Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.755529][ T7819] [ 52.758230][ T7819] ======================================================== [ 52.765501][ T7819] WARNING: possible irq lock inversion dependency detected [ 52.772739][ T7819] 5.1.0-rc3+ #54 Not tainted [ 52.777316][ T7819] -------------------------------------------------------- [ 52.784713][ T7819] syz-executor917/7819 just changed the state of lock: [ 52.791548][ T7819] 00000000fad6b584 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 52.801243][ T7819] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 52.809272][ T7819] (&(&ctx->ctx_lock)->rlock){..-.} [ 52.809277][ T7819] [ 52.809277][ T7819] [ 52.809277][ T7819] and interrupts could create inverse lock ordering between them. [ 52.809277][ T7819] [ 52.828717][ T7819] [ 52.828717][ T7819] other info that might help us debug this: [ 52.836770][ T7819] Chain exists of: [ 52.836770][ T7819] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 52.836770][ T7819] [ 52.850966][ T7819] Possible interrupt unsafe locking scenario: [ 52.850966][ T7819] [ 52.859264][ T7819] CPU0 CPU1 [ 52.864598][ T7819] ---- ---- [ 52.869992][ T7819] lock(&ctx->fault_pending_wqh); [ 52.875097][ T7819] local_irq_disable(); [ 52.881820][ T7819] lock(&(&ctx->ctx_lock)->rlock); [ 52.889502][ T7819] lock(&ctx->fd_wqh); [ 52.896346][ T7819] [ 52.899770][ T7819] lock(&(&ctx->ctx_lock)->rlock); [ 52.905107][ T7819] [ 52.905107][ T7819] *** DEADLOCK *** [ 52.905107][ T7819] [ 52.913223][ T7819] no locks held by syz-executor917/7819. [ 52.918823][ T7819] [ 52.918823][ T7819] the shortest dependencies between 2nd lock and 1st lock: [ 52.928156][ T7819] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 52.934170][ T7819] IN-SOFTIRQ-W at: [ 52.938314][ T7819] lock_acquire+0x16f/0x3f0 [ 52.944781][ T7819] _raw_spin_lock_irq+0x60/0x80 [ 52.951728][ T7819] free_ioctx_users+0x2d/0x4a0 [ 52.958571][ T7819] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 52.966786][ T7819] rcu_core+0x928/0x1390 [ 52.973012][ T7819] __do_softirq+0x266/0x95a [ 52.979499][ T7819] irq_exit+0x180/0x1d0 [ 52.985645][ T7819] smp_apic_timer_interrupt+0x14a/0x570 [ 52.993346][ T7819] apic_timer_interrupt+0xf/0x20 [ 53.000252][ T7819] native_safe_halt+0x2/0x10 [ 53.006813][ T7819] arch_cpu_idle+0x10/0x20 [ 53.013199][ T7819] default_idle_call+0x36/0x90 [ 53.019931][ T7819] do_idle+0x386/0x570 [ 53.025970][ T7819] cpu_startup_entry+0x1b/0x20 [ 53.032699][ T7819] start_secondary+0x360/0x4d0 [ 53.039583][ T7819] secondary_startup_64+0xa4/0xb0 [ 53.046570][ T7819] INITIAL USE at: [ 53.050731][ T7819] lock_acquire+0x16f/0x3f0 [ 53.057136][ T7819] _raw_spin_lock_irq+0x60/0x80 [ 53.063874][ T7819] io_submit_one+0xaec/0x2f90 [ 53.070435][ T7819] __x64_sys_io_submit+0x1bd/0x580 [ 53.077438][ T7819] do_syscall_64+0x103/0x610 [ 53.083910][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.091776][ T7819] } [ 53.094425][ T7819] ... key at: [] __key.52649+0x0/0x40 [ 53.102011][ T7819] ... acquired at: [ 53.105971][ T7819] lock_acquire+0x16f/0x3f0 [ 53.110614][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.115389][ T7819] io_submit_one+0xb31/0x2f90 [ 53.120217][ T7819] __x64_sys_io_submit+0x1bd/0x580 [ 53.125470][ T7819] do_syscall_64+0x103/0x610 [ 53.130197][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.136223][ T7819] [ 53.138520][ T7819] -> (&ctx->fd_wqh){....} { [ 53.143074][ T7819] INITIAL USE at: [ 53.147029][ T7819] lock_acquire+0x16f/0x3f0 [ 53.153233][ T7819] _raw_spin_lock_irqsave+0x95/0xcd [ 53.160140][ T7819] add_wait_queue+0x4c/0x170 [ 53.166444][ T7819] aio_poll_queue_proc+0x9e/0x110 [ 53.173179][ T7819] userfaultfd_poll+0x93/0x220 [ 53.179653][ T7819] io_submit_one+0xa8a/0x2f90 [ 53.186123][ T7819] __x64_sys_io_submit+0x1bd/0x580 [ 53.193051][ T7819] do_syscall_64+0x103/0x610 [ 53.199343][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.207029][ T7819] } [ 53.209738][ T7819] ... key at: [] __key.45459+0x0/0x40 [ 53.217297][ T7819] ... acquired at: [ 53.221175][ T7819] lock_acquire+0x16f/0x3f0 [ 53.225940][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.230637][ T7819] userfaultfd_read+0x540/0x1940 [ 53.235785][ T7819] __vfs_read+0x8d/0x110 [ 53.240193][ T7819] vfs_read+0x194/0x3e0 [ 53.244509][ T7819] ksys_read+0xea/0x1f0 [ 53.248806][ T7819] __x64_sys_read+0x73/0xb0 [ 53.253523][ T7819] do_syscall_64+0x103/0x610 [ 53.258283][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.264319][ T7819] [ 53.266785][ T7819] -> (&ctx->fault_pending_wqh){+.+.} { [ 53.272221][ T7819] HARDIRQ-ON-W at: [ 53.276215][ T7819] lock_acquire+0x16f/0x3f0 [ 53.282335][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.288457][ T7819] userfaultfd_release+0x48e/0x6d0 [ 53.295364][ T7819] __fput+0x2e5/0x8d0 [ 53.300966][ T7819] ____fput+0x16/0x20 [ 53.306565][ T7819] task_work_run+0x14a/0x1c0 [ 53.312888][ T7819] do_exit+0x90a/0x2fa0 [ 53.318663][ T7819] do_group_exit+0x135/0x370 [ 53.324870][ T7819] get_signal+0x399/0x1d50 [ 53.330921][ T7819] do_signal+0x87/0x1940 [ 53.336812][ T7819] exit_to_usermode_loop+0x244/0x2c0 [ 53.343718][ T7819] do_syscall_64+0x52d/0x610 [ 53.349943][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.357573][ T7819] SOFTIRQ-ON-W at: [ 53.361524][ T7819] lock_acquire+0x16f/0x3f0 [ 53.367638][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.373784][ T7819] userfaultfd_release+0x48e/0x6d0 [ 53.380616][ T7819] __fput+0x2e5/0x8d0 [ 53.386221][ T7819] ____fput+0x16/0x20 [ 53.391889][ T7819] task_work_run+0x14a/0x1c0 [ 53.398104][ T7819] do_exit+0x90a/0x2fa0 [ 53.403883][ T7819] do_group_exit+0x135/0x370 [ 53.410096][ T7819] get_signal+0x399/0x1d50 [ 53.417334][ T7819] do_signal+0x87/0x1940 [ 53.423200][ T7819] exit_to_usermode_loop+0x244/0x2c0 [ 53.430101][ T7819] do_syscall_64+0x52d/0x610 [ 53.436312][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.443914][ T7819] INITIAL USE at: [ 53.447786][ T7819] lock_acquire+0x16f/0x3f0 [ 53.453821][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.459858][ T7819] userfaultfd_read+0x540/0x1940 [ 53.466446][ T7819] __vfs_read+0x8d/0x110 [ 53.472221][ T7819] vfs_read+0x194/0x3e0 [ 53.477908][ T7819] ksys_read+0xea/0x1f0 [ 53.483589][ T7819] __x64_sys_read+0x73/0xb0 [ 53.489637][ T7819] do_syscall_64+0x103/0x610 [ 53.495775][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.503192][ T7819] } [ 53.505669][ T7819] ... key at: [] __key.45456+0x0/0x40 [ 53.513182][ T7819] ... acquired at: [ 53.516965][ T7819] mark_lock+0x427/0x1380 [ 53.521434][ T7819] __lock_acquire+0x1317/0x3fb0 [ 53.526430][ T7819] lock_acquire+0x16f/0x3f0 [ 53.531075][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.535725][ T7819] userfaultfd_release+0x48e/0x6d0 [ 53.541195][ T7819] __fput+0x2e5/0x8d0 [ 53.545315][ T7819] ____fput+0x16/0x20 [ 53.549441][ T7819] task_work_run+0x14a/0x1c0 [ 53.554180][ T7819] do_exit+0x90a/0x2fa0 [ 53.558492][ T7819] do_group_exit+0x135/0x370 [ 53.563349][ T7819] get_signal+0x399/0x1d50 [ 53.568036][ T7819] do_signal+0x87/0x1940 [ 53.572820][ T7819] exit_to_usermode_loop+0x244/0x2c0 [ 53.578262][ T7819] do_syscall_64+0x52d/0x610 [ 53.583101][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.589362][ T7819] [ 53.591655][ T7819] [ 53.591655][ T7819] stack backtrace: [ 53.597647][ T7819] CPU: 1 PID: 7819 Comm: syz-executor917 Not tainted 5.1.0-rc3+ #54 [ 53.605713][ T7819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.615745][ T7819] Call Trace: [ 53.619010][ T7819] dump_stack+0x172/0x1f0 [ 53.623313][ T7819] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 53.629354][ T7819] check_usage_backwards.cold+0x1d/0x26 [ 53.635001][ T7819] ? print_shortest_lock_dependencies+0x90/0x90 [ 53.641256][ T7819] ? save_stack_trace+0x1a/0x20 [ 53.646082][ T7819] ? depot_save_stack+0x1de/0x460 [ 53.651077][ T7819] mark_lock+0x427/0x1380 [ 53.655372][ T7819] ? print_shortest_lock_dependencies+0x90/0x90 [ 53.661630][ T7819] __lock_acquire+0x1317/0x3fb0 [ 53.666451][ T7819] ? trace_hardirqs_off+0x62/0x220 [ 53.671544][ T7819] ? kasan_check_read+0x11/0x20 [ 53.676376][ T7819] ? mark_held_locks+0xf0/0xf0 [ 53.681140][ T7819] ? save_stack+0xa9/0xd0 [ 53.685440][ T7819] ? save_stack+0x45/0xd0 [ 53.689751][ T7819] ? __kasan_slab_free+0x102/0x150 [ 53.695069][ T7819] ? kasan_slab_free+0xe/0x10 [ 53.699833][ T7819] ? kmem_cache_free+0x86/0x260 [ 53.704833][ T7819] ? free_fs_struct+0x4f/0x70 [ 53.709543][ T7819] ? exit_fs+0xf0/0x130 [ 53.713676][ T7819] lock_acquire+0x16f/0x3f0 [ 53.718155][ T7819] ? userfaultfd_release+0x48e/0x6d0 [ 53.723462][ T7819] _raw_spin_lock+0x2f/0x40 [ 53.727997][ T7819] ? userfaultfd_release+0x48e/0x6d0 [ 53.733252][ T7819] userfaultfd_release+0x48e/0x6d0 [ 53.738506][ T7819] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 53.744287][ T7819] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 53.750582][ T7819] ? ima_file_free+0xc9/0x4a0 [ 53.755251][ T7819] ? __might_sleep+0x95/0x190 [ 53.760005][ T7819] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 53.765781][ T7819] __fput+0x2e5/0x8d0 [ 53.769801][ T7819] ____fput+0x16/0x20 [ 53.773873][ T7819] task_work_run+0x14a/0x1c0 [ 53.778541][ T7819] do_exit+0x90a/0x2fa0 [ 53.782684][ T7819] ? get_signal+0x331/0x1d50 [ 53.787352][ T7819] ? mm_update_next_owner+0x640/0x640 [ 53.792801][ T7819] ? kasan_check_write+0x14/0x20 [ 53.797720][ T7819] ? _raw_spin_unlock_irq+0x28/0x90 [ 53.802890][ T7819] ? get_signal+0x331/0x1d50 [ 53.807456][ T7819] ? _raw_spin_unlock_irq+0x28/0x90 [ 53.812626][ T7819] do_group_exit+0x135/0x370 [ 53.817187][ T7819] get_signal+0x399/0x1d50 [ 53.821575][ T7819] ? fsnotify+0xbc0/0xbc0 [ 53.825981][ T7819] ? fsnotify_first_mark+0x210/0x210 [ 53.831253][ T7819] do_signal+0x87/0x1940 [ 53.835468][ T7819] ? __vfs_read+0x95/0x110 [ 53.840002][ T7819] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 53.846741][ T7819] ? setup_sigcontext+0x7d0/0x7d0 [ 53.851757][ T7819] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.857969][ T7819] ? vfs_read+0x15d/0x3e0 [ 53.862366][ T7819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.868593][ T7819] ? ksys_read+0x166/0x1f0 [ 53.872978][ T7819] ? exit_to_usermode_loop+0x43/0x2c0 [ 53.878318][ T7819] ? do_syscall_64+0x52d/0x610 [ 53.883277][ T7819] ? exit_to_usermode_loop+0x43/0x2c0 [ 53.888622][ T7819] ? lockdep_hardirqs_on+0x418/0x5d0 [ 53.893875][ T7819] ? trace_hardirqs_on+0x67/0x230 [ 53.898878][ T7819] exit_to_usermode_loop+0x244/0x2c0 [ 53.904129][ T7819] do_syscall_64+0x52d/0x610 [ 53.908690][ T7819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.914549][ T7819] RIP: 0033:0x441279 [ 53.918418][ T7819] Code: Bad RIP value. [ 53.922449][ T7819] RSP: 002b:00007ffc92b54188 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 53.930825][ T7819] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000441279 [ 53.938865][ T7819] RDX: 0000000000000107 RSI: 0000000020000180 RDI: 0000000000000004 [ 53.946813][ T7819] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 executing program [ 53.954751][ T7819] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 53.962713][ T7819] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 executing program