bisecting cause commit starting from 7c8ca8129ee9724cb1527895fe6dec942ef07f19 building syzkaller on bd2a760b69f2df56a20577ba8c0665105766f3bd testing commit 7c8ca8129ee9724cb1527895fe6dec942ef07f19 with gcc (GCC) 8.1.0 kernel signature: 93ebc89aa22096de38b049c5e1948e8c813b69e7504718df766a7260a515d232 all runs: crashed: possible deadlock in kill_fasync testing release v5.9 testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 8.1.0 kernel signature: a82b63d060ceb014a456a27cdef2f1ec1d15fc82de1427bc4784201d6479e67b all runs: OK # git bisect start 7c8ca8129ee9724cb1527895fe6dec942ef07f19 bbf5c979011a099af5dc76498918ed7df445635b Bisecting: 11201 revisions left to test after this (roughly 14 steps) [49dc6fbce33011733601e4e81c551e066f1682fc] Merge tag 'kgdb-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux testing commit 49dc6fbce33011733601e4e81c551e066f1682fc with gcc (GCC) 8.1.0 kernel signature: ce8ea1b7ea31644fcf1ba40afc1ed247f9ed23bf439675cc41a5152ef6bdbe39 all runs: crashed: possible deadlock in kill_fasync # git bisect bad 49dc6fbce33011733601e4e81c551e066f1682fc Bisecting: 5824 revisions left to test after this (roughly 13 steps) [726eb70e0d34dc4bc4dada71f52bba8ed638431e] Merge tag 'char-misc-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit 726eb70e0d34dc4bc4dada71f52bba8ed638431e with gcc (GCC) 8.1.0 kernel signature: d5bd28ba36e60e83ed074ec70cf139f5bc065cfc4d5edf0dfe079783098eed4e all runs: crashed: possible deadlock in kill_fasync # git bisect bad 726eb70e0d34dc4bc4dada71f52bba8ed638431e Bisecting: 2690 revisions left to test after this (roughly 11 steps) [527f6750d92beb9c787d8aba48477b1e834d64e5] kasan: remove mentions of unsupported Clang versions testing commit 527f6750d92beb9c787d8aba48477b1e834d64e5 with gcc (GCC) 8.1.0 kernel signature: 7a9c31039090fe1cbcde8b3fe9e6fd4a69113a7b63335b9d7e8c5c085a5f33c5 all runs: crashed: possible deadlock in kill_fasync # git bisect bad 527f6750d92beb9c787d8aba48477b1e834d64e5 Bisecting: 1326 revisions left to test after this (roughly 10 steps) [647412daeb454b6dad12a6c6961ab90aac9e5d29] Merge tag 'mmc-v5.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 647412daeb454b6dad12a6c6961ab90aac9e5d29 with gcc (GCC) 8.1.0 kernel signature: 7d1d62a2633770e9926affe2d928bf62bb5dfe9f521c45c61724148210a280ca all runs: crashed: possible deadlock in kill_fasync # git bisect bad 647412daeb454b6dad12a6c6961ab90aac9e5d29 Bisecting: 687 revisions left to test after this (roughly 9 steps) [3bff6112c80cecb76af5fe485506f96e8adb6122] Merge tag 'perf-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 3bff6112c80cecb76af5fe485506f96e8adb6122 with gcc (GCC) 8.1.0 kernel signature: 9df8ab64eb68a26d43ed878cd913ddbc0700bcdbfaf229c1cf653a8e6a0b2704 all runs: crashed: possible deadlock in kill_fasync # git bisect bad 3bff6112c80cecb76af5fe485506f96e8adb6122 Bisecting: 370 revisions left to test after this (roughly 8 steps) [f5f59336a9ae8f683772d6b8cb2d6732b5e567ea] Merge tag 'timers-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit f5f59336a9ae8f683772d6b8cb2d6732b5e567ea with gcc (GCC) 8.1.0 kernel signature: bb408c90d534046327cc0f4f7118c8eddc58e67a41e33c26f90e42ad57957f81 all runs: OK # git bisect good f5f59336a9ae8f683772d6b8cb2d6732b5e567ea Bisecting: 203 revisions left to test after this (roughly 8 steps) [edaa5ddf3833669a25654d42c0fb653dfdd906df] Merge tag 'sched-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit edaa5ddf3833669a25654d42c0fb653dfdd906df with gcc (GCC) 8.1.0 kernel signature: 88fabfce4dd682c33f07d1682d4d454d6b90ba3cf129c338c8d9d85c4ab3f6b3 all runs: OK # git bisect good edaa5ddf3833669a25654d42c0fb653dfdd906df Bisecting: 104 revisions left to test after this (roughly 7 steps) [e6412f9833db23740ee848ab3d6e7af18dff82a6] Merge tag 'efi-core-2020-10-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit e6412f9833db23740ee848ab3d6e7af18dff82a6 with gcc (GCC) 8.1.0 kernel signature: 52fd7ba20e92362af44da212b012125ce8369475b452e38e7ad793c68ef1253f all runs: crashed: possible deadlock in kill_fasync # git bisect bad e6412f9833db23740ee848ab3d6e7af18dff82a6 Bisecting: 54 revisions left to test after this (roughly 6 steps) [e705d397965811ac528d7213b42d74ffe43caf38] Merge branch 'locking/urgent' into locking/core, to pick up fixes testing commit e705d397965811ac528d7213b42d74ffe43caf38 with gcc (GCC) 8.1.0 kernel signature: 3212850ca64286f450a96c527dc825ec059085f082fecb4539b7d6b4ed8ae963 all runs: crashed: possible deadlock in kill_fasync # git bisect bad e705d397965811ac528d7213b42d74ffe43caf38 Bisecting: 21 revisions left to test after this (roughly 5 steps) [ad56450db86413ff911eb527b5a49e04a4345e61] locking/selftest: Add test cases for queued_read_lock() testing commit ad56450db86413ff911eb527b5a49e04a4345e61 with gcc (GCC) 8.1.0 kernel signature: bc70a2801d9553166757bd5a4e2d6b41e603abd5a010ecbebcd76dc5f65941e0 all runs: crashed: possible deadlock in kill_fasync # git bisect bad ad56450db86413ff911eb527b5a49e04a4345e61 Bisecting: 10 revisions left to test after this (roughly 4 steps) [6971c0f345620aae5e6172207a57b7524603a34e] lockdep: Extend __bfs() to work with multiple types of dependencies testing commit 6971c0f345620aae5e6172207a57b7524603a34e with gcc (GCC) 8.1.0 kernel signature: ad0614b260e8e35ca89d0e1eaf16999f2334f3af79b74f957cfd038f45cb94c1 all runs: crashed: possible deadlock in kill_fasync # git bisect bad 6971c0f345620aae5e6172207a57b7524603a34e Bisecting: 5 revisions left to test after this (roughly 3 steps) [e918188611f073063415f40fae568fa4d86d9044] locking: More accurate annotations for read_lock() testing commit e918188611f073063415f40fae568fa4d86d9044 with gcc (GCC) 8.1.0 kernel signature: 13c1abc7fff998630909024601d8b60d6919784bf4dd250b365ec12d7a3194c1 all runs: crashed: possible deadlock in kill_fasync # git bisect bad e918188611f073063415f40fae568fa4d86d9044 Bisecting: 2 revisions left to test after this (roughly 1 step) [a435b9a14356587cf512ea6473368a579373c74c] locking/refcount: Provide __refcount API to obtain the old value testing commit a435b9a14356587cf512ea6473368a579373c74c with gcc (GCC) 8.1.0 kernel signature: 76f6c9d09c7a3529e2fb2c86debe078b9297cacc48f3053768b80d3210981c3b all runs: OK # git bisect good a435b9a14356587cf512ea6473368a579373c74c Bisecting: 0 revisions left to test after this (roughly 1 step) [92b4e9f11a636d1723cc0866bf8b9111b1e24339] Documentation/locking/locktypes: Fix local_locks documentation testing commit 92b4e9f11a636d1723cc0866bf8b9111b1e24339 with gcc (GCC) 8.1.0 kernel signature: 76f6c9d09c7a3529e2fb2c86debe078b9297cacc48f3053768b80d3210981c3b all runs: OK # git bisect good 92b4e9f11a636d1723cc0866bf8b9111b1e24339 e918188611f073063415f40fae568fa4d86d9044 is the first bad commit commit e918188611f073063415f40fae568fa4d86d9044 Author: Boqun Feng Date: Fri Aug 7 15:42:20 2020 +0800 locking: More accurate annotations for read_lock() On the archs using QUEUED_RWLOCKS, read_lock() is not always a recursive read lock, actually it's only recursive if in_interrupt() is true. So change the annotation accordingly to catch more deadlocks. Note we used to treat read_lock() as pure recursive read locks in lib/locking-seftest.c, and this is useful, especially for the lockdep development selftest, so we keep this via a variable to force switching lock annotation for read_lock(). Signed-off-by: Boqun Feng Signed-off-by: Peter Zijlstra (Intel) Link: https://lkml.kernel.org/r/20200807074238.1632519-2-boqun.feng@gmail.com include/linux/lockdep.h | 23 ++++++++++++++++++++++- kernel/locking/lockdep.c | 14 ++++++++++++++ lib/locking-selftest.c | 11 +++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) culprit signature: 13c1abc7fff998630909024601d8b60d6919784bf4dd250b365ec12d7a3194c1 parent signature: 76f6c9d09c7a3529e2fb2c86debe078b9297cacc48f3053768b80d3210981c3b revisions tested: 16, total time: 2h32m19.511416752s (build: 1h11m58.40155086s, test: 1h18m49.723322661s) first bad commit: e918188611f073063415f40fae568fa4d86d9044 locking: More accurate annotations for read_lock() recipients (to): ["boqun.feng@gmail.com" "linux-kernel@vger.kernel.org" "mingo@redhat.com" "peterz@infradead.org" "peterz@infradead.org" "will@kernel.org"] recipients (cc): [] crash: possible deadlock in kill_fasync ======================================================== WARNING: possible irq lock inversion dependency detected 5.9.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor.4/10255 just changed the state of lock: ffff88811d73f080 (&new->fa_lock){.+..}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1002 [inline] ffff88811d73f080 (&new->fa_lock){.+..}-{2:2}, at: kill_fasync+0xa7/0x200 fs/fcntl.c:1023 but this lock was taken by another, HARDIRQ-safe lock in the past: (&dev->event_lock){-...}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &dev->event_lock --> &client->buffer_lock --> &new->fa_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&new->fa_lock); local_irq_disable(); lock(&dev->event_lock); lock(&client->buffer_lock); lock(&dev->event_lock); *** DEADLOCK *** 3 locks held by syz-executor.4/10255: #0: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: sock_def_error_report+0x0/0x290 include/linux/rcupdate.h:684 #1: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_release include/linux/rcupdate.h:246 [inline] #1: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: rcu_read_unlock include/linux/rcupdate.h:688 [inline] #1: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: sock_def_error_report+0xd3/0x290 net/core/sock.c:2898 #2: ffffffff84b0eea0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0xa/0x200 fs/fcntl.c:1021 the shortest dependencies between 2nd lock and 1st lock: -> (&dev->event_lock){-...}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x33/0x50 kernel/locking/spinlock.c:159 input_event+0x33/0x70 drivers/input/input.c:440 input_report_key include/linux/input.h:417 [inline] psmouse_report_standard_buttons+0x1b/0x50 drivers/input/mouse/psmouse-base.c:123 psmouse_report_standard_packet drivers/input/mouse/psmouse-base.c:141 [inline] psmouse_process_byte+0x70/0x260 drivers/input/mouse/psmouse-base.c:232 psmouse_handle_byte+0xa/0x50 drivers/input/mouse/psmouse-base.c:274 psmouse_interrupt+0xc5/0x3f0 drivers/input/mouse/psmouse-base.c:426 serio_interrupt+0x3b/0x80 drivers/input/serio/serio.c:1002 i8042_interrupt+0x153/0x280 drivers/input/serio/i8042.c:598 __handle_irq_event_percpu+0x3c/0x320 kernel/irq/handle.c:156 handle_irq_event_percpu+0x2b/0x70 kernel/irq/handle.c:196 handle_irq_event+0x2f/0x4c kernel/irq/handle.c:213 handle_edge_irq+0x8f/0x1b0 kernel/irq/chip.c:819 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0x159/0x220 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:572 native_restore_fl arch/x86/include/asm/irqflags.h:41 [inline] arch_local_irq_restore arch/x86/include/asm/irqflags.h:84 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x25/0x50 kernel/locking/spinlock.c:191 spin_unlock_irqrestore include/linux/spinlock.h:409 [inline] prepare_to_wait_event+0xc5/0x160 kernel/sched/wait.c:305 pvr2_context_thread_func+0x1e3/0x2c0 drivers/media/usb/pvrusb2/pvrusb2-context.c:160 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 INITIAL USE at: lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x33/0x50 kernel/locking/spinlock.c:159 input_inject_event+0x44/0x1b6 drivers/input/input.c:466 led_trigger_event+0x3c/0x60 drivers/leds/led-triggers.c:387 kbd_led_trigger_activate+0x4b/0x60 drivers/tty/vt/keyboard.c:1005 led_trigger_set+0x1fc/0x300 drivers/leds/led-triggers.c:195 led_trigger_set_default+0x8b/0xb0 drivers/leds/led-triggers.c:259 led_classdev_register_ext+0x23d/0x310 drivers/leds/led-class.c:412 led_classdev_register include/linux/leds.h:190 [inline] input_leds_connect+0x177/0x2ff drivers/input/input-leds.c:139 input_attach_handler+0x68/0x90 drivers/input/input.c:1031 input_register_device.cold.22+0xa4/0x152 drivers/input/input.c:2229 atkbd_connect+0x214/0x30e drivers/input/keyboard/atkbd.c:1293 serio_connect_driver+0x24/0x40 drivers/input/serio/serio.c:47 really_probe+0xd1/0x400 drivers/base/dd.c:553 driver_probe_device+0xd9/0x140 drivers/base/dd.c:738 device_driver_attach+0x4a/0x50 drivers/base/dd.c:1013 __driver_attach+0x80/0x140 drivers/base/dd.c:1090 bus_for_each_dev+0x71/0xb0 drivers/base/bus.c:305 serio_attach_driver drivers/input/serio/serio.c:808 [inline] serio_handle_event+0x1ee/0x250 drivers/input/serio/serio.c:227 process_one_work+0x26a/0x5f0 kernel/workqueue.c:2269 worker_thread+0x38/0x380 kernel/workqueue.c:2415 kthread+0x147/0x170 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 } ... key at: [] __key.34105+0x0/0x10 ... acquired at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] evdev_pass_values+0x71/0x280 drivers/input/evdev.c:262 evdev_events+0xf7/0x1a0 drivers/input/evdev.c:307 input_to_handler+0x83/0xe0 drivers/input/input.c:115 input_pass_values.part.8+0x1b0/0x260 drivers/input/input.c:145 input_pass_values drivers/input/input.c:134 [inline] input_handle_event+0x4cf/0x5f0 drivers/input/input.c:399 input_inject_event+0x14f/0x1b6 drivers/input/input.c:471 evdev_write+0x136/0x230 drivers/input/evdev.c:530 vfs_write+0xc7/0x230 fs/read_write.c:576 ksys_write+0xb9/0xd0 fs/read_write.c:631 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&client->buffer_lock){....}-{2:2} { INITIAL USE at: lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] evdev_pass_values+0x71/0x280 drivers/input/evdev.c:262 evdev_events+0xf7/0x1a0 drivers/input/evdev.c:307 input_to_handler+0x83/0xe0 drivers/input/input.c:115 input_pass_values.part.8+0x1b0/0x260 drivers/input/input.c:145 input_pass_values drivers/input/input.c:134 [inline] input_handle_event+0x4cf/0x5f0 drivers/input/input.c:399 input_inject_event+0x14f/0x1b6 drivers/input/input.c:471 evdev_write+0x136/0x230 drivers/input/evdev.c:530 vfs_write+0xc7/0x230 fs/read_write.c:576 ksys_write+0xb9/0xd0 fs/read_write.c:631 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.36392+0x0/0x10 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync+0xa7/0x200 fs/fcntl.c:1023 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x18a/0x280 drivers/input/evdev.c:279 evdev_events+0xf7/0x1a0 drivers/input/evdev.c:307 input_to_handler+0x83/0xe0 drivers/input/input.c:115 input_pass_values.part.8+0x1b0/0x260 drivers/input/input.c:145 input_pass_values drivers/input/input.c:134 [inline] input_handle_event+0x4cf/0x5f0 drivers/input/input.c:399 input_inject_event+0x14f/0x1b6 drivers/input/input.c:471 evdev_write+0x136/0x230 drivers/input/evdev.c:530 vfs_write+0xc7/0x230 fs/read_write.c:576 ksys_write+0xb9/0xd0 fs/read_write.c:631 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&new->fa_lock){.+..}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync+0xa7/0x200 fs/fcntl.c:1023 sock_wake_async+0x40/0x60 net/socket.c:1331 sk_wake_async include/net/sock.h:2261 [inline] sock_def_error_report+0x14d/0x290 net/core/sock.c:2897 sock_queue_err_skb+0x88/0x130 net/core/skbuff.c:4533 __skb_complete_tx_timestamp+0x58/0xc0 net/core/skbuff.c:4628 __dev_queue_xmit+0x8c0/0xd10 net/core/dev.c:4072 packet_snd net/packet/af_packet.c:2984 [inline] packet_sendmsg+0x109e/0x1930 net/packet/af_packet.c:3009 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x124/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmmsg+0xab/0x1e0 net/socket.c:2497 __do_sys_sendmmsg net/socket.c:2526 [inline] __se_sys_sendmmsg net/socket.c:2523 [inline] __x64_sys_sendmmsg+0x1b/0x20 net/socket.c:2523 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync+0xa7/0x200 fs/fcntl.c:1023 __pass_event drivers/input/evdev.c:240 [inline] evdev_pass_values+0x18a/0x280 drivers/input/evdev.c:279 evdev_events+0xf7/0x1a0 drivers/input/evdev.c:307 input_to_handler+0x83/0xe0 drivers/input/input.c:115 input_pass_values.part.8+0x1b0/0x260 drivers/input/input.c:145 input_pass_values drivers/input/input.c:134 [inline] input_handle_event+0x4cf/0x5f0 drivers/input/input.c:399 input_inject_event+0x14f/0x1b6 drivers/input/input.c:471 evdev_write+0x136/0x230 drivers/input/evdev.c:530 vfs_write+0xc7/0x230 fs/read_write.c:576 ksys_write+0xb9/0xd0 fs/read_write.c:631 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.45767+0x0/0x10 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3568 [inline] mark_lock+0x24f/0x850 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x874/0x2ad0 kernel/locking/lockdep.c:4380 lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync+0xa7/0x200 fs/fcntl.c:1023 sock_wake_async+0x40/0x60 net/socket.c:1331 sk_wake_async include/net/sock.h:2261 [inline] sock_def_error_report+0x14d/0x290 net/core/sock.c:2897 sock_queue_err_skb+0x88/0x130 net/core/skbuff.c:4533 __skb_complete_tx_timestamp+0x58/0xc0 net/core/skbuff.c:4628 __dev_queue_xmit+0x8c0/0xd10 net/core/dev.c:4072 packet_snd net/packet/af_packet.c:2984 [inline] packet_sendmsg+0x109e/0x1930 net/packet/af_packet.c:3009 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x124/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmmsg+0xab/0x1e0 net/socket.c:2497 __do_sys_sendmmsg net/socket.c:2526 [inline] __se_sys_sendmmsg net/socket.c:2523 [inline] __x64_sys_sendmmsg+0x1b/0x20 net/socket.c:2523 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 stack backtrace: CPU: 0 PID: 10255 Comm: syz-executor.4 Not tainted 5.9.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x77/0xa0 lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3429 [inline] check_usage_backwards.cold.63+0x1d/0x26 kernel/locking/lockdep.c:3480 mark_lock_irq kernel/locking/lockdep.c:3568 [inline] mark_lock+0x24f/0x850 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3911 [inline] __lock_acquire+0x874/0x2ad0 kernel/locking/lockdep.c:4380 lock_acquire+0xb0/0x3a0 kernel/locking/lockdep.c:5020 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:223 kill_fasync_rcu fs/fcntl.c:1002 [inline] kill_fasync+0xa7/0x200 fs/fcntl.c:1023 sock_wake_async+0x40/0x60 net/socket.c:1331 sk_wake_async include/net/sock.h:2261 [inline] sock_def_error_report+0x14d/0x290 net/core/sock.c:2897 sock_queue_err_skb+0x88/0x130 net/core/skbuff.c:4533 __skb_complete_tx_timestamp+0x58/0xc0 net/core/skbuff.c:4628 __dev_queue_xmit+0x8c0/0xd10 net/core/dev.c:4072 packet_snd net/packet/af_packet.c:2984 [inline] packet_sendmsg+0x109e/0x1930 net/packet/af_packet.c:3009 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0x2b/0x40 net/socket.c:671 ____sys_sendmsg+0x124/0x230 net/socket.c:2353 ___sys_sendmsg+0x77/0xb0 net/socket.c:2407 __sys_sendmmsg+0xab/0x1e0 net/socket.c:2497 __do_sys_sendmmsg net/socket.c:2526 [inline] __se_sys_sendmmsg net/socket.c:2523 [inline] __x64_sys_sendmmsg+0x1b/0x20 net/socket.c:2523 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45deb9 Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff74dcefc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 0000000000027f80 RCX: 000000000045deb9 RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005 RBP: 000000000118bf68 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffcced3b85f R14: 00007ff74dcf09c0 R15: 000000000118bf2c