===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 5.15.0-rc5-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.0/26163 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8b60a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xab/0x380 fs/fcntl.c:810 and this task is already holding: ffff88807a168138 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:796 which would create a new lock dependency: (&f->f_owner.lock){...-}-{2:2} -> (tasklist_lock){.+.+}-{2:2} but this new dependency connects a SOFTIRQ-irq-safe lock: (&group->lock){..-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170 snd_pcm_period_elapsed+0x1d/0x50 sound/core/pcm_lib.c:1847 dummy_hrtimer_callback+0x94/0x1b0 sound/drivers/dummy.c:377 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 __down_common+0x2d8/0x420 kernel/locking/semaphore.c:223 down_interruptible+0x7d/0xa0 kernel/locking/semaphore.c:86 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:95 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:555 [inline] raw_ioctl+0xfef/0x26f0 drivers/usb/gadget/legacy/raw_gadget.c:1217 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{2:2} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x284/0xce0 kernel/exit.c:1504 kernel_wait+0x9c/0x150 kernel/exit.c:1694 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 other info that might help us debug this: Chain exists of: &group->lock --> &f->f_owner.lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&group->lock); lock(&f->f_owner.lock); lock(&group->lock); *** DEADLOCK *** 5 locks held by syz-executor.0/26163: #0: ffffffff8b981ae0 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x0/0x4e0 include/trace/events/sock.h:204 #1: ffffffff8b981ae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_unlock include/linux/rcupdate.h:716 [inline] #1: ffffffff8b981ae0 (rcu_read_lock){....}-{1:2}, at: sock_def_readable+0x2aa/0x4e0 net/core/sock.c:3057 #2: ffffffff8b981ae0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x470 fs/fcntl.c:1033 #3: ffff88807729e7f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1014 [inline] #3: ffff88807729e7f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1035 [inline] #3: ffff88807729e7f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x136/0x470 fs/fcntl.c:1028 #4: ffff88807a168138 (&f->f_owner.lock){...-}-{2:2}, at: send_sigio+0x24/0x380 fs/fcntl.c:796 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&group->lock){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170 snd_pcm_period_elapsed+0x1d/0x50 sound/core/pcm_lib.c:1847 dummy_hrtimer_callback+0x94/0x1b0 sound/drivers/dummy.c:377 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202 __down_common+0x2d8/0x420 kernel/locking/semaphore.c:223 down_interruptible+0x7d/0xa0 kernel/locking/semaphore.c:86 raw_event_queue_fetch drivers/usb/gadget/legacy/raw_gadget.c:95 [inline] raw_ioctl_event_fetch drivers/usb/gadget/legacy/raw_gadget.c:555 [inline] raw_ioctl+0xfef/0x26f0 drivers/usb/gadget/legacy/raw_gadget.c:1217 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x32/0x50 kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:388 [inline] snd_pcm_group_lock_irq sound/core/pcm_native.c:97 [inline] snd_pcm_stream_lock_irq sound/core/pcm_native.c:136 [inline] snd_pcm_hw_params+0x12a/0x1990 sound/core/pcm_native.c:686 snd_pcm_kernel_ioctl+0xd1/0x240 sound/core/pcm_native.c:3357 snd_pcm_oss_change_params_locked+0x1958/0x3990 sound/core/oss/pcm_oss.c:947 snd_pcm_oss_change_params sound/core/oss/pcm_oss.c:1091 [inline] snd_pcm_oss_make_ready+0xe7/0x1b0 sound/core/oss/pcm_oss.c:1150 snd_pcm_oss_sync+0x1de/0x800 sound/core/oss/pcm_oss.c:1717 snd_pcm_oss_release+0x276/0x300 sound/core/oss/pcm_oss.c:2571 __fput+0x288/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.9+0x0/0x40 -> (&timer->lock){....}-{2:2} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_notify sound/core/timer.c:1087 [inline] snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1074 snd_pcm_timer_notify sound/core/pcm_native.c:595 [inline] snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1453 snd_pcm_action_single sound/core/pcm_native.c:1229 [inline] snd_pcm_action+0x143/0x170 sound/core/pcm_native.c:1310 snd_pcm_stop sound/core/pcm_native.c:1476 [inline] snd_pcm_drop+0x1ab/0x320 sound/core/pcm_native.c:2155 snd_pcm_kernel_ioctl+0x12f/0x240 sound/core/pcm_native.c:3367 snd_pcm_oss_sync+0x230/0x800 sound/core/oss/pcm_oss.c:1721 snd_pcm_oss_release+0x276/0x300 sound/core/oss/pcm_oss.c:2571 __fput+0x288/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.12+0x0/0x40 ... acquired at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_notify sound/core/timer.c:1087 [inline] snd_timer_notify+0x10c/0x3d0 sound/core/timer.c:1074 snd_pcm_timer_notify sound/core/pcm_native.c:595 [inline] snd_pcm_post_stop+0x195/0x1f0 sound/core/pcm_native.c:1453 snd_pcm_action_single sound/core/pcm_native.c:1229 [inline] snd_pcm_action+0x143/0x170 sound/core/pcm_native.c:1310 snd_pcm_stop sound/core/pcm_native.c:1476 [inline] snd_pcm_drop+0x1ab/0x320 sound/core/pcm_native.c:2155 snd_pcm_kernel_ioctl+0x12f/0x240 sound/core/pcm_native.c:3367 snd_pcm_oss_sync+0x230/0x800 sound/core/oss/pcm_oss.c:1721 snd_pcm_oss_release+0x276/0x300 sound/core/oss/pcm_oss.c:2571 __fput+0x288/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae -> (&new->fa_lock){....}-{2:2} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316 fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:891 fasync_helper+0x9e/0xb0 fs/fcntl.c:994 sock_fasync+0x94/0x140 net/socket.c:1339 __fput+0x848/0x9f0 fs/file_table.c:277 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1014 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x136/0x470 fs/fcntl.c:1028 sock_wake_async+0xd2/0x160 net/socket.c:1368 sk_wake_async include/net/sock.h:2368 [inline] sk_wake_async include/net/sock.h:2364 [inline] af_alg_wmem_wakeup crypto/af_alg.c:743 [inline] af_alg_wmem_wakeup+0x33a/0x5c0 crypto/af_alg.c:730 skcipher_recvmsg+0xaae/0xe20 crypto/algif_skcipher.c:177 skcipher_recvmsg_nokey+0x65/0x90 crypto/algif_skcipher.c:270 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] sock_recvmsg net/socket.c:958 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2628 ___sys_recvmsg+0x127/0x200 net/socket.c:2670 do_recvmmsg+0x24d/0x6d0 net/socket.c:2764 __sys_recvmmsg net/socket.c:2843 [inline] __do_sys_recvmmsg net/socket.c:2866 [inline] __se_sys_recvmmsg net/socket.c:2859 [inline] __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.0+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1014 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x136/0x470 fs/fcntl.c:1028 snd_timer_user_ccallback+0x298/0x330 sound/core/timer.c:1387 snd_timer_notify1+0x11c/0x3b0 sound/core/timer.c:516 snd_timer_start1+0x4d4/0x800 sound/core/timer.c:578 snd_timer_start sound/core/timer.c:697 [inline] snd_timer_start sound/core/timer.c:690 [inline] snd_timer_user_start.isra.0+0x1e3/0x260 sound/core/timer.c:1985 __snd_timer_user_ioctl.isra.0+0xda8/0x24c0 sound/core/timer.c:2108 snd_timer_user_ioctl+0x77/0xb0 sound/core/timer.c:2129 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> (&f->f_owner.lock){...-}-{2:2} { IN-SOFTIRQ-R at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x45/0x90 kernel/locking/spinlock.c:236 send_sigurg+0x1e/0xaf0 fs/fcntl.c:835 sk_send_sigurg+0x76/0x310 net/core/sock.c:3090 tcp_check_urg.isra.0+0x1f3/0x710 net/ipv4/tcp_input.c:5550 tcp_urg net/ipv4/tcp_input.c:5591 [inline] tcp_rcv_established+0x12ab/0x2130 net/ipv4/tcp_input.c:5925 tcp_v4_do_rcv+0x5d4/0x880 net/ipv4/tcp_ipv4.c:1694 tcp_v4_rcv+0x2815/0x30e0 net/ipv4/tcp_ipv4.c:2087 ip_protocol_deliver_rcu+0xa7/0xee0 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:460 [inline] ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540 __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5436 __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5550 process_backlog+0x2a5/0x6c0 net/core/dev.c:6427 __napi_poll+0xaf/0x440 net/core/dev.c:6986 napi_poll net/core/dev.c:7053 [inline] net_rx_action+0x801/0xb40 net/core/dev.c:7140 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 __sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:193 preempt_count arch/x86/include/asm/preempt.h:27 [inline] tracing_gen_ctx_irq_test+0xb/0x170 kernel/trace/trace.c:2620 tracing_gen_ctx_flags include/linux/trace_events.h:182 [inline] tracing_gen_ctx include/linux/trace_events.h:189 [inline] perf_trace_buf_update+0x33/0x190 kernel/trace/trace_event_perf.c:425 perf_tp_event+0x15b/0xb70 kernel/events/core.c:9705 perf_trace_run_bpf_submit+0x11c/0x210 kernel/events/core.c:9683 perf_trace_lock+0x2ef/0x4d0 include/trace/events/lock.h:39 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x4a8/0x720 kernel/locking/lockdep.c:5636 rcu_lock_release include/linux/rcupdate.h:272 [inline] rcu_read_unlock include/linux/rcupdate.h:720 [inline] is_bpf_text_address+0x99/0x170 kernel/bpf/core.c:708 kernel_text_address kernel/extable.c:151 [inline] kernel_text_address+0xbd/0xf0 kernel/extable.c:120 __kernel_text_address+0x9/0x30 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:318 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:313 arch_stack_walk+0x93/0xe0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xff/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1700 [inline] slab_free_freelist_hook+0x81/0x190 mm/slub.c:1725 slab_free mm/slub.c:3483 [inline] kfree+0xe4/0x530 mm/slub.c:4543 skb_free_head net/core/skbuff.c:654 [inline] pskb_expand_head+0xb0b/0x1060 net/core/skbuff.c:1733 netlink_trim+0x1ea/0x240 net/netlink/af_netlink.c:1301 netlink_broadcast_filtered+0x65/0xdc0 net/netlink/af_netlink.c:1506 netlink_broadcast net/netlink/af_netlink.c:1551 [inline] nlmsg_multicast include/net/netlink.h:1033 [inline] nlmsg_notify+0x94/0x290 net/netlink/af_netlink.c:2553 rtnl_notify net/core/rtnetlink.c:730 [inline] rtmsg_ifinfo_send net/core/rtnetlink.c:3833 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3848 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3836 [inline] rtnetlink_event+0x193/0x1d0 net/core/rtnetlink.c:5623 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1996 netdev_lower_state_changed+0xa9/0x130 net/core/dev.c:8514 bond_lower_state_changed drivers/net/bonding/bond_main.c:1731 [inline] bond_commit_link_state include/net/bonding.h:575 [inline] bond_commit_link_state include/net/bonding.h:567 [inline] bond_set_slave_link_state include/net/bonding.h:589 [inline] bond_enslave+0x17a1/0x53a0 drivers/net/bonding/bond_main.c:2017 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2521 __rtnl_newlink+0x13a1/0x1750 net/core/rtnetlink.c:3475 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316 f_modown+0x2a/0x390 fs/fcntl.c:91 __f_setown fs/fcntl.c:110 [inline] f_setown_ex fs/fcntl.c:200 [inline] do_fcntl+0xb24/0x1210 fs/fcntl.c:399 __do_sys_fcntl fs/fcntl.c:472 [inline] __se_sys_fcntl fs/fcntl.c:457 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:457 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 send_sigio+0x24/0x380 fs/fcntl.c:796 kill_fasync_rcu fs/fcntl.c:1021 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x1f8/0x470 fs/fcntl.c:1028 sock_wake_async+0xd2/0x160 net/socket.c:1368 sk_wake_async include/net/sock.h:2368 [inline] sk_wake_async include/net/sock.h:2364 [inline] af_alg_wmem_wakeup crypto/af_alg.c:743 [inline] af_alg_wmem_wakeup+0x33a/0x5c0 crypto/af_alg.c:730 skcipher_recvmsg+0xaae/0xe20 crypto/algif_skcipher.c:177 skcipher_recvmsg_nokey+0x65/0x90 crypto/algif_skcipher.c:270 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] sock_recvmsg net/socket.c:958 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2628 ___sys_recvmsg+0x127/0x200 net/socket.c:2670 do_recvmmsg+0x24d/0x6d0 net/socket.c:2764 __sys_recvmmsg net/socket.c:2843 [inline] __do_sys_recvmmsg net/socket.c:2866 [inline] __se_sys_recvmmsg net/socket.c:2859 [inline] __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.5+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 send_sigio+0x24/0x380 fs/fcntl.c:796 kill_fasync_rcu fs/fcntl.c:1021 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x1f8/0x470 fs/fcntl.c:1028 sock_wake_async+0xd2/0x160 net/socket.c:1368 sk_wake_async include/net/sock.h:2368 [inline] sk_wake_async include/net/sock.h:2364 [inline] af_alg_wmem_wakeup crypto/af_alg.c:743 [inline] af_alg_wmem_wakeup+0x33a/0x5c0 crypto/af_alg.c:730 skcipher_recvmsg+0xaae/0xe20 crypto/algif_skcipher.c:177 skcipher_recvmsg_nokey+0x65/0x90 crypto/algif_skcipher.c:270 sock_recvmsg_nosec net/socket.c:944 [inline] sock_recvmsg net/socket.c:962 [inline] sock_recvmsg net/socket.c:958 [inline] ____sys_recvmsg+0x2c4/0x600 net/socket.c:2628 ___sys_recvmsg+0x127/0x200 net/socket.c:2670 do_recvmmsg+0x24d/0x6d0 net/socket.c:2764 __sys_recvmmsg net/socket.c:2843 [inline] __do_sys_recvmmsg net/socket.c:2866 [inline] __se_sys_recvmmsg net/socket.c:2859 [inline] __x64_sys_recvmmsg+0x20b/0x260 net/socket.c:2859 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x284/0xce0 kernel/exit.c:1504 kernel_wait+0x9c/0x150 kernel/exit.c:1694 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x284/0xce0 kernel/exit.c:1504 kernel_wait+0x9c/0x150 kernel/exit.c:1694 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:316 copy_process+0x36c0/0x7590 kernel/fork.c:2313 kernel_clone+0xe7/0xac0 kernel/fork.c:2584 kernel_thread+0xb5/0xf0 kernel/fork.c:2636 rest_init+0x23/0x3e0 init/main.c:698 start_kernel+0x47a/0x49b init/main.c:1141 secondary_startup_64_no_verify+0xb0/0xbb INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x284/0xce0 kernel/exit.c:1504 kernel_wait+0x9c/0x150 kernel/exit.c:1694 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xf5/0x180 kernel/umh.c:166 process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297 worker_thread+0x658/0x11f0 kernel/workqueue.c:2444 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 send_sigio+0xab/0x380 fs/fcntl.c:810 kill_fasync_rcu fs/fcntl.c:1021 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x1f8/0x470 fs/fcntl.c:1028 sock_wake_async+0xd2/0x160 net/socket.c:1368 sk_wake_async include/net/sock.h:2368 [inline] sk_wake_async include/net/sock.h:2364 [inline] sock_def_readable+0x349/0x4e0 net/core/sock.c:3056 unix_dgram_sendmsg+0xfa7/0x1950 net/unix/af_unix.c:1941 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x331/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmmsg+0x195/0x470 net/socket.c:2549 __do_sys_sendmmsg net/socket.c:2578 [inline] __se_sys_sendmmsg net/socket.c:2575 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2575 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae stack backtrace: CPU: 0 PID: 26163 Comm: syz-executor.0 Not tainted 5.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_bad_irq_dependency kernel/locking/lockdep.c:2565 [inline] check_irq_usage.cold+0x4c1/0x6b0 kernel/locking/lockdep.c:2804 check_prev_add kernel/locking/lockdep.c:3055 [inline] check_prevs_add kernel/locking/lockdep.c:3174 [inline] validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x2a1f/0x54a0 kernel/locking/lockdep.c:5015 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 send_sigio+0xab/0x380 fs/fcntl.c:810 kill_fasync_rcu fs/fcntl.c:1021 [inline] kill_fasync fs/fcntl.c:1035 [inline] kill_fasync+0x1f8/0x470 fs/fcntl.c:1028 sock_wake_async+0xd2/0x160 net/socket.c:1368 sk_wake_async include/net/sock.h:2368 [inline] sk_wake_async include/net/sock.h:2364 [inline] sock_def_readable+0x349/0x4e0 net/core/sock.c:3056 unix_dgram_sendmsg+0xfa7/0x1950 net/unix/af_unix.c:1941 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x331/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmmsg+0x195/0x470 net/socket.c:2549 __do_sys_sendmmsg net/socket.c:2578 [inline] __se_sys_sendmmsg net/socket.c:2575 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2575 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f58f2665a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f58efbdb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f58f2768f60 RCX: 00007f58f2665a39 RDX: 0307017fdb7a66cb RSI: 0000000020002dc0 RDI: 0000000000000006 RBP: 00007f58f26bfc5f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000003ec0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffce2752f2f R14: 00007f58efbdb300 R15: 0000000000022000