Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.896462][ T7848] [ 49.898982][ T7848] ======================================================== [ 49.906257][ T7848] WARNING: possible irq lock inversion dependency detected [ 49.913422][ T7848] 5.0.0-rc5-next-20190208 #31 Not tainted [ 49.919128][ T7848] -------------------------------------------------------- [ 49.926430][ T7848] syz-executor109/7848 just changed the state of lock: [ 49.933245][ T7848] 000000001689a9cb (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 49.943049][ T7848] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 49.951081][ T7848] (&(&ctx->ctx_lock)->rlock){..-.} [ 49.951087][ T7848] [ 49.951087][ T7848] [ 49.951087][ T7848] and interrupts could create inverse lock ordering between them. [ 49.951087][ T7848] [ 49.970535][ T7848] [ 49.970535][ T7848] other info that might help us debug this: [ 49.978564][ T7848] Chain exists of: [ 49.978564][ T7848] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 49.978564][ T7848] [ 49.992764][ T7848] Possible interrupt unsafe locking scenario: [ 49.992764][ T7848] [ 50.001055][ T7848] CPU0 CPU1 [ 50.006545][ T7848] ---- ---- [ 50.012037][ T7848] lock(&ctx->fault_pending_wqh); [ 50.017132][ T7848] local_irq_disable(); [ 50.023865][ T7848] lock(&(&ctx->ctx_lock)->rlock); [ 50.031568][ T7848] lock(&ctx->fd_wqh); [ 50.038228][ T7848] [ 50.041657][ T7848] lock(&(&ctx->ctx_lock)->rlock); [ 50.047009][ T7848] [ 50.047009][ T7848] *** DEADLOCK *** [ 50.047009][ T7848] [ 50.055130][ T7848] no locks held by syz-executor109/7848. [ 50.060729][ T7848] [ 50.060729][ T7848] the shortest dependencies between 2nd lock and 1st lock: [ 50.070145][ T7848] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 50.075846][ T7848] IN-SOFTIRQ-W at: [ 50.079979][ T7848] lock_acquire+0x16f/0x3f0 [ 50.086457][ T7848] _raw_spin_lock_irq+0x60/0x80 [ 50.093379][ T7848] free_ioctx_users+0x2d/0x4a0 [ 50.100251][ T7848] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 50.108383][ T7848] rcu_core+0x928/0x1390 [ 50.114662][ T7848] __do_softirq+0x266/0x95a [ 50.121275][ T7848] irq_exit+0x180/0x1d0 [ 50.127456][ T7848] smp_apic_timer_interrupt+0x14a/0x570 [ 50.134976][ T7848] apic_timer_interrupt+0xf/0x20 [ 50.141889][ T7848] native_safe_halt+0x2/0x10 [ 50.148456][ T7848] arch_cpu_idle+0x10/0x20 [ 50.154946][ T7848] default_idle_call+0x36/0x90 [ 50.161687][ T7848] do_idle+0x386/0x570 [ 50.167732][ T7848] cpu_startup_entry+0x1b/0x20 [ 50.174470][ T7848] rest_init+0x245/0x37b [ 50.180687][ T7848] arch_call_rest_init+0xe/0x1b [ 50.187514][ T7848] start_kernel+0x816/0x84f [ 50.193988][ T7848] x86_64_start_reservations+0x29/0x2b [ 50.201421][ T7848] x86_64_start_kernel+0x77/0x7b [ 50.208333][ T7848] secondary_startup_64+0xa4/0xb0 [ 50.215433][ T7848] INITIAL USE at: [ 50.219578][ T7848] lock_acquire+0x16f/0x3f0 [ 50.225969][ T7848] _raw_spin_lock_irq+0x60/0x80 [ 50.232701][ T7848] io_submit_one+0xeb6/0x1cf0 [ 50.239261][ T7848] __x64_sys_io_submit+0x1bd/0x580 [ 50.246259][ T7848] do_syscall_64+0x103/0x610 [ 50.252734][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.260507][ T7848] } [ 50.263164][ T7848] ... key at: [] __key.52546+0x0/0x40 [ 50.270891][ T7848] ... acquired at: [ 50.274846][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.279518][ T7848] io_submit_one+0xedf/0x1cf0 [ 50.284341][ T7848] __x64_sys_io_submit+0x1bd/0x580 [ 50.289597][ T7848] do_syscall_64+0x103/0x610 [ 50.294332][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.300382][ T7848] [ 50.302688][ T7848] -> (&ctx->fd_wqh){....} { [ 50.307254][ T7848] INITIAL USE at: [ 50.311213][ T7848] lock_acquire+0x16f/0x3f0 [ 50.317438][ T7848] _raw_spin_lock_irq+0x60/0x80 [ 50.324127][ T7848] userfaultfd_read+0x27a/0x1940 [ 50.330783][ T7848] __vfs_read+0x116/0x8c0 [ 50.336943][ T7848] vfs_read+0x194/0x3e0 [ 50.342809][ T7848] ksys_read+0xea/0x1f0 [ 50.348692][ T7848] __x64_sys_read+0x73/0xb0 [ 50.354915][ T7848] do_syscall_64+0x103/0x610 [ 50.361282][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.368949][ T7848] } [ 50.371536][ T7848] ... key at: [] __key.45473+0x0/0x40 [ 50.379046][ T7848] ... acquired at: [ 50.382926][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.387586][ T7848] userfaultfd_read+0x540/0x1940 [ 50.392794][ T7848] __vfs_read+0x116/0x8c0 [ 50.397273][ T7848] vfs_read+0x194/0x3e0 [ 50.401572][ T7848] ksys_read+0xea/0x1f0 [ 50.405996][ T7848] __x64_sys_read+0x73/0xb0 [ 50.410648][ T7848] do_syscall_64+0x103/0x610 [ 50.415386][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.421543][ T7848] [ 50.423969][ T7848] -> (&ctx->fault_pending_wqh){+.+.} { [ 50.429404][ T7848] HARDIRQ-ON-W at: [ 50.433361][ T7848] lock_acquire+0x16f/0x3f0 [ 50.439504][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.445634][ T7848] userfaultfd_release+0x48e/0x6d0 [ 50.452367][ T7848] __fput+0x2df/0x8d0 [ 50.457972][ T7848] ____fput+0x16/0x20 [ 50.463577][ T7848] task_work_run+0x14a/0x1c0 [ 50.469786][ T7848] do_exit+0x90a/0x2fa0 [ 50.475577][ T7848] do_group_exit+0x135/0x370 [ 50.481792][ T7848] get_signal+0x35c/0x1d60 [ 50.487836][ T7848] do_signal+0x87/0x1940 [ 50.493704][ T7848] exit_to_usermode_loop+0x244/0x2c0 [ 50.500627][ T7848] do_syscall_64+0x52d/0x610 [ 50.506854][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.514697][ T7848] SOFTIRQ-ON-W at: [ 50.518773][ T7848] lock_acquire+0x16f/0x3f0 [ 50.524908][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.531035][ T7848] userfaultfd_release+0x48e/0x6d0 [ 50.537771][ T7848] __fput+0x2df/0x8d0 [ 50.543473][ T7848] ____fput+0x16/0x20 [ 50.549079][ T7848] task_work_run+0x14a/0x1c0 [ 50.555417][ T7848] do_exit+0x90a/0x2fa0 [ 50.561197][ T7848] do_group_exit+0x135/0x370 [ 50.567409][ T7848] get_signal+0x35c/0x1d60 [ 50.573446][ T7848] do_signal+0x87/0x1940 [ 50.579314][ T7848] exit_to_usermode_loop+0x244/0x2c0 [ 50.586225][ T7848] do_syscall_64+0x52d/0x610 [ 50.592443][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.599954][ T7848] INITIAL USE at: [ 50.603830][ T7848] lock_acquire+0x16f/0x3f0 [ 50.609871][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.616031][ T7848] userfaultfd_read+0x540/0x1940 [ 50.622512][ T7848] __vfs_read+0x116/0x8c0 [ 50.628500][ T7848] vfs_read+0x194/0x3e0 [ 50.634192][ T7848] ksys_read+0xea/0x1f0 [ 50.639894][ T7848] __x64_sys_read+0x73/0xb0 [ 50.645948][ T7848] do_syscall_64+0x103/0x610 [ 50.652076][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.659505][ T7848] } [ 50.661983][ T7848] ... key at: [] __key.45470+0x0/0x40 [ 50.669413][ T7848] ... acquired at: [ 50.673197][ T7848] mark_lock+0x427/0x1380 [ 50.677720][ T7848] __lock_acquire+0xc86/0x4790 [ 50.682631][ T7848] lock_acquire+0x16f/0x3f0 [ 50.687293][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.691944][ T7848] userfaultfd_release+0x48e/0x6d0 [ 50.697447][ T7848] __fput+0x2df/0x8d0 [ 50.701695][ T7848] ____fput+0x16/0x20 [ 50.705830][ T7848] task_work_run+0x14a/0x1c0 [ 50.710577][ T7848] do_exit+0x90a/0x2fa0 [ 50.714900][ T7848] do_group_exit+0x135/0x370 [ 50.719644][ T7848] get_signal+0x35c/0x1d60 [ 50.724223][ T7848] do_signal+0x87/0x1940 [ 50.728724][ T7848] exit_to_usermode_loop+0x244/0x2c0 [ 50.734274][ T7848] do_syscall_64+0x52d/0x610 [ 50.739018][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.745110][ T7848] [ 50.747432][ T7848] [ 50.747432][ T7848] stack backtrace: [ 50.753432][ T7848] CPU: 0 PID: 7848 Comm: syz-executor109 Not tainted 5.0.0-rc5-next-20190208 #31 [ 50.762610][ T7848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.772640][ T7848] Call Trace: [ 50.775912][ T7848] dump_stack+0x172/0x1f0 [ 50.780225][ T7848] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 50.786311][ T7848] check_usage_backwards.cold+0x1d/0x26 [ 50.791938][ T7848] ? print_shortest_lock_dependencies+0x90/0x90 [ 50.798169][ T7848] ? save_stack_trace+0x1a/0x20 [ 50.802993][ T7848] ? save_trace+0xe0/0x290 [ 50.807385][ T7848] mark_lock+0x427/0x1380 [ 50.811685][ T7848] ? print_shortest_lock_dependencies+0x90/0x90 [ 50.817899][ T7848] __lock_acquire+0xc86/0x4790 [ 50.822634][ T7848] ? depot_save_stack+0x1de/0x460 [ 50.827638][ T7848] ? kasan_check_write+0x14/0x20 [ 50.832554][ T7848] ? mark_held_locks+0xf0/0xf0 [ 50.837298][ T7848] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 50.843076][ T7848] ? depot_save_stack+0x1de/0x460 [ 50.848073][ T7848] ? __lock_acquire+0x54b/0x4790 [ 50.853119][ T7848] ? __lock_acquire+0x54b/0x4790 [ 50.858040][ T7848] ? free_fs_struct+0x4f/0x70 [ 50.862828][ T7848] ? do_exit+0x8e0/0x2fa0 [ 50.867131][ T7848] lock_acquire+0x16f/0x3f0 [ 50.871612][ T7848] ? userfaultfd_release+0x48e/0x6d0 [ 50.876888][ T7848] _raw_spin_lock+0x2f/0x40 [ 50.881362][ T7848] ? userfaultfd_release+0x48e/0x6d0 [ 50.886700][ T7848] userfaultfd_release+0x48e/0x6d0 [ 50.891794][ T7848] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 50.897693][ T7848] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 50.903911][ T7848] ? ima_file_free+0xc9/0x4a0 [ 50.908575][ T7848] ? __might_sleep+0x95/0x190 [ 50.913233][ T7848] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 50.919015][ T7848] __fput+0x2df/0x8d0 [ 50.922970][ T7848] ____fput+0x16/0x20 [ 50.926924][ T7848] task_work_run+0x14a/0x1c0 [ 50.931492][ T7848] do_exit+0x90a/0x2fa0 [ 50.935641][ T7848] ? get_signal+0x2f2/0x1d60 [ 50.940213][ T7848] ? mm_update_next_owner+0x660/0x660 [ 50.945562][ T7848] ? kasan_check_write+0x14/0x20 [ 50.950472][ T7848] ? _raw_spin_unlock_irq+0x28/0x90 [ 50.955647][ T7848] ? get_signal+0x2f2/0x1d60 [ 50.960232][ T7848] ? _raw_spin_unlock_irq+0x28/0x90 [ 50.965409][ T7848] do_group_exit+0x135/0x370 [ 50.969976][ T7848] get_signal+0x35c/0x1d60 [ 50.974466][ T7848] ? __x64_sys_io_submit+0x31f/0x580 [ 50.979732][ T7848] do_signal+0x87/0x1940 [ 50.983951][ T7848] ? lock_downgrade+0x880/0x880 [ 50.988878][ T7848] ? kasan_check_read+0x11/0x20 [ 50.993700][ T7848] ? setup_sigcontext+0x7d0/0x7d0 [ 50.998817][ T7848] ? exit_to_usermode_loop+0x43/0x2c0 [ 51.004170][ T7848] ? do_syscall_64+0x52d/0x610 [ 51.009022][ T7848] ? exit_to_usermode_loop+0x43/0x2c0 [ 51.014370][ T7848] ? lockdep_hardirqs_on+0x418/0x5d0 [ 51.019632][ T7848] ? trace_hardirqs_on+0x67/0x230 [ 51.024660][ T7848] exit_to_usermode_loop+0x244/0x2c0 [ 51.029921][ T7848] do_syscall_64+0x52d/0x610 [ 51.034487][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.040478][ T7848] RIP: 0033:0x4457a9 [ 51.044796][ T7848] Code: Bad RIP value. [ 51.048836][ T7848] RSP: 002b:0