Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.701803] [ 48.703441] ======================================================== [ 48.709918] WARNING: possible irq lock inversion dependency detected [ 48.716384] 5.0.0-rc5+ #64 Not tainted [ 48.720347] -------------------------------------------------------- [ 48.726826] syz-executor404/7847 just changed the state of lock: [ 48.732943] 000000000eb02d46 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x497/0x6d0 [ 48.741969] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 48.749299] (&(&ctx->ctx_lock)->rlock){..-.} [ 48.749320] [ 48.749320] [ 48.749320] and interrupts could create inverse lock ordering between them. [ 48.749320] [ 48.765528] [ 48.765528] other info that might help us debug this: [ 48.772179] Chain exists of: [ 48.772179] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 48.772179] [ 48.784290] Possible interrupt unsafe locking scenario: [ 48.784290] [ 48.791186] CPU0 CPU1 [ 48.795852] ---- ---- [ 48.800498] lock(&ctx->fault_pending_wqh); [ 48.804898] local_irq_disable(); [ 48.810926] lock(&(&ctx->ctx_lock)->rlock); [ 48.817915] lock(&ctx->fd_wqh); [ 48.823860] [ 48.826588] lock(&(&ctx->ctx_lock)->rlock); [ 48.831230] [ 48.831230] *** DEADLOCK *** [ 48.831230] [ 48.837264] no locks held by syz-executor404/7847. [ 48.842163] [ 48.842163] the shortest dependencies between 2nd lock and 1st lock: [ 48.850105] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 48.855096] IN-SOFTIRQ-W at: [ 48.858528] lock_acquire+0x16f/0x3f0 [ 48.864300] _raw_spin_lock_irq+0x60/0x80 [ 48.870420] free_ioctx_users+0x2d/0x4a0 [ 48.876472] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 48.883897] rcu_process_callbacks+0x928/0x1390 [ 48.890537] __do_softirq+0x266/0x95a [ 48.896311] irq_exit+0x180/0x1d0 [ 48.901752] smp_apic_timer_interrupt+0x14a/0x570 [ 48.908588] apic_timer_interrupt+0xf/0x20 [ 48.914794] native_safe_halt+0x2/0x10 [ 48.920657] arch_cpu_idle+0x10/0x20 [ 48.926343] default_idle_call+0x36/0x90 [ 48.932381] do_idle+0x386/0x570 [ 48.937722] cpu_startup_entry+0x1b/0x20 [ 48.943755] rest_init+0x245/0x37b [ 48.949292] arch_call_rest_init+0xe/0x1b [ 48.955428] start_kernel+0x808/0x841 [ 48.961216] x86_64_start_reservations+0x29/0x2b [ 48.967958] x86_64_start_kernel+0x77/0x7b [ 48.974169] secondary_startup_64+0xa4/0xb0 [ 48.980472] INITIAL USE at: [ 48.983819] lock_acquire+0x16f/0x3f0 [ 48.989525] _raw_spin_lock_irq+0x60/0x80 [ 48.995559] io_submit_one+0xeb6/0x1cf0 [ 49.001420] __ia32_compat_sys_io_submit+0x1be/0x570 [ 49.008409] do_fast_syscall_32+0x281/0xc98 [ 49.014625] entry_SYSENTER_compat+0x70/0x7f [ 49.020944] } [ 49.022924] ... key at: [] __key.51970+0x0/0x40 [ 49.029820] ... acquired at: [ 49.033076] _raw_spin_lock+0x2f/0x40 [ 49.037027] io_submit_one+0xedf/0x1cf0 [ 49.041151] __ia32_compat_sys_io_submit+0x1be/0x570 [ 49.046417] do_fast_syscall_32+0x281/0xc98 [ 49.050888] entry_SYSENTER_compat+0x70/0x7f [ 49.055440] [ 49.057042] -> (&ctx->fd_wqh){....} { [ 49.060909] INITIAL USE at: [ 49.064162] lock_acquire+0x16f/0x3f0 [ 49.069676] _raw_spin_lock_irq+0x60/0x80 [ 49.075549] userfaultfd_read+0x27a/0x1940 [ 49.081520] __vfs_read+0x116/0x8c0 [ 49.086873] vfs_read+0x194/0x3e0 [ 49.092040] ksys_read+0xea/0x1f0 [ 49.097204] __ia32_sys_read+0x71/0xb0 [ 49.102806] do_fast_syscall_32+0x281/0xc98 [ 49.108841] entry_SYSENTER_compat+0x70/0x7f [ 49.114956] } [ 49.116856] ... key at: [] __key.44852+0x0/0x40 [ 49.123666] ... acquired at: [ 49.126891] _raw_spin_lock+0x2f/0x40 [ 49.130841] userfaultfd_read+0x540/0x1940 [ 49.135225] __vfs_read+0x116/0x8c0 [ 49.139008] vfs_read+0x194/0x3e0 [ 49.142611] ksys_read+0xea/0x1f0 [ 49.146223] __ia32_sys_read+0x71/0xb0 [ 49.150280] do_fast_syscall_32+0x281/0xc98 [ 49.154750] entry_SYSENTER_compat+0x70/0x7f [ 49.159312] [ 49.160937] -> (&ctx->fault_pending_wqh){+.+.} { [ 49.165708] HARDIRQ-ON-W at: [ 49.168966] lock_acquire+0x16f/0x3f0 [ 49.174405] _raw_spin_lock+0x2f/0x40 [ 49.179831] userfaultfd_release+0x497/0x6d0 [ 49.185868] __fput+0x2df/0x8d0 [ 49.190803] ____fput+0x16/0x20 [ 49.195709] task_work_run+0x14a/0x1c0 [ 49.201222] do_exit+0x92c/0x2fd0 [ 49.206309] do_group_exit+0x135/0x370 [ 49.211834] get_signal+0x35c/0x1d60 [ 49.217174] do_signal+0x87/0x1940 [ 49.222342] exit_to_usermode_loop+0x244/0x2c0 [ 49.228551] do_fast_syscall_32+0xa9d/0xc98 [ 49.234516] entry_SYSENTER_compat+0x70/0x7f [ 49.240545] SOFTIRQ-ON-W at: [ 49.243811] lock_acquire+0x16f/0x3f0 [ 49.249236] _raw_spin_lock+0x2f/0x40 [ 49.254672] userfaultfd_release+0x497/0x6d0 [ 49.260705] __fput+0x2df/0x8d0 [ 49.265611] ____fput+0x16/0x20 [ 49.270521] task_work_run+0x14a/0x1c0 [ 49.276034] do_exit+0x92c/0x2fd0 [ 49.281109] do_group_exit+0x135/0x370 [ 49.286623] get_signal+0x35c/0x1d60 [ 49.291981] do_signal+0x87/0x1940 [ 49.297153] exit_to_usermode_loop+0x244/0x2c0 [ 49.303362] do_fast_syscall_32+0xa9d/0xc98 [ 49.309308] entry_SYSENTER_compat+0x70/0x7f [ 49.315339] INITIAL USE at: [ 49.318515] lock_acquire+0x16f/0x3f0 [ 49.323857] _raw_spin_lock+0x2f/0x40 [ 49.329208] userfaultfd_read+0x540/0x1940 [ 49.334996] __vfs_read+0x116/0x8c0 [ 49.340163] vfs_read+0x194/0x3e0 [ 49.345154] ksys_read+0xea/0x1f0 [ 49.350159] __ia32_sys_read+0x71/0xb0 [ 49.355588] do_fast_syscall_32+0x281/0xc98 [ 49.361462] entry_SYSENTER_compat+0x70/0x7f [ 49.367418] } [ 49.369198] ... key at: [] __key.44849+0x0/0x40 [ 49.375934] ... acquired at: [ 49.379029] mark_lock+0x427/0x1380 [ 49.382803] __lock_acquire+0xca5/0x4700 [ 49.387025] lock_acquire+0x16f/0x3f0 [ 49.390975] _raw_spin_lock+0x2f/0x40 [ 49.394924] userfaultfd_release+0x497/0x6d0 [ 49.399481] __fput+0x2df/0x8d0 [ 49.402928] ____fput+0x16/0x20 [ 49.406373] task_work_run+0x14a/0x1c0 [ 49.410438] do_exit+0x92c/0x2fd0 [ 49.414051] do_group_exit+0x135/0x370 [ 49.418085] get_signal+0x35c/0x1d60 [ 49.421953] do_signal+0x87/0x1940 [ 49.425643] exit_to_usermode_loop+0x244/0x2c0 [ 49.430375] do_fast_syscall_32+0xa9d/0xc98 [ 49.434845] entry_SYSENTER_compat+0x70/0x7f [ 49.439405] [ 49.441006] [ 49.441006] stack backtrace: [ 49.445478] CPU: 0 PID: 7847 Comm: syz-executor404 Not tainted 5.0.0-rc5+ #64 [ 49.452724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.462052] Call Trace: [ 49.464620] dump_stack+0x172/0x1f0 [ 49.468223] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.473582] check_usage_backwards.cold+0x1d/0x26 [ 49.478465] ? print_shortest_lock_dependencies+0x90/0x90 [ 49.483986] ? save_stack_trace+0x1a/0x20 [ 49.488112] ? save_trace+0xe0/0x290 [ 49.491809] mark_lock+0x427/0x1380 [ 49.495412] ? print_shortest_lock_dependencies+0x90/0x90 [ 49.500925] __lock_acquire+0xca5/0x4700 [ 49.504973] ? depot_save_stack+0x1de/0x460 [ 49.509274] ? kasan_check_read+0x11/0x20 [ 49.513412] ? mark_held_locks+0x100/0x100 [ 49.517623] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 49.522701] ? depot_save_stack+0x1de/0x460 [ 49.526999] ? __lock_acquire+0x53b/0x4700 [ 49.531210] ? __lock_acquire+0x53b/0x4700 [ 49.535532] ? free_fs_struct+0x4f/0x70 [ 49.539484] ? do_exit+0x902/0x2fd0 [ 49.543089] lock_acquire+0x16f/0x3f0 [ 49.546869] ? userfaultfd_release+0x497/0x6d0 [ 49.551429] _raw_spin_lock+0x2f/0x40 [ 49.555220] ? userfaultfd_release+0x497/0x6d0 [ 49.559796] userfaultfd_release+0x497/0x6d0 [ 49.564199] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 49.569989] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 49.575513] ? ima_file_free+0xc9/0x4a0 [ 49.579464] ? __might_sleep+0x95/0x190 [ 49.583428] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 49.589201] __fput+0x2df/0x8d0 [ 49.592477] ____fput+0x16/0x20 [ 49.595732] task_work_run+0x14a/0x1c0 [ 49.599600] do_exit+0x92c/0x2fd0 [ 49.603030] ? get_signal+0x2f2/0x1d60 [ 49.606894] ? mm_update_next_owner+0x660/0x660 [ 49.611554] ? kasan_check_read+0x11/0x20 [ 49.615677] ? _raw_spin_unlock_irq+0x28/0x90 [ 49.620149] ? get_signal+0x2f2/0x1d60 [ 49.624164] ? _raw_spin_unlock_irq+0x28/0x90 [ 49.628635] do_group_exit+0x135/0x370 [ 49.632499] get_signal+0x35c/0x1d60 [ 49.636194] ? __ia32_compat_sys_io_submit+0x2fe/0x570 [ 49.641448] do_signal+0x87/0x1940 [ 49.644969] ? lock_downgrade+0x810/0x810 [ 49.649095] ? setup_sigcontext+0x7d0/0x7d0 [ 49.653394] ? exit_to_usermode_loop+0x43/0x2c0 [ 49.658038] ? do_fast_syscall_32+0xa9d/0xc98 [ 49.662528] ? exit_to_usermode_loop+0x43/0x2c0 [ 49.667191] ? lockdep_hardirqs_on+0x415/0x5d0 [ 49.671750] ? trace_hardirqs_on+0x67/0x230 [ 49.676061] exit_to_usermode_loop+0x244/0x2c0 [ 49.680620] do_fast_syscall_32+0xa9d/0xc98 [ 49.684918] entry_SYSENTER_compat+0x70/0x7f [ 49.689299] RIP: 0023:0xf7f34869 [ 49.692649] Code: Bad RIP value. [ 49.695999] RSP: 002b:00000000f7f0f1ec EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 49.703699] RAX: ffffffffff