Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.741763] [ 46.743406] ======================================================== [ 46.749872] WARNING: possible irq lock inversion dependency detected [ 46.756362] 5.0.0-rc5+ #63 Not tainted [ 46.760223] -------------------------------------------------------- [ 46.766688] syz-executor635/7731 just changed the state of lock: [ 46.772809] 00000000f375ea4e (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x497/0x6d0 [ 46.781809] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 46.789141] (&(&ctx->ctx_lock)->rlock){..-.} [ 46.789147] [ 46.789147] [ 46.789147] and interrupts could create inverse lock ordering between them. [ 46.789147] [ 46.805111] [ 46.805111] other info that might help us debug this: [ 46.811752] Chain exists of: [ 46.811752] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 46.811752] [ 46.823866] Possible interrupt unsafe locking scenario: [ 46.823866] [ 46.830765] CPU0 CPU1 [ 46.835422] ---- ---- [ 46.840064] lock(&ctx->fault_pending_wqh); [ 46.844451] local_irq_disable(); [ 46.850483] lock(&(&ctx->ctx_lock)->rlock); [ 46.857483] lock(&ctx->fd_wqh); [ 46.863430] [ 46.866160] lock(&(&ctx->ctx_lock)->rlock); [ 46.870805] [ 46.870805] *** DEADLOCK *** [ 46.870805] [ 46.876840] no locks held by syz-executor635/7731. [ 46.881743] [ 46.881743] the shortest dependencies between 2nd lock and 1st lock: [ 46.889692] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 46.894689] IN-SOFTIRQ-W at: [ 46.898128] lock_acquire+0x16f/0x3f0 [ 46.903946] _raw_spin_lock_irq+0x60/0x80 [ 46.910090] free_ioctx_users+0x2d/0x4a0 [ 46.916144] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 46.923581] rcu_process_callbacks+0x928/0x1390 [ 46.930243] __do_softirq+0x266/0x95a [ 46.936031] irq_exit+0x180/0x1d0 [ 46.941462] smp_apic_timer_interrupt+0x14a/0x570 [ 46.948279] apic_timer_interrupt+0xf/0x20 [ 46.954491] native_safe_halt+0x2/0x10 [ 46.960372] arch_cpu_idle+0x10/0x20 [ 46.966061] default_idle_call+0x36/0x90 [ 46.972099] do_idle+0x386/0x570 [ 46.977471] cpu_startup_entry+0x1b/0x20 [ 46.983509] rest_init+0x245/0x37b [ 46.989025] arch_call_rest_init+0xe/0x1b [ 46.995166] start_kernel+0x808/0x841 [ 47.000944] x86_64_start_reservations+0x29/0x2b [ 47.007676] x86_64_start_kernel+0x77/0x7b [ 47.013891] secondary_startup_64+0xa4/0xb0 [ 47.020185] INITIAL USE at: [ 47.023535] lock_acquire+0x16f/0x3f0 [ 47.029229] _raw_spin_lock_irq+0x60/0x80 [ 47.035268] io_submit_one+0xeb6/0x1cf0 [ 47.041164] __x64_sys_io_submit+0x1bd/0x580 [ 47.047478] do_syscall_64+0x103/0x610 [ 47.053262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.060337] } [ 47.062294] ... key at: [] __key.51970+0x0/0x40 [ 47.069195] ... acquired at: [ 47.072463] _raw_spin_lock+0x2f/0x40 [ 47.076418] io_submit_one+0xedf/0x1cf0 [ 47.080546] __x64_sys_io_submit+0x1bd/0x580 [ 47.085111] do_syscall_64+0x103/0x610 [ 47.089152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.094487] [ 47.096090] -> (&ctx->fd_wqh){....} { [ 47.099971] INITIAL USE at: [ 47.103236] lock_acquire+0x16f/0x3f0 [ 47.108752] _raw_spin_lock_irq+0x60/0x80 [ 47.114630] userfaultfd_read+0x27a/0x1940 [ 47.120592] __vfs_read+0x116/0x8c0 [ 47.125936] vfs_read+0x194/0x3e0 [ 47.131112] ksys_read+0xea/0x1f0 [ 47.136281] __x64_sys_read+0x73/0xb0 [ 47.141799] do_syscall_64+0x103/0x610 [ 47.147416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.154315] } [ 47.156189] ... key at: [] __key.44852+0x0/0x40 [ 47.163004] ... acquired at: [ 47.166190] _raw_spin_lock+0x2f/0x40 [ 47.170152] userfaultfd_read+0x540/0x1940 [ 47.174551] __vfs_read+0x116/0x8c0 [ 47.178353] vfs_read+0x194/0x3e0 [ 47.181974] ksys_read+0xea/0x1f0 [ 47.185607] __x64_sys_read+0x73/0xb0 [ 47.189563] do_syscall_64+0x103/0x610 [ 47.193616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.198951] [ 47.200553] -> (&ctx->fault_pending_wqh){+.+.} { [ 47.205297] HARDIRQ-ON-W at: [ 47.208591] lock_acquire+0x16f/0x3f0 [ 47.214023] _raw_spin_lock+0x2f/0x40 [ 47.219474] userfaultfd_release+0x497/0x6d0 [ 47.225534] __fput+0x2df/0x8d0 [ 47.230444] ____fput+0x16/0x20 [ 47.235354] task_work_run+0x14a/0x1c0 [ 47.240891] do_exit+0x92c/0x2fd0 [ 47.245975] do_group_exit+0x135/0x370 [ 47.251494] get_signal+0x35c/0x1d60 [ 47.256837] do_signal+0x87/0x1940 [ 47.262007] exit_to_usermode_loop+0x244/0x2c0 [ 47.268218] do_syscall_64+0x52d/0x610 [ 47.273755] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.280567] SOFTIRQ-ON-W at: [ 47.283838] lock_acquire+0x16f/0x3f0 [ 47.289266] _raw_spin_lock+0x2f/0x40 [ 47.294696] userfaultfd_release+0x497/0x6d0 [ 47.300733] __fput+0x2df/0x8d0 [ 47.305643] ____fput+0x16/0x20 [ 47.310551] task_work_run+0x14a/0x1c0 [ 47.316074] do_exit+0x92c/0x2fd0 [ 47.321158] do_group_exit+0x135/0x370 [ 47.326675] get_signal+0x35c/0x1d60 [ 47.332018] do_signal+0x87/0x1940 [ 47.337207] exit_to_usermode_loop+0x244/0x2c0 [ 47.343422] do_syscall_64+0x52d/0x610 [ 47.348938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.355751] INITIAL USE at: [ 47.358925] lock_acquire+0x16f/0x3f0 [ 47.364280] _raw_spin_lock+0x2f/0x40 [ 47.369622] userfaultfd_read+0x540/0x1940 [ 47.375401] __vfs_read+0x116/0x8c0 [ 47.380569] vfs_read+0x194/0x3e0 [ 47.385582] ksys_read+0xea/0x1f0 [ 47.390597] __x64_sys_read+0x73/0xb0 [ 47.395943] do_syscall_64+0x103/0x610 [ 47.401377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.408102] } [ 47.409884] ... key at: [] __key.44849+0x0/0x40 [ 47.416610] ... acquired at: [ 47.419697] mark_lock+0x427/0x1380 [ 47.423477] __lock_acquire+0xca5/0x4700 [ 47.427691] lock_acquire+0x16f/0x3f0 [ 47.431648] _raw_spin_lock+0x2f/0x40 [ 47.435606] userfaultfd_release+0x497/0x6d0 [ 47.440170] __fput+0x2df/0x8d0 [ 47.443603] ____fput+0x16/0x20 [ 47.447036] task_work_run+0x14a/0x1c0 [ 47.451076] do_exit+0x92c/0x2fd0 [ 47.454686] do_group_exit+0x135/0x370 [ 47.458737] get_signal+0x35c/0x1d60 [ 47.462606] do_signal+0x87/0x1940 [ 47.466300] exit_to_usermode_loop+0x244/0x2c0 [ 47.471036] do_syscall_64+0x52d/0x610 [ 47.475080] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.480419] [ 47.482022] [ 47.482022] stack backtrace: [ 47.486509] CPU: 0 PID: 7731 Comm: syz-executor635 Not tainted 5.0.0-rc5+ #63 [ 47.493761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.503090] Call Trace: [ 47.505664] dump_stack+0x172/0x1f0 [ 47.509277] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.514626] check_usage_backwards.cold+0x1d/0x26 [ 47.519468] ? print_shortest_lock_dependencies+0x90/0x90 [ 47.524991] ? save_stack_trace+0x1a/0x20 [ 47.529119] ? save_trace+0xe0/0x290 [ 47.532815] mark_lock+0x427/0x1380 [ 47.536422] ? print_shortest_lock_dependencies+0x90/0x90 [ 47.541940] __lock_acquire+0xca5/0x4700 [ 47.545981] ? depot_save_stack+0x1de/0x460 [ 47.550288] ? kasan_check_read+0x11/0x20 [ 47.554418] ? mark_held_locks+0x100/0x100 [ 47.558633] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 47.563717] ? depot_save_stack+0x1de/0x460 [ 47.568020] ? __lock_acquire+0x53b/0x4700 [ 47.572236] ? __lock_acquire+0x53b/0x4700 [ 47.576451] ? free_fs_struct+0x4f/0x70 [ 47.580407] ? do_exit+0x902/0x2fd0 [ 47.584014] lock_acquire+0x16f/0x3f0 [ 47.587795] ? userfaultfd_release+0x497/0x6d0 [ 47.592358] _raw_spin_lock+0x2f/0x40 [ 47.596138] ? userfaultfd_release+0x497/0x6d0 [ 47.600702] userfaultfd_release+0x497/0x6d0 [ 47.605094] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 47.610879] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 47.616410] ? ima_file_free+0xc9/0x4a0 [ 47.620365] ? __might_sleep+0x95/0x190 [ 47.624322] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 47.630124] __fput+0x2df/0x8d0 [ 47.633392] ____fput+0x16/0x20 [ 47.636650] task_work_run+0x14a/0x1c0 [ 47.640521] do_exit+0x92c/0x2fd0 [ 47.643955] ? get_signal+0x2f2/0x1d60 [ 47.647823] ? mm_update_next_owner+0x660/0x660 [ 47.652479] ? kasan_check_read+0x11/0x20 [ 47.656609] ? _raw_spin_unlock_irq+0x28/0x90 [ 47.661087] ? get_signal+0x2f2/0x1d60 [ 47.664953] ? _raw_spin_unlock_irq+0x28/0x90 [ 47.669427] do_group_exit+0x135/0x370 [ 47.673294] get_signal+0x35c/0x1d60 [ 47.676991] ? __x64_sys_io_submit+0x31f/0x580 [ 47.681555] do_signal+0x87/0x1940 [ 47.685080] ? lock_downgrade+0x810/0x810 [ 47.689213] ? kasan_check_read+0x11/0x20 [ 47.693343] ? setup_sigcontext+0x7d0/0x7d0 [ 47.697648] ? exit_to_usermode_loop+0x43/0x2c0 [ 47.702297] ? do_syscall_64+0x52d/0x610 [ 47.706336] ? exit_to_usermode_loop+0x43/0x2c0 [ 47.711003] ? lockdep_hardirqs_on+0x415/0x5d0 [ 47.716095] ? trace_hardirqs_on+0x67/0x230 [ 47.720413] exit_to_usermode_loop+0x244/0x2c0 [ 47.724980] do_syscall_64+0x52d/0x610 [ 47.728848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.734017] RIP: 0033:0x4457a9 [ 47.737210] Code: Bad RIP value. [ 47.740568] RSP: 002b:00007f87a5323db8 EFLAGS: 00000246 ORIG_RA