_INET6){++..}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_write_lock_bh include/linux/rwlock_api_smp.h:202 [inline] _raw_write_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:334 sock_orphan include/net/sock.h:2040 [inline] sk_common_release+0xc2/0x390 net/core/sock.c:3614 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3b/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1b/0xb0 net/core/sock.c:2488 udp_lib_lport_inuse+0x32/0x490 net/ipv4/udp.c:140 udp_lib_get_port+0x831/0x18c0 net/ipv4/udp.c:306 __inet6_bind+0x621/0x1b20 net/ipv6/af_inet6.c:406 inet6_bind+0x173/0x220 net/ipv6/af_inet6.c:465 __sys_bind+0x1e9/0x250 net/socket.c:1776 __do_sys_bind net/socket.c:1787 [inline] __se_sys_bind net/socket.c:1785 [inline] __x64_sys_bind+0x6f/0xb0 net/socket.c:1785 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_write_lock_bh include/linux/rwlock_api_smp.h:202 [inline] _raw_write_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:334 sock_orphan include/net/sock.h:2040 [inline] sk_common_release+0xc2/0x390 net/core/sock.c:3614 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3b/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1b/0xb0 net/core/sock.c:2488 udp_lib_lport_inuse+0x32/0x490 net/ipv4/udp.c:140 udp_lib_get_port+0x831/0x18c0 net/ipv4/udp.c:306 __inet6_bind+0x621/0x1b20 net/ipv6/af_inet6.c:406 inet6_bind+0x173/0x220 net/ipv6/af_inet6.c:465 __sys_bind+0x1e9/0x250 net/socket.c:1776 __do_sys_bind net/socket.c:1787 [inline] __se_sys_bind net/socket.c:1785 [inline] __x64_sys_bind+0x6f/0xb0 net/socket.c:1785 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd } ... key at: [] af_callback_keys+0xa0/0x300 ... acquired at: __raw_read_lock_bh include/linux/rwlock_api_smp.h:176 [inline] _raw_read_lock_bh+0x3b/0x70 kernel/locking/spinlock.c:252 sock_i_uid+0x1b/0xb0 net/core/sock.c:2488 sk_reuseport_match net/ipv4/inet_connection_sock.c:281 [inline] inet_csk_get_port+0x7ce/0x15e0 net/ipv4/inet_connection_sock.c:404 __inet6_bind+0x621/0x1b20 net/ipv6/af_inet6.c:406 inet6_bind+0x173/0x220 net/ipv6/af_inet6.c:465 __sys_bind+0x1e9/0x250 net/socket.c:1776 __do_sys_bind net/socket.c:1787 [inline] __se_sys_bind net/socket.c:1785 [inline] __x64_sys_bind+0x6f/0xb0 net/socket.c:1785 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (&mm->arg_lock){+.+.}-{2:2} { HARDIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] prctl_set_mm+0x363/0x8e0 kernel/sys.c:2148 __do_sys_prctl+0x925/0x1380 kernel/sys.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd SOFTIRQ-ON-W at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] prctl_set_mm+0x363/0x8e0 kernel/sys.c:2148 __do_sys_prctl+0x925/0x1380 kernel/sys.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] prctl_set_mm+0x363/0x8e0 kernel/sys.c:2148 __do_sys_prctl+0x925/0x1380 kernel/sys.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd } ... key at: [] __key.293+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] get_mm_cmdline.part.0+0x90/0x620 fs/proc/base.c:264 get_mm_cmdline fs/proc/base.c:367 [inline] get_task_cmdline_kernel+0x1d9/0x220 fs/proc/base.c:367 dump_stack_print_cmdline.part.0+0x82/0x150 lib/dump_stack.c:61 dump_stack_print_cmdline lib/dump_stack.c:89 [inline] dump_stack_print_info+0x185/0x190 lib/dump_stack.c:97 __dump_stack lib/dump_stack.c:121 [inline] dump_stack_lvl+0xc1/0x134 lib/dump_stack.c:140 __rcu_dereference_sk_user_data_with_flags include/net/sock.h:592 [inline] bpf_sk_reuseport_detach+0x156/0x190 kernel/bpf/reuseport_array.c:27 reuseport_detach_sock+0x8c/0x4a0 net/core/sock_reuseport.c:362 reuseport_stop_listen_sock+0x6d/0x500 net/core/sock_reuseport.c:408 inet_unhash+0x3b1/0x680 net/ipv4/inet_hashtables.c:658 tcp_set_state+0x198/0x7e0 net/ipv4/tcp.c:2739 __tcp_close+0xbfd/0xf50 net/ipv4/tcp.c:2864 tcp_close+0x29/0xc0 net/ipv4/tcp.c:3026 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd stack backtrace: CPU: 1 PID: 9230 Comm: syz-executor.0 Not tainted 6.0.0-rc1-next-20220818-syzkaller #0 BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9230, name: syz-executor.0 preempt_count: 404, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 3009 hardirqs last enabled at (3008): [] __up_console_sem+0xae/0xc0 kernel/printk/printk.c:264 hardirqs last disabled at (3009): [] dump_stack_lvl+0x2e/0x134 lib/dump_stack.c:139 softirqs last enabled at (2672): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (2672): [] reuseport_stop_listen_sock+0x1f1/0x500 net/core/sock_reuseport.c:404 softirqs last disabled at (2674): [] spin_lock_bh include/linux/spinlock.h:354 [inline] softirqs last disabled at (2674): [] reuseport_detach_sock+0x22/0x4a0 net/core/sock_reuseport.c:346 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 9230 Comm: syz-executor.0 Not tainted 6.0.0-rc1-next-20220818-syzkaller #0 syz-executor.0[9230] cmdline: /root/syz-executor.0 exec Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:122 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:140 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9896 down_read_killable+0x75/0x490 kernel/locking/rwsem.c:1521 mmap_read_lock_killable include/linux/mmap_lock.h:126 [inline] __access_remote_vm+0xac/0x6f0 mm/memory.c:5461 get_mm_cmdline.part.0+0x217/0x620 fs/proc/base.c:299 get_mm_cmdline fs/proc/base.c:367 [inline] get_task_cmdline_kernel+0x1d9/0x220 fs/proc/base.c:367 dump_stack_print_cmdline.part.0+0x82/0x150 lib/dump_stack.c:61 dump_stack_print_cmdline lib/dump_stack.c:89 [inline] dump_stack_print_info+0x185/0x190 lib/dump_stack.c:97 __dump_stack lib/dump_stack.c:121 [inline] dump_stack_lvl+0xc1/0x134 lib/dump_stack.c:140 print_bad_irq_dependency kernel/locking/lockdep.c:2609 [inline] check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2848 check_prev_add kernel/locking/lockdep.c:3099 [inline] check_prevs_add kernel/locking/lockdep.c:3214 [inline] validate_chain kernel/locking/lockdep.c:3829 [inline] __lock_acquire+0x2a5b/0x56d0 kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] get_mm_cmdline.part.0+0x90/0x620 fs/proc/base.c:264 get_mm_cmdline fs/proc/base.c:367 [inline] get_task_cmdline_kernel+0x1d9/0x220 fs/proc/base.c:367 dump_stack_print_cmdline.part.0+0x82/0x150 lib/dump_stack.c:61 dump_stack_print_cmdline lib/dump_stack.c:89 [inline] dump_stack_print_info+0x185/0x190 lib/dump_stack.c:97 __dump_stack lib/dump_stack.c:121 [inline] dump_stack_lvl+0xc1/0x134 lib/dump_stack.c:140 __rcu_dereference_sk_user_data_with_flags include/net/sock.h:592 [inline] bpf_sk_reuseport_detach+0x156/0x190 kernel/bpf/reuseport_array.c:27 reuseport_detach_sock+0x8c/0x4a0 net/core/sock_reuseport.c:362 reuseport_stop_listen_sock+0x6d/0x500 net/core/sock_reuseport.c:408 inet_unhash+0x3b1/0x680 net/ipv4/inet_hashtables.c:658 tcp_set_state+0x198/0x7e0 net/ipv4/tcp.c:2739 __tcp_close+0xbfd/0xf50 net/ipv4/tcp.c:2864 tcp_close+0x29/0xc0 net/ipv4/tcp.c:3026 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5980a3bebb Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffdd99e5520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f5980a3bebb RDX: 0000000000000000 RSI: 0000001b2e7231b0 RDI: 0000000000000003 RBP: 00007f5980b9d980 R08: 0000000000000000 R09: 000000002916b569 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000084cce R13: 00007ffdd99e5620 R14: 00007f5980b9c050 R15: 0000000000000032 syz-executor.0[9230] cmdline: /root/syz-executor.0 exec Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:122 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:140 print_bad_irq_dependency kernel/locking/lockdep.c:2609 [inline] check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2848 check_prev_add kernel/locking/lockdep.c:3099 [inline] check_prevs_add kernel/locking/lockdep.c:3214 [inline] validate_chain kernel/locking/lockdep.c:3829 [inline] __lock_acquire+0x2a5b/0x56d0 kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] get_mm_cmdline.part.0+0x90/0x620 fs/proc/base.c:264 get_mm_cmdline fs/proc/base.c:367 [inline] get_task_cmdline_kernel+0x1d9/0x220 fs/proc/base.c:367 dump_stack_print_cmdline.part.0+0x82/0x150 lib/dump_stack.c:61 dump_stack_print_cmdline lib/dump_stack.c:89 [inline] dump_stack_print_info+0x185/0x190 lib/dump_stack.c:97 __dump_stack lib/dump_stack.c:121 [inline] dump_stack_lvl+0xc1/0x134 lib/dump_stack.c:140 __rcu_dereference_sk_user_data_with_flags include/net/sock.h:592 [inline] bpf_sk_reuseport_detach+0x156/0x190 kernel/bpf/reuseport_array.c:27 reuseport_detach_sock+0x8c/0x4a0 net/core/sock_reuseport.c:362 reuseport_stop_listen_sock+0x6d/0x500 net/core/sock_reuseport.c:408 inet_unhash+0x3b1/0x680 net/ipv4/inet_hashtables.c:658 tcp_set_state+0x198/0x7e0 net/ipv4/tcp.c:2739 __tcp_close+0xbfd/0xf50 net/ipv4/tcp.c:2864 tcp_close+0x29/0xc0 net/ipv4/tcp.c:3026 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5980a3bebb Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffdd99e5520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f5980a3bebb RDX: 0000000000000000 RSI: 0000001b2e7231b0 RDI: 0000000000000003 RBP: 00007f5980b9d980 R08: 0000000000000000 R09: 000000002916b569 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000084cce R13: 00007ffdd99e5620 R14: 00007f5980b9c050 R15: 0000000000000032 syz-executor.0[9230] cmdline: /root/syz-executor.0 exec Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:122 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:140 __rcu_dereference_sk_user_data_with_flags include/net/sock.h:592 [inline] bpf_sk_reuseport_detach+0x156/0x190 kernel/bpf/reuseport_array.c:27 reuseport_detach_sock+0x8c/0x4a0 net/core/sock_reuseport.c:362 reuseport_stop_listen_sock+0x6d/0x500 net/core/sock_reuseport.c:408 inet_unhash+0x3b1/0x680 net/ipv4/inet_hashtables.c:658 tcp_set_state+0x198/0x7e0 net/ipv4/tcp.c:2739 __tcp_close+0xbfd/0xf50 net/ipv4/tcp.c:2864 tcp_close+0x29/0xc0 net/ipv4/tcp.c:3026 inet_release+0x12e/0x270 net/ipv4/af_inet.c:428 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:482 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5980a3bebb Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffdd99e5520 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f5980a3bebb RDX: 0000000000000000 RSI: 0000001b2e7231b0 RDI: 0000000000000003 RBP: 00007f5980b9d980 R08: 0000000000000000 R09: 000000002916b569 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000084cce R13: 00007ffdd99e5620 R14: 00007f5980b9c050 R15: 0000000000000032