===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 5.10.79 #1 Not tainted ----------------------------------------------------- syz-executor.5/292 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff88801cd2b7f8 (&new->fa_lock){...-}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1005 [inline] ffff88801cd2b7f8 (&new->fa_lock){...-}-{2:2}, at: kill_fasync fs/fcntl.c:1026 [inline] ffff88801cd2b7f8 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x138/0x480 fs/fcntl.c:1019 and this task is already holding: ffff88806cf313c0 (batched_entropy_u64.lock){-.-.}-{2:2}, at: get_random_u64+0x46/0x1d0 drivers/char/random.c:2200 which would create a new lock dependency: (batched_entropy_u64.lock){-.-.}-{2:2} -> (&new->fa_lock){...-}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (batched_entropy_u64.lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2253 crng_fast_load+0x243/0x260 drivers/char/random.c:896 add_interrupt_randomness+0x523/0x650 drivers/char/random.c:1283 handle_irq_event_percpu kernel/irq/handle.c:198 [inline] handle_irq_event+0x13f/0x290 kernel/irq/handle.c:213 handle_edge_irq+0x249/0xd00 kernel/irq/chip.c:822 run_irq_on_irqstack_cond arch/x86/include/asm/irq_stack.h:103 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0x94/0x190 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:626 on_stack arch/x86/include/asm/stacktrace.h:46 [inline] stack_access_ok arch/x86/kernel/unwind_orc.c:342 [inline] deref_stack_reg+0x7b/0x150 arch/x86/kernel/unwind_orc.c:352 unwind_next_frame+0x1285/0x1a90 arch/x86/kernel/unwind_orc.c:584 arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x110/0x150 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0xa9/0x180 mm/slub.c:1576 slab_free mm/slub.c:3149 [inline] kmem_cache_free+0xa7/0x310 mm/slub.c:3165 rcu_do_batch kernel/rcu/tree.c:2484 [inline] rcu_core+0x52d/0x1660 kernel/rcu/tree.c:2721 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 __preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x27/0x30 kernel/locking/spinlock.c:199 finish_lock_switch kernel/sched/core.c:3526 [inline] finish_task_switch+0x126/0x5d0 kernel/sched/core.c:3626 context_switch kernel/sched/core.c:3790 [inline] __schedule+0x850/0x1e80 kernel/sched/core.c:4536 schedule_idle+0x53/0x90 kernel/sched/core.c:4642 do_idle+0x2b4/0x520 kernel/sched/idle.c:328 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1057 secondary_startup_64_no_verify+0xc2/0xcb to a HARDIRQ-irq-unsafe lock: (&f->f_owner.lock){.+.?}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: batched_entropy_u64.lock --> &new->fa_lock --> &f->f_owner.lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&f->f_owner.lock); local_irq_disable(); lock(batched_entropy_u64.lock); lock(&new->fa_lock); lock(batched_entropy_u64.lock); *** DEADLOCK *** 2 locks held by syz-executor.5/292: #0: ffff88806cf313c0 (batched_entropy_u64.lock){-.-.}-{2:2}, at: get_random_u64+0x46/0x1d0 drivers/char/random.c:2200 #1: ffffffff84df6760 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x480 fs/fcntl.c:1024 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (batched_entropy_u64.lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2253 crng_fast_load+0x243/0x260 drivers/char/random.c:896 add_interrupt_randomness+0x523/0x650 drivers/char/random.c:1283 handle_irq_event_percpu kernel/irq/handle.c:198 [inline] handle_irq_event+0x13f/0x290 kernel/irq/handle.c:213 handle_edge_irq+0x249/0xd00 kernel/irq/chip.c:822 run_irq_on_irqstack_cond arch/x86/include/asm/irq_stack.h:103 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0x94/0x190 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:626 on_stack arch/x86/include/asm/stacktrace.h:46 [inline] stack_access_ok arch/x86/kernel/unwind_orc.c:342 [inline] deref_stack_reg+0x7b/0x150 arch/x86/kernel/unwind_orc.c:352 unwind_next_frame+0x1285/0x1a90 arch/x86/kernel/unwind_orc.c:584 arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x110/0x150 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0xa9/0x180 mm/slub.c:1576 slab_free mm/slub.c:3149 [inline] kmem_cache_free+0xa7/0x310 mm/slub.c:3165 rcu_do_batch kernel/rcu/tree.c:2484 [inline] rcu_core+0x52d/0x1660 kernel/rcu/tree.c:2721 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 __preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x27/0x30 kernel/locking/spinlock.c:199 finish_lock_switch kernel/sched/core.c:3526 [inline] finish_task_switch+0x126/0x5d0 kernel/sched/core.c:3626 context_switch kernel/sched/core.c:3790 [inline] __schedule+0x850/0x1e80 kernel/sched/core.c:4536 schedule_idle+0x53/0x90 kernel/sched/core.c:4642 do_idle+0x2b4/0x520 kernel/sched/idle.c:328 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1057 secondary_startup_64_no_verify+0xc2/0xcb IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2253 crng_fast_load+0x243/0x260 drivers/char/random.c:896 add_interrupt_randomness+0x523/0x650 drivers/char/random.c:1283 handle_irq_event_percpu kernel/irq/handle.c:198 [inline] handle_irq_event+0x13f/0x290 kernel/irq/handle.c:213 handle_edge_irq+0x249/0xd00 kernel/irq/chip.c:822 run_irq_on_irqstack_cond arch/x86/include/asm/irq_stack.h:103 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0x94/0x190 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:626 on_stack arch/x86/include/asm/stacktrace.h:46 [inline] stack_access_ok arch/x86/kernel/unwind_orc.c:342 [inline] deref_stack_reg+0x7b/0x150 arch/x86/kernel/unwind_orc.c:352 unwind_next_frame+0x1285/0x1a90 arch/x86/kernel/unwind_orc.c:584 arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track+0x1c/0x30 mm/kasan/common.c:56 kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355 __kasan_slab_free+0x110/0x150 mm/kasan/common.c:422 slab_free_hook mm/slub.c:1542 [inline] slab_free_freelist_hook+0xa9/0x180 mm/slub.c:1576 slab_free mm/slub.c:3149 [inline] kmem_cache_free+0xa7/0x310 mm/slub.c:3165 rcu_do_batch kernel/rcu/tree.c:2484 [inline] rcu_core+0x52d/0x1660 kernel/rcu/tree.c:2721 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 __preempt_count_sub arch/x86/include/asm/preempt.h:84 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] _raw_spin_unlock_irq+0x27/0x30 kernel/locking/spinlock.c:199 finish_lock_switch kernel/sched/core.c:3526 [inline] finish_task_switch+0x126/0x5d0 kernel/sched/core.c:3626 context_switch kernel/sched/core.c:3790 [inline] __schedule+0x850/0x1e80 kernel/sched/core.c:4536 schedule_idle+0x53/0x90 kernel/sched/core.c:4642 do_idle+0x2b4/0x520 kernel/sched/idle.c:328 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1057 secondary_startup_64_no_verify+0xc2/0xcb INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x36/0x50 kernel/locking/spinlock.c:159 get_random_u64+0x46/0x1d0 drivers/char/random.c:2200 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66b0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2466 kernel_thread+0xb5/0xf0 kernel/fork.c:2518 rest_init+0x23/0x389 init/main.c:687 start_kernel+0x47a/0x49b init/main.c:1057 secondary_startup_64_no_verify+0xc2/0xcb } ... key at: [] 0xffff88806ce313c0 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&f->f_owner.lock){.+.?}-{2:2} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 IN-SOFTIRQ-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x42/0x90 kernel/locking/spinlock.c:231 send_sigurg+0x1e/0xad0 fs/fcntl.c:826 sk_send_sigurg+0x76/0x320 net/core/sock.c:2945 tcp_check_urg.isra.0+0x1f4/0x720 net/ipv4/tcp_input.c:5500 tcp_urg net/ipv4/tcp_input.c:5541 [inline] tcp_rcv_established+0x1029/0x1ed0 net/ipv4/tcp_input.c:5875 tcp_v6_do_rcv+0x420/0x1290 net/ipv6/tcp_ipv6.c:1497 tcp_v6_rcv+0x2e44/0x3390 net/ipv6/tcp_ipv6.c:1730 ip6_protocol_deliver_rcu+0x2fa/0x16f0 net/ipv6/ip6_input.c:423 ip6_input_finish+0x64/0x170 net/ipv6/ip6_input.c:464 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:473 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:66 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x172/0x270 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5350 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5464 process_backlog+0x38f/0x7e0 net/core/dev.c:6370 napi_poll net/core/dev.c:6821 [inline] net_rx_action+0x3ff/0xfe0 net/core/dev.c:6891 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 run_ksoftirqd kernel/softirq.c:653 [inline] run_ksoftirqd+0x21/0x50 kernel/softirq.c:645 smpboot_thread_fn+0x3f5/0x860 kernel/smpboot.c:164 kthread+0x38f/0x470 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x2f/0x40 kernel/locking/spinlock.c:311 f_modown+0x2a/0x390 fs/fcntl.c:90 generic_add_lease fs/locks.c:1939 [inline] generic_setlease+0x11d6/0x1920 fs/locks.c:2018 vfs_setlease+0x104/0x130 fs/locks.c:2108 do_fcntl_add_lease fs/locks.c:2129 [inline] fcntl_setlease+0x134/0x2c0 fs/locks.c:2151 do_fcntl+0xa3f/0xfc0 fs/fcntl.c:410 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 send_sigio+0x24/0x340 fs/fcntl.c:787 kill_fasync_rcu fs/fcntl.c:1012 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x1fa/0x480 fs/fcntl.c:1019 sock_wake_async+0xd2/0x160 net/socket.c:1320 sk_wake_async include/net/sock.h:2290 [inline] sk_wake_async+0x10a/0x2a0 include/net/sock.h:2286 unix_release_sock+0x892/0xaa0 net/unix/af_unix.c:555 unix_release+0x3f/0x80 net/unix/af_unix.c:882 __sock_release+0xd2/0x290 net/socket.c:596 sock_close+0x18/0x20 net/socket.c:1266 __fput+0x285/0x980 fs/file_table.c:281 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.5+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 send_sigio+0x24/0x340 fs/fcntl.c:787 kill_fasync_rcu fs/fcntl.c:1012 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x1fa/0x480 fs/fcntl.c:1019 sock_wake_async+0xd2/0x160 net/socket.c:1320 sk_wake_async include/net/sock.h:2290 [inline] sk_wake_async+0x10a/0x2a0 include/net/sock.h:2286 unix_release_sock+0x892/0xaa0 net/unix/af_unix.c:555 unix_release+0x3f/0x80 net/unix/af_unix.c:882 __sock_release+0xd2/0x290 net/socket.c:596 sock_close+0x18/0x20 net/socket.c:1266 __fput+0x285/0x980 fs/file_table.c:281 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 -> (&new->fa_lock){...-}-{2:2} { IN-SOFTIRQ-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x42/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 sock_wake_async+0xf1/0x160 net/socket.c:1323 sk_wake_async include/net/sock.h:2290 [inline] sk_wake_async include/net/sock.h:2286 [inline] sk_send_sigurg net/core/sock.c:2946 [inline] sk_send_sigurg+0x17e/0x320 net/core/sock.c:2942 tcp_check_urg.isra.0+0x1f4/0x720 net/ipv4/tcp_input.c:5500 tcp_urg net/ipv4/tcp_input.c:5541 [inline] tcp_rcv_established+0x1029/0x1ed0 net/ipv4/tcp_input.c:5875 tcp_v6_do_rcv+0x420/0x1290 net/ipv6/tcp_ipv6.c:1497 tcp_v6_rcv+0x2e44/0x3390 net/ipv6/tcp_ipv6.c:1730 ip6_protocol_deliver_rcu+0x2fa/0x16f0 net/ipv6/ip6_input.c:423 ip6_input_finish+0x64/0x170 net/ipv6/ip6_input.c:464 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:473 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:66 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x172/0x270 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5350 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5464 process_backlog+0x38f/0x7e0 net/core/dev.c:6370 napi_poll net/core/dev.c:6821 [inline] net_rx_action+0x3ff/0xfe0 net/core/dev.c:6891 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 run_ksoftirqd kernel/softirq.c:653 [inline] run_ksoftirqd+0x21/0x50 kernel/softirq.c:645 smpboot_thread_fn+0x3f5/0x860 kernel/smpboot.c:164 kthread+0x38f/0x470 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x2f/0x40 kernel/locking/spinlock.c:311 fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:882 fasync_helper+0x9e/0xb0 fs/fcntl.c:985 __fput+0x743/0x980 fs/file_table.c:278 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 sock_wake_async+0xd2/0x160 net/socket.c:1320 sk_wake_async include/net/sock.h:2290 [inline] sk_wake_async+0x10a/0x2a0 include/net/sock.h:2286 unix_release_sock+0x892/0xaa0 net/unix/af_unix.c:555 unix_release+0x3f/0x80 net/unix/af_unix.c:882 __sock_release+0xd2/0x290 net/socket.c:596 sock_close+0x18/0x20 net/socket.c:1266 __fput+0x285/0x980 fs/file_table.c:281 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.0+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1381 [inline] extract_entropy drivers/char/random.c:1508 [inline] crng_reseed+0xae0/0xd00 drivers/char/random.c:958 _extract_crng+0x1e6/0x250 drivers/char/random.c:1006 crng_reseed+0x776/0xd00 drivers/char/random.c:962 _extract_crng+0x1e6/0x250 drivers/char/random.c:1006 extract_crng drivers/char/random.c:1026 [inline] get_random_u64+0x159/0x1d0 drivers/char/random.c:2202 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66b0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2466 __do_sys_clone+0xc8/0x110 kernel/fork.c:2583 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 stack backtrace: CPU: 1 PID: 292 Comm: syz-executor.5 Not tainted 5.10.79 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:2560 [inline] check_irq_usage.cold+0x481/0x58d kernel/locking/lockdep.c:2799 check_prev_add kernel/locking/lockdep.c:2990 [inline] check_prevs_add kernel/locking/lockdep.c:3111 [inline] validate_chain kernel/locking/lockdep.c:3726 [inline] __lock_acquire+0x29fb/0x5b00 kernel/locking/lockdep.c:4952 lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1381 [inline] extract_entropy drivers/char/random.c:1508 [inline] crng_reseed+0xae0/0xd00 drivers/char/random.c:958 _extract_crng+0x1e6/0x250 drivers/char/random.c:1006 crng_reseed+0x776/0xd00 drivers/char/random.c:962 _extract_crng+0x1e6/0x250 drivers/char/random.c:1006 extract_crng drivers/char/random.c:1026 [inline] get_random_u64+0x159/0x1d0 drivers/char/random.c:2202 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66b0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2466 __do_sys_clone+0xc8/0x110 kernel/fork.c:2583 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f81e0df410b Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 RSP: 002b:00007fff196a2c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f81e0df410b RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555556c7d400 R10: 0000555556c7d6d0 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000001 R15: 00007fff196a2d00 9pnet: p9_fd_create_tcp (33897): problem connecting socket to 127.0.0.1