Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k ================================ WARNING: inconsistent lock state 4.19.0-syzkaller #0 Not tainted -------------------------------- inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. syz-executor.0/2615 [HC1[1]:SC0[0]:HE0:SE1] takes: 0000000026910edf (sync_timeline_list_lock){?.+.}, at: sync_timeline_debug_remove+0x16/0x70 drivers/dma-buf/sync_debug.c:40 {HARDIRQ-ON-W} state was registered at: __trace_hardirqs_on_caller kernel/locking/lockdep.c:2826 [inline] lockdep_hardirqs_on+0xb3/0x120 kernel/locking/lockdep.c:2879 trace_hardirqs_on+0x22/0xf0 kernel/trace/trace_preemptirq.c:30 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] _raw_spin_unlock_irq+0x27/0x60 kernel/locking/spinlock.c:192 spin_unlock_irq include/linux/spinlock.h:379 [inline] sync_print_obj drivers/dma-buf/sync_debug.c:127 [inline] sync_debugfs_show+0x8e/0x120 drivers/dma-buf/sync_debug.c:162 seq_read+0x15d/0x420 fs/seq_file.c:229 __vfs_read+0x35/0x160 fs/read_write.c:416 vfs_read fs/read_write.c:452 [inline] vfs_read+0x93/0x140 fs/read_write.c:437 ksys_read+0x53/0xc0 fs/read_write.c:578 __do_sys_read fs/read_write.c:588 [inline] __se_sys_read fs/read_write.c:586 [inline] __x64_sys_read+0x15/0x20 fs/read_write.c:586 do_syscall_64+0x6e/0x1c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe irq event stamp: 2230 hardirqs last enabled at (2229): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (2229): [] _raw_spin_unlock_irq+0x27/0x60 kernel/locking/spinlock.c:192 hardirqs last disabled at (2230): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.3+0x832/0x2060 kernel/fork.c:1793 softirqs last disabled at (0): [<0000000000000000>] (null) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(sync_timeline_list_lock); lock(sync_timeline_list_lock); *** DEADLOCK *** no locks held by syz-executor.0/2615. stack backtrace: CPU: 1 PID: 2615 Comm: syz-executor.0 Not tainted 4.19.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xc4/0x11a lib/dump_stack.c:113 print_usage_bug.cold.38+0x1c5/0x20e kernel/locking/lockdep.c:2540 valid_state kernel/locking/lockdep.c:2553 [inline] mark_lock_irq kernel/locking/lockdep.c:2747 [inline] mark_lock+0x408/0x4e0 kernel/locking/lockdep.c:3127 mark_irqflags kernel/locking/lockdep.c:3002 [inline] __lock_acquire+0x68f/0x12f0 kernel/locking/lockdep.c:3368 lock_acquire+0xc0/0x1c0 kernel/locking/lockdep.c:3900 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x59/0x80 kernel/locking/spinlock.c:152 sync_timeline_debug_remove+0x16/0x70 drivers/dma-buf/sync_debug.c:40 sync_timeline_free drivers/dma-buf/sw_sync.c:113 [inline] kref_put include/linux/kref.h:70 [inline] sync_timeline_put+0x18/0x30 drivers/dma-buf/sw_sync.c:125 timeline_fence_release+0x9c/0xb0 drivers/dma-buf/sw_sync.c:156 dma_fence_release+0x41/0x120 drivers/dma-buf/dma-fence.c:228 kref_put include/linux/kref.h:70 [inline] dma_fence_put include/linux/dma-fence.h:259 [inline] dma_fence_array_release+0x4f/0x80 drivers/dma-buf/dma-fence-array.c:96 dma_fence_release+0x41/0x120 drivers/dma-buf/dma-fence.c:228 kref_put include/linux/kref.h:70 [inline] dma_fence_put include/linux/dma-fence.h:259 [inline] irq_dma_fence_array_work+0x3a/0x40 drivers/dma-buf/dma-fence-array.c:39 irq_work_run_list+0x5f/0x90 kernel/irq_work.c:155 irq_work_run+0x2a/0x60 kernel/irq_work.c:170 smp_irq_work_interrupt+0x48/0x1e0 arch/x86/kernel/irq_work.c:21 irq_work_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:895 RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline] RIP: 0010:_raw_spin_unlock_irq+0x38/0x60 kernel/locking/spinlock.c:192 Code: 83 c7 18 48 8b 55 08 e8 b6 84 07 ff 48 89 df e8 6e d1 07 ff e8 89 e6 10 ff 48 83 3d 49 5f df 00 00 74 26 fb 66 0f 1f 44 00 00 01 00 00 00 e8 5e af 04 ff 65 8b 05 07 8d fc 7d 85 c0 74 03 5b RSP: 0018:ffffc9000177fc08 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff09 RAX: ffff88012cc08000 RBX: ffff880136a76350 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88012cc08000 RBP: ffffc9000177fc10 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff880136a76340 R13: ffff880136a76300 R14: ffff880136a76350 R15: ffff880138f27a20 spin_unlock_irq include/linux/spinlock.h:379 [inline] sw_sync_debugfs_release+0x62/0x80 drivers/dma-buf/sw_sync.c:332 __fput+0xa9/0x1e0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x8f/0xb0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0x3bf/0xc20 kernel/exit.c:867 do_group_exit+0x40/0xc0 kernel/exit.c:970 get_signal+0x287/0x820 kernel/signal.c:2513 do_signal+0x32/0x6b0 arch/x86/kernel/signal.c:816 exit_to_usermode_loop+0xdb/0x100 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x1a8/0x1c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f2bea731da9 Code: Bad RIP value. RSP: 002b:00007f2bea2b3178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f2bea85ff88 RCX: 00007f2bea731da9 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2bea85ff88 RBP: 00007f2bea85ff80 R08: 00007f2bea2b36c0 R09: 00007f2bea2b36c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2bea85ff8c R13: 0000000000000006 R14: 00007fffce6e7180 R15: 00007fffce6e7268 ---------------- Code disassembly (best guess): 0: 83 c7 18 add $0x18,%edi 3: 48 8b 55 08 mov 0x8(%rbp),%rdx 7: e8 b6 84 07 ff call 0xff0784c2 c: 48 89 df mov %rbx,%rdi f: e8 6e d1 07 ff call 0xff07d182 14: e8 89 e6 10 ff call 0xff10e6a2 19: 48 83 3d 49 5f df 00 cmpq $0x0,0xdf5f49(%rip) # 0xdf5f6a 20: 00 21: 74 26 je 0x49 23: fb sti 24: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1) * 2a: bf 01 00 00 00 mov $0x1,%edi <-- trapping instruction 2f: e8 5e af 04 ff call 0xff04af92 34: 65 8b 05 07 8d fc 7d mov %gs:0x7dfc8d07(%rip),%eax # 0x7dfc8d42 3b: 85 c0 test %eax,%eax 3d: 74 03 je 0x42 3f: 5b pop %rbx