============================================ WARNING: possible recursive locking detected 5.18.0-rc3-syzkaller #0 Not tainted -------------------------------------------- syz-executor.2/4044 is trying to acquire lock: ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:374 [inline] ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: io_disarm_next+0x3c6/0x870 fs/io_uring.c:2417 but task is already holding lock: ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:374 [inline] ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: io_kill_timeouts+0x37/0x1d2 fs/io_uring.c:10054 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&ctx->timeout_lock); lock(&ctx->timeout_lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syz-executor.2/4044: #0: ffff888015c1d398 (&ctx->completion_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #0: ffff888015c1d398 (&ctx->completion_lock){+.+.}-{2:2}, at: io_kill_timeouts+0x2f/0x1d2 fs/io_uring.c:10053 #1: ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:374 [inline] #1: ffff888015c1d3d8 (&ctx->timeout_lock){....}-{2:2}, at: io_kill_timeouts+0x37/0x1d2 fs/io_uring.c:10054 stack backtrace: CPU: 0 PID: 4044 Comm: syz-executor.2 Not tainted 5.18.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2958 [inline] check_deadlock kernel/locking/lockdep.c:3001 [inline] validate_chain kernel/locking/lockdep.c:3790 [inline] __lock_acquire.cold+0x149/0x399 kernel/locking/lockdep.c:5029 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] _raw_spin_lock_irq+0x32/0x50 kernel/locking/spinlock.c:170 spin_lock_irq include/linux/spinlock.h:374 [inline] io_disarm_next+0x3c6/0x870 fs/io_uring.c:2417 __io_req_complete_post+0x6d6/0xd00 fs/io_uring.c:2154 io_kill_timeouts+0xc1/0x1d2 fs/io_uring.c:10057 io_ring_ctx_wait_and_kill+0x180/0x2f0 fs/io_uring.c:10084 io_uring_release+0x3d/0x41 fs/io_uring.c:10105 __fput+0x1f5/0x8c0 fs/file_table.c:317 task_work_run+0xc0/0x160 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:37 [inline] do_exit+0x986/0x2470 kernel/exit.c:795 do_group_exit+0xb2/0x2a0 kernel/exit.c:925 get_signal+0x1c12/0x1e50 kernel/signal.c:2864 arch_do_signal_or_restart+0x82/0x20f0 arch/x86/kernel/signal.c:867 exit_to_user_mode_loop kernel/entry/common.c:166 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe5f22890e9 Code: Unable to access opcode bytes at RIP 0x7fe5f22890bf. RSP: 002b:00007fe5f3376218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 00007fe5f239bf68 RCX: 00007fe5f22890e9 RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe5f239bf6c RBP: 00007fe5f239bf60 R08: 00007ffca395d080 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000246 R12: 00007fe5f239bf6c R13: 00007ffca389921f R14: 00007fe5f3376300 R15: 0000000000022000