Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. [ 60.665851] audit: type=1400 audit(1560794165.637:36): avc: denied { map } for pid=7589 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/17 17:56:06 parsed 1 programs [ 61.556759] audit: type=1400 audit(1560794166.527:37): avc: denied { map } for pid=7589 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=94 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/17 17:56:08 executed programs: 0 [ 63.862739] IPVS: ftp: loaded support on port[0] = 21 [ 63.922836] chnl_net:caif_netlink_parms(): no params data found [ 63.955960] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.962731] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.970115] device bridge_slave_0 entered promiscuous mode [ 63.977735] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.984128] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.991359] device bridge_slave_1 entered promiscuous mode [ 64.007114] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 64.016210] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 64.033950] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 64.041720] team0: Port device team_slave_0 added [ 64.047282] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 64.054629] team0: Port device team_slave_1 added [ 64.060058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.067402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.146849] device hsr_slave_0 entered promiscuous mode [ 64.215594] device hsr_slave_1 entered promiscuous mode [ 64.285373] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 64.292928] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 64.307673] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.314154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.321419] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.327836] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.359641] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 64.367904] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.377209] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 64.386485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.406010] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.413310] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.422865] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 64.432921] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 64.439856] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.448988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.456855] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.463202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.472625] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.481118] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.487548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.502568] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.516719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.523961] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.534450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.545633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.558178] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 64.564340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.571811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.584554] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 64.595782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.607250] audit: type=1400 audit(1560794169.577:38): avc: denied { associate } for pid=7605 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/06/17 17:56:14 executed programs: 5 2019/06/17 17:56:19 executed programs: 11 [ 75.735584] [ 75.737393] ===================================================== [ 75.743610] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 75.750590] 4.19.51 #23 Not tainted [ 75.754411] ----------------------------------------------------- [ 75.760646] syz-executor.0/7668 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 75.768127] 0000000070a625fa (&ctx->fd_wqh){....}, at: io_submit_one+0xef2/0x2eb0 [ 75.775771] [ 75.775771] and this task is already holding: [ 75.782049] 00000000d4a94f01 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 75.790962] which would create a new lock dependency: [ 75.796239] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 75.802837] [ 75.802837] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 75.811147] (&(&ctx->ctx_lock)->rlock){..-.} [ 75.811158] [ 75.811158] ... which became SOFTIRQ-irq-safe at: [ 75.822339] lock_acquire+0x16f/0x3f0 [ 75.826220] _raw_spin_lock_irq+0x60/0x80 [ 75.830438] free_ioctx_users+0x2d/0x490 [ 75.834641] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 75.840291] rcu_process_callbacks+0xba0/0x1a30 [ 75.845033] __do_softirq+0x25c/0x921 [ 75.848905] irq_exit+0x180/0x1d0 [ 75.852638] smp_apic_timer_interrupt+0x13b/0x550 [ 75.857568] apic_timer_interrupt+0xf/0x20 [ 75.862001] native_safe_halt+0xe/0x10 [ 75.865975] arch_cpu_idle+0xa/0x10 [ 75.869808] default_idle_call+0x36/0x90 [ 75.874161] do_idle+0x377/0x560 [ 75.877716] cpu_startup_entry+0xc8/0xe0 [ 75.881859] rest_init+0xf1/0xf6 [ 75.885406] start_kernel+0x88c/0x8c5 [ 75.889298] x86_64_start_reservations+0x29/0x2b [ 75.894327] x86_64_start_kernel+0x77/0x7b [ 75.898661] secondary_startup_64+0xa4/0xb0 [ 75.903060] [ 75.903060] to a SOFTIRQ-irq-unsafe lock: [ 75.908787] (&ctx->fault_pending_wqh){+.+.} [ 75.908798] [ 75.908798] ... which became SOFTIRQ-irq-unsafe at: [ 75.919781] ... [ 75.919799] lock_acquire+0x16f/0x3f0 [ 75.925534] _raw_spin_lock+0x2f/0x40 [ 75.929408] userfaultfd_release+0x4d6/0x720 [ 75.933900] __fput+0x2dd/0x8b0 [ 75.937347] ____fput+0x16/0x20 [ 75.940775] task_work_run+0x145/0x1c0 [ 75.944927] get_signal+0x1baa/0x1fc0 [ 75.948801] do_signal+0x95/0x1960 [ 75.952426] exit_to_usermode_loop+0x244/0x2c0 [ 75.957094] do_syscall_64+0x53d/0x620 [ 75.961060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 75.966499] [ 75.966499] other info that might help us debug this: [ 75.966499] [ 75.974758] Chain exists of: [ 75.974758] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 75.974758] [ 75.987124] Possible interrupt unsafe locking scenario: [ 75.987124] [ 75.994053] CPU0 CPU1 [ 75.998703] ---- ---- [ 76.003348] lock(&ctx->fault_pending_wqh); [ 76.007747] local_irq_disable(); [ 76.013874] lock(&(&ctx->ctx_lock)->rlock); [ 76.020981] lock(&ctx->fd_wqh); [ 76.027123] [ 76.029925] lock(&(&ctx->ctx_lock)->rlock); [ 76.034589] [ 76.034589] *** DEADLOCK *** [ 76.034589] [ 76.040643] 1 lock held by syz-executor.0/7668: [ 76.045380] #0: 00000000d4a94f01 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 76.054575] [ 76.054575] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 76.063600] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 12 { [ 76.069237] IN-SOFTIRQ-W at: [ 76.072603] lock_acquire+0x16f/0x3f0 [ 76.078041] _raw_spin_lock_irq+0x60/0x80 [ 76.083829] free_ioctx_users+0x2d/0x490 [ 76.089533] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 76.096871] rcu_process_callbacks+0xba0/0x1a30 [ 76.103318] __do_softirq+0x25c/0x921 [ 76.108755] irq_exit+0x180/0x1d0 [ 76.113970] smp_apic_timer_interrupt+0x13b/0x550 [ 76.120604] apic_timer_interrupt+0xf/0x20 [ 76.126483] native_safe_halt+0xe/0x10 [ 76.132264] arch_cpu_idle+0xa/0x10 [ 76.137682] default_idle_call+0x36/0x90 [ 76.143542] do_idle+0x377/0x560 [ 76.148546] cpu_startup_entry+0xc8/0xe0 [ 76.154245] rest_init+0xf1/0xf6 [ 76.159431] start_kernel+0x88c/0x8c5 [ 76.164948] x86_64_start_reservations+0x29/0x2b [ 76.181554] x86_64_start_kernel+0x77/0x7b [ 76.187427] secondary_startup_64+0xa4/0xb0 [ 76.193687] INITIAL USE at: [ 76.196885] lock_acquire+0x16f/0x3f0 [ 76.202416] _raw_spin_lock_irq+0x60/0x80 [ 76.208133] free_ioctx_users+0x2d/0x490 [ 76.213758] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 76.220762] rcu_process_callbacks+0xba0/0x1a30 [ 76.227099] __do_softirq+0x25c/0x921 [ 76.232581] irq_exit+0x180/0x1d0 [ 76.237602] smp_apic_timer_interrupt+0x13b/0x550 [ 76.244144] apic_timer_interrupt+0xf/0x20 [ 76.249939] native_safe_halt+0xe/0x10 [ 76.255543] arch_cpu_idle+0xa/0x10 [ 76.260732] default_idle_call+0x36/0x90 [ 76.266348] do_idle+0x377/0x560 [ 76.271539] cpu_startup_entry+0xc8/0xe0 [ 76.277303] rest_init+0xf1/0xf6 [ 76.282322] start_kernel+0x88c/0x8c5 [ 76.287857] x86_64_start_reservations+0x29/0x2b [ 76.294176] x86_64_start_kernel+0x77/0x7b [ 76.299974] secondary_startup_64+0xa4/0xb0 [ 76.306274] } [ 76.308086] ... key at: [] __key.50192+0x0/0x40 [ 76.315020] ... acquired at: [ 76.318197] lock_acquire+0x16f/0x3f0 [ 76.322171] _raw_spin_lock+0x2f/0x40 [ 76.326132] io_submit_one+0xef2/0x2eb0 [ 76.330616] __x64_sys_io_submit+0x1aa/0x520 [ 76.335299] do_syscall_64+0xfd/0x620 [ 76.339268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.344615] [ 76.346286] [ 76.346286] the dependencies between the lock to be acquired [ 76.346292] and SOFTIRQ-irq-unsafe lock: [ 76.358000] -> (&ctx->fault_pending_wqh){+.+.} ops: 66 { [ 76.363718] HARDIRQ-ON-W at: [ 76.367079] lock_acquire+0x16f/0x3f0 [ 76.372882] _raw_spin_lock+0x2f/0x40 [ 76.378501] userfaultfd_release+0x4d6/0x720 [ 76.384869] __fput+0x2dd/0x8b0 [ 76.389967] ____fput+0x16/0x20 [ 76.395071] task_work_run+0x145/0x1c0 [ 76.400884] get_signal+0x1baa/0x1fc0 [ 76.406624] do_signal+0x95/0x1960 [ 76.412084] exit_to_usermode_loop+0x244/0x2c0 [ 76.418606] do_syscall_64+0x53d/0x620 [ 76.424500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.432218] SOFTIRQ-ON-W at: [ 76.435828] lock_acquire+0x16f/0x3f0 [ 76.441793] _raw_spin_lock+0x2f/0x40 [ 76.447525] userfaultfd_release+0x4d6/0x720 [ 76.453837] __fput+0x2dd/0x8b0 [ 76.458952] ____fput+0x16/0x20 [ 76.464085] task_work_run+0x145/0x1c0 [ 76.469791] get_signal+0x1baa/0x1fc0 [ 76.475518] do_signal+0x95/0x1960 [ 76.481012] exit_to_usermode_loop+0x244/0x2c0 [ 76.487407] do_syscall_64+0x53d/0x620 [ 76.493225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.500334] INITIAL USE at: [ 76.503760] lock_acquire+0x16f/0x3f0 [ 76.509326] _raw_spin_lock+0x2f/0x40 [ 76.514869] userfaultfd_read+0x394/0x18c0 [ 76.520864] __vfs_read+0x114/0x800 [ 76.526390] vfs_read+0x194/0x3d0 [ 76.533373] ksys_read+0x14f/0x2d0 [ 76.538919] __x64_sys_read+0x73/0xb0 [ 76.545223] do_syscall_64+0xfd/0x620 [ 76.550758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.557884] } [ 76.559762] ... key at: [] __key.43726+0x0/0x40 [ 76.567034] ... acquired at: [ 76.570221] _raw_spin_lock+0x2f/0x40 [ 76.574186] userfaultfd_read+0x394/0x18c0 [ 76.578700] __vfs_read+0x114/0x800 [ 76.582504] vfs_read+0x194/0x3d0 [ 76.586195] ksys_read+0x14f/0x2d0 [ 76.589947] __x64_sys_read+0x73/0xb0 [ 76.594022] do_syscall_64+0xfd/0x620 [ 76.598098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.603561] [ 76.605284] -> (&ctx->fd_wqh){....} ops: 68 { [ 76.609788] INITIAL USE at: [ 76.612979] lock_acquire+0x16f/0x3f0 [ 76.618442] _raw_spin_lock_irq+0x60/0x80 [ 76.624267] userfaultfd_read+0x262/0x18c0 [ 76.630179] __vfs_read+0x114/0x800 [ 76.635900] vfs_read+0x194/0x3d0 [ 76.640905] ksys_read+0x14f/0x2d0 [ 76.646276] __x64_sys_read+0x73/0xb0 [ 76.651812] do_syscall_64+0xfd/0x620 [ 76.657179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.664065] } [ 76.665865] ... key at: [] __key.43729+0x0/0x40 [ 76.672706] ... acquired at: [ 76.675806] lock_acquire+0x16f/0x3f0 [ 76.679979] _raw_spin_lock+0x2f/0x40 [ 76.684116] io_submit_one+0xef2/0x2eb0 [ 76.688712] __x64_sys_io_submit+0x1aa/0x520 [ 76.693290] do_syscall_64+0xfd/0x620 [ 76.697355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.703223] [ 76.704898] [ 76.704898] stack backtrace: [ 76.709392] CPU: 1 PID: 7668 Comm: syz-executor.0 Not tainted 4.19.51 #23 [ 76.716298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.725764] Call Trace: [ 76.728346] dump_stack+0x172/0x1f0 [ 76.732191] check_usage.cold+0x611/0x946 [ 76.736346] ? check_usage_forwards+0x340/0x340 [ 76.741011] ? unwind_get_return_address+0x61/0xa0 [ 76.745933] ? check_noncircular+0x20/0x20 [ 76.750173] __lock_acquire+0x1ee4/0x48f0 [ 76.754331] ? __lock_acquire+0x1ee4/0x48f0 [ 76.758670] ? mark_held_locks+0x100/0x100 [ 76.762910] ? __debug_object_init+0x190/0xc30 [ 76.767491] ? mark_held_locks+0x100/0x100 [ 76.771728] ? add_wait_queue+0x112/0x170 [ 76.775880] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 76.780978] ? add_wait_queue+0x112/0x170 [ 76.785136] ? lockdep_hardirqs_on+0x415/0x5d0 [ 76.789922] ? trace_hardirqs_on+0x67/0x220 [ 76.794232] ? kasan_check_read+0x11/0x20 [ 76.798374] lock_acquire+0x16f/0x3f0 [ 76.802303] ? io_submit_one+0xef2/0x2eb0 [ 76.806460] _raw_spin_lock+0x2f/0x40 [ 76.810247] ? io_submit_one+0xef2/0x2eb0 [ 76.814391] io_submit_one+0xef2/0x2eb0 [ 76.818368] ? ioctx_alloc+0x1db0/0x1db0 [ 76.822512] ? __might_fault+0x12b/0x1e0 [ 76.826591] ? aio_setup_rw+0x180/0x180 [ 76.830572] __x64_sys_io_submit+0x1aa/0x520 [ 76.834966] ? __x64_sys_io_submit+0x1aa/0x520 [ 76.839614] ? __ia32_sys_io_destroy+0x420/0x420 [ 76.844380] ? do_syscall_64+0x26/0x620 [ 76.848355] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.853734] ? do_syscall_64+0x26/0x620 [ 76.857702] ? lockdep_hardirqs_on+0x415/0x5d0 [ 76.862285] do_syscall_64+0xfd/0x620 [ 76.866094] ? do_syscall_64+0xfd/0x620 [ 76.870152] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.875647] RIP: 0033:0x4592c9 [ 76.878901] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.898068] RSP: 002b:00007fa818b67c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 76.905779] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9 [ 76.913034] RDX: 0000000020000600 RSI: 0000000000000001 RDI: 00007fa818b69000 [ 76.920424] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 76.927738] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa818b686d4 [ 76.935151] R13: 00000000004c0645 R14: 00000000004d3008 R15: 00000000ffffffff [ 77.017758] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 77.024257] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 77.898032] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 77.904481] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 78.777564] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 78.784157] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 79.697940] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 79.704409] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' 2019/06/17 17:56:25 executed programs: 16 [ 80.629762] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 80.636693] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 81.517784] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 81.524640] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 82.468154] kobject: 'loop0' (00000000ae53844e): kobject_uevent_env [ 82.474643] kobject: 'loop0' (00000000ae53844e): fill_kobj_path: path = '/devices/virtual/block/loop0'