Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.984615][ C1] [ 58.987084][ C1] ======================================================== [ 58.994267][ C1] WARNING: possible irq lock inversion dependency detected [ 59.001446][ C1] 5.8.0-next-20200812-syzkaller #0 Not tainted [ 59.007565][ C1] -------------------------------------------------------- [ 59.014863][ C1] syz-executor775/6859 just changed the state of lock: [ 59.021681][ C1] ffff8880934ad4d8 (&ctx->completion_lock){-...}-{2:2}, at: io_timeout_fn+0x6c/0x3f0 [ 59.031122][ C1] but this lock took another, HARDIRQ-unsafe lock in the past: [ 59.038631][ C1] (&fs->lock){+.+.}-{2:2} [ 59.038641][ C1] [ 59.038641][ C1] [ 59.038641][ C1] and interrupts could create inverse lock ordering between them. [ 59.038641][ C1] [ 59.057404][ C1] [ 59.057404][ C1] other info that might help us debug this: [ 59.065449][ C1] Possible interrupt unsafe locking scenario: [ 59.065449][ C1] [ 59.073736][ C1] CPU0 CPU1 [ 59.079074][ C1] ---- ---- [ 59.084410][ C1] lock(&fs->lock); [ 59.088451][ C1] local_irq_disable(); [ 59.095437][ C1] lock(&ctx->completion_lock); [ 59.102864][ C1] lock(&fs->lock); [ 59.109244][ C1] [ 59.112686][ C1] lock(&ctx->completion_lock); [ 59.117767][ C1] [ 59.117767][ C1] *** DEADLOCK *** [ 59.117767][ C1] [ 59.125885][ C1] 1 lock held by syz-executor775/6859: [ 59.131330][ C1] #0: ffff8880934ad428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 59.141815][ C1] [ 59.141815][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 59.151161][ C1] -> (&fs->lock){+.+.}-{2:2} { [ 59.155987][ C1] HARDIRQ-ON-W at: [ 59.160035][ C1] lock_acquire+0x1f1/0xad0 [ 59.166347][ C1] _raw_spin_lock+0x2a/0x40 [ 59.172645][ C1] set_fs_pwd+0x85/0x2a0 [ 59.178686][ C1] init_chdir+0x106/0x14e [ 59.184811][ C1] devtmpfsd+0x76/0x333 [ 59.190762][ C1] kthread+0x3b5/0x4a0 [ 59.196641][ C1] ret_from_fork+0x1f/0x30 [ 59.202847][ C1] SOFTIRQ-ON-W at: [ 59.206892][ C1] lock_acquire+0x1f1/0xad0 [ 59.213208][ C1] _raw_spin_lock+0x2a/0x40 [ 59.219505][ C1] set_fs_pwd+0x85/0x2a0 [ 59.225556][ C1] init_chdir+0x106/0x14e [ 59.231699][ C1] devtmpfsd+0x76/0x333 [ 59.237650][ C1] kthread+0x3b5/0x4a0 [ 59.243716][ C1] ret_from_fork+0x1f/0x30 [ 59.249919][ C1] INITIAL USE at: [ 59.253876][ C1] lock_acquire+0x1f1/0xad0 [ 59.260259][ C1] _raw_spin_lock+0x2a/0x40 [ 59.266641][ C1] set_fs_pwd+0x85/0x2a0 [ 59.272594][ C1] init_chdir+0x106/0x14e [ 59.278630][ C1] devtmpfsd+0x76/0x333 [ 59.284521][ C1] kthread+0x3b5/0x4a0 [ 59.290298][ C1] ret_from_fork+0x1f/0x30 [ 59.296418][ C1] } [ 59.299000][ C1] ... key at: [] __key.1+0x0/0x40 [ 59.306160][ C1] ... acquired at: [ 59.310041][ C1] _raw_spin_lock+0x2a/0x40 [ 59.314710][ C1] io_dismantle_req+0x3ec/0x9e0 [ 59.319807][ C1] __io_free_req+0x16/0x3c0 [ 59.324455][ C1] __io_fail_links+0x433/0x5b0 [ 59.329363][ C1] __io_req_find_next+0x368/0x460 [ 59.334548][ C1] io_wq_submit_work+0x33c/0x3d0 [ 59.339644][ C1] io_worker_handle_work+0xa45/0x13f0 [ 59.345159][ C1] io_wqe_worker+0xbf0/0x10e0 [ 59.349996][ C1] kthread+0x3b5/0x4a0 [ 59.354228][ C1] ret_from_fork+0x1f/0x30 [ 59.358788][ C1] [ 59.361085][ C1] -> (&ctx->completion_lock){-...}-{2:2} { [ 59.366866][ C1] IN-HARDIRQ-W at: [ 59.370821][ C1] lock_acquire+0x1f1/0xad0 [ 59.376943][ C1] _raw_spin_lock_irqsave+0x8c/0xc0 [ 59.383762][ C1] io_timeout_fn+0x6c/0x3f0 [ 59.389895][ C1] __hrtimer_run_queues+0x6a9/0xfc0 [ 59.396727][ C1] hrtimer_interrupt+0x32a/0x930 [ 59.403286][ C1] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 59.410900][ C1] asm_call_on_stack+0xf/0x20 [ 59.417198][ C1] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 59.424451][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 59.432051][ C1] _raw_spin_unlock_irq+0x4b/0x80 [ 59.438693][ C1] io_issue_sqe+0x2de6/0x6130 [ 59.444990][ C1] __io_queue_sqe+0x284/0x1190 [ 59.451372][ C1] io_queue_sqe+0x73e/0x1130 [ 59.457582][ C1] io_submit_sqes+0x1794/0x2380 [ 59.464069][ C1] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 59.471267][ C1] do_syscall_64+0x2d/0x70 [ 59.477313][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.484821][ C1] INITIAL USE at: [ 59.488691][ C1] lock_acquire+0x1f1/0xad0 [ 59.494730][ C1] _raw_spin_lock_irqsave+0x8c/0xc0 [ 59.501467][ C1] io_issue_sqe+0xcfd/0x6130 [ 59.507590][ C1] io_wq_submit_work+0x183/0x3d0 [ 59.514074][ C1] io_worker_handle_work+0xa45/0x13f0 [ 59.521067][ C1] io_wqe_worker+0xbf0/0x10e0 [ 59.527375][ C1] kthread+0x3b5/0x4a0 [ 59.532984][ C1] ret_from_fork+0x1f/0x30 [ 59.538930][ C1] } [ 59.541411][ C1] ... key at: [] __key.9+0x0/0x40 [ 59.548608][ C1] ... acquired at: [ 59.552399][ C1] mark_lock+0x54b/0x1710 [ 59.556874][ C1] __lock_acquire+0x13ad/0x5640 [ 59.561884][ C1] lock_acquire+0x1f1/0xad0 [ 59.566725][ C1] _raw_spin_lock_irqsave+0x8c/0xc0 [ 59.572068][ C1] io_timeout_fn+0x6c/0x3f0 [ 59.576716][ C1] __hrtimer_run_queues+0x6a9/0xfc0 [ 59.582074][ C1] hrtimer_interrupt+0x32a/0x930 [ 59.587156][ C1] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 59.593302][ C1] asm_call_on_stack+0xf/0x20 [ 59.598140][ C1] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 59.603917][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 59.610045][ C1] _raw_spin_unlock_irq+0x4b/0x80 [ 59.615214][ C1] io_issue_sqe+0x2de6/0x6130 [ 59.620051][ C1] __io_queue_sqe+0x284/0x1190 [ 59.624958][ C1] io_queue_sqe+0x73e/0x1130 [ 59.629689][ C1] io_submit_sqes+0x1794/0x2380 [ 59.634681][ C1] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 59.640370][ C1] do_syscall_64+0x2d/0x70 [ 59.644930][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.650958][ C1] [ 59.653270][ C1] [ 59.653270][ C1] stack backtrace: [ 59.659147][ C1] CPU: 1 PID: 6859 Comm: syz-executor775 Not tainted 5.8.0-next-20200812-syzkaller #0 [ 59.668667][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.678696][ C1] Call Trace: [ 59.681955][ C1] [ 59.684783][ C1] dump_stack+0x18f/0x20d [ 59.689100][ C1] check_usage_forwards.cold+0x1e/0x27 [ 59.694564][ C1] ? check_usage_backwards+0x4d0/0x4d0 [ 59.700019][ C1] ? stack_trace_consume_entry+0x160/0x160 [ 59.705816][ C1] ? save_trace+0x43/0xba0 [ 59.710280][ C1] mark_lock+0x54b/0x1710 [ 59.714594][ C1] ? check_usage_backwards+0x4d0/0x4d0 [ 59.720045][ C1] __lock_acquire+0x13ad/0x5640 [ 59.724898][ C1] ? lock_acquire+0x1f1/0xad0 [ 59.729550][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 59.735520][ C1] ? debug_object_deactivate+0x264/0x300 [ 59.741123][ C1] lock_acquire+0x1f1/0xad0 [ 59.745599][ C1] ? io_timeout_fn+0x6c/0x3f0 [ 59.750269][ C1] ? lock_release+0x8e0/0x8e0 [ 59.754915][ C1] ? find_held_lock+0x2d/0x110 [ 59.759650][ C1] ? __hrtimer_run_queues+0x5d1/0xfc0 [ 59.764996][ C1] ? lock_downgrade+0x830/0x830 [ 59.769818][ C1] _raw_spin_lock_irqsave+0x8c/0xc0 [ 59.774988][ C1] ? io_timeout_fn+0x6c/0x3f0 [ 59.779639][ C1] io_timeout_fn+0x6c/0x3f0 [ 59.784130][ C1] __hrtimer_run_queues+0x6a9/0xfc0 [ 59.789302][ C1] ? io_submit_flush_completions+0x3c0/0x3c0 [ 59.795256][ C1] ? lockdep_hardirqs_off+0x71/0xc0 [ 59.800446][ C1] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 59.806493][ C1] ? ktime_get_update_offsets_now+0x1c4/0x250 [ 59.812554][ C1] hrtimer_interrupt+0x32a/0x930 [ 59.817468][ C1] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 59.823525][ C1] asm_call_on_stack+0xf/0x20 [ 59.828168][ C1] [ 59.831082][ C1] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 59.836701][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 59.842671][ C1] RIP: 0010:_raw_spin_unlock_irq+0x4b/0x80 [ 59.848492][ C1] Code: c0 18 35 b6 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 31 48 83 3d b6 2d c0 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 bb ab 59 f9 65 8b 05 04 f7 0b 78 85 c0 74 02 5d [ 59.868178][ C1] RSP: 0018:ffffc90000f178b0 EFLAGS: 00000286 [ 59.874218][ C1] RAX: 1ffffffff136c6a3 RBX: 0000000000000000 RCX: 0000000000000006 [ 59.882183][ C1] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff87f6073f [ 59.890125][ C1] RBP: ffff8880934ad4c0 R08: 0000000000000001 R09: ffffffff8c68ba9f [ 59.898070][ C1] R10: fffffbfff18d1753 R11: 000000000001fbf0 R12: 0000000000000000 [ 59.906031][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880a260ed00 [ 59.913985][ C1] ? _raw_spin_unlock_irq+0x1f/0x80 [ 59.919158][ C1] io_issue_sqe+0x2de6/0x6130 [ 59.923815][ C1] ? __lock_acquire+0x16cb/0x5640 [ 59.928815][ C1] ? do_syscall_64+0x2d/0x70 [ 59.933397][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.939433][ C1] ? io_uring_setup+0x28c0/0x28c0 [ 59.944431][ C1] ? lock_acquire+0x1f1/0xad0 [ 59.949079][ C1] ? __io_queue_sqe+0x284/0x1190 [ 59.953987][ C1] __io_queue_sqe+0x284/0x1190 [ 59.958720][ C1] ? mark_lock+0xbc/0x1710 [ 59.963109][ C1] ? io_issue_sqe+0x6130/0x6130 [ 59.967938][ C1] ? mark_held_locks+0x9f/0xe0 [ 59.972674][ C1] io_queue_sqe+0x73e/0x1130 [ 59.977253][ C1] io_submit_sqes+0x1794/0x2380 [ 59.982075][ C1] ? io_queue_sqe+0x1130/0x1130 [ 59.986894][ C1] ? __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 59.992611][ C1] ? mutex_lock_io_nested+0xf60/0xf60 [ 59.997954][ C1] ? __do_sys_io_uring_enter+0x347/0x1ae0 [ 60.003647][ C1] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 60.009181][ C1] ? io_submit_sqes+0x2380/0x2380 [ 60.014201][ C1] ? fput_many+0x2f/0x1a0 [ 60.018526][ C1] ? lock_is_held_type+0xbb/0xf0 [ 60.023541][ C1] ? syscall_enter_from_user_mode+0x20/0x290 [ 60.029494][ C1] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 60.035454][ C1] ? trace_hardirqs_on+0x5f/0x220 [ 60.040451][ C1] ? lockdep_hardirqs_on+0x76/0xf0 [ 60.045537][ C1] do_syscall_64+0x2d/0x70 [ 60.049926][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.055802][ C1] RIP: 0033:0x440b99 [ 60.059678][ C1] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.079387][ C1] RSP: 002b:00007fff1ef4ee38 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 60.087794][