[ 35.827020] audit: type=1800 audit(1549063560.676:27): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.846896] audit: type=1800 audit(1549063560.676:28): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.820271] audit: type=1800 audit(1549063561.716:29): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.838885] audit: type=1800 audit(1549063561.726:30): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. 2019/02/01 23:26:14 parsed 1 programs 2019/02/01 23:26:16 executed programs: 0 syzkaller login: [ 52.059933] IPVS: ftp: loaded support on port[0] = 21 [ 52.059955] IPVS: ftp: loaded support on port[0] = 21 [ 52.074725] IPVS: ftp: loaded support on port[0] = 21 [ 52.105999] IPVS: ftp: loaded support on port[0] = 21 [ 52.111421] IPVS: ftp: loaded support on port[0] = 21 [ 52.135669] IPVS: ftp: loaded support on port[0] = 21 [ 52.344465] chnl_net:caif_netlink_parms(): no params data found [ 52.465460] chnl_net:caif_netlink_parms(): no params data found [ 52.484305] chnl_net:caif_netlink_parms(): no params data found [ 52.524400] chnl_net:caif_netlink_parms(): no params data found [ 52.556858] chnl_net:caif_netlink_parms(): no params data found [ 52.599700] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.606363] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.613922] device bridge_slave_0 entered promiscuous mode [ 52.655395] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.661706] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.668697] device bridge_slave_1 entered promiscuous mode [ 52.675697] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.682083] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.689063] device bridge_slave_0 entered promiscuous mode [ 52.702115] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.708535] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.715844] device bridge_slave_1 entered promiscuous mode [ 52.733931] chnl_net:caif_netlink_parms(): no params data found [ 52.749987] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.756488] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.763821] device bridge_slave_0 entered promiscuous mode [ 52.792804] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.799144] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.806147] device bridge_slave_0 entered promiscuous mode [ 52.826647] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.833145] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.840017] device bridge_slave_1 entered promiscuous mode [ 52.848118] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.863341] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.870958] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.877453] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.884683] device bridge_slave_1 entered promiscuous mode [ 52.891928] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.910441] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.917060] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.924169] device bridge_slave_0 entered promiscuous mode [ 52.935901] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.942300] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.949633] device bridge_slave_1 entered promiscuous mode [ 52.960807] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.990969] team0: Port device team_slave_0 added [ 53.010634] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.025211] team0: Port device team_slave_1 added [ 53.031237] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.042862] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.061996] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.068412] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.075714] device bridge_slave_0 entered promiscuous mode [ 53.083647] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.091254] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.097627] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.104838] device bridge_slave_1 entered promiscuous mode [ 53.115799] team0: Port device team_slave_0 added [ 53.128251] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.141561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.155500] team0: Port device team_slave_1 added [ 53.167400] team0: Port device team_slave_0 added [ 53.225131] device hsr_slave_0 entered promiscuous mode [ 53.284851] device hsr_slave_1 entered promiscuous mode [ 53.386477] device hsr_slave_0 entered promiscuous mode [ 53.423312] device hsr_slave_1 entered promiscuous mode [ 53.462904] team0: Port device team_slave_1 added [ 53.475873] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.488253] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.496923] team0: Port device team_slave_0 added [ 53.508730] team0: Port device team_slave_0 added [ 53.515055] team0: Port device team_slave_1 added [ 53.532498] team0: Port device team_slave_1 added [ 53.547942] team0: Port device team_slave_0 added [ 53.559200] team0: Port device team_slave_1 added [ 53.625777] device hsr_slave_0 entered promiscuous mode [ 53.682323] device hsr_slave_1 entered promiscuous mode [ 53.783785] device hsr_slave_0 entered promiscuous mode [ 53.822386] device hsr_slave_1 entered promiscuous mode [ 53.923833] device hsr_slave_0 entered promiscuous mode [ 53.972516] device hsr_slave_1 entered promiscuous mode [ 54.105036] device hsr_slave_0 entered promiscuous mode [ 54.145063] device hsr_slave_1 entered promiscuous mode [ 54.235240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.286043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.301533] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.313871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.339221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.346799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.367167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.386794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.394897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.403124] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.409551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.417264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.425560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.433334] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.439669] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.446541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.453768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.474376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.489697] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.504541] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.512267] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.519296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.527396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.535547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.544028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.551497] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.558692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.565732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.572911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.579715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.587532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.595571] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.601898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.609067] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.619043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.628218] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.640843] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.648968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.657148] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.663506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.680936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.699287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.706290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.713486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.721405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.729760] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.736126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.743831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.751425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.758988] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.765318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.771976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.779984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.787925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.795635] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.801974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.808916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.816813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.824430] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.830748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.837596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.844674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.859603] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.878178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.887495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.895466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.905302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.913342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.920919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.929161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.937460] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.945545] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.957647] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.981548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.989601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.997806] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.005468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.013982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.021568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.029349] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.037154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.045077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.052726] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.059074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.067029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.074891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.082464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.090127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.098287] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.104676] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.111388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.119190] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.126713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.134599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.142239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.149664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.157423] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.165105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.184817] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.195669] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.207265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.218534] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.225897] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.234864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.241824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.248992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.256901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.264774] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.271082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.278059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.285681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.293695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.301082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.308894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.316424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.324189] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.331743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.339375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.347036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.354948] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.361273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.368105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.377799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.385332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.411669] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.421994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.439051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.448195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.455766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.463357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.470760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.478256] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.485816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.493360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.500635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.508338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.515732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.523474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.532846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.550331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.558786] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.566025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.572969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.598055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.605690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.616455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.624539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.632197] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.660356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.677295] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.696173] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.706873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.717328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.726264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.734215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.741583] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.749205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.757044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.764463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.778565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.810740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.839087] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/01 23:26:22 executed programs: 12 [ 59.391987] [ 59.393634] ===================================================== [ 59.399851] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 59.406573] 5.0.0-rc4+ #56 Not tainted [ 59.410487] ----------------------------------------------------- [ 59.416704] syz-executor3/7717 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 59.423859] 000000005e3bcfc5 (&ctx->fd_wqh){....}, at: io_submit_one+0xedf/0x1cf0 [ 59.431466] [ 59.431466] and this task is already holding: [ 59.437463] 00000000e5b8635d (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xeb6/0x1cf0 [ 59.446155] which would create a new lock dependency: [ 59.451330] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....} [ 59.457914] [ 59.457914] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 59.465953] (&(&ctx->ctx_lock)->rlock){..-.} [ 59.465958] [ 59.465958] ... which became SOFTIRQ-irq-safe at: [ 59.476754] lock_acquire+0x16f/0x3f0 [ 59.480616] _raw_spin_lock_irq+0x60/0x80 [ 59.484833] free_ioctx_users+0x2d/0x4a0 [ 59.488960] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 59.494503] rcu_process_callbacks+0x928/0x1390 [ 59.499252] __do_softirq+0x266/0x95a [ 59.503123] irq_exit+0x180/0x1d0 [ 59.506635] smp_apic_timer_interrupt+0x14a/0x570 [ 59.511538] apic_timer_interrupt+0xf/0x20 [ 59.515830] native_safe_halt+0x2/0x10 [ 59.519780] arch_cpu_idle+0x10/0x20 [ 59.523550] default_idle_call+0x36/0x90 [ 59.527688] do_idle+0x386/0x570 [ 59.531112] cpu_startup_entry+0x1b/0x20 [ 59.535256] rest_init+0x245/0x37b [ 59.538863] arch_call_rest_init+0xe/0x1b [ 59.543075] start_kernel+0x808/0x841 [ 59.546934] x86_64_start_reservations+0x29/0x2b [ 59.551757] x86_64_start_kernel+0x77/0x7b [ 59.556065] secondary_startup_64+0xa4/0xb0 [ 59.560468] [ 59.560468] to a SOFTIRQ-irq-unsafe lock: [ 59.566058] (&ctx->fault_pending_wqh){+.+.} [ 59.566075] [ 59.566075] ... which became SOFTIRQ-irq-unsafe at: [ 59.576920] ... [ 59.576927] lock_acquire+0x16f/0x3f0 [ 59.582656] _raw_spin_lock+0x2f/0x40 [ 59.586525] userfaultfd_release+0x497/0x6d0 [ 59.590994] __fput+0x2df/0x8d0 [ 59.594346] ____fput+0x16/0x20 [ 59.597704] task_work_run+0x14a/0x1c0 [ 59.601688] get_signal+0x1467/0x1750 [ 59.605548] do_signal+0x87/0x1940 [ 59.609146] exit_to_usermode_loop+0x244/0x2c0 [ 59.613796] do_syscall_64+0x52d/0x610 [ 59.617751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.623092] [ 59.623092] other info that might help us debug this: [ 59.623092] [ 59.631206] Chain exists of: [ 59.631206] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 59.631206] [ 59.643324] Possible interrupt unsafe locking scenario: [ 59.643324] [ 59.650216] CPU0 CPU1 [ 59.654853] ---- ---- [ 59.659499] lock(&ctx->fault_pending_wqh); [ 59.663875] local_irq_disable(); [ 59.669903] lock(&(&ctx->ctx_lock)->rlock); [ 59.676891] lock(&ctx->fd_wqh); [ 59.682830] [ 59.685554] lock(&(&ctx->ctx_lock)->rlock); [ 59.690193] [ 59.690193] *** DEADLOCK *** [ 59.690193] [ 59.696221] 1 lock held by syz-executor3/7717: [ 59.700774] #0: 00000000e5b8635d (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xeb6/0x1cf0 [ 59.709848] [ 59.709848] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 59.718827] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 59.723644] IN-SOFTIRQ-W at: [ 59.726914] lock_acquire+0x16f/0x3f0 [ 59.732341] _raw_spin_lock_irq+0x60/0x80 [ 59.738123] free_ioctx_users+0x2d/0x4a0 [ 59.743818] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 59.750894] rcu_process_callbacks+0x928/0x1390 [ 59.757197] __do_softirq+0x266/0x95a [ 59.762649] irq_exit+0x180/0x1d0 [ 59.767731] smp_apic_timer_interrupt+0x14a/0x570 [ 59.774218] apic_timer_interrupt+0xf/0x20 [ 59.780112] native_safe_halt+0x2/0x10 [ 59.785655] arch_cpu_idle+0x10/0x20 [ 59.791023] default_idle_call+0x36/0x90 [ 59.796713] do_idle+0x386/0x570 [ 59.801717] cpu_startup_entry+0x1b/0x20 [ 59.807401] rest_init+0x245/0x37b [ 59.812576] arch_call_rest_init+0xe/0x1b [ 59.818359] start_kernel+0x808/0x841 [ 59.823788] x86_64_start_reservations+0x29/0x2b [ 59.830169] x86_64_start_kernel+0x77/0x7b [ 59.836043] secondary_startup_64+0xa4/0xb0 [ 59.842011] INITIAL USE at: [ 59.845178] lock_acquire+0x16f/0x3f0 [ 59.850535] _raw_spin_lock_irq+0x60/0x80 [ 59.856220] free_ioctx_users+0x2d/0x4a0 [ 59.861817] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 59.868801] rcu_process_callbacks+0x928/0x1390 [ 59.875015] __do_softirq+0x266/0x95a [ 59.880360] irq_exit+0x180/0x1d0 [ 59.885348] smp_apic_timer_interrupt+0x14a/0x570 [ 59.891736] apic_timer_interrupt+0xf/0x20 [ 59.897506] native_safe_halt+0x2/0x10 [ 59.902930] arch_cpu_idle+0x10/0x20 [ 59.908200] default_idle_call+0x36/0x90 [ 59.913806] do_idle+0x386/0x570 [ 59.918715] cpu_startup_entry+0x1b/0x20 [ 59.924310] rest_init+0x245/0x37b [ 59.929396] arch_call_rest_init+0xe/0x1b [ 59.935076] start_kernel+0x808/0x841 [ 59.940409] x86_64_start_reservations+0x29/0x2b [ 59.946699] x86_64_start_kernel+0x77/0x7b [ 59.952489] secondary_startup_64+0xa4/0xb0 [ 59.958358] } [ 59.960150] ... key at: [] __key.51972+0x0/0x40 [ 59.966884] ... acquired at: [ 59.969965] lock_acquire+0x16f/0x3f0 [ 59.973919] _raw_spin_lock+0x2f/0x40 [ 59.977885] io_submit_one+0xedf/0x1cf0 [ 59.982024] __x64_sys_io_submit+0x1bd/0x580 [ 59.986578] do_syscall_64+0x103/0x610 [ 59.990612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.995945] [ 59.997554] [ 59.997554] the dependencies between the lock to be acquired [ 59.997556] and SOFTIRQ-irq-unsafe lock: [ 60.008917] -> (&ctx->fault_pending_wqh){+.+.} { [ 60.013755] HARDIRQ-ON-W at: [ 60.017107] lock_acquire+0x16f/0x3f0 [ 60.022709] _raw_spin_lock+0x2f/0x40 [ 60.028321] userfaultfd_release+0x497/0x6d0 [ 60.034541] __fput+0x2df/0x8d0 [ 60.039618] ____fput+0x16/0x20 [ 60.044704] task_work_run+0x14a/0x1c0 [ 60.050393] get_signal+0x1467/0x1750 [ 60.055993] do_signal+0x87/0x1940 [ 60.061332] exit_to_usermode_loop+0x244/0x2c0 [ 60.067710] do_syscall_64+0x52d/0x610 [ 60.073401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.080392] SOFTIRQ-ON-W at: [ 60.083735] lock_acquire+0x16f/0x3f0 [ 60.089330] _raw_spin_lock+0x2f/0x40 [ 60.094924] userfaultfd_release+0x497/0x6d0 [ 60.101149] __fput+0x2df/0x8d0 [ 60.106258] ____fput+0x16/0x20 [ 60.111333] task_work_run+0x14a/0x1c0 [ 60.117019] get_signal+0x1467/0x1750 [ 60.122620] do_signal+0x87/0x1940 [ 60.127958] exit_to_usermode_loop+0x244/0x2c0 [ 60.134354] do_syscall_64+0x52d/0x610 [ 60.140045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.147039] INITIAL USE at: [ 60.150296] lock_acquire+0x16f/0x3f0 [ 60.155808] _raw_spin_lock+0x2f/0x40 [ 60.161318] userfaultfd_read+0x540/0x1940 [ 60.167272] __vfs_read+0x116/0x8c0 [ 60.172620] vfs_read+0x194/0x3e0 [ 60.177786] ksys_read+0xea/0x1f0 [ 60.182948] __x64_sys_read+0x73/0xb0 [ 60.188469] do_syscall_64+0x103/0x610 [ 60.194071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.200989] } [ 60.202876] ... key at: [] __key.44851+0x0/0x40 [ 60.209706] ... acquired at: [ 60.212875] _raw_spin_lock+0x2f/0x40 [ 60.216832] userfaultfd_read+0x540/0x1940 [ 60.221223] __vfs_read+0x116/0x8c0 [ 60.224992] vfs_read+0x194/0x3e0 [ 60.228589] ksys_read+0xea/0x1f0 [ 60.232193] __x64_sys_read+0x73/0xb0 [ 60.236161] do_syscall_64+0x103/0x610 [ 60.240193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.245532] [ 60.247131] -> (&ctx->fd_wqh){....} { [ 60.250903] INITIAL USE at: [ 60.254091] lock_acquire+0x16f/0x3f0 [ 60.259434] _raw_spin_lock_irq+0x60/0x80 [ 60.265119] userfaultfd_read+0x27a/0x1940 [ 60.270889] __vfs_read+0x116/0x8c0 [ 60.276052] vfs_read+0x194/0x3e0 [ 60.281040] ksys_read+0xea/0x1f0 [ 60.286032] __x64_sys_read+0x73/0xb0 [ 60.291368] do_syscall_64+0x103/0x610 [ 60.296807] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.303539] } [ 60.305350] ... key at: [] __key.44854+0x0/0x40 [ 60.312072] ... acquired at: [ 60.315154] lock_acquire+0x16f/0x3f0 [ 60.319100] _raw_spin_lock+0x2f/0x40 [ 60.323088] io_submit_one+0xedf/0x1cf0 [ 60.327233] __x64_sys_io_submit+0x1bd/0x580 [ 60.331789] do_syscall_64+0x103/0x610 [ 60.335829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.341181] [ 60.342788] [ 60.342788] stack backtrace: [ 60.347278] CPU: 0 PID: 7717 Comm: syz-executor3 Not tainted 5.0.0-rc4+ #56 [ 60.354352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.363684] Call Trace: [ 60.366261] dump_stack+0x172/0x1f0 [ 60.369861] check_usage.cold+0x60f/0x940 [ 60.373993] ? check_usage_forwards+0x340/0x340 [ 60.378667] ? __kernel_text_address+0xd/0x40 [ 60.383149] ? check_noncircular+0x20/0x20 [ 60.387368] ? check_noncircular+0x20/0x20 [ 60.391578] ? save_trace+0x290/0x290 [ 60.395356] __lock_acquire+0x1f47/0x4700 [ 60.399496] ? __lock_acquire+0x1f47/0x4700 [ 60.403801] ? mark_held_locks+0x100/0x100 [ 60.408007] ? __debug_object_init+0x190/0xc30 [ 60.412569] ? mark_held_locks+0x100/0x100 [ 60.416788] ? add_wait_queue+0x112/0x170 [ 60.420922] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 60.425998] ? add_wait_queue+0x112/0x170 [ 60.430142] ? lockdep_hardirqs_on+0x415/0x5d0 [ 60.434717] ? trace_hardirqs_on+0x67/0x230 [ 60.439022] ? kasan_check_read+0x11/0x20 [ 60.443145] lock_acquire+0x16f/0x3f0 [ 60.446926] ? io_submit_one+0xedf/0x1cf0 [ 60.451061] _raw_spin_lock+0x2f/0x40 [ 60.454844] ? io_submit_one+0xedf/0x1cf0 [ 60.458978] io_submit_one+0xedf/0x1cf0 [ 60.462925] ? init_once_userfaultfd_ctx+0xd0/0xd0 [ 60.467835] ? ioctx_alloc+0x1db0/0x1db0 [ 60.471882] ? __might_fault+0x12b/0x1e0 [ 60.475919] ? aio_setup_rw+0x180/0x180 [ 60.479875] __x64_sys_io_submit+0x1bd/0x580 [ 60.484261] ? __x64_sys_io_submit+0x1bd/0x580 [ 60.488823] ? __ia32_sys_io_destroy+0x420/0x420 [ 60.493562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 60.498298] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 60.503027] ? do_syscall_64+0x26/0x610 [ 60.506978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.512326] ? do_syscall_64+0x26/0x610 [ 60.516292] ? lockdep_hardirqs_on+0x415/0x5d0 [ 60.520853] do_syscall_64+0x103/0x610 [ 60.524730] ? __ia32_sys_io_destroy+0x420/0x420 [ 60.529465] ? do_syscall_64+0x103/0x610 [ 60.533511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.538693] RIP: 0033:0x457e39 [ 60.541858] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.560732] RSP: 002b:00007f526ea2dc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 60.568411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e39 [ 60.575655] RDX: 0000000020000600 RSI: 0000000000000001 RDI: 00007f526ea2f000 [ 60.582907] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 60.590158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f526ea2e6d4 [ 60.597400] R13: 00000000004bf045 R14: 00000000004d0878 R15: 00000000ffffffff [ 60.691588] kobject: 'loop1' (00000000821a1e6f): kobject_uevent_env [ 60.704538] kobject: 'loop1' (00000000821a1e6f): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 60.714699] kobject: 'loop5' (000000009a5dcc1c): kobject_uevent_env [ 60.721166] kobject: 'loop5' (000000009a5dcc1c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 60.732003] kobject: 'loop3' (000000008d62a727): kobject_uevent_env [ 60.745691] kobject: 'loop3' (000000008d62a727): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 60.760720] kobject: 'loop2' (000000002031617d): kobject_uevent_env [ 60.767582] kobject: 'loop2' (000000002031617d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 60.780673] kobject: 'loop0' (00000000b6fd193a): kobject_uevent_env [ 60.787294] kobject: 'loop0' (00000000b6fd193a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 60.798576] kobject: 'loop4' (00000000b9300b2c): kobject_uevent_env [ 60.805063] kobject: 'loop4' (00000000b9300b2c): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 61.616624] kobject: 'loop5' (000000009a5dcc1c): kobject_uevent_env [ 61.626360] kobject: 'loop5' (000000009a5dcc1c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 61.640223] kobject: 'loop1' (00000000821a1e6f): kobject_uevent_env [ 61.647347] kobject: 'loop1' (00000000821a1e6f): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 61.657578] kobject: 'loop3' (000000008d62a727): kobject_uevent_env [ 61.666950] kobject: 'loop3' (000000008d62a727): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 61.676980] kobject: 'loop2' (000000002031617d): kobject_uevent_env [ 61.687078] kobject: 'loop2' (000000002031617d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 61.701080] kobject: 'loop4' (00000000b9300b2c): kobject_uevent_env [ 61.715761] kobject: 'loop4' (00000000b9300b2c): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 61.726253] kobject: 'loop0' (00000000b6fd193a): kobject_uevent_env [ 61.733002] kobject: 'loop0' (00000000b6fd193a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 62.555584] kobject: 'loop1' (00000000821a1e6f): kobject_uevent_env [ 62.562054] kobject: 'loop1' (00000000821a1e6f): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 62.582014] kobject: 'loop5' (000000009a5dcc1c): kobject_uevent_env [ 62.591317] kobject: 'loop5' (000000009a5dcc1c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 62.603498] kobject: 'loop3' (000000008d62a727): kobject_uevent_env [ 62.609928] kobject: 'loop3' (000000008d62a727): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 62.619866] kobject: 'loop2' (000000002031617d): kobject_uevent_env [ 62.627537] kobject: 'loop2' (000000002031617d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 62.641632] kobject: 'loop4' (00000000b9300b2c): kobject_uevent_env [ 62.652256] kobject: 'loop4' (00000000b9300b2c): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 62.661937] kobject: 'loop0' (00000000b6fd193a): kobject_uevent_env [ 62.670042] kobject: 'loop0' (00000000b6fd193a): fill_kobj_path: path = '/devices/virtual/block/loop0'