Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.676844][ T7746] [ 44.679239][ T7746] ======================================================== [ 44.686577][ T7746] WARNING: possible irq lock inversion dependency detected [ 44.694125][ T7746] 5.1.0-rc3+ #48 Not tainted [ 44.698699][ T7746] -------------------------------------------------------- [ 44.706225][ T7746] syz-executor688/7746 just changed the state of lock: [ 44.713334][ T7746] 00000000752a28b0 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 44.723135][ T7746] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 44.731352][ T7746] (&(&ctx->ctx_lock)->rlock){..-.} [ 44.731358][ T7746] [ 44.731358][ T7746] [ 44.731358][ T7746] and interrupts could create inverse lock ordering between them. [ 44.731358][ T7746] [ 44.751493][ T7746] [ 44.751493][ T7746] other info that might help us debug this: [ 44.759686][ T7746] Chain exists of: [ 44.759686][ T7746] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 44.759686][ T7746] [ 44.774034][ T7746] Possible interrupt unsafe locking scenario: [ 44.774034][ T7746] [ 44.782435][ T7746] CPU0 CPU1 [ 44.787789][ T7746] ---- ---- [ 44.793142][ T7746] lock(&ctx->fault_pending_wqh); [ 44.798306][ T7746] local_irq_disable(); [ 44.805083][ T7746] lock(&(&ctx->ctx_lock)->rlock); [ 44.813178][ T7746] lock(&ctx->fd_wqh); [ 44.820024][ T7746] [ 44.823643][ T7746] lock(&(&ctx->ctx_lock)->rlock); [ 44.829007][ T7746] [ 44.829007][ T7746] *** DEADLOCK *** [ 44.829007][ T7746] [ 44.837389][ T7746] no locks held by syz-executor688/7746. [ 44.843005][ T7746] [ 44.843005][ T7746] the shortest dependencies between 2nd lock and 1st lock: [ 44.852358][ T7746] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 44.858065][ T7746] IN-SOFTIRQ-W at: [ 44.862212][ T7746] lock_acquire+0x16f/0x3f0 [ 44.868758][ T7746] _raw_spin_lock_irq+0x60/0x80 [ 44.875695][ T7746] free_ioctx_users+0x2d/0x4a0 [ 44.882442][ T7746] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 44.890670][ T7746] rcu_core+0x928/0x1390 [ 44.896920][ T7746] __do_softirq+0x266/0x95a [ 44.903406][ T7746] irq_exit+0x180/0x1d0 [ 44.909539][ T7746] smp_apic_timer_interrupt+0x14a/0x570 [ 44.917057][ T7746] apic_timer_interrupt+0xf/0x20 [ 44.923967][ T7746] native_safe_halt+0x2/0x10 [ 44.930534][ T7746] arch_cpu_idle+0x10/0x20 [ 44.936921][ T7746] default_idle_call+0x36/0x90 [ 44.943657][ T7746] do_idle+0x386/0x570 [ 44.949697][ T7746] cpu_startup_entry+0x1b/0x20 [ 44.956455][ T7746] rest_init+0x245/0x37b [ 44.962670][ T7746] arch_call_rest_init+0xe/0x1b [ 44.969493][ T7746] start_kernel+0x816/0x84f [ 44.975966][ T7746] x86_64_start_reservations+0x29/0x2b [ 44.983400][ T7746] x86_64_start_kernel+0x77/0x7b [ 44.990308][ T7746] secondary_startup_64+0xa4/0xb0 [ 44.997380][ T7746] INITIAL USE at: [ 45.001426][ T7746] lock_acquire+0x16f/0x3f0 [ 45.007811][ T7746] _raw_spin_lock_irq+0x60/0x80 [ 45.014568][ T7746] io_submit_one+0xaec/0x2f90 [ 45.021126][ T7746] __x64_sys_io_submit+0x1bd/0x580 [ 45.028119][ T7746] do_syscall_64+0x103/0x610 [ 45.034589][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.042354][ T7746] } [ 45.045024][ T7746] ... key at: [] __key.52649+0x0/0x40 [ 45.052635][ T7746] ... acquired at: [ 45.056604][ T7746] lock_acquire+0x16f/0x3f0 [ 45.061263][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.065917][ T7746] io_submit_one+0xb31/0x2f90 [ 45.070739][ T7746] __x64_sys_io_submit+0x1bd/0x580 [ 45.076083][ T7746] do_syscall_64+0x103/0x610 [ 45.080821][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.086850][ T7746] [ 45.089157][ T7746] -> (&ctx->fd_wqh){....} { [ 45.093717][ T7746] INITIAL USE at: [ 45.097674][ T7746] lock_acquire+0x16f/0x3f0 [ 45.103907][ T7746] _raw_spin_lock_irq+0x60/0x80 [ 45.110561][ T7746] userfaultfd_read+0x27a/0x1940 [ 45.117206][ T7746] __vfs_read+0x8d/0x110 [ 45.123154][ T7746] vfs_read+0x194/0x3e0 [ 45.129020][ T7746] ksys_read+0xea/0x1f0 [ 45.134887][ T7746] __x64_sys_read+0x73/0xb0 [ 45.141102][ T7746] do_syscall_64+0x103/0x610 [ 45.147404][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.154998][ T7746] } [ 45.157562][ T7746] ... key at: [] __key.45459+0x0/0x40 [ 45.165068][ T7746] ... acquired at: [ 45.168949][ T7746] lock_acquire+0x16f/0x3f0 [ 45.173609][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.178256][ T7746] userfaultfd_read+0x540/0x1940 [ 45.183340][ T7746] __vfs_read+0x8d/0x110 [ 45.187742][ T7746] vfs_read+0x194/0x3e0 [ 45.192044][ T7746] ksys_read+0xea/0x1f0 [ 45.196346][ T7746] __x64_sys_read+0x73/0xb0 [ 45.200996][ T7746] do_syscall_64+0x103/0x610 [ 45.205730][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.211759][ T7746] [ 45.214054][ T7746] -> (&ctx->fault_pending_wqh){+.+.} { [ 45.219482][ T7746] HARDIRQ-ON-W at: [ 45.223434][ T7746] lock_acquire+0x16f/0x3f0 [ 45.229558][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.235682][ T7746] userfaultfd_release+0x48e/0x6d0 [ 45.242410][ T7746] __fput+0x2e5/0x8d0 [ 45.248012][ T7746] ____fput+0x16/0x20 [ 45.253617][ T7746] task_work_run+0x14a/0x1c0 [ 45.259825][ T7746] do_exit+0x90a/0x2fa0 [ 45.265600][ T7746] do_group_exit+0x135/0x370 [ 45.271813][ T7746] get_signal+0x399/0x1d50 [ 45.277851][ T7746] do_signal+0x87/0x1940 [ 45.283720][ T7746] exit_to_usermode_loop+0x244/0x2c0 [ 45.290624][ T7746] do_syscall_64+0x52d/0x610 [ 45.296834][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.304340][ T7746] SOFTIRQ-ON-W at: [ 45.308297][ T7746] lock_acquire+0x16f/0x3f0 [ 45.314436][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.320559][ T7746] userfaultfd_release+0x48e/0x6d0 [ 45.327291][ T7746] __fput+0x2e5/0x8d0 [ 45.332897][ T7746] ____fput+0x16/0x20 [ 45.338499][ T7746] task_work_run+0x14a/0x1c0 [ 45.344711][ T7746] do_exit+0x90a/0x2fa0 [ 45.350490][ T7746] do_group_exit+0x135/0x370 [ 45.356697][ T7746] get_signal+0x399/0x1d50 [ 45.362732][ T7746] do_signal+0x87/0x1940 [ 45.368599][ T7746] exit_to_usermode_loop+0x244/0x2c0 [ 45.375504][ T7746] do_syscall_64+0x52d/0x610 [ 45.381714][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.389222][ T7746] INITIAL USE at: [ 45.393096][ T7746] lock_acquire+0x16f/0x3f0 [ 45.399133][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.405181][ T7746] userfaultfd_read+0x540/0x1940 [ 45.411664][ T7746] __vfs_read+0x8d/0x110 [ 45.417443][ T7746] vfs_read+0x194/0x3e0 [ 45.423148][ T7746] ksys_read+0xea/0x1f0 [ 45.428838][ T7746] __x64_sys_read+0x73/0xb0 [ 45.434884][ T7746] do_syscall_64+0x103/0x610 [ 45.441025][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.448461][ T7746] } [ 45.450942][ T7746] ... key at: [] __key.45456+0x0/0x40 [ 45.458360][ T7746] ... acquired at: [ 45.462143][ T7746] mark_lock+0x427/0x1380 [ 45.466616][ T7746] __lock_acquire+0x1317/0x3fb0 [ 45.471625][ T7746] lock_acquire+0x16f/0x3f0 [ 45.476271][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.480919][ T7746] userfaultfd_release+0x48e/0x6d0 [ 45.486175][ T7746] __fput+0x2e5/0x8d0 [ 45.490299][ T7746] ____fput+0x16/0x20 [ 45.494425][ T7746] task_work_run+0x14a/0x1c0 [ 45.499158][ T7746] do_exit+0x90a/0x2fa0 [ 45.503458][ T7746] do_group_exit+0x135/0x370 [ 45.508194][ T7746] get_signal+0x399/0x1d50 [ 45.512770][ T7746] do_signal+0x87/0x1940 [ 45.517158][ T7746] exit_to_usermode_loop+0x244/0x2c0 [ 45.522586][ T7746] do_syscall_64+0x52d/0x610 [ 45.527324][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.533353][ T7746] [ 45.535668][ T7746] [ 45.535668][ T7746] stack backtrace: [ 45.541549][ T7746] CPU: 0 PID: 7746 Comm: syz-executor688 Not tainted 5.1.0-rc3+ #48 [ 45.549499][ T7746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.559536][ T7746] Call Trace: [ 45.562805][ T7746] dump_stack+0x172/0x1f0 [ 45.567111][ T7746] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 45.573149][ T7746] check_usage_backwards.cold+0x1d/0x26 [ 45.578666][ T7746] ? print_shortest_lock_dependencies+0x90/0x90 [ 45.584887][ T7746] ? save_stack_trace+0x1a/0x20 [ 45.589717][ T7746] mark_lock+0x427/0x1380 [ 45.594017][ T7746] ? print_shortest_lock_dependencies+0x90/0x90 [ 45.600227][ T7746] __lock_acquire+0x1317/0x3fb0 [ 45.605051][ T7746] ? trace_hardirqs_off+0x62/0x220 [ 45.610136][ T7746] ? kasan_check_read+0x11/0x20 [ 45.614962][ T7746] ? mark_held_locks+0xf0/0xf0 [ 45.619700][ T7746] ? save_stack+0xa9/0xd0 [ 45.624000][ T7746] ? save_stack+0x45/0xd0 [ 45.628302][ T7746] ? __kasan_slab_free+0x102/0x150 [ 45.633408][ T7746] ? kasan_slab_free+0xe/0x10 [ 45.638057][ T7746] ? kmem_cache_free+0x86/0x260 [ 45.642884][ T7746] ? free_fs_struct+0x4f/0x70 [ 45.647533][ T7746] ? exit_fs+0xf0/0x130 [ 45.651661][ T7746] lock_acquire+0x16f/0x3f0 [ 45.656136][ T7746] ? userfaultfd_release+0x48e/0x6d0 [ 45.661394][ T7746] _raw_spin_lock+0x2f/0x40 [ 45.665877][ T7746] ? userfaultfd_release+0x48e/0x6d0 [ 45.671159][ T7746] userfaultfd_release+0x48e/0x6d0 [ 45.676244][ T7746] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 45.682038][ T7746] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 45.688251][ T7746] ? ima_file_free+0xc9/0x4a0 [ 45.692913][ T7746] ? __might_sleep+0x95/0x190 [ 45.697561][ T7746] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 45.703961][ T7746] __fput+0x2e5/0x8d0 [ 45.707932][ T7746] ____fput+0x16/0x20 [ 45.711888][ T7746] task_work_run+0x14a/0x1c0 [ 45.716452][ T7746] do_exit+0x90a/0x2fa0 [ 45.720582][ T7746] ? get_signal+0x331/0x1d50 [ 45.725145][ T7746] ? mm_update_next_owner+0x640/0x640 [ 45.730489][ T7746] ? kasan_check_write+0x14/0x20 [ 45.735401][ T7746] ? _raw_spin_unlock_irq+0x28/0x90 [ 45.740570][ T7746] ? get_signal+0x331/0x1d50 [ 45.745238][ T7746] ? _raw_spin_unlock_irq+0x28/0x90 [ 45.750414][ T7746] do_group_exit+0x135/0x370 [ 45.754977][ T7746] get_signal+0x399/0x1d50 [ 45.759365][ T7746] ? __x64_sys_io_submit+0x31f/0x580 [ 45.764621][ T7746] do_signal+0x87/0x1940 [ 45.768839][ T7746] ? lock_downgrade+0x880/0x880 [ 45.773661][ T7746] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.779879][ T7746] ? kasan_check_read+0x11/0x20 [ 45.784703][ T7746] ? setup_sigcontext+0x7d0/0x7d0 [ 45.789703][ T7746] ? exit_to_usermode_loop+0x43/0x2c0 [ 45.795047][ T7746] ? do_syscall_64+0x52d/0x610 [ 45.799782][ T7746] ? exit_to_usermode_loop+0x43/0x2c0 [ 45.805136][ T7746] ? lockdep_hardirqs_on+0x418/0x5d0 [ 45.810394][ T7746] ? trace_hardirqs_on+0x67/0x230 [ 45.815395][ T7746] exit_to_usermode_loop+0x244/0x2c0 [ 45.820650][ T7746] do_syscall_64+0x52d/0x610 [ 45.825227][ T7746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.831103][ T7746] RIP: 0033:0x4458d9 [ 45.835000][ T7746] Code: Bad RIP value. [ 45.839126][ T7746] RSP: 002b:00007feebaa16db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 45.847764][ T7746] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 00000000004458d9 [ 45.855709][ T7746] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac58 [ 45.863651][ T7746] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 45.871594][ T7746] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 45.879537][ T7746] R13: 0000