================================ WARNING: inconsistent lock state 5.10.0-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. systemd-udevd/4896 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff88801242dca8 (&file_data->lock){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] ffff88801242dca8 (&file_data->lock){+.?.}-{2:2}, at: io_file_data_ref_zero+0x78/0x4d0 fs/io_uring.c:7361 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5437 [inline] lock_acquire+0x29d/0x750 kernel/locking/lockdep.c:5402 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] io_sqe_files_register fs/io_uring.c:7496 [inline] __io_uring_register fs/io_uring.c:9665 [inline] __do_sys_io_uring_register+0x355e/0x41f0 fs/io_uring.c:9755 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 irq event stamp: 10418830 hardirqs last enabled at (10418830): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (10418830): [] _raw_spin_unlock_irqrestore+0x42/0x50 kernel/locking/spinlock.c:191 hardirqs last disabled at (10418829): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (10418829): [] _raw_spin_lock_irqsave+0x4e/0x50 kernel/locking/spinlock.c:159 softirqs last enabled at (10416164): [] asm_call_irq_on_stack+0xf/0x20 softirqs last disabled at (10418719): [] asm_call_irq_on_stack+0xf/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&file_data->lock); lock(&file_data->lock); *** DEADLOCK *** 3 locks held by systemd-udevd/4896: #0: ffff88801d95e918 (&mm->mmap_lock#2){++++}-{3:3}, at: __might_fault+0xa3/0x180 mm/memory.c:5016 #1: ffffffff8b78df00 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2479 [inline] #1: ffffffff8b78df00 (rcu_callback){....}-{0:0}, at: rcu_core+0x6f4/0xf80 kernel/rcu/tree.c:2723 #2: ffffffff8b78e020 (rcu_read_lock){....}-{1:2}, at: percpu_ref_put_many.constprop.0+0x0/0x290 include/linux/cgroup.h:576 stack backtrace: CPU: 0 PID: 4896 Comm: systemd-udevd Not tainted 5.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 print_usage_bug kernel/locking/lockdep.c:4413 [inline] valid_state kernel/locking/lockdep.c:3751 [inline] mark_lock_irq kernel/locking/lockdep.c:3954 [inline] mark_lock.cold+0x56/0x73 kernel/locking/lockdep.c:4411 mark_usage kernel/locking/lockdep.c:4306 [inline] __lock_acquire+0x11b4/0x54b0 kernel/locking/lockdep.c:4786 lock_acquire kernel/locking/lockdep.c:5437 [inline] lock_acquire+0x29d/0x750 kernel/locking/lockdep.c:5402 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] io_file_data_ref_zero+0x78/0x4d0 fs/io_uring.c:7361 percpu_ref_put_many.constprop.0+0x258/0x290 include/linux/percpu-refcount.h:322 rcu_do_batch kernel/rcu/tree.c:2489 [inline] rcu_core+0x75d/0xf80 kernel/rcu/tree.c:2723 __do_softirq+0x2bc/0xa77 kernel/softirq.c:343 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0xaa/0xd0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:226 [inline] __irq_exit_rcu+0x17f/0x200 kernel/softirq.c:420 irq_exit_rcu+0x5/0x20 kernel/softirq.c:432 sysvec_apic_timer_interrupt+0x4d/0x100 arch/x86/kernel/apic/apic.c:1096 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:628 RIP: 0010:check_preemption_disabled+0x2c/0x150 lib/smp_processor_id.c:16 Code: 41 55 49 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 f5 c4 eb 76 65 8b 1d 4e 1f ec 76 81 e3 ff ff ff 7f 31 ff 89 de <0f> 1f 44 00 00 85 db 74 11 0f 1f 44 00 00 44 89 e0 5b 5d 41 5c 41 RSP: 0018:ffffc90001647b48 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 0000000000000002 RCX: ffffffff8157bd41 RDX: 0000000000000001 RSI: 0000000000000002 RDI: 0000000000000000 RBP: ffffffff89beea00 R08: 0000000000000000 R09: ffffffff8d7d4b4f R10: fffffbfff1afa969 R11: 0000000000000001 R12: 0000000000000000 R13: ffffffff89bee9c0 R14: 0000000000000000 R15: 0000000000000000 rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1161 [inline] rcu_lockdep_current_cpu_online+0x2d/0x150 kernel/rcu/tree.c:1152 rcu_read_lock_held_common kernel/rcu/update.c:110 [inline] rcu_read_lock_held_common kernel/rcu/update.c:100 [inline] rcu_read_lock_sched_held+0x25/0x70 kernel/rcu/update.c:121 trace_lock_release include/trace/events/lock.h:58 [inline] lock_release+0x5c3/0x710 kernel/locking/lockdep.c:5448 __might_fault mm/memory.c:5017 [inline] __might_fault+0x144/0x180 mm/memory.c:5002 _copy_to_user+0x27/0x150 lib/usercopy.c:28 copy_to_user include/linux/uaccess.h:200 [inline] cp_new_stat+0x4f9/0x630 fs/stat.c:342 __do_sys_newlstat+0x100/0x110 fs/stat.c:366 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f5751fd4335 Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89 RSP: 002b:00007ffde03f42a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 RAX: ffffffffffffffda RBX: 000055ea7e0e5a30 RCX: 00007f5751fd4335 RDX: 00007ffde03f42e0 RSI: 00007ffde03f42e0 RDI: 000055ea7e0e4a30 RBP: 00007ffde03f43a0 R08: 00007f57522931f8 R09: 0000000000001010 R10: 000055ea7e0ed750 R11: 0000000000000246 R12: 000055ea7e0e4a30 R13: 000055ea7e0e4a4a R14: 000055ea7e0f7b75 R15: 000055ea7e0f7b7a