[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.873765][ C1] [ 42.876126][ C1] ======================================================== [ 42.883485][ C1] WARNING: possible irq lock inversion dependency detected [ 42.892812][ C1] 5.6.0-syzkaller #0 Not tainted [ 42.897935][ C1] -------------------------------------------------------- [ 42.905107][ C1] swapper/1/0 just changed the state of lock: [ 42.911164][ C1] ffff88809e03dcd8 (&ctx->ctx_lock){..-.}-{2:2}, at: free_ioctx_users+0x30/0x1c0 [ 42.920265][ C1] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 42.927930][ C1] (&pid->wait_pidfd){+.+.}-{2:2} [ 42.927940][ C1] [ 42.927940][ C1] [ 42.927940][ C1] and interrupts could create inverse lock ordering between them. [ 42.927940][ C1] [ 42.948425][ C1] [ 42.948425][ C1] other info that might help us debug this: [ 42.956562][ C1] Possible interrupt unsafe locking scenario: [ 42.956562][ C1] [ 42.964865][ C1] CPU0 CPU1 [ 42.970211][ C1] ---- ---- [ 42.975558][ C1] lock(&pid->wait_pidfd); [ 42.980133][ C1] local_irq_disable(); [ 42.986956][ C1] lock(&ctx->ctx_lock); [ 42.993878][ C1] lock(&pid->wait_pidfd); [ 43.001070][ C1] [ 43.004510][ C1] lock(&ctx->ctx_lock); [ 43.009014][ C1] [ 43.009014][ C1] *** DEADLOCK *** [ 43.009014][ C1] [ 43.017507][ C1] 2 locks held by swapper/1/0: [ 43.022264][ C1] #0: ffffffff892e6a20 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x0/0x30 [ 43.031575][ C1] #1: ffffffff892e69d0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 43.041367][ C1] [ 43.041367][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 43.051621][ C1] -> (&pid->wait_pidfd){+.+.}-{2:2} { [ 43.057081][ C1] HARDIRQ-ON-W at: [ 43.061181][ C1] lock_acquire+0x169/0x480 [ 43.067487][ C1] _raw_spin_lock+0x2a/0x40 [ 43.074098][ C1] proc_pid_make_inode+0x187/0x2d0 [ 43.081011][ C1] proc_pid_instantiate+0x4b/0x1a0 [ 43.087920][ C1] proc_pid_lookup+0x218/0x2f0 [ 43.094483][ C1] proc_root_lookup+0x1b/0x50 [ 43.101968][ C1] __lookup_slow+0x240/0x370 [ 43.108389][ C1] walk_component+0x442/0x680 [ 43.115355][ C1] link_path_walk+0x66d/0xba0 [ 43.122993][ C1] path_openat+0x21d/0x38b0 [ 43.129302][ C1] do_filp_open+0x2b4/0x3a0 [ 43.136053][ C1] do_sys_openat2+0x463/0x6f0 [ 43.142522][ C1] __x64_sys_open+0x1af/0x1e0 [ 43.149082][ C1] do_syscall_64+0xf3/0x1b0 [ 43.155383][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.163166][ C1] SOFTIRQ-ON-W at: [ 43.167222][ C1] lock_acquire+0x169/0x480 [ 43.173516][ C1] _raw_spin_lock+0x2a/0x40 [ 43.179821][ C1] proc_pid_make_inode+0x187/0x2d0 [ 43.186741][ C1] proc_pid_instantiate+0x4b/0x1a0 [ 43.193656][ C1] proc_pid_lookup+0x218/0x2f0 [ 43.200223][ C1] proc_root_lookup+0x1b/0x50 [ 43.206973][ C1] __lookup_slow+0x240/0x370 [ 43.213381][ C1] walk_component+0x442/0x680 [ 43.219867][ C1] link_path_walk+0x66d/0xba0 [ 43.226364][ C1] path_openat+0x21d/0x38b0 [ 43.232692][ C1] do_filp_open+0x2b4/0x3a0 [ 43.238989][ C1] do_sys_openat2+0x463/0x6f0 [ 43.245461][ C1] __x64_sys_open+0x1af/0x1e0 [ 43.252131][ C1] do_syscall_64+0xf3/0x1b0 [ 43.258444][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.266145][ C1] INITIAL USE at: [ 43.270118][ C1] lock_acquire+0x169/0x480 [ 43.276507][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 43.283437][ C1] __wake_up+0xb8/0x150 [ 43.289669][ C1] do_notify_parent+0x167/0xce0 [ 43.296257][ C1] do_exit+0x12c5/0x1f80 [ 43.302224][ C1] call_usermodehelper_exec_async+0x47c/0x480 [ 43.310134][ C1] ret_from_fork+0x24/0x30 [ 43.316786][ C1] } [ 43.320871][ C1] ... key at: [] alloc_pid.__key+0x0/0x10 [ 43.328914][ C1] ... acquired at: [ 43.332804][ C1] lock_acquire+0x169/0x480 [ 43.337458][ C1] _raw_spin_lock+0x2a/0x40 [ 43.342201][ C1] io_submit_one+0x10f5/0x1a80 [ 43.347146][ C1] __se_sys_io_submit+0x117/0x220 [ 43.352322][ C1] do_syscall_64+0xf3/0x1b0 [ 43.356976][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.363009][ C1] [ 43.365553][ C1] -> (&ctx->ctx_lock){..-.}-{2:2} { [ 43.370726][ C1] IN-SOFTIRQ-W at: [ 43.374682][ C1] lock_acquire+0x169/0x480 [ 43.380821][ C1] _raw_spin_lock_irq+0x67/0x80 [ 43.387315][ C1] free_ioctx_users+0x30/0x1c0 [ 43.393705][ C1] percpu_ref_put+0x18d/0x1a0 [ 43.400015][ C1] rcu_core+0x816/0x1120 [ 43.405967][ C1] __do_softirq+0x268/0x80c [ 43.412107][ C1] irq_exit+0x223/0x230 [ 43.418224][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 43.425505][ C1] apic_timer_interrupt+0xf/0x20 [ 43.432084][ C1] native_safe_halt+0xe/0x10 [ 43.438326][ C1] default_idle+0x4c/0x70 [ 43.444739][ C1] do_idle+0x1ee/0x650 [ 43.450435][ C1] cpu_startup_entry+0x15/0x20 [ 43.456832][ C1] start_secondary+0x386/0x410 [ 43.463231][ C1] secondary_startup_64+0xa4/0xb0 [ 43.469984][ C1] INITIAL USE at: [ 43.473869][ C1] lock_acquire+0x169/0x480 [ 43.479917][ C1] _raw_spin_lock_irq+0x67/0x80 [ 43.486315][ C1] io_submit_one+0x10cb/0x1a80 [ 43.492628][ C1] __se_sys_io_submit+0x117/0x220 [ 43.499198][ C1] do_syscall_64+0xf3/0x1b0 [ 43.506115][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.513554][ C1] } [ 43.516062][ C1] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 43.524007][ C1] ... acquired at: [ 43.527904][ C1] mark_lock+0x529/0x1b00 [ 43.532390][ C1] __lock_acquire+0xaa7/0x2b90 [ 43.537321][ C1] lock_acquire+0x169/0x480 [ 43.541976][ C1] _raw_spin_lock_irq+0x67/0x80 [ 43.547001][ C1] free_ioctx_users+0x30/0x1c0 [ 43.551929][ C1] percpu_ref_put+0x18d/0x1a0 [ 43.556768][ C1] rcu_core+0x816/0x1120 [ 43.561174][ C1] __do_softirq+0x268/0x80c [ 43.566444][ C1] irq_exit+0x223/0x230 [ 43.570760][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 43.576599][ C1] apic_timer_interrupt+0xf/0x20 [ 43.581701][ C1] native_safe_halt+0xe/0x10 [ 43.587190][ C1] default_idle+0x4c/0x70 [ 43.591668][ C1] do_idle+0x1ee/0x650 [ 43.596270][ C1] cpu_startup_entry+0x15/0x20 [ 43.605672][ C1] start_secondary+0x386/0x410 [ 43.610589][ C1] secondary_startup_64+0xa4/0xb0 [ 43.615781][ C1] [ 43.618112][ C1] [ 43.618112][ C1] stack backtrace: [ 43.624101][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-syzkaller #0 [ 43.631640][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.641673][ C1] Call Trace: [ 43.644934][ C1] [ 43.647767][ C1] dump_stack+0x1e9/0x30e [ 43.652244][ C1] print_irq_inversion_bug+0xb67/0xe90 [ 43.658434][ C1] ? arch_stack_walk+0xb4/0xe0 [ 43.663218][ C1] ? secondary_startup_64+0xa4/0xb0 [ 43.668493][ C1] check_usage_forwards+0x13f/0x240 [ 43.673681][ C1] ? save_trace+0x49/0xb60 [ 43.678083][ C1] mark_lock+0x529/0x1b00 [ 43.684483][ C1] ? check_usage_backwards+0x240/0x240 [ 43.689911][ C1] ? mark_lock+0x102/0x1b00 [ 43.694398][ C1] ? __lock_acquire+0x116c/0x2b90 [ 43.702638][ C1] __lock_acquire+0xaa7/0x2b90 [ 43.707456][ C1] ? pcpu_block_update+0x564/0x890 [ 43.712549][ C1] lock_acquire+0x169/0x480 [ 43.717030][ C1] ? free_ioctx_users+0x30/0x1c0 [ 43.722042][ C1] ? rcu_lock_acquire+0x5/0x30 [ 43.726793][ C1] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 43.732495][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 43.739618][ C1] _raw_spin_lock_irq+0x67/0x80 [ 43.744757][ C1] ? free_ioctx_users+0x30/0x1c0 [ 43.749687][ C1] free_ioctx_users+0x30/0x1c0 [ 43.754465][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 43.760512][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 43.767055][ C1] percpu_ref_put+0x18d/0x1a0 [ 43.773257][ C1] rcu_core+0x816/0x1120 [ 43.777496][ C1] __do_softirq+0x268/0x80c [ 43.781992][ C1] ? irq_exit+0x223/0x230 [ 43.786302][ C1] irq_exit+0x223/0x230 [ 43.791563][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 43.797271][ C1] apic_timer_interrupt+0xf/0x20 [ 43.803048][ C1] [ 43.805961][ C1] RIP: 0010:native_safe_halt+0xe/0x10 [ 43.811498][ C1] Code: 80 e1 07 80 c1 03 38 c1 7c bc 48 89 df e8 7a 66 ab f9 eb b2 cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 26 d4 5a 00 fb f4 90 e9 07 00 00 00 0f 00 2d 16 d4 5a 00 f4 c3 cc cc 41 56 53 65 [ 43.831627][ C1] RSP: 0018:ffffc90000d3fe60 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 43.840209][ C1] RAX: 1ffffffff1257401 RBX: ffff8880a9a3c340 RCX: dffffc0000000000 [ 43.848172][ C1] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8880a9a3cba4 [ 43.856134][ C1] RBP: ffffffff896b7020 R08: ffffffff817b3020 R09: ffffed1015347869 [ 43.864080][ C1] R10: ffffed1015347869 R11: 0000000000000000 R12: 1ffff11015347868 [ 43.873108][ C1] R13: dffffc0000000000 R14: 1ffffffff1