================================ WARNING: inconsistent lock state 6.11.0-syzkaller-07337-g2004cef11ea0 #0 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-R} -> {IN-HARDIRQ-W} usage. syz-executor/7345 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff8880b883e998 (tasklist_lock){-+.+}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:593 {HARDIRQ-ON-R} state was registered at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0x12d/0x850 kernel/exit.c:1591 do_wait+0x1e9/0x560 kernel/exit.c:1635 kernel_wait+0xe9/0x240 kernel/exit.c:1811 call_usermodehelper_exec_sync kernel/umh.c:137 [inline] call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 irq event stamp: 261176 hardirqs last enabled at (261175): [] raw_spin_rq_unlock_irq kernel/sched/sched.h:1435 [inline] hardirqs last enabled at (261175): [] finish_lock_switch kernel/sched/core.c:5018 [inline] hardirqs last enabled at (261175): [] finish_task_switch+0x1e5/0x870 kernel/sched/core.c:5136 hardirqs last disabled at (261176): [] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1037 softirqs last enabled at (260748): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last enabled at (260748): [] fpregs_lock arch/x86/include/asm/fpu/api.h:72 [inline] softirqs last enabled at (260748): [] fpu_clone+0x25b/0xad0 arch/x86/kernel/fpu/core.c:630 softirqs last disabled at (260746): [] local_bh_disable include/linux/bottom_half.h:20 [inline] softirqs last disabled at (260746): [] fpregs_lock arch/x86/include/asm/fpu/api.h:72 [inline] softirqs last disabled at (260746): [] fpu_clone+0x25b/0xad0 arch/x86/kernel/fpu/core.c:630 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(tasklist_lock); lock(tasklist_lock); *** DEADLOCK *** no locks held by syz-executor/7345. stack backtrace: CPU: 1 UID: 0 PID: 7345 Comm: syz-executor Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_usage_bug+0x62e/0x8b0 kernel/locking/lockdep.c:4035 valid_state+0x13a/0x1c0 kernel/locking/lockdep.c:4049 mark_lock_irq+0xe2/0xc20 kernel/locking/lockdep.c:4266 mark_lock+0x223/0x360 kernel/locking/lockdep.c:4722 mark_usage kernel/locking/lockdep.c:4608 [inline] __lock_acquire+0xbb7/0x2050 kernel/locking/lockdep.c:5153 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:593 raw_spin_rq_lock kernel/sched/sched.h:1423 [inline] rq_lock kernel/sched/sched.h:1722 [inline] sched_tick+0x72/0x610 kernel/sched/core.c:5534 update_process_times+0x202/0x230 kernel/time/timer.c:2524 tick_sched_handle kernel/time/tick-sched.c:276 [inline] tick_nohz_handler+0x37c/0x500 kernel/time/tick-sched.c:297 __run_hrtimer kernel/time/hrtimer.c:1691 [inline] __hrtimer_run_queues+0x553/0xd50 kernel/time/hrtimer.c:1755 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1817 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1026 [inline] __sysvec_apic_timer_interrupt+0x112/0x3f0 arch/x86/kernel/apic/apic.c:1043 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline] sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1037 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5138 Code: c9 50 e8 49 fc 0b 00 48 83 c4 08 4c 89 f7 e8 bd 38 00 00 e9 de 04 00 00 4c 89 f7 e8 b0 1a 65 0a e8 5b f6 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc RSP: 0018:ffffc90002eff988 EFLAGS: 00000282 RAX: 6dc6572a8ce32400 RBX: ffff88802e2c8000 RCX: ffffffff9a3a6903 RDX: dffffc0000000000 RSI: ffffffff8c0ad7c0 RDI: ffffffff8c60dd00 RBP: ffffc90002eff9d0 R08: ffffffff901c5aaf R09: 1ffffffff2038b55 R10: dffffc0000000000 R11: fffffbfff2038b56 R12: 1ffff11017127ef4 R13: dffffc0000000000 R14: ffff8880b883e980 R15: ffff8880b893f7a0 context_switch kernel/sched/core.c:5267 [inline] __schedule+0x189b/0x4b50 kernel/sched/core.c:6607 __schedule_loop kernel/sched/core.c:6684 [inline] schedule+0x14b/0x320 kernel/sched/core.c:6699 do_nanosleep+0x197/0x600 kernel/time/hrtimer.c:2032 hrtimer_nanosleep+0x1e3/0x3f0 kernel/time/hrtimer.c:2080 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1411 [inline] __se_sys_clock_nanosleep+0x32d/0x3c0 kernel/time/posix-timers.c:1388 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5dedfaffe5 Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 c6 57 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 1f 58 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 RSP: 002b:00007ffda89c1700 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 RAX: ffffffffffffffda RBX: 0000000000000026 RCX: 00007f5dedfaffe5 RDX: 00007ffda89c1740 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007ffda89c179c R08: 0000000000000000 R09: 7fffffffffffffff R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 R13: 000000000005e455 R14: 000000000005e326 R15: 00007ffda89c17f0 ---------------- Code disassembly (best guess): 0: c9 leave 1: 50 push %rax 2: e8 49 fc 0b 00 call 0xbfc50 7: 48 83 c4 08 add $0x8,%rsp b: 4c 89 f7 mov %r14,%rdi e: e8 bd 38 00 00 call 0x38d0 13: e9 de 04 00 00 jmp 0x4f6 18: 4c 89 f7 mov %r14,%rdi 1b: e8 b0 1a 65 0a call 0xa651ad0 20: e8 5b f6 37 00 call 0x37f680 25: fb sti 26: 48 8b 5d c0 mov -0x40(%rbp),%rbx * 2a: 48 8d bb f8 15 00 00 lea 0x15f8(%rbx),%rdi <-- trapping instruction 31: 48 89 f8 mov %rdi,%rax 34: 48 c1 e8 03 shr $0x3,%rax 38: 49 rex.WB 39: be 00 00 00 00 mov $0x0,%esi 3e: 00 fc add %bh,%ah