Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: possible deadlock in io_poll_double_wake poll and dpoll head different ============================================ WARNING: possible recursive locking detected 5.12.0-rc1-syzkaller #0 Not tainted -------------------------------------------- kworker/1:3/8637 is trying to acquire lock: ffff888040471130 (&runtime->sleep){..-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] ffff888040471130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake.cold+0x115/0x4e0 fs/io_uring.c:4931 but task is already holding lock: ffff888040473130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&runtime->sleep); lock(&runtime->sleep); *** DEADLOCK *** May be due to missing lock nesting notation 5 locks held by kworker/1:3/8637: #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff888020d60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2246 #1: ffffc900027bfda8 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2250 #2: ffffffff8ce7d028 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xa3/0x12b0 net/ipv6/addrconf.c:4031 #3: ffff8880209d8908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170 #4: ffff888040473130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137 stack backtrace: CPU: 1 PID: 8637 Comm: kworker/1:3 Not tainted 5.12.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: <IRQ> __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xfa/0x151 lib/dump_stack.c:120 print_deadlock_bug kernel/locking/lockdep.c:2829 [inline] check_deadlock kernel/locking/lockdep.c:2872 [inline] validate_chain kernel/locking/lockdep.c:3661 [inline] __lock_acquire.cold+0x14c/0x3b4 kernel/locking/lockdep.c:4900 lock_acquire kernel/locking/lockdep.c:5510 [inline] lock_acquire+0x1ab/0x730 kernel/locking/lockdep.c:5475 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] io_poll_double_wake.cold+0x115/0x4e0 fs/io_uring.c:4931 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108 __wake_up_common_lock+0xd0/0x130 kernel/sched/wait.c:138 snd_pcm_update_state+0x46a/0x540 sound/core/pcm_lib.c:203 snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:464 snd_pcm_period_elapsed+0x160/0x250 sound/core/pcm_lib.c:1805 dummy_hrtimer_callback+0x94/0x1b0 sound/drivers/dummy.c:378 __run_hrtimer kernel/time/hrtimer.c:1519 [inline] __hrtimer_run_queues+0x609/0xe40 kernel/time/hrtimer.c:1583 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1600 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345 do_softirq.part.0+0xc8/0x110 kernel/softirq.c:248 </IRQ> do_softirq kernel/softirq.c:240 [inline] __local_bh_enable_ip+0x102/0x120 kernel/softirq.c:198 mld_send_initial_cr.part.0+0xf4/0x150 net/ipv6/mcast.c:2094 mld_send_initial_cr net/ipv6/mcast.c:1191 [inline] ipv6_mc_dad_complete+0x1bb/0x6b0 net/ipv6/mcast.c:2103 addrconf_dad_completed+0x94d/0xc70 net/ipv6/addrconf.c:4175 addrconf_dad_work+0x79f/0x12b0 net/ipv6/addrconf.c:4105 process_one_work+0x98d/0x1600 kernel/workqueue.c:2275 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421 kthread+0x3b1/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different poll and dpoll head different Tested on: commit: 44a23ff1 io_uring: debug messages git tree: git://git.kernel.dk/linux-block syzbot-test console output: https://syzkaller.appspot.com/x/log.txt?x=1790cb92d00000 kernel config: https://syzkaller.appspot.com/x/.config?x=fa0e4e0c3e0cf6e0 dashboard link: https://syzkaller.appspot.com/bug?extid=28abd693db9e92c160d8 compiler: