[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.517053][ C0] [ 43.519537][ C0] ======================================================== [ 43.526695][ C0] WARNING: possible irq lock inversion dependency detected [ 43.533882][ C0] 5.6.0-syzkaller #0 Not tainted [ 43.538785][ C0] -------------------------------------------------------- [ 43.545959][ C0] swapper/0/0 just changed the state of lock: [ 43.551990][ C0] ffff888096c83cd8 (&ctx->ctx_lock){..-.}-{2:2}, at: free_ioctx_users+0x30/0x1c0 [ 43.561088][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 43.568597][ C0] (&pid->wait_pidfd){+.+.}-{2:2} [ 43.568603][ C0] [ 43.568603][ C0] [ 43.568603][ C0] and interrupts could create inverse lock ordering between them. [ 43.568603][ C0] [ 43.587911][ C0] [ 43.587911][ C0] other info that might help us debug this: [ 43.595950][ C0] Possible interrupt unsafe locking scenario: [ 43.595950][ C0] [ 43.604240][ C0] CPU0 CPU1 [ 43.609598][ C0] ---- ---- [ 43.614933][ C0] lock(&pid->wait_pidfd); [ 43.619424][ C0] local_irq_disable(); [ 43.626148][ C0] lock(&ctx->ctx_lock); [ 43.632962][ C0] lock(&pid->wait_pidfd); [ 43.639957][ C0] [ 43.643381][ C0] lock(&ctx->ctx_lock); [ 43.647861][ C0] [ 43.647861][ C0] *** DEADLOCK *** [ 43.647861][ C0] [ 43.655977][ C0] 2 locks held by swapper/0/0: [ 43.660715][ C0] #0: ffffffff892e6a20 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x0/0x30 [ 43.669905][ C0] #1: ffffffff892e69d0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 43.679166][ C0] [ 43.679166][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 43.688517][ C0] -> (&pid->wait_pidfd){+.+.}-{2:2} { [ 43.693955][ C0] HARDIRQ-ON-W at: [ 43.697996][ C0] lock_acquire+0x169/0x480 [ 43.704306][ C0] _raw_spin_lock+0x2a/0x40 [ 43.710601][ C0] proc_pid_make_inode+0x187/0x2d0 [ 43.717502][ C0] proc_pid_instantiate+0x4b/0x1a0 [ 43.724403][ C0] proc_pid_lookup+0x218/0x2f0 [ 43.730959][ C0] proc_root_lookup+0x1b/0x50 [ 43.737429][ C0] __lookup_slow+0x240/0x370 [ 43.743812][ C0] walk_component+0x442/0x680 [ 43.750309][ C0] link_path_walk+0x66d/0xba0 [ 43.756799][ C0] path_openat+0x21d/0x38b0 [ 43.763150][ C0] do_filp_open+0x2b4/0x3a0 [ 43.769496][ C0] do_sys_openat2+0x463/0x6f0 [ 43.775965][ C0] __x64_sys_open+0x1af/0x1e0 [ 43.782438][ C0] do_syscall_64+0xf3/0x1b0 [ 43.788744][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.796436][ C0] SOFTIRQ-ON-W at: [ 43.800476][ C0] lock_acquire+0x169/0x480 [ 43.806771][ C0] _raw_spin_lock+0x2a/0x40 [ 43.813095][ C0] proc_pid_make_inode+0x187/0x2d0 [ 43.820006][ C0] proc_pid_instantiate+0x4b/0x1a0 [ 43.826921][ C0] proc_pid_lookup+0x218/0x2f0 [ 43.833479][ C0] proc_root_lookup+0x1b/0x50 [ 43.839948][ C0] __lookup_slow+0x240/0x370 [ 43.846330][ C0] walk_component+0x442/0x680 [ 43.852796][ C0] link_path_walk+0x66d/0xba0 [ 43.859276][ C0] path_openat+0x21d/0x38b0 [ 43.865608][ C0] do_filp_open+0x2b4/0x3a0 [ 43.871931][ C0] do_sys_openat2+0x463/0x6f0 [ 43.878437][ C0] __x64_sys_open+0x1af/0x1e0 [ 43.885013][ C0] do_syscall_64+0xf3/0x1b0 [ 43.891317][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.898999][ C0] INITIAL USE at: [ 43.902965][ C0] lock_acquire+0x169/0x480 [ 43.909182][ C0] _raw_spin_lock_irqsave+0x9e/0xc0 [ 43.916085][ C0] __wake_up+0xb8/0x150 [ 43.921957][ C0] do_notify_parent+0x167/0xce0 [ 43.928514][ C0] do_exit+0x12c5/0x1f80 [ 43.934460][ C0] call_usermodehelper_exec_async+0x47c/0x480 [ 43.942243][ C0] ret_from_fork+0x24/0x30 [ 43.948361][ C0] } [ 43.950923][ C0] ... key at: [] alloc_pid.__key+0x0/0x10 [ 43.958834][ C0] ... acquired at: [ 43.962726][ C0] lock_acquire+0x169/0x480 [ 43.967373][ C0] _raw_spin_lock+0x2a/0x40 [ 43.972017][ C0] io_submit_one+0x10f5/0x1a80 [ 43.976922][ C0] __se_sys_io_submit+0x117/0x220 [ 43.982087][ C0] do_syscall_64+0xf3/0x1b0 [ 43.986736][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 43.992777][ C0] [ 43.995179][ C0] -> (&ctx->ctx_lock){..-.}-{2:2} { [ 44.000344][ C0] IN-SOFTIRQ-W at: [ 44.004294][ C0] lock_acquire+0x169/0x480 [ 44.010415][ C0] _raw_spin_lock_irq+0x67/0x80 [ 44.016886][ C0] free_ioctx_users+0x30/0x1c0 [ 44.023268][ C0] percpu_ref_put+0x18d/0x1a0 [ 44.029577][ C0] rcu_core+0x816/0x1120 [ 44.035431][ C0] __do_softirq+0x268/0x80c [ 44.041572][ C0] irq_exit+0x223/0x230 [ 44.047361][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 44.054536][ C0] apic_timer_interrupt+0xf/0x20 [ 44.061097][ C0] native_safe_halt+0xe/0x10 [ 44.067345][ C0] default_idle+0x4c/0x70 [ 44.073334][ C0] do_idle+0x1ee/0x650 [ 44.079029][ C0] cpu_startup_entry+0x15/0x20 [ 44.085415][ C0] start_kernel+0x674/0x774 [ 44.091537][ C0] secondary_startup_64+0xa4/0xb0 [ 44.098177][ C0] INITIAL USE at: [ 44.102051][ C0] lock_acquire+0x169/0x480 [ 44.108089][ C0] _raw_spin_lock_irq+0x67/0x80 [ 44.114468][ C0] io_submit_one+0x10cb/0x1a80 [ 44.120764][ C0] __se_sys_io_submit+0x117/0x220 [ 44.127344][ C0] do_syscall_64+0xf3/0x1b0 [ 44.133385][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 44.140808][ C0] } [ 44.143284][ C0] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 44.151221][ C0] ... acquired at: [ 44.154995][ C0] mark_lock+0x529/0x1b00 [ 44.159465][ C0] __lock_acquire+0xaa7/0x2b90 [ 44.164367][ C0] lock_acquire+0x169/0x480 [ 44.169013][ C0] _raw_spin_lock_irq+0x67/0x80 [ 44.174003][ C0] free_ioctx_users+0x30/0x1c0 [ 44.178919][ C0] percpu_ref_put+0x18d/0x1a0 [ 44.183736][ C0] rcu_core+0x816/0x1120 [ 44.188122][ C0] __do_softirq+0x268/0x80c [ 44.192774][ C0] irq_exit+0x223/0x230 [ 44.197073][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 44.202760][ C0] apic_timer_interrupt+0xf/0x20 [ 44.207839][ C0] native_safe_halt+0xe/0x10 [ 44.212567][ C0] default_idle+0x4c/0x70 [ 44.217123][ C0] do_idle+0x1ee/0x650 [ 44.221332][ C0] cpu_startup_entry+0x15/0x20 [ 44.226236][ C0] start_kernel+0x674/0x774 [ 44.230885][ C0] secondary_startup_64+0xa4/0xb0 [ 44.236055][ C0] [ 44.238376][ C0] [ 44.238376][ C0] stack backtrace: [ 44.244239][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-syzkaller #0 [ 44.251747][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.261782][ C0] Call Trace: [ 44.265048][ C0] [ 44.267888][ C0] dump_stack+0x1e9/0x30e [ 44.272189][ C0] print_irq_inversion_bug+0xb67/0xe90 [ 44.277618][ C0] ? arch_stack_walk+0xb4/0xe0 [ 44.282350][ C0] ? secondary_startup_64+0xa4/0xb0 [ 44.287518][ C0] check_usage_forwards+0x13f/0x240 [ 44.292682][ C0] ? save_trace+0x49/0xb60 [ 44.297079][ C0] mark_lock+0x529/0x1b00 [ 44.301377][ C0] ? check_usage_backwards+0x240/0x240 [ 44.306803][ C0] ? mark_lock+0x102/0x1b00 [ 44.311276][ C0] ? __lock_acquire+0x116c/0x2b90 [ 44.316276][ C0] __lock_acquire+0xaa7/0x2b90 [ 44.321013][ C0] ? pcpu_block_update+0x564/0x890 [ 44.326091][ C0] lock_acquire+0x169/0x480 [ 44.330576][ C0] ? free_ioctx_users+0x30/0x1c0 [ 44.335496][ C0] ? rcu_lock_acquire+0x5/0x30 [ 44.340229][ C0] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 44.345927][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 44.351971][ C0] _raw_spin_lock_irq+0x67/0x80 [ 44.356795][ C0] ? free_ioctx_users+0x30/0x1c0 [ 44.361708][ C0] free_ioctx_users+0x30/0x1c0 [ 44.366457][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 44.372493][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 44.378536][ C0] percpu_ref_put+0x18d/0x1a0 [ 44.383200][ C0] rcu_core+0x816/0x1120 [ 44.387413][ C0] __do_softirq+0x268/0x80c [ 44.391885][ C0] ? irq_exit+0x223/0x230 [ 44.396193][ C0] irq_exit+0x223/0x230 [ 44.400319][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 44.405846][ C0] apic_timer_interrupt+0xf/0x20 [ 44.410757][ C0] [ 44.413715][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 44.419061][ C0] Code: 80 e1 07 80 c1 03 38 c1 7c bc 48 89 df e8 7a 66 ab f9 eb b2 cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 26 d4 5a 00 fb f4 90 e9 07 00 00 00 0f 00 2d 16 d4 5a 00 f4 c3 cc cc 41 56 53 65 [ 44.438640][ C0] RSP: 0018:ffffffff89207e68 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 44.447039][ C0] RAX: 1ffffffff1257401 RBX: ffffffff89281b00 RCX: dffffc0000000000 [ 44.455014][ C0] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff89282364 [ 44.462976][ C0] RBP: ffffffff896b7020 R08: ffffffff817b3020 R09: fffffbfff1250361 [ 44.470924][ C0] R10: fffffbfff1250361 R11: 0000000000000000 R12: 1ffffffff1250360 [ 44.478882][ C0] R13: dffffc0000000000 R14: 1ffffffff12573ff R15: 0000000000000000 [ 44.486834][ C0] ? trace_hardirqs_on+0x30/0x70 [ 44.491745][ C0] default_idle+0x4c/0x70 [ 44.496039][ C0] do_idle+0x1ee/0x650 [ 44.500077][ C0] cpu_startup_entry+0x15/0x20 [ 44.504821][ C0] ? time_init+0x33/0x33 [ 44.509036][ C0] start_kernel+0x674/0x774 [ 44.513519][ C0] secondary_startup_64+0xa4/0xb0