wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready syz-executor.5 (5596) used greatest stack depth: 21704 bytes left ================================ WARNING: inconsistent lock state 5.10.237 #1 Not tainted -------------------------------- inconsistent {INITIAL USE} -> {IN-NMI} usage. syz-executor.0/278 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff88804952f4e0 (&rp->lock/1){....}-{2:2}, at: pre_handler_kretprobe+0x42/0x5a0 kernel/kprobes.c:2068 {INITIAL USE} state was registered at: lock_acquire kernel/locking/lockdep.c:5566 [inline] lock_acquire+0x197/0x470 kernel/locking/lockdep.c:5531 _raw_spin_lock_irqsave_nested+0x38/0x60 kernel/locking/spinlock.c:373 pre_handler_kretprobe+0x42/0x5a0 kernel/kprobes.c:2068 opt_pre_handler+0xc5/0x130 kernel/kprobes.c:419 optimized_callback arch/x86/kernel/kprobes/opt.c:193 [inline] optimized_callback+0x169/0x1e0 arch/x86/kernel/kprobes/opt.c:172 0xffffffffa00080ac schedule+0xcb/0x270 kernel/sched/core.c:4625 worker_thread+0x14f/0x1310 kernel/workqueue.c:2449 kthread+0x38f/0x470 kernel/kthread.c:328 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:298 irq event stamp: 453124 hardirqs last enabled at (453123): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (453123): [] _raw_spin_unlock_irqrestore+0x38/0x40 kernel/locking/spinlock.c:191 hardirqs last disabled at (453124): [] __schedule+0xfdd/0x1ea0 kernel/sched/core.c:4447 softirqs last enabled at (453120): [] asm_call_irq_on_stack+0x12/0x20 softirqs last disabled at (453055): [] asm_call_irq_on_stack+0x12/0x20 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&rp->lock/1); lock(&rp->lock/1); *** DEADLOCK *** 5 locks held by syz-executor.0/278: #0: ffff88800fb86438 (sb_writers#3){.+.+}-{0:0}, at: do_rmdir+0x1eb/0x440 fs/namei.c:3812 #1: ffff88801ab4c970 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:811 [inline] #1: ffff88801ab4c970 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_rmdir+0x240/0x440 fs/namei.c:3816 #2: ffff88800fb86628 (sb_internal){.+.+}-{0:0}, at: evict+0x32b/0x8c0 fs/inode.c:612 #3: ffff88800fba28e0 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf98/0x1390 fs/jbd2/transaction.c:449 #4: ffff88804bc22000 (&ei->i_data_sem){++++}-{3:3}, at: ext4_truncate+0xbd3/0x1160 fs/ext4/inode.c:4331 stack backtrace: CPU: 0 PID: 278 Comm: syz-executor.0 Not tainted 5.10.237 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:118 print_usage_bug kernel/locking/lockdep.c:4990 [inline] verify_lock_unused kernel/locking/lockdep.c:5498 [inline] lock_acquire kernel/locking/lockdep.c:5557 [inline] lock_acquire.cold+0x17/0x1c kernel/locking/lockdep.c:5531 _raw_spin_lock_irqsave_nested+0x38/0x60 kernel/locking/spinlock.c:373 pre_handler_kretprobe+0x42/0x5a0 kernel/kprobes.c:2068 aggr_pre_handler+0xc5/0x150 kernel/kprobes.c:1169 kprobe_int3_handler arch/x86/kernel/kprobes/core.c:989 [inline] kprobe_int3_handler+0x1d1/0x670 arch/x86/kernel/kprobes/core.c:955 do_int3+0xa/0x50 arch/x86/kernel/traps.c:647 exc_int3+0x2b/0x80 arch/x86/kernel/traps.c:693 asm_exc_int3+0x31/0x40 arch/x86/include/asm/idtentry.h:570 RIP: 0010:__switch_to_asm+0x1/0x60 arch/x86/entry/entry_64.S:236 Code: 00 e9 5b f8 ff ff 48 c7 c7 80 f1 e0 84 e8 f7 86 6c 00 e9 cc f7 ff ff 48 8b 7c 24 18 e8 e8 86 6c 00 e9 e6 fb ff ff cc cc cc cc <53> 41 54 41 55 41 56 41 57 48 89 a7 18 15 00 00 48 8b a6 18 15 00 RSP: 0018:ffff888036e1f560 EFLAGS: 00000046 RAX: dffffc0000000000 RBX: ffff88806ce3b2d8 RCX: ffff888036e1f4f0 RDX: 1ffff1100d9c765a RSI: ffff88800e750000 RDI: ffff88800e699a40 RBP: ffff888036e1f638 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88806ce3b2c0 R13: ffff88800e699a40 R14: ffff88800e699e30 R15: ffff88800e750000 hpet: Lost 8 RTC interrupts netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready ---------------- Code disassembly (best guess), 1 bytes skipped: 0: e9 5b f8 ff ff jmpq 0xfffff860 5: 48 c7 c7 80 f1 e0 84 mov $0xffffffff84e0f180,%rdi c: e8 f7 86 6c 00 callq 0x6c8708 11: e9 cc f7 ff ff jmpq 0xfffff7e2 16: 48 8b 7c 24 18 mov 0x18(%rsp),%rdi 1b: e8 e8 86 6c 00 callq 0x6c8708 20: e9 e6 fb ff ff jmpq 0xfffffc0b 25: cc int3 26: cc int3 27: cc int3 28: cc int3 * 29: 53 push %rbx <-- trapping instruction 2a: 41 54 push %r12 2c: 41 55 push %r13 2e: 41 56 push %r14 30: 41 57 push %r15 32: 48 89 a7 18 15 00 00 mov %rsp,0x1518(%rdi) 39: 48 rex.W 3a: 8b .byte 0x8b 3b: a6 cmpsb %es:(%rdi),%ds:(%rsi) 3c: 18 .byte 0x18 3d: 15 .byte 0x15