Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts. executing program gin: [ 55.088663][ T7875] [ 55.090999][ T7875] ======================================================== [ 55.098164][ T7875] WARNING: possible irq lock inversion dependency detected [ 55.105368][ T7875] 5.1.0-rc3+ #50 Not tainted [ 55.109933][ T7875] -------------------------------------------------------- [ 55.117092][ T7875] syz-executor210/7875 just changed the state of lock: [ 55.123904][ T7875] 0000000012a7dd65 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 55.133594][ T7875] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 55.141623][ T7875] (&(&ctx->ctx_lock)->rlock){..-.} [ 55.141629][ T7875] [ 55.141629][ T7875] [ 55.141629][ T7875] and interrupts could create inverse lock ordering between them. [ 55.141629][ T7875] [ 55.161168][ T7875] [ 55.161168][ T7875] other info that might help us debug this: [ 55.169223][ T7875] Chain exists of: [ 55.169223][ T7875] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 55.169223][ T7875] [ 55.183562][ T7875] Possible interrupt unsafe locking scenario: [ 55.183562][ T7875] [ 55.191848][ T7875] CPU0 CPU1 [ 55.197200][ T7875] ---- ---- [ 55.202534][ T7875] lock(&ctx->fault_pending_wqh); [ 55.207616][ T7875] local_irq_disable(); [ 55.214344][ T7875] lock(&(&ctx->ctx_lock)->rlock); [ 55.222027][ T7875] lock(&ctx->fd_wqh); [ 55.228667][ T7875] [ 55.232093][ T7875] lock(&(&ctx->ctx_lock)->rlock); [ 55.237432][ T7875] [ 55.237432][ T7875] *** DEADLOCK *** [ 55.237432][ T7875] [ 55.245545][ T7875] no locks held by syz-executor210/7875. [ 55.251137][ T7875] [ 55.251137][ T7875] the shortest dependencies between 2nd lock and 1st lock: [ 55.260493][ T7875] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 55.266181][ T7875] IN-SOFTIRQ-W at: [ 55.270309][ T7875] lock_acquire+0x16f/0x3f0 [ 55.276778][ T7875] _raw_spin_lock_irq+0x60/0x80 [ 55.283593][ T7875] free_ioctx_users+0x2d/0x4a0 [ 55.290330][ T7875] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 55.298455][ T7875] rcu_core+0x928/0x1390 [ 55.304668][ T7875] __do_softirq+0x266/0x95a [ 55.311144][ T7875] irq_exit+0x180/0x1d0 [ 55.317293][ T7875] smp_apic_timer_interrupt+0x14a/0x570 [ 55.324911][ T7875] apic_timer_interrupt+0xf/0x20 [ 55.331816][ T7875] native_safe_halt+0x2/0x10 [ 55.338374][ T7875] arch_cpu_idle+0x10/0x20 [ 55.344753][ T7875] default_idle_call+0x36/0x90 [ 55.351505][ T7875] do_idle+0x386/0x570 [ 55.357564][ T7875] cpu_startup_entry+0x1b/0x20 [ 55.364301][ T7875] rest_init+0x245/0x37b [ 55.370518][ T7875] arch_call_rest_init+0xe/0x1b [ 55.377336][ T7875] start_kernel+0x816/0x84f [ 55.383807][ T7875] x86_64_start_reservations+0x29/0x2b [ 55.391240][ T7875] x86_64_start_kernel+0x77/0x7b [ 55.398189][ T7875] secondary_startup_64+0xa4/0xb0 [ 55.405253][ T7875] INITIAL USE at: [ 55.409316][ T7875] lock_acquire+0x16f/0x3f0 [ 55.415728][ T7875] _raw_spin_lock_irq+0x60/0x80 [ 55.422457][ T7875] io_submit_one+0xaec/0x2f90 [ 55.429013][ T7875] __x64_sys_io_submit+0x1bd/0x580 [ 55.436003][ T7875] do_syscall_64+0x103/0x610 [ 55.442466][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.450243][ T7875] } [ 55.452898][ T7875] ... key at: [] __key.52649+0x0/0x40 [ 55.460535][ T7875] ... acquired at: [ 55.464500][ T7875] lock_acquire+0x16f/0x3f0 [ 55.469156][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.473812][ T7875] io_submit_one+0xb31/0x2f90 [ 55.478638][ T7875] __x64_sys_io_submit+0x1bd/0x580 [ 55.483899][ T7875] do_syscall_64+0x103/0x610 [ 55.488635][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.494705][ T7875] [ 55.497009][ T7875] -> (&ctx->fd_wqh){....} { [ 55.501572][ T7875] INITIAL USE at: [ 55.505532][ T7875] lock_acquire+0x16f/0x3f0 [ 55.511787][ T7875] _raw_spin_lock_irq+0x60/0x80 [ 55.518360][ T7875] userfaultfd_read+0x27a/0x1940 [ 55.525005][ T7875] __vfs_read+0x8d/0x110 [ 55.530962][ T7875] vfs_read+0x194/0x3e0 [ 55.536829][ T7875] ksys_read+0xea/0x1f0 [ 55.542698][ T7875] __x64_sys_read+0x73/0xb0 [ 55.548911][ T7875] do_syscall_64+0x103/0x610 [ 55.555207][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.562810][ T7875] } [ 55.565378][ T7875] ... key at: [] __key.45459+0x0/0x40 [ 55.572882][ T7875] ... acquired at: [ 55.576756][ T7875] lock_acquire+0x16f/0x3f0 [ 55.581407][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.586098][ T7875] userfaultfd_read+0x540/0x1940 [ 55.591196][ T7875] __vfs_read+0x8d/0x110 [ 55.595583][ T7875] vfs_read+0x194/0x3e0 [ 55.599891][ T7875] ksys_read+0xea/0x1f0 [ 55.604306][ T7875] __x64_sys_read+0x73/0xb0 [ 55.609745][ T7875] do_syscall_64+0x103/0x610 [ 55.614488][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.620534][ T7875] [ 55.622837][ T7875] -> (&ctx->fault_pending_wqh){+.+.} { [ 55.628296][ T7875] HARDIRQ-ON-W at: [ 55.632253][ T7875] lock_acquire+0x16f/0x3f0 [ 55.638503][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.644630][ T7875] userfaultfd_release+0x48e/0x6d0 [ 55.651363][ T7875] __fput+0x2e5/0x8d0 [ 55.657202][ T7875] ____fput+0x16/0x20 [ 55.662948][ T7875] task_work_run+0x14a/0x1c0 [ 55.669182][ T7875] do_exit+0x90a/0x2fa0 [ 55.674966][ T7875] do_group_exit+0x135/0x370 [ 55.681190][ T7875] get_signal+0x399/0x1d50 [ 55.687347][ T7875] do_signal+0x87/0x1940 [ 55.693223][ T7875] exit_to_usermode_loop+0x244/0x2c0 [ 55.700133][ T7875] do_syscall_64+0x52d/0x610 [ 55.706505][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.714052][ T7875] SOFTIRQ-ON-W at: [ 55.718076][ T7875] lock_acquire+0x16f/0x3f0 [ 55.724210][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.730336][ T7875] userfaultfd_release+0x48e/0x6d0 [ 55.737114][ T7875] __fput+0x2e5/0x8d0 [ 55.742721][ T7875] ____fput+0x16/0x20 [ 55.748440][ T7875] task_work_run+0x14a/0x1c0 [ 55.754655][ T7875] do_exit+0x90a/0x2fa0 [ 55.760429][ T7875] do_group_exit+0x135/0x370 [ 55.766645][ T7875] get_signal+0x399/0x1d50 [ 55.772803][ T7875] do_signal+0x87/0x1940 [ 55.778673][ T7875] exit_to_usermode_loop+0x244/0x2c0 [ 55.785610][ T7875] do_syscall_64+0x52d/0x610 [ 55.791842][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.799474][ T7875] INITIAL USE at: [ 55.803476][ T7875] lock_acquire+0x16f/0x3f0 [ 55.809547][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.815621][ T7875] userfaultfd_read+0x540/0x1940 [ 55.822104][ T7875] __vfs_read+0x8d/0x110 [ 55.827880][ T7875] vfs_read+0x194/0x3e0 [ 55.833567][ T7875] ksys_read+0xea/0x1f0 [ 55.839376][ T7875] __x64_sys_read+0x73/0xb0 [ 55.845423][ T7875] do_syscall_64+0x103/0x610 [ 55.851547][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.859039][ T7875] } [ 55.861530][ T7875] ... key at: [] __key.45456+0x0/0x40 [ 55.869055][ T7875] ... acquired at: [ 55.872839][ T7875] mark_lock+0x427/0x1380 [ 55.877319][ T7875] __lock_acquire+0x1317/0x3fb0 [ 55.882315][ T7875] lock_acquire+0x16f/0x3f0 [ 55.886973][ T7875] _raw_spin_lock+0x2f/0x40 [ 55.891742][ T7875] userfaultfd_release+0x48e/0x6d0 [ 55.897006][ T7875] __fput+0x2e5/0x8d0 [ 55.901141][ T7875] ____fput+0x16/0x20 [ 55.905329][ T7875] task_work_run+0x14a/0x1c0 [ 55.910091][ T7875] do_exit+0x90a/0x2fa0 [ 55.914525][ T7875] do_group_exit+0x135/0x370 [ 55.919270][ T7875] get_signal+0x399/0x1d50 [ 55.923838][ T7875] do_signal+0x87/0x1940 [ 55.928235][ T7875] exit_to_usermode_loop+0x244/0x2c0 [ 55.933671][ T7875] do_syscall_64+0x52d/0x610 [ 55.938409][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.944451][ T7875] [ 55.946830][ T7875] [ 55.946830][ T7875] stack backtrace: [ 55.952709][ T7875] CPU: 0 PID: 7875 Comm: syz-executor210 Not tainted 5.1.0-rc3+ #50 [ 55.960654][ T7875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.970686][ T7875] Call Trace: [ 55.973953][ T7875] dump_stack+0x172/0x1f0 [ 55.978258][ T7875] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 55.984306][ T7875] check_usage_backwards.cold+0x1d/0x26 [ 55.989833][ T7875] ? print_shortest_lock_dependencies+0x90/0x90 [ 55.996068][ T7875] ? save_stack_trace+0x1a/0x20 [ 56.000909][ T7875] mark_lock+0x427/0x1380 [ 56.005210][ T7875] ? print_shortest_lock_dependencies+0x90/0x90 [ 56.011429][ T7875] __lock_acquire+0x1317/0x3fb0 [ 56.016467][ T7875] ? trace_hardirqs_off+0x62/0x220 [ 56.021657][ T7875] ? kasan_check_read+0x11/0x20 [ 56.026514][ T7875] ? mark_held_locks+0xf0/0xf0 [ 56.031255][ T7875] ? save_stack+0xa9/0xd0 [ 56.035568][ T7875] ? save_stack+0x45/0xd0 [ 56.039926][ T7875] ? __kasan_slab_free+0x102/0x150 [ 56.045146][ T7875] ? kasan_slab_free+0xe/0x10 [ 56.050014][ T7875] ? kmem_cache_free+0x86/0x260 [ 56.054842][ T7875] ? free_fs_struct+0x4f/0x70 [ 56.059739][ T7875] ? exit_fs+0xf0/0x130 [ 56.064006][ T7875] lock_acquire+0x16f/0x3f0 [ 56.068539][ T7875] ? userfaultfd_release+0x48e/0x6d0 [ 56.073797][ T7875] _raw_spin_lock+0x2f/0x40 [ 56.078275][ T7875] ? userfaultfd_release+0x48e/0x6d0 [ 56.083549][ T7875] userfaultfd_release+0x48e/0x6d0 [ 56.088635][ T7875] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 56.094419][ T7875] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 56.100634][ T7875] ? ima_file_free+0xc9/0x4a0 [ 56.105284][ T7875] ? __might_sleep+0x95/0x190 [ 56.110089][ T7875] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 56.115925][ T7875] __fput+0x2e5/0x8d0 [ 56.119941][ T7875] ____fput+0x16/0x20 [ 56.124103][ T7875] task_work_run+0x14a/0x1c0 [ 56.128677][ T7875] do_exit+0x90a/0x2fa0 [ 56.132929][ T7875] ? get_signal+0x331/0x1d50 [ 56.137557][ T7875] ? mm_update_next_owner+0x640/0x640 [ 56.143143][ T7875] ? kasan_check_write+0x14/0x20 [ 56.148076][ T7875] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.153254][ T7875] ? get_signal+0x331/0x1d50 [ 56.157820][ T7875] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.163083][ T7875] do_group_exit+0x135/0x370 [ 56.167664][ T7875] get_signal+0x399/0x1d50 [ 56.172183][ T7875] ? __x64_sys_io_submit+0x31f/0x580 [ 56.177491][ T7875] do_signal+0x87/0x1940 [ 56.181713][ T7875] ? lock_downgrade+0x880/0x880 [ 56.186640][ T7875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.192933][ T7875] ? kasan_check_read+0x11/0x20 [ 56.197763][ T7875] ? setup_sigcontext+0x7d0/0x7d0 [ 56.202776][ T7875] ? exit_to_usermode_loop+0x43/0x2c0 [ 56.208273][ T7875] ? do_syscall_64+0x52d/0x610 [ 56.213023][ T7875] ? exit_to_usermode_loop+0x43/0x2c0 [ 56.218372][ T7875] ? lockdep_hardirqs_on+0x418/0x5d0 [ 56.223637][ T7875] ? trace_hardirqs_on+0x67/0x230 [ 56.228648][ T7875] exit_to_usermode_loop+0x244/0x2c0 [ 56.233915][ T7875] do_syscall_64+0x52d/0x610 [ 56.238486][ T7875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.244459][ T7875] RIP: 0033:0x4458d9 [ 56.248342][ T7875] Code: Bad RIP value. [ 56.252434][ T7875] RSP: 002b:00007fc4c58d4db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.260825][ T7875] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 00000000004458d9 [ 56.268851][ T7875] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac58 [ 56.276912][ T7875] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 56.284877][ T7875] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c [ 56.292837