======================================================== WARNING: possible irq lock inversion dependency detected 5.6.0-rc2-syzkaller #0 Not tainted -------------------------------------------------------- ksoftirqd/1/16 just changed the state of lock: ffff88809e097b58 (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:363 [inline] ffff88809e097b58 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2b/0x3e0 fs/aio.c:618 but this lock took another, SOFTIRQ-unsafe lock in the past: (&pid->wait_pidfd){+.+.} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pid->wait_pidfd); local_irq_disable(); lock(&(&ctx->ctx_lock)->rlock); lock(&pid->wait_pidfd); lock(&(&ctx->ctx_lock)->rlock); *** DEADLOCK *** 2 locks held by ksoftirqd/1/16: #0: ffffffff88ba5540 (rcu_callback){....}, at: rcu_do_batch kernel/rcu/tree.c:2176 [inline] #0: ffffffff88ba5540 (rcu_callback){....}, at: rcu_core+0x505/0x1290 kernel/rcu/tree.c:2410 #1: ffffffff88ba5600 (rcu_read_lock){....}, at: percpu_ref_call_confirm_rcu lib/percpu-refcount.c:126 [inline] #1: ffffffff88ba5600 (rcu_read_lock){....}, at: percpu_ref_switch_to_atomic_rcu+0x1c7/0x450 lib/percpu-refcount.c:165 the shortest dependencies between 2nd lock and 1st lock: -> (&pid->wait_pidfd){+.+.} { HARDIRQ-ON-W at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] proc_pid_make_inode+0x1c0/0x390 fs/proc/base.c:1880 proc_pid_instantiate+0x40/0x140 fs/proc/base.c:3285 proc_pid_lookup+0x134/0x240 fs/proc/base.c:3320 proc_root_lookup+0x16/0x40 fs/proc/root.c:243 __lookup_slow+0x204/0x3d0 fs/namei.c:1757 lookup_slow fs/namei.c:1774 [inline] walk_component+0x684/0xef0 fs/namei.c:1915 link_path_walk.part.40+0x3c4/0xdc0 fs/namei.c:2238 link_path_walk fs/namei.c:2172 [inline] path_openat+0x194/0x2aa0 fs/namei.c:3606 do_filp_open+0x171/0x240 fs/namei.c:3637 do_sys_openat2+0x2b9/0x480 fs/open.c:1149 do_sys_open+0x85/0xd0 fs/open.c:1165 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe SOFTIRQ-ON-W at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] proc_pid_make_inode+0x1c0/0x390 fs/proc/base.c:1880 proc_pid_instantiate+0x40/0x140 fs/proc/base.c:3285 proc_pid_lookup+0x134/0x240 fs/proc/base.c:3320 proc_root_lookup+0x16/0x40 fs/proc/root.c:243 __lookup_slow+0x204/0x3d0 fs/namei.c:1757 lookup_slow fs/namei.c:1774 [inline] walk_component+0x684/0xef0 fs/namei.c:1915 link_path_walk.part.40+0x3c4/0xdc0 fs/namei.c:2238 link_path_walk fs/namei.c:2172 [inline] path_openat+0x194/0x2aa0 fs/namei.c:3606 do_filp_open+0x171/0x240 fs/namei.c:3637 do_sys_openat2+0x2b9/0x480 fs/open.c:1149 do_sys_open+0x85/0xd0 fs/open.c:1165 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xc0 kernel/locking/spinlock.c:159 __wake_up_common_lock+0xa8/0x120 kernel/sched/wait.c:122 do_notify_pidfd kernel/signal.c:1895 [inline] do_notify_parent+0x14c/0xbb0 kernel/signal.c:1922 exit_notify kernel/exit.c:668 [inline] do_exit+0x206f/0x2a10 kernel/exit.c:824 call_usermodehelper_exec_async+0x47f/0x680 kernel/umh.c:125 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 } ... key at: [] __key.53243+0x0/0x40 ... acquired at: __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] aio_poll fs/aio.c:1767 [inline] __io_submit_one fs/aio.c:1841 [inline] io_submit_one+0x97f/0x2b00 fs/aio.c:1878 __do_sys_io_submit fs/aio.c:1937 [inline] __se_sys_io_submit fs/aio.c:1907 [inline] __x64_sys_io_submit+0x166/0x3d0 fs/aio.c:1907 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> (&(&ctx->ctx_lock)->rlock){..-.} { IN-SOFTIRQ-W at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5e/0x80 kernel/locking/spinlock.c:167 spin_lock_irq include/linux/spinlock.h:363 [inline] free_ioctx_users+0x2b/0x3e0 fs/aio.c:618 percpu_ref_put_many include/linux/percpu-refcount.h:309 [inline] percpu_ref_put include/linux/percpu-refcount.h:325 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:130 [inline] percpu_ref_switch_to_atomic_rcu+0x387/0x450 lib/percpu-refcount.c:165 rcu_do_batch kernel/rcu/tree.c:2186 [inline] rcu_core+0x584/0x1290 kernel/rcu/tree.c:2410 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 INITIAL USE at: lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5e/0x80 kernel/locking/spinlock.c:167 spin_lock_irq include/linux/spinlock.h:363 [inline] aio_poll fs/aio.c:1765 [inline] __io_submit_one fs/aio.c:1841 [inline] io_submit_one+0x93f/0x2b00 fs/aio.c:1878 __do_sys_io_submit fs/aio.c:1937 [inline] __se_sys_io_submit fs/aio.c:1907 [inline] __x64_sys_io_submit+0x166/0x3d0 fs/aio.c:1907 do_syscall_64+0xc6/0x5e0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [] __key.55053+0x0/0x40 ... acquired at: mark_lock_irq kernel/locking/lockdep.c:3316 [inline] mark_lock+0x501/0x11a0 kernel/locking/lockdep.c:3665 mark_usage kernel/locking/lockdep.c:3565 [inline] __lock_acquire+0x13ff/0x4370 kernel/locking/lockdep.c:3908 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5e/0x80 kernel/locking/spinlock.c:167 spin_lock_irq include/linux/spinlock.h:363 [inline] free_ioctx_users+0x2b/0x3e0 fs/aio.c:618 percpu_ref_put_many include/linux/percpu-refcount.h:309 [inline] percpu_ref_put include/linux/percpu-refcount.h:325 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:130 [inline] percpu_ref_switch_to_atomic_rcu+0x387/0x450 lib/percpu-refcount.c:165 rcu_do_batch kernel/rcu/tree.c:2186 [inline] rcu_core+0x584/0x1290 kernel/rcu/tree.c:2410 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 stack backtrace: CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.6.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x128/0x182 lib/dump_stack.c:118 print_irq_inversion_bug kernel/locking/lockdep.c:3179 [inline] check_usage_forwards.cold.61+0x20/0x29 kernel/locking/lockdep.c:3203 mark_lock_irq kernel/locking/lockdep.c:3316 [inline] mark_lock+0x501/0x11a0 kernel/locking/lockdep.c:3665 mark_usage kernel/locking/lockdep.c:3565 [inline] __lock_acquire+0x13ff/0x4370 kernel/locking/lockdep.c:3908 lock_acquire+0x19b/0x420 kernel/locking/lockdep.c:4484 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5e/0x80 kernel/locking/spinlock.c:167 spin_lock_irq include/linux/spinlock.h:363 [inline] free_ioctx_users+0x2b/0x3e0 fs/aio.c:618 percpu_ref_put_many include/linux/percpu-refcount.h:309 [inline] percpu_ref_put include/linux/percpu-refcount.h:325 [inline] percpu_ref_call_confirm_rcu lib/percpu-refcount.c:130 [inline] percpu_ref_switch_to_atomic_rcu+0x387/0x450 lib/percpu-refcount.c:165 rcu_do_batch kernel/rcu/tree.c:2186 [inline] rcu_core+0x584/0x1290 kernel/rcu/tree.c:2410 __do_softirq+0x26e/0x9b2 kernel/softirq.c:292 run_ksoftirqd+0x8f/0x100 kernel/softirq.c:603 smpboot_thread_fn+0x511/0x850 kernel/smpboot.c:165 kthread+0x31d/0x3e0 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352