===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected syzkaller #0 Tainted: G L ----------------------------------------------------- syz.0.5135/25977 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8e40a098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80 fs/fcntl.c:978 and this task is already holding: ffff8880756865a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 fs/fcntl.c:962 which would create a new lock dependency: (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} but this new dependency connects a SOFTIRQ-irq-safe lock: (&dev->event_lock#2){..-.}-{3:3} ... which became SOFTIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:166 class_spinlock_irqsave_constructor include/linux/spinlock.h:619 [inline] input_event drivers/input/input.c:395 [inline] input_event+0x70/0xb0 drivers/input/input.c:391 input_report_abs include/linux/input.h:449 [inline] xpad360_process_packet.part.0+0xf0/0xd30 drivers/input/joystick/xpad.c:887 xpad360_process_packet drivers/input/joystick/xpad.c:1014 [inline] xpad360w_process_packet drivers/input/joystick/xpad.c:1014 [inline] xpad_irq_in+0xe1a/0x2a50 drivers/input/joystick/xpad.c:1229 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1930 [inline] __hrtimer_run_queues+0x470/0xa00 kernel/time/hrtimer.c:1994 hrtimer_run_softirq+0x17d/0x2c0 kernel/time/hrtimer.c:2011 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x162/0x210 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_acquire+0x5e/0x370 kernel/locking/lockdep.c:5833 rcu_lock_acquire include/linux/rcupdate.h:300 [inline] rcu_read_lock include/linux/rcupdate.h:838 [inline] class_rcu_constructor include/linux/rcupdate.h:1181 [inline] unwind_next_frame+0xd1/0x2090 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 poison_kmalloc_redzone mm/kasan/common.c:398 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:415 kmalloc_noprof include/linux/slab.h:950 [inline] slab_free_hook mm/slub.c:2641 [inline] slab_free mm/slub.c:6250 [inline] kmem_cache_free+0x41e/0x6c0 mm/slub.c:6377 __io_req_caches_free+0x1a6/0x220 io_uring/io_uring.c:2136 io_req_caches_free+0x20/0x40 io_uring/io_uring.c:2148 io_ring_exit_work+0x418/0xd40 io_uring/io_uring.c:2350 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 to a SOFTIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 __do_wait+0x13b/0x8b0 kernel/exit.c:1677 do_wait+0x1ec/0x580 kernel/exit.c:1721 kernel_wait+0xa1/0x160 kernel/exit.c:1897 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf6/0x180 kernel/umh.c:163 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&f_owner->lock); lock(&dev->event_lock#2); *** DEADLOCK *** 2 locks held by syz.0.5135/25977: #0: ffff888036adb150 (&u->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:342 [inline] #0: ffff888036adb150 (&u->lock){+.+.}-{3:3}, at: queue_oob net/unix/af_unix.c:2347 [inline] #0: ffff888036adb150 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0x950/0x1310 net/unix/af_unix.c:2502 #1: ffff8880756865a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 fs/fcntl.c:962 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&dev->event_lock#2){..-.}-{3:3} { IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:166 class_spinlock_irqsave_constructor include/linux/spinlock.h:619 [inline] input_event drivers/input/input.c:395 [inline] input_event+0x70/0xb0 drivers/input/input.c:391 input_report_abs include/linux/input.h:449 [inline] xpad360_process_packet.part.0+0xf0/0xd30 drivers/input/joystick/xpad.c:887 xpad360_process_packet drivers/input/joystick/xpad.c:1014 [inline] xpad360w_process_packet drivers/input/joystick/xpad.c:1014 [inline] xpad_irq_in+0xe1a/0x2a50 drivers/input/joystick/xpad.c:1229 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1930 [inline] __hrtimer_run_queues+0x470/0xa00 kernel/time/hrtimer.c:1994 hrtimer_run_softirq+0x17d/0x2c0 kernel/time/hrtimer.c:2011 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x162/0x210 kernel/softirq.c:735 irq_exit_rcu+0x9/0x30 kernel/softirq.c:752 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline] sysvec_apic_timer_interrupt+0xa3/0xc0 arch/x86/kernel/apic/apic.c:1061 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 lock_acquire+0x5e/0x370 kernel/locking/lockdep.c:5833 rcu_lock_acquire include/linux/rcupdate.h:300 [inline] rcu_read_lock include/linux/rcupdate.h:838 [inline] class_rcu_constructor include/linux/rcupdate.h:1181 [inline] unwind_next_frame+0xd1/0x2090 arch/x86/kernel/unwind_orc.c:495 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57 kasan_save_track+0x14/0x30 mm/kasan/common.c:78 poison_kmalloc_redzone mm/kasan/common.c:398 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:415 kmalloc_noprof include/linux/slab.h:950 [inline] slab_free_hook mm/slub.c:2641 [inline] slab_free mm/slub.c:6250 [inline] kmem_cache_free+0x41e/0x6c0 mm/slub.c:6377 __io_req_caches_free+0x1a6/0x220 io_uring/io_uring.c:2136 io_req_caches_free+0x20/0x40 io_uring/io_uring.c:2148 io_ring_exit_work+0x418/0xd40 io_uring/io_uring.c:2350 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:166 class_spinlock_irqsave_constructor include/linux/spinlock.h:619 [inline] input_inject_event+0x9f/0x390 drivers/input/input.c:419 __led_set_brightness drivers/leds/led-core.c:52 [inline] led_set_brightness_nopm drivers/leds/led-core.c:334 [inline] led_set_brightness_nosleep drivers/leds/led-core.c:368 [inline] led_set_brightness+0x221/0x2a0 drivers/leds/led-core.c:327 kbd_led_trigger_activate+0xcb/0x110 drivers/tty/vt/keyboard.c:1074 led_trigger_set+0x66b/0xbe0 drivers/leds/led-triggers.c:220 led_match_default_trigger drivers/leds/led-triggers.c:277 [inline] led_match_default_trigger drivers/leds/led-triggers.c:271 [inline] led_trigger_set_default drivers/leds/led-triggers.c:300 [inline] led_trigger_set_default+0x1e2/0x2f0 drivers/leds/led-triggers.c:284 led_classdev_register_ext+0x72b/0x990 drivers/leds/led-class.c:581 led_classdev_register include/linux/leds.h:274 [inline] input_leds_connect+0x5af/0x8b0 drivers/input/input-leds.c:145 input_attach_handler.isra.0+0x177/0x1e0 drivers/input/input.c:1011 input_register_device.cold+0x139/0x375 drivers/input/input.c:2395 atkbd_connect+0x665/0x9e0 drivers/input/keyboard/atkbd.c:1323 serio_connect_driver drivers/input/serio/serio.c:44 [inline] serio_driver_probe+0x77/0xb0 drivers/input/serio/serio.c:748 call_driver_probe drivers/base/dd.c:631 [inline] really_probe+0x241/0xa60 drivers/base/dd.c:709 __driver_probe_device+0x22e/0x480 drivers/base/dd.c:871 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:901 __driver_attach+0x21f/0x5d0 drivers/base/dd.c:1295 bus_for_each_dev+0x13e/0x1d0 drivers/base/bus.c:383 serio_attach_driver drivers/input/serio/serio.c:777 [inline] serio_handle_event+0x247/0x8f0 drivers/input/serio/serio.c:214 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] __key.7+0x0/0x40 -> (&new->fa_lock){....}-{3:3} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:330 fasync_remove_entry+0xb2/0x1e0 fs/fcntl.c:1012 fasync_helper+0xaf/0xd0 fs/fcntl.c:1115 lease_modify+0x22c/0x480 fs/locks.c:1514 locks_remove_lease fs/locks.c:2773 [inline] locks_remove_file+0x330/0x610 fs/locks.c:2798 __fput+0x351/0xb50 fs/file_table.c:502 fput_close_sync+0x118/0x250 fs/file_table.c:615 __do_sys_close fs/open.c:1507 [inline] __se_sys_close fs/open.c:1492 [inline] __x64_sys_close+0x8b/0x120 fs/open.c:1492 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:240 kill_fasync_rcu fs/fcntl.c:1135 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x138/0x510 fs/fcntl.c:1152 sock_wake_async+0x132/0x160 net/socket.c:1568 sk_wake_async_rcu include/net/sock.h:2593 [inline] unix_write_space+0x2ae/0x510 net/unix/af_unix.c:607 sock_wfree+0x26f/0x830 net/core/sock.c:2696 skb_release_head_state+0x3f4/0x400 net/core/skbuff.c:1167 skb_release_all net/core/skbuff.c:1187 [inline] __kfree_skb net/core/skbuff.c:1203 [inline] consume_skb net/core/skbuff.c:1436 [inline] consume_skb+0x8a/0x110 net/core/skbuff.c:1430 unix_dgram_sendmsg+0x741/0x1810 net/unix/af_unix.c:2309 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752 __sys_sendmmsg+0x205/0x430 net/socket.c:2841 __do_sys_sendmmsg net/socket.c:2868 [inline] __se_sys_sendmmsg net/socket.c:2865 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2865 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] __key.0+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:240 kill_fasync_rcu fs/fcntl.c:1135 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x138/0x510 fs/fcntl.c:1152 mousedev_notify_readers+0x6d9/0xa30 drivers/input/mousedev.c:309 mousedev_event+0x84e/0x14a0 drivers/input/mousedev.c:394 input_handle_events_default+0x119/0x1b0 drivers/input/input.c:2558 input_pass_values+0x753/0x880 drivers/input/input.c:128 input_event_dispose drivers/input/input.c:342 [inline] input_handle_event+0x7e4/0x1500 drivers/input/input.c:370 input_inject_event+0x1ce/0x390 drivers/input/input.c:424 evdev_write+0x3ef/0x610 drivers/input/evdev.c:528 vfs_write+0x2aa/0x1070 fs/read_write.c:686 ksys_write+0x1f8/0x250 fs/read_write.c:740 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:330 __f_setown+0x65/0x390 fs/fcntl.c:136 generic_add_lease fs/locks.c:1924 [inline] generic_setlease+0xb2e/0x12f0 fs/locks.c:2000 kernel_setlease fs/locks.c:2047 [inline] vfs_setlease+0x283/0x370 fs/locks.c:2081 do_fcntl_add_lease+0x3c4/0x550 fs/locks.c:2102 fcntl_setdeleg+0x153/0x1e0 fs/locks.c:2148 do_fcntl+0x63c/0x1670 fs/fcntl.c:564 __do_sys_fcntl fs/fcntl.c:602 [inline] __se_sys_fcntl fs/fcntl.c:587 [inline] __x64_sys_fcntl+0x163/0x200 fs/fcntl.c:587 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:240 send_sigurg+0x5f/0xc80 fs/fcntl.c:962 sk_send_sigurg+0x76/0x370 net/core/sock.c:3672 queue_oob net/unix/af_unix.c:2368 [inline] unix_stream_sendmsg+0xbbf/0x1310 net/unix/af_unix.c:2502 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752 __sys_sendmmsg+0x205/0x430 net/socket.c:2841 __do_sys_sendmmsg net/socket.c:2868 [inline] __se_sys_sendmmsg net/socket.c:2865 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2865 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] __key.1+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:240 send_sigio+0x31/0x3e0 fs/fcntl.c:918 kill_fasync_rcu fs/fcntl.c:1144 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x214/0x510 fs/fcntl.c:1152 lease_break_callback+0x23/0x30 fs/locks.c:577 __break_lease+0x7e7/0x19f0 fs/locks.c:1669 break_deleg include/linux/filelock.h:505 [inline] break_deleg include/linux/filelock.h:489 [inline] try_break_deleg include/linux/filelock.h:524 [inline] vfs_rename+0x16dd/0x1fc0 fs/namei.c:6050 filename_renameat2+0x754/0xa60 fs/namei.c:6172 __do_sys_renameat2 fs/namei.c:6201 [inline] __se_sys_renameat2 fs/namei.c:6196 [inline] __x64_sys_renameat2+0xef/0x140 fs/namei.c:6196 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 __do_wait+0x13b/0x8b0 kernel/exit.c:1677 do_wait+0x1ec/0x580 kernel/exit.c:1721 kernel_wait+0xa1/0x160 kernel/exit.c:1897 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf6/0x180 kernel/umh.c:163 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 __do_wait+0x13b/0x8b0 kernel/exit.c:1677 do_wait+0x1ec/0x580 kernel/exit.c:1721 kernel_wait+0xa1/0x160 kernel/exit.c:1897 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf6/0x180 kernel/umh.c:163 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:213 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:330 copy_process+0x4abe/0x7e00 kernel/fork.c:2411 kernel_clone+0x12e/0x9c0 kernel/fork.c:2721 user_mode_thread+0xcc/0x110 kernel/fork.c:2797 rest_init+0x21/0x260 init/main.c:727 start_kernel+0x484/0x490 init/main.c:1220 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310 x86_64_start_kernel+0x12b/0x130 arch/x86/kernel/head64.c:291 common_startup_64+0x13e/0x148 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 __do_wait+0x13b/0x8b0 kernel/exit.c:1677 do_wait+0x1ec/0x580 kernel/exit.c:1721 kernel_wait+0xa1/0x160 kernel/exit.c:1897 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf6/0x180 kernel/umh.c:163 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302 process_scheduled_works kernel/workqueue.c:3385 [inline] worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 send_sigurg+0xed/0xc80 fs/fcntl.c:978 sk_send_sigurg+0x76/0x370 net/core/sock.c:3672 queue_oob net/unix/af_unix.c:2368 [inline] unix_stream_sendmsg+0xbbf/0x1310 net/unix/af_unix.c:2502 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752 __sys_sendmsg+0x170/0x220 net/socket.c:2784 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 1 UID: 0 PID: 25977 Comm: syz.0.5135 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline] check_irq_usage+0x7aa/0x810 kernel/locking/lockdep.c:2857 check_prev_add kernel/locking/lockdep.c:3169 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x14cf/0x2630 kernel/locking/lockdep.c:5237 lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:163 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:232 send_sigurg+0xed/0xc80 fs/fcntl.c:978 sk_send_sigurg+0x76/0x370 net/core/sock.c:3672 queue_oob net/unix/af_unix.c:2368 [inline] unix_stream_sendmsg+0xbbf/0x1310 net/unix/af_unix.c:2502 sock_sendmsg_nosec net/socket.c:787 [inline] __sock_sendmsg net/socket.c:802 [inline] ____sys_sendmsg+0x9e1/0xb70 net/socket.c:2698 ___sys_sendmsg+0x190/0x1e0 net/socket.c:2752 __sys_sendmsg+0x170/0x220 net/socket.c:2784 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd22559cdd9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd226374028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fd225815fa0 RCX: 00007fd22559cdd9 RDX: 0000000024004015 RSI: 00002000000000c0 RDI: 0000000000000006 RBP: 00007fd225632d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fd225816038 R14: 00007fd225815fa0 R15: 00007ffcd194fb28