[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.540464][ C0] [ 44.542859][ C0] ======================================================== [ 44.550030][ C0] WARNING: possible irq lock inversion dependency detected [ 44.557205][ C0] 5.6.0-syzkaller #0 Not tainted [ 44.562128][ C0] -------------------------------------------------------- [ 44.569296][ C0] swapper/0/0 just changed the state of lock: [ 44.575334][ C0] ffff888091a71cd8 (&ctx->ctx_lock){..-.}-{2:2}, at: free_ioctx_users+0x30/0x1c0 [ 44.584872][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 44.592386][ C0] (&pid->wait_pidfd){+.+.}-{2:2} [ 44.592392][ C0] [ 44.592392][ C0] [ 44.592392][ C0] and interrupts could create inverse lock ordering between them. [ 44.592392][ C0] [ 44.611673][ C0] [ 44.611673][ C0] other info that might help us debug this: [ 44.619760][ C0] Possible interrupt unsafe locking scenario: [ 44.619760][ C0] [ 44.628067][ C0] CPU0 CPU1 [ 44.633413][ C0] ---- ---- [ 44.638764][ C0] lock(&pid->wait_pidfd); [ 44.643237][ C0] local_irq_disable(); [ 44.649964][ C0] lock(&ctx->ctx_lock); [ 44.656791][ C0] lock(&pid->wait_pidfd); [ 44.663818][ C0] [ 44.667251][ C0] lock(&ctx->ctx_lock); [ 44.671870][ C0] [ 44.671870][ C0] *** DEADLOCK *** [ 44.671870][ C0] [ 44.680014][ C0] 2 locks held by swapper/0/0: [ 44.684762][ C0] #0: ffffffff892e6be0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire+0x0/0x30 [ 44.693940][ C0] #1: ffffffff892e6b90 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 44.703204][ C0] [ 44.703204][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 44.712565][ C0] -> (&pid->wait_pidfd){+.+.}-{2:2} { [ 44.718005][ C0] HARDIRQ-ON-W at: [ 44.722055][ C0] lock_acquire+0x169/0x480 [ 44.728373][ C0] _raw_spin_lock+0x2a/0x40 [ 44.734682][ C0] proc_pid_make_inode+0x187/0x2d0 [ 44.741600][ C0] proc_pid_instantiate+0x4b/0x1a0 [ 44.748535][ C0] proc_pid_lookup+0x218/0x2f0 [ 44.755119][ C0] proc_root_lookup+0x1b/0x50 [ 44.761617][ C0] __lookup_slow+0x240/0x370 [ 44.768012][ C0] walk_component+0x442/0x680 [ 44.774611][ C0] link_path_walk+0x66d/0xba0 [ 44.781131][ C0] path_openat+0x21d/0x38b0 [ 44.787453][ C0] do_filp_open+0x191/0x3a0 [ 44.793767][ C0] do_sys_openat2+0x463/0x770 [ 44.800267][ C0] __x64_sys_open+0x1af/0x1e0 [ 44.806755][ C0] do_syscall_64+0xf3/0x1b0 [ 44.813065][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 44.820782][ C0] SOFTIRQ-ON-W at: [ 44.824847][ C0] lock_acquire+0x169/0x480 [ 44.831345][ C0] _raw_spin_lock+0x2a/0x40 [ 44.837653][ C0] proc_pid_make_inode+0x187/0x2d0 [ 44.844570][ C0] proc_pid_instantiate+0x4b/0x1a0 [ 44.851498][ C0] proc_pid_lookup+0x218/0x2f0 [ 44.858076][ C0] proc_root_lookup+0x1b/0x50 [ 44.864573][ C0] __lookup_slow+0x240/0x370 [ 44.870967][ C0] walk_component+0x442/0x680 [ 44.877459][ C0] link_path_walk+0x66d/0xba0 [ 44.883949][ C0] path_openat+0x21d/0x38b0 [ 44.890265][ C0] do_filp_open+0x191/0x3a0 [ 44.896568][ C0] do_sys_openat2+0x463/0x770 [ 44.903053][ C0] __x64_sys_open+0x1af/0x1e0 [ 44.909535][ C0] do_syscall_64+0xf3/0x1b0 [ 44.915873][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 44.923562][ C0] INITIAL USE at: [ 44.927521][ C0] lock_acquire+0x169/0x480 [ 44.933764][ C0] _raw_spin_lock_irqsave+0x9e/0xc0 [ 44.940691][ C0] __wake_up+0xb8/0x150 [ 44.946565][ C0] do_notify_parent+0x167/0xce0 [ 44.953125][ C0] do_exit+0x12c5/0x1f80 [ 44.959077][ C0] call_usermodehelper_exec_async+0x47c/0x480 [ 44.966874][ C0] ret_from_fork+0x24/0x30 [ 44.972997][ C0] } [ 44.975565][ C0] ... key at: [] alloc_pid.__key+0x0/0x10 [ 44.983423][ C0] ... acquired at: [ 44.987293][ C0] lock_acquire+0x169/0x480 [ 44.991955][ C0] _raw_spin_lock+0x2a/0x40 [ 44.996604][ C0] io_submit_one+0x10f5/0x1a80 [ 45.001514][ C0] __se_sys_io_submit+0x117/0x220 [ 45.006704][ C0] do_syscall_64+0xf3/0x1b0 [ 45.011355][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 45.017442][ C0] [ 45.019756][ C0] -> (&ctx->ctx_lock){..-.}-{2:2} { [ 45.024950][ C0] IN-SOFTIRQ-W at: [ 45.028916][ C0] lock_acquire+0x169/0x480 [ 45.035044][ C0] _raw_spin_lock_irq+0x67/0x80 [ 45.041532][ C0] free_ioctx_users+0x30/0x1c0 [ 45.047936][ C0] percpu_ref_put+0x18d/0x1a0 [ 45.054323][ C0] rcu_core+0x816/0x1120 [ 45.060206][ C0] __do_softirq+0x268/0x80c [ 45.066348][ C0] irq_exit+0x223/0x230 [ 45.072127][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 45.079384][ C0] apic_timer_interrupt+0xf/0x20 [ 45.085961][ C0] native_safe_halt+0xe/0x10 [ 45.092176][ C0] default_idle+0x4c/0x70 [ 45.098131][ C0] do_idle+0x1ee/0x650 [ 45.103827][ C0] cpu_startup_entry+0x15/0x20 [ 45.110220][ C0] start_kernel+0x674/0x774 [ 45.116371][ C0] secondary_startup_64+0xa4/0xb0 [ 45.123019][ C0] INITIAL USE at: [ 45.126904][ C0] lock_acquire+0x169/0x480 [ 45.132949][ C0] _raw_spin_lock_irq+0x67/0x80 [ 45.139336][ C0] io_submit_one+0x10cb/0x1a80 [ 45.145634][ C0] __se_sys_io_submit+0x117/0x220 [ 45.152195][ C0] do_syscall_64+0xf3/0x1b0 [ 45.158236][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 45.165680][ C0] } [ 45.168165][ C0] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 45.176114][ C0] ... acquired at: [ 45.179909][ C0] mark_lock+0x529/0x1b00 [ 45.184400][ C0] __lock_acquire+0xaa7/0x2b90 [ 45.189324][ C0] lock_acquire+0x169/0x480 [ 45.193978][ C0] _raw_spin_lock_irq+0x67/0x80 [ 45.198975][ C0] free_ioctx_users+0x30/0x1c0 [ 45.203896][ C0] percpu_ref_put+0x18d/0x1a0 [ 45.208726][ C0] rcu_core+0x816/0x1120 [ 45.213123][ C0] __do_softirq+0x268/0x80c [ 45.217777][ C0] irq_exit+0x223/0x230 [ 45.222087][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 45.227827][ C0] apic_timer_interrupt+0xf/0x20 [ 45.232968][ C0] native_safe_halt+0xe/0x10 [ 45.237734][ C0] default_idle+0x4c/0x70 [ 45.242216][ C0] do_idle+0x1ee/0x650 [ 45.246434][ C0] cpu_startup_entry+0x15/0x20 [ 45.251353][ C0] start_kernel+0x674/0x774 [ 45.256011][ C0] secondary_startup_64+0xa4/0xb0 [ 45.261197][ C0] [ 45.263502][ C0] [ 45.263502][ C0] stack backtrace: [ 45.269387][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-syzkaller #0 [ 45.276919][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.286969][ C0] Call Trace: [ 45.290234][ C0] [ 45.293085][ C0] dump_stack+0x1e9/0x30e [ 45.297430][ C0] print_irq_inversion_bug+0xb67/0xe90 [ 45.302907][ C0] ? arch_stack_walk+0xb4/0xe0 [ 45.307648][ C0] ? secondary_startup_64+0xa4/0xb0 [ 45.312848][ C0] check_usage_forwards+0x13f/0x240 [ 45.318024][ C0] ? save_trace+0x49/0xb60 [ 45.322420][ C0] mark_lock+0x529/0x1b00 [ 45.328075][ C0] ? check_usage_backwards+0x240/0x240 [ 45.333511][ C0] ? mark_lock+0x102/0x1b00 [ 45.338012][ C0] ? __lock_acquire+0x116c/0x2b90 [ 45.343024][ C0] __lock_acquire+0xaa7/0x2b90 [ 45.347785][ C0] ? pcpu_block_update+0x564/0x890 [ 45.352877][ C0] lock_acquire+0x169/0x480 [ 45.357381][ C0] ? free_ioctx_users+0x30/0x1c0 [ 45.362301][ C0] ? rcu_lock_acquire+0x5/0x30 [ 45.367127][ C0] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 45.372824][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 45.378865][ C0] _raw_spin_lock_irq+0x67/0x80 [ 45.383719][ C0] ? free_ioctx_users+0x30/0x1c0 [ 45.388631][ C0] free_ioctx_users+0x30/0x1c0 [ 45.393376][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 45.399418][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 45.405457][ C0] percpu_ref_put+0x18d/0x1a0 [ 45.410124][ C0] rcu_core+0x816/0x1120 [ 45.414340][ C0] __do_softirq+0x268/0x80c [ 45.418858][ C0] ? irq_exit+0x223/0x230 [ 45.423171][ C0] irq_exit+0x223/0x230 [ 45.427334][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 45.432861][ C0] apic_timer_interrupt+0xf/0x20 [ 45.437771][ C0] [ 45.440722][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 45.446064][ C0] Code: 80 e1 07 80 c1 03 38 c1 7c bc 48 89 df e8 8a 40 a8 f9 eb b2 cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 76 25 57 00 fb f4 90 e9 07 00 00 00 0f 00 2d 66 25 57 00 f4 c3 cc cc 41 56 53 65 [ 45.465644][ C0] RSP: 0018:ffffffff89207e68 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 45.474034][ C0] RAX: 1ffffffff1257401 RBX: ffffffff89281b00 RCX: dffffc0000000000 [ 45.481990][ C0] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff89282364 [ 45.489946][ C0] RBP: ffffffff896b9960 R08: ffffffff817b9ae0 R09: fffffbfff1250361 [ 45.497902][ C0] R10: fffffbfff1250361 R11: 0000000000000000 R12: 1ffffffff1250360 [ 45.505855][ C0] R13: dffffc0000000000 R14: 1ffffffff12573ff R15: 0000000000000000 [ 45.513831][ C0] ? trace_hardirqs_on+0x30/0x70 [ 45.518753][ C0] default_idle+0x4c/0x70 [ 45.523077][ C0] do_idle+0x1ee/0x650 [ 45.527135][ C0] cpu_startup_entry+0x15/0x20 [ 45.531886][ C0] ? time_init+0x33/0x33 [ 45.536114][ C0] start_kernel+0x674/0x774 [ 45.540601][ C0] secondary_startup_64+0xa4/0xb0