[info] Using makefile-style concurrent boot in runlevel 2. [ 24.301544] audit: type=1800 audit(1540641786.836:21): pid=5393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 24.335920] audit: type=1800 audit(1540641786.846:22): pid=5393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.482660] [ 40.484321] ======================================================== [ 40.490796] WARNING: possible irq lock inversion dependency detected [ 40.497265] 4.19.0+ #306 Not tainted [ 40.500957] -------------------------------------------------------- [ 40.507440] syz-executor911/5551 just changed the state of lock: [ 40.513579] 00000000758a85c4 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x63e/0x8d0 [ 40.522621] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 40.529982] (&(&ctx->ctx_lock)->rlock){..-.} [ 40.530003] [ 40.530003] [ 40.530003] and interrupts could create inverse lock ordering between them. [ 40.530003] [ 40.545993] [ 40.545993] other info that might help us debug this: [ 40.552640] Chain exists of: [ 40.552640] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 40.552640] [ 40.564764] Possible interrupt unsafe locking scenario: [ 40.564764] [ 40.571668] CPU0 CPU1 [ 40.576324] ---- ---- [ 40.580973] lock(&ctx->fault_pending_wqh); [ 40.585357] local_irq_disable(); [ 40.591400] lock(&(&ctx->ctx_lock)->rlock); [ 40.598391] lock(&ctx->fd_wqh); [ 40.604354] [ 40.607085] lock(&(&ctx->ctx_lock)->rlock); [ 40.611732] [ 40.611732] *** DEADLOCK *** [ 40.611732] [ 40.617784] no locks held by syz-executor911/5551. [ 40.622686] [ 40.622686] the shortest dependencies between 2nd lock and 1st lock: [ 40.630650] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 40.635645] IN-SOFTIRQ-W at: [ 40.639083] lock_acquire+0x1ed/0x520 [ 40.644865] _raw_spin_lock_irq+0x61/0x80 [ 40.651003] free_ioctx_users+0xbc/0x710 [ 40.657062] percpu_ref_switch_to_atomic_rcu+0x563/0x730 [ 40.664492] rcu_process_callbacks+0x100a/0x1ac0 [ 40.671225] __do_softirq+0x308/0xb7e [ 40.677002] irq_exit+0x17f/0x1c0 [ 40.682437] smp_apic_timer_interrupt+0x1cb/0x760 [ 40.689268] apic_timer_interrupt+0xf/0x20 [ 40.695480] native_safe_halt+0x6/0x10 [ 40.701360] default_idle+0xbf/0x490 [ 40.707052] arch_cpu_idle+0x10/0x20 [ 40.712741] default_idle_call+0x6d/0x90 [ 40.718780] do_idle+0x49b/0x5c0 [ 40.724125] cpu_startup_entry+0x18/0x20 [ 40.730175] rest_init+0x243/0x372 [ 40.737863] arch_call_rest_init+0xe/0x1b [ 40.743987] start_kernel+0xa1f/0xa5a [ 40.749778] x86_64_start_reservations+0x2e/0x30 [ 40.756510] x86_64_start_kernel+0x76/0x79 [ 40.762723] secondary_startup_64+0xa4/0xb0 [ 40.769014] INITIAL USE at: [ 40.772365] lock_acquire+0x1ed/0x520 [ 40.778067] _raw_spin_lock_irq+0x61/0x80 [ 40.784109] aio_poll+0x738/0x1420 [ 40.789555] io_submit_one+0xa49/0xf80 [ 40.795350] __x64_sys_io_submit+0x1b7/0x580 [ 40.801838] do_syscall_64+0x1b9/0x820 [ 40.807631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.814722] } [ 40.816695] ... key at: [] __key.50665+0x0/0x40 [ 40.823598] ... acquired at: [ 40.826858] _raw_spin_lock+0x2d/0x40 [ 40.830822] aio_poll+0x760/0x1420 [ 40.834531] io_submit_one+0xa49/0xf80 [ 40.838596] __x64_sys_io_submit+0x1b7/0x580 [ 40.843161] do_syscall_64+0x1b9/0x820 [ 40.847288] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.852711] [ 40.854314] -> (&ctx->fd_wqh){....} { [ 40.858189] INITIAL USE at: [ 40.861469] lock_acquire+0x1ed/0x520 [ 40.867013] _raw_spin_lock_irqsave+0x99/0xd0 [ 40.873228] add_wait_queue+0x92/0x2b0 [ 40.878833] aio_poll_queue_proc+0xa1/0x100 [ 40.884868] userfaultfd_poll+0xff/0x3a0 [ 40.890645] aio_poll+0x6ad/0x1420 [ 40.895906] io_submit_one+0xa49/0xf80 [ 40.901540] __x64_sys_io_submit+0x1b7/0x580 [ 40.907670] do_syscall_64+0x1b9/0x820 [ 40.913277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.920175] } [ 40.922056] ... key at: [] __key.44286+0x0/0x40 [ 40.928868] ... acquired at: [ 40.932040] _raw_spin_lock+0x2d/0x40 [ 40.936011] userfaultfd_ctx_read+0x4f3/0x2180 [ 40.940752] userfaultfd_read+0x1e2/0x2c0 [ 40.945059] __vfs_read+0x117/0x9b0 [ 40.948857] vfs_read+0x17f/0x3c0 [ 40.952580] ksys_read+0x101/0x260 [ 40.956412] __x64_sys_read+0x73/0xb0 [ 40.960526] do_syscall_64+0x1b9/0x820 [ 40.964567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.969902] [ 40.971510] -> (&ctx->fault_pending_wqh){+.+.} { [ 40.976244] HARDIRQ-ON-W at: [ 40.979511] lock_acquire+0x1ed/0x520 [ 40.984948] _raw_spin_lock+0x2d/0x40 [ 40.990381] userfaultfd_release+0x63e/0x8d0 [ 40.996424] __fput+0x385/0xa30 [ 41.001368] ____fput+0x15/0x20 [ 41.006314] task_work_run+0x1e8/0x2a0 [ 41.011968] do_exit+0x1ad6/0x26d0 [ 41.017146] do_group_exit+0x177/0x440 [ 41.022670] get_signal+0x8b0/0x1980 [ 41.028014] do_signal+0x9c/0x21c0 [ 41.033209] exit_to_usermode_loop+0x2e5/0x380 [ 41.039429] do_syscall_64+0x6be/0x820 [ 41.044952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.051766] SOFTIRQ-ON-W at: [ 41.055028] lock_acquire+0x1ed/0x520 [ 41.060542] _raw_spin_lock+0x2d/0x40 [ 41.066069] userfaultfd_release+0x63e/0x8d0 [ 41.072121] __fput+0x385/0xa30 [ 41.077111] ____fput+0x15/0x20 [ 41.082029] task_work_run+0x1e8/0x2a0 [ 41.087546] do_exit+0x1ad6/0x26d0 [ 41.092716] do_group_exit+0x177/0x440 [ 41.098231] get_signal+0x8b0/0x1980 [ 41.103573] do_signal+0x9c/0x21c0 [ 41.108834] exit_to_usermode_loop+0x2e5/0x380 [ 41.115067] do_syscall_64+0x6be/0x820 [ 41.120727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.127544] INITIAL USE at: [ 41.130721] lock_acquire+0x1ed/0x520 [ 41.136065] _raw_spin_lock+0x2d/0x40 [ 41.141407] userfaultfd_ctx_read+0x4f3/0x2180 [ 41.147535] userfaultfd_read+0x1e2/0x2c0 [ 41.153230] __vfs_read+0x117/0x9b0 [ 41.158419] vfs_read+0x17f/0x3c0 [ 41.163415] ksys_read+0x101/0x260 [ 41.168498] __x64_sys_read+0x73/0xb0 [ 41.173951] do_syscall_64+0x1b9/0x820 [ 41.179388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.186147] } [ 41.187938] ... key at: [] __key.44283+0x0/0x40 [ 41.194686] ... acquired at: [ 41.197793] mark_lock+0x9b5/0x1cd0 [ 41.201655] __lock_acquire+0xd15/0x4c20 [ 41.205920] lock_acquire+0x1ed/0x520 [ 41.209881] _raw_spin_lock+0x2d/0x40 [ 41.213837] userfaultfd_release+0x63e/0x8d0 [ 41.218398] __fput+0x385/0xa30 [ 41.221831] ____fput+0x15/0x20 [ 41.225270] task_work_run+0x1e8/0x2a0 [ 41.229323] do_exit+0x1ad6/0x26d0 [ 41.233030] do_group_exit+0x177/0x440 [ 41.237072] get_signal+0x8b0/0x1980 [ 41.240942] do_signal+0x9c/0x21c0 [ 41.244641] exit_to_usermode_loop+0x2e5/0x380 [ 41.249381] do_syscall_64+0x6be/0x820 [ 41.253430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.258827] [ 41.260452] [ 41.260452] stack backtrace: [ 41.264937] CPU: 0 PID: 5551 Comm: syz-executor911 Not tainted 4.19.0+ #306 [ 41.272024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.281360] Call Trace: [ 41.283932] dump_stack+0x244/0x39d [ 41.287548] ? dump_stack_print_info.cold.1+0x20/0x20 [ 41.292815] ? print_shortest_lock_dependencies.cold.55+0x18e/0x211 [ 41.299252] ? vprintk_func+0x85/0x181 [ 41.303129] print_irq_inversion_bug.part.37+0x2c7/0x2d6 [ 41.308653] check_usage_backwards.cold.56+0x1d/0x26 [ 41.313746] ? print_shortest_lock_dependencies+0x80/0x80 [ 41.319271] ? __save_stack_trace+0x8d/0xf0 [ 41.323576] ? save_stack_trace+0x1a/0x20 [ 41.327895] ? save_trace+0xe0/0x290 [ 41.331600] mark_lock+0x9b5/0x1cd0 [ 41.335259] ? print_shortest_lock_dependencies+0x80/0x80 [ 41.340787] ? print_usage_bug+0xc0/0xc0 [ 41.344837] ? print_usage_bug+0xc0/0xc0 [ 41.348886] ? mark_held_locks+0x130/0x130 [ 41.353108] ? lock_unpin_lock+0x4a0/0x4a0 [ 41.357326] __lock_acquire+0xd15/0x4c20 [ 41.361408] ? __lock_acquire+0x62f/0x4c20 [ 41.365708] ? mark_held_locks+0x130/0x130 [ 41.370089] ? print_usage_bug+0xc0/0xc0 [ 41.374279] ? mark_held_locks+0x130/0x130 [ 41.378533] ? mark_held_locks+0x130/0x130 [ 41.382875] ? lock_downgrade+0x900/0x900 [ 41.387011] ? check_preemption_disabled+0x48/0x280 [ 41.392012] ? print_usage_bug+0xc0/0xc0 [ 41.396053] ? print_usage_bug+0xc0/0xc0 [ 41.400196] ? mark_held_locks+0x130/0x130 [ 41.404431] ? print_usage_bug+0xc0/0xc0 [ 41.408495] ? __lock_acquire+0x62f/0x4c20 [ 41.412730] ? zap_class+0x640/0x640 [ 41.416427] ? zap_class+0x640/0x640 [ 41.420187] ? print_usage_bug+0xc0/0xc0 [ 41.424315] ? __lock_acquire+0x62f/0x4c20 [ 41.428607] ? find_held_lock+0x36/0x1c0 [ 41.432679] lock_acquire+0x1ed/0x520 [ 41.436601] ? userfaultfd_release+0x63e/0x8d0 [ 41.441268] ? lock_release+0xa00/0xa00 [ 41.445597] ? lock_downgrade+0x900/0x900 [ 41.449734] ? trace_hardirqs_off+0xb8/0x310 [ 41.454131] ? kasan_check_read+0x11/0x20 [ 41.458265] ? do_raw_spin_unlock+0xa7/0x330 [ 41.462680] _raw_spin_lock+0x2d/0x40 [ 41.466461] ? userfaultfd_release+0x63e/0x8d0 [ 41.471033] userfaultfd_release+0x63e/0x8d0 [ 41.475425] ? userfaultfd_ctx_get+0x2f0/0x2f0 [ 41.480062] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 41.485584] ? ima_file_free+0x132/0x650 [ 41.489630] ? ima_file_check+0x130/0x130 [ 41.493764] ? fsnotify+0x12f0/0x12f0 [ 41.497663] ? userfaultfd_ctx_get+0x2f0/0x2f0 [ 41.502235] __fput+0x385/0xa30 [ 41.505497] ? get_max_files+0x20/0x20 [ 41.509408] ? trace_hardirqs_on+0xbd/0x310 [ 41.513718] ? kasan_check_read+0x11/0x20 [ 41.517851] ? task_work_run+0x1af/0x2a0 [ 41.521899] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.527046] ____fput+0x15/0x20 [ 41.530313] task_work_run+0x1e8/0x2a0 [ 41.534207] ? task_work_cancel+0x240/0x240 [ 41.538603] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.544144] ? switch_task_namespaces+0x9d/0xd0 [ 41.548811] do_exit+0x1ad6/0x26d0 [ 41.552347] ? mm_update_next_owner+0x990/0x990 [ 41.557000] ? print_usage_bug+0xc0/0xc0 [ 41.561046] ? userfaultfd_ctx_read+0xce2/0x2180 [ 41.565790] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.570273] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.574754] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.579322] ? trace_hardirqs_on+0xbd/0x310 [ 41.583633] ? kasan_check_read+0x11/0x20 [ 41.587759] ? userfaultfd_ctx_read+0xce2/0x2180 [ 41.592543] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.597635] ? __lock_acquire+0x62f/0x4c20 [ 41.601854] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.607378] ? userfaultfd_ctx_read+0xd40/0x2180 [ 41.612243] ? mark_held_locks+0x130/0x130 [ 41.616633] ? userfaultfd_release+0x8d0/0x8d0 [ 41.621202] ? save_stack+0x43/0xd0 [ 41.624813] ? kasan_kmalloc+0xc7/0xe0 [ 41.628686] ? kmem_cache_alloc_trace+0x152/0x750 [ 41.633544] ? security_file_alloc+0x4c/0xa0 [ 41.637992] ? __alloc_file+0x12a/0x470 [ 41.641957] ? wake_up_q+0x100/0x100 [ 41.645661] ? find_held_lock+0x36/0x1c0 [ 41.649732] ? zap_class+0x640/0x640 [ 41.653436] ? zap_class+0x640/0x640 [ 41.657132] ? find_held_lock+0x36/0x1c0 [ 41.661180] ? memset+0x31/0x40 [ 41.664448] ? find_held_lock+0x36/0x1c0 [ 41.668494] ? get_signal+0x95b/0x1980 [ 41.672383] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.676864] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.681348] do_group_exit+0x177/0x440 [ 41.685233] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.690324] ? __ia32_sys_exit+0x50/0x50 [ 41.694406] get_signal+0x8b0/0x1980 [ 41.698109] ? ptrace_notify+0x130/0x130 [ 41.702159] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.707701] ? userfaultfd_read+0x213/0x2c0 [ 41.712010] ? userfaultfd_ctx_read+0x2180/0x2180 [ 41.716842] ? kasan_check_read+0x11/0x20 [ 41.721035] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.726303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.731830] ? __vfs_read+0x11f/0x9b0 [ 41.735619] do_signal+0x9c/0x21c0 [ 41.739141] ? fsnotify+0x12f0/0x12f0 [ 41.742922] ? userfaultfd_read+0x2c0/0x2c0 [ 41.747230] ? setup_sigcontext+0x7d0/0x7d0 [ 41.751544] ? exit_to_usermode_loop+0x8c/0x380 [ 41.756201] ? exit_to_usermode_loop+0x8c/0x380 [ 41.760864] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 41.765428] ? trace_hardirqs_on+0xbd/0x310 [ 41.769741] ? do_syscall_64+0x6be/0x820 [ 41.773789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.779309] exit_to_usermode_loop+0x2e5/0x380 [ 41.783880] ? __bpf_trace_sys_exit+0x30/0x30 [ 41.788361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.793887] ? ksys_ioctl+0x81/0xd0 [ 41.797498] do_syscall_64+0x6be/0x820 [ 41.801415] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.806771] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.811691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.816524] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.821533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.826540] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.831546] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.836373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.841698] RIP: 0033:0x440e99 [ 41.844924] Code: Bad RIP value. [ 41.848385] RSP: 002b:00007ffd69bf8a18 EFLAGS: 00000217 ORIG_RAX: 0000000000000000 [ 41.856075] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 0000000000440e99 [ 41.863327] RDX: 0000000000000064 RSI: 0000000020009f9c RDI: 0000000000000004 [ 41.870631] RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 [ 41.877887] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401de0 executing program [ 41.885140] R13: 0000000000401e70 R14: 0000000000000000 R15: 0000000000000000 executing program