Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. [ 80.409613] audit: type=1400 audit(1560966910.341:36): avc: denied { map } for pid=8046 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/19 17:55:11 parsed 1 programs [ 81.329016] audit: type=1400 audit(1560966911.261:37): avc: denied { map } for pid=8046 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=104 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/19 17:55:13 executed programs: 0 [ 83.161544] IPVS: ftp: loaded support on port[0] = 21 [ 83.226680] chnl_net:caif_netlink_parms(): no params data found [ 83.262680] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.269525] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.277278] device bridge_slave_0 entered promiscuous mode [ 83.285174] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.291905] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.299023] device bridge_slave_1 entered promiscuous mode [ 83.315992] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 83.325354] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 83.341742] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 83.349576] team0: Port device team_slave_0 added [ 83.355408] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 83.362886] team0: Port device team_slave_1 added [ 83.368258] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 83.375897] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 83.432411] device hsr_slave_0 entered promiscuous mode [ 83.491021] device hsr_slave_1 entered promiscuous mode [ 83.530940] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 83.538521] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 83.553635] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.560315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.567311] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.573781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.607422] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 83.615051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.624203] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 83.634229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.654504] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.662300] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.669655] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.682602] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 83.688783] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.698497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.706884] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.713285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.723411] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.732031] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.738428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.755499] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.763682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.778369] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.789038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.800143] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 83.807967] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.816120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.824148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.831766] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.844565] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 83.854676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.865226] audit: type=1400 audit(1560966913.801:38): avc: denied { associate } for pid=8065 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/06/19 17:55:18 executed programs: 5 2019/06/19 17:55:24 executed programs: 11 [ 97.803649] [ 97.805393] ===================================================== [ 97.811710] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 97.818531] 4.19.53+ #25 Not tainted [ 97.822229] ----------------------------------------------------- [ 97.828590] syz-executor.0/8144 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 97.835956] 00000000d485fd7a (&ctx->fd_wqh){....}, at: io_submit_one+0xef2/0x2eb0 [ 97.843806] [ 97.843806] and this task is already holding: [ 97.850144] 000000007cc79d71 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 97.859088] which would create a new lock dependency: [ 97.864358] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 97.871244] [ 97.871244] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 97.879949] (&(&ctx->ctx_lock)->rlock){..-.} [ 97.879962] [ 97.879962] ... which became SOFTIRQ-irq-safe at: [ 97.890870] lock_acquire+0x16f/0x3f0 [ 97.894862] _raw_spin_lock_irq+0x60/0x80 [ 97.899191] free_ioctx_users+0x2d/0x490 [ 97.903408] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 97.909079] rcu_process_callbacks+0xba0/0x1a30 [ 97.913891] __do_softirq+0x25c/0x921 [ 97.917773] irq_exit+0x180/0x1d0 [ 97.921300] smp_apic_timer_interrupt+0x13b/0x550 [ 97.926224] apic_timer_interrupt+0xf/0x20 [ 97.930642] native_safe_halt+0xe/0x10 [ 97.934841] arch_cpu_idle+0xa/0x10 [ 97.938766] default_idle_call+0x36/0x90 [ 97.943120] do_idle+0x377/0x560 [ 97.946565] cpu_startup_entry+0xc8/0xe0 [ 97.950708] rest_init+0xf1/0xf6 [ 97.954150] start_kernel+0x88c/0x8c5 [ 97.958069] x86_64_start_reservations+0x29/0x2b [ 97.962922] x86_64_start_kernel+0x77/0x7b [ 97.967239] secondary_startup_64+0xa4/0xb0 [ 97.971785] [ 97.971785] to a SOFTIRQ-irq-unsafe lock: [ 97.977396] (&ctx->fault_pending_wqh){+.+.} [ 97.977406] [ 97.977406] ... which became SOFTIRQ-irq-unsafe at: [ 97.988271] ... [ 97.988288] lock_acquire+0x16f/0x3f0 [ 97.994028] _raw_spin_lock+0x2f/0x40 [ 97.997948] userfaultfd_release+0x4d6/0x720 [ 98.003325] __fput+0x2dd/0x8b0 [ 98.006783] ____fput+0x16/0x20 [ 98.010180] task_work_run+0x145/0x1c0 [ 98.014146] get_signal+0x1baa/0x1fc0 [ 98.018020] do_signal+0x95/0x1960 [ 98.021635] exit_to_usermode_loop+0x244/0x2c0 [ 98.026288] do_syscall_64+0x53d/0x620 [ 98.030364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.035623] [ 98.035623] other info that might help us debug this: [ 98.035623] [ 98.043844] Chain exists of: [ 98.043844] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 98.043844] [ 98.056365] Possible interrupt unsafe locking scenario: [ 98.056365] [ 98.063277] CPU0 CPU1 [ 98.067920] ---- ---- [ 98.072568] lock(&ctx->fault_pending_wqh); [ 98.076960] local_irq_disable(); [ 98.082996] lock(&(&ctx->ctx_lock)->rlock); [ 98.090250] lock(&ctx->fd_wqh); [ 98.096273] [ 98.099011] lock(&(&ctx->ctx_lock)->rlock); [ 98.103678] [ 98.103678] *** DEADLOCK *** [ 98.103678] [ 98.109727] 1 lock held by syz-executor.0/8144: [ 98.114373] #0: 000000007cc79d71 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0 [ 98.123472] [ 98.123472] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 98.132740] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 15 { [ 98.138278] IN-SOFTIRQ-W at: [ 98.141560] lock_acquire+0x16f/0x3f0 [ 98.146998] _raw_spin_lock_irq+0x60/0x80 [ 98.152782] free_ioctx_users+0x2d/0x490 [ 98.158476] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 98.165599] rcu_process_callbacks+0xba0/0x1a30 [ 98.171908] __do_softirq+0x25c/0x921 [ 98.177343] irq_exit+0x180/0x1d0 [ 98.182437] smp_apic_timer_interrupt+0x13b/0x550 [ 98.189053] apic_timer_interrupt+0xf/0x20 [ 98.195040] native_safe_halt+0xe/0x10 [ 98.200580] arch_cpu_idle+0xa/0x10 [ 98.206062] default_idle_call+0x36/0x90 [ 98.211770] do_idle+0x377/0x560 [ 98.216769] cpu_startup_entry+0xc8/0xe0 [ 98.222465] rest_init+0xf1/0xf6 [ 98.227513] start_kernel+0x88c/0x8c5 [ 98.232959] x86_64_start_reservations+0x29/0x2b [ 98.239498] x86_64_start_kernel+0x77/0x7b [ 98.245560] secondary_startup_64+0xa4/0xb0 [ 98.251513] INITIAL USE at: [ 98.254701] lock_acquire+0x16f/0x3f0 [ 98.260222] _raw_spin_lock_irq+0x60/0x80 [ 98.266045] free_ioctx_users+0x2d/0x490 [ 98.271849] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 98.278863] rcu_process_callbacks+0xba0/0x1a30 [ 98.285088] __do_softirq+0x25c/0x921 [ 98.290549] irq_exit+0x180/0x1d0 [ 98.295552] smp_apic_timer_interrupt+0x13b/0x550 [ 98.302119] apic_timer_interrupt+0xf/0x20 [ 98.308086] native_safe_halt+0xe/0x10 [ 98.313814] arch_cpu_idle+0xa/0x10 [ 98.318999] default_idle_call+0x36/0x90 [ 98.324613] do_idle+0x377/0x560 [ 98.329538] cpu_startup_entry+0xc8/0xe0 [ 98.335152] rest_init+0xf1/0xf6 [ 98.340196] start_kernel+0x88c/0x8c5 [ 98.345549] x86_64_start_reservations+0x29/0x2b [ 98.352080] x86_64_start_kernel+0x77/0x7b [ 98.358044] secondary_startup_64+0xa4/0xb0 [ 98.364199] } [ 98.366005] ... key at: [] __key.50193+0x0/0x40 [ 98.372746] ... acquired at: [ 98.375857] lock_acquire+0x16f/0x3f0 [ 98.380002] _raw_spin_lock+0x2f/0x40 [ 98.384080] io_submit_one+0xef2/0x2eb0 [ 98.388354] __x64_sys_io_submit+0x1aa/0x520 [ 98.392934] do_syscall_64+0xfd/0x620 [ 98.396909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.402678] [ 98.404291] [ 98.404291] the dependencies between the lock to be acquired [ 98.404296] and SOFTIRQ-irq-unsafe lock: [ 98.415789] -> (&ctx->fault_pending_wqh){+.+.} ops: 85 { [ 98.421413] HARDIRQ-ON-W at: [ 98.424784] lock_acquire+0x16f/0x3f0 [ 98.430439] _raw_spin_lock+0x2f/0x40 [ 98.436323] userfaultfd_release+0x4d6/0x720 [ 98.442545] __fput+0x2dd/0x8b0 [ 98.447679] ____fput+0x16/0x20 [ 98.452886] task_work_run+0x145/0x1c0 [ 98.459221] get_signal+0x1baa/0x1fc0 [ 98.464836] do_signal+0x95/0x1960 [ 98.470343] exit_to_usermode_loop+0x244/0x2c0 [ 98.476759] do_syscall_64+0x53d/0x620 [ 98.482497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.489503] SOFTIRQ-ON-W at: [ 98.492914] lock_acquire+0x16f/0x3f0 [ 98.498588] _raw_spin_lock+0x2f/0x40 [ 98.504280] userfaultfd_release+0x4d6/0x720 [ 98.511208] __fput+0x2dd/0x8b0 [ 98.516309] ____fput+0x16/0x20 [ 98.521413] task_work_run+0x145/0x1c0 [ 98.527122] get_signal+0x1baa/0x1fc0 [ 98.532746] do_signal+0x95/0x1960 [ 98.538218] exit_to_usermode_loop+0x244/0x2c0 [ 98.544707] do_syscall_64+0x53d/0x620 [ 98.550416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.557420] INITIAL USE at: [ 98.560746] lock_acquire+0x16f/0x3f0 [ 98.566278] _raw_spin_lock+0x2f/0x40 [ 98.571855] userfaultfd_read+0x394/0x18c0 [ 98.577878] __vfs_read+0x114/0x800 [ 98.583239] vfs_read+0x194/0x3d0 [ 98.588418] ksys_read+0x14f/0x2d0 [ 98.593689] __x64_sys_read+0x73/0xb0 [ 98.599221] do_syscall_64+0xfd/0x620 [ 98.604760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.611879] } [ 98.613767] ... key at: [] __key.43727+0x0/0x40 [ 98.620750] ... acquired at: [ 98.623945] _raw_spin_lock+0x2f/0x40 [ 98.627975] userfaultfd_read+0x394/0x18c0 [ 98.632383] __vfs_read+0x114/0x800 [ 98.636213] vfs_read+0x194/0x3d0 [ 98.639884] ksys_read+0x14f/0x2d0 [ 98.643601] __x64_sys_read+0x73/0xb0 [ 98.648156] do_syscall_64+0xfd/0x620 [ 98.652164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.657603] [ 98.659215] -> (&ctx->fd_wqh){....} ops: 87 { [ 98.663870] INITIAL USE at: [ 98.667173] lock_acquire+0x16f/0x3f0 [ 98.672828] _raw_spin_lock_irq+0x60/0x80 [ 98.678790] userfaultfd_read+0x262/0x18c0 [ 98.684735] __vfs_read+0x114/0x800 [ 98.690050] vfs_read+0x194/0x3d0 [ 98.695174] ksys_read+0x14f/0x2d0 [ 98.700278] __x64_sys_read+0x73/0xb0 [ 98.705735] do_syscall_64+0xfd/0x620 [ 98.711227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.718182] } [ 98.720229] ... key at: [] __key.43730+0x0/0x40 [ 98.726988] ... acquired at: [ 98.730153] lock_acquire+0x16f/0x3f0 [ 98.734173] _raw_spin_lock+0x2f/0x40 [ 98.738397] io_submit_one+0xef2/0x2eb0 [ 98.742543] __x64_sys_io_submit+0x1aa/0x520 [ 98.747309] do_syscall_64+0xfd/0x620 [ 98.751289] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.757113] [ 98.758733] [ 98.758733] stack backtrace: [ 98.763238] CPU: 1 PID: 8144 Comm: syz-executor.0 Not tainted 4.19.53+ #25 [ 98.770635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.780106] Call Trace: [ 98.782910] dump_stack+0x172/0x1f0 [ 98.786931] check_usage.cold+0x611/0x946 [ 98.791130] ? check_usage_forwards+0x340/0x340 [ 98.795806] ? unwind_get_return_address+0x61/0xa0 [ 98.800822] ? check_noncircular+0x20/0x20 [ 98.805063] ? check_noncircular+0x20/0x20 [ 98.811229] __lock_acquire+0x1ee4/0x48f0 [ 98.815894] ? __lock_acquire+0x1ee4/0x48f0 [ 98.820216] ? mark_held_locks+0x100/0x100 [ 98.824542] ? __debug_object_init+0x190/0xc30 [ 98.829134] ? mark_held_locks+0x100/0x100 [ 98.833369] ? add_wait_queue+0x112/0x170 [ 98.837773] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 98.842954] ? add_wait_queue+0x112/0x170 [ 98.847112] ? lockdep_hardirqs_on+0x415/0x5d0 [ 98.851713] ? trace_hardirqs_on+0x67/0x220 [ 98.856038] ? kasan_check_read+0x11/0x20 [ 98.860207] lock_acquire+0x16f/0x3f0 [ 98.864142] ? io_submit_one+0xef2/0x2eb0 [ 98.868609] _raw_spin_lock+0x2f/0x40 [ 98.872525] ? io_submit_one+0xef2/0x2eb0 [ 98.876767] io_submit_one+0xef2/0x2eb0 [ 98.880737] ? ioctx_alloc+0x1db0/0x1db0 [ 98.884793] ? __might_fault+0x12b/0x1e0 [ 98.888967] ? aio_setup_rw+0x180/0x180 [ 98.892940] __x64_sys_io_submit+0x1aa/0x520 [ 98.897387] ? __x64_sys_io_submit+0x1aa/0x520 [ 98.902136] ? __ia32_sys_io_destroy+0x420/0x420 [ 98.907045] ? do_syscall_64+0x26/0x620 [ 98.911410] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.917126] ? do_syscall_64+0x26/0x620 [ 98.921196] ? lockdep_hardirqs_on+0x415/0x5d0 [ 98.925780] do_syscall_64+0xfd/0x620 [ 98.929580] ? do_syscall_64+0xfd/0x620 [ 98.933603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.938855] RIP: 0033:0x4592c9 [ 98.942085] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.961398] RSP: 002b:00007f3ff506ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 98.969113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004592c9 [ 98.976499] RDX: 0000000020000600 RSI: 0000000000000001 RDI: 00007f3ff5070000 [ 98.983871] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 98.992112] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ff506f6d4 [ 98.999381] R13: 00000000004c0645 R14: 00000000004d3008 R15: 00000000ffffffff [ 99.083206] kobject: 'loop0' (000000003fa04798): kobject_uevent_env [ 99.089675] kobject: 'loop0' (000000003fa04798): fill_kobj_path: path = '/devices/virtual/block/loop0' 2019/06/19 17:55:29 executed programs: 16 [ 99.963146] kobject: 'loop0' (000000003fa04798): kobject_uevent_env [ 99.969601] kobject: 'loop0' (000000003fa04798): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 100.893020] kobject: 'loop0' (000000003fa04798): kobject_uevent_env [ 100.899569] kobject: 'loop0' (000000003fa04798): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 101.813288] kobject: 'loop0' (000000003fa04798): kobject_uevent_env [ 101.819749] kobject: 'loop0' (000000003fa04798): fill_kobj_path: path = '/devices/virtual/block/loop0'