Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 61.413196][ T8083] [ 61.415559][ T8083] ======================================================== [ 61.422729][ T8083] WARNING: possible irq lock inversion dependency detected [ 61.429893][ T8083] 5.2.0-rc6+ #7 Not tainted [ 61.434363][ T8083] -------------------------------------------------------- [ 61.441529][ T8083] syz-executor211/8083 just changed the state of lock: [ 61.448346][ T8083] 00000000df76c770 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x4dc/0x620 [ 61.458072][ T8083] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 61.466104][ T8083] (&(&ctx->ctx_lock)->rlock){..-.} [ 61.466110][ T8083] [ 61.466110][ T8083] [ 61.466110][ T8083] and interrupts could create inverse lock ordering between them. [ 61.466110][ T8083] [ 61.485557][ T8083] [ 61.485557][ T8083] other info that might help us debug this: [ 61.493589][ T8083] Chain exists of: [ 61.493589][ T8083] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 61.493589][ T8083] [ 61.507789][ T8083] Possible interrupt unsafe locking scenario: [ 61.507789][ T8083] [ 61.516078][ T8083] CPU0 CPU1 [ 61.521415][ T8083] ---- ---- [ 61.526779][ T8083] lock(&ctx->fault_pending_wqh); [ 61.531861][ T8083] local_irq_disable(); [ 61.538589][ T8083] lock(&(&ctx->ctx_lock)->rlock); [ 61.546272][ T8083] lock(&ctx->fd_wqh); [ 61.552913][ T8083] [ 61.556345][ T8083] lock(&(&ctx->ctx_lock)->rlock); [ 61.561685][ T8083] [ 61.561685][ T8083] *** DEADLOCK *** [ 61.561685][ T8083] [ 61.569805][ T8083] no locks held by syz-executor211/8083. [ 61.575405][ T8083] [ 61.575405][ T8083] the shortest dependencies between 2nd lock and 1st lock: [ 61.584748][ T8083] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 61.590438][ T8083] IN-SOFTIRQ-W at: [ 61.594589][ T8083] _raw_spin_lock_irq+0x6a/0x80 [ 61.601415][ T8083] free_ioctx_users+0x33/0x1d0 [ 61.608157][ T8083] percpu_ref_put+0x1c6/0x1d0 [ 61.614822][ T8083] percpu_ref_switch_to_atomic_rcu+0x260/0x310 [ 61.622965][ T8083] rcu_core+0x8d6/0xf90 [ 61.629096][ T8083] __do_softirq+0x340/0x7b0 [ 61.635574][ T8083] irq_exit+0x21a/0x230 [ 61.641718][ T8083] smp_apic_timer_interrupt+0xf8/0x260 [ 61.649146][ T8083] apic_timer_interrupt+0xf/0x20 [ 61.656052][ T8083] native_safe_halt+0xe/0x10 [ 61.662636][ T8083] arch_cpu_idle+0xa/0x10 [ 61.668938][ T8083] do_idle+0x18a/0x760 [ 61.674992][ T8083] cpu_startup_entry+0x25/0x30 [ 61.681739][ T8083] start_secondary+0x425/0x4c0 [ 61.688492][ T8083] secondary_startup_64+0xa4/0xb0 [ 61.695577][ T8083] INITIAL USE at: [ 61.699641][ T8083] _raw_spin_lock_irq+0x6a/0x80 [ 61.706378][ T8083] io_submit_one+0x1137/0x1ac0 [ 61.713029][ T8083] __se_sys_io_submit+0x18f/0x2d0 [ 61.719936][ T8083] __x64_sys_io_submit+0x7b/0x90 [ 61.726758][ T8083] do_syscall_64+0xfe/0x140 [ 61.733146][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.740917][ T8083] } [ 61.743604][ T8083] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 61.751724][ T8083] ... acquired at: [ 61.755682][ T8083] _raw_spin_lock+0x2d/0x40 [ 61.760332][ T8083] io_submit_one+0x1167/0x1ac0 [ 61.765244][ T8083] __se_sys_io_submit+0x18f/0x2d0 [ 61.770414][ T8083] __x64_sys_io_submit+0x7b/0x90 [ 61.775528][ T8083] do_syscall_64+0xfe/0x140 [ 61.780185][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.786233][ T8083] [ 61.788555][ T8083] -> (&ctx->fd_wqh){....} { [ 61.793118][ T8083] INITIAL USE at: [ 61.797084][ T8083] _raw_spin_lock_irqsave+0xa1/0xc0 [ 61.803992][ T8083] add_wait_queue+0x41/0x150 [ 61.810293][ T8083] aio_poll_queue_proc+0xdf/0x160 [ 61.817025][ T8083] userfaultfd_poll+0x84/0x1d0 [ 61.823497][ T8083] io_submit_one+0x1102/0x1ac0 [ 61.829974][ T8083] __se_sys_io_submit+0x18f/0x2d0 [ 61.837253][ T8083] __x64_sys_io_submit+0x7b/0x90 [ 61.843927][ T8083] do_syscall_64+0xfe/0x140 [ 61.850146][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.857745][ T8083] } [ 61.860383][ T8083] ... key at: [] init_once_userfaultfd_ctx.__key.15+0x0/0x10 [ 61.869906][ T8083] ... acquired at: [ 61.873790][ T8083] _raw_spin_lock+0x2d/0x40 [ 61.878462][ T8083] userfaultfd_ctx_read+0x3e7/0x1430 [ 61.883894][ T8083] userfaultfd_read+0x15d/0x2b0 [ 61.888906][ T8083] __vfs_read+0xf9/0x7c0 [ 61.893316][ T8083] vfs_read+0x195/0x3c0 [ 61.897631][ T8083] ksys_read+0x16b/0x2a0 [ 61.902018][ T8083] __x64_sys_read+0x7b/0x90 [ 61.906669][ T8083] do_syscall_64+0xfe/0x140 [ 61.911319][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.917354][ T8083] [ 61.919659][ T8083] -> (&ctx->fault_pending_wqh){+.+.} { [ 61.925123][ T8083] HARDIRQ-ON-W at: [ 61.929094][ T8083] _raw_spin_lock+0x2d/0x40 [ 61.935221][ T8083] userfaultfd_release+0x4dc/0x620 [ 61.941963][ T8083] __fput+0x2e4/0x740 [ 61.947565][ T8083] ____fput+0x15/0x20 [ 61.953170][ T8083] task_work_run+0x17e/0x1b0 [ 61.959381][ T8083] do_exit+0x63f/0x2300 [ 61.965166][ T8083] do_group_exit+0x15c/0x2a0 [ 61.971379][ T8083] get_signal+0x6df/0x21f0 [ 61.977420][ T8083] do_signal+0x7b/0x750 [ 61.983198][ T8083] prepare_exit_to_usermode+0x2f5/0x4f0 [ 61.990367][ T8083] syscall_return_slowpath+0x110/0x440 [ 61.997447][ T8083] do_syscall_64+0x126/0x140 [ 62.003661][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.011175][ T8083] SOFTIRQ-ON-W at: [ 62.015152][ T8083] _raw_spin_lock+0x2d/0x40 [ 62.021299][ T8083] userfaultfd_release+0x4dc/0x620 [ 62.028033][ T8083] __fput+0x2e4/0x740 [ 62.033637][ T8083] ____fput+0x15/0x20 [ 62.039247][ T8083] task_work_run+0x17e/0x1b0 [ 62.045463][ T8083] do_exit+0x63f/0x2300 [ 62.051245][ T8083] do_group_exit+0x15c/0x2a0 [ 62.057473][ T8083] get_signal+0x6df/0x21f0 executing program executing program executing program [ 62.063523][ T8083] do_signal+0x7b/0x750 [ 62.069305][ T8083] prepare_exit_to_usermode+0x2f5/0x4f0 [ 62.076665][ T8083] syscall_return_slowpath+0x110/0x440 [ 62.083760][ T8083] do_syscall_64+0x126/0x140 [ 62.090001][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.097535][ T8083] INITIAL USE at: [ 62.101420][ T8083] _raw_spin_lock+0x2d/0x40 [ 62.107467][ T8083] userfaultfd_ctx_read+0x3e7/0x1430 [ 62.114302][ T8083] userfaultfd_read+0x15d/0x2b0 [ 62.120698][ T8083] __vfs_read+0xf9/0x7c0 [ 62.126489][ T8083] vfs_read+0x195/0x3c0 [ 62.132192][ T8083] ksys_read+0x16b/0x2a0 [ 62.137983][ T8083] __x64_sys_read+0x7b/0x90 [ 62.144030][ T8083] do_syscall_64+0xfe/0x140 [ 62.150083][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.157512][ T8083] } [ 62.160003][ T8083] ... key at: [] init_once_userfaultfd_ctx.__key+0x0/0x10 [ 62.169168][ T8083] ... acquired at: [ 62.172960][ T8083] __lock_acquire+0x60b/0x1a40 [ 62.177879][ T8083] lock_acquire+0x158/0x250 [ 62.182536][ T8083] _raw_spin_lock+0x2d/0x40 [ 62.187196][ T8083] userfaultfd_release+0x4dc/0x620 [ 62.192468][ T8083] __fput+0x2e4/0x740 [ 62.196621][ T8083] ____fput+0x15/0x20 [ 62.200757][ T8083] task_work_run+0x17e/0x1b0 [ 62.205501][ T8083] do_exit+0x63f/0x2300 [ 62.209809][ T8083] do_group_exit+0x15c/0x2a0 [ 62.214553][ T8083] get_signal+0x6df/0x21f0 [ 62.219127][ T8083] do_signal+0x7b/0x750 [ 62.223438][ T8083] prepare_exit_to_usermode+0x2f5/0x4f0 [ 62.229134][ T8083] syscall_return_slowpath+0x110/0x440 [ 62.234745][ T8083] do_syscall_64+0x126/0x140 [ 62.239492][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.245530][ T8083] [ 62.247840][ T8083] [ 62.247840][ T8083] stack backtrace: [ 62.253714][ T8083] CPU: 0 PID: 8083 Comm: syz-executor211 Not tainted 5.2.0-rc6+ #7 [ 62.261577][ T8083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.271629][ T8083] Call Trace: [ 62.274906][ T8083] dump_stack+0x1d8/0x2f8 [ 62.279235][ T8083] print_irq_inversion_bug+0xa59/0xd00 [ 62.284677][ T8083] ? print_bfs_bug+0x70/0x70 [ 62.289251][ T8083] ? unwind_next_frame+0x415/0x870 [ 62.294341][ T8083] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 62.300449][ T8083] ? stack_trace_save+0x1e0/0x1e0 [ 62.305458][ T8083] ? check_usage_forwards+0x2f0/0x2f0 [ 62.310814][ T8083] ? unwind_get_return_address+0x4c/0x90 [ 62.316433][ T8083] check_usage_backwards+0x1ac/0x300 [ 62.321701][ T8083] ? mark_lock+0x1660/0x1660 [ 62.326282][ T8083] ? stack_trace_save+0x111/0x1e0 [ 62.331287][ T8083] ? graph_lock+0x15b/0x280 [ 62.335774][ T8083] ? mark_lock+0x1660/0x1660 [ 62.340345][ T8083] mark_lock+0x498/0x1660 [ 62.344659][ T8083] ? __bfs+0x550/0x550 [ 62.348792][ T8083] ? __lock_acquire+0xcf7/0x1a40 [ 62.353713][ T8083] ? kasan_check_write+0x14/0x20 [ 62.358631][ T8083] ? native_queued_spin_lock_slowpath+0x123/0xad0 [ 62.365029][ T8083] ? trace_lock_acquire+0x190/0x190 [ 62.370209][ T8083] ? .slowpath+0x15/0x15 [ 62.374433][ T8083] __lock_acquire+0x60b/0x1a40 [ 62.379183][ T8083] ? trace_lock_acquire+0x190/0x190 [ 62.384365][ T8083] ? locks_remove_file+0x3a2/0x1070 [ 62.389549][ T8083] ? check_preemption_disabled+0xb7/0x280 [ 62.395271][ T8083] ? exit_fs+0x123/0x150 [ 62.399495][ T8083] ? trace_lock_acquire+0x11c/0x190 [ 62.404674][ T8083] lock_acquire+0x158/0x250 [ 62.409161][ T8083] ? userfaultfd_release+0x4dc/0x620 [ 62.414432][ T8083] _raw_spin_lock+0x2d/0x40 [ 62.418915][ T8083] ? userfaultfd_release+0x4dc/0x620 [ 62.424179][ T8083] userfaultfd_release+0x4dc/0x620 [ 62.429278][ T8083] ? userfaultfd_ioctl+0x4190/0x4190 [ 62.434696][ T8083] ? ima_file_free+0xf0/0x3b0 [ 62.439362][ T8083] ? __might_sleep+0x8f/0x100 [ 62.444056][ T8083] ? userfaultfd_ioctl+0x4190/0x4190 [ 62.449325][ T8083] __fput+0x2e4/0x740 [ 62.453402][ T8083] ____fput+0x15/0x20 [ 62.457364][ T8083] task_work_run+0x17e/0x1b0 [ 62.461936][ T8083] do_exit+0x63f/0x2300 [ 62.466089][ T8083] ? userfaultfd_ctx_read+0xae9/0x1430 [ 62.471531][ T8083] ? mm_update_next_owner+0x580/0x580 [ 62.476887][ T8083] ? do_raw_spin_lock+0x143/0x3a0 [ 62.481898][ T8083] do_group_exit+0x15c/0x2a0 [ 62.486475][ T8083] get_signal+0x6df/0x21f0 [ 62.490877][ T8083] ? userfaultfd_read+0x1e0/0x2b0 [ 62.495890][ T8083] ? ptrace_notify+0x370/0x370 [ 62.500634][ T8083] ? rw_verify_area+0x360/0x360 [ 62.505480][ T8083] do_signal+0x7b/0x750 [ 62.509622][ T8083] ? signal_fault+0x1f0/0x1f0 [ 62.514284][ T8083] ? vfs_read+0x2aa/0x3c0 [ 62.518601][ T8083] prepare_exit_to_usermode+0x2f5/0x4f0 [ 62.524133][ T8083] syscall_return_slowpath+0x110/0x440 [ 62.529574][ T8083] do_syscall_64+0x126/0x140 [ 62.534168][ T8083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.540053][ T8083] RIP: 0033:0x4413a9 [ 62.543932][ T8083] Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 executing program executing program executing program [ 62.563519][ T8083] RSP: 002b:00007fffb598eb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 62.572016][ T8083] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00000000004413a9 [ 62.579966][ T8083] RDX: 0000000000000064 RSI: 0000000020009f9c RDI: 0000000000000005 [ 62.587926][ T8083] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 [ 62.595880][ T8083] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402120 [ 62.603832][ T8083] R13: 00000000004021b0 R14: 0000000000000000 R15: 0000000000000000 executing program executing program executing program executing program executing program executing program