[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 28.339179] sshd (5914) used greatest stack depth: 15864 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.556418] kauditd_printk_skb: 7 callbacks suppressed [ 28.556431] audit: type=1800 audit(1542757582.902:29): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.590554] audit: type=1800 audit(1542757582.912:30): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.153898] sshd (5990) used greatest stack depth: 15632 bytes left Warning: Permanently added '10.128.10.38' (ECDSA) to the list of known hosts. 2018/11/20 23:47:27 parsed 1 programs 2018/11/20 23:47:29 executed programs: 0 [ 95.394247] IPVS: ftp: loaded support on port[0] = 21 [ 95.413325] IPVS: ftp: loaded support on port[0] = 21 [ 95.421587] IPVS: ftp: loaded support on port[0] = 21 [ 95.468425] IPVS: ftp: loaded support on port[0] = 21 [ 95.490243] IPVS: ftp: loaded support on port[0] = 21 [ 95.491709] IPVS: ftp: loaded support on port[0] = 21 [ 96.251356] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.264811] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.275103] device bridge_slave_0 entered promiscuous mode [ 96.299082] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.305421] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.314116] device bridge_slave_0 entered promiscuous mode [ 96.321968] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.330360] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.337969] device bridge_slave_0 entered promiscuous mode [ 96.346488] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.353293] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.360514] device bridge_slave_1 entered promiscuous mode [ 96.368407] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.374756] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.382016] device bridge_slave_0 entered promiscuous mode [ 96.394190] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.402773] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.410708] device bridge_slave_0 entered promiscuous mode [ 96.419007] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.425332] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.432639] device bridge_slave_1 entered promiscuous mode [ 96.439795] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.446121] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.453142] device bridge_slave_1 entered promiscuous mode [ 96.459544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.467675] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.474011] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.483215] device bridge_slave_1 entered promiscuous mode [ 96.490894] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.500420] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.506763] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.514659] device bridge_slave_0 entered promiscuous mode [ 96.522562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.529856] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.536187] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.547528] device bridge_slave_1 entered promiscuous mode [ 96.561104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.569667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.576838] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.583837] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.595020] device bridge_slave_1 entered promiscuous mode [ 96.603149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.619013] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.627012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.640405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.648913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.683922] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.692449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 96.750499] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.765937] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.776891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 96.789124] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.797747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.815900] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.859106] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.869231] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.878694] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.891490] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 96.967105] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 96.989643] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 96.997667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.055279] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 97.131089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.139223] team0: Port device team_slave_0 added [ 97.163100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 97.174806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.198932] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.206299] team0: Port device team_slave_0 added [ 97.218356] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.225765] team0: Port device team_slave_0 added [ 97.240736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 97.264951] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.276041] team0: Port device team_slave_1 added [ 97.282605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.294821] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.302385] team0: Port device team_slave_0 added [ 97.308118] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.315414] team0: Port device team_slave_0 added [ 97.335049] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.347152] team0: Port device team_slave_1 added [ 97.353074] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.363112] team0: Port device team_slave_1 added [ 97.369019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 97.379101] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.386403] team0: Port device team_slave_1 added [ 97.404231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.416395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.431660] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.439793] team0: Port device team_slave_1 added [ 97.474808] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.497810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.509788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.519971] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.539699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.554838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.573996] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 97.581523] team0: Port device team_slave_0 added [ 97.589457] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.598522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.612669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.628910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.644035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.654094] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 97.663512] team0: Port device team_slave_1 added [ 97.672040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.688764] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.698272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.705740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.715645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.724174] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.733351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.745237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.756598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.766970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.778528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.788094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.804137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.831342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.840959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.855735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.869689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.877745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.885172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.893059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.902980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 97.913442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 97.929594] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.952037] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.966390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.975029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.993384] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.016204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 98.032152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.056119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.069690] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 98.091013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.106219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 98.139464] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 98.146790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 98.163379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 98.640178] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.646694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.653753] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.660223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.668817] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.688579] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.694949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.701702] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.708140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.716951] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.762404] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.768824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.775537] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.782020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.798522] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.817354] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.823741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.830489] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.836855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.860932] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 98.922252] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.928724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.935406] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.941865] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.956750] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 99.026279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.034596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.042272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.049880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.056888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.075935] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.082892] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.089634] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.095996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.104266] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 100.086497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.528799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.608525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.651635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.754408] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.793409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.822780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.882207] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 101.900391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.910464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.041774] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.051767] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.072882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.082633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.125169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.155522] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.170018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.181219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.206352] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.217136] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 102.228969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.237871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.317866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.324080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.334612] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.360506] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.452149] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.463006] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.481075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.491913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.519336] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.584819] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 102.599806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 102.612936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 102.712132] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.728569] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.816824] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.977879] [ 103.979564] ====================================================== [ 103.985876] WARNING: possible circular locking dependency detected [ 103.992191] 4.20.0-rc1-next-20181109+ #110 Not tainted [ 103.997484] ------------------------------------------------------ [ 104.003805] syz-executor1/7524 is trying to acquire lock: [ 104.009351] 000000001e30c193 ((wq_completion)"dio/%s"sb->s_id){+.+.}, at: flush_workqueue+0x2db/0x1e10 [ 104.018819] [ 104.018819] but task is already holding lock: [ 104.024791] 00000000c2fb724c (&sb->s_type->i_mutex_key#10){+.+.}, at: ext4_file_write_iter+0x2a1/0x1420 [ 104.034395] [ 104.034395] which lock already depends on the new lock. [ 104.034395] [ 104.042713] [ 104.042713] the existing dependency chain (in reverse order) is: [ 104.050330] [ 104.050330] -> #2 (&sb->s_type->i_mutex_key#10){+.+.}: [ 104.057105] down_write+0x8a/0x130 [ 104.061174] __generic_file_fsync+0xb5/0x200 [ 104.066148] ext4_sync_file+0xa45/0x1500 [ 104.070748] vfs_fsync_range+0x140/0x220 [ 104.075359] dio_complete+0x75c/0x9e0 [ 104.079692] dio_aio_complete_work+0x20/0x30 [ 104.084820] process_one_work+0xc8b/0x1c40 [ 104.089576] worker_thread+0x17f/0x1390 [ 104.094082] kthread+0x35a/0x440 [ 104.097976] ret_from_fork+0x3a/0x50 [ 104.102213] [ 104.102213] -> #1 ((work_completion)(&dio->complete_work)){+.+.}: [ 104.109954] process_one_work+0xc0a/0x1c40 [ 104.114746] worker_thread+0x17f/0x1390 [ 104.119245] kthread+0x35a/0x440 [ 104.123137] ret_from_fork+0x3a/0x50 [ 104.127370] [ 104.127370] -> #0 ((wq_completion)"dio/%s"sb->s_id){+.+.}: [ 104.134513] lock_acquire+0x1ed/0x520 [ 104.138838] flush_workqueue+0x30a/0x1e10 [ 104.143525] drain_workqueue+0x2a9/0x640 [ 104.148209] destroy_workqueue+0xc6/0x9c0 [ 104.152880] sb_init_dio_done_wq+0x74/0x90 [ 104.157640] do_blockdev_direct_IO+0x9e7/0xa340 [ 104.162834] __blockdev_direct_IO+0x9d/0xc6 [ 104.167678] ext4_direct_IO+0xbdc/0x2220 [ 104.172293] generic_file_direct_write+0x275/0x4b0 [ 104.174231] kobject: 'loop5' (00000000dcad9ece): kobject_uevent_env [ 104.177748] __generic_file_write_iter+0x2ff/0x630 [ 104.177762] ext4_file_write_iter+0x390/0x1420 [ 104.177789] aio_write+0x3b1/0x610 [ 104.177807] io_submit_one+0xaa1/0xf80 [ 104.184380] kobject: 'loop5' (00000000dcad9ece): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 104.189642] __x64_sys_io_submit+0x1ab/0x580 [ 104.189656] do_syscall_64+0x1b9/0x820 [ 104.189670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.189674] [ 104.189674] other info that might help us debug this: [ 104.189674] [ 104.189676] Chain exists of: [ 104.189676] (wq_completion)"dio/%s"sb->s_id --> (work_completion)(&dio->complete_work) --> &sb->s_type->i_mutex_key#10 [ 104.189676] [ 104.189695] Possible unsafe locking scenario: [ 104.189695] [ 104.189698] CPU0 CPU1 [ 104.189701] ---- ---- [ 104.189703] lock(&sb->s_type->i_mutex_key#10); [ 104.189712] lock((work_completion)(&dio->complete_work)); [ 104.189720] lock(&sb->s_type->i_mutex_key#10); [ 104.189728] lock((wq_completion)"dio/%s"sb->s_id); [ 104.189741] [ 104.189741] *** DEADLOCK *** [ 104.189741] [ 104.197580] kobject: 'loop0' (000000006fb6428e): kobject_uevent_env [ 104.198907] 1 lock held by syz-executor1/7524: [ 104.198911] #0: 00000000c2fb724c (&sb->s_type->i_mutex_key#10){+.+.}, at: ext4_file_write_iter+0x2a1/0x1420 [ 104.198955] [ 104.198955] stack backtrace: [ 104.198968] CPU: 1 PID: 7524 Comm: syz-executor1 Not tainted 4.20.0-rc1-next-20181109+ #110 [ 104.198975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.198979] Call Trace: [ 104.199002] dump_stack+0x244/0x39d [ 104.199019] ? dump_stack_print_info.cold.1+0x20/0x20 [ 104.203661] kobject: 'loop0' (000000006fb6428e): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 104.213325] ? vprintk_func+0x85/0x181 [ 104.213345] print_circular_bug.isra.35.cold.56+0x1bd/0x27d [ 104.213358] ? save_trace+0xe0/0x290 [ 104.213373] __lock_acquire+0x3399/0x4c20 [ 104.213394] ? mark_held_locks+0x130/0x130 [ 104.213419] ? __cpu_to_node+0x7d/0xa0 [ 104.213437] ? mark_held_locks+0x130/0x130 [ 104.392210] ? graph_lock+0x270/0x270 [ 104.396025] ? enqueue_entity+0x34b/0x20d0 [ 104.400252] ? __lock_acquire+0x62f/0x4c20 [ 104.404479] ? __lock_is_held+0xb5/0x140 [ 104.408536] lock_acquire+0x1ed/0x520 [ 104.412318] ? flush_workqueue+0x2db/0x1e10 [ 104.416654] ? lock_release+0xa10/0xa10 [ 104.420611] ? lockdep_init_map+0x9/0x10 [ 104.424657] ? __init_waitqueue_head+0x9e/0x150 [ 104.429329] ? init_wait_entry+0x1c0/0x1c0 [ 104.433556] flush_workqueue+0x30a/0x1e10 [ 104.437684] ? flush_workqueue+0x2db/0x1e10 [ 104.441993] ? lock_acquire+0x1ed/0x520 [ 104.445967] ? drain_workqueue+0xa9/0x640 [ 104.450126] ? lock_release+0xa10/0xa10 [ 104.454100] ? lock_release+0xa10/0xa10 [ 104.458076] ? perf_trace_sched_process_exec+0x860/0x860 [ 104.463526] ? cancel_delayed_work+0x3e0/0x3e0 [ 104.468103] ? graph_lock+0x270/0x270 [ 104.471897] ? __mutex_lock+0x85e/0x16f0 [ 104.475941] ? __mutex_lock+0x85e/0x16f0 [ 104.480014] ? drain_workqueue+0xa9/0x640 [ 104.484143] ? __alloc_workqueue_key+0x79a/0x10a0 [ 104.488969] ? find_held_lock+0x36/0x1c0 [ 104.493021] ? drain_workqueue+0x13f/0x640 [ 104.497238] ? lock_downgrade+0x900/0x900 [ 104.501376] ? lock_downgrade+0x900/0x900 [ 104.505510] ? try_to_wake_up+0x11c/0x1490 [ 104.509733] ? graph_lock+0x270/0x270 [ 104.513527] ? kasan_check_write+0x14/0x20 [ 104.517757] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 104.522669] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 104.527583] ? wait_for_completion+0x8a0/0x8a0 [ 104.532149] ? wait_for_completion+0x8a0/0x8a0 [ 104.536734] ? pwq_activate_delayed_work+0x650/0x650 [ 104.541820] drain_workqueue+0x2a9/0x640 [ 104.545872] ? drain_workqueue+0x2a9/0x640 [ 104.550098] ? __alloc_workqueue_key+0xb88/0x10a0 [ 104.554923] ? flush_workqueue+0x1e10/0x1e10 [ 104.559323] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 104.564334] ? save_stack+0x43/0xd0 [ 104.567955] ? kasan_kmalloc+0xc7/0xe0 [ 104.571822] ? kasan_slab_alloc+0x12/0x20 [ 104.575969] ? kmem_cache_alloc+0x12e/0x730 [ 104.580292] ? __blockdev_direct_IO+0x9d/0xc6 [ 104.584781] ? ext4_direct_IO+0xbdc/0x2220 [ 104.589000] ? generic_file_direct_write+0x275/0x4b0 [ 104.594083] ? __generic_file_write_iter+0x2ff/0x630 [ 104.599167] ? ext4_file_write_iter+0x390/0x1420 [ 104.603903] ? aio_write+0x3b1/0x610 [ 104.607603] ? io_submit_one+0xaa1/0xf80 [ 104.611647] ? do_syscall_64+0x1b9/0x820 [ 104.615697] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 104.621042] destroy_workqueue+0xc6/0x9c0 [ 104.625176] ? wq_watchdog_timer_fn+0x810/0x810 [ 104.629827] ? graph_lock+0x270/0x270 [ 104.633625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.639146] ? __lock_is_held+0xb5/0x140 [ 104.643191] ? rcu_read_lock_sched_held+0x14f/0x180 [ 104.648203] ? kmem_cache_alloc+0x33a/0x730 [ 104.652531] ? __lock_acquire+0x62f/0x4c20 [ 104.656752] sb_init_dio_done_wq+0x74/0x90 [ 104.660973] do_blockdev_direct_IO+0x9e7/0xa340 [ 104.665630] ? write_end_fn+0xf0/0xf0 [ 104.669410] ? ext4_get_block_trans+0x2e0/0x2e0 [ 104.674080] ? do_direct_IO+0xc110/0xc110 [ 104.678208] ? graph_lock+0x9c/0x270 [ 104.681905] ? zap_class+0x640/0x640 [ 104.685602] ? kasan_kmalloc+0xc7/0xe0 [ 104.689479] ? kmem_cache_alloc+0x12e/0x730 [ 104.693792] ? noop_count+0x40/0x40 [ 104.697407] ? lockdep_off+0x1c/0x50 [ 104.701105] ? check_usage+0x1aa/0x790 [ 104.704973] ? find_held_lock+0x36/0x1c0 [ 104.709023] ? check_usage_forwards+0x3d0/0x3d0 [ 104.713688] ? kasan_check_read+0x11/0x20 [ 104.717823] ? lockdep_on+0x50/0x50 [ 104.721435] ? print_bfs_bug+0x80/0x80 [ 104.725305] ? kasan_check_write+0x14/0x20 [ 104.729521] ? graph_lock+0x9c/0x270 [ 104.733236] ? depot_save_stack+0x292/0x470 [ 104.737571] ? zap_class+0x640/0x640 [ 104.741315] ? kasan_check_read+0x11/0x20 [ 104.745452] ? __lock_acquire+0x2aff/0x4c20 [ 104.749781] ? print_usage_bug+0xc0/0xc0 [ 104.753823] ? aio_write+0x3b1/0x610 [ 104.757532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.763049] ? invalidate_inode_pages2_range+0x15ef/0x1cb0 [ 104.768657] ? pagecache_isize_extended+0x440/0x440 [ 104.773662] ? find_held_lock+0x36/0x1c0 [ 104.777737] ? ext4_xattr_get+0x1a8/0xb30 [ 104.781870] ? lock_downgrade+0x900/0x900 [ 104.786013] ? graph_lock+0x270/0x270 [ 104.789810] ? print_usage_bug+0xc0/0xc0 [ 104.793867] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.799420] ? graph_lock+0x270/0x270 [ 104.803215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.808751] ? check_preemption_disabled+0x48/0x280 [ 104.813768] ? __lock_is_held+0xb5/0x140 [ 104.817812] ? ext4_get_block_trans+0x2e0/0x2e0 [ 104.822466] __blockdev_direct_IO+0x9d/0xc6 [ 104.826842] ? write_end_fn+0xf0/0xf0 [ 104.830646] ext4_direct_IO+0xbdc/0x2220 [ 104.834690] ? ext4_get_block_trans+0x2e0/0x2e0 [ 104.839345] ? ext4_iomap_end+0x810/0x810 [ 104.843495] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.849048] ? timespec64_trunc+0xea/0x180 [ 104.853287] ? inode_init_owner+0x340/0x340 [ 104.857591] ? __vfs_setxattr+0x180/0x180 [ 104.861720] ? current_time+0x10b/0x1b0 [ 104.865676] ? timespec64_trunc+0x180/0x180 [ 104.870088] ? security_inode_need_killpriv+0x80/0xa0 [ 104.875285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.880819] ? file_update_time+0xe4/0x640 [ 104.885048] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 104.890611] ? filemap_check_errors+0xd8/0x110 [ 104.895192] generic_file_direct_write+0x275/0x4b0 [ 104.900106] __generic_file_write_iter+0x2ff/0x630 [ 104.905018] ext4_file_write_iter+0x390/0x1420 [ 104.909601] ? __fget+0x4d1/0x740 [ 104.913038] ? ext4_file_mmap+0x410/0x410 [ 104.917165] ? find_held_lock+0x36/0x1c0 [ 104.921221] ? aio_write+0x4ce/0x610 [ 104.924927] ? lock_downgrade+0x900/0x900 [ 104.929061] ? __lock_is_held+0xb5/0x140 [ 104.933111] ? rcu_read_lock_sched_held+0x14f/0x180 [ 104.938111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 104.943638] ? __sb_start_write+0x1b2/0x370 [ 104.947952] aio_write+0x3b1/0x610 [ 104.951499] ? aio_complete_rw+0x640/0x640 [ 104.955734] ? lock_downgrade+0x900/0x900 [ 104.959872] ? kasan_check_read+0x11/0x20 [ 104.964005] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 104.969268] io_submit_one+0xaa1/0xf80 [ 104.973139] ? aio_poll+0x1420/0x1420 [ 104.976938] ? __might_fault+0x12b/0x1e0 [ 104.980987] ? lock_downgrade+0x900/0x900 [ 104.985119] ? perf_trace_sched_process_exec+0x860/0x860 [ 104.990554] ? blk_lld_busy+0xa0/0xa0 [ 104.994355] __x64_sys_io_submit+0x1ab/0x580 [ 104.998772] ? __ia32_sys_io_destroy+0x580/0x580 [ 105.003514] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 105.008079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.013603] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.018977] ? trace_hardirqs_off_caller+0x300/0x300 [ 105.024079] do_syscall_64+0x1b9/0x820 [ 105.027974] ? __ia32_sys_io_destroy+0x580/0x580 [ 105.032728] ? do_syscall_64+0x1b9/0x820 [ 105.036793] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 105.042139] ? syscall_return_slowpath+0x5e0/0x5e0 [ 105.047057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.051883] ? trace_hardirqs_on_caller+0x310/0x310 [ 105.056882] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 105.061882] ? prepare_exit_to_usermode+0x291/0x3b0 [ 105.066892] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.071732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.076900] RIP: 0033:0x457569 [ 105.080103] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.099000] RSP: 002b:00007f043ff6bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 105.106698] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 105.113960] RDX: 0000000020000540 RSI: 0000000000000008 RDI: 00007f043ff4b000 [ 105.121221] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 105.128481] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f043ff6c6d4 [ 105.135733] R13: 00000000004be7ed R14: 00000000004ced68 R15: 00000000ffffffff [ 105.156908] ------------[ cut here ]------------ [ 105.161674] downgrading a read lock [ 105.161742] WARNING: CPU: 0 PID: 7528 at kernel/locking/lockdep.c:3556 lock_downgrade+0x4d7/0x900 [ 105.174428] Kernel panic - not syncing: panic_on_warn set ... [ 105.180310] CPU: 0 PID: 7528 Comm: sh Not tainted 4.20.0-rc1-next-20181109+ #110 [ 105.187851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.197186] Call Trace: [ 105.199776] dump_stack+0x244/0x39d [ 105.203388] ? dump_stack_print_info.cold.1+0x20/0x20 [ 105.208576] panic+0x2ad/0x55c [ 105.211753] ? add_taint.cold.5+0x16/0x16 [ 105.215882] ? __warn.cold.8+0x5/0x45 [ 105.219678] ? __warn+0xe8/0x1d0 [ 105.223026] ? lock_downgrade+0x4d7/0x900 [ 105.227157] __warn.cold.8+0x20/0x45 [ 105.230857] ? lock_downgrade+0x4d7/0x900 [ 105.234990] report_bug+0x254/0x2d0 [ 105.238605] do_error_trap+0x11b/0x200 [ 105.242507] do_invalid_op+0x36/0x40 [ 105.246211] ? lock_downgrade+0x4d7/0x900 [ 105.250345] invalid_op+0x14/0x20 [ 105.253837] RIP: 0010:lock_downgrade+0x4d7/0x900 [ 105.258587] Code: 00 00 fc ff df 41 c6 44 05 00 f8 e9 1b ff ff ff 48 c7 c7 00 65 2b 88 4c 89 9d 58 ff ff ff 48 89 85 60 ff ff ff e8 79 41 e7 ff <0f> 0b 48 8b 85 60 ff ff ff 4c 8d 4d d8 4c 89 e9 48 ba 00 00 00 00 [ 105.277479] RSP: 0018:ffff8801c232fb70 EFLAGS: 00010086 [ 105.282861] RAX: 0000000000000000 RBX: 1ffff10038465f74 RCX: 0000000000000000 [ 105.290123] RDX: 0000000000000000 RSI: ffffffff8165ba15 RDI: 0000000000000006 [ 105.297373] RBP: ffff8801c232fc28 R08: ffff8801bb1dc440 R09: fffffbfff12b2254 [ 105.304626] R10: fffffbfff12b2254 R11: ffffffff895912a3 R12: ffffffff8b0e27a0 [ 105.311877] R13: ffff8801c232fbc0 R14: 0000000000000001 R15: ffff8801bb1dc440 [ 105.319153] ? vprintk_func+0x85/0x181 [ 105.323029] ? __do_munmap+0xcd3/0xf80 [ 105.326899] ? lock_set_class+0x770/0x770 [ 105.331033] ? perf_trace_sched_process_exec+0x860/0x860 [ 105.336468] downgrade_write+0x76/0x270 [ 105.340442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.345960] ? up_read+0x2c0/0x2c0 [ 105.349533] ? vma_compute_subtree_gap+0x160/0x240 [ 105.354459] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 105.359479] __do_munmap+0xcd3/0xf80 [ 105.363186] __vm_munmap+0x138/0x1f0 [ 105.366883] ? __do_munmap+0xf80/0xf80 [ 105.370754] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.376103] ? trace_hardirqs_off_caller+0x300/0x300 [ 105.381202] __x64_sys_munmap+0x65/0x80 [ 105.385159] do_syscall_64+0x1b9/0x820 [ 105.389032] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 105.394394] ? syscall_return_slowpath+0x5e0/0x5e0 [ 105.399319] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.404153] ? trace_hardirqs_on_caller+0x310/0x310 [ 105.409153] ? prepare_exit_to_usermode+0x291/0x3b0 [ 105.414154] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.418990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.424187] RIP: 0033:0x7f1c8a787417 [ 105.427924] Code: f0 ff ff 73 01 c3 48 8d 0d 8a ad 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d ad 20 00 31 d2 48 29 c2 89 [ 105.446824] RSP: 002b:00007ffcdfee70d8 EFLAGS: 00000203 ORIG_RAX: 000000000000000b [ 105.454526] RAX: ffffffffffffffda RBX: 00007f1c8a9921c8 RCX: 00007f1c8a787417 [ 105.461777] RDX: 00000000000b7e00 RSI: 00000000000033ef RDI: 00007f1c8a98a000 [ 105.469032] RBP: 00007ffcdfee7240 R08: 0000000000000001 R09: 0000000000000007 [ 105.476295] R10: 00007f1c8a781a0b R11: 0000000000000203 R12: 000000005ed761b6 [ 105.483555] R13: 0000003a5ed761b6 R14: 0000003a5eccaa3a R15: 00007f1c8a988700 [ 105.491766] Kernel Offset: disabled [ 105.495387] Rebooting in 86400 seconds..