[ OK ] Started Regular background program processing daemon. Starting System Logging Service... Starting Permit User Sessions... [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 70.326548][ T27] audit: type=1400 audit(1597002500.482:8): avc: denied { execmem } for pid=6849 comm="syz-executor233" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 70.343351][ C0] [ 70.349492][ C0] ======================================================== [ 70.356659][ C0] WARNING: possible irq lock inversion dependency detected [ 70.363832][ C0] 5.8.0-syzkaller #0 Not tainted [ 70.368736][ C0] -------------------------------------------------------- [ 70.375939][ C0] syz-executor233/6849 just changed the state of lock: [ 70.382788][ C0] ffff8880a075a4d8 (&ctx->completion_lock){-...}-{2:2}, at: io_timeout_fn+0x6c/0x3f0 [ 70.392254][ C0] but this lock took another, HARDIRQ-unsafe lock in the past: [ 70.399801][ C0] (&fs->lock){+.+.}-{2:2} [ 70.399808][ C0] [ 70.399808][ C0] [ 70.399808][ C0] and interrupts could create inverse lock ordering between them. [ 70.399808][ C0] [ 70.418465][ C0] [ 70.418465][ C0] other info that might help us debug this: [ 70.426493][ C0] Possible interrupt unsafe locking scenario: [ 70.426493][ C0] [ 70.434777][ C0] CPU0 CPU1 [ 70.440109][ C0] ---- ---- [ 70.445453][ C0] lock(&fs->lock); [ 70.449314][ C0] local_irq_disable(); [ 70.456037][ C0] lock(&ctx->completion_lock); [ 70.463467][ C0] lock(&fs->lock); [ 70.469844][ C0] [ 70.473268][ C0] lock(&ctx->completion_lock); [ 70.478391][ C0] [ 70.478391][ C0] *** DEADLOCK *** [ 70.478391][ C0] [ 70.486529][ C0] 1 lock held by syz-executor233/6849: [ 70.491960][ C0] #0: ffff8880a075a428 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 70.503476][ C0] [ 70.503476][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 70.512829][ C0] -> (&fs->lock){+.+.}-{2:2} { [ 70.517661][ C0] HARDIRQ-ON-W at: [ 70.521706][ C0] lock_acquire+0x1f1/0xad0 [ 70.528003][ C0] _raw_spin_lock+0x2a/0x40 [ 70.534297][ C0] set_fs_pwd+0x85/0x290 [ 70.540342][ C0] init_chdir+0x106/0x14e [ 70.546464][ C0] devtmpfsd+0x76/0x333 [ 70.552413][ C0] kthread+0x3b5/0x4a0 [ 70.558274][ C0] ret_from_fork+0x1f/0x30 [ 70.564480][ C0] SOFTIRQ-ON-W at: [ 70.568528][ C0] lock_acquire+0x1f1/0xad0 [ 70.574834][ C0] _raw_spin_lock+0x2a/0x40 [ 70.581127][ C0] set_fs_pwd+0x85/0x290 [ 70.587339][ C0] init_chdir+0x106/0x14e [ 70.593502][ C0] devtmpfsd+0x76/0x333 [ 70.599450][ C0] kthread+0x3b5/0x4a0 [ 70.605309][ C0] ret_from_fork+0x1f/0x30 [ 70.611513][ C0] INITIAL USE at: [ 70.615463][ C0] lock_acquire+0x1f1/0xad0 [ 70.621669][ C0] _raw_spin_lock+0x2a/0x40 [ 70.627878][ C0] set_fs_pwd+0x85/0x290 [ 70.633826][ C0] init_chdir+0x106/0x14e [ 70.639871][ C0] devtmpfsd+0x76/0x333 [ 70.645743][ C0] kthread+0x3b5/0x4a0 [ 70.651518][ C0] ret_from_fork+0x1f/0x30 [ 70.657632][ C0] } [ 70.660193][ C0] ... key at: [] __key.1+0x0/0x40 [ 70.667350][ C0] ... acquired at: [ 70.671211][ C0] _raw_spin_lock+0x2a/0x40 [ 70.675861][ C0] io_dismantle_req+0x3ec/0x9e0 [ 70.680862][ C0] __io_free_req+0x16/0x3c0 [ 70.685504][ C0] __io_fail_links+0x433/0x5b0 [ 70.690422][ C0] __io_req_find_next+0x368/0x460 [ 70.695588][ C0] io_wq_submit_work+0x33c/0x3d0 [ 70.700691][ C0] io_worker_handle_work+0xa45/0x13f0 [ 70.706217][ C0] io_wqe_worker+0xbf0/0x10e0 [ 70.711043][ C0] kthread+0x3b5/0x4a0 [ 70.715262][ C0] ret_from_fork+0x1f/0x30 [ 70.719874][ C0] [ 70.722199][ C0] -> (&ctx->completion_lock){-...}-{2:2} { [ 70.728087][ C0] IN-HARDIRQ-W at: [ 70.732042][ C0] lock_acquire+0x1f1/0xad0 [ 70.738164][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 70.744980][ C0] io_timeout_fn+0x6c/0x3f0 [ 70.751103][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 70.758078][ C0] hrtimer_interrupt+0x32a/0x930 [ 70.764637][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 70.772260][ C0] asm_call_on_stack+0xf/0x20 [ 70.778560][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 70.785813][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 70.793421][ C0] _raw_spin_unlock_irq+0x4b/0x80 [ 70.800071][ C0] io_issue_sqe+0x2de6/0x60d0 [ 70.806371][ C0] __io_queue_sqe+0x284/0x1190 [ 70.812770][ C0] io_queue_sqe+0x73e/0x1130 [ 70.818989][ C0] io_submit_sqes+0x1794/0x2380 [ 70.825461][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 70.832625][ C0] do_syscall_64+0x2d/0x70 [ 70.838661][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.846165][ C0] INITIAL USE at: [ 70.850030][ C0] lock_acquire+0x1f1/0xad0 [ 70.856064][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 70.862790][ C0] io_issue_sqe+0xcfd/0x60d0 [ 70.868911][ C0] io_wq_submit_work+0x183/0x3d0 [ 70.875377][ C0] io_worker_handle_work+0xa45/0x13f0 [ 70.882280][ C0] io_wqe_worker+0xbf0/0x10e0 [ 70.888588][ C0] kthread+0x3b5/0x4a0 [ 70.894192][ C0] ret_from_fork+0x1f/0x30 [ 70.900159][ C0] } [ 70.902636][ C0] ... key at: [] __key.9+0x0/0x40 [ 70.909706][ C0] ... acquired at: [ 70.913483][ C0] mark_lock+0x54b/0x1710 [ 70.918065][ C0] __lock_acquire+0x13ad/0x5640 [ 70.923067][ C0] lock_acquire+0x1f1/0xad0 [ 70.927714][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 70.933053][ C0] io_timeout_fn+0x6c/0x3f0 [ 70.937699][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 70.943186][ C0] hrtimer_interrupt+0x32a/0x930 [ 70.948270][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 70.954391][ C0] asm_call_on_stack+0xf/0x20 [ 70.959210][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 70.964983][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 70.971102][ C0] _raw_spin_unlock_irq+0x4b/0x80 [ 70.976269][ C0] io_issue_sqe+0x2de6/0x60d0 [ 70.981088][ C0] __io_queue_sqe+0x284/0x1190 [ 70.985993][ C0] io_queue_sqe+0x73e/0x1130 [ 70.990724][ C0] io_submit_sqes+0x1794/0x2380 [ 70.995715][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 71.001404][ C0] do_syscall_64+0x2d/0x70 [ 71.005975][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.012002][ C0] [ 71.014295][ C0] [ 71.014295][ C0] stack backtrace: [ 71.020169][ C0] CPU: 0 PID: 6849 Comm: syz-executor233 Not tainted 5.8.0-syzkaller #0 [ 71.028462][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.038486][ C0] Call Trace: [ 71.041760][ C0] [ 71.044583][ C0] dump_stack+0x18f/0x20d [ 71.048889][ C0] check_usage_forwards.cold+0x1e/0x27 [ 71.054317][ C0] ? check_usage_backwards+0x4d0/0x4d0 [ 71.059758][ C0] ? stack_trace_consume_entry+0x160/0x160 [ 71.065532][ C0] ? save_trace+0x43/0xba0 [ 71.069921][ C0] mark_lock+0x54b/0x1710 [ 71.074219][ C0] ? check_usage_backwards+0x4d0/0x4d0 [ 71.079647][ C0] __lock_acquire+0x13ad/0x5640 [ 71.084479][ C0] ? lock_acquire+0x1f1/0xad0 [ 71.089127][ C0] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 71.095075][ C0] ? debug_object_deactivate+0x264/0x300 [ 71.100676][ C0] lock_acquire+0x1f1/0xad0 [ 71.105149][ C0] ? io_timeout_fn+0x6c/0x3f0 [ 71.109795][ C0] ? lock_release+0x8e0/0x8e0 [ 71.114546][ C0] ? find_held_lock+0x2d/0x110 [ 71.119280][ C0] ? __hrtimer_run_queues+0x5d1/0xfc0 [ 71.124619][ C0] ? lock_downgrade+0x830/0x830 [ 71.129458][ C0] _raw_spin_lock_irqsave+0x8c/0xc0 [ 71.134626][ C0] ? io_timeout_fn+0x6c/0x3f0 [ 71.139271][ C0] io_timeout_fn+0x6c/0x3f0 [ 71.143746][ C0] __hrtimer_run_queues+0x6a9/0xfc0 [ 71.148923][ C0] ? io_submit_flush_completions+0x3c0/0x3c0 [ 71.154874][ C0] ? lockdep_hardirqs_off+0x71/0xc0 [ 71.160043][ C0] ? hrtimer_sleeper_start_expires+0x80/0x80 [ 71.165992][ C0] ? ktime_get_update_offsets_now+0x1c4/0x250 [ 71.172038][ C0] hrtimer_interrupt+0x32a/0x930 [ 71.176950][ C0] __sysvec_apic_timer_interrupt+0x142/0x5e0 [ 71.182898][ C0] asm_call_on_stack+0xf/0x20 [ 71.187555][ C0] [ 71.190467][ C0] sysvec_apic_timer_interrupt+0xb2/0xf0 [ 71.196070][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 71.202020][ C0] RIP: 0010:_raw_spin_unlock_irq+0x4b/0x80 [ 71.207807][ C0] Code: c0 58 34 b6 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 31 48 83 3d 06 70 c3 01 00 74 25 fb 66 0f 1f 44 00 00 01 00 00 00 e8 bb fc 5c f9 65 8b 05 54 3a 0f 78 85 c0 74 02 5d [ 71.227382][ C0] RSP: 0018:ffffc90000f878b0 EFLAGS: 00000286 [ 71.233412][ C0] RAX: 1ffffffff136c68b RBX: 0000000000000000 RCX: 0000000000000006 [ 71.241363][ C0] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff87f2c42f [ 71.249305][ C0] RBP: ffff8880a075a4c0 R08: 0000000000000001 R09: ffffffff8c5e7ae7 [ 71.257248][ C0] R10: fffffbfff18bcf5c R11: 0000000000020ad0 R12: 0000000000000000 [ 71.265187][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88808e32a7c0 [ 71.273146][ C0] ? _raw_spin_unlock_irq+0x1f/0x80 [ 71.278319][ C0] io_issue_sqe+0x2de6/0x60d0 [ 71.282977][ C0] ? __lock_acquire+0x16cb/0x5640 [ 71.287974][ C0] ? do_syscall_64+0x2d/0x70 [ 71.292528][ C0] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.298574][ C0] ? io_uring_setup+0x28c0/0x28c0 [ 71.303568][ C0] ? lock_acquire+0x1f1/0xad0 [ 71.308225][ C0] ? __io_queue_sqe+0x284/0x1190 [ 71.313130][ C0] __io_queue_sqe+0x284/0x1190 [ 71.317878][ C0] ? mark_lock+0xbc/0x1710 [ 71.322264][ C0] ? io_issue_sqe+0x60d0/0x60d0 [ 71.327083][ C0] ? mark_held_locks+0x9f/0xe0 [ 71.331815][ C0] io_queue_sqe+0x73e/0x1130 [ 71.336374][ C0] io_submit_sqes+0x1794/0x2380 [ 71.341226][ C0] ? io_queue_sqe+0x1130/0x1130 [ 71.346089][ C0] ? __do_sys_io_uring_enter+0xdb7/0x1ae0 [ 71.351787][ C0] ? mutex_lock_io_nested+0xf60/0xf60 [ 71.357129][ C0] ? __do_sys_io_uring_enter+0x347/0x1ae0 [ 71.362819][ C0] __do_sys_io_uring_enter+0xdc7/0x1ae0 [ 71.368465][ C0] ? io_submit_sqes+0x2380/0x2380 [ 71.373460][ C0] ? fput_many+0x2f/0x1a0 [ 71.377772][ C0] ? lock_is_held_type+0xbb/0xf0 [ 71.382677][ C0] ? syscall_enter_from_user_mode+0x20/0x290 [ 71.388629][ C0] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 71.394579][ C0] ? trace_hardirqs_on+0x5f/0x220 [ 71.399583][ C0] ? lockdep_hardirqs_on+0x76/0xf0 [ 71.404664][ C0] do_syscall_64+0x2d/0x70 [ 71.409052][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.414922][ C0] RIP: 0033:0x440b99 [ 71.418798][ C0] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.438384][ C0] RSP: 002b:00007ffde4180dc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 71.446776][ C0] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440b99 [ 71.454716][ C0] RDX: 0000000000000000 RSI: 000000000000450c RDI: 0000000000000005 [ 71.462659][ C0] RBP: 00000000006cb018 R08: 0000000000000000 R09: 0000000000000000 [ 71.470601][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004023a0 [ 71.478545][ C0] R13: 0000000000