Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. 2019/06/27 16:12:00 parsed 1 programs 2019/06/27 16:12:02 executed programs: 0 syzkaller login: [ 67.911461][ T8757] IPVS: ftp: loaded support on port[0] = 21 [ 67.973922][ T8757] chnl_net:caif_netlink_parms(): no params data found [ 68.001533][ T8757] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.009154][ T8757] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.017316][ T8757] device bridge_slave_0 entered promiscuous mode [ 68.026395][ T8757] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.034389][ T8757] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.042315][ T8757] device bridge_slave_1 entered promiscuous mode [ 68.059134][ T8757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.069761][ T8757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.089983][ T8757] team0: Port device team_slave_0 added [ 68.097743][ T8757] team0: Port device team_slave_1 added [ 68.157779][ T8757] device hsr_slave_0 entered promiscuous mode [ 68.206054][ T8757] device hsr_slave_1 entered promiscuous mode [ 68.283303][ T8757] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.290451][ T8757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.298252][ T8757] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.305309][ T8757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.340399][ T8757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.351462][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.362001][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.370557][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.378726][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.390986][ T8757] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.401022][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.410124][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.417233][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.436516][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.445021][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.452154][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.460186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.469163][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.477610][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.486896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.497628][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.508530][ T8757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.526268][ T8757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.302682][ T8775] [ 70.305133][ T8775] ===================================================== [ 70.312142][ T8775] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 70.319713][ T8775] 5.2.0-rc6-next-20190627 #24 Not tainted [ 70.325412][ T8775] ----------------------------------------------------- [ 70.332327][ T8775] syz-executor.0/8775 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 70.340278][ T8775] 00000000c272e262 (&ctx->fd_wqh){....}, at: io_submit_one+0xefa/0x2ef0 [ 70.348986][ T8775] [ 70.348986][ T8775] and this task is already holding: [ 70.356330][ T8775] 00000000b6254005 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xeb5/0x2ef0 [ 70.365688][ T8775] which would create a new lock dependency: [ 70.371561][ T8775] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 70.378838][ T8775] [ 70.378838][ T8775] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 70.388377][ T8775] (&(&ctx->ctx_lock)->rlock){..-.} [ 70.388385][ T8775] [ 70.388385][ T8775] ... which became SOFTIRQ-irq-safe at: [ 70.401315][ T8775] lock_acquire+0x190/0x410 [ 70.405894][ T8775] _raw_spin_lock_irq+0x60/0x80 [ 70.410811][ T8775] free_ioctx_users+0x2d/0x490 [ 70.415735][ T8775] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 70.422100][ T8775] rcu_core+0x67f/0x1580 [ 70.426411][ T8775] rcu_core_si+0x9/0x10 [ 70.430694][ T8775] __do_softirq+0x262/0x98c [ 70.435468][ T8775] run_ksoftirqd+0x8e/0x110 [ 70.440103][ T8775] smpboot_thread_fn+0x6a3/0xa40 [ 70.445123][ T8775] kthread+0x361/0x430 [ 70.449442][ T8775] ret_from_fork+0x24/0x30 [ 70.453926][ T8775] [ 70.453926][ T8775] to a SOFTIRQ-irq-unsafe lock: [ 70.460918][ T8775] (&ctx->fault_pending_wqh){+.+.} [ 70.460925][ T8775] [ 70.460925][ T8775] ... which became SOFTIRQ-irq-unsafe at: [ 70.474093][ T8775] ... [ 70.474115][ T8775] lock_acquire+0x190/0x410 [ 70.481366][ T8775] _raw_spin_lock+0x2f/0x40 [ 70.485938][ T8775] userfaultfd_release+0x4ca/0x710 [ 70.491110][ T8775] __fput+0x2ff/0x890 [ 70.495291][ T8775] ____fput+0x16/0x20 [ 70.499440][ T8775] task_work_run+0x145/0x1c0 [ 70.504102][ T8775] exit_to_usermode_loop+0x280/0x2d0 [ 70.509464][ T8775] do_syscall_64+0x5a9/0x6a0 [ 70.514120][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.520157][ T8775] [ 70.520157][ T8775] other info that might help us debug this: [ 70.520157][ T8775] [ 70.530445][ T8775] Chain exists of: [ 70.530445][ T8775] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 70.530445][ T8775] [ 70.544668][ T8775] Possible interrupt unsafe locking scenario: [ 70.544668][ T8775] [ 70.553094][ T8775] CPU0 CPU1 [ 70.558588][ T8775] ---- ---- [ 70.564011][ T8775] lock(&ctx->fault_pending_wqh); [ 70.569109][ T8775] local_irq_disable(); [ 70.602956][ T8775] lock(&(&ctx->ctx_lock)->rlock); [ 70.610833][ T8775] lock(&ctx->fd_wqh); [ 70.617754][ T8775] [ 70.621360][ T8775] lock(&(&ctx->ctx_lock)->rlock); [ 70.626711][ T8775] [ 70.626711][ T8775] *** DEADLOCK *** [ 70.626711][ T8775] [ 70.634964][ T8775] 1 lock held by syz-executor.0/8775: [ 70.640428][ T8775] #0: 00000000b6254005 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xeb5/0x2ef0 [ 70.651699][ T8775] [ 70.651699][ T8775] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 70.662090][ T8775] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 70.667829][ T8775] IN-SOFTIRQ-W at: [ 70.671934][ T8775] lock_acquire+0x190/0x410 [ 70.678393][ T8775] _raw_spin_lock_irq+0x60/0x80 [ 70.684985][ T8775] free_ioctx_users+0x2d/0x490 [ 70.691388][ T8775] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 70.699217][ T8775] rcu_core+0x67f/0x1580 [ 70.705214][ T8775] rcu_core_si+0x9/0x10 [ 70.711115][ T8775] __do_softirq+0x262/0x98c [ 70.717358][ T8775] run_ksoftirqd+0x8e/0x110 [ 70.723621][ T8775] smpboot_thread_fn+0x6a3/0xa40 [ 70.730285][ T8775] kthread+0x361/0x430 [ 70.736110][ T8775] ret_from_fork+0x24/0x30 [ 70.742257][ T8775] INITIAL USE at: [ 70.746136][ T8775] lock_acquire+0x190/0x410 [ 70.752363][ T8775] _raw_spin_lock_irq+0x60/0x80 [ 70.758767][ T8775] free_ioctx_users+0x2d/0x490 [ 70.765158][ T8775] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 70.773049][ T8775] rcu_core+0x67f/0x1580 [ 70.778933][ T8775] rcu_core_si+0x9/0x10 [ 70.784656][ T8775] __do_softirq+0x262/0x98c [ 70.790712][ T8775] run_ksoftirqd+0x8e/0x110 [ 70.796790][ T8775] smpboot_thread_fn+0x6a3/0xa40 [ 70.803403][ T8775] kthread+0x361/0x430 [ 70.809025][ T8775] ret_from_fork+0x24/0x30 [ 70.814984][ T8775] } [ 70.817536][ T8775] ... key at: [] __key.53815+0x0/0x40 [ 70.824971][ T8775] ... acquired at: [ 70.828811][ T8775] lock_acquire+0x190/0x410 [ 70.833584][ T8775] _raw_spin_lock+0x2f/0x40 [ 70.838245][ T8775] io_submit_one+0xefa/0x2ef0 [ 70.843357][ T8775] __x64_sys_io_submit+0x1bd/0x570 [ 70.848735][ T8775] do_syscall_64+0xfd/0x6a0 [ 70.853544][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.859589][ T8775] [ 70.861902][ T8775] [ 70.861902][ T8775] the dependencies between the lock to be acquired [ 70.861905][ T8775] and SOFTIRQ-irq-unsafe lock: [ 70.875683][ T8775] -> (&ctx->fault_pending_wqh){+.+.} { [ 70.881205][ T8775] HARDIRQ-ON-W at: [ 70.885258][ T8775] lock_acquire+0x190/0x410 [ 70.891624][ T8775] _raw_spin_lock+0x2f/0x40 [ 70.897940][ T8775] userfaultfd_release+0x4ca/0x710 [ 70.904852][ T8775] __fput+0x2ff/0x890 [ 70.910740][ T8775] ____fput+0x16/0x20 [ 70.916531][ T8775] task_work_run+0x145/0x1c0 [ 70.923147][ T8775] exit_to_usermode_loop+0x280/0x2d0 [ 70.930372][ T8775] do_syscall_64+0x5a9/0x6a0 [ 70.936840][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.944542][ T8775] SOFTIRQ-ON-W at: [ 70.948603][ T8775] lock_acquire+0x190/0x410 [ 70.954927][ T8775] _raw_spin_lock+0x2f/0x40 [ 70.961238][ T8775] userfaultfd_release+0x4ca/0x710 [ 70.968299][ T8775] __fput+0x2ff/0x890 [ 70.974093][ T8775] ____fput+0x16/0x20 [ 70.979876][ T8775] task_work_run+0x145/0x1c0 [ 70.986285][ T8775] exit_to_usermode_loop+0x280/0x2d0 [ 70.993378][ T8775] do_syscall_64+0x5a9/0x6a0 [ 70.999932][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.007625][ T8775] INITIAL USE at: [ 71.011592][ T8775] lock_acquire+0x190/0x410 [ 71.017912][ T8775] _raw_spin_lock+0x2f/0x40 [ 71.024219][ T8775] userfaultfd_read+0x54d/0x1940 [ 71.030976][ T8775] __vfs_read+0x8a/0x110 [ 71.037211][ T8775] vfs_read+0x1f0/0x440 [ 71.043162][ T8775] ksys_read+0x14f/0x290 [ 71.049123][ T8775] __x64_sys_read+0x73/0xb0 [ 71.055500][ T8775] do_syscall_64+0xfd/0x6a0 [ 71.061731][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.069379][ T8775] } [ 71.072093][ T8775] ... key at: [] __key.46524+0x0/0x40 [ 71.079621][ T8775] ... acquired at: [ 71.083505][ T8775] _raw_spin_lock+0x2f/0x40 [ 71.088159][ T8775] userfaultfd_read+0x54d/0x1940 [ 71.093247][ T8775] __vfs_read+0x8a/0x110 [ 71.097927][ T8775] vfs_read+0x1f0/0x440 [ 71.102346][ T8775] ksys_read+0x14f/0x290 [ 71.106744][ T8775] __x64_sys_read+0x73/0xb0 [ 71.111513][ T8775] do_syscall_64+0xfd/0x6a0 [ 71.116188][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.122426][ T8775] [ 71.124735][ T8775] -> (&ctx->fd_wqh){....} { [ 71.129314][ T8775] INITIAL USE at: [ 71.133214][ T8775] lock_acquire+0x190/0x410 [ 71.139271][ T8775] _raw_spin_lock_irq+0x60/0x80 [ 71.145727][ T8775] userfaultfd_read+0x27a/0x1940 [ 71.152292][ T8775] __vfs_read+0x8a/0x110 [ 71.158138][ T8775] vfs_read+0x1f0/0x440 [ 71.163954][ T8775] ksys_read+0x14f/0x290 [ 71.169739][ T8775] __x64_sys_read+0x73/0xb0 [ 71.175845][ T8775] do_syscall_64+0xfd/0x6a0 [ 71.181906][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.189336][ T8775] } [ 71.191828][ T8775] ... key at: [] __key.46527+0x0/0x40 [ 71.199260][ T8775] ... acquired at: [ 71.203163][ T8775] lock_acquire+0x190/0x410 [ 71.207950][ T8775] _raw_spin_lock+0x2f/0x40 [ 71.212612][ T8775] io_submit_one+0xefa/0x2ef0 [ 71.217479][ T8775] __x64_sys_io_submit+0x1bd/0x570 [ 71.222954][ T8775] do_syscall_64+0xfd/0x6a0 [ 71.227758][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.233793][ T8775] [ 71.236099][ T8775] [ 71.236099][ T8775] stack backtrace: [ 71.242122][ T8775] CPU: 1 PID: 8775 Comm: syz-executor.0 Not tainted 5.2.0-rc6-next-20190627 #24 [ 71.251376][ T8775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.261501][ T8775] Call Trace: [ 71.264786][ T8775] dump_stack+0x172/0x1f0 [ 71.269164][ T8775] check_irq_usage.cold+0x5b4/0x72e [ 71.274371][ T8775] ? check_usage_forwards+0x330/0x330 [ 71.279731][ T8775] ? check_path+0x26/0x40 [ 71.284040][ T8775] ? kasan_check_read+0x11/0x20 [ 71.288884][ T8775] ? check_noncircular+0x16a/0x3e0 [ 71.294485][ T8775] ? print_circular_bug+0x200/0x200 [ 71.299808][ T8775] ? __lockdep_reset_lock+0x450/0x450 [ 71.305274][ T8775] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 71.311536][ T8775] __lock_acquire+0x25bd/0x4c20 [ 71.317067][ T8775] ? __lock_acquire+0x25bd/0x4c20 [ 71.322076][ T8775] ? mark_held_locks+0xf0/0xf0 [ 71.326874][ T8775] ? trace_hardirqs_on+0x67/0x240 [ 71.331891][ T8775] ? kasan_check_read+0x11/0x20 [ 71.337023][ T8775] lock_acquire+0x190/0x410 [ 71.341519][ T8775] ? io_submit_one+0xefa/0x2ef0 [ 71.346502][ T8775] _raw_spin_lock+0x2f/0x40 [ 71.351106][ T8775] ? io_submit_one+0xefa/0x2ef0 [ 71.355939][ T8775] io_submit_one+0xefa/0x2ef0 [ 71.360604][ T8775] ? lookup_ioctx+0x1d7/0x830 [ 71.365293][ T8775] ? ioctx_alloc+0x1dc0/0x1dc0 [ 71.370053][ T8775] ? aio_setup_rw+0x180/0x180 [ 71.374718][ T8775] __x64_sys_io_submit+0x1bd/0x570 [ 71.379819][ T8775] ? __x64_sys_io_submit+0x1bd/0x570 [ 71.385221][ T8775] ? __ia32_sys_io_destroy+0x420/0x420 [ 71.390661][ T8775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 71.396109][ T8775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 71.401574][ T8775] ? do_syscall_64+0x26/0x6a0 [ 71.406235][ T8775] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.412379][ T8775] ? do_syscall_64+0x26/0x6a0 [ 71.417036][ T8775] ? lockdep_hardirqs_on+0x418/0x5d0 [ 71.422312][ T8775] do_syscall_64+0xfd/0x6a0 [ 71.426905][ T8775] ? do_syscall_64+0xfd/0x6a0 [ 71.431622][ T8775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.437511][ T8775] RIP: 0033:0x459519 [ 71.441550][ T8775] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.461578][ T8775] RSP: 002b:00007f2ee00b8c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 71.470106][ T8775] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459519 [ 71.478178][ T8775] RDX: 0000000020000600 RSI: 0000000000000001 RDI: 00007f2ee00ba000 [ 71.486266][ T8775] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 71.494214][ T8775] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2ee00b96d4 [ 71.502172][ T8775] R13: 00000000004c0898 R14: 00000000004d3548 R15: 00000000ffffffff [ 71.590772][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 71.597981][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 72.530659][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 72.540272][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' 2019/06/27 16:12:07 executed programs: 4 [ 73.420601][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 73.428408][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 74.360929][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 74.368308][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 75.250848][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 75.258173][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 76.190796][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 76.200529][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.140439][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 77.147826][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 78.021804][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 78.029010][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' 2019/06/27 16:12:13 executed programs: 10 [ 78.961530][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 78.968940][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 79.900320][ T3878] kobject: 'loop0' (000000004bc80b38): kobject_uevent_env [ 79.907783][ T3878] kobject: 'loop0' (000000004bc80b38): fill_kobj_path: path = '/devices/virtual/block/loop0'