[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory syzkaller login: [ 38.384889] [ 38.386776] ===================================================== [ 38.393242] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 38.403135] 4.14.231-syzkaller #0 Not tainted [ 38.410766] ----------------------------------------------------- [ 38.421458] syz-executor908/8000 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 38.435223] (hugetlb_lock){+.+.}, at: [] free_huge_page+0x5ab/0x7f0 [ 38.451334] [ 38.451334] and this task is already holding: [ 38.461422] (slock-AF_INET){+.-.}, at: [] tcp_close+0x540/0xed0 [ 38.471522] which would create a new lock dependency: [ 38.477173] (slock-AF_INET){+.-.} -> (hugetlb_lock){+.+.} [ 38.482894] [ 38.482894] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 38.491865] (slock-AF_INET){+.-.} [ 38.491872] [ 38.491872] ... which became SOFTIRQ-irq-safe at: [ 38.503655] lock_acquire+0x170/0x3f0 [ 38.507545] _raw_spin_lock+0x2a/0x40 [ 38.512105] sk_clone_lock+0x3cf/0x11e0 [ 38.516484] inet_csk_clone_lock+0x1e/0x3f0 [ 38.521025] tcp_create_openreq_child+0x2c/0x1880 [ 38.526262] tcp_v4_syn_recv_sock+0xa8/0xf80 [ 38.531919] tcp_check_req+0x4c1/0x1460 [ 38.536703] tcp_v4_rcv+0x1c36/0x3560 [ 38.541133] ip_local_deliver_finish+0x3f2/0xab0 [ 38.546795] ip_local_deliver+0x167/0x460 [ 38.551329] ip_rcv_finish+0x6e3/0x19f0 [ 38.555675] ip_rcv+0x8a7/0xf10 [ 38.560255] __netif_receive_skb_core+0x15ee/0x2a30 [ 38.566239] __netif_receive_skb+0x27/0x1a0 [ 38.570664] netif_receive_skb_internal+0xd7/0x580 [ 38.578806] napi_gro_receive+0x2e2/0x400 [ 38.584082] receive_buf+0xaef/0x4b90 [ 38.589670] virtnet_poll+0x4b7/0x960 [ 38.594359] net_rx_action+0x466/0xfd0 [ 38.600618] __do_softirq+0x24d/0x9ff [ 38.606545] irq_exit+0x193/0x240 [ 38.612457] do_IRQ+0x112/0x1d0 [ 38.629021] ret_from_intr+0x0/0x1e [ 38.639132] text_poke+0x388/0x470 [ 38.644519] text_poke_bp+0xc9/0x110 [ 38.649942] __jump_label_transform+0x269/0x300 [ 38.655393] arch_jump_label_transform+0x26/0x40 [ 38.674983] __jump_label_update+0x113/0x170 [ 38.680002] jump_label_update+0x140/0x2d0 [ 38.685171] __static_key_slow_dec_cpuslocked+0x3d/0xf0 [ 38.691361] static_key_slow_dec+0x53/0x70 [ 38.697381] once_deferred+0x58/0x80 [ 38.703076] process_one_work+0x793/0x14a0 [ 38.708582] worker_thread+0x5cc/0xff0 [ 38.714690] kthread+0x30d/0x420 [ 38.720752] ret_from_fork+0x24/0x30 [ 38.735725] [ 38.735725] to a SOFTIRQ-irq-unsafe lock: [ 38.743781] (hugetlb_lock){+.+.} [ 38.743791] [ 38.743791] ... which became SOFTIRQ-irq-unsafe at: [ 38.757385] ... [ 38.757400] lock_acquire+0x170/0x3f0 [ 38.764696] _raw_spin_lock+0x2a/0x40 [ 38.770446] hugetlb_overcommit_handler+0x283/0x400 [ 38.777171] proc_sys_call_handler.isra.0+0x1ba/0x340 [ 38.784258] __vfs_write+0xe4/0x630 [ 38.788997] vfs_write+0x17f/0x4d0 [ 38.794796] SyS_write+0xf2/0x210 [ 38.802767] do_syscall_64+0x1d5/0x640 [ 38.839372] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.861092] [ 38.861092] other info that might help us debug this: [ 38.861092] [ 38.872963] Possible interrupt unsafe locking scenario: [ 38.872963] [ 38.881836] CPU0 CPU1 [ 38.888780] ---- ---- [ 38.895132] lock(hugetlb_lock); [ 38.900075] local_irq_disable(); [ 38.906828] lock(slock-AF_INET); [ 38.913957] lock(hugetlb_lock); [ 38.921257] [ 38.925774] lock(slock-AF_INET); [ 38.929692] [ 38.929692] *** DEADLOCK *** [ 38.929692] [ 38.937299] 3 locks held by syz-executor908/8000: [ 38.943861] #0: (&sb->s_type->i_mutex_key#13){+.+.}, at: [] __sock_release+0x86/0x2b0 [ 38.954626] #1: (sk_lock-AF_INET){+.+.}, at: [] tcp_close+0x25/0xed0 [ 38.968500] #2: (slock-AF_INET){+.-.}, at: [] tcp_close+0x540/0xed0 [ 38.978701] [ 38.978701] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 38.988976] -> (slock-AF_INET){+.-.} ops: 6909 { [ 38.994405] HARDIRQ-ON-W at: [ 38.998822] lock_acquire+0x170/0x3f0 [ 39.006078] _raw_spin_lock_bh+0x2f/0x40 [ 39.012464] lock_sock_nested+0x39/0x100 [ 39.020662] inet_autobind+0x1a/0x180 [ 39.028190] inet_dgram_connect+0x134/0x1f0 [ 39.037835] SyS_connect+0x1f4/0x240 [ 39.044757] do_syscall_64+0x1d5/0x640 [ 39.053266] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.072072] IN-SOFTIRQ-W at: [ 39.077659] lock_acquire+0x170/0x3f0 [ 39.086904] _raw_spin_lock+0x2a/0x40 [ 39.093412] sk_clone_lock+0x3cf/0x11e0 [ 39.100473] inet_csk_clone_lock+0x1e/0x3f0 [ 39.108595] tcp_create_openreq_child+0x2c/0x1880 [ 39.116811] tcp_v4_syn_recv_sock+0xa8/0xf80 [ 39.123832] tcp_check_req+0x4c1/0x1460 [ 39.130509] tcp_v4_rcv+0x1c36/0x3560 [ 39.140210] ip_local_deliver_finish+0x3f2/0xab0 [ 39.149741] ip_local_deliver+0x167/0x460 [ 39.156192] ip_rcv_finish+0x6e3/0x19f0 [ 39.163506] ip_rcv+0x8a7/0xf10 [ 39.170208] __netif_receive_skb_core+0x15ee/0x2a30 [ 39.177867] __netif_receive_skb+0x27/0x1a0 [ 39.184124] netif_receive_skb_internal+0xd7/0x580 [ 39.192111] napi_gro_receive+0x2e2/0x400 [ 39.197996] receive_buf+0xaef/0x4b90 [ 39.204659] virtnet_poll+0x4b7/0x960 [ 39.211438] net_rx_action+0x466/0xfd0 [ 39.218691] __do_softirq+0x24d/0x9ff [ 39.226048] irq_exit+0x193/0x240 [ 39.232600] do_IRQ+0x112/0x1d0 [ 39.238568] ret_from_intr+0x0/0x1e [ 39.245385] text_poke+0x388/0x470 [ 39.251085] text_poke_bp+0xc9/0x110 [ 39.258988] __jump_label_transform+0x269/0x300 [ 39.269649] arch_jump_label_transform+0x26/0x40 [ 39.278520] __jump_label_update+0x113/0x170 [ 39.289431] jump_label_update+0x140/0x2d0 [ 39.306867] __static_key_slow_dec_cpuslocked+0x3d/0xf0 [ 39.316191] static_key_slow_dec+0x53/0x70 [ 39.323900] once_deferred+0x58/0x80 [ 39.330431] process_one_work+0x793/0x14a0 [ 39.338733] worker_thread+0x5cc/0xff0 [ 39.348341] kthread+0x30d/0x420 [ 39.357129] ret_from_fork+0x24/0x30 [ 39.365085] INITIAL USE at: [ 39.368738] lock_acquire+0x170/0x3f0 [ 39.377636] _raw_spin_lock_bh+0x2f/0x40 [ 39.386204] lock_sock_nested+0x39/0x100 [ 39.393217] inet_autobind+0x1a/0x180 [ 39.398959] inet_dgram_connect+0x134/0x1f0 [ 39.407125] SyS_connect+0x1f4/0x240 [ 39.412577] do_syscall_64+0x1d5/0x640 [ 39.439746] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.447632] } [ 39.449465] ... key at: [] af_family_slock_keys+0x10/0x180 [ 39.458213] ... acquired at: [ 39.461425] lock_acquire+0x170/0x3f0 [ 39.465509] _raw_spin_lock+0x2a/0x40 [ 39.469484] free_huge_page+0x5ab/0x7f0 [ 39.473626] __put_page+0xb9/0x2f0 [ 39.477438] skb_release_data+0x25a/0x820 [ 39.481759] __kfree_skb+0x46/0x60 [ 39.486292] tcp_v4_destroy_sock+0x223/0x920 [ 39.491169] inet_csk_destroy_sock+0x169/0x400 [ 39.496892] tcp_close+0x85e/0xed0 [ 39.500979] inet_release+0xdf/0x1b0 [ 39.504861] __sock_release+0xcd/0x2b0 [ 39.509278] sock_close+0x15/0x20 [ 39.512898] __fput+0x25f/0x7a0 [ 39.516423] task_work_run+0x11f/0x190 [ 39.520470] do_exit+0xa44/0x2850 [ 39.524210] do_group_exit+0x100/0x2e0 [ 39.528378] SyS_exit_group+0x19/0x20 [ 39.532466] do_syscall_64+0x1d5/0x640 [ 39.536571] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.542379] [ 39.543999] [ 39.543999] the dependencies between the lock to be acquired [ 39.544004] and SOFTIRQ-irq-unsafe lock: [ 39.555495] -> (hugetlb_lock){+.+.} ops: 32 { [ 39.560070] HARDIRQ-ON-W at: [ 39.563350] lock_acquire+0x170/0x3f0 [ 39.569074] _raw_spin_lock+0x2a/0x40 [ 39.574552] hugetlb_overcommit_handler+0x283/0x400 [ 39.583494] proc_sys_call_handler.isra.0+0x1ba/0x340 [ 39.590667] __vfs_write+0xe4/0x630 [ 39.595948] vfs_write+0x17f/0x4d0 [ 39.601146] SyS_write+0xf2/0x210 [ 39.606318] do_syscall_64+0x1d5/0x640 [ 39.611936] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.618911] SOFTIRQ-ON-W at: [ 39.622627] lock_acquire+0x170/0x3f0 [ 39.628441] _raw_spin_lock+0x2a/0x40 [ 39.634135] hugetlb_overcommit_handler+0x283/0x400 [ 39.642087] proc_sys_call_handler.isra.0+0x1ba/0x340 [ 39.649592] __vfs_write+0xe4/0x630 [ 39.654907] vfs_write+0x17f/0x4d0 [ 39.661482] SyS_write+0xf2/0x210 [ 39.666571] do_syscall_64+0x1d5/0x640 [ 39.672477] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.679322] INITIAL USE at: [ 39.682504] lock_acquire+0x170/0x3f0 [ 39.692998] _raw_spin_lock+0x2a/0x40 [ 39.698734] hugetlb_overcommit_handler+0x283/0x400 [ 39.705405] proc_sys_call_handler.isra.0+0x1ba/0x340 [ 39.712242] __vfs_write+0xe4/0x630 [ 39.717429] vfs_write+0x17f/0x4d0 [ 39.722528] SyS_write+0xf2/0x210 [ 39.727633] do_syscall_64+0x1d5/0x640 [ 39.733081] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.739813] } [ 39.741601] ... key at: [] hugetlb_lock+0x18/0x15e0 [ 39.748676] ... acquired at: [ 39.751818] lock_acquire+0x170/0x3f0 [ 39.755902] _raw_spin_lock+0x2a/0x40 [ 39.759874] free_huge_page+0x5ab/0x7f0 [ 39.764028] __put_page+0xb9/0x2f0 [ 39.767828] skb_release_data+0x25a/0x820 [ 39.772140] __kfree_skb+0x46/0x60 [ 39.775848] tcp_v4_destroy_sock+0x223/0x920 [ 39.780423] inet_csk_destroy_sock+0x169/0x400 [ 39.785176] tcp_close+0x85e/0xed0 [ 39.789103] inet_release+0xdf/0x1b0 [ 39.792978] __sock_release+0xcd/0x2b0 [ 39.797039] sock_close+0x15/0x20 [ 39.803173] __fput+0x25f/0x7a0 [ 39.806642] task_work_run+0x11f/0x190 [ 39.810685] do_exit+0xa44/0x2850 [ 39.814347] do_group_exit+0x100/0x2e0 [ 39.818488] SyS_exit_group+0x19/0x20 [ 39.822473] do_syscall_64+0x1d5/0x640 [ 39.826585] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.832146] [ 39.833775] [ 39.833775] stack backtrace: [ 39.838355] CPU: 1 PID: 8000 Comm: syz-executor908 Not tainted 4.14.231-syzkaller #0 [ 39.846352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.856421] Call Trace: [ 39.859518] dump_stack+0x1b2/0x281 [ 39.863558] check_usage.cold+0x806/0xbe6 [ 39.867711] ? check_usage_backwards+0x2c0/0x2c0 [ 39.872457] ? __save_stack_trace+0x63/0x160 [ 39.876856] ? is_bpf_text_address+0x91/0x150 [ 39.881340] ? lock_downgrade+0x740/0x740 [ 39.885679] ? is_bpf_text_address+0xb8/0x150 [ 39.890352] __lock_acquire+0x1cfc/0x3f20 [ 39.894536] ? trace_hardirqs_on+0x10/0x10 [ 39.898756] ? kasan_slab_free+0xc3/0x1a0 [ 39.902898] ? kmem_cache_free+0x7c/0x2b0 [ 39.907029] ? kfree_skbmem+0x7e/0x100 [ 39.910897] ? tcp_v4_destroy_sock+0x223/0x920 [ 39.915463] ? __sock_release+0xcd/0x2b0 [ 39.919523] ? sock_close+0x15/0x20 [ 39.923144] ? __fput+0x25f/0x7a0 [ 39.926584] ? task_work_run+0x11f/0x190 [ 39.930629] ? do_exit+0xa44/0x2850 [ 39.934268] ? do_group_exit+0x100/0x2e0 [ 39.938651] ? SyS_exit_group+0x19/0x20 [ 39.942631] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 39.947977] ? lock_acquire+0x170/0x3f0 [ 39.951939] lock_acquire+0x170/0x3f0 [ 39.955720] ? free_huge_page+0x5ab/0x7f0 [ 39.959866] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 39.964981] _raw_spin_lock+0x2a/0x40 [ 39.968778] ? free_huge_page+0x5ab/0x7f0 [ 39.972928] free_huge_page+0x5ab/0x7f0 [ 39.976896] ? PageHuge+0x93/0x110 [ 39.980429] __put_page+0xb9/0x2f0 [ 39.983969] skb_release_data+0x25a/0x820 [ 39.988098] __kfree_skb+0x46/0x60 [ 39.991632] tcp_v4_destroy_sock+0x223/0x920 [ 39.996042] inet_csk_destroy_sock+0x169/0x400 [ 40.000614] tcp_close+0x85e/0xed0 [ 40.004156] inet_release+0xdf/0x1b0 [ 40.007855] __sock_release+0xcd/0x2b0 [ 40.011721] ? __sock_release+0x2b0/0x2b0 [ 40.015854] sock_close+0x15/0x20 [ 40.019289] __fput+0x25f/0x7a0 [ 40.022545] task_work_run+0x11f/0x190 [ 40.026425] do_exit+0xa44/0x2850 [ 40.030377] ? io_schedule_timeout+0x140/0x140 [ 40.034967] ? mm_update_next_owner+0x5b0/0x5b0 [ 40.039710] ? preempt_schedule_common+0x45/0xc0 [ 40.044529] ? ___preempt_schedule+0x16/0x18 [ 40.049056] do_group_exit+0x100/0x2e0 [ 40.052955] SyS_exit_group+0x19/0x20 [ 40.056767] ? do_group_exit+0x2e0/0x2e0 [ 40.065372] do_syscall_64+0x1d5/0x640 [ 40.069849] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.075053] RIP: 0033:0x44c1c9 [ 40.078225] RSP: 002b:00007ffe057b8458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.085916] RAX: ffffffffffffffda RBX: 00000000004cb370 RCX: 000000000044c1c9 executing program [ 40.093166] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 40.100678] RBP: 0000000000000000 R08: ffffffffffffffb8 R09: 0000000000000001 [ 40.109704] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb370 [ 40.117060] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory executing program