================================ WARNING: inconsistent lock state 4.19.177-syzkaller #0 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz-executor.0/31274 [HC1[1]:SC0[0]:HE0:SE1] takes: 00000000026fe1b9 (hugetlb_lock){?.+.}, at: spin_lock include/linux/spinlock.h:329 [inline] 00000000026fe1b9 (hugetlb_lock){?.+.}, at: free_huge_page+0x482/0xd20 mm/hugetlb.c:1292 {HARDIRQ-ON-W} state was registered at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] hugetlb_overcommit_handler+0x2d4/0x460 mm/hugetlb.c:3037 proc_sys_call_handler.isra.0+0x1f3/0x3b0 fs/proc/proc_sysctl.c:597 __vfs_write+0xf7/0x770 fs/read_write.c:485 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe irq event stamp: 2116 hardirqs last enabled at (2115): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (2116): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (2012): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 softirqs last disabled at (1857): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (1857): [] irq_exit+0x215/0x260 kernel/softirq.c:412 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(hugetlb_lock); lock(hugetlb_lock); *** DEADLOCK *** 2 locks held by syz-executor.0/31274: #0: 00000000a74a4c37 (&ids->rwsem){++++}, at: ipcget_new ipc/util.c:314 [inline] #0: 00000000a74a4c37 (&ids->rwsem){++++}, at: ipcget+0xbc/0xcd0 ipc/util.c:614 #1: 00000000521a62ad (&(&virtscsi_vq->vq_lock)->rlock){-.-.}, at: virtscsi_vq_done drivers/scsi/virtio_scsi.c:219 [inline] #1: 00000000521a62ad (&(&virtscsi_vq->vq_lock)->rlock){-.-.}, at: virtscsi_req_done+0x123/0x210 drivers/scsi/virtio_scsi.c:238 stack backtrace: CPU: 0 PID: 31274 Comm: syz-executor.0 Not tainted 4.19.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_usage_bug.cold+0x42e/0x570 kernel/locking/lockdep.c:2544 valid_state kernel/locking/lockdep.c:2557 [inline] mark_lock_irq kernel/locking/lockdep.c:2751 [inline] mark_lock+0xc70/0x1160 kernel/locking/lockdep.c:3131 mark_irqflags kernel/locking/lockdep.c:3006 [inline] __lock_acquire+0x1077/0x3ff0 kernel/locking/lockdep.c:3372 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] free_huge_page+0x482/0xd20 mm/hugetlb.c:1292 __put_page+0xe2/0x3a0 mm/swap.c:112 put_page include/linux/mm.h:963 [inline] bio_release_pages+0x1cf/0x320 block/bio.c:1607 bio_check_pages_dirty+0x272/0x410 block/bio.c:1659 dio_bio_complete+0x567/0x710 fs/direct-io.c:552 dio_bio_end_aio+0x42/0x490 fs/direct-io.c:357 bio_endio+0x471/0x810 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3111 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1102 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1758 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:797 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 RIP: 0010:newary+0x2f2/0x8c0 ipc/sem.c:541 Code: 18 49 8d 7f c8 41 83 c4 01 48 c7 c2 60 cb 34 8d 48 c7 c6 20 1a ab 88 49 83 ef 80 e8 08 ab 20 fe 44 89 e6 89 df e8 9e 4b 37 fe <44> 39 e3 0f 85 67 ff ff ff e8 a0 4a 37 fe 4c 8d b5 fc 00 00 00 48 RSP: 0018:ffff888042547d50 EFLAGS: 00000297 ORIG_RAX: ffffffffffffffda RAX: 0000000000000002 RBX: 0000000000004007 RCX: ffffffff832b1472 RDX: 00000000000008fa RSI: ffff888045af00c0 RDI: 0000000000000004 RBP: ffff888035c00000 R08: 0000000000000001 R09: 0000000000004007 R10: 0000000000000004 R11: 0000000000000000 R12: 00000000000008fa R13: ffff88803f1b4e00 R14: dffffc0000000000 R15: ffff888035c47e88 ipcget_new ipc/util.c:315 [inline] ipcget+0xe6/0xcd0 ipc/util.c:614 ksys_semget ipc/sem.c:604 [inline] __do_sys_semget ipc/sem.c:609 [inline] __se_sys_semget ipc/sem.c:607 [inline] __x64_sys_semget+0x18f/0x220 ipc/sem.c:607 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x465ef9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7e307d7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000040 RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9 RDX: 0000000000000000 RSI: 0000000000004007 RDI: 0000000000000000 RBP: 00000000004bfa34 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60 R13: 00007ffffe4fdc0f R14: 00007f7e307d7300 R15: 0000000000022000