[info] Using makefile-style concurrent boot in runlevel 2. [ 26.643426] audit: type=1800 audit(1542788469.924:21): pid=5845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts. 2018/11/21 08:21:21 parsed 1 programs 2018/11/21 08:21:23 executed programs: 0 syzkaller login: [ 40.756846] IPVS: ftp: loaded support on port[0] = 21 [ 40.767670] IPVS: ftp: loaded support on port[0] = 21 [ 40.774631] IPVS: ftp: loaded support on port[0] = 21 [ 40.786169] IPVS: ftp: loaded support on port[0] = 21 [ 40.787493] IPVS: ftp: loaded support on port[0] = 21 [ 40.806819] IPVS: ftp: loaded support on port[0] = 21 [ 42.018301] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.026053] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.036979] device bridge_slave_0 entered promiscuous mode [ 42.065939] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.077448] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.086915] device bridge_slave_0 entered promiscuous mode [ 42.102161] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.109727] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.124656] device bridge_slave_0 entered promiscuous mode [ 42.132987] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.139362] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.148841] device bridge_slave_1 entered promiscuous mode [ 42.165291] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.176451] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.190731] device bridge_slave_0 entered promiscuous mode [ 42.197649] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.205119] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.213925] device bridge_slave_1 entered promiscuous mode [ 42.222390] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.228862] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.237201] device bridge_slave_0 entered promiscuous mode [ 42.245986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.261395] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.268171] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.275974] device bridge_slave_0 entered promiscuous mode [ 42.284011] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.290371] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.298410] device bridge_slave_1 entered promiscuous mode [ 42.305755] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.313330] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.326976] device bridge_slave_1 entered promiscuous mode [ 42.334911] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.342616] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.350026] device bridge_slave_1 entered promiscuous mode [ 42.358232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.370247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.381777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.394031] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.400414] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.413551] device bridge_slave_1 entered promiscuous mode [ 42.420162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.434388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.465040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.475642] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.489444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.499897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 42.518784] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.620128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 42.644444] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.659881] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.689508] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.714201] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.729318] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.747426] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.770366] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.811881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.823822] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.839307] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.847596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.859353] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.876056] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 42.887189] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.898935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.913585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.928093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.948235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.959857] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.972935] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.981194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.991853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.011755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.028884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.043768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.058282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.066701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.077217] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.102331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.126276] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.139989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.148324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.178712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.211852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.222076] team0: Port device team_slave_0 added [ 43.227473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.239609] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.251755] team0: Port device team_slave_0 added [ 43.259668] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.270433] team0: Port device team_slave_0 added [ 43.283279] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.290454] team0: Port device team_slave_1 added [ 43.322109] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.341827] team0: Port device team_slave_1 added [ 43.357260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.393641] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.404577] team0: Port device team_slave_0 added [ 43.413964] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.425669] team0: Port device team_slave_1 added [ 43.439104] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.455235] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.471417] team0: Port device team_slave_0 added [ 43.478166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.497715] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.507909] team0: Port device team_slave_1 added [ 43.521238] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.539218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.561529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.570955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.579072] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.589801] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.598181] team0: Port device team_slave_0 added [ 43.606245] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.621731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.631105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.639229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.662265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.670298] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.678395] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.686085] team0: Port device team_slave_1 added [ 43.694323] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.704040] team0: Port device team_slave_1 added [ 43.711338] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.720565] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.728778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.741171] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.750193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.760918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.773419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.793438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.809099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.819794] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.828116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.842714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.853835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.868157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.876726] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.884730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.892636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.917742] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.938436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.948580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.957874] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.966609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.974621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.982462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.990807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.997854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.005907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.027348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.044489] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.061922] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.069908] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.078681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.087038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.100048] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.119098] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.131630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.139689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.164071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.179027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.206585] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.214907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.231634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.507995] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.514603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.521876] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.528259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.537572] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.685327] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.691772] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.698379] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.704767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.720431] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.799043] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.805510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.812221] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.818581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.827333] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.849700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.860232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.887978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.916252] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.922715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.929503] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.935920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.953504] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.986995] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.993458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.000070] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.006509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.022921] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.032638] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.039027] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.045699] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.052071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.063545] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.891019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.905397] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.926358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.292045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.348984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.453198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.479886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.582838] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.599855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.618570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.683076] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.711310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.781724] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.800249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.812411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.852925] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.867679] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.892909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.901504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.915420] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.930377] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.946702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.958007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.987946] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.081862] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.147616] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.164956] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.190052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.205283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.214072] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.221100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.228088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.241587] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.307295] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.322711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.331467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.404525] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.474220] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.543995] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/21 08:21:33 executed programs: 6 2018/11/21 08:21:39 executed programs: 42 2018/11/21 08:21:44 executed programs: 76 2018/11/21 08:21:49 executed programs: 108 2018/11/21 08:21:54 executed programs: 143 2018/11/21 08:22:00 executed programs: 174 2018/11/21 08:22:05 executed programs: 207 2018/11/21 08:22:10 executed programs: 240 2018/11/21 08:22:15 executed programs: 273 [ 96.162502] [ 96.164194] ===================================================== [ 96.170421] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 96.177163] 4.20.0-rc3+ #122 Not tainted [ 96.181413] ----------------------------------------------------- [ 96.187642] syz-executor5/9070 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 96.194814] 00000000f4a7d336 (&ctx->fd_wqh){....}, at: aio_poll+0x760/0x1420 [ 96.201998] [ 96.201998] and this task is already holding: [ 96.207960] 00000000e08d009b (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll+0x738/0x1420 [ 96.216286] which would create a new lock dependency: [ 96.221472] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 96.228049] [ 96.228049] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 96.236098] (&(&ctx->ctx_lock)->rlock){..-.} [ 96.236105] [ 96.236105] ... which became SOFTIRQ-irq-safe at: [ 96.246912] lock_acquire+0x1ed/0x520 [ 96.250787] _raw_spin_lock_irq+0x61/0x80 [ 96.255010] free_ioctx_users+0xbc/0x710 [ 96.259146] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 96.264671] rcu_process_callbacks+0x100a/0x1ac0 [ 96.269498] __do_softirq+0x308/0xb7e [ 96.273373] run_ksoftirqd+0x5e/0x100 [ 96.277251] smpboot_thread_fn+0x68b/0xa00 [ 96.281560] kthread+0x35a/0x440 [ 96.285004] ret_from_fork+0x3a/0x50 [ 96.288794] [ 96.288794] to a SOFTIRQ-irq-unsafe lock: [ 96.294521] (&ctx->fault_pending_wqh){+.+.} [ 96.294529] [ 96.294529] ... which became SOFTIRQ-irq-unsafe at: [ 96.305492] ... [ 96.305511] lock_acquire+0x1ed/0x520 [ 96.311394] _raw_spin_lock+0x2d/0x40 [ 96.315283] userfaultfd_release+0x63e/0x8d0 [ 96.319773] __fput+0x385/0xa30 [ 96.323124] ____fput+0x15/0x20 [ 96.326480] task_work_run+0x1e8/0x2a0 [ 96.330450] get_signal+0x1558/0x1980 [ 96.334335] do_signal+0x9c/0x21c0 [ 96.337948] exit_to_usermode_loop+0x2e5/0x380 [ 96.342770] do_syscall_64+0x6be/0x820 [ 96.346748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.352007] [ 96.352007] other info that might help us debug this: [ 96.352007] [ 96.360135] Chain exists of: [ 96.360135] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 96.360135] [ 96.372269] Possible interrupt unsafe locking scenario: [ 96.372269] [ 96.379178] CPU0 CPU1 [ 96.383835] ---- ---- [ 96.388494] lock(&ctx->fault_pending_wqh); [ 96.392910] local_irq_disable(); [ 96.398957] lock(&(&ctx->ctx_lock)->rlock); [ 96.405956] lock(&ctx->fd_wqh); [ 96.411912] [ 96.414647] lock(&(&ctx->ctx_lock)->rlock); [ 96.419300] [ 96.419300] *** DEADLOCK *** [ 96.419300] [ 96.425349] 1 lock held by syz-executor5/9070: [ 96.429913] #0: 00000000e08d009b (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll+0x738/0x1420 [ 96.438580] [ 96.438580] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 96.447587] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 96.452428] IN-SOFTIRQ-W at: [ 96.455702] lock_acquire+0x1ed/0x520 [ 96.461135] _raw_spin_lock_irq+0x61/0x80 [ 96.467179] free_ioctx_users+0xbc/0x710 [ 96.472885] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 96.479979] rcu_process_callbacks+0x100a/0x1ac0 [ 96.486393] __do_softirq+0x308/0xb7e [ 96.491854] run_ksoftirqd+0x5e/0x100 [ 96.497315] smpboot_thread_fn+0x68b/0xa00 [ 96.503229] kthread+0x35a/0x440 [ 96.508238] ret_from_fork+0x3a/0x50 [ 96.513585] INITIAL USE at: [ 96.516787] lock_acquire+0x1ed/0x520 [ 96.522139] _raw_spin_lock_irq+0x61/0x80 [ 96.527834] free_ioctx_users+0xbc/0x710 [ 96.533445] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 96.540445] rcu_process_callbacks+0x100a/0x1ac0 [ 96.546760] __do_softirq+0x308/0xb7e [ 96.552117] run_ksoftirqd+0x5e/0x100 [ 96.557469] smpboot_thread_fn+0x68b/0xa00 [ 96.563258] kthread+0x35a/0x440 [ 96.568179] ret_from_fork+0x3a/0x50 [ 96.573442] } [ 96.575233] ... key at: [] __key.51004+0x0/0x40 [ 96.581964] ... acquired at: [ 96.585234] lock_acquire+0x1ed/0x520 [ 96.589214] _raw_spin_lock+0x2d/0x40 [ 96.593184] aio_poll+0x760/0x1420 [ 96.597012] io_submit_one+0xa49/0xf80 [ 96.601072] __x64_sys_io_submit+0x1b7/0x580 [ 96.605664] do_syscall_64+0x1b9/0x820 [ 96.609722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.615069] [ 96.616698] [ 96.616698] the dependencies between the lock to be acquired [ 96.616702] and SOFTIRQ-irq-unsafe lock: [ 96.628086] -> (&ctx->fault_pending_wqh){+.+.} { [ 96.632945] HARDIRQ-ON-W at: [ 96.636307] lock_acquire+0x1ed/0x520 [ 96.641923] _raw_spin_lock+0x2d/0x40 [ 96.647547] userfaultfd_release+0x63e/0x8d0 [ 96.653777] __fput+0x385/0xa30 [ 96.658868] ____fput+0x15/0x20 [ 96.663969] task_work_run+0x1e8/0x2a0 [ 96.669759] get_signal+0x1558/0x1980 [ 96.675396] do_signal+0x9c/0x21c0 [ 96.680756] exit_to_usermode_loop+0x2e5/0x380 [ 96.687157] do_syscall_64+0x6be/0x820 [ 96.692866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.699865] SOFTIRQ-ON-W at: [ 96.703239] lock_acquire+0x1ed/0x520 [ 96.708866] _raw_spin_lock+0x2d/0x40 [ 96.714484] userfaultfd_release+0x63e/0x8d0 [ 96.720838] __fput+0x385/0xa30 [ 96.725949] ____fput+0x15/0x20 [ 96.731053] task_work_run+0x1e8/0x2a0 [ 96.736769] get_signal+0x1558/0x1980 [ 96.742397] do_signal+0x9c/0x21c0 [ 96.747754] exit_to_usermode_loop+0x2e5/0x380 [ 96.754160] do_syscall_64+0x6be/0x820 [ 96.759873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.766970] INITIAL USE at: [ 96.770239] lock_acquire+0x1ed/0x520 [ 96.775763] _raw_spin_lock+0x2d/0x40 [ 96.781289] userfaultfd_ctx_read+0x4f3/0x2180 [ 96.787595] userfaultfd_read+0x1e2/0x2c0 [ 96.793471] __vfs_read+0x117/0x9b0 [ 96.798823] vfs_read+0x17f/0x3c0 [ 96.804004] ksys_read+0x101/0x260 [ 96.809266] __x64_sys_read+0x73/0xb0 [ 96.814791] do_syscall_64+0x1b9/0x820 [ 96.820401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.827307] } [ 96.829214] ... key at: [] __key.44608+0x0/0x40 [ 96.836029] ... acquired at: [ 96.839210] _raw_spin_lock+0x2d/0x40 [ 96.843169] userfaultfd_ctx_read+0x4f3/0x2180 [ 96.848050] userfaultfd_read+0x1e2/0x2c0 [ 96.852375] __vfs_read+0x117/0x9b0 [ 96.856166] vfs_read+0x17f/0x3c0 [ 96.859796] ksys_read+0x101/0x260 [ 96.863496] __x64_sys_read+0x73/0xb0 [ 96.867455] do_syscall_64+0x1b9/0x820 [ 96.871507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.876845] [ 96.878455] -> (&ctx->fd_wqh){....} { [ 96.882254] INITIAL USE at: [ 96.885432] lock_acquire+0x1ed/0x520 [ 96.890778] _raw_spin_lock_irq+0x61/0x80 [ 96.896477] userfaultfd_ctx_read+0x2e4/0x2180 [ 96.902607] userfaultfd_read+0x1e2/0x2c0 [ 96.908304] __vfs_read+0x117/0x9b0 [ 96.913478] vfs_read+0x17f/0x3c0 [ 96.918486] ksys_read+0x101/0x260 [ 96.923591] __x64_sys_read+0x73/0xb0 [ 96.928939] do_syscall_64+0x1b9/0x820 [ 96.934409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.941139] } [ 96.942938] ... key at: [] __key.44611+0x0/0x40 [ 96.949745] ... acquired at: [ 96.952857] lock_acquire+0x1ed/0x520 [ 96.956999] _raw_spin_lock+0x2d/0x40 [ 96.961060] aio_poll+0x760/0x1420 [ 96.964765] io_submit_one+0xa49/0xf80 [ 96.968975] __x64_sys_io_submit+0x1b7/0x580 [ 96.973727] do_syscall_64+0x1b9/0x820 [ 96.977781] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 96.983131] [ 96.984738] [ 96.984738] stack backtrace: [ 96.989221] CPU: 0 PID: 9070 Comm: syz-executor5 Not tainted 4.20.0-rc3+ #122 [ 96.996477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.005813] Call Trace: [ 97.008395] dump_stack+0x244/0x39d [ 97.012008] ? dump_stack_print_info.cold.1+0x20/0x20 [ 97.017195] ? print_shortest_lock_dependencies.cold.55+0x18e/0x211 [ 97.023586] ? vprintk_func+0x85/0x181 [ 97.027474] check_usage.cold.58+0x6d5/0xad1 [ 97.031890] ? check_usage_forwards+0x3d0/0x3d0 [ 97.036555] ? __lock_acquire+0x62f/0x4c20 [ 97.040779] ? __switch_to_asm+0x34/0x70 [ 97.044826] ? lockdep_on+0x50/0x50 [ 97.048443] ? mark_held_locks+0x130/0x130 [ 97.052668] ? __lock_acquire+0x62f/0x4c20 [ 97.056892] ? trace_event_raw_event_lock_acquire+0x440/0x440 [ 97.062889] __lock_acquire+0x238a/0x4c20 [ 97.067035] ? __lock_acquire+0x238a/0x4c20 [ 97.071366] ? mark_held_locks+0x130/0x130 [ 97.075611] ? zap_class+0x640/0x640 [ 97.079315] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 97.084419] ? find_held_lock+0x36/0x1c0 [ 97.088477] ? add_wait_queue+0x1b9/0x2b0 [ 97.092623] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 97.097728] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 97.102847] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 97.107434] ? trace_hardirqs_on+0xbd/0x310 [ 97.111744] ? kasan_check_read+0x11/0x20 [ 97.115890] ? trace_hardirqs_off_caller+0x310/0x310 [ 97.120983] ? rcu_softirq_qs+0x20/0x20 [ 97.124964] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 97.130066] ? add_wait_queue+0x1b9/0x2b0 [ 97.134211] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 97.139475] lock_acquire+0x1ed/0x520 [ 97.143270] ? aio_poll+0x760/0x1420 [ 97.146967] ? lock_release+0xa00/0xa00 [ 97.150925] ? kasan_check_read+0x11/0x20 [ 97.155206] ? do_raw_spin_lock+0x14f/0x350 [ 97.159611] ? __ia32_sys_eventfd+0x40/0x40 [ 97.163924] ? rwlock_bug.part.2+0x90/0x90 [ 97.168151] ? trace_hardirqs_on+0x310/0x310 [ 97.172553] ? __save_stack_trace+0x8d/0xf0 [ 97.176873] _raw_spin_lock+0x2d/0x40 [ 97.180668] ? aio_poll+0x760/0x1420 [ 97.184495] aio_poll+0x760/0x1420 [ 97.188038] ? free_ioctx_users+0x710/0x710 [ 97.192518] ? kmem_cache_alloc+0x12e/0x730 [ 97.196832] ? aio_setup_rw+0x170/0x170 [ 97.200803] ? zap_class+0x640/0x640 [ 97.204591] ? mark_held_locks+0x130/0x130 [ 97.208814] ? zap_class+0x640/0x640 [ 97.212517] ? find_held_lock+0x36/0x1c0 [ 97.216568] ? find_held_lock+0x36/0x1c0 [ 97.220710] ? __might_fault+0x12b/0x1e0 [ 97.224776] ? lock_downgrade+0x900/0x900 [ 97.228925] ? lock_release+0xa00/0xa00 [ 97.232885] ? perf_trace_sched_process_exec+0x860/0x860 [ 97.238332] ? kasan_check_read+0x11/0x20 [ 97.242475] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 97.247740] io_submit_one+0xa49/0xf80 [ 97.251621] ? io_submit_one+0xa49/0xf80 [ 97.255667] ? aio_poll+0x1420/0x1420 [ 97.259450] ? __might_fault+0x12b/0x1e0 [ 97.263494] ? lock_downgrade+0x900/0x900 [ 97.267630] ? perf_trace_sched_process_exec+0x860/0x860 [ 97.273072] __x64_sys_io_submit+0x1b7/0x580 [ 97.277467] ? __ia32_sys_io_destroy+0x580/0x580 [ 97.282211] ? trace_hardirqs_on+0xbd/0x310 [ 97.286529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.292241] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.297598] ? trace_hardirqs_off_caller+0x310/0x310 [ 97.302696] do_syscall_64+0x1b9/0x820 [ 97.306800] ? __ia32_sys_io_destroy+0x580/0x580 [ 97.311562] ? do_syscall_64+0x1b9/0x820 [ 97.315727] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 97.321204] ? syscall_return_slowpath+0x5e0/0x5e0 [ 97.326141] ? trace_hardirqs_on_caller+0x310/0x310 [ 97.331172] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 97.336179] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 97.342832] ? __switch_to_asm+0x40/0x70 [ 97.346877] ? __switch_to_asm+0x34/0x70 [ 97.350942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 97.355782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.360967] RIP: 0033:0x457569 [ 97.364158] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.383052] RSP: 002b:00007f3f1c7f4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 97.390760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 97.398023] RDX: 0000000020000b00 RSI: 0000000000000001 RDI: 00007f3f1c817000 [ 97.405281] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 97.412550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f1c7f56d4 [ 97.419955] R13: 00000000004be7ed R14: 00000000004ced68 R15: 00000000ffffffff 2018/11/21 08:22:20 executed programs: 300 [ 97.495331] kobject: 'loop4' (00000000e2f4ef96): kobject_uevent_env [ 97.511837] kobject: 'loop4' (00000000e2f4ef96): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 97.525571] kobject: 'loop2' (000000002f4e126e): kobject_uevent_env [ 97.533171] kobject: 'loop2' (000000002f4e126e): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 97.543532] kobject: 'loop0' (00000000da0c9e92): kobject_uevent_env [ 97.550044] kobject: 'loop0' (00000000da0c9e92): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 97.561400] kobject: 'loop3' (0000000051a9a1d4): kobject_uevent_env [ 97.568742] kobject: 'loop3' (0000000051a9a1d4): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 97.578856] kobject: 'loop1' (00000000126d648d): kobject_uevent_env [ 97.585493] kobject: 'loop1' (00000000126d648d): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 97.595527] kobject: 'loop5' (0000000077e75519): kobject_uevent_env [ 97.602126] kobject: 'loop5' (0000000077e75519): fill_kobj_path: path = '/devices/virtual/block/loop5'