Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.954744][ C0] [ 63.957093][ C0] ======================================================== [ 63.964310][ C0] WARNING: possible irq lock inversion dependency detected [ 63.971492][ C0] 5.8.0-syzkaller #0 Not tainted [ 63.976407][ C0] -------------------------------------------------------- [ 63.983584][ C0] syz-executor046/6843 just changed the state of lock: [ 63.990410][ C0] ffff8880a6b534d8 (&ctx->completion_lock){-...}-{2:2}, at: io_timeout_fn+0x6c/0x3f0 [ 63.999894][ C0] but this lock took another, HARDIRQ-unsafe lock in the past: [ 64.007425][ C0] (&fs->lock){+.+.}-{2:2} [ 64.007435][ C0] [ 64.007435][ C0] [ 64.007435][ C0] and interrupts could create inverse lock ordering between them. [ 64.007435][ C0] [ 64.026122][ C0] [ 64.026122][ C0] other info that might help us debug this: [ 64.034181][ C0] Possible interrupt unsafe locking scenario: [ 64.034181][ C0] [ 64.042494][ C0] CPU0 CPU1 [ 64.047842][ C0] ---- ---- [ 64.053201][ C0] lock(&fs->lock); [ 64.057075][ C0] local_irq_disable(); [ 64.063840][ C0] lock(&ctx->completion_lock); [ 64.071279][ C0] lock(&fs->lock); [ 64.077672][ C0] [ 64.081106][ C0] lock(&ctx->completion_lock); [ 64.086218][ C0] [ 64.086218][ C0] *** DEADLOCK *** [ 64.086218][ C0] [ 64.094348][ C0] 1 lock held by syz-executor046/6843: [ 64.099793][ C0] #0: ffff8880a6b53428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 64.110283][ C0] [ 64.110283][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 64.119653][ C0] -> (&fs->lock){+.+.}-{2:2} { [ 64.124492][ C0] HARDIRQ-ON-W at: [ 64.128549][ C0] lock_acquire+0x1f1/0xad0 [ 64.134864][ C0] _raw_spin_lock+0x2a/0x40 [ 64.141178][ C0] set_fs_pwd+0x85/0x290 [ 64.147227][ C0] init_chdir+0x106/0x14e [ 64.153363][ C0] devtmpfsd+0x76/0x333 [ 64.159322][ C0] kthread+0x3b5/0x4a0 [ 64.165196][ C0] ret_from_fork+0x1f/0x30 [ 64.171409][ C0] SOFTIRQ-ON-W at: [ 64.175461][ C0] lock_acquire+0x1f1/0xad0 [ 64.181780][ C0] _raw_spin_lock+0x2a/0x40 [ 64.188091][ C0] set_fs_pwd+0x85/0x290 [ 64.194146][ C0] init_chdir+0x106/0x14e [ 64.200330][ C0] devtmpfsd+0x76/0x333 [ 64.206299][ C0] kthread+0x3b5/0x4a0 [ 64.212194][ C0] ret_from_fork+0x1f/0x30 [ 64.218407][ C0] INITIAL USE at: [ 64.222384][ C0] lock_acquire+0x1f1/0xad0 [ 64.228722][ C0] _raw_spin_lock+0x2a/0x40 [ 64.234956][ C0] set_fs_pwd+0x85/0x290 [ 64.240933][ C0] init_chdir+0x106/0x14e [ 64.246997][ C0] devtmpfsd+0x76/0x333 [ 64.252875][ C0] kthread+0x3b5/0x4a0 [ 64.258664][ C0] ret_from_fork+0x1f/0x30 [ 64.264790][ C0] } [ 64.267368][ C0] ... key at: [] __key.1+0x0/0x40 [ 64.274535][ C0] ... acquired at: [ 64.278414][ C0] _raw_spin_lock+0x2a/0x40 [ 64.283073][ C0] io_dismantle_req+0x3ec/0x9e0 [ 64.288080][ C0] __io_free_req+0x16/0x3c0 [ 64.292748][ C0] __io_fail_links+0x433/0x5b0 [ 64.297683][ C0] __io_req_find_next+0x368/0x460 [ 64.302865][ C0] io_wq_submit_work+0x33c/0x3d0 [ 64.307976][ C0] io_worker_handle_work+0xa45/0x13f0 [ 64.313506][ C0] io_wqe_worker+0xbf0/0x10e0 [ 64.318342][ C0] kthread+0x3b5/0x4a0 [ 64.322573][ C0] ret_from_fork+0x1f/0x30 [ 64.327136][ C0] [ 64.329442][ C0] -> (&ctx->completion_lock){-...}-{2:2} { [ 64.335245][ C0] IN-HARDIRQ-W at: [ 64.339232][ C0] lock_acquire+0x1f1/0xad0 [ 64.345385][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 64.352219][ C0] io_timeout_fn+0x6c/0x3f0 [ 64.358356][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 64.365190][ C0] hrtimer_interrupt+0x32a/0x930 [ 64.371764][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 64.379392][ C0] asm_call_on_stack+0xf/0x20 [ 64.385717][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 64.392997][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.400621][ C0] _raw_spin_unlock_irq+0x4b/0x80 [ 64.407282][ C0] io_issue_sqe+0x2de6/0x60d0 [ 64.413608][ C0] __io_queue_sqe+0x284/0x1190 [ 64.420022][ C0] io_queue_sqe+0x73e/0x1130 [ 64.426249][ C0] io_submit_sqes+0x1794/0x2380 [ 64.432741][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 64.439937][ C0] do_syscall_64+0x2d/0x70 [ 64.445992][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.453510][ C0] INITIAL USE at: [ 64.457393][ C0] lock_acquire+0x1f1/0xad0 [ 64.463450][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 64.470230][ C0] io_issue_sqe+0xcfd/0x60d0 [ 64.476405][ C0] io_wq_submit_work+0x183/0x3d0 [ 64.482888][ C0] io_worker_handle_work+0xa45/0x13f0 [ 64.489810][ C0] io_wqe_worker+0xbf0/0x10e0 [ 64.496053][ C0] kthread+0x3b5/0x4a0 [ 64.501683][ C0] ret_from_fork+0x1f/0x30 [ 64.507636][ C0] } [ 64.510134][ C0] ... key at: [] __key.9+0x0/0x40 [ 64.517215][ C0] ... acquired at: [ 64.521015][ C0] mark_lock+0x54b/0x1710 [ 64.525503][ C0] __lock_acquire+0x13ad/0x5640 [ 64.530523][ C0] lock_acquire+0x1f1/0xad0 [ 64.535181][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 64.540540][ C0] io_timeout_fn+0x6c/0x3f0 [ 64.545202][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 64.550565][ C0] hrtimer_interrupt+0x32a/0x930 [ 64.555661][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 64.561799][ C0] asm_call_on_stack+0xf/0x20 [ 64.566633][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 64.572421][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.578558][ C0] _raw_spin_unlock_irq+0x4b/0x80 [ 64.583742][ C0] io_issue_sqe+0x2de6/0x60d0 [ 64.588594][ C0] __io_queue_sqe+0x284/0x1190 [ 64.593519][ C0] io_queue_sqe+0x73e/0x1130 [ 64.598264][ C0] io_submit_sqes+0x1794/0x2380 [ 64.603279][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 64.608981][ C0] do_syscall_64+0x2d/0x70 [ 64.613571][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.619625][ C0] [ 64.621945][ C0] [ 64.621945][ C0] stack backtrace: [ 64.627832][ C0] CPU: 0 PID: 6843 Comm: syz-executor046 Not tainted 5.8.0-syzkaller #0 [ 64.636144][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.646180][ C0] Call Trace: [ 64.649445][ C0] [ 64.652276][ C0] dump_stack+0x18f/0x20d [ 64.656591][ C0] check_usage_forwards.cold+0x1e/0x27 [ 64.662033][ C0] ? check_usage_backwards+0x4d0/0x4d0 [ 64.667472][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 64.673275][ C0] ? save_trace+0x43/0xba0 [ 64.677726][ C0] mark_lock+0x54b/0x1710 [ 64.682062][ C0] ? check_usage_backwards+0x4d0/0x4d0 [ 64.687508][ C0] __lock_acquire+0x13ad/0x5640 [ 64.692354][ C0] ? lock_acquire+0x1f1/0xad0 [ 64.697021][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 64.702989][ C0] ? debug_object_deactivate+0x264/0x300 [ 64.708611][ C0] lock_acquire+0x1f1/0xad0 [ 64.713111][ C0] ? io_timeout_fn+0x6c/0x3f0 [ 64.717779][ C0] ? lock_release+0x8e0/0x8e0 [ 64.722445][ C0] ? find_held_lock+0x2d/0x110 [ 64.727204][ C0] ? __hrtimer_run_queues+0x5d1/0xfc0 [ 64.732578][ C0] ? lock_downgrade+0x830/0x830 [ 64.737445][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 64.742651][ C0] ? io_timeout_fn+0x6c/0x3f0 [ 64.747320][ C0] io_timeout_fn+0x6c/0x3f0 [ 64.751923][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 64.757125][ C0] ? io_submit_flush_completions+0x3c0/0x3c0 [ 64.763105][ C0] ? lockdep_hardirqs_off+0x71/0xc0 [ 64.768289][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 64.774260][ C0] ? ktime_get_update_offsets_now+0x1c4/0x250 [ 64.780340][ C0] hrtimer_interrupt+0x32a/0x930 [ 64.785292][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 64.791286][ C0] asm_call_on_stack+0xf/0x20 [ 64.795941][ C0] [ 64.798866][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 64.804508][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.810478][ C0] RIP: 0010:_raw_spin_unlock_irq+0x4b/0x80 [ 64.816284][ C0] Code: c0 58 34 b6 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 31 48 83 3d 06 e0 c2 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 bb 6c 5c f9 65 8b 05 54 aa 0e 78 85 c0 74 02 5d [ 64.835891][ C0] RSP: 0018:ffffc900054af8b0 EFLAGS: 00000286 [ 64.841938][ C0] RAX: 1ffffffff136c68b RBX: 0000000000000000 RCX: 0000000000000006 [ 64.849904][ C0] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff87f3542f [ 64.857905][ C0] RBP: ffff8880a6b534c0 R08: 0000000000000001 R09: ffffffff8c5eaadf [ 64.865871][ C0] R10: fffffbfff18bd55b R11: 000000000001f8e0 R12: 0000000000000000 [ 64.873830][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880a61c4d00 [ 64.881823][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 64.887054][ C0] io_issue_sqe+0x2de6/0x60d0 [ 64.891723][ C0] ? __lock_acquire+0x16cb/0x5640 [ 64.896738][ C0] ? do_syscall_64+0x2d/0x70 [ 64.901318][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.907383][ C0] ? io_uring_setup+0x28c0/0x28c0 [ 64.912409][ C0] ? lock_acquire+0x1f1/0xad0 [ 64.917077][ C0] ? __io_queue_sqe+0x284/0x1190 [ 64.922007][ C0] __io_queue_sqe+0x284/0x1190 [ 64.926766][ C0] ? mark_lock+0xbc/0x1710 [ 64.931176][ C0] ? io_issue_sqe+0x60d0/0x60d0 [ 64.936032][ C0] ? mark_held_locks+0x9f/0xe0 [ 64.940810][ C0] io_queue_sqe+0x73e/0x1130 [ 64.945420][ C0] io_submit_sqes+0x1794/0x2380 [ 64.950266][ C0] ? io_queue_sqe+0x1130/0x1130 [ 64.955109][ C0] ? __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 64.960827][ C0] ? mutex_lock_io_nested+0xf60/0xf60 [ 64.966215][ C0] ? __do_sys_io_uring_enter+0x347/0x1ae0 [ 64.971927][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 64.977467][ C0] ? io_submit_sqes+0x2380/0x2380 [ 64.982531][ C0] ? fput_many+0x2f/0x1a0 [ 64.986866][ C0] ? lock_is_held_type+0xbb/0xf0 [ 64.991832][ C0] ? syscall_enter_from_user_mode+0x20/0x290 [ 64.997799][ C0] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 65.003767][ C0] ? trace_hardirqs_on+0x5f/0x220 [ 65.008792][ C0] ? lockdep_hardirqs_on+0x76/0xf0 [ 65.013909][ C0] do_syscall_64+0x2d/0x70 [ 65.018314][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.024214][ C0] RIP: 0033:0x440b99 [ 65.028104][ C0] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.047691][ C0] RSP: 002b:00007ffc41ef4908 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 65.056083][ C0] RAX: ffffffffffffff