===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected syzkaller #0 Tainted: G L ----------------------------------------------------- syz.3.6696/30358 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8e00c098 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0xed/0xc80 fs/fcntl.c:978 and this task is already holding: ffff888144b9bea0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 fs/fcntl.c:962 which would create a new lock dependency: (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} but this new dependency connects a HARDIRQ-irq-safe lock: (&port_lock_key){-.-.}-{3:3} ... which became HARDIRQ-irq-safe at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:717 [inline] serial8250_handle_irq+0x95/0xcb0 drivers/tty/serial/8250/8250_port.c:1798 serial8250_default_handle_irq+0x9e/0x270 drivers/tty/serial/8250/8250_port.c:1846 serial8250_interrupt+0xf8/0x1d0 drivers/tty/serial/8250/8250_core.c:86 __handle_irq_event_percpu+0x236/0x890 kernel/irq/handle.c:211 handle_irq_event_percpu kernel/irq/handle.c:248 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:265 handle_edge_irq+0x3ca/0x9e0 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:172 [inline] handle_irq arch/x86/kernel/irq.c:255 [inline] call_irq_handler arch/x86/kernel/irq.c:311 [inline] __common_interrupt+0xd0/0x2f0 arch/x86/kernel/irq.c:326 common_interrupt+0xba/0xe0 arch/x86/kernel/irq.c:319 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:81 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:767 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x38d/0x510 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312 common_startup_64+0x13e/0x148 to a HARDIRQ-irq-unsafe lock: (tasklist_lock){.+.+}-{3:3} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 __do_wait+0x105/0x890 kernel/exit.c:1672 do_wait+0x21d/0x570 kernel/exit.c:1716 kernel_wait+0x9f/0x160 kernel/exit.c:1892 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 other info that might help us debug this: Chain exists of: &port_lock_key --> &f_owner->lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&port_lock_key); lock(&f_owner->lock); lock(&port_lock_key); *** DEADLOCK *** 2 locks held by syz.3.6696/30358: #0: ffff88805f14a120 (&u->lock){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #0: ffff88805f14a120 (&u->lock){+.+.}-{3:3}, at: queue_oob net/unix/af_unix.c:2336 [inline] #0: ffff88805f14a120 (&u->lock){+.+.}-{3:3}, at: unix_stream_sendmsg+0xd33/0x1320 net/unix/af_unix.c:2491 #1: ffff888144b9bea0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x5f/0xc80 fs/fcntl.c:962 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&port_lock_key){-.-.}-{3:3} { IN-HARDIRQ-W at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:717 [inline] serial8250_handle_irq+0x95/0xcb0 drivers/tty/serial/8250/8250_port.c:1798 serial8250_default_handle_irq+0x9e/0x270 drivers/tty/serial/8250/8250_port.c:1846 serial8250_interrupt+0xf8/0x1d0 drivers/tty/serial/8250/8250_core.c:86 __handle_irq_event_percpu+0x236/0x890 kernel/irq/handle.c:211 handle_irq_event_percpu kernel/irq/handle.c:248 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:265 handle_edge_irq+0x3ca/0x9e0 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:172 [inline] handle_irq arch/x86/kernel/irq.c:255 [inline] call_irq_handler arch/x86/kernel/irq.c:311 [inline] __common_interrupt+0xd0/0x2f0 arch/x86/kernel/irq.c:326 common_interrupt+0xba/0xe0 arch/x86/kernel/irq.c:319 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:81 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:767 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x38d/0x510 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312 common_startup_64+0x13e/0x148 IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:717 [inline] serial8250_handle_irq+0x95/0xcb0 drivers/tty/serial/8250/8250_port.c:1798 serial8250_default_handle_irq+0x9e/0x270 drivers/tty/serial/8250/8250_port.c:1846 serial8250_interrupt+0xf8/0x1d0 drivers/tty/serial/8250/8250_core.c:86 __handle_irq_event_percpu+0x236/0x890 kernel/irq/handle.c:211 handle_irq_event_percpu kernel/irq/handle.c:248 [inline] handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:265 handle_edge_irq+0x3ca/0x9e0 kernel/irq/chip.c:855 generic_handle_irq_desc include/linux/irqdesc.h:172 [inline] handle_irq arch/x86/kernel/irq.c:255 [inline] call_irq_handler arch/x86/kernel/irq.c:311 [inline] __common_interrupt+0xd0/0x2f0 arch/x86/kernel/irq.c:326 common_interrupt+0x61/0xe0 arch/x86/kernel/irq.c:319 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:688 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202 __run_timer_base kernel/time/timer.c:2386 [inline] __run_timer_base kernel/time/timer.c:2377 [inline] run_timer_base+0x11c/0x190 kernel/time/timer.c:2394 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2404 handle_softirqs+0x219/0x950 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1056 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline] pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:81 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline] default_idle+0x13/0x20 arch/x86/kernel/process.c:767 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122 cpuidle_idle_call kernel/sched/idle.c:191 [inline] do_idle+0x38d/0x510 kernel/sched/idle.c:332 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312 common_startup_64+0x13e/0x148 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 uart_port_lock_irqsave include/linux/serial_core.h:717 [inline] class_uart_port_lock_irqsave_constructor include/linux/serial_core.h:797 [inline] serial8250_do_set_termios+0x2cc/0x1740 drivers/tty/serial/8250/8250_port.c:2760 serial8250_set_termios+0x6e/0x80 drivers/tty/serial/8250/8250_port.c:2787 uart_set_options+0x31a/0x5f0 drivers/tty/serial/serial_core.c:2234 serial8250_console_setup+0x189/0x450 drivers/tty/serial/8250/8250_port.c:3405 univ8250_console_setup+0x1eb/0x2e0 drivers/tty/serial/8250/8250_core.c:430 console_call_setup kernel/printk/printk.c:3844 [inline] console_call_setup kernel/printk/printk.c:3835 [inline] try_enable_preferred_console+0x2fd/0x530 kernel/printk/printk.c:3888 register_console+0x3a7/0x1210 kernel/printk/printk.c:4082 univ8250_console_init+0x5f/0x90 drivers/tty/serial/8250/8250_core.c:515 console_init+0x152/0x600 kernel/printk/printk.c:4369 start_kernel+0x298/0x4d0 init/main.c:1143 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:310 x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:291 common_startup_64+0x13e/0x148 } ... key at: [] port_lock_key+0x0/0x40 -> (&new->fa_lock){...-}-{3:3} { IN-SOFTIRQ-R at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1135 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x138/0x510 fs/fcntl.c:1152 sock_wake_async+0x132/0x160 net/socket.c:1509 sk_wake_async_rcu include/net/sock.h:2570 [inline] sk_wake_async_rcu include/net/sock.h:2567 [inline] sock_def_error_report+0x352/0x400 net/core/sock.c:3598 sk_error_report+0x3f/0x260 net/core/sock.c:348 tcp_done_with_error+0xa4/0xc0 net/ipv4/tcp_input.c:4644 tcp_reset+0x140/0x2e0 net/ipv4/tcp_input.c:4674 tcp_validate_incoming+0x875/0x2420 net/ipv4/tcp_input.c:6257 tcp_rcv_established+0x4f0/0x36e0 net/ipv4/tcp_input.c:6457 tcp_v6_do_rcv+0x11cd/0x1dc0 net/ipv6/tcp_ipv6.c:1607 tcp_v6_rcv+0x2ab5/0x48f0 net/ipv6/tcp_ipv6.c:1877 ip6_protocol_deliver_rcu+0x188/0x1520 net/ipv6/ip6_input.c:438 ip6_input_finish+0x1e4/0x4b0 net/ipv6/ip6_input.c:489 NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ip6_input+0x105/0x2f0 net/ipv6/ip6_input.c:500 dst_input include/net/dst.h:474 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline] NF_HOOK include/linux/netfilter.h:318 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x264/0x650 net/ipv6/ip6_input.c:311 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6139 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6252 process_backlog+0x4a2/0x1650 net/core/dev.c:6604 __napi_poll.constprop.0+0xb3/0x540 net/core/dev.c:7668 napi_poll net/core/dev.c:7731 [inline] net_rx_action+0x9f9/0xfa0 net/core/dev.c:7883 handle_softirqs+0x219/0x950 kernel/softirq.c:622 run_ksoftirqd kernel/softirq.c:1063 [inline] run_ksoftirqd+0x3a/0x60 kernel/softirq.c:1055 smpboot_thread_fn+0x3f7/0xae0 kernel/smpboot.c:160 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326 fasync_remove_entry+0xb2/0x1e0 fs/fcntl.c:1012 fasync_helper+0xaf/0xd0 fs/fcntl.c:1115 snd_fasync_helper+0x1ea/0x290 sound/core/misc.c:141 setfl fs/fcntl.c:76 [inline] do_fcntl+0xc56/0x1660 fs/fcntl.c:477 __do_sys_fcntl fs/fcntl.c:602 [inline] __se_sys_fcntl fs/fcntl.c:587 [inline] __x64_sys_fcntl+0x163/0x200 fs/fcntl.c:587 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1135 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x138/0x510 fs/fcntl.c:1152 lease_break_callback+0x23/0x30 fs/locks.c:567 __break_lease+0x6cd/0x1800 fs/locks.c:1647 break_lease include/linux/filelock.h:477 [inline] do_dentry_open+0x6e7/0x1590 fs/open.c:953 vfs_open+0x82/0x3f0 fs/open.c:1094 do_open fs/namei.c:4637 [inline] path_openat+0x2078/0x3140 fs/namei.c:4796 do_filp_open+0x20b/0x470 fs/namei.c:4823 do_open_execat+0xf9/0x3a0 fs/exec.c:783 open_exec+0x45/0x80 fs/exec.c:822 load_script+0x51d/0x790 fs/binfmt_script.c:132 search_binary_handler fs/exec.c:1669 [inline] exec_binprm fs/exec.c:1701 [inline] bprm_execve fs/exec.c:1753 [inline] bprm_execve+0x8c2/0x1620 fs/exec.c:1729 do_execveat_common.isra.0+0x4a5/0x610 fs/exec.c:1859 do_execveat fs/exec.c:1944 [inline] __do_sys_execveat fs/exec.c:2018 [inline] __se_sys_execveat fs/exec.c:2012 [inline] __x64_sys_execveat+0xda/0x120 fs/exec.c:2012 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] __key.0+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1135 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x138/0x510 fs/fcntl.c:1152 tty_wakeup+0xe8/0x120 drivers/tty/tty_io.c:515 tty_port_default_wakeup+0x4d/0x60 drivers/tty/tty_port.c:67 serial8250_tx_chars+0x68e/0x860 drivers/tty/serial/8250/8250_port.c:1719 __start_tx+0x3df/0x490 drivers/tty/serial/8250/8250_port.c:1426 serial8250_start_tx+0x368/0x530 drivers/tty/serial/8250/8250_port.c:1535 __uart_start+0x295/0x500 drivers/tty/serial/serial_core.c:161 uart_write+0x218/0xb30 drivers/tty/serial/serial_core.c:633 n_tty_write+0xb52/0x1280 drivers/tty/n_tty.c:2388 iterate_tty_write drivers/tty/tty_io.c:1006 [inline] file_tty_write.constprop.0+0x503/0x9b0 drivers/tty/tty_io.c:1081 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x7d3/0x11d0 fs/read_write.c:686 ksys_write+0x12a/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f_owner->lock){....}-{3:3} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326 __f_setown+0x61/0x3c0 fs/fcntl.c:136 generic_add_lease fs/locks.c:1898 [inline] generic_setlease+0xed4/0x1280 fs/locks.c:1974 kernel_setlease+0x106/0x140 fs/locks.c:2023 vfs_setlease+0x1e8/0x280 fs/locks.c:2056 do_fcntl_add_lease+0x3c4/0x550 fs/locks.c:2077 fcntl_setlease+0xfc/0x180 fs/locks.c:2102 do_fcntl+0x153b/0x1660 fs/fcntl.c:535 __do_sys_fcntl fs/fcntl.c:602 [inline] __se_sys_fcntl fs/fcntl.c:587 [inline] __x64_sys_fcntl+0x163/0x200 fs/fcntl.c:587 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236 send_sigio+0x31/0x3e0 fs/fcntl.c:918 kill_fasync_rcu fs/fcntl.c:1144 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x214/0x510 fs/fcntl.c:1152 lease_break_callback+0x23/0x30 fs/locks.c:567 __break_lease+0x6cd/0x1800 fs/locks.c:1647 break_lease include/linux/filelock.h:477 [inline] do_dentry_open+0x6e7/0x1590 fs/open.c:953 vfs_open+0x82/0x3f0 fs/open.c:1094 do_open fs/namei.c:4637 [inline] path_openat+0x2078/0x3140 fs/namei.c:4796 do_filp_open+0x20b/0x470 fs/namei.c:4823 do_open_execat+0xf9/0x3a0 fs/exec.c:783 open_exec+0x45/0x80 fs/exec.c:822 load_script+0x51d/0x790 fs/binfmt_script.c:132 search_binary_handler fs/exec.c:1669 [inline] exec_binprm fs/exec.c:1701 [inline] bprm_execve fs/exec.c:1753 [inline] bprm_execve+0x8c2/0x1620 fs/exec.c:1729 do_execveat_common.isra.0+0x4a5/0x610 fs/exec.c:1859 do_execveat fs/exec.c:1944 [inline] __do_sys_execveat fs/exec.c:2018 [inline] __se_sys_execveat fs/exec.c:2012 [inline] __x64_sys_execveat+0xda/0x120 fs/exec.c:2012 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] __key.1+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x74/0x90 kernel/locking/spinlock.c:236 send_sigio+0x31/0x3e0 fs/fcntl.c:918 kill_fasync_rcu fs/fcntl.c:1144 [inline] kill_fasync fs/fcntl.c:1159 [inline] kill_fasync+0x214/0x510 fs/fcntl.c:1152 lease_break_callback+0x23/0x30 fs/locks.c:567 __break_lease+0x6cd/0x1800 fs/locks.c:1647 break_lease include/linux/filelock.h:477 [inline] do_dentry_open+0x6e7/0x1590 fs/open.c:953 vfs_open+0x82/0x3f0 fs/open.c:1094 do_open fs/namei.c:4637 [inline] path_openat+0x2078/0x3140 fs/namei.c:4796 do_filp_open+0x20b/0x470 fs/namei.c:4823 do_open_execat+0xf9/0x3a0 fs/exec.c:783 open_exec+0x45/0x80 fs/exec.c:822 load_script+0x51d/0x790 fs/binfmt_script.c:132 search_binary_handler fs/exec.c:1669 [inline] exec_binprm fs/exec.c:1701 [inline] bprm_execve fs/exec.c:1753 [inline] bprm_execve+0x8c2/0x1620 fs/exec.c:1729 do_execveat_common.isra.0+0x4a5/0x610 fs/exec.c:1859 do_execveat fs/exec.c:1944 [inline] __do_sys_execveat fs/exec.c:2018 [inline] __se_sys_execveat fs/exec.c:2012 [inline] __x64_sys_execveat+0xda/0x120 fs/exec.c:2012 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> (tasklist_lock){.+.+}-{3:3} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 __do_wait+0x105/0x890 kernel/exit.c:1672 do_wait+0x21d/0x570 kernel/exit.c:1716 kernel_wait+0x9f/0x160 kernel/exit.c:1892 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 __do_wait+0x105/0x890 kernel/exit.c:1672 do_wait+0x21d/0x570 kernel/exit.c:1716 kernel_wait+0x9f/0x160 kernel/exit.c:1892 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x36/0x50 kernel/locking/spinlock.c:326 copy_process+0x4668/0x7430 kernel/fork.c:2367 kernel_clone+0xfc/0x910 kernel/fork.c:2651 user_mode_thread+0xc8/0x110 kernel/fork.c:2727 rest_init+0x23/0x2b0 init/main.c:722 start_kernel+0x3ef/0x4d0 init/main.c:1206 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:310 x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:291 common_startup_64+0x13e/0x148 INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 __do_wait+0x105/0x890 kernel/exit.c:1672 do_wait+0x21d/0x570 kernel/exit.c:1716 kernel_wait+0x9f/0x160 kernel/exit.c:1892 call_usermodehelper_exec_sync kernel/umh.c:136 [inline] call_usermodehelper_exec_work+0xf1/0x170 kernel/umh.c:163 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 send_sigurg+0xed/0xc80 fs/fcntl.c:978 sk_send_sigurg+0x76/0x360 net/core/sock.c:3669 queue_oob net/unix/af_unix.c:2357 [inline] unix_stream_sendmsg+0xfa3/0x1320 net/unix/af_unix.c:2491 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xa5d/0xc30 net/socket.c:2592 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2646 __sys_sendmmsg+0x200/0x420 net/socket.c:2735 __do_sys_sendmmsg net/socket.c:2762 [inline] __se_sys_sendmmsg net/socket.c:2759 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2759 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 0 UID: 60928 PID: 30358 Comm: syz.3.6696 Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_bad_irq_dependency kernel/locking/lockdep.c:2616 [inline] check_irq_usage+0x8e6/0xbc0 kernel/locking/lockdep.c:2857 check_prev_add kernel/locking/lockdep.c:3169 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain kernel/locking/lockdep.c:3908 [inline] __lock_acquire+0x167f/0x2890 kernel/locking/lockdep.c:5237 lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x330 kernel/locking/lockdep.c:5825 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5f/0x70 kernel/locking/spinlock.c:228 send_sigurg+0xed/0xc80 fs/fcntl.c:978 sk_send_sigurg+0x76/0x360 net/core/sock.c:3669 queue_oob net/unix/af_unix.c:2357 [inline] unix_stream_sendmsg+0xfa3/0x1320 net/unix/af_unix.c:2491 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg net/socket.c:742 [inline] ____sys_sendmsg+0xa5d/0xc30 net/socket.c:2592 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2646 __sys_sendmmsg+0x200/0x420 net/socket.c:2735 __do_sys_sendmmsg net/socket.c:2762 [inline] __se_sys_sendmmsg net/socket.c:2759 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2759 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f6dde98f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6ddf83b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00007f6ddebe5fa0 RCX: 00007f6dde98f749 RDX: 0000000000000001 RSI: 0000200000006c40 RDI: 0000000000000007 RBP: 00007f6ddea13f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f6ddebe6038 R14: 00007f6ddebe5fa0 R15: 00007ffcaa509058