Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.385082][ C0] [ 58.387429][ C0] ======================================================== [ 58.394605][ C0] WARNING: possible irq lock inversion dependency detected [ 58.401776][ C0] 5.6.0-syzkaller #0 Not tainted [ 58.406685][ C0] -------------------------------------------------------- [ 58.413852][ C0] swapper/0/0 just changed the state of lock: [ 58.419924][ C0] ffff888097305cd8 (&ctx->ctx_lock){..-.}-{2:2}, at: free_ioctx_users+0x2b/0x450 [ 58.429024][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 58.436533][ C0] (&pid->wait_pidfd){+.+.}-{2:2} [ 58.436539][ C0] [ 58.436539][ C0] [ 58.436539][ C0] and interrupts could create inverse lock ordering between them. [ 58.436539][ C0] [ 58.455917][ C0] [ 58.455917][ C0] other info that might help us debug this: [ 58.464004][ C0] Possible interrupt unsafe locking scenario: [ 58.464004][ C0] [ 58.472302][ C0] CPU0 CPU1 [ 58.477663][ C0] ---- ---- [ 58.483007][ C0] lock(&pid->wait_pidfd); [ 58.487493][ C0] local_irq_disable(); [ 58.494234][ C0] lock(&ctx->ctx_lock); [ 58.501060][ C0] lock(&pid->wait_pidfd); [ 58.508060][ C0] [ 58.511490][ C0] lock(&ctx->ctx_lock); [ 58.515965][ C0] [ 58.515965][ C0] *** DEADLOCK *** [ 58.515965][ C0] [ 58.524130][ C0] 2 locks held by swapper/0/0: [ 58.528864][ C0] #0: ffffffff899bbaa0 (rcu_callback){....}-{0:0}, at: rcu_core+0x520/0x1370 [ 58.538224][ C0] #1: ffffffff899bbbc0 (rcu_read_lock){....}-{1:2}, at: percpu_ref_switch_to_atomic_rcu+0x209/0x540 [ 58.549199][ C0] [ 58.549199][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 58.558562][ C0] -> (&pid->wait_pidfd){+.+.}-{2:2} { [ 58.563998][ C0] HARDIRQ-ON-W at: [ 58.568047][ C0] lock_acquire+0x1f2/0x8f0 [ 58.574350][ C0] _raw_spin_lock+0x2a/0x40 [ 58.580728][ C0] proc_pid_make_inode+0x1f9/0x3c0 [ 58.587650][ C0] proc_pid_instantiate+0x51/0x150 [ 58.594554][ C0] proc_pid_lookup+0x1da/0x340 [ 58.601113][ C0] proc_root_lookup+0x20/0x60 [ 58.607587][ C0] __lookup_slow+0x256/0x490 [ 58.613971][ C0] walk_component+0x418/0x6a0 [ 58.620445][ C0] link_path_walk.part.0+0x4f1/0xb50 [ 58.627549][ C0] path_openat+0x25a/0x27d0 [ 58.633848][ C0] do_filp_open+0x192/0x260 [ 58.640147][ C0] do_sys_openat2+0x585/0x7d0 [ 58.646618][ C0] do_sys_open+0xc3/0x140 [ 58.652747][ C0] do_syscall_64+0xf6/0x7d0 [ 58.659147][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.668220][ C0] SOFTIRQ-ON-W at: [ 58.672263][ C0] lock_acquire+0x1f2/0x8f0 [ 58.678566][ C0] _raw_spin_lock+0x2a/0x40 [ 58.684869][ C0] proc_pid_make_inode+0x1f9/0x3c0 [ 58.691778][ C0] proc_pid_instantiate+0x51/0x150 [ 58.698694][ C0] proc_pid_lookup+0x1da/0x340 [ 58.705262][ C0] proc_root_lookup+0x20/0x60 [ 58.711740][ C0] __lookup_slow+0x256/0x490 [ 58.718130][ C0] walk_component+0x418/0x6a0 [ 58.724604][ C0] link_path_walk.part.0+0x4f1/0xb50 [ 58.731686][ C0] path_openat+0x25a/0x27d0 [ 58.737991][ C0] do_filp_open+0x192/0x260 [ 58.744300][ C0] do_sys_openat2+0x585/0x7d0 [ 58.750778][ C0] do_sys_open+0xc3/0x140 [ 58.756923][ C0] do_syscall_64+0xf6/0x7d0 [ 58.763231][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.770934][ C0] INITIAL USE at: [ 58.774903][ C0] lock_acquire+0x1f2/0x8f0 [ 58.781217][ C0] _raw_spin_lock_irqsave+0x8c/0xbf [ 58.788127][ C0] __wake_up_common_lock+0xb4/0x130 [ 58.795039][ C0] do_notify_parent+0x19e/0xe60 [ 58.801647][ C0] do_exit+0x238f/0x2dd0 [ 58.807600][ C0] call_usermodehelper_exec_async+0x507/0x710 [ 58.815387][ C0] ret_from_fork+0x24/0x30 [ 58.821508][ C0] } [ 58.824075][ C0] ... key at: [] __key.53827+0x0/0x40 [ 58.831581][ C0] ... acquired at: [ 58.835448][ C0] _raw_spin_lock+0x2a/0x40 [ 58.840108][ C0] io_submit_one+0xc1b/0x2ec0 [ 58.844933][ C0] __x64_sys_io_submit+0x1bd/0x540 [ 58.850253][ C0] do_syscall_64+0xf6/0x7d0 [ 58.854950][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.860996][ C0] [ 58.863298][ C0] -> (&ctx->ctx_lock){..-.}-{2:2} { [ 58.868474][ C0] IN-SOFTIRQ-W at: [ 58.872433][ C0] lock_acquire+0x1f2/0x8f0 [ 58.878564][ C0] _raw_spin_lock_irq+0x5b/0x80 [ 58.885053][ C0] free_ioctx_users+0x2b/0x450 [ 58.891453][ C0] percpu_ref_switch_to_atomic_rcu+0x494/0x540 [ 58.899250][ C0] rcu_core+0x59f/0x1370 [ 58.905116][ C0] __do_softirq+0x26c/0x9f7 [ 58.911243][ C0] irq_exit+0x192/0x1d0 [ 58.917022][ C0] smp_apic_timer_interrupt+0x19e/0x600 [ 58.924197][ C0] apic_timer_interrupt+0xf/0x20 [ 58.930866][ C0] native_safe_halt+0xe/0x10 [ 58.937090][ C0] default_idle+0x49/0x350 [ 58.943173][ C0] do_idle+0x393/0x690 [ 58.948873][ C0] cpu_startup_entry+0x14/0x20 [ 58.955265][ C0] start_kernel+0x867/0x8a1 [ 58.961394][ C0] secondary_startup_64+0xa4/0xb0 [ 58.968062][ C0] INITIAL USE at: [ 58.971952][ C0] lock_acquire+0x1f2/0x8f0 [ 58.978159][ C0] _raw_spin_lock_irq+0x5b/0x80 [ 58.984562][ C0] io_submit_one+0xbd6/0x2ec0 [ 58.990792][ C0] __x64_sys_io_submit+0x1bd/0x540 [ 58.997444][ C0] do_syscall_64+0xf6/0x7d0 [ 59.003620][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.011049][ C0] } [ 59.013541][ C0] ... key at: [] __key.55303+0x0/0x40 [ 59.020963][ C0] ... acquired at: [ 59.024748][ C0] mark_lock+0x624/0xf10 [ 59.029140][ C0] __lock_acquire+0x1d28/0x4e00 [ 59.034135][ C0] lock_acquire+0x1f2/0x8f0 [ 59.038788][ C0] _raw_spin_lock_irq+0x5b/0x80 [ 59.043795][ C0] free_ioctx_users+0x2b/0x450 [ 59.048704][ C0] percpu_ref_switch_to_atomic_rcu+0x494/0x540 [ 59.055001][ C0] rcu_core+0x59f/0x1370 [ 59.059389][ C0] __do_softirq+0x26c/0x9f7 [ 59.064034][ C0] irq_exit+0x192/0x1d0 [ 59.068336][ C0] smp_apic_timer_interrupt+0x19e/0x600 [ 59.074025][ C0] apic_timer_interrupt+0xf/0x20 [ 59.079142][ C0] native_safe_halt+0xe/0x10 [ 59.083878][ C0] default_idle+0x49/0x350 [ 59.088438][ C0] do_idle+0x393/0x690 [ 59.092653][ C0] cpu_startup_entry+0x14/0x20 [ 59.097577][ C0] start_kernel+0x867/0x8a1 [ 59.102244][ C0] secondary_startup_64+0xa4/0xb0 [ 59.107457][ C0] [ 59.109761][ C0] [ 59.109761][ C0] stack backtrace: [ 59.115640][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-syzkaller #0 [ 59.123204][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.133266][ C0] Call Trace: [ 59.136530][ C0] [ 59.139373][ C0] dump_stack+0x188/0x20d [ 59.143685][ C0] check_usage_forwards.cold+0x20/0x29 [ 59.149131][ C0] ? check_usage_backwards+0x4e0/0x4e0 [ 59.154616][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 59.160422][ C0] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 59.166987][ C0] ? save_trace+0x42/0x9f0 [ 59.171382][ C0] mark_lock+0x624/0xf10 [ 59.175601][ C0] ? check_usage_backwards+0x4e0/0x4e0 [ 59.181032][ C0] ? print_usage_bug+0x240/0x240 [ 59.185946][ C0] ? print_usage_bug+0x240/0x240 [ 59.190854][ C0] ? mark_lock+0x12b/0xf10 [ 59.195246][ C0] __lock_acquire+0x1d28/0x4e00 [ 59.200076][ C0] ? mark_held_locks+0xe0/0xe0 [ 59.204813][ C0] ? __wake_up_common_lock+0xde/0x130 [ 59.210156][ C0] lock_acquire+0x1f2/0x8f0 [ 59.214634][ C0] ? free_ioctx_users+0x2b/0x450 [ 59.219558][ C0] ? lock_release+0x800/0x800 [ 59.224208][ C0] ? lock_acquire+0x1f2/0x8f0 [ 59.228860][ C0] ? percpu_ref_switch_to_atomic_rcu+0x209/0x540 [ 59.235171][ C0] ? lock_release+0x800/0x800 [ 59.239839][ C0] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 59.245744][ C0] _raw_spin_lock_irq+0x5b/0x80 [ 59.250576][ C0] ? free_ioctx_users+0x2b/0x450 [ 59.255490][ C0] free_ioctx_users+0x2b/0x450 [ 59.260236][ C0] percpu_ref_switch_to_atomic_rcu+0x494/0x540 [ 59.266368][ C0] rcu_core+0x59f/0x1370 [ 59.270599][ C0] ? __rcu_read_unlock+0x700/0x700 [ 59.275920][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.281486][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.287443][ C0] ? run_rebalance_domains+0x202/0x2c0 [ 59.292880][ C0] __do_softirq+0x26c/0x9f7 [ 59.297364][ C0] irq_exit+0x192/0x1d0 [ 59.301501][ C0] smp_apic_timer_interrupt+0x19e/0x600 [ 59.307018][ C0] apic_timer_interrupt+0xf/0x20 [ 59.311926][ C0] [ 59.314841][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 59.320185][ C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d d4 f2 59 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 f2 59 00 fb f4 cc 41 56 41 55 41 54 55 53 e8 33 77 92 f9 e8 3e b3 ca fb 0f 1f [ 59.339760][ C0] RSP: 0018:ffffffff89807d98 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 59.348154][ C0] RAX: 1ffffffff132925f RBX: ffffffff898864c0 RCX: 0000000000000000 [ 59.356199][ C0] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffffffff89886d84 [ 59.364150][ C0] RBP: dffffc0000000000 R08: ffffffff898864c0 R09: 0000000000000000 [ 59.372097][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff1310c98 [ 59.380141][ C0] R13: 0000000000000000 R14: ffffffff8a88e980 R15: 0000000000000000 [ 59.388102][ C0] default_idle+0x49/0x350 [ 59.392494][ C0] do_idle+0x393/0x690 [ 59.396541][ C0] ? rcu_read_lock_held+0x9c/0xb0 [ 59.401538][ C0] ? arch_cpu_idle_exit+0x70/0x70 [ 59.406546][ C0] ? schedule+0xe7/0x2a0 [ 59.410767][ C0] ? trace_init_perf_perm_irq_work_exit+0xe/0xe [ 59.416979][ C0] cpu_startup_entry+0x14/0x20 [ 59.421716][ C0] start_kernel+0x867/0x8a1 [ 59.426199][ C0] ? mem_encrypt_init+0x5/0x5 [ 59.430933][ C0] ? x86_family+0x3d/0x50 [ 59.435256][ C0] ? load_ucode_bsp+0x23d/0x27d [ 59.440080][ C0] secondary_startup_64+0xa4/0xb0