[info] Using makefile-style concurrent boot in runlevel 2. [ 27.077087] audit: type=1800 audit(1544539027.283:21): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. 2018/12/11 14:38:02 parsed 1 programs 2018/12/11 14:38:04 executed programs: 0 syzkaller login: [ 83.882962] IPVS: ftp: loaded support on port[0] = 21 [ 83.893265] IPVS: ftp: loaded support on port[0] = 21 [ 83.904973] IPVS: ftp: loaded support on port[0] = 21 [ 83.914651] IPVS: ftp: loaded support on port[0] = 21 [ 83.930367] IPVS: ftp: loaded support on port[0] = 21 [ 83.941142] IPVS: ftp: loaded support on port[0] = 21 [ 84.717740] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.726296] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.733351] device bridge_slave_0 entered promiscuous mode [ 84.751957] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.759921] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.767583] device bridge_slave_0 entered promiscuous mode [ 84.774536] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.782799] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.793528] device bridge_slave_0 entered promiscuous mode [ 84.806048] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.812415] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.820231] device bridge_slave_1 entered promiscuous mode [ 84.833285] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.842352] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.850724] device bridge_slave_0 entered promiscuous mode [ 84.859775] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.866993] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.874005] device bridge_slave_1 entered promiscuous mode [ 84.881513] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.887949] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.894845] device bridge_slave_1 entered promiscuous mode [ 84.901584] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.908522] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.915422] device bridge_slave_0 entered promiscuous mode [ 84.928496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.935555] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.950339] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.957967] device bridge_slave_1 entered promiscuous mode [ 84.964705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 84.976979] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.983374] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.991339] device bridge_slave_1 entered promiscuous mode [ 84.999329] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.005675] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.013808] device bridge_slave_0 entered promiscuous mode [ 85.021699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.030747] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.039200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.049168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.059350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.069850] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.083266] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.092444] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.103225] device bridge_slave_1 entered promiscuous mode [ 85.111816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.120847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 85.141764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.159549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 85.215126] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.236393] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.264334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.281427] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.301089] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.313245] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.325526] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.336918] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.353960] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 85.363659] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.422945] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.457940] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 85.492196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.501564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.522259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.536237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.548844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.556524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 85.585489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.600084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 85.639744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.659723] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.672228] team0: Port device team_slave_0 added [ 85.683294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 85.691502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.706711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 85.768889] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 85.790027] team0: Port device team_slave_1 added [ 85.809921] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.830471] team0: Port device team_slave_0 added [ 85.846637] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.854022] team0: Port device team_slave_0 added [ 85.864807] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 85.876387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 85.887106] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 85.903273] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.911321] team0: Port device team_slave_0 added [ 85.918600] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.926179] team0: Port device team_slave_0 added [ 85.934600] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 85.944266] team0: Port device team_slave_1 added [ 85.953469] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 85.968442] team0: Port device team_slave_1 added [ 85.974030] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 85.982294] team0: Port device team_slave_0 added [ 85.997148] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.010823] team0: Port device team_slave_1 added [ 86.031132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.046712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.056956] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.064077] team0: Port device team_slave_1 added [ 86.076654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.101936] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 86.124346] team0: Port device team_slave_1 added [ 86.137211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.144858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.153394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.161542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.169227] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.178907] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.194407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.215446] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.228637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.241376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 86.256772] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.278528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.286424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.294130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.304106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.315136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.330606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.343599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.358255] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.367388] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.374726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.382313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.398293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.414338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.422851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.440961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.454355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 86.466461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.474463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.492129] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.502265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.514327] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.524708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.539925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.556659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.564603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.572715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.580834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 86.591989] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 86.617609] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.630124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 86.713330] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 86.726647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.737312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 87.166101] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.172628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.179763] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.186183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.200076] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 87.207532] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.213905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.220615] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.227019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.235238] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 87.374633] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.381095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.387927] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.394310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.411393] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 87.423378] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.429816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.436588] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.442967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.450809] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 87.464535] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.470958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.477889] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.484260] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.499302] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 87.530750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.552832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.581580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.588878] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.596175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 87.681508] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.687972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.694701] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.701129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.712963] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 88.580135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.149024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.186054] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.353891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.374460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.398604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.436498] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.470620] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.567459] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.648413] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.657805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 90.726098] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.735568] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.756523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.772517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.779510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.787038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.797838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.881972] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.896398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.913200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 90.938530] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 90.952704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 90.966512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.000217] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 91.013776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 91.025379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.067117] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.086106] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.102590] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 91.201963] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.225454] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.284973] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.384258] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 91.394972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 91.403474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.656296] 8021q: adding VLAN 0 to HW filter on device team0 2018/12/11 14:38:13 executed programs: 6 2018/12/11 14:38:18 executed programs: 41 2018/12/11 14:38:24 executed programs: 72 2018/12/11 14:38:29 executed programs: 107 2018/12/11 14:38:34 executed programs: 140 2018/12/11 14:38:39 executed programs: 173 2018/12/11 14:38:45 executed programs: 209 2018/12/11 14:38:50 executed programs: 245 2018/12/11 14:38:56 executed programs: 281 2018/12/11 14:39:02 executed programs: 317 2018/12/11 14:39:07 executed programs: 353 2018/12/11 14:39:13 executed programs: 389 2018/12/11 14:39:18 executed programs: 425 2018/12/11 14:39:24 executed programs: 461 [ 168.609557] [ 168.611298] ===================================================== [ 168.617531] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 168.624292] 4.20.0-rc6+ #371 Not tainted [ 168.628336] ----------------------------------------------------- [ 168.634554] syz-executor0/10095 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 168.641838] 00000000b21e6244 (&ctx->fd_wqh){....}, at: aio_poll+0x760/0x1420 [ 168.649024] [ 168.649024] and this task is already holding: [ 168.655001] 00000000ea44831e (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll+0x738/0x1420 [ 168.663250] which would create a new lock dependency: [ 168.668429] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 168.675000] [ 168.675000] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 168.683065] (&(&ctx->ctx_lock)->rlock){..-.} [ 168.683077] [ 168.683077] ... which became SOFTIRQ-irq-safe at: [ 168.693875] lock_acquire+0x1ed/0x520 [ 168.697755] _raw_spin_lock_irq+0x61/0x80 [ 168.701981] free_ioctx_users+0xbc/0x710 [ 168.706124] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 168.711680] rcu_process_callbacks+0x100a/0x1ac0 [ 168.716530] __do_softirq+0x308/0xb7e [ 168.720420] irq_exit+0x17f/0x1c0 [ 168.723949] smp_apic_timer_interrupt+0x1cb/0x760 [ 168.728884] apic_timer_interrupt+0xf/0x20 [ 168.733206] native_safe_halt+0x6/0x10 [ 168.737163] default_idle+0xbf/0x490 [ 168.740949] arch_cpu_idle+0x10/0x20 [ 168.744732] default_idle_call+0x6d/0x90 [ 168.748926] do_idle+0x49b/0x5c0 [ 168.752379] cpu_startup_entry+0x18/0x20 [ 168.756536] start_secondary+0x487/0x5f0 [ 168.760670] secondary_startup_64+0xa4/0xb0 [ 168.765058] [ 168.765058] to a SOFTIRQ-irq-unsafe lock: [ 168.770661] (&ctx->fault_pending_wqh){+.+.} [ 168.770668] [ 168.770668] ... which became SOFTIRQ-irq-unsafe at: [ 168.781538] ... [ 168.781551] lock_acquire+0x1ed/0x520 [ 168.787311] _raw_spin_lock+0x2d/0x40 [ 168.791197] userfaultfd_release+0x63e/0x8d0 [ 168.795703] __fput+0x385/0xa30 [ 168.799069] ____fput+0x15/0x20 [ 168.802422] task_work_run+0x1e8/0x2a0 [ 168.806377] get_signal+0x1558/0x1980 [ 168.810249] do_signal+0x9c/0x21c0 [ 168.813866] exit_to_usermode_loop+0x2e5/0x380 [ 168.818529] do_syscall_64+0x6be/0x820 [ 168.822497] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.827753] [ 168.827753] other info that might help us debug this: [ 168.827753] [ 168.835900] Chain exists of: [ 168.835900] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 168.835900] [ 168.848065] Possible interrupt unsafe locking scenario: [ 168.848065] [ 168.854976] CPU0 CPU1 [ 168.859633] ---- ---- [ 168.864276] lock(&ctx->fault_pending_wqh); [ 168.868678] local_irq_disable(); [ 168.874710] lock(&(&ctx->ctx_lock)->rlock); [ 168.881720] lock(&ctx->fd_wqh); [ 168.887685] [ 168.890418] lock(&(&ctx->ctx_lock)->rlock); [ 168.895081] [ 168.895081] *** DEADLOCK *** [ 168.895081] [ 168.901133] 1 lock held by syz-executor0/10095: [ 168.905780] #0: 00000000ea44831e (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll+0x738/0x1420 [ 168.914448] [ 168.914448] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 168.923461] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 168.928288] IN-SOFTIRQ-W at: [ 168.931556] lock_acquire+0x1ed/0x520 [ 168.936988] _raw_spin_lock_irq+0x61/0x80 [ 168.942771] free_ioctx_users+0xbc/0x710 [ 168.948480] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 168.955579] rcu_process_callbacks+0x100a/0x1ac0 [ 168.961971] __do_softirq+0x308/0xb7e [ 168.967409] irq_exit+0x17f/0x1c0 [ 168.972493] smp_apic_timer_interrupt+0x1cb/0x760 [ 168.978984] apic_timer_interrupt+0xf/0x20 [ 168.984873] native_safe_halt+0x6/0x10 [ 168.990420] default_idle+0xbf/0x490 [ 168.995776] arch_cpu_idle+0x10/0x20 [ 169.001150] default_idle_call+0x6d/0x90 [ 169.006854] do_idle+0x49b/0x5c0 [ 169.011854] cpu_startup_entry+0x18/0x20 [ 169.017557] start_secondary+0x487/0x5f0 [ 169.023261] secondary_startup_64+0xa4/0xb0 [ 169.029221] INITIAL USE at: [ 169.032403] lock_acquire+0x1ed/0x520 [ 169.037755] _raw_spin_lock_irq+0x61/0x80 [ 169.043452] free_ioctx_users+0xbc/0x710 [ 169.049064] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 169.056068] rcu_process_callbacks+0x100a/0x1ac0 [ 169.062372] __do_softirq+0x308/0xb7e [ 169.067759] irq_exit+0x17f/0x1c0 [ 169.072756] smp_apic_timer_interrupt+0x1cb/0x760 [ 169.079157] apic_timer_interrupt+0xf/0x20 [ 169.084938] native_safe_halt+0x6/0x10 [ 169.090372] default_idle+0xbf/0x490 [ 169.095641] arch_cpu_idle+0x10/0x20 [ 169.100976] default_idle_call+0x6d/0x90 [ 169.106604] do_idle+0x49b/0x5c0 [ 169.111517] cpu_startup_entry+0x18/0x20 [ 169.117126] start_secondary+0x487/0x5f0 [ 169.122732] secondary_startup_64+0xa4/0xb0 [ 169.128590] } [ 169.130413] ... key at: [] __key.51068+0x0/0x40 [ 169.137146] ... acquired at: [ 169.140236] lock_acquire+0x1ed/0x520 [ 169.144193] _raw_spin_lock+0x2d/0x40 [ 169.148175] aio_poll+0x760/0x1420 [ 169.151882] io_submit_one+0xa49/0xf80 [ 169.155927] __x64_sys_io_submit+0x1b7/0x580 [ 169.160506] do_syscall_64+0x1b9/0x820 [ 169.164567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.169906] [ 169.171513] [ 169.171513] the dependencies between the lock to be acquired [ 169.171517] and SOFTIRQ-irq-unsafe lock: [ 169.182898] -> (&ctx->fault_pending_wqh){+.+.} { [ 169.187750] HARDIRQ-ON-W at: [ 169.191154] lock_acquire+0x1ed/0x520 [ 169.196769] _raw_spin_lock+0x2d/0x40 [ 169.202385] userfaultfd_release+0x63e/0x8d0 [ 169.208608] __fput+0x385/0xa30 [ 169.213708] ____fput+0x15/0x20 [ 169.218811] task_work_run+0x1e8/0x2a0 [ 169.224535] get_signal+0x1558/0x1980 [ 169.230143] do_signal+0x9c/0x21c0 [ 169.235498] exit_to_usermode_loop+0x2e5/0x380 [ 169.241902] do_syscall_64+0x6be/0x820 [ 169.247606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.254594] SOFTIRQ-ON-W at: [ 169.257948] lock_acquire+0x1ed/0x520 [ 169.263556] _raw_spin_lock+0x2d/0x40 [ 169.269169] userfaultfd_release+0x63e/0x8d0 [ 169.275400] __fput+0x385/0xa30 [ 169.280487] ____fput+0x15/0x20 [ 169.285577] task_work_run+0x1e8/0x2a0 [ 169.291281] get_signal+0x1558/0x1980 [ 169.296886] do_signal+0x9c/0x21c0 [ 169.302232] exit_to_usermode_loop+0x2e5/0x380 [ 169.308628] do_syscall_64+0x6be/0x820 [ 169.314332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.321330] INITIAL USE at: [ 169.324616] lock_acquire+0x1ed/0x520 [ 169.330165] _raw_spin_lock+0x2d/0x40 [ 169.335742] userfaultfd_ctx_read+0x4f3/0x2180 [ 169.342062] userfaultfd_read+0x1e2/0x2c0 [ 169.347930] __vfs_read+0x117/0x9b0 [ 169.353286] vfs_read+0x17f/0x3c0 [ 169.358465] ksys_read+0x101/0x260 [ 169.363743] __x64_sys_read+0x73/0xb0 [ 169.369264] do_syscall_64+0x1b9/0x820 [ 169.374870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.381775] } [ 169.383674] ... key at: [] __key.44676+0x0/0x40 [ 169.390516] ... acquired at: [ 169.393752] _raw_spin_lock+0x2d/0x40 [ 169.397718] userfaultfd_ctx_read+0x4f3/0x2180 [ 169.402458] userfaultfd_read+0x1e2/0x2c0 [ 169.406762] __vfs_read+0x117/0x9b0 [ 169.410553] vfs_read+0x17f/0x3c0 [ 169.414177] ksys_read+0x101/0x260 [ 169.417873] __x64_sys_read+0x73/0xb0 [ 169.421840] do_syscall_64+0x1b9/0x820 [ 169.425892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.431246] [ 169.432856] -> (&ctx->fd_wqh){....} { [ 169.436655] INITIAL USE at: [ 169.439843] lock_acquire+0x1ed/0x520 [ 169.445203] _raw_spin_lock_irq+0x61/0x80 [ 169.450909] userfaultfd_ctx_read+0x2e4/0x2180 [ 169.457038] userfaultfd_read+0x1e2/0x2c0 [ 169.462737] __vfs_read+0x117/0x9b0 [ 169.467908] vfs_read+0x17f/0x3c0 [ 169.472926] ksys_read+0x101/0x260 [ 169.478011] __x64_sys_read+0x73/0xb0 [ 169.483358] do_syscall_64+0x1b9/0x820 [ 169.488829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.495582] } [ 169.497402] ... key at: [] __key.44679+0x0/0x40 [ 169.504133] ... acquired at: [ 169.507235] lock_acquire+0x1ed/0x520 [ 169.511211] _raw_spin_lock+0x2d/0x40 [ 169.515171] aio_poll+0x760/0x1420 [ 169.518873] io_submit_one+0xa49/0xf80 [ 169.522939] __x64_sys_io_submit+0x1b7/0x580 [ 169.527506] do_syscall_64+0x1b9/0x820 [ 169.531558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.536905] [ 169.538555] [ 169.538555] stack backtrace: [ 169.543039] CPU: 0 PID: 10095 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #371 [ 169.550468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.559823] Call Trace: [ 169.562405] dump_stack+0x244/0x39d [ 169.566046] ? dump_stack_print_info.cold.1+0x20/0x20 [ 169.571246] ? print_shortest_lock_dependencies.cold.55+0x18e/0x211 [ 169.577638] ? vprintk_func+0x85/0x181 [ 169.581512] check_usage.cold.58+0x6d5/0xad1 [ 169.585908] ? check_usage_forwards+0x3d0/0x3d0 [ 169.590573] ? __lock_acquire+0x62f/0x4c20 [ 169.594801] ? __switch_to_asm+0x34/0x70 [ 169.598855] ? lockdep_on+0x50/0x50 [ 169.602487] ? mark_held_locks+0x130/0x130 [ 169.606707] ? __lock_acquire+0x62f/0x4c20 [ 169.610944] ? trace_event_raw_event_lock_acquire+0x440/0x440 [ 169.616824] __lock_acquire+0x238a/0x4c20 [ 169.620975] ? __lock_acquire+0x238a/0x4c20 [ 169.625299] ? mark_held_locks+0x130/0x130 [ 169.629528] ? zap_class+0x640/0x640 [ 169.633249] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 169.638338] ? find_held_lock+0x36/0x1c0 [ 169.642390] ? add_wait_queue+0x1b9/0x2b0 [ 169.646523] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 169.651608] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 169.656703] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 169.661276] ? trace_hardirqs_on+0xbd/0x310 [ 169.665586] ? kasan_check_read+0x11/0x20 [ 169.669721] ? add_wait_queue+0x1b9/0x2b0 [ 169.673872] ? trace_hardirqs_off_caller+0x310/0x310 [ 169.678963] ? rcu_softirq_qs+0x20/0x20 [ 169.682932] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 169.688021] ? add_wait_queue+0x1b9/0x2b0 [ 169.692155] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 169.697421] lock_acquire+0x1ed/0x520 [ 169.701218] ? aio_poll+0x760/0x1420 [ 169.704928] ? lock_release+0xa00/0xa00 [ 169.708891] ? kasan_check_read+0x11/0x20 [ 169.713024] ? do_raw_spin_lock+0x14f/0x350 [ 169.717349] ? __ia32_sys_eventfd+0x40/0x40 [ 169.721662] ? rwlock_bug.part.2+0x90/0x90 [ 169.725881] ? trace_hardirqs_on+0x310/0x310 [ 169.730283] ? __save_stack_trace+0x8d/0xf0 [ 169.734623] _raw_spin_lock+0x2d/0x40 [ 169.738424] ? aio_poll+0x760/0x1420 [ 169.742127] aio_poll+0x760/0x1420 [ 169.745654] ? free_ioctx_users+0x710/0x710 [ 169.749962] ? kmem_cache_alloc+0x12e/0x730 [ 169.754266] ? aio_setup_rw+0x170/0x170 [ 169.758228] ? zap_class+0x640/0x640 [ 169.761938] ? mark_held_locks+0x130/0x130 [ 169.766175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.770917] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 169.775495] ? retint_kernel+0x2d/0x2d [ 169.779384] ? trace_hardirqs_on_caller+0xc0/0x310 [ 169.784299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.789046] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 169.794490] ? find_held_lock+0x36/0x1c0 [ 169.798545] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.803293] ? retint_kernel+0x2d/0x2d [ 169.807180] ? io_submit_one+0x524/0xf80 [ 169.811242] ? __sanitizer_cov_trace_switch+0x11/0x90 [ 169.816423] io_submit_one+0xa49/0xf80 [ 169.820300] ? io_submit_one+0xa49/0xf80 [ 169.824344] ? aio_poll+0x1420/0x1420 [ 169.828133] ? __might_fault+0x12b/0x1e0 [ 169.832179] ? lock_downgrade+0x900/0x900 [ 169.836325] ? perf_trace_sched_process_exec+0x860/0x860 [ 169.841800] __x64_sys_io_submit+0x1b7/0x580 [ 169.846237] ? __ia32_sys_io_destroy+0x580/0x580 [ 169.850994] ? trace_hardirqs_on+0xbd/0x310 [ 169.855326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.860859] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.866214] ? trace_hardirqs_off_caller+0x310/0x310 [ 169.871317] do_syscall_64+0x1b9/0x820 [ 169.875188] ? __ia32_sys_io_destroy+0x580/0x580 [ 169.879939] ? do_syscall_64+0x1b9/0x820 [ 169.883998] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 169.889344] ? syscall_return_slowpath+0x5e0/0x5e0 [ 169.894256] ? trace_hardirqs_on_caller+0x310/0x310 [ 169.899260] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 169.904272] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 169.910922] ? __switch_to_asm+0x40/0x70 [ 169.914965] ? __switch_to_asm+0x34/0x70 [ 169.919011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.923838] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.929009] RIP: 0033:0x457679 [ 169.932201] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.951108] RSP: 002b:00007f51c9803c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 169.958816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457679 [ 169.966074] RDX: 0000000020000b00 RSI: 0000000000000001 RDI: 00007f51c9826000 [ 169.973336] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 169.980599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f51c98046d4 [ 169.987882] R13: 00000000004be9c4 R14: 00000000004cf5a8 R15: 00000000ffffffff 2018/12/11 14:39:30 executed programs: 491 [ 170.069152] kobject: 'loop0' (00000000511ebd76): kobject_uevent_env [ 170.075618] kobject: 'loop0' (00000000511ebd76): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 170.090089] kobject: 'loop4' (0000000020ca1798): kobject_uevent_env [ 170.114966] kobject: 'loop4' (0000000020ca1798): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 170.125661] kobject: 'loop1' (000000008d28da28): kobject_uevent_env [ 170.133023] kobject: 'loop1' (000000008d28da28): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 170.143356] kobject: 'loop2' (000000000ebed942): kobject_uevent_env [ 170.149954] kobject: 'loop2' (000000000ebed942): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 170.159907] kobject: 'loop3' (000000001033b6f6): kobject_uevent_env [ 170.166618] kobject: 'loop3' (000000001033b6f6): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 170.176509] kobject: 'loop5' (000000008656b60e): kobject_uevent_env [ 170.182949] kobject: 'loop5' (000000008656b60e): fill_kobj_path: path = '/devices/virtual/block/loop5'