[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 25.223916] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 28.632990] random: sshd: uninitialized urandom read (32 bytes read) [ 28.916521] random: sshd: uninitialized urandom read (32 bytes read) [ 29.550123] random: sshd: uninitialized urandom read (32 bytes read) [ 36.897435] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts. [ 42.513832] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 42.671877] [ 42.673525] ======================================================== [ 42.679990] WARNING: possible irq lock inversion dependency detected [ 42.686506] 4.19.0-rc2+ #229 Not tainted [ 42.690546] -------------------------------------------------------- [ 42.697017] swapper/0/0 just changed the state of lock: [ 42.702357] 00000000c02bddef (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0xbc/0x710 [ 42.711098] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 42.717909] (&fiq->waitq){+.+.} [ 42.717917] [ 42.717917] [ 42.717917] and interrupts could create inverse lock ordering between them. [ 42.717917] [ 42.732760] [ 42.732760] other info that might help us debug this: [ 42.739406] Possible interrupt unsafe locking scenario: [ 42.739406] [ 42.746308] CPU0 CPU1 [ 42.750950] ---- ---- [ 42.755602] lock(&fiq->waitq); [ 42.758992] local_irq_disable(); [ 42.765033] lock(&(&ctx->ctx_lock)->rlock); [ 42.772025] lock(&fiq->waitq); [ 42.777890] [ 42.780630] lock(&(&ctx->ctx_lock)->rlock); [ 42.785275] [ 42.785275] *** DEADLOCK *** [ 42.785275] [ 42.791314] 2 locks held by swapper/0/0: [ 42.795348] #0: 0000000077c9a56b (rcu_callback){....}, at: rcu_process_callbacks+0x1012/0x2670 [ 42.804179] #1: 0000000031dcf310 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x2b7/0x820 [ 42.814311] [ 42.814311] the shortest dependencies between 2nd lock and 1st lock: [ 42.822370] -> (&fiq->waitq){+.+.} ops: 4 { [ 42.826765] HARDIRQ-ON-W at: [ 42.830113] lock_acquire+0x1ed/0x520 [ 42.835716] _raw_spin_lock+0x2d/0x40 [ 42.841318] flush_bg_queue+0x389/0x650 [ 42.847152] fuse_request_send_background_locked+0x2f5/0x5a0 [ 42.854771] fuse_request_send_background+0x135/0x180 [ 42.861784] cuse_channel_open+0x6b0/0x963 [ 42.867840] misc_open+0x3ca/0x560 [ 42.873186] chrdev_open+0x25a/0x710 [ 42.878704] do_dentry_open+0x499/0x1250 [ 42.884696] vfs_open+0xa0/0xd0 [ 42.889776] path_openat+0x12bf/0x5160 [ 42.895469] do_filp_open+0x255/0x380 [ 42.901077] do_sys_open+0x568/0x700 [ 42.906595] __x64_sys_openat+0x9d/0x100 [ 42.912464] do_syscall_64+0x1b9/0x820 [ 42.918156] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.925144] SOFTIRQ-ON-W at: [ 42.928496] lock_acquire+0x1ed/0x520 [ 42.934120] _raw_spin_lock+0x2d/0x40 [ 42.939722] flush_bg_queue+0x389/0x650 [ 42.945513] fuse_request_send_background_locked+0x2f5/0x5a0 [ 42.953115] fuse_request_send_background+0x135/0x180 [ 42.960111] cuse_channel_open+0x6b0/0x963 [ 42.966156] misc_open+0x3ca/0x560 [ 42.971500] chrdev_open+0x25a/0x710 [ 42.977018] do_dentry_open+0x499/0x1250 [ 42.982882] vfs_open+0xa0/0xd0 [ 42.987982] path_openat+0x12bf/0x5160 [ 42.993680] do_filp_open+0x255/0x380 [ 42.999290] do_sys_open+0x568/0x700 [ 43.004807] __x64_sys_openat+0x9d/0x100 [ 43.010669] do_syscall_64+0x1b9/0x820 [ 43.016376] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.023366] INITIAL USE at: [ 43.026633] lock_acquire+0x1ed/0x520 [ 43.032149] _raw_spin_lock+0x2d/0x40 [ 43.037713] flush_bg_queue+0x389/0x650 [ 43.043409] fuse_request_send_background_locked+0x2f5/0x5a0 [ 43.050921] fuse_request_send_background+0x135/0x180 [ 43.057824] cuse_channel_open+0x6b0/0x963 [ 43.063789] misc_open+0x3ca/0x560 [ 43.069048] chrdev_open+0x25a/0x710 [ 43.074480] do_dentry_open+0x499/0x1250 [ 43.080264] vfs_open+0xa0/0xd0 [ 43.085263] path_openat+0x12bf/0x5160 [ 43.090863] do_filp_open+0x255/0x380 [ 43.096379] do_sys_open+0x568/0x700 [ 43.101816] __x64_sys_openat+0x9d/0x100 [ 43.107596] do_syscall_64+0x1b9/0x820 [ 43.113199] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.120095] } [ 43.121965] ... key at: [] __key.42168+0x0/0x40 [ 43.128792] ... acquired at: [ 43.131967] _raw_spin_lock+0x2d/0x40 [ 43.135920] aio_poll+0x760/0x1420 [ 43.139612] io_submit_one+0xab8/0x1090 [ 43.143740] __x64_sys_io_submit+0x1b9/0x5d0 [ 43.148299] do_syscall_64+0x1b9/0x820 [ 43.152339] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.157682] [ 43.159286] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 43.164810] IN-SOFTIRQ-W at: [ 43.168081] lock_acquire+0x1ed/0x520 [ 43.173517] _raw_spin_lock_irq+0x61/0x80 [ 43.179293] free_ioctx_users+0xbc/0x710 [ 43.184985] percpu_ref_switch_to_atomic_rcu+0x62c/0x820 [ 43.192177] rcu_process_callbacks+0xf23/0x2670 [ 43.198490] __do_softirq+0x30b/0xad8 [ 43.204082] irq_exit+0x17f/0x1c0 [ 43.209166] smp_apic_timer_interrupt+0x1cb/0x760 [ 43.215770] apic_timer_interrupt+0xf/0x20 [ 43.221745] native_safe_halt+0x6/0x10 [ 43.227286] default_idle+0xbf/0x490 [ 43.232646] arch_cpu_idle+0x10/0x20 [ 43.238459] default_idle_call+0x6d/0x90 [ 43.244154] do_idle+0x3db/0x5b0 [ 43.249145] cpu_startup_entry+0x10c/0x120 [ 43.255007] rest_init+0xe2/0xe5 [ 43.260003] start_kernel+0x8f4/0x92f [ 43.265447] x86_64_start_reservations+0x29/0x2b [ 43.271837] x86_64_start_kernel+0x76/0x79 [ 43.277699] secondary_startup_64+0xa4/0xb0 [ 43.283644] INITIAL USE at: [ 43.286833] lock_acquire+0x1ed/0x520 [ 43.292173] _raw_spin_lock_irq+0x61/0x80 [ 43.297874] aio_poll+0x738/0x1420 [ 43.302957] io_submit_one+0xab8/0x1090 [ 43.308480] __x64_sys_io_submit+0x1b9/0x5d0 [ 43.314433] do_syscall_64+0x1b9/0x820 [ 43.319864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.326592] } [ 43.328381] ... key at: [] __key.50120+0x0/0x40 [ 43.335108] ... acquired at: [ 43.338192] mark_lock+0xa6b/0x1cb0 [ 43.341969] __lock_acquire+0x15f8/0x4ec0 [ 43.346267] lock_acquire+0x1ed/0x520 [ 43.350217] _raw_spin_lock_irq+0x61/0x80 [ 43.354518] free_ioctx_users+0xbc/0x710 [ 43.358733] percpu_ref_switch_to_atomic_rcu+0x62c/0x820 [ 43.364439] rcu_process_callbacks+0xf23/0x2670 [ 43.369322] __do_softirq+0x30b/0xad8 [ 43.373297] irq_exit+0x17f/0x1c0 [ 43.376918] smp_apic_timer_interrupt+0x1cb/0x760 [ 43.381920] apic_timer_interrupt+0xf/0x20 [ 43.386306] native_safe_halt+0x6/0x10 [ 43.390342] default_idle+0xbf/0x490 [ 43.394209] arch_cpu_idle+0x10/0x20 [ 43.398074] default_idle_call+0x6d/0x90 [ 43.402527] do_idle+0x3db/0x5b0 [ 43.406057] cpu_startup_entry+0x10c/0x120 [ 43.410445] rest_init+0xe2/0xe5 [ 43.413964] start_kernel+0x8f4/0x92f [ 43.417979] x86_64_start_reservations+0x29/0x2b [ 43.422893] x86_64_start_kernel+0x76/0x79 [ 43.427282] secondary_startup_64+0xa4/0xb0 [ 43.431750] [ 43.433369] [ 43.433369] stack backtrace: [ 43.437842] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc2+ #229 [ 43.444480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.454100] Call Trace: [ 43.456665] [ 43.458799] dump_stack+0x1c4/0x2b4 [ 43.462408] ? dump_stack_print_info.cold.2+0x52/0x52 [ 43.467581] ? print_shortest_lock_dependencies.cold.55+0x1c3/0x246 [ 43.473964] ? vprintk_func+0x85/0x181 [ 43.477830] print_irq_inversion_bug.part.35+0x2c7/0x2d6 [ 43.483263] check_usage_forwards.cold.57+0x20/0x29 [ 43.488264] ? check_usage_backwards+0x3d0/0x3d0 [ 43.493004] ? unwind_next_frame+0x3e/0x50 [ 43.497220] ? __save_stack_trace+0x7d/0xf0 [ 43.501639] ? save_stack_trace+0x1a/0x20 [ 43.505769] ? save_trace+0xe0/0x290 [ 43.509462] mark_lock+0xa6b/0x1cb0 [ 43.513069] ? check_usage_backwards+0x3d0/0x3d0 [ 43.517818] ? print_usage_bug+0xc0/0xc0 [ 43.521877] ? kasan_check_read+0x11/0x20 [ 43.526079] ? mark_lock+0x865/0x1cb0 [ 43.529868] ? print_usage_bug+0xc0/0xc0 [ 43.533911] ? __lock_acquire+0x7ec/0x4ec0 [ 43.538137] __lock_acquire+0x15f8/0x4ec0 [ 43.542265] ? graph_lock+0x170/0x170 [ 43.546043] ? graph_lock+0x170/0x170 [ 43.549825] ? mark_held_locks+0x130/0x130 [ 43.554040] ? print_usage_bug+0xc0/0xc0 [ 43.558096] ? mark_held_locks+0x130/0x130 [ 43.562310] ? print_usage_bug+0xc0/0xc0 [ 43.566358] ? try_to_wake_up+0x10a/0x12f0 [ 43.570575] ? __lock_acquire+0x7ec/0x4ec0 [ 43.575046] ? trace_hardirqs_off+0xb8/0x310 [ 43.579436] ? kasan_check_read+0x11/0x20 [ 43.583590] ? do_raw_spin_unlock+0xa7/0x2f0 [ 43.587978] ? mark_held_locks+0x130/0x130 [ 43.592205] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 43.597284] ? graph_lock+0x170/0x170 [ 43.601061] ? __lock_acquire+0x7ec/0x4ec0 [ 43.605275] ? swake_up_one+0x25f/0x440 [ 43.609226] lock_acquire+0x1ed/0x520 [ 43.613009] ? free_ioctx_users+0xbc/0x710 [ 43.617235] ? lock_release+0x970/0x970 [ 43.621186] ? trace_hardirqs_off+0xb8/0x310 [ 43.625574] ? __wake_up_common_lock+0x1d0/0x330 [ 43.630305] ? free_ioctx_users+0xbc/0x710 [ 43.634537] ? trace_hardirqs_on+0x310/0x310 [ 43.639009] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 43.644115] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 43.648679] _raw_spin_lock_irq+0x61/0x80 [ 43.652809] ? free_ioctx_users+0xbc/0x710 [ 43.657025] free_ioctx_users+0xbc/0x710 [ 43.661062] ? kasan_check_write+0x14/0x20 [ 43.665279] ? do_io_getevents+0x470/0x470 [ 43.669493] ? lock_acquire+0x1ed/0x520 [ 43.673451] ? percpu_ref_switch_to_atomic_rcu+0x2b7/0x820 [ 43.679060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.684579] ? check_preemption_disabled+0x48/0x200 [ 43.689636] ? kasan_check_read+0x11/0x20 [ 43.693773] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 43.699028] ? rcu_bh_qs+0xc0/0xc0 [ 43.702549] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 43.707545] ? find_next_bit+0x104/0x130 [ 43.711587] percpu_ref_switch_to_atomic_rcu+0x62c/0x820 [ 43.717019] ? percpu_ref_exit+0xe0/0xe0 [ 43.721058] ? lock_acquire+0x1ed/0x520 [ 43.725014] ? rcu_process_callbacks+0x1012/0x2670 [ 43.729923] ? lock_release+0x970/0x970 [ 43.733879] ? debug_stats_show+0x100/0x100 [ 43.738181] ? __do_softirq+0x30b/0xad8 [ 43.742138] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 43.747567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.753082] ? check_preemption_disabled+0x48/0x200 [ 43.758077] ? percpu_ref_exit+0xe0/0xe0 [ 43.762122] rcu_process_callbacks+0xf23/0x2670 [ 43.766771] ? __rcu_read_unlock+0x2f0/0x2f0 [ 43.771159] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 43.776159] ? find_held_lock+0x36/0x1c0 [ 43.780207] ? __run_timers+0xa20/0xc70 [ 43.784214] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.788697] ? _raw_spin_unlock_irq+0x27/0x80 [ 43.793177] ? work_on_cpu_safe+0x90/0x90 [ 43.797306] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 43.801867] ? trace_hardirqs_on+0xbd/0x310 [ 43.806166] ? kasan_check_read+0x11/0x20 [ 43.810292] ? __run_timers+0xa20/0xc70 [ 43.814251] ? kasan_check_write+0x14/0x20 [ 43.818468] ? _raw_spin_unlock_irq+0x60/0x80 [ 43.822944] ? __run_timers+0xa4a/0xc70 [ 43.826902] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 43.832245] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 43.837244] ? graph_lock+0x170/0x170 [ 43.841025] ? enqueue_hrtimer+0x1a5/0x560 [ 43.845243] ? lock_release+0x970/0x970 [ 43.849215] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 43.854423] ? find_held_lock+0x36/0x1c0 [ 43.858465] ? pvclock_read_flags+0x160/0x160 [ 43.862937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.868451] ? check_preemption_disabled+0x48/0x200 [ 43.873443] ? check_preemption_disabled+0x48/0x200 [ 43.878477] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 43.883993] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 43.889248] ? rcu_pm_notify+0xc0/0xc0 [ 43.893122] __do_softirq+0x30b/0xad8 [ 43.896902] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 43.901999] ? pvclock_read_flags+0x160/0x160 [ 43.906470] ? lapic_next_event+0x5a/0x90 [ 43.910593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.916109] ? check_preemption_disabled+0x48/0x200 [ 43.921187] ? check_preemption_disabled+0x48/0x200 [ 43.926209] ? kvm_clock_read+0x18/0x30 [ 43.930166] ? kvm_sched_clock_read+0x9/0x20 [ 43.934564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.940086] ? check_preemption_disabled+0x48/0x200 [ 43.945088] irq_exit+0x17f/0x1c0 [ 43.948520] smp_apic_timer_interrupt+0x1cb/0x760 [ 43.953342] ? smp_call_function_single_interrupt+0x650/0x650 [ 43.959325] ? interrupt_entry+0xb5/0xf0 [ 43.963373] ? trace_hardirqs_off_caller+0xbb/0x310 [ 43.968382] ? trace_hardirqs_off_caller+0xbb/0x310 [ 43.973378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.978201] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.983196] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.988190] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.993705] ? check_preemption_disabled+0x48/0x200 [ 43.998697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.004228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.009049] apic_timer_interrupt+0xf/0x20 [ 44.013259] [ 44.015502] RIP: 0010:native_safe_halt+0x6/0x10 [ 44.020148] Code: e9 2c ff ff ff 48 89 c7 48 89 45 d8 e8 43 b9 02 fa 48 8b 45 d8 e9 ca fe ff ff 48 89 df e8 32 b9 02 fa eb 82 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 [ 44.039040] RSP: 0018:ffffffff89407bb8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 44.046729] RAX: dffffc0000000000 RBX: 1ffffffff1280f7b RCX: 0000000000000000 [ 44.053977] RDX: 1ffffffff12a4538 RSI: 0000000000000001 RDI: ffffffff895229c0 [ 44.061224] RBP: ffffffff89407bb8 R08: ffffffff89475fc0 R09: 0000000000000000 [ 44.068472] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89407c78 [ 44.075746] R13: ffffffff8a3149a0 R14: 0000000000000000 R15: 0000000000000000 [ 44.083006] default_idle+0xbf/0x490 [ 44.086705] ? rcu_dynticks_eqs_enter+0x4c/0x70 [ 44.091419] ? __sched_text_end+0x1/0x1 [ 44.095383] ? rcu_idle_enter+0x329/0x4b0 [ 44.099513] ? rcu_eqs_special_set+0x1b0/0x1b0 [ 44.104509] ? tsc_verify_tsc_adjust+0x137/0x460 [ 44.109248] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 44.114685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.120202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.125721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.131244] arch_cpu_idle+0x10/0x20 [ 44.134940] default_idle_call+0x6d/0x90 [ 44.138979] do_idle+0x3db/0x5b0 [ 44.142328] ? arch_cpu_idle_exit+0x70/0x70 [ 44.146626] ? check_preemption_disabled+0x48/0x200 [ 44.151634] ? __schedule+0x1ed0/0x1ed0 [ 44.155594] cpu_startup_entry+0x10c/0x120 [ 44.159829] ? cpu_in_idle+0x20/0x20 [ 44.163675] rest_init+0xe2/0xe5 [ 44.167032] start_kernel+0x8f4/0x92f [ 44.170854] ? mem_encrypt_init+0xb/0xb [ 44.174826] ? early_idt_handler_common+