[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.242' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.050050][ C1] [ 41.052525][ C1] ======================================================== [ 41.059694][ C1] WARNING: possible irq lock inversion dependency detected [ 41.066860][ C1] 5.6.0-syzkaller #0 Not tainted [ 41.071766][ C1] -------------------------------------------------------- [ 41.078930][ C1] swapper/1/0 just changed the state of lock: [ 41.084980][ C1] ffff8880a7e6bcd8 (&ctx->ctx_lock){..-.}-{2:2}, at: free_ioctx_users+0x30/0x1c0 [ 41.094086][ C1] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 41.102395][ C1] (&pid->wait_pidfd){+.+.}-{2:2} [ 41.102402][ C1] [ 41.102402][ C1] [ 41.102402][ C1] and interrupts could create inverse lock ordering between them. [ 41.102402][ C1] [ 41.121703][ C1] [ 41.121703][ C1] other info that might help us debug this: [ 41.129763][ C1] Possible interrupt unsafe locking scenario: [ 41.129763][ C1] [ 41.138081][ C1] CPU0 CPU1 [ 41.143442][ C1] ---- ---- [ 41.148792][ C1] lock(&pid->wait_pidfd); [ 41.153307][ C1] local_irq_disable(); [ 41.160044][ C1] lock(&ctx->ctx_lock); [ 41.166879][ C1] lock(&pid->wait_pidfd); [ 41.173884][ C1] [ 41.177314][ C1] lock(&ctx->ctx_lock); [ 41.181785][ C1] [ 41.181785][ C1] *** DEADLOCK *** [ 41.181785][ C1] [ 41.189907][ C1] 2 locks held by swapper/1/0: [ 41.194651][ C1] #0: ffffffff892e6be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x0/0x30 [ 41.203825][ C1] #1: ffffffff892e6b90 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 41.213082][ C1] [ 41.213082][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 41.222438][ C1] -> (&pid->wait_pidfd){+.+.}-{2:2} { [ 41.227884][ C1] HARDIRQ-ON-W at: [ 41.231990][ C1] lock_acquire+0x169/0x480 [ 41.238293][ C1] _raw_spin_lock+0x2a/0x40 [ 41.244596][ C1] proc_pid_make_inode+0x187/0x2d0 [ 41.251519][ C1] proc_pid_instantiate+0x4b/0x1a0 [ 41.258438][ C1] proc_pid_lookup+0x218/0x2f0 [ 41.264996][ C1] proc_root_lookup+0x1b/0x50 [ 41.271480][ C1] __lookup_slow+0x240/0x370 [ 41.277950][ C1] walk_component+0x442/0x680 [ 41.284433][ C1] link_path_walk+0x66d/0xba0 [ 41.290905][ C1] path_openat+0x21d/0x38b0 [ 41.297199][ C1] do_filp_open+0x191/0x3a0 [ 41.303506][ C1] do_sys_openat2+0x463/0x770 [ 41.309987][ C1] __x64_sys_open+0x1af/0x1e0 [ 41.316465][ C1] do_syscall_64+0xf3/0x1b0 [ 41.322778][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.330463][ C1] SOFTIRQ-ON-W at: [ 41.334507][ C1] lock_acquire+0x169/0x480 [ 41.340804][ C1] _raw_spin_lock+0x2a/0x40 [ 41.347104][ C1] proc_pid_make_inode+0x187/0x2d0 [ 41.354027][ C1] proc_pid_instantiate+0x4b/0x1a0 [ 41.360994][ C1] proc_pid_lookup+0x218/0x2f0 [ 41.367600][ C1] proc_root_lookup+0x1b/0x50 [ 41.374176][ C1] __lookup_slow+0x240/0x370 [ 41.380577][ C1] walk_component+0x442/0x680 [ 41.387278][ C1] link_path_walk+0x66d/0xba0 [ 41.393851][ C1] path_openat+0x21d/0x38b0 [ 41.400167][ C1] do_filp_open+0x191/0x3a0 [ 41.406496][ C1] do_sys_openat2+0x463/0x770 [ 41.412983][ C1] __x64_sys_open+0x1af/0x1e0 [ 41.419473][ C1] do_syscall_64+0xf3/0x1b0 [ 41.425776][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.433476][ C1] INITIAL USE at: [ 41.437433][ C1] lock_acquire+0x169/0x480 [ 41.443655][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 41.450597][ C1] __wake_up+0xb8/0x150 [ 41.456484][ C1] do_notify_parent+0x167/0xce0 [ 41.463046][ C1] do_exit+0x12c5/0x1f80 [ 41.469014][ C1] call_usermodehelper_exec_async+0x47c/0x480 [ 41.477149][ C1] ret_from_fork+0x24/0x30 [ 41.483269][ C1] } [ 41.485834][ C1] ... key at: [] alloc_pid.__key+0x0/0x10 [ 41.493719][ C1] ... acquired at: [ 41.497603][ C1] lock_acquire+0x169/0x480 [ 41.503998][ C1] _raw_spin_lock+0x2a/0x40 [ 41.508658][ C1] io_submit_one+0x10f5/0x1a80 [ 41.513567][ C1] __se_sys_io_submit+0x117/0x220 [ 41.518734][ C1] do_syscall_64+0xf3/0x1b0 [ 41.523580][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.529629][ C1] [ 41.531943][ C1] -> (&ctx->ctx_lock){..-.}-{2:2} { [ 41.537110][ C1] IN-SOFTIRQ-W at: [ 41.541076][ C1] lock_acquire+0x169/0x480 [ 41.547228][ C1] _raw_spin_lock_irq+0x67/0x80 [ 41.553722][ C1] free_ioctx_users+0x30/0x1c0 [ 41.560147][ C1] percpu_ref_put+0x18d/0x1a0 [ 41.566453][ C1] rcu_core+0x816/0x1120 [ 41.572370][ C1] __do_softirq+0x268/0x80c [ 41.578531][ C1] irq_exit+0x223/0x230 [ 41.584308][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 41.591485][ C1] apic_timer_interrupt+0xf/0x20 [ 41.598054][ C1] native_safe_halt+0xe/0x10 [ 41.604264][ C1] default_idle+0x4c/0x70 [ 41.610211][ C1] do_idle+0x1ee/0x650 [ 41.615897][ C1] cpu_startup_entry+0x15/0x20 [ 41.622280][ C1] start_secondary+0x386/0x410 [ 41.628663][ C1] secondary_startup_64+0xa4/0xb0 [ 41.635311][ C1] INITIAL USE at: [ 41.639178][ C1] lock_acquire+0x169/0x480 [ 41.645219][ C1] _raw_spin_lock_irq+0x67/0x80 [ 41.651617][ C1] io_submit_one+0x10cb/0x1a80 [ 41.657920][ C1] __se_sys_io_submit+0x117/0x220 [ 41.664577][ C1] do_syscall_64+0xf3/0x1b0 [ 41.670615][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.678040][ C1] } [ 41.680520][ C1] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 41.688469][ C1] ... acquired at: [ 41.692248][ C1] mark_lock+0x529/0x1b00 [ 41.696717][ C1] __lock_acquire+0xaa7/0x2b90 [ 41.701709][ C1] lock_acquire+0x169/0x480 [ 41.706391][ C1] _raw_spin_lock_irq+0x67/0x80 [ 41.711387][ C1] free_ioctx_users+0x30/0x1c0 [ 41.716295][ C1] percpu_ref_put+0x18d/0x1a0 [ 41.721125][ C1] rcu_core+0x816/0x1120 [ 41.725514][ C1] __do_softirq+0x268/0x80c [ 41.730173][ C1] irq_exit+0x223/0x230 [ 41.734470][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 41.740194][ C1] apic_timer_interrupt+0xf/0x20 [ 41.745292][ C1] native_safe_halt+0xe/0x10 [ 41.750028][ C1] default_idle+0x4c/0x70 [ 41.754515][ C1] do_idle+0x1ee/0x650 [ 41.758745][ C1] cpu_startup_entry+0x15/0x20 [ 41.763665][ C1] start_secondary+0x386/0x410 [ 41.768572][ C1] secondary_startup_64+0xa4/0xb0 [ 41.773868][ C1] [ 41.776173][ C1] [ 41.776173][ C1] stack backtrace: [ 41.782038][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-syzkaller #0 [ 41.789552][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.799586][ C1] Call Trace: [ 41.802931][ C1] [ 41.805862][ C1] dump_stack+0x1e9/0x30e [ 41.810165][ C1] print_irq_inversion_bug+0xb67/0xe90 [ 41.815596][ C1] ? arch_stack_walk+0xb4/0xe0 [ 41.820345][ C1] ? secondary_startup_64+0xa4/0xb0 [ 41.825977][ C1] check_usage_forwards+0x13f/0x240 [ 41.831166][ C1] ? save_trace+0x49/0xb60 [ 41.835566][ C1] mark_lock+0x529/0x1b00 [ 41.839873][ C1] ? check_usage_backwards+0x240/0x240 [ 41.845309][ C1] ? mark_lock+0x102/0x1b00 [ 41.849800][ C1] ? __lock_acquire+0x116c/0x2b90 [ 41.854800][ C1] __lock_acquire+0xaa7/0x2b90 [ 41.859899][ C1] ? pcpu_block_update+0x564/0x890 [ 41.864989][ C1] lock_acquire+0x169/0x480 [ 41.869466][ C1] ? free_ioctx_users+0x30/0x1c0 [ 41.874388][ C1] ? rcu_lock_acquire+0x5/0x30 [ 41.879196][ C1] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 41.884899][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 41.890952][ C1] _raw_spin_lock_irq+0x67/0x80 [ 41.895942][ C1] ? free_ioctx_users+0x30/0x1c0 [ 41.900853][ C1] free_ioctx_users+0x30/0x1c0 [ 41.905608][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 41.911663][ C1] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 41.917713][ C1] percpu_ref_put+0x18d/0x1a0 [ 41.922361][ C1] rcu_core+0x816/0x1120 [ 41.926581][ C1] __do_softirq+0x268/0x80c [ 41.931071][ C1] ? irq_exit+0x223/0x230 [ 41.935371][ C1] irq_exit+0x223/0x230 [ 41.939497][ C1] smp_apic_timer_interrupt+0x113/0x280 [ 41.945131][ C1] apic_timer_interrupt+0xf/0x20 [ 41.950054][ C1] [ 41.952980][ C1] RIP: 0010:native_safe_halt+0xe/0x10 [ 41.958332][ C1] Code: 80 e1 07 80 c1 03 38 c1 7c bc 48 89 df e8 8a 40 a8 f9 eb b2 cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 76 25 57 00 fb f4 90 e9 07 00 00 00 0f 00 2d 66 25 57 00 f4 c3 cc cc 41 56 53 65 [ 41.978188][ C1] RSP: 0018:ffffc90000d3fe60 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 41.986600][ C1] RAX: 1ffffffff1257401 RBX: ffff8880a9a3c340 RCX: dffffc0000000000 [ 41.994547][ C1] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffff8880a9a3cba4 [ 42.002686][ C1] RBP: ffffffff896b9960 R08: ffffffff817b9ae0 R09: ffffed1015347869 [ 42.010637][ C1] R10: ffffed1015347869 R11: 0000000000000000 R12: 1ffff11015347868 [ 42.018599][ C1] R13: dffffc0000000000 R14: 1ffffffff12573ff R15: 0000000000000001 [ 42.026560][ C1] ? trace_hardirqs_on+0x30/0x70 [ 42.031572][ C1] default_idle+0x4c/0x70 [ 42.035876][ C1] do_idle+0x1ee/0x650 [ 42.039917][ C1] cpu_startup_entry+0x15/0x20 [ 42.044663][ C1] start_secondary+0x386/0x410 [ 42.049441][ C1] secondary_startup_64+0xa4/0xb0