Warning: Permanently added '10.128.0.162' (ECDSA) to the list of known hosts. executing program [ 48.833262][ T7757] [ 48.835607][ T7757] ======================================================== [ 48.842767][ T7757] WARNING: possible irq lock inversion dependency detected [ 48.849929][ T7757] 5.1.0-rc2+ #41 Not tainted [ 48.854496][ T7757] -------------------------------------------------------- [ 48.861657][ T7757] syz-executor139/7757 just changed the state of lock: [ 48.868474][ T7757] 00000000f7530588 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 48.878166][ T7757] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 48.886278][ T7757] (&(&ctx->ctx_lock)->rlock){..-.} [ 48.886284][ T7757] [ 48.886284][ T7757] [ 48.886284][ T7757] and interrupts could create inverse lock ordering between them. [ 48.886284][ T7757] [ 48.905736][ T7757] [ 48.905736][ T7757] other info that might help us debug this: [ 48.913762][ T7757] Chain exists of: [ 48.913762][ T7757] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 48.913762][ T7757] [ 48.927973][ T7757] Possible interrupt unsafe locking scenario: [ 48.927973][ T7757] [ 48.936260][ T7757] CPU0 CPU1 [ 48.941594][ T7757] ---- ---- [ 48.946947][ T7757] lock(&ctx->fault_pending_wqh); [ 48.952029][ T7757] local_irq_disable(); [ 48.958753][ T7757] lock(&(&ctx->ctx_lock)->rlock); [ 48.966462][ T7757] lock(&ctx->fd_wqh); [ 48.973102][ T7757] [ 48.976540][ T7757] lock(&(&ctx->ctx_lock)->rlock); [ 48.981888][ T7757] [ 48.981888][ T7757] *** DEADLOCK *** [ 48.981888][ T7757] [ 48.990005][ T7757] no locks held by syz-executor139/7757. [ 48.995617][ T7757] [ 48.995617][ T7757] the shortest dependencies between 2nd lock and 1st lock: [ 49.004954][ T7757] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 49.010643][ T7757] IN-SOFTIRQ-W at: [ 49.014783][ T7757] lock_acquire+0x16f/0x3f0 [ 49.021264][ T7757] _raw_spin_lock_irq+0x60/0x80 [ 49.028086][ T7757] free_ioctx_users+0x2d/0x4a0 [ 49.034819][ T7757] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 49.042939][ T7757] rcu_core+0x928/0x1390 [ 49.049152][ T7757] __do_softirq+0x266/0x95a [ 49.055622][ T7757] irq_exit+0x180/0x1d0 [ 49.061751][ T7757] smp_apic_timer_interrupt+0x14a/0x570 [ 49.069287][ T7757] apic_timer_interrupt+0xf/0x20 [ 49.076190][ T7757] native_safe_halt+0x2/0x10 [ 49.082748][ T7757] arch_cpu_idle+0x10/0x20 [ 49.089128][ T7757] default_idle_call+0x36/0x90 [ 49.095858][ T7757] do_idle+0x386/0x570 [ 49.101906][ T7757] cpu_startup_entry+0x1b/0x20 [ 49.108667][ T7757] rest_init+0x245/0x37b [ 49.114883][ T7757] arch_call_rest_init+0xe/0x1b [ 49.121717][ T7757] start_kernel+0x816/0x84f [ 49.128208][ T7757] x86_64_start_reservations+0x29/0x2b [ 49.135630][ T7757] x86_64_start_kernel+0x77/0x7b [ 49.142539][ T7757] secondary_startup_64+0xa4/0xb0 [ 49.149525][ T7757] INITIAL USE at: [ 49.153565][ T7757] lock_acquire+0x16f/0x3f0 [ 49.159947][ T7757] _raw_spin_lock_irq+0x60/0x80 [ 49.166679][ T7757] io_submit_one+0xe0c/0x1cf0 [ 49.173236][ T7757] __ia32_compat_sys_io_submit+0x1be/0x570 [ 49.180923][ T7757] do_fast_syscall_32+0x281/0xc98 [ 49.187859][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.194840][ T7757] } [ 49.197525][ T7757] ... key at: [] __key.52644+0x0/0x40 [ 49.205131][ T7757] ... acquired at: [ 49.209100][ T7757] lock_acquire+0x16f/0x3f0 [ 49.213744][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.218390][ T7757] io_submit_one+0xe35/0x1cf0 [ 49.223214][ T7757] __ia32_compat_sys_io_submit+0x1be/0x570 [ 49.229161][ T7757] do_fast_syscall_32+0x281/0xc98 [ 49.234354][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.239601][ T7757] [ 49.241909][ T7757] -> (&ctx->fd_wqh){....} { [ 49.246489][ T7757] INITIAL USE at: [ 49.250441][ T7757] lock_acquire+0x16f/0x3f0 [ 49.256660][ T7757] _raw_spin_lock_irq+0x60/0x80 [ 49.263221][ T7757] userfaultfd_read+0x27a/0x1940 [ 49.269867][ T7757] do_iter_read+0x4a9/0x660 [ 49.276073][ T7757] compat_readv+0x18e/0x200 [ 49.282282][ T7757] do_compat_readv+0xf5/0x1f0 [ 49.288664][ T7757] __ia32_compat_sys_readv+0x74/0xb0 [ 49.295652][ T7757] do_fast_syscall_32+0x281/0xc98 [ 49.302386][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.309216][ T7757] } [ 49.311783][ T7757] ... key at: [] __key.45453+0x0/0x40 [ 49.319287][ T7757] ... acquired at: [ 49.323154][ T7757] lock_acquire+0x16f/0x3f0 [ 49.327820][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.332466][ T7757] userfaultfd_read+0x540/0x1940 [ 49.337545][ T7757] do_iter_read+0x4a9/0x660 [ 49.342193][ T7757] compat_readv+0x18e/0x200 [ 49.346838][ T7757] do_compat_readv+0xf5/0x1f0 [ 49.351660][ T7757] __ia32_compat_sys_readv+0x74/0xb0 [ 49.357088][ T7757] do_fast_syscall_32+0x281/0xc98 [ 49.362257][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.367506][ T7757] [ 49.369802][ T7757] -> (&ctx->fault_pending_wqh){+.+.} { [ 49.375228][ T7757] HARDIRQ-ON-W at: [ 49.379184][ T7757] lock_acquire+0x16f/0x3f0 [ 49.385327][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.391455][ T7757] userfaultfd_release+0x48e/0x6d0 [ 49.398186][ T7757] __fput+0x2e5/0x8d0 [ 49.403789][ T7757] ____fput+0x16/0x20 [ 49.409390][ T7757] task_work_run+0x14a/0x1c0 [ 49.415598][ T7757] do_exit+0x90a/0x2fa0 [ 49.421372][ T7757] do_group_exit+0x135/0x370 [ 49.427582][ T7757] get_signal+0x399/0x1d50 [ 49.433621][ T7757] do_signal+0x87/0x1940 [ 49.439486][ T7757] exit_to_usermode_loop+0x244/0x2c0 [ 49.446392][ T7757] do_fast_syscall_32+0xa9d/0xc98 [ 49.453042][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.459767][ T7757] SOFTIRQ-ON-W at: [ 49.463723][ T7757] lock_acquire+0x16f/0x3f0 [ 49.469843][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.475970][ T7757] userfaultfd_release+0x48e/0x6d0 [ 49.482701][ T7757] __fput+0x2e5/0x8d0 [ 49.488304][ T7757] ____fput+0x16/0x20 [ 49.493909][ T7757] task_work_run+0x14a/0x1c0 [ 49.500135][ T7757] do_exit+0x90a/0x2fa0 [ 49.505934][ T7757] do_group_exit+0x135/0x370 [ 49.512161][ T7757] get_signal+0x399/0x1d50 [ 49.518199][ T7757] do_signal+0x87/0x1940 [ 49.524064][ T7757] exit_to_usermode_loop+0x244/0x2c0 [ 49.530967][ T7757] do_fast_syscall_32+0xa9d/0xc98 [ 49.537611][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.544339][ T7757] INITIAL USE at: [ 49.548205][ T7757] lock_acquire+0x16f/0x3f0 [ 49.554240][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.560278][ T7757] userfaultfd_read+0x540/0x1940 [ 49.566749][ T7757] do_iter_read+0x4a9/0x660 [ 49.572801][ T7757] compat_readv+0x18e/0x200 [ 49.578840][ T7757] do_compat_readv+0xf5/0x1f0 [ 49.585054][ T7757] __ia32_compat_sys_readv+0x74/0xb0 [ 49.591891][ T7757] do_fast_syscall_32+0x281/0xc98 [ 49.598448][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.605091][ T7757] } [ 49.607569][ T7757] ... key at: [] __key.45450+0x0/0x40 [ 49.615003][ T7757] ... acquired at: [ 49.618784][ T7757] mark_lock+0x427/0x1380 [ 49.623260][ T7757] __lock_acquire+0x1317/0x3fb0 [ 49.628272][ T7757] lock_acquire+0x16f/0x3f0 [ 49.632919][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.637569][ T7757] userfaultfd_release+0x48e/0x6d0 [ 49.642841][ T7757] __fput+0x2e5/0x8d0 [ 49.646967][ T7757] ____fput+0x16/0x20 [ 49.651089][ T7757] task_work_run+0x14a/0x1c0 [ 49.655822][ T7757] do_exit+0x90a/0x2fa0 [ 49.660122][ T7757] do_group_exit+0x135/0x370 [ 49.664858][ T7757] get_signal+0x399/0x1d50 [ 49.669418][ T7757] do_signal+0x87/0x1940 [ 49.673809][ T7757] exit_to_usermode_loop+0x244/0x2c0 [ 49.679253][ T7757] do_fast_syscall_32+0xa9d/0xc98 [ 49.684439][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.689690][ T7757] [ 49.691987][ T7757] [ 49.691987][ T7757] stack backtrace: [ 49.697851][ T7757] CPU: 0 PID: 7757 Comm: syz-executor139 Not tainted 5.1.0-rc2+ #41 [ 49.705792][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.715835][ T7757] Call Trace: [ 49.719102][ T7757] dump_stack+0x172/0x1f0 [ 49.723409][ T7757] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.729451][ T7757] check_usage_backwards.cold+0x1d/0x26 [ 49.734971][ T7757] ? print_shortest_lock_dependencies+0x90/0x90 [ 49.741181][ T7757] ? save_stack_trace+0x1a/0x20 [ 49.746003][ T7757] mark_lock+0x427/0x1380 [ 49.750306][ T7757] ? print_shortest_lock_dependencies+0x90/0x90 [ 49.756515][ T7757] __lock_acquire+0x1317/0x3fb0 [ 49.761338][ T7757] ? trace_hardirqs_off+0x62/0x220 [ 49.766423][ T7757] ? kasan_check_read+0x11/0x20 [ 49.771254][ T7757] ? mark_held_locks+0xf0/0xf0 [ 49.776006][ T7757] ? save_stack+0xa9/0xd0 [ 49.780316][ T7757] ? save_stack+0x45/0xd0 [ 49.784619][ T7757] ? __kasan_slab_free+0x102/0x150 [ 49.789703][ T7757] ? kasan_slab_free+0xe/0x10 [ 49.794354][ T7757] ? kmem_cache_free+0x86/0x260 [ 49.799178][ T7757] ? free_fs_struct+0x4f/0x70 [ 49.803844][ T7757] ? exit_fs+0xf0/0x130 [ 49.807977][ T7757] lock_acquire+0x16f/0x3f0 [ 49.812458][ T7757] ? userfaultfd_release+0x48e/0x6d0 [ 49.817716][ T7757] _raw_spin_lock+0x2f/0x40 [ 49.822192][ T7757] ? userfaultfd_release+0x48e/0x6d0 [ 49.827446][ T7757] userfaultfd_release+0x48e/0x6d0 [ 49.832556][ T7757] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 49.838335][ T7757] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 49.844564][ T7757] ? ima_file_free+0xc9/0x4a0 [ 49.849213][ T7757] ? __might_sleep+0x95/0x190 [ 49.853866][ T7757] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 49.859659][ T7757] __fput+0x2e5/0x8d0 [ 49.863615][ T7757] ____fput+0x16/0x20 [ 49.867568][ T7757] task_work_run+0x14a/0x1c0 [ 49.872148][ T7757] do_exit+0x90a/0x2fa0 [ 49.876277][ T7757] ? get_signal+0x331/0x1d50 [ 49.880838][ T7757] ? mm_update_next_owner+0x640/0x640 [ 49.886184][ T7757] ? kasan_check_write+0x14/0x20 [ 49.891095][ T7757] ? _raw_spin_unlock_irq+0x28/0x90 [ 49.896261][ T7757] ? get_signal+0x331/0x1d50 [ 49.900825][ T7757] ? _raw_spin_unlock_irq+0x28/0x90 [ 49.905994][ T7757] do_group_exit+0x135/0x370 [ 49.910561][ T7757] get_signal+0x399/0x1d50 [ 49.914955][ T7757] ? __ia32_compat_sys_io_submit+0x2fe/0x570 [ 49.920925][ T7757] do_signal+0x87/0x1940 [ 49.925140][ T7757] ? lock_downgrade+0x880/0x880 [ 49.929972][ T7757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.936185][ T7757] ? setup_sigcontext+0x7d0/0x7d0 [ 49.941181][ T7757] ? exit_to_usermode_loop+0x43/0x2c0 [ 49.946525][ T7757] ? do_fast_syscall_32+0xa9d/0xc98 [ 49.951691][ T7757] ? exit_to_usermode_loop+0x43/0x2c0 [ 49.957039][ T7757] ? lockdep_hardirqs_on+0x418/0x5d0 [ 49.962299][ T7757] ? trace_hardirqs_on+0x67/0x230 [ 49.967295][ T7757] exit_to_usermode_loop+0x244/0x2c0 [ 49.972579][ T7757] do_fast_syscall_32+0xa9d/0xc98 [ 49.977583][ T7757] entry_SYSENTER_compat+0x70/0x7f [ 49.982663][ T7757] RIP: 0023:0xf7f25869 [ 49.986708][ T7757] Code: Bad RIP value. [ 49.990744][ T7757] RSP: 002b:00000000f7f001ec EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 49.999122][ T7757] RAX: fffffffffffffe00 RBX: 00000000080fb018 RCX: 0000000000000080 [ 50.007065][ T7757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f7eb4000 [ 50.015006][ T7757] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 50.022949][ T7757] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 50.030900][ T7757] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000