bisecting cause commit starting from 449dc8c97089a6e09fb2dac4d92b1b7ac0eb7c1e building syzkaller on f721e4a097714a9054b9fe1aadf427afbbd2c157 testing commit 449dc8c97089a6e09fb2dac4d92b1b7ac0eb7c1e with gcc (GCC) 8.1.0 kernel signature: 96e80abb3ec1abc4b57adb216aa8f5c83e45c31ed93de1b4d74a3f18af58115d all runs: crashed: possible deadlock in io_timeout_fn testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: e6fa6a0ae1a6dda9677a4220cbae494c2312f12d17140aaec2c75d7f7db219d7 all runs: crashed: possible deadlock in io_timeout_fn testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 119482050a0a7f216a4a1f3c08946c8a4a2341b4ea43526e41e6ac2915a0b84c all runs: OK # git bisect start bcf876870b95592b52519ed4aafcf9d95999bc9c 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 Bisecting: 8752 revisions left to test after this (roughly 13 steps) [694b5a5d313f3997764b67d52bab66ec7e59e714] Merge tag 'arm-soc-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 694b5a5d313f3997764b67d52bab66ec7e59e714 with gcc (GCC) 8.1.0 kernel signature: 7de5ec22dd27f971484e33fee93eeb6d6614b082446e2939440f1927bb44f3ff run #0: crashed: possible deadlock in io_timeout_fn run #1: crashed: possible deadlock in io_timeout_fn run #2: crashed: possible deadlock in io_timeout_fn run #3: crashed: possible deadlock in io_timeout_fn run #4: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #5: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #6: crashed: possible deadlock in io_timeout_fn run #7: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #8: crashed: possible deadlock in io_timeout_fn run #9: crashed: possible deadlock in io_timeout_fn # git bisect bad 694b5a5d313f3997764b67d52bab66ec7e59e714 Bisecting: 4417 revisions left to test after this (roughly 12 steps) [2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63] Merge branch 'uaccess.comedi' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 with gcc (GCC) 8.1.0 kernel signature: aa42a7b2cb3f8204709f6d39b8713e5c63abce3824586210a79bd1338c8e2236 run #0: crashed: possible deadlock in io_timeout_fn run #1: crashed: possible deadlock in io_timeout_fn run #2: crashed: possible deadlock in io_timeout_fn run #3: crashed: possible deadlock in io_timeout_fn run #4: crashed: possible deadlock in io_timeout_fn run #5: crashed: possible deadlock in io_timeout_fn run #6: crashed: possible deadlock in io_timeout_fn run #7: crashed: possible deadlock in io_timeout_fn run #8: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #9: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected # git bisect bad 2e63f6ce7ed2c4ff83ba30ad9ccad422289a6c63 Bisecting: 2658 revisions left to test after this (roughly 11 steps) [cfa3b8068b09f25037146bfd5eed041b78878bee] Merge tag 'for-linus-hmm' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit cfa3b8068b09f25037146bfd5eed041b78878bee with gcc (GCC) 8.1.0 kernel signature: f163362b03640807287d7b40c3c97b913096412d958a09df43e35524106d3d57 all runs: OK # git bisect good cfa3b8068b09f25037146bfd5eed041b78878bee Bisecting: 1328 revisions left to test after this (roughly 10 steps) [c41219fda6e04255c44d37fd2c0d898c1c46abf1] Merge tag 'drm-intel-next-fixes-2020-05-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-next testing commit c41219fda6e04255c44d37fd2c0d898c1c46abf1 with gcc (GCC) 8.1.0 kernel signature: 24d621bbc36ad3899d7b67cde35d617c08d0d017b935a865cf257a4017500353 all runs: OK # git bisect good c41219fda6e04255c44d37fd2c0d898c1c46abf1 Bisecting: 602 revisions left to test after this (roughly 9 steps) [f3cdc8ae116e27d84e1f33c7a2995960cebb73ac] Merge tag 'for-5.8-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux testing commit f3cdc8ae116e27d84e1f33c7a2995960cebb73ac with gcc (GCC) 8.1.0 kernel signature: cab99e5d54d0094cfc2d8c09f645ae9fbf57e19846bcf686f8fea41d6998780d run #0: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #1: crashed: possible deadlock in io_timeout_fn run #2: crashed: possible deadlock in io_timeout_fn run #3: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #4: crashed: possible deadlock in io_timeout_fn run #5: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #6: crashed: possible deadlock in io_timeout_fn run #7: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #8: crashed: possible deadlock in io_timeout_fn run #9: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected # git bisect bad f3cdc8ae116e27d84e1f33c7a2995960cebb73ac Bisecting: 327 revisions left to test after this (roughly 9 steps) [bce159d734091fe31340976081577333f52a85e4] Merge tag 'for-5.8/drivers-2020-06-01' of git://git.kernel.dk/linux-block testing commit bce159d734091fe31340976081577333f52a85e4 with gcc (GCC) 8.1.0 kernel signature: 662a922b98779f12e6ca3df6d313fe9ef2b5591cfa70664760415a7533a8ac70 all runs: OK # git bisect good bce159d734091fe31340976081577333f52a85e4 Bisecting: 140 revisions left to test after this (roughly 7 steps) [16d91548d1057691979de4686693f0ff92f46000] Merge tag 'xfs-5.8-merge-8' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux testing commit 16d91548d1057691979de4686693f0ff92f46000 with gcc (GCC) 8.1.0 kernel signature: 328d4ed56c1fec056d9d8ae8e802477b9e0d50eb1cd91215870f8857f99d88b9 run #0: crashed: possible deadlock in io_timeout_fn run #1: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #2: crashed: possible deadlock in io_timeout_fn run #3: crashed: possible deadlock in io_timeout_fn run #4: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #5: crashed: possible deadlock in io_timeout_fn run #6: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #7: crashed: possible deadlock in io_timeout_fn run #8: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #9: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected # git bisect bad 16d91548d1057691979de4686693f0ff92f46000 Bisecting: 93 revisions left to test after this (roughly 7 steps) [0f45a1b20cd8f9cfc985a1f91a1e7a86e5e14dd6] xfs: improve local fork verification testing commit 0f45a1b20cd8f9cfc985a1f91a1e7a86e5e14dd6 with gcc (GCC) 8.1.0 kernel signature: b90a28bb1f7615967ea079f731a52d68c5d4f32470f8dbde6e63add44cf43578 all runs: OK # git bisect good 0f45a1b20cd8f9cfc985a1f91a1e7a86e5e14dd6 Bisecting: 52 revisions left to test after this (roughly 6 steps) [9d99b1647fa56805c1cfef2d81ee7b9855359b62] Merge tag 'audit-pr-20200601' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit testing commit 9d99b1647fa56805c1cfef2d81ee7b9855359b62 with gcc (GCC) 8.1.0 kernel signature: 44801a6b17325483f17add73b1513a7fe103602332c0b64521d0e841b00120e9 run #0: crashed: possible deadlock in io_timeout_fn run #1: crashed: possible deadlock in io_timeout_fn run #2: crashed: possible deadlock in io_timeout_fn run #3: crashed: possible deadlock in io_timeout_fn run #4: crashed: possible deadlock in io_timeout_fn run #5: crashed: possible deadlock in io_timeout_fn run #6: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #7: crashed: possible deadlock in io_timeout_fn run #8: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #9: crashed: possible deadlock in io_timeout_fn # git bisect bad 9d99b1647fa56805c1cfef2d81ee7b9855359b62 Bisecting: 20 revisions left to test after this (roughly 4 steps) [56080b02ed6e71fbc0add2d05a32ed7361dd736a] io_uring: don't re-read sqe->off in timeout_prep() testing commit 56080b02ed6e71fbc0add2d05a32ed7361dd736a with gcc (GCC) 8.1.0 kernel signature: 1cf523dbf1b7d723f9a6f2d0ed43632eb20a06b46992b0337a2e6ed93460aefb all runs: OK # git bisect good 56080b02ed6e71fbc0add2d05a32ed7361dd736a Bisecting: 10 revisions left to test after this (roughly 3 steps) [1ee08de1e234d95b5b4f866878b72fceb5372904] Merge tag 'for-5.8/io_uring-2020-06-01' of git://git.kernel.dk/linux-block testing commit 1ee08de1e234d95b5b4f866878b72fceb5372904 with gcc (GCC) 8.1.0 kernel signature: e5871517d3089c25abcd3fa23541a42f90d1f9e5a1f40aca9e06cb7ecc603e55 all runs: crashed: possible deadlock in io_timeout_fn # git bisect bad 1ee08de1e234d95b5b4f866878b72fceb5372904 Bisecting: 4 revisions left to test after this (roughly 2 steps) [e62753e4e2926f249d088cc0517be5ed4efec6d6] io_uring: call statx directly testing commit e62753e4e2926f249d088cc0517be5ed4efec6d6 with gcc (GCC) 8.1.0 kernel signature: 6a7851e1b984e46e660398f84af0940cc48de6bad68d57a126e9c58a6358e6ee run #0: crashed: possible deadlock in io_timeout_fn run #1: crashed: possible deadlock in io_timeout_fn run #2: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #3: crashed: possible deadlock in io_timeout_fn run #4: crashed: possible deadlock in io_timeout_fn run #5: crashed: possible deadlock in io_timeout_fn run #6: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #7: crashed: WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected run #8: crashed: possible deadlock in io_timeout_fn run #9: crashed: possible deadlock in io_timeout_fn # git bisect bad e62753e4e2926f249d088cc0517be5ed4efec6d6 Bisecting: 2 revisions left to test after this (roughly 1 step) [0bf0eefdab52d9f9f3a1eeda32a4fc7afe4e9219] io_uring: get rid of manual punting in io_close testing commit 0bf0eefdab52d9f9f3a1eeda32a4fc7afe4e9219 with gcc (GCC) 8.1.0 kernel signature: a6b07ae41fe65bb91ac91258dedde1b7e844db95dd9288787b94c63c304562b9 all runs: OK # git bisect good 0bf0eefdab52d9f9f3a1eeda32a4fc7afe4e9219 Bisecting: 0 revisions left to test after this (roughly 1 step) [0018784fc84f636d473a0d2a65a34f9d01893c0a] statx: allow system call to be invoked from io_uring testing commit 0018784fc84f636d473a0d2a65a34f9d01893c0a with gcc (GCC) 8.1.0 kernel signature: ac571b5b0462d3c6375d7748bf1b4f71595079a88284b04b43622ab53e14344d all runs: OK # git bisect good 0018784fc84f636d473a0d2a65a34f9d01893c0a e62753e4e2926f249d088cc0517be5ed4efec6d6 is the first bad commit commit e62753e4e2926f249d088cc0517be5ed4efec6d6 Author: Bijan Mottahedeh Date: Fri May 22 21:31:18 2020 -0700 io_uring: call statx directly Calling statx directly both simplifies the interface and avoids potential incompatibilities between sync and async invokations. Signed-off-by: Bijan Mottahedeh Signed-off-by: Jens Axboe fs/io_uring.c | 50 ++++---------------------------------------------- 1 file changed, 4 insertions(+), 46 deletions(-) culprit signature: 6a7851e1b984e46e660398f84af0940cc48de6bad68d57a126e9c58a6358e6ee parent signature: ac571b5b0462d3c6375d7748bf1b4f71595079a88284b04b43622ab53e14344d revisions tested: 17, total time: 3h26m5.569504723s (build: 1h35m12.074127168s, test: 1h49m13.835867492s) first bad commit: e62753e4e2926f249d088cc0517be5ed4efec6d6 io_uring: call statx directly recipients (to): ["axboe@kernel.dk" "axboe@kernel.dk" "bijan.mottahedeh@oracle.com" "io-uring@vger.kernel.org"] recipients (cc): ["linux-fsdevel@vger.kernel.org" "linux-kernel@vger.kernel.org" "viro@zeniv.linux.org.uk"] crash: possible deadlock in io_timeout_fn ======================================================== WARNING: possible irq lock inversion dependency detected 5.7.0-rc4-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor.1/8486 just changed the state of lock: ffff8880934d84d8 (&ctx->completion_lock){-...}-{2:2}, at: io_timeout_fn+0x7e/0x3e0 fs/io_uring.c:4664 but this lock took another, HARDIRQ-unsafe lock in the past: (&fs->lock){+.+.}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&fs->lock); local_irq_disable(); lock(&ctx->completion_lock); lock(&fs->lock); lock(&ctx->completion_lock); *** DEADLOCK *** 1 lock held by syz-executor.1/8486: #0: ffff8880934d8428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter fs/io_uring.c:7630 [inline] #0: ffff8880934d8428 (&ctx->uring_lock){+.+.}-{3:3}, at: __se_sys_io_uring_enter fs/io_uring.c:7589 [inline] #0: ffff8880934d8428 (&ctx->uring_lock){+.+.}-{3:3}, at: __x64_sys_io_uring_enter+0x5bb/0x900 fs/io_uring.c:7589 the shortest dependencies between 2nd lock and 1st lock: -> (&fs->lock){+.+.}-{2:2} { HARDIRQ-ON-W at: lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:353 [inline] set_fs_pwd+0x85/0x1e0 fs/fs_struct.c:39 ksys_chdir+0xe7/0x160 fs/open.c:467 devtmpfs_setup drivers/base/devtmpfs.c:391 [inline] devtmpfsd+0x82/0xf0 drivers/base/devtmpfs.c:401 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 SOFTIRQ-ON-W at: lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:353 [inline] set_fs_pwd+0x85/0x1e0 fs/fs_struct.c:39 ksys_chdir+0xe7/0x160 fs/open.c:467 devtmpfs_setup drivers/base/devtmpfs.c:391 [inline] devtmpfsd+0x82/0xf0 drivers/base/devtmpfs.c:401 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INITIAL USE at: lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:353 [inline] set_fs_pwd+0x85/0x1e0 fs/fs_struct.c:39 ksys_chdir+0xe7/0x160 fs/open.c:467 devtmpfs_setup drivers/base/devtmpfs.c:391 [inline] devtmpfsd+0x82/0xf0 drivers/base/devtmpfs.c:401 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.29200+0x0/0x40 ... acquired at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:353 [inline] io_req_work_drop_env fs/io_uring.c:1057 [inline] __io_req_aux_free+0x315/0xa70 fs/io_uring.c:1380 __io_free_req+0x19/0x4e0 fs/io_uring.c:1385 __io_double_put_req fs/io_uring.c:1654 [inline] io_fail_links fs/io_uring.c:1531 [inline] io_req_find_next+0x44a/0x610 fs/io_uring.c:1553 io_steal_work+0xe7/0x350 fs/io_uring.c:1640 io_worker_handle_work+0x5c8/0x1360 fs/io-wq.c:531 io_wqe_worker+0xa38/0xf40 fs/io-wq.c:576 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 -> (&ctx->completion_lock){-...}-{2:2} { IN-HARDIRQ-W at: lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 io_timeout_fn+0x7e/0x3e0 fs/io_uring.c:4664 __run_hrtimer kernel/time/hrtimer.c:1520 [inline] __hrtimer_run_queues+0x1f0/0xb60 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x2e5/0x770 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 [inline] smp_apic_timer_interrupt+0x15e/0x5f0 arch/x86/kernel/apic/apic.c:1138 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 arch_local_irq_enable arch/x86/include/asm/paravirt.h:769 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0x4e/0x80 kernel/locking/spinlock.c:199 spin_unlock_irq include/linux/spinlock.h:403 [inline] io_timeout fs/io_uring.c:4863 [inline] io_issue_sqe+0x1a91/0x44f0 fs/io_uring.c:5262 __io_queue_sqe.part.94+0x216/0xcf0 fs/io_uring.c:5638 io_submit_sqe fs/io_uring.c:5793 [inline] io_submit_sqes+0x14bf/0x2210 fs/io_uring.c:5994 __do_sys_io_uring_enter fs/io_uring.c:7631 [inline] __se_sys_io_uring_enter fs/io_uring.c:7589 [inline] __x64_sys_io_uring_enter+0x5cf/0x900 fs/io_uring.c:7589 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 INITIAL USE at: lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 __io_cqring_add_event+0x41/0x80 fs/io_uring.c:1291 io_cqring_add_event fs/io_uring.c:1301 [inline] io_epoll_ctl fs/io_uring.c:3299 [inline] io_issue_sqe+0xd88/0x44f0 fs/io_uring.c:5366 io_wq_submit_work+0x8d/0x130 fs/io_uring.c:5441 io_worker_handle_work+0x5c8/0x1360 fs/io-wq.c:531 io_wqe_worker+0xa38/0xf40 fs/io-wq.c:576 kthread+0x340/0x410 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.82900+0x0/0x40 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3585 [inline] mark_lock+0x2ab/0x620 kernel/locking/lockdep.c:3935 mark_usage kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x142c/0x3690 kernel/locking/lockdep.c:4309 lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 io_timeout_fn+0x7e/0x3e0 fs/io_uring.c:4664 __run_hrtimer kernel/time/hrtimer.c:1520 [inline] __hrtimer_run_queues+0x1f0/0xb60 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x2e5/0x770 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 [inline] smp_apic_timer_interrupt+0x15e/0x5f0 arch/x86/kernel/apic/apic.c:1138 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 arch_local_irq_enable arch/x86/include/asm/paravirt.h:769 [inline] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0x4e/0x80 kernel/locking/spinlock.c:199 spin_unlock_irq include/linux/spinlock.h:403 [inline] io_timeout fs/io_uring.c:4863 [inline] io_issue_sqe+0x1a91/0x44f0 fs/io_uring.c:5262 __io_queue_sqe.part.94+0x216/0xcf0 fs/io_uring.c:5638 io_submit_sqe fs/io_uring.c:5793 [inline] io_submit_sqes+0x14bf/0x2210 fs/io_uring.c:5994 __do_sys_io_uring_enter fs/io_uring.c:7631 [inline] __se_sys_io_uring_enter fs/io_uring.c:7589 [inline] __x64_sys_io_uring_enter+0x5cf/0x900 fs/io_uring.c:7589 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 stack backtrace: CPU: 1 PID: 8486 Comm: syz-executor.1 Not tainted 5.7.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3448 [inline] check_usage_forwards.cold.63+0x20/0x29 kernel/locking/lockdep.c:3472 mark_lock_irq kernel/locking/lockdep.c:3585 [inline] mark_lock+0x2ab/0x620 kernel/locking/lockdep.c:3935 mark_usage kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x142c/0x3690 kernel/locking/lockdep.c:4309 lock_acquire+0x1e3/0x970 kernel/locking/lockdep.c:4934 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 io_timeout_fn+0x7e/0x3e0 fs/io_uring.c:4664 __run_hrtimer kernel/time/hrtimer.c:1520 [inline] __hrtimer_run_queues+0x1f0/0xb60 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x2e5/0x770 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113 [inline] smp_apic_timer_interrupt+0x15e/0x5f0 arch/x86/kernel/apic/apic.c:1138 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x4e/0x80 kernel/locking/spinlock.c:199 Code: d4 88 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 31 48 83 3d 0b 0d a7 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 c8 99 19 fa 65 8b 05 09 c4 d4 78 85 c0 74 02 5b RSP: 0018:ffffc9000962f8c0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffff8880934d84c0 RCX: 0000000000000006 RDX: 1ffffffff11a8cf6 RSI: 0000000000000008 RDI: ffffffff88d467b0 RBP: ffffc9000962fa60 R08: fffffbfff16ae366 R09: fffffbfff16ae366 R10: ffffffff8b571b2f R11: fffffbfff16ae365 R12: ffff888091952440 R13: 0000000000000000 R14: ffff8880934d8000 R15: ffff888091952498 spin_unlock_irq include/linux/spinlock.h:403 [inline] io_timeout fs/io_uring.c:4863 [inline] io_issue_sqe+0x1a91/0x44f0 fs/io_uring.c:5262 __io_queue_sqe.part.94+0x216/0xcf0 fs/io_uring.c:5638 io_submit_sqe fs/io_uring.c:5793 [inline] io_submit_sqes+0x14bf/0x2210 fs/io_uring.c:5994 __do_sys_io_uring_enter fs/io_uring.c:7631 [inline] __se_sys_io_uring_enter fs/io_uring.c:7589 [inline] __x64_sys_io_uring_enter+0x5cf/0x900 fs/io_uring.c:7589 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x45ce69 Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f64aebc3c78 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000008280 RCX: 000000000045ce69 RDX: 0000000000000000 RSI: 000000000000450c RDI: 0000000000000005 RBP: 000000000118bf78 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c R13: 00007ffcf8c1978f R14: 00007f64aebc49c0 R15: 000000000118bf2c