======================================================== WARNING: possible irq lock inversion dependency detected 5.6.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- ksoftirqd/1/16 just changed the state of lock: ffffffff88a090d8 (tasklist_lock){.+.?}, at: send_sigio+0x8a/0x270 fs/fcntl.c:798 but this lock took another, SOFTIRQ-unsafe lock in the past: (&pid->wait_pidfd){+.+.} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pid->wait_pidfd); local_irq_disable(); lock(tasklist_lock); lock(&pid->wait_pidfd); lock(tasklist_lock); *** DEADLOCK *** 8 locks held by ksoftirqd/1/16: #0: ffffffff88ba5600 (rcu_read_lock){....}, at: __write_once_size include/linux/compiler.h:226 [inline] #0: ffffffff88ba5600 (rcu_read_lock){....}, at: __skb_unlink include/linux/skbuff.h:2046 [inline] #0: ffffffff88ba5600 (rcu_read_lock){....}, at: __skb_dequeue include/linux/skbuff.h:2061 [inline] #0: ffffffff88ba5600 (rcu_read_lock){....}, at: process_backlog+0x1ab/0x710 net/core/dev.c:6142 #1: ffffffff88ba5600 (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2277 [inline] #1: ffffffff88ba5600 (rcu_read_lock){....}, at: ip_local_deliver_finish+0x11b/0x2f0 net/ipv4/ip_input.c:228 #2: ffff8880a32dcee0 (slock-AF_INET/1){+.-.}, at: tcp_v4_rcv+0x25e3/0x34c0 net/ipv4/tcp_ipv4.c:1995 #3: ffffffff88ba5600 (rcu_read_lock){....}, at: sock_def_error_report+0x0/0x350 include/linux/compiler.h:199 #4: ffffffff88ba5600 (rcu_read_lock){....}, at: rcu_lock_release include/linux/rcupdate.h:213 [inline] #4: ffffffff88ba5600 (rcu_read_lock){....}, at: rcu_read_unlock include/linux/rcupdate.h:655 [inline] #4: ffffffff88ba5600 (rcu_read_lock){....}, at: sock_def_error_report+0x14a/0x350 net/core/sock.c:2786 #5: ffffffff88ba5600 (rcu_read_lock){....}, at: kill_fasync+0x3b/0x380 fs/fcntl.c:1019 #6: ffff8880a20e6e18 (&new->fa_lock){.+.?}, at: kill_fasync_rcu fs/fcntl.c:1000 [inline] #6: ffff8880a20e6e18 (&new->fa_lock){.+.?}, at: kill_fasync+0x121/0x380 fs/fcntl.c:1021 #7: ffff8880a7463420 (&f->f_owner.lock){.+.?}, at: send_sigio+0x1f/0x270 fs/fcntl.c:784 the shortest dependencies between 2nd lock and 1st lock: -> (&pid->wait_pidfd){+.+.} { HARDIRQ-ON-W at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] proc_pid_make_inode+0x1c0/0x390 fs/proc/base.c:1880 proc_pid_instantiate+0x40/0x140 fs/proc/base.c:3285 proc_pid_lookup+0x134/0x240 fs/proc/base.c:3320 proc_root_lookup+0x16/0x40 fs/proc/root.c:243 __lookup_slow+0x204/0x3d0 fs/namei.c:1757 lookup_slow fs/namei.c:1774 [inline] walk_component+0x684/0xef0 fs/namei.c:1915 link_path_walk.part.40+0x3c4/0xdc0 fs/namei.c:2238 link_path_walk fs/namei.c:2172 [inline] path_openat+0x194/0x2aa0 fs/namei.c:3606 do_filp_open+0x171/0x240 fs/namei.c:3637 do_sys_openat2+0x2b9/0x480 fs/open.c:1149 do_sys_open+0x85/0xd0 fs/open.c:1165 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe SOFTIRQ-ON-W at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] proc_pid_make_inode+0x1c0/0x390 fs/proc/base.c:1880 proc_pid_instantiate+0x40/0x140 fs/proc/base.c:3285 proc_pid_lookup+0x134/0x240 fs/proc/base.c:3320 proc_root_lookup+0x16/0x40 fs/proc/root.c:243 __lookup_slow+0x204/0x3d0 fs/namei.c:1757 lookup_slow fs/namei.c:1774 [inline] walk_component+0x684/0xef0 fs/namei.c:1915 link_path_walk.part.40+0x3c4/0xdc0 fs/namei.c:2238 link_path_walk fs/namei.c:2172 [inline] path_openat+0x194/0x2aa0 fs/namei.c:3606 do_filp_open+0x171/0x240 fs/namei.c:3637 do_sys_openat2+0x2b9/0x480 fs/open.c:1149 do_sys_open+0x85/0xd0 fs/open.c:1165 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 __wake_up_common_lock+0xa8/0x120 kernel/sched/wait.c:122 do_notify_pidfd kernel/signal.c:1895 [inline] do_notify_parent+0x14c/0xbb0 kernel/signal.c:1922 exit_notify kernel/exit.c:668 [inline] do_exit+0x206f/0x2a10 kernel/exit.c:824 call_usermodehelper_exec_async+0x47f/0x680 kernel/umh.c:125 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.53243+0x0/0x40 ... acquired at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 __wake_up_common_lock+0xa8/0x120 kernel/sched/wait.c:122 do_notify_pidfd kernel/signal.c:1895 [inline] do_notify_parent+0x14c/0xbb0 kernel/signal.c:1922 exit_notify kernel/exit.c:668 [inline] do_exit+0x206f/0x2a10 kernel/exit.c:824 call_usermodehelper_exec_async+0x47f/0x680 kernel/umh.c:125 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 -> (tasklist_lock){.+.?} { HARDIRQ-ON-R at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223 do_wait+0x364/0x840 kernel/exit.c:1444 kernel_wait4+0xdf/0x1b0 kernel/exit.c:1619 call_usermodehelper_exec_sync kernel/umh.c:150 [inline] call_usermodehelper_exec_work+0x134/0x210 kernel/umh.c:187 process_one_work+0x903/0x15c0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 IN-SOFTIRQ-R at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223 send_sigio+0x8a/0x270 fs/fcntl.c:798 kill_fasync_rcu fs/fcntl.c:1007 [inline] kill_fasync+0x1b6/0x380 fs/fcntl.c:1021 sock_wake_async+0x85/0x110 net/socket.c:1337 sk_wake_async include/net/sock.h:2200 [inline] sock_def_error_report+0x1df/0x350 net/core/sock.c:2785 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5937 [inline] tcp_rcv_state_process+0x2c46/0x4b20 net/ipv4/tcp_input.c:6200 tcp_v4_do_rcv+0x2b7/0x790 net/ipv4/tcp_ipv4.c:1641 tcp_v4_rcv+0x2825/0x34c0 net/ipv4/tcp_ipv4.c:2001 ip_protocol_deliver_rcu+0x53/0x690 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x200/0x2f0 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:307 [inline] ip_local_deliver+0x2e5/0x3e0 net/ipv4/ip_input.c:252 NF_HOOK include/linux/netfilter.h:307 [inline] ip_rcv+0xc9/0x2e0 net/ipv4/ip_input.c:538 __netif_receive_skb_one_core+0xe3/0x150 net/core/dev.c:5198 process_backlog+0x1f2/0x710 net/core/dev.c:6144 napi_poll net/core/dev.c:6582 [inline] net_rx_action+0x415/0xd70 net/core/dev.c:6650 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 SOFTIRQ-ON-R at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223 do_wait+0x364/0x840 kernel/exit.c:1444 kernel_wait4+0xdf/0x1b0 kernel/exit.c:1619 call_usermodehelper_exec_sync kernel/umh.c:150 [inline] call_usermodehelper_exec_work+0x134/0x210 kernel/umh.c:187 process_one_work+0x903/0x15c0 kernel/workqueue.c:2264 worker_thread+0x82/0xb50 kernel/workqueue.c:2410 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INITIAL USE at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x5e/0x80 kernel/locking/spinlock.c:311 copy_process+0x35da/0x6a50 kernel/fork.c:2203 _do_fork+0xf8/0xc00 kernel/fork.c:2430 kernel_thread+0x98/0xd0 kernel/fork.c:2517 rest_init+0x21/0x26e init/main.c:620 start_kernel+0x6c1/0x6ff init/main.c:992 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3316 [inline] mark_lock+0x501/0x11a0 kernel/locking/lockdep.c:3665 mark_usage kernel/locking/lockdep.c:3557 [inline] __lock_acquire+0x145e/0x4370 kernel/locking/lockdep.c:3908 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223 send_sigio+0x8a/0x270 fs/fcntl.c:798 kill_fasync_rcu fs/fcntl.c:1007 [inline] kill_fasync+0x1b6/0x380 fs/fcntl.c:1021 sock_wake_async+0x85/0x110 net/socket.c:1337 sk_wake_async include/net/sock.h:2200 [inline] sock_def_error_report+0x1df/0x350 net/core/sock.c:2785 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5937 [inline] tcp_rcv_state_process+0x2c46/0x4b20 net/ipv4/tcp_input.c:6200 tcp_v4_do_rcv+0x2b7/0x790 net/ipv4/tcp_ipv4.c:1641 tcp_v4_rcv+0x2825/0x34c0 net/ipv4/tcp_ipv4.c:2001 ip_protocol_deliver_rcu+0x53/0x690 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x200/0x2f0 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:307 [inline] ip_local_deliver+0x2e5/0x3e0 net/ipv4/ip_input.c:252 NF_HOOK include/linux/netfilter.h:307 [inline] ip_rcv+0xc9/0x2e0 net/ipv4/ip_input.c:538 __netif_receive_skb_one_core+0xe3/0x150 net/core/dev.c:5198 process_backlog+0x1f2/0x710 net/core/dev.c:6144 napi_poll net/core/dev.c:6582 [inline] net_rx_action+0x415/0xd70 net/core/dev.c:6650 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 stack backtrace: CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3179 [inline] check_usage_forwards.cold.61+0x20/0x29 kernel/locking/lockdep.c:3203 mark_lock_irq kernel/locking/lockdep.c:3316 [inline] mark_lock+0x501/0x11a0 kernel/locking/lockdep.c:3665 mark_usage kernel/locking/lockdep.c:3557 [inline] __lock_acquire+0x145e/0x4370 kernel/locking/lockdep.c:3908 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x2d/0x40 kernel/locking/spinlock.c:223 send_sigio+0x8a/0x270 fs/fcntl.c:798 kill_fasync_rcu fs/fcntl.c:1007 [inline] kill_fasync+0x1b6/0x380 fs/fcntl.c:1021 sock_wake_async+0x85/0x110 net/socket.c:1337 sk_wake_async include/net/sock.h:2200 [inline] sock_def_error_report+0x1df/0x350 net/core/sock.c:2785 tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:5937 [inline] tcp_rcv_state_process+0x2c46/0x4b20 net/ipv4/tcp_input.c:6200 tcp_v4_do_rcv+0x2b7/0x790 net/ipv4/tcp_ipv4.c:1641 tcp_v4_rcv+0x2825/0x34c0 net/ipv4/tcp_ipv4.c:2001 ip_protocol_deliver_rcu+0x53/0x690 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x200/0x2f0 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:307 [inline] ip_local_deliver+0x2e5/0x3e0 net/ipv4/ip_input.c:252 NF_HOOK include/linux/netfilter.h:307 [inline] ip_rcv+0xc9/0x2e0 net/ipv4/ip_input.c:538 __netif_receive_skb_one_core+0xe3/0x150 net/core/dev.c:5198 process_backlog+0x1f2/0x710 net/core/dev.c:6144 napi_poll net/core/dev.c:6582 [inline] net_rx_action+0x415/0xd70 net/core/dev.c:6650 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352