Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.462698][ T7060] [ 62.465082][ T7060] ======================================================== [ 62.472269][ T7060] WARNING: possible irq lock inversion dependency detected [ 62.479459][ T7060] 5.7.0-rc1-next-20200415-syzkaller #0 Not tainted [ 62.485947][ T7060] -------------------------------------------------------- [ 62.493312][ T7060] syz-executor494/7060 just changed the state of lock: [ 62.500145][ T7060] ffff8880954468b8 (&info->lock){+.+.}-{2:2}, at: shmem_mfill_atomic_pte+0x1012/0x21c0 [ 62.509780][ T7060] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 62.517825][ T7060] (&xa->xa_lock#4){..-.}-{2:2} [ 62.517836][ T7060] [ 62.517836][ T7060] [ 62.517836][ T7060] and interrupts could create inverse lock ordering between them. [ 62.517836][ T7060] [ 62.536947][ T7060] [ 62.536947][ T7060] other info that might help us debug this: [ 62.544978][ T7060] Possible interrupt unsafe locking scenario: [ 62.544978][ T7060] [ 62.553289][ T7060] CPU0 CPU1 [ 62.558642][ T7060] ---- ---- [ 62.564072][ T7060] lock(&info->lock); [ 62.568126][ T7060] local_irq_disable(); [ 62.574936][ T7060] lock(&xa->xa_lock#4); [ 62.581768][ T7060] lock(&info->lock); [ 62.588855][ T7060] [ 62.592279][ T7060] lock(&xa->xa_lock#4); [ 62.596750][ T7060] [ 62.596750][ T7060] *** DEADLOCK *** [ 62.596750][ T7060] [ 62.604880][ T7060] 2 locks held by syz-executor494/7060: [ 62.610415][ T7060] #0: ffff888095706368 (&mm->mmap_sem#2){++++}-{3:3}, at: mcopy_atomic+0x195/0x2630 [ 62.619853][ T7060] #1: ffff8880a8305f78 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: shmem_mfill_atomic_pte+0xf76/0x21c0 [ 62.630418][ T7060] [ 62.630418][ T7060] the shortest dependencies between 2nd lock and 1st lock: [ 62.639786][ T7060] -> (&xa->xa_lock#4){..-.}-{2:2} { [ 62.645045][ T7060] IN-SOFTIRQ-W at: [ 62.649110][ T7060] lock_acquire+0x1f2/0x8f0 [ 62.656287][ T7060] _raw_spin_lock_irqsave+0x8c/0xbf [ 62.663287][ T7060] test_clear_page_writeback+0x1d7/0x11e0 [ 62.670803][ T7060] end_page_writeback+0x239/0x520 [ 62.677647][ T7060] end_buffer_async_write+0x442/0x5c0 [ 62.684899][ T7060] end_bio_bh_io_sync+0xe2/0x140 [ 62.691796][ T7060] bio_endio+0x46a/0x820 [ 62.697844][ T7060] blk_update_request+0x3e1/0xdc0 [ 62.704685][ T7060] scsi_end_request+0x80/0x7b0 [ 62.711260][ T7060] scsi_io_completion+0x1e7/0x1300 [ 62.718171][ T7060] scsi_softirq_done+0x31e/0x3b0 [ 62.724915][ T7060] blk_done_softirq+0x2db/0x440 [ 62.731561][ T7060] __do_softirq+0x26c/0x9f7 [ 62.737860][ T7060] irq_exit+0x192/0x1d0 [ 62.743811][ T7060] do_IRQ+0xda/0x270 [ 62.749515][ T7060] ret_from_intr+0x0/0x2b [ 62.755639][ T7060] __sanitizer_cov_trace_pc+0x2b/0x60 [ 62.762805][ T7060] tomoyo_domain_quota_is_ok+0x31b/0x500 [ 62.770250][ T7060] tomoyo_supervisor+0x286/0xe60 [ 62.776984][ T7060] tomoyo_path_permission+0x257/0x360 [ 62.784162][ T7060] tomoyo_path_perm+0x2f6/0x400 [ 62.790845][ T7060] security_inode_getattr+0xeb/0x150 [ 62.797950][ T7060] vfs_getattr+0x22/0x60 [ 62.804014][ T7060] vfs_statx_fd+0x6a/0xb0 [ 62.810164][ T7060] __do_sys_newfstat+0x8b/0x100 [ 62.816853][ T7060] do_syscall_64+0xf6/0x7d0 [ 62.823192][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.830890][ T7060] INITIAL USE at: [ 62.834877][ T7060] lock_acquire+0x1f2/0x8f0 [ 62.841110][ T7060] _raw_spin_lock_irq+0x5b/0x80 [ 62.847695][ T7060] __add_to_page_cache_locked+0x607/0xe00 [ 62.855161][ T7060] add_to_page_cache_lru+0x1aa/0x700 [ 62.862158][ T7060] do_read_cache_page+0x9ab/0x1810 [ 62.868978][ T7060] read_part_sector+0xf6/0x600 [ 62.875449][ T7060] adfspart_check_ICS+0x9d/0xc80 [ 62.882092][ T7060] blk_add_partitions+0x474/0xe50 [ 62.888831][ T7060] bdev_disk_changed+0x1fb/0x380 [ 62.895486][ T7060] __blkdev_get+0xb15/0x1530 [ 62.901780][ T7060] blkdev_get+0x41/0x2b0 [ 62.907730][ T7060] __device_add_disk+0xa4f/0x1170 [ 62.914476][ T7060] brd_init+0x297/0x463 [ 62.920341][ T7060] do_one_initcall+0x10a/0x7d0 [ 62.926821][ T7060] kernel_init_freeable+0x501/0x5ae [ 62.933786][ T7060] kernel_init+0xd/0x1bb [ 62.939771][ T7060] ret_from_fork+0x24/0x30 [ 62.945908][ T7060] } [ 62.948483][ T7060] ... key at: [] __key.18068+0x0/0x40 [ 62.955993][ T7060] ... acquired at: [ 62.959860][ T7060] _raw_spin_lock_irqsave+0x8c/0xbf [ 62.965216][ T7060] shmem_uncharge+0x24/0x270 [ 62.969964][ T7060] split_huge_page_to_list+0x274b/0x33b0 [ 62.975744][ T7060] shmem_punch_compound+0x13e/0x1e0 [ 62.981103][ T7060] shmem_undo_range+0x5f1/0x1b80 [ 62.986184][ T7060] shmem_truncate_range+0x27/0xa0 [ 62.991358][ T7060] shmem_setattr+0x99c/0xc80 [ 62.996181][ T7060] notify_change+0xb6d/0x1020 [ 63.001007][ T7060] do_truncate+0x134/0x1f0 [ 63.005570][ T7060] do_sys_ftruncate+0x4a5/0x570 [ 63.010567][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.015230][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.021273][ T7060] [ 63.023571][ T7060] -> (&info->lock){+.+.}-{2:2} { [ 63.028480][ T7060] HARDIRQ-ON-W at: [ 63.032435][ T7060] lock_acquire+0x1f2/0x8f0 [ 63.038562][ T7060] _raw_spin_lock+0x2a/0x40 [ 63.044797][ T7060] shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.051982][ T7060] shmem_mcopy_atomic_pte+0x3a/0x50 [ 63.058813][ T7060] mcopy_atomic+0xb31/0x2630 [ 63.065027][ T7060] userfaultfd_ioctl+0x752/0x4210 [ 63.071863][ T7060] ksys_ioctl+0x11a/0x180 [ 63.077829][ T7060] __x64_sys_ioctl+0x6f/0xb0 [ 63.084056][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.090181][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.097703][ T7060] SOFTIRQ-ON-W at: [ 63.101682][ T7060] lock_acquire+0x1f2/0x8f0 [ 63.107817][ T7060] _raw_spin_lock+0x2a/0x40 [ 63.113975][ T7060] shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.121268][ T7060] shmem_mcopy_atomic_pte+0x3a/0x50 [ 63.128122][ T7060] mcopy_atomic+0xb31/0x2630 [ 63.134350][ T7060] userfaultfd_ioctl+0x752/0x4210 [ 63.141093][ T7060] ksys_ioctl+0x11a/0x180 [ 63.147209][ T7060] __x64_sys_ioctl+0x6f/0xb0 [ 63.153460][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.159694][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.167204][ T7060] INITIAL USE at: [ 63.172391][ T7060] lock_acquire+0x1f2/0x8f0 [ 63.178647][ T7060] _raw_spin_lock_irq+0x5b/0x80 [ 63.185061][ T7060] shmem_getpage_gfp+0x937/0x2a10 [ 63.191633][ T7060] shmem_write_begin+0x102/0x1e0 [ 63.201601][ T7060] generic_perform_write+0x20a/0x4e0 [ 63.208439][ T7060] __generic_file_write_iter+0x24c/0x610 [ 63.215622][ T7060] generic_file_write_iter+0x3f3/0x630 [ 63.222625][ T7060] new_sync_write+0x4a2/0x700 [ 63.228904][ T7060] __vfs_write+0xc9/0x100 [ 63.234772][ T7060] vfs_write+0x268/0x5d0 [ 63.240548][ T7060] ksys_write+0x12d/0x250 [ 63.246427][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.252465][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.259885][ T7060] } [ 63.262435][ T7060] ... key at: [] __key.56628+0x0/0x40 [ 63.269871][ T7060] ... acquired at: [ 63.273845][ T7060] mark_lock+0x624/0xf10 [ 63.278261][ T7060] __lock_acquire+0x98c/0x4c50 [ 63.283187][ T7060] lock_acquire+0x1f2/0x8f0 [ 63.288720][ T7060] _raw_spin_lock+0x2a/0x40 [ 63.293374][ T7060] shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.299069][ T7060] shmem_mcopy_atomic_pte+0x3a/0x50 [ 63.304535][ T7060] mcopy_atomic+0xb31/0x2630 [ 63.309273][ T7060] userfaultfd_ioctl+0x752/0x4210 [ 63.314446][ T7060] ksys_ioctl+0x11a/0x180 [ 63.318921][ T7060] __x64_sys_ioctl+0x6f/0xb0 [ 63.323658][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.328307][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.334344][ T7060] [ 63.336823][ T7060] [ 63.336823][ T7060] stack backtrace: [ 63.342711][ T7060] CPU: 1 PID: 7060 Comm: syz-executor494 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 63.352566][ T7060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.362633][ T7060] Call Trace: [ 63.366087][ T7060] dump_stack+0x188/0x20d [ 63.370392][ T7060] check_usage_backwards.cold+0x1d/0x26 [ 63.375912][ T7060] ? print_shortest_lock_dependencies+0x80/0x80 [ 63.382142][ T7060] ? stack_trace_consume_entry+0x160/0x160 [ 63.387939][ T7060] ? print_usage_bug+0x240/0x240 [ 63.392861][ T7060] ? save_trace+0x5da/0x9f0 [ 63.397362][ T7060] mark_lock+0x624/0xf10 [ 63.401597][ T7060] ? print_shortest_lock_dependencies+0x80/0x80 [ 63.407812][ T7060] ? print_usage_bug+0x240/0x240 [ 63.412747][ T7060] __lock_acquire+0x98c/0x4c50 [ 63.417487][ T7060] ? shmem_seek_hole_data+0x3c2/0x4c0 [ 63.422873][ T7060] ? print_usage_bug+0x240/0x240 [ 63.427792][ T7060] ? mark_held_locks+0xe0/0xe0 [ 63.432543][ T7060] ? mark_held_locks+0x9f/0xe0 [ 63.437299][ T7060] ? __this_cpu_preempt_check+0x28/0x190 [ 63.442920][ T7060] lock_acquire+0x1f2/0x8f0 [ 63.447404][ T7060] ? shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.453117][ T7060] ? lock_release+0x800/0x800 [ 63.457869][ T7060] ? __this_cpu_preempt_check+0x84/0x190 [ 63.463565][ T7060] ? do_raw_spin_lock+0x129/0x2e0 [ 63.468562][ T7060] ? rwlock_bug.part.0+0x90/0x90 [ 63.473485][ T7060] _raw_spin_lock+0x2a/0x40 [ 63.477963][ T7060] ? shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.483665][ T7060] shmem_mfill_atomic_pte+0x1012/0x21c0 [ 63.489202][ T7060] ? shmem_add_to_page_cache+0x1390/0x1390 [ 63.495431][ T7060] ? down_read+0x110/0x430 [ 63.499836][ T7060] ? down_read_killable+0x460/0x460 [ 63.505021][ T7060] shmem_mcopy_atomic_pte+0x3a/0x50 [ 63.510207][ T7060] mcopy_atomic+0xb31/0x2630 [ 63.514794][ T7060] ? mm_alloc_pmd+0x300/0x300 [ 63.519447][ T7060] ? __might_fault+0x190/0x1d0 [ 63.524185][ T7060] userfaultfd_ioctl+0x752/0x4210 [ 63.529182][ T7060] ? userfaultfd_read+0x16f0/0x16f0 [ 63.534351][ T7060] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 63.540227][ T7060] ? do_vfs_ioctl+0x50c/0x12d0 [ 63.544963][ T7060] ? ioctl_file_clone+0x180/0x180 [ 63.549963][ T7060] ? down_read_nested+0x430/0x430 [ 63.555318][ T7060] ? userfaultfd_read+0x16f0/0x16f0 [ 63.560487][ T7060] ? ksys_ioctl+0x11a/0x180 [ 63.564975][ T7060] ksys_ioctl+0x11a/0x180 [ 63.569310][ T7060] __x64_sys_ioctl+0x6f/0xb0 [ 63.573875][ T7060] ? lockdep_hardirqs_on+0x463/0x620 [ 63.579132][ T7060] do_syscall_64+0xf6/0x7d0 [ 63.583623][ T7060] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.589487][ T7060] RIP: 0033:0x4443f9 [ 63.593357][ T7060] Code: 0d d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.612944][ T7060] RSP: 002b:00007ffdce144a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 63.621329][ T7060] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004443f9 [ 63.629806][ T7060] RDX: 00000000200a0fe0 RSI: 00000000c028aa03 RDI: 0000000000000004 [ 63.637750][ T7060] RBP: 00000000006cf018 R08: 00000000004002e0 R09: 00000000004002e0 [ 63.645703][ T7060] R10: 00000000004002e0 R11: 0000000000000246 R12: 0000000000402060 [ 63.653649][ T7060] R13: 00000000004020f0 R14: 0000000000000000 R15: 0000000000000000