[ OK ] Started Getty on tty2. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ 34.834478][ T6739] bash (6739) used greatest stack depth: 24240 bytes left [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.325361][ C1] [ 42.327732][ C1] ======================================================== [ 42.334889][ C1] WARNING: possible irq lock inversion dependency detected [ 42.342049][ C1] 5.8.0-syzkaller #0 Not tainted [ 42.346947][ C1] -------------------------------------------------------- [ 42.354115][ C1] syz-executor659/6838 just changed the state of lock: [ 42.361012][ C1] ffff8880a8bc44d8 (&ctx->completion_lock){-...}-{2:2}, at: io_timeout_fn+0x6b/0x360 [ 42.370441][ C1] but this lock took another, HARDIRQ-unsafe lock in the past: [ 42.377943][ C1] (&fs->lock){+.+.}-{2:2} [ 42.377947][ C1] [ 42.377947][ C1] [ 42.377947][ C1] and interrupts could create inverse lock ordering between them. [ 42.377947][ C1] [ 42.396613][ C1] [ 42.396613][ C1] other info that might help us debug this: [ 42.404638][ C1] Possible interrupt unsafe locking scenario: [ 42.404638][ C1] [ 42.412936][ C1] CPU0 CPU1 [ 42.418279][ C1] ---- ---- [ 42.423611][ C1] lock(&fs->lock); [ 42.427468][ C1] local_irq_disable(); [ 42.434187][ C1] lock(&ctx->completion_lock); [ 42.441614][ C1] lock(&fs->lock); [ 42.448030][ C1] [ 42.451457][ C1] lock(&ctx->completion_lock); [ 42.456530][ C1] [ 42.456530][ C1] *** DEADLOCK *** [ 42.456530][ C1] [ 42.464642][ C1] 1 lock held by syz-executor659/6838: [ 42.470067][ C1] #0: ffff8880a8bc4428 (&ctx->uring_lock){+.+.}-{3:3}, at: __se_sys_io_uring_enter+0x19d/0x1300 [ 42.480535][ C1] [ 42.480535][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 42.490224][ C1] -> (&fs->lock){+.+.}-{2:2} { [ 42.495040][ C1] HARDIRQ-ON-W at: [ 42.499102][ C1] lock_acquire+0x160/0x730 [ 42.505393][ C1] _raw_spin_lock+0x2a/0x40 [ 42.511707][ C1] set_fs_pwd+0x3b/0x220 [ 42.517736][ C1] init_chdir+0xe2/0x10b [ 42.523769][ C1] devtmpfs_setup+0xa5/0xd4 [ 42.530060][ C1] devtmpfsd+0x11/0x40 [ 42.535918][ C1] kthread+0x37e/0x3a0 [ 42.541815][ C1] ret_from_fork+0x1f/0x30 [ 42.548018][ C1] SOFTIRQ-ON-W at: [ 42.552140][ C1] lock_acquire+0x160/0x730 [ 42.558441][ C1] _raw_spin_lock+0x2a/0x40 [ 42.564757][ C1] set_fs_pwd+0x3b/0x220 [ 42.574433][ C1] init_chdir+0xe2/0x10b [ 42.580481][ C1] devtmpfs_setup+0xa5/0xd4 [ 42.586771][ C1] devtmpfsd+0x11/0x40 [ 42.592629][ C1] kthread+0x37e/0x3a0 [ 42.598486][ C1] ret_from_fork+0x1f/0x30 [ 42.604685][ C1] INITIAL USE at: [ 42.608633][ C1] lock_acquire+0x160/0x730 [ 42.615718][ C1] _raw_spin_lock+0x2a/0x40 [ 42.621935][ C1] set_fs_pwd+0x3b/0x220 [ 42.627875][ C1] init_chdir+0xe2/0x10b [ 42.633817][ C1] devtmpfs_setup+0xa5/0xd4 [ 42.640028][ C1] devtmpfsd+0x11/0x40 [ 42.645810][ C1] kthread+0x37e/0x3a0 [ 42.651581][ C1] ret_from_fork+0x1f/0x30 [ 42.657693][ C1] } [ 42.660255][ C1] ... key at: [] copy_fs_struct.__key+0x0/0x10 [ 42.668540][ C1] ... acquired at: [ 42.672400][ C1] lock_acquire+0x160/0x730 [ 42.677038][ C1] _raw_spin_lock+0x2a/0x40 [ 42.681680][ C1] io_dismantle_req+0x285/0x5d0 [ 42.686667][ C1] __io_free_req+0x24/0x190 [ 42.691306][ C1] __io_fail_links+0x1d7/0x6c0 [ 42.696206][ C1] io_req_find_next+0x101a/0x1260 [ 42.701365][ C1] io_wq_submit_work+0x446/0x590 [ 42.706438][ C1] io_worker_handle_work+0xf8f/0x1570 [ 42.711947][ C1] io_wqe_worker+0x2ff/0x810 [ 42.716675][ C1] kthread+0x37e/0x3a0 [ 42.720885][ C1] ret_from_fork+0x1f/0x30 [ 42.725441][ C1] [ 42.727734][ C1] -> (&ctx->completion_lock){-...}-{2:2} { [ 42.733508][ C1] IN-HARDIRQ-W at: [ 42.737457][ C1] lock_acquire+0x160/0x730 [ 42.743574][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 42.750384][ C1] io_timeout_fn+0x6b/0x360 [ 42.756500][ C1] __hrtimer_run_queues+0x47f/0x930 [ 42.763311][ C1] hrtimer_interrupt+0x373/0xd60 [ 42.769863][ C1] __sysvec_apic_timer_interrupt+0xf0/0x260 [ 42.777382][ C1] asm_call_on_stack+0xf/0x20 [ 42.783673][ C1] sysvec_apic_timer_interrupt+0x94/0xf0 [ 42.790920][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 42.798511][ C1] _raw_spin_unlock_irq+0x57/0x80 [ 42.805149][ C1] io_issue_sqe+0x5b64/0xb8c0 [ 42.811439][ C1] __io_queue_sqe+0x287/0xff0 [ 42.817744][ C1] io_submit_sqes+0x14cf/0x25d0 [ 42.824208][ C1] __se_sys_io_uring_enter+0x1af/0x1300 [ 42.831366][ C1] do_syscall_64+0x31/0x70 [ 42.837416][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.844918][ C1] INITIAL USE at: [ 42.848780][ C1] lock_acquire+0x160/0x730 [ 42.854810][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 42.861535][ C1] __io_req_complete+0x15e/0x2c0 [ 42.867999][ C1] io_issue_sqe+0x8678/0xb8c0 [ 42.874223][ C1] io_wq_submit_work+0x35e/0x590 [ 42.880688][ C1] io_worker_handle_work+0xf8f/0x1570 [ 42.887584][ C1] io_wqe_worker+0x2ff/0x810 [ 42.893704][ C1] kthread+0x37e/0x3a0 [ 42.899303][ C1] ret_from_fork+0x1f/0x30 [ 42.905243][ C1] } [ 42.907714][ C1] ... key at: [] io_ring_ctx_alloc.__key.111+0x0/0x10 [ 42.916517][ C1] ... acquired at: [ 42.920291][ C1] mark_lock+0x529/0x1b00 [ 42.924759][ C1] __lock_acquire+0xa5c/0x2ab0 [ 42.929658][ C1] lock_acquire+0x160/0x730 [ 42.934298][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 42.939633][ C1] io_timeout_fn+0x6b/0x360 [ 42.944273][ C1] __hrtimer_run_queues+0x47f/0x930 [ 42.949614][ C1] hrtimer_interrupt+0x373/0xd60 [ 42.954693][ C1] __sysvec_apic_timer_interrupt+0xf0/0x260 [ 42.960722][ C1] asm_call_on_stack+0xf/0x20 [ 42.965538][ C1] sysvec_apic_timer_interrupt+0x94/0xf0 [ 42.971307][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 42.977436][ C1] _raw_spin_unlock_irq+0x57/0x80 [ 42.982602][ C1] io_issue_sqe+0x5b64/0xb8c0 [ 42.987417][ C1] __io_queue_sqe+0x287/0xff0 [ 42.992231][ C1] io_submit_sqes+0x14cf/0x25d0 [ 42.997218][ C1] __se_sys_io_uring_enter+0x1af/0x1300 [ 43.002909][ C1] do_syscall_64+0x31/0x70 [ 43.007496][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.013528][ C1] [ 43.015827][ C1] [ 43.015827][ C1] stack backtrace: [ 43.021686][ C1] CPU: 1 PID: 6838 Comm: syz-executor659 Not tainted 5.8.0-syzkaller #0 [ 43.029973][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.039996][ C1] Call Trace: [ 43.043249][ C1] [ 43.046072][ C1] dump_stack+0x1f0/0x31e [ 43.050370][ C1] print_irq_inversion_bug+0xb67/0xe90 [ 43.055800][ C1] check_usage_forwards+0x13f/0x240 [ 43.060965][ C1] ? save_trace+0x49/0xba0 [ 43.065347][ C1] mark_lock+0x529/0x1b00 [ 43.069643][ C1] ? check_usage_backwards+0x240/0x240 [ 43.075073][ C1] ? lock_is_held_type+0xb3/0xe0 [ 43.079976][ C1] ? mark_lock+0x102/0x1b00 [ 43.084445][ C1] __lock_acquire+0xa5c/0x2ab0 [ 43.089187][ C1] ? __lock_acquire+0x1161/0x2ab0 [ 43.094183][ C1] lock_acquire+0x160/0x730 [ 43.098653][ C1] ? io_timeout_fn+0x6b/0x360 [ 43.103295][ C1] ? trace_lock_release+0x137/0x1a0 [ 43.108459][ C1] _raw_spin_lock_irqsave+0x9e/0xc0 [ 43.113622][ C1] ? io_timeout_fn+0x6b/0x360 [ 43.118266][ C1] io_timeout_fn+0x6b/0x360 [ 43.122735][ C1] ? rcu_read_lock_sched_held+0x2f/0xa0 [ 43.128246][ C1] ? io_recvmsg_copy_hdr+0x6f0/0x6f0 [ 43.133497][ C1] __hrtimer_run_queues+0x47f/0x930 [ 43.138662][ C1] hrtimer_interrupt+0x373/0xd60 [ 43.143564][ C1] ? sched_clock_cpu+0x18/0x3b0 [ 43.148385][ C1] __sysvec_apic_timer_interrupt+0xf0/0x260 [ 43.154241][ C1] asm_call_on_stack+0xf/0x20 [ 43.158892][ C1] [ 43.161808][ C1] sysvec_apic_timer_interrupt+0x94/0xf0 [ 43.167412][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 43.173369][ C1] RIP: 0010:_raw_spin_unlock_irq+0x57/0x80 [ 43.179139][ C1] Code: 00 00 00 00 fc ff df 80 3c 08 00 74 0c 48 c7 c7 c8 14 4d 89 e8 6a 28 8b f9 48 83 3d 0a a9 23 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 6f 62 27 f9 65 8b 05 34 92 d8 77 85 c0 74 02 5b [ 43.198714][ C1] RSP: 0018:ffffc9000102f8f0 EFLAGS: 00000286 [ 43.204756][ C1] RAX: 1ffffffff129a299 RBX: ffff8880a8bc44c0 RCX: dffffc0000000000 [ 43.212697][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff88296b8f [ 43.220685][ C1] RBP: ffffc9000102fb80 R08: dffffc0000000000 R09: fffffbfff167c6b8 [ 43.228625][ C1] R10: fffffbfff167c6b8 R11: 0000000000000000 R12: 0000000000000000 [ 43.236566][ C1] R13: dffffc0000000000 R14: ffff8880a2dfdc08 R15: ffff8880a2dfdc58 [ 43.244520][ C1] ? _raw_spin_unlock_irq+0x1f/0x80 [ 43.249692][ C1] io_issue_sqe+0x5b64/0xb8c0 [ 43.254339][ C1] ? __kasan_kmalloc+0x100/0x130 [ 43.259282][ C1] ? slab_post_alloc_hook+0x3e/0x290 [ 43.264531][ C1] ? kmem_cache_alloc_bulk+0x249/0x2c0 [ 43.269956][ C1] ? io_submit_sqes+0x54b/0x25d0 [ 43.274886][ C1] ? __se_sys_io_uring_enter+0x1af/0x1300 [ 43.280569][ C1] ? do_syscall_64+0x31/0x70 [ 43.285197][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.291238][ C1] ? __lock_acquire+0x1161/0x2ab0 [ 43.296235][ C1] ? mark_lock+0x102/0x1b00 [ 43.300710][ C1] ? trace_lock_release+0x137/0x1a0 [ 43.305876][ C1] ? lock_is_held_type+0xb3/0xe0 [ 43.310780][ C1] ? lock_is_held_type+0xb3/0xe0 [ 43.315684][ C1] __io_queue_sqe+0x287/0xff0 [ 43.320327][ C1] ? io_queue_sqe+0x171/0xaf0 [ 43.326096][ C1] io_submit_sqes+0x14cf/0x25d0 [ 43.330918][ C1] ? __se_sys_io_uring_enter+0x19d/0x1300 [ 43.336601][ C1] ? rcu_lock_release+0x5/0x20 [ 43.341332][ C1] __se_sys_io_uring_enter+0x1af/0x1300 [ 43.346856][ C1] ? lock_is_held_type+0xb3/0xe0 [ 43.351759][ C1] ? syscall_enter_from_user_mode+0x24/0x190 [ 43.357703][ C1] ? lockdep_hardirqs_on+0x49/0xf0 [ 43.362778][ C1] ? __x64_sys_io_uring_enter+0x1d/0xf0 [ 43.368300][ C1] do_syscall_64+0x31/0x70 [ 43.372683][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.378540][ C1] RIP: 0033:0x440b99 [ 43.382411][ C1] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 43.401980][ C1] RSP: 002b:00007ffea6abdbf8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 43.410354][ C1] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440b99 [ 43.418293][ C1] RDX: 0000000000000000 RSI: 000000000000450c RDI: 0000000000000005 [ 43.426228][ C1] RBP: 00000000006cb018 R08