===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 5.10.96 #1 Not tainted ----------------------------------------------------- syz-executor.1/286 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffff8880093c9538 (&f->f_owner.lock){.+.?}-{2:2}, at: send_sigio+0x24/0x340 fs/fcntl.c:787 and this task is already holding: ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1005 [inline] ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1026 [inline] ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x480 fs/fcntl.c:1019 which would create a new lock dependency: (&new->fa_lock){....}-{2:2} -> (&f->f_owner.lock){.+.?}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (batched_entropy_u64.lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2275 crng_fast_load+0x1b9/0x270 drivers/char/random.c:947 add_interrupt_randomness+0x523/0x650 drivers/char/random.c:1303 handle_irq_event_percpu kernel/irq/handle.c:198 [inline] handle_irq_event+0x13f/0x290 kernel/irq/handle.c:213 handle_edge_irq+0x249/0xd00 kernel/irq/chip.c:822 asm_call_irq_on_stack+0x12/0x20 __run_irq_on_irqstack arch/x86/include/asm/irq_stack.h:48 [inline] run_irq_on_irqstack_cond arch/x86/include/asm/irq_stack.h:101 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0xdd/0x190 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:626 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] default_idle+0xe/0x10 arch/x86/kernel/process.c:689 default_idle_call+0x87/0xd0 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x3a9/0x520 kernel/sched/idle.c:300 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1058 secondary_startup_64_no_verify+0xc2/0xcb to a HARDIRQ-irq-unsafe lock: (&f->f_owner.lock){.+.?}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 other info that might help us debug this: Chain exists of: batched_entropy_u64.lock --> &new->fa_lock --> &f->f_owner.lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&f->f_owner.lock); local_irq_disable(); lock(batched_entropy_u64.lock); lock(&new->fa_lock); lock(batched_entropy_u64.lock); *** DEADLOCK *** 3 locks held by syz-executor.1/286: #0: ffff88806cf393c0 (batched_entropy_u64.lock){-.-.}-{2:2}, at: get_random_u64+0x46/0x1c0 drivers/char/random.c:2222 #1: ffffffff84df6a60 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x41/0x480 fs/fcntl.c:1024 #2: ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync_rcu fs/fcntl.c:1005 [inline] #2: ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync fs/fcntl.c:1026 [inline] #2: ffff88800c5f17f8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x480 fs/fcntl.c:1019 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (batched_entropy_u64.lock){-.-.}-{2:2} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2275 crng_fast_load+0x1b9/0x270 drivers/char/random.c:947 add_interrupt_randomness+0x523/0x650 drivers/char/random.c:1303 handle_irq_event_percpu kernel/irq/handle.c:198 [inline] handle_irq_event+0x13f/0x290 kernel/irq/handle.c:213 handle_edge_irq+0x249/0xd00 kernel/irq/chip.c:822 asm_call_irq_on_stack+0x12/0x20 __run_irq_on_irqstack arch/x86/include/asm/irq_stack.h:48 [inline] run_irq_on_irqstack_cond arch/x86/include/asm/irq_stack.h:101 [inline] handle_irq arch/x86/kernel/irq.c:230 [inline] __common_interrupt arch/x86/kernel/irq.c:249 [inline] common_interrupt+0xdd/0x190 arch/x86/kernel/irq.c:239 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:626 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] default_idle+0xe/0x10 arch/x86/kernel/process.c:689 default_idle_call+0x87/0xd0 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x3a9/0x520 kernel/sched/idle.c:300 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1058 secondary_startup_64_no_verify+0xc2/0xcb IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x27/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] invalidate_batched_entropy+0xdf/0x1c0 drivers/char/random.c:2275 crng_finalize_init.part.0+0x18/0x290 drivers/char/random.c:853 crng_finalize_init drivers/char/random.c:1527 [inline] crng_reseed+0xa9b/0xaf0 drivers/char/random.c:1028 credit_entropy_bits.constprop.0+0x315/0x3d0 drivers/char/random.c:735 add_timer_randomness+0x1c6/0x240 drivers/char/random.c:1218 add_disk_randomness+0xbc/0x310 drivers/char/random.c:1347 scsi_end_request+0x4d4/0x840 drivers/scsi/scsi_lib.c:574 scsi_io_completion+0x194/0x12c0 drivers/scsi/scsi_lib.c:967 scsi_softirq_done+0x11b/0x490 drivers/scsi/scsi_lib.c:1445 blk_done_softirq+0x22f/0x360 block/blk-mq.c:586 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] default_idle+0xe/0x10 arch/x86/kernel/process.c:689 default_idle_call+0x87/0xd0 kernel/sched/idle.c:112 cpuidle_idle_call kernel/sched/idle.c:194 [inline] do_idle+0x3a9/0x520 kernel/sched/idle.c:300 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:396 start_kernel+0x47a/0x49b init/main.c:1058 secondary_startup_64_no_verify+0xc2/0xcb INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x36/0x50 kernel/locking/spinlock.c:159 get_random_u64+0x46/0x1c0 drivers/char/random.c:2222 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66c0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 kernel_thread+0xb5/0xf0 kernel/fork.c:2519 rest_init+0x23/0x389 init/main.c:688 start_kernel+0x47a/0x49b init/main.c:1058 secondary_startup_64_no_verify+0xc2/0xcb } ... key at: [] 0xffff88806ce393c0 -> (&new->fa_lock){....}-{2:2} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x2f/0x40 kernel/locking/spinlock.c:311 fasync_remove_entry+0xb6/0x1f0 fs/fcntl.c:882 fasync_helper+0x9e/0xb0 fs/fcntl.c:985 __fput+0x743/0x980 fs/file_table.c:278 task_work_run+0xe2/0x1a0 kernel/task_work.c:151 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:164 [inline] exit_to_user_mode_prepare+0x155/0x160 kernel/entry/common.c:191 syscall_exit_to_user_mode+0x38/0x230 kernel/entry/common.c:266 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1401 [inline] extract_entropy drivers/char/random.c:1528 [inline] crng_reseed+0x92d/0xaf0 drivers/char/random.c:1009 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 crng_reseed+0x7d1/0xaf0 drivers/char/random.c:1013 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 extract_crng drivers/char/random.c:1054 [inline] get_random_u64+0x14a/0x1c0 drivers/char/random.c:2224 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66c0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 __do_sys_clone+0xc8/0x110 kernel/fork.c:2584 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.0+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 kill_fasync_rcu fs/fcntl.c:1005 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x138/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1401 [inline] extract_entropy drivers/char/random.c:1528 [inline] crng_reseed+0x92d/0xaf0 drivers/char/random.c:1009 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 crng_reseed+0x7d1/0xaf0 drivers/char/random.c:1013 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 extract_crng drivers/char/random.c:1054 [inline] get_random_u64+0x14a/0x1c0 drivers/char/random.c:2224 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66c0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 __do_sys_clone+0xc8/0x110 kernel/fork.c:2584 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (&f->f_owner.lock){.+.?}-{2:2} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 IN-SOFTIRQ-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x42/0x90 kernel/locking/spinlock.c:231 send_sigurg+0x1e/0xad0 fs/fcntl.c:826 sk_send_sigurg+0x76/0x320 net/core/sock.c:2942 tcp_check_urg.isra.0+0x1f4/0x720 net/ipv4/tcp_input.c:5500 tcp_urg net/ipv4/tcp_input.c:5541 [inline] tcp_rcv_established+0x1029/0x1ed0 net/ipv4/tcp_input.c:5875 tcp_v6_do_rcv+0x420/0x1290 net/ipv6/tcp_ipv6.c:1497 tcp_v6_rcv+0x2e44/0x3390 net/ipv6/tcp_ipv6.c:1730 ip6_protocol_deliver_rcu+0x2fa/0x16f0 net/ipv6/ip6_input.c:423 ip6_input_finish+0x64/0x170 net/ipv6/ip6_input.c:464 NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:473 dst_input include/net/dst.h:449 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:66 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] NF_HOOK include/linux/netfilter.h:295 [inline] ipv6_rcv+0x172/0x270 net/ipv6/ip6_input.c:297 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5356 __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5470 process_backlog+0x38f/0x7e0 net/core/dev.c:6376 napi_poll net/core/dev.c:6827 [inline] net_rx_action+0x3ff/0xfe0 net/core/dev.c:6897 __do_softirq+0x1b8/0x867 kernel/softirq.c:298 asm_call_irq_on_stack+0x12/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu kernel/softirq.c:423 [inline] irq_exit_rcu+0x110/0x1a0 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1095 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635 __sanitizer_cov_trace_pc+0x55/0x60 kernel/kcov.c:205 perf_swevent_get_recursion_context+0xc7/0xf0 kernel/events/core.c:9210 perf_trace_buf_alloc+0x36/0x190 kernel/trace/trace_event_perf.c:406 perf_trace_lock+0x13a/0x490 include/trace/events/lock.h:39 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x46c/0x6b0 kernel/locking/lockdep.c:5573 rcu_lock_release include/linux/rcupdate.h:263 [inline] rcu_read_unlock include/linux/rcupdate.h:705 [inline] __perf_event_output kernel/events/core.c:7316 [inline] perf_event_output_forward+0x16a/0x280 kernel/events/core.c:7325 __perf_event_overflow+0x213/0x5d0 kernel/events/core.c:8981 perf_swevent_overflow kernel/events/core.c:9057 [inline] perf_swevent_event+0x4b2/0x550 kernel/events/core.c:9095 perf_tp_event+0x2e5/0xba0 kernel/events/core.c:9513 perf_trace_run_bpf_submit+0xf5/0x190 kernel/events/core.c:9487 perf_trace_lock+0x2bd/0x490 include/trace/events/lock.h:39 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x46c/0x6b0 kernel/locking/lockdep.c:5573 rcu_lock_release include/linux/rcupdate.h:263 [inline] rcu_read_unlock include/linux/rcupdate.h:705 [inline] __is_insn_slot_addr+0x14d/0x250 kernel/kprobes.c:307 is_kprobe_optinsn_slot include/linux/kprobes.h:336 [inline] kernel_text_address kernel/extable.c:149 [inline] kernel_text_address+0xd7/0x120 kernel/extable.c:120 __kernel_text_address+0x9/0x30 kernel/extable.c:105 unwind_get_return_address arch/x86/kernel/unwind_orc.c:318 [inline] unwind_get_return_address+0x51/0x90 arch/x86/kernel/unwind_orc.c:313 arch_stack_walk+0x99/0xf0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:121 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48 kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:461 slab_post_alloc_hook mm/slab.h:532 [inline] slab_alloc_node mm/slub.c:2896 [inline] slab_alloc mm/slub.c:2904 [inline] kmem_cache_alloc+0x13b/0x350 mm/slub.c:2909 mem_pool_alloc mm/kmemleak.c:423 [inline] create_object.isra.0+0x3a/0xa20 mm/kmemleak.c:578 kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] slab_post_alloc_hook mm/slab.h:534 [inline] slab_alloc_node mm/slub.c:2896 [inline] __kmalloc_node_track_caller+0x1a6/0x3f0 mm/slub.c:4496 __kmalloc_reserve net/core/skbuff.c:142 [inline] __alloc_skb+0xb1/0x620 net/core/skbuff.c:210 alloc_skb include/linux/skbuff.h:1094 [inline] nlmsg_new include/net/netlink.h:953 [inline] rtmsg_ifinfo_build_skb+0x72/0x1a0 net/core/rtnetlink.c:3804 rtmsg_ifinfo_event net/core/rtnetlink.c:3840 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3831 [inline] rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3849 register_netdevice+0x1192/0x14b0 net/core/dev.c:10161 register_netdev+0x2d/0x50 net/core/dev.c:10240 sit_init_net+0x359/0x9b0 net/ipv6/sit.c:1914 ops_init net/core/net_namespace.c:152 [inline] setup_net+0x377/0x970 net/core/net_namespace.c:344 copy_net_ns+0x2ca/0x5d0 net/core/net_namespace.c:485 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110 copy_namespaces+0x39a/0x480 kernel/nsproxy.c:179 copy_process+0x245f/0x66c0 kernel/fork.c:2108 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 __do_sys_clone3+0x1dd/0x310 kernel/fork.c:2742 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_write_lock_irq include/linux/rwlock_api_smp.h:196 [inline] _raw_write_lock_irq+0x2f/0x40 kernel/locking/spinlock.c:311 f_modown+0x2a/0x390 fs/fcntl.c:90 __f_setown fs/fcntl.c:109 [inline] f_setown+0xd9/0x230 fs/fcntl.c:137 do_fcntl+0x729/0xfc0 fs/fcntl.c:384 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock include/linux/rwlock_api_smp.h:149 [inline] _raw_read_lock+0x58/0x70 kernel/locking/spinlock.c:223 f_getown_ex fs/fcntl.c:206 [inline] do_fcntl+0x74f/0xfc0 fs/fcntl.c:387 __do_sys_fcntl fs/fcntl.c:463 [inline] __se_sys_fcntl fs/fcntl.c:448 [inline] __x64_sys_fcntl+0x165/0x1e0 fs/fcntl.c:448 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 } ... key at: [] __key.5+0x0/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 send_sigio+0x24/0x340 fs/fcntl.c:787 kill_fasync_rcu fs/fcntl.c:1012 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x1fa/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1401 [inline] extract_entropy drivers/char/random.c:1528 [inline] crng_reseed+0x92d/0xaf0 drivers/char/random.c:1009 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 crng_reseed+0x7d1/0xaf0 drivers/char/random.c:1013 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 extract_crng drivers/char/random.c:1054 [inline] get_random_u64+0x14a/0x1c0 drivers/char/random.c:2224 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66c0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 __do_sys_clone+0xc8/0x110 kernel/fork.c:2584 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 stack backtrace: CPU: 1 PID: 286 Comm: syz-executor.1 Not tainted 5.10.96 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:2560 [inline] check_irq_usage.cold+0x481/0x58d kernel/locking/lockdep.c:2799 check_prev_add kernel/locking/lockdep.c:2990 [inline] check_prevs_add kernel/locking/lockdep.c:3111 [inline] validate_chain kernel/locking/lockdep.c:3726 [inline] __lock_acquire+0x29fb/0x5b00 kernel/locking/lockdep.c:4952 lock_acquire kernel/locking/lockdep.c:5562 [inline] lock_acquire+0x197/0x490 kernel/locking/lockdep.c:5527 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:159 [inline] _raw_read_lock_irqsave+0x6d/0x90 kernel/locking/spinlock.c:231 send_sigio+0x24/0x340 fs/fcntl.c:787 kill_fasync_rcu fs/fcntl.c:1012 [inline] kill_fasync fs/fcntl.c:1026 [inline] kill_fasync+0x1fa/0x480 fs/fcntl.c:1019 account drivers/char/random.c:1401 [inline] extract_entropy drivers/char/random.c:1528 [inline] crng_reseed+0x92d/0xaf0 drivers/char/random.c:1009 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 crng_reseed+0x7d1/0xaf0 drivers/char/random.c:1013 _extract_crng+0x1e9/0x260 drivers/char/random.c:1040 extract_crng drivers/char/random.c:1054 [inline] get_random_u64+0x14a/0x1c0 drivers/char/random.c:2224 get_random_long include/linux/random.h:61 [inline] get_random_canary include/linux/random.h:83 [inline] dup_task_struct kernel/fork.c:911 [inline] copy_process+0x7cd/0x66c0 kernel/fork.c:1948 kernel_clone+0xe7/0xa20 kernel/fork.c:2467 __do_sys_clone+0xc8/0x110 kernel/fork.c:2584 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f529a59810b Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 RSP: 002b:00007ffc6b2ebab0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f529a59810b RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000555555a00400 R10: 0000555555a006d0 R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffc6b2ebb90 audit: type=1326 audit(1644661818.606:22): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6006 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2eb6b9bb19 code=0x0 device syz_tun entered promiscuous mode device syz_tun left promiscuous mode device syz_tun entered promiscuous mode device syz_tun left promiscuous mode audit: type=1326 audit(1644661819.450:23): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6006 comm="syz-executor.7" exe="/syz-executor.7" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2eb6b9bb19 code=0x0