Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
[ 53.681592] audit: type=1400 audit(1561819888.356:36): avc: denied { map } for pid=7920 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2019/06/29 14:51:29 parsed 1 programs
[ 54.523651] audit: type=1400 audit(1561819889.196:37): avc: denied { map } for pid=7920 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14971 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2019/06/29 14:51:31 executed programs: 0
[ 56.563355] IPVS: ftp: loaded support on port[0] = 21
[ 56.626289] chnl_net:caif_netlink_parms(): no params data found
[ 56.660112] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.666971] bridge0: port 1(bridge_slave_0) entered disabled state
[ 56.674777] device bridge_slave_0 entered promiscuous mode
[ 56.682182] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.688736] bridge0: port 2(bridge_slave_1) entered disabled state
[ 56.696344] device bridge_slave_1 entered promiscuous mode
[ 56.712288] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 56.721738] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 56.738696] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 56.746505] team0: Port device team_slave_0 added
[ 56.751954] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 56.759446] team0: Port device team_slave_1 added
[ 56.764804] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 56.772050] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 56.855578] device hsr_slave_0 entered promiscuous mode
[ 56.914004] device hsr_slave_1 entered promiscuous mode
[ 56.954137] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 56.961065] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 56.974759] bridge0: port 2(bridge_slave_1) entered blocking state
[ 56.981156] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 56.988088] bridge0: port 1(bridge_slave_0) entered blocking state
[ 56.994465] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.027700] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 57.035958] 8021q: adding VLAN 0 to HW filter on device bond0
[ 57.044814] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 57.053268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 57.073004] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.080344] bridge0: port 2(bridge_slave_1) entered disabled state
[ 57.088921] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 57.098668] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 57.105160] 8021q: adding VLAN 0 to HW filter on device team0
[ 57.114516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 57.122265] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.128672] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.137944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 57.146367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.152713] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 57.168339] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 57.184729] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 57.194625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 57.205178] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 57.212379] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 57.221491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 57.229443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 57.237379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 57.245279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 57.257063] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 57.267896] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 57.279022] audit: type=1400 audit(1561819891.956:38): avc: denied { associate } for pid=7937 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
2019/06/29 14:51:36 executed programs: 5
2019/06/29 14:51:42 executed programs: 11
[ 68.404091]
[ 68.405753] =====================================================
[ 68.411966] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 68.418790] 4.19.56 #28 Not tainted
[ 68.422393] -----------------------------------------------------
[ 68.428609] syz-executor.0/8001 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 68.435873] 00000000b92d84ad (&ctx->fd_wqh){....}, at: io_submit_one+0xef2/0x2eb0
[ 68.443493]
[ 68.443493] and this task is already holding:
[ 68.449609] 00000000fb356317 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0
[ 68.458425] which would create a new lock dependency:
[ 68.463597] (&(&ctx->ctx_lock)->rlock){..-.} -> (&ctx->fd_wqh){....}
[ 68.470181]
[ 68.470181] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 68.478222] (&(&ctx->ctx_lock)->rlock){..-.}
[ 68.478232]
[ 68.478232] ... which became SOFTIRQ-irq-safe at:
[ 68.489167] lock_acquire+0x16f/0x3f0
[ 68.493051] _raw_spin_lock_irq+0x60/0x80
[ 68.497274] free_ioctx_users+0x2d/0x490
[ 68.501484] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 68.507225] rcu_process_callbacks+0xba0/0x1a30
[ 68.512194] __do_softirq+0x25c/0x921
[ 68.516066] irq_exit+0x180/0x1d0
[ 68.519595] smp_apic_timer_interrupt+0x13b/0x550
[ 68.524510] apic_timer_interrupt+0xf/0x20
[ 68.528816] native_safe_halt+0xe/0x10
[ 68.532775] arch_cpu_idle+0xa/0x10
[ 68.536488] default_idle_call+0x36/0x90
[ 68.540634] do_idle+0x377/0x560
[ 68.544196] cpu_startup_entry+0xc8/0xe0
[ 68.548529] rest_init+0xf1/0xf6
[ 68.551971] start_kernel+0x88c/0x8c5
[ 68.555845] x86_64_start_reservations+0x29/0x2b
[ 68.560751] x86_64_start_kernel+0x77/0x7b
[ 68.565068] secondary_startup_64+0xa4/0xb0
[ 68.569458]
[ 68.569458] to a SOFTIRQ-irq-unsafe lock:
[ 68.575161] (&ctx->fault_pending_wqh){+.+.}
[ 68.575171]
[ 68.575171] ... which became SOFTIRQ-irq-unsafe at:
[ 68.586246] ...
[ 68.586267] lock_acquire+0x16f/0x3f0
[ 68.592040] _raw_spin_lock+0x2f/0x40
[ 68.595921] userfaultfd_release+0x4d6/0x720
[ 68.600449] __fput+0x2dd/0x8b0
[ 68.604222] ____fput+0x16/0x20
[ 68.607581] task_work_run+0x145/0x1c0
[ 68.611556] get_signal+0x1baa/0x1fc0
[ 68.615432] do_signal+0x95/0x1960
[ 68.619048] exit_to_usermode_loop+0x244/0x2c0
[ 68.623710] do_syscall_64+0x53d/0x620
[ 68.627898] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 68.633284]
[ 68.633284] other info that might help us debug this:
[ 68.633284]
[ 68.641520] Chain exists of:
[ 68.641520] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh
[ 68.641520]
[ 68.653821] Possible interrupt unsafe locking scenario:
[ 68.653821]
[ 68.660759] CPU0 CPU1
[ 68.665414] ---- ----
[ 68.670136] lock(&ctx->fault_pending_wqh);
[ 68.674549] local_irq_disable();
[ 68.680594] lock(&(&ctx->ctx_lock)->rlock);
[ 68.687858] lock(&ctx->fd_wqh);
[ 68.693915] <Interrupt>
[ 68.696781] lock(&(&ctx->ctx_lock)->rlock);
[ 68.701619]
[ 68.701619] *** DEADLOCK ***
[ 68.701619]
[ 68.707680] 1 lock held by syz-executor.0/8001:
[ 68.712341] #0: 00000000fb356317 (&(&ctx->ctx_lock)->rlock){..-.}, at: io_submit_one+0xead/0x2eb0
[ 68.721524]
[ 68.721524] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 68.730714] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 12 {
[ 68.736302] IN-SOFTIRQ-W at:
[ 68.739648] lock_acquire+0x16f/0x3f0
[ 68.745507] _raw_spin_lock_irq+0x60/0x80
[ 68.751446] free_ioctx_users+0x2d/0x490
[ 68.757408] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 68.764544] rcu_process_callbacks+0xba0/0x1a30
[ 68.770939] __do_softirq+0x25c/0x921
[ 68.776389] irq_exit+0x180/0x1d0
[ 68.781483] smp_apic_timer_interrupt+0x13b/0x550
[ 68.787965] apic_timer_interrupt+0xf/0x20
[ 68.794126] native_safe_halt+0xe/0x10
[ 68.799742] arch_cpu_idle+0xa/0x10
[ 68.805118] default_idle_call+0x36/0x90
[ 68.810890] do_idle+0x377/0x560
[ 68.815904] cpu_startup_entry+0xc8/0xe0
[ 68.821618] rest_init+0xf1/0xf6
[ 68.826696] start_kernel+0x88c/0x8c5
[ 68.832157] x86_64_start_reservations+0x29/0x2b
[ 68.838611] x86_64_start_kernel+0x77/0x7b
[ 68.844491] secondary_startup_64+0xa4/0xb0
[ 68.850487] INITIAL USE at:
[ 68.853798] lock_acquire+0x16f/0x3f0
[ 68.859238] _raw_spin_lock_irq+0x60/0x80
[ 68.864939] free_ioctx_users+0x2d/0x490
[ 68.870555] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 68.877658] rcu_process_callbacks+0xba0/0x1a30
[ 68.883881] __do_softirq+0x25c/0x921
[ 68.889227] irq_exit+0x180/0x1d0
[ 68.894223] smp_apic_timer_interrupt+0x13b/0x550
[ 68.900619] apic_timer_interrupt+0xf/0x20
[ 68.906445] native_safe_halt+0xe/0x10
[ 68.911925] arch_cpu_idle+0xa/0x10
[ 68.917108] default_idle_call+0x36/0x90
[ 68.922830] do_idle+0x377/0x560
[ 68.927756] cpu_startup_entry+0xc8/0xe0
[ 68.933378] rest_init+0xf1/0xf6
[ 68.938334] start_kernel+0x88c/0x8c5
[ 68.943699] x86_64_start_reservations+0x29/0x2b
[ 68.950022] x86_64_start_kernel+0x77/0x7b
[ 68.955930] secondary_startup_64+0xa4/0xb0
[ 68.962206] }
[ 68.963998] ... key at: [<ffffffff8a3813a0>] __key.50193+0x0/0x40
[ 68.970736] ... acquired at:
[ 68.973874] lock_acquire+0x16f/0x3f0
[ 68.977840] _raw_spin_lock+0x2f/0x40
[ 68.981809] io_submit_one+0xef2/0x2eb0
[ 68.986668] __x64_sys_io_submit+0x1aa/0x520
[ 68.991233] do_syscall_64+0xfd/0x620
[ 68.995187] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.000527]
[ 69.002136]
[ 69.002136] the dependencies between the lock to be acquired
[ 69.002140] and SOFTIRQ-irq-unsafe lock:
[ 69.013619] -> (&ctx->fault_pending_wqh){+.+.} ops: 67 {
[ 69.019169] HARDIRQ-ON-W at:
[ 69.022533] lock_acquire+0x16f/0x3f0
[ 69.028290] _raw_spin_lock+0x2f/0x40
[ 69.033906] userfaultfd_release+0x4d6/0x720
[ 69.040269] __fput+0x2dd/0x8b0
[ 69.045363] ____fput+0x16/0x20
[ 69.050468] task_work_run+0x145/0x1c0
[ 69.056171] get_signal+0x1baa/0x1fc0
[ 69.061825] do_signal+0x95/0x1960
[ 69.067192] exit_to_usermode_loop+0x244/0x2c0
[ 69.073641] do_syscall_64+0x53d/0x620
[ 69.079449] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.086488] SOFTIRQ-ON-W at:
[ 69.089889] lock_acquire+0x16f/0x3f0
[ 69.095504] _raw_spin_lock+0x2f/0x40
[ 69.101123] userfaultfd_release+0x4d6/0x720
[ 69.107540] __fput+0x2dd/0x8b0
[ 69.112672] ____fput+0x16/0x20
[ 69.118037] task_work_run+0x145/0x1c0
[ 69.123843] get_signal+0x1baa/0x1fc0
[ 69.129579] do_signal+0x95/0x1960
[ 69.134934] exit_to_usermode_loop+0x244/0x2c0
[ 69.141439] do_syscall_64+0x53d/0x620
[ 69.147155] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.154171] INITIAL USE at:
[ 69.157455] lock_acquire+0x16f/0x3f0
[ 69.162985] _raw_spin_lock+0x2f/0x40
[ 69.168694] userfaultfd_read+0x394/0x18c0
[ 69.174840] __vfs_read+0x114/0x800
[ 69.180193] vfs_read+0x194/0x3d0
[ 69.185552] ksys_read+0x14f/0x2d0
[ 69.190827] __x64_sys_read+0x73/0xb0
[ 69.196355] do_syscall_64+0xfd/0x620
[ 69.201885] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.208809] }
[ 69.210781] ... key at: [<ffffffff8a3811e0>] __key.43727+0x0/0x40
[ 69.217884] ... acquired at:
[ 69.221074] _raw_spin_lock+0x2f/0x40
[ 69.225278] userfaultfd_read+0x394/0x18c0
[ 69.229672] __vfs_read+0x114/0x800
[ 69.233461] vfs_read+0x194/0x3d0
[ 69.237075] ksys_read+0x14f/0x2d0
[ 69.240854] __x64_sys_read+0x73/0xb0
[ 69.244813] do_syscall_64+0xfd/0x620
[ 69.248784] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.254147]
[ 69.255844] -> (&ctx->fd_wqh){....} ops: 69 {
[ 69.260331] INITIAL USE at:
[ 69.263528] lock_acquire+0x16f/0x3f0
[ 69.268886] _raw_spin_lock_irq+0x60/0x80
[ 69.274597] userfaultfd_read+0x262/0x18c0
[ 69.280388] __vfs_read+0x114/0x800
[ 69.285567] vfs_read+0x194/0x3d0
[ 69.290651] ksys_read+0x14f/0x2d0
[ 69.295767] __x64_sys_read+0x73/0xb0
[ 69.301127] do_syscall_64+0xfd/0x620
[ 69.306529] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.313263] }
[ 69.315060] ... key at: [<ffffffff8a381120>] __key.43730+0x0/0x40
[ 69.321881] ... acquired at:
[ 69.324976] lock_acquire+0x16f/0x3f0
[ 69.329005] _raw_spin_lock+0x2f/0x40
[ 69.333117] io_submit_one+0xef2/0x2eb0
[ 69.337320] __x64_sys_io_submit+0x1aa/0x520
[ 69.341906] do_syscall_64+0xfd/0x620
[ 69.345875] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.351220]
[ 69.352837]
[ 69.352837] stack backtrace:
[ 69.357346] CPU: 1 PID: 8001 Comm: syz-executor.0 Not tainted 4.19.56 #28
[ 69.364349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 69.373695] Call Trace:
[ 69.376289] dump_stack+0x172/0x1f0
[ 69.379942] check_usage.cold+0x611/0x946
[ 69.384090] ? check_usage_forwards+0x340/0x340
[ 69.389104] ? unwind_get_return_address+0x61/0xa0
[ 69.394033] ? check_noncircular+0x20/0x20
[ 69.398284] ? check_noncircular+0x20/0x20
[ 69.402532] __lock_acquire+0x1ee4/0x48f0
[ 69.406776] ? __lock_acquire+0x1ee4/0x48f0
[ 69.411105] ? mark_held_locks+0x100/0x100
[ 69.415343] ? __debug_object_init+0x190/0xc30
[ 69.419946] ? mark_held_locks+0x100/0x100
[ 69.424184] ? add_wait_queue+0x112/0x170
[ 69.428334] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 69.433455] ? add_wait_queue+0x112/0x170
[ 69.437609] ? lockdep_hardirqs_on+0x415/0x5d0
[ 69.442198] ? trace_hardirqs_on+0x67/0x220
[ 69.446519] ? kasan_check_read+0x11/0x20
[ 69.450668] lock_acquire+0x16f/0x3f0
[ 69.454474] ? io_submit_one+0xef2/0x2eb0
[ 69.458627] _raw_spin_lock+0x2f/0x40
[ 69.462427] ? io_submit_one+0xef2/0x2eb0
[ 69.466574] io_submit_one+0xef2/0x2eb0
[ 69.470549] ? ioctx_alloc+0x1db0/0x1db0
[ 69.474604] ? __might_fault+0x12b/0x1e0
[ 69.478654] ? aio_setup_rw+0x180/0x180
[ 69.482626] __x64_sys_io_submit+0x1aa/0x520
[ 69.487034] ? __x64_sys_io_submit+0x1aa/0x520
[ 69.491780] ? __ia32_sys_io_destroy+0x420/0x420
[ 69.496599] ? do_syscall_64+0x26/0x620
[ 69.500636] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.506141] ? do_syscall_64+0x26/0x620
[ 69.510112] ? lockdep_hardirqs_on+0x415/0x5d0
[ 69.514693] do_syscall_64+0xfd/0x620
[ 69.518575] ? do_syscall_64+0xfd/0x620
[ 69.522588] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 69.527774] RIP: 0033:0x459519
[ 69.530976] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 69.550274] RSP: 002b:00007fed61b6ac78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 69.558023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459519
[ 69.565295] RDX: 0000000020000600 RSI: 0000000000000001 RDI: 00007fed61b6c000
[ 69.572567] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[ 69.579837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed61b6b6d4
[ 69.587100] R13: 00000000004c0898 R14: 00000000004d3548 R15: 00000000ffffffff
[ 69.686232] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 69.692845] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 70.616041] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 70.622895] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 71.546543] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 71.553054] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 72.466532] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 72.473093] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
2019/06/29 14:51:48 executed programs: 16
[ 73.397209] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 73.404164] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 74.326572] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 74.333307] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'
[ 75.256622] kobject: 'loop0' (0000000000002172): kobject_uevent_env
[ 75.263102] kobject: 'loop0' (0000000000002172): fill_kobj_path: path = '/devices/virtual/block/loop0'