[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining dae[ 41.326686] audit: type=1800 audit(1565864063.112:33): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 mon: restorecond[ 41.350123] audit: type=1800 audit(1565864063.112:34): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 45.275684] audit: type=1400 audit(1565864067.062:35): avc: denied { map } for pid=7627 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.53' (ECDSA) to the list of known hosts. executing program [ 51.720550] audit: type=1400 audit(1565864073.512:36): avc: denied { map } for pid=7639 comm="syz-executor148" path="/root/syz-executor148591045" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.749957] [ 51.751606] ======================================================== [ 51.758077] WARNING: possible irq lock inversion dependency detected [ 51.764550] 4.19.66 #40 Not tainted [ 51.768516] -------------------------------------------------------- [ 51.774990] swapper/0/0 just changed the state of lock: [ 51.780340] 00000000c22ee830 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 51.789093] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 51.795924] (&fiq->waitq){+.+.} [ 51.795932] [ 51.795932] [ 51.795932] and interrupts could create inverse lock ordering between them. [ 51.795932] [ 51.810787] [ 51.810787] other info that might help us debug this: [ 51.817434] Possible interrupt unsafe locking scenario: [ 51.817434] [ 51.824431] CPU0 CPU1 [ 51.829077] ---- ---- [ 51.833722] lock(&fiq->waitq); [ 51.837257] local_irq_disable(); [ 51.843383] lock(&(&ctx->ctx_lock)->rlock); [ 51.850378] lock(&fiq->waitq); [ 51.856246] [ 51.858981] lock(&(&ctx->ctx_lock)->rlock); [ 51.863635] [ 51.863635] *** DEADLOCK *** [ 51.863635] [ 51.869772] 2 locks held by swapper/0/0: [ 51.873819] #0: 000000003f141e1f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 51.882940] #1: 00000000f6c79699 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 51.893086] [ 51.893086] the shortest dependencies between 2nd lock and 1st lock: [ 51.901075] -> (&fiq->waitq){+.+.} ops: 4 { [ 51.905474] HARDIRQ-ON-W at: [ 51.908835] lock_acquire+0x16f/0x3f0 [ 51.914443] _raw_spin_lock+0x2f/0x40 [ 51.920106] flush_bg_queue+0x1f3/0x3d0 [ 51.925889] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.933581] fuse_request_send_background+0x12b/0x180 [ 51.940578] cuse_channel_open+0x5ba/0x830 [ 51.946794] misc_open+0x395/0x4c0 [ 51.952144] chrdev_open+0x245/0x6b0 [ 51.957671] do_dentry_open+0x4c3/0x1210 [ 51.963538] vfs_open+0xa0/0xd0 [ 51.968626] path_openat+0x10d7/0x45e0 [ 51.974325] do_filp_open+0x1a1/0x280 [ 51.979932] do_sys_open+0x3fe/0x550 [ 51.985451] __x64_sys_openat+0x9d/0x100 [ 51.991320] do_syscall_64+0xfd/0x620 [ 51.997265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.004265] SOFTIRQ-ON-W at: [ 52.007632] lock_acquire+0x16f/0x3f0 [ 52.013247] _raw_spin_lock+0x2f/0x40 [ 52.018851] flush_bg_queue+0x1f3/0x3d0 [ 52.024634] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.032235] fuse_request_send_background+0x12b/0x180 [ 52.039228] cuse_channel_open+0x5ba/0x830 [ 52.045269] misc_open+0x395/0x4c0 [ 52.050658] chrdev_open+0x245/0x6b0 [ 52.056185] do_dentry_open+0x4c3/0x1210 [ 52.062057] vfs_open+0xa0/0xd0 [ 52.067142] path_openat+0x10d7/0x45e0 [ 52.072849] do_filp_open+0x1a1/0x280 [ 52.078456] do_sys_open+0x3fe/0x550 [ 52.083978] __x64_sys_openat+0x9d/0x100 [ 52.089937] do_syscall_64+0xfd/0x620 [ 52.095543] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.102557] INITIAL USE at: [ 52.105822] lock_acquire+0x16f/0x3f0 [ 52.111340] _raw_spin_lock+0x2f/0x40 [ 52.117253] flush_bg_queue+0x1f3/0x3d0 [ 52.122948] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.130473] fuse_request_send_background+0x12b/0x180 [ 52.137384] cuse_channel_open+0x5ba/0x830 [ 52.143338] misc_open+0x395/0x4c0 [ 52.148598] chrdev_open+0x245/0x6b0 [ 52.154036] do_dentry_open+0x4c3/0x1210 [ 52.159813] vfs_open+0xa0/0xd0 [ 52.164814] path_openat+0x10d7/0x45e0 [ 52.170422] do_filp_open+0x1a1/0x280 [ 52.175938] do_sys_open+0x3fe/0x550 [ 52.181375] __x64_sys_openat+0x9d/0x100 [ 52.187157] do_syscall_64+0xfd/0x620 [ 52.192758] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.199663] } [ 52.201546] ... key at: [] __key.42212+0x0/0x40 [ 52.208364] ... acquired at: [ 52.211541] _raw_spin_lock+0x2f/0x40 [ 52.215535] io_submit_one+0xef2/0x2eb0 [ 52.219849] __x64_sys_io_submit+0x1aa/0x520 [ 52.224867] do_syscall_64+0xfd/0x620 [ 52.228866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.234209] [ 52.235911] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 52.241353] IN-SOFTIRQ-W at: [ 52.244623] lock_acquire+0x16f/0x3f0 [ 52.250058] _raw_spin_lock_irq+0x60/0x80 [ 52.255894] free_ioctx_users+0x2d/0x490 [ 52.261654] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.268825] rcu_process_callbacks+0xba0/0x1a30 [ 52.275240] __do_softirq+0x25c/0x921 [ 52.280714] irq_exit+0x180/0x1d0 [ 52.285807] smp_apic_timer_interrupt+0x13b/0x550 [ 52.292295] apic_timer_interrupt+0xf/0x20 [ 52.298172] native_safe_halt+0xe/0x10 [ 52.303695] arch_cpu_idle+0xa/0x10 [ 52.309007] default_idle_call+0x36/0x90 [ 52.314709] do_idle+0x377/0x560 [ 52.319712] cpu_startup_entry+0xc8/0xe0 [ 52.325415] rest_init+0x219/0x222 [ 52.330592] start_kernel+0x88c/0x8c5 [ 52.336464] x86_64_start_reservations+0x29/0x2b [ 52.349573] x86_64_start_kernel+0x77/0x7b [ 52.355489] secondary_startup_64+0xa4/0xb0 [ 52.361470] INITIAL USE at: [ 52.364655] lock_acquire+0x16f/0x3f0 [ 52.370003] _raw_spin_lock_irq+0x60/0x80 [ 52.375735] io_submit_one+0xead/0x2eb0 [ 52.381548] __x64_sys_io_submit+0x1aa/0x520 [ 52.387506] do_syscall_64+0xfd/0x620 [ 52.392860] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.399681] } [ 52.401476] ... key at: [] __key.50212+0x0/0x40 [ 52.408231] ... acquired at: [ 52.411325] mark_lock+0x420/0x1370 [ 52.415107] __lock_acquire+0xc62/0x49c0 [ 52.420245] lock_acquire+0x16f/0x3f0 [ 52.424202] _raw_spin_lock_irq+0x60/0x80 [ 52.428509] free_ioctx_users+0x2d/0x490 [ 52.432744] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.438360] rcu_process_callbacks+0xba0/0x1a30 [ 52.443186] __do_softirq+0x25c/0x921 [ 52.447618] irq_exit+0x180/0x1d0 [ 52.451233] smp_apic_timer_interrupt+0x13b/0x550 [ 52.456229] apic_timer_interrupt+0xf/0x20 [ 52.460623] native_safe_halt+0xe/0x10 [ 52.464698] arch_cpu_idle+0xa/0x10 [ 52.468490] default_idle_call+0x36/0x90 [ 52.472715] do_idle+0x377/0x560 [ 52.476235] cpu_startup_entry+0xc8/0xe0 [ 52.480456] rest_init+0x219/0x222 [ 52.484180] start_kernel+0x88c/0x8c5 [ 52.488163] x86_64_start_reservations+0x29/0x2b [ 52.493111] x86_64_start_kernel+0x77/0x7b [ 52.497504] secondary_startup_64+0xa4/0xb0 [ 52.501978] [ 52.503585] [ 52.503585] stack backtrace: [ 52.508067] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.66 #40 [ 52.514303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.523639] Call Trace: [ 52.526204] [ 52.528356] dump_stack+0x172/0x1f0 [ 52.531974] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 52.537321] check_usage_forwards.cold+0x20/0x29 [ 52.542102] ? check_usage_backwards+0x340/0x340 [ 52.546856] ? save_stack_trace+0x1a/0x20 [ 52.551774] ? save_trace+0xe0/0x290 [ 52.555520] mark_lock+0x420/0x1370 [ 52.559133] ? check_usage_backwards+0x340/0x340 [ 52.564300] __lock_acquire+0xc62/0x49c0 [ 52.568342] ? mark_held_locks+0x100/0x100 [ 52.572600] ? mark_held_locks+0x100/0x100 [ 52.576822] ? __wake_up_common_lock+0xfe/0x190 [ 52.581475] ? mark_held_locks+0x100/0x100 [ 52.586501] ? __wake_up_common_lock+0xfe/0x190 [ 52.591154] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 52.596242] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 52.600810] ? trace_hardirqs_on+0x67/0x220 [ 52.605130] ? kasan_check_read+0x11/0x20 [ 52.609259] lock_acquire+0x16f/0x3f0 [ 52.613045] ? free_ioctx_users+0x2d/0x490 [ 52.617264] _raw_spin_lock_irq+0x60/0x80 [ 52.621398] ? free_ioctx_users+0x2d/0x490 [ 52.625621] free_ioctx_users+0x2d/0x490 [ 52.629679] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 52.634863] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.640303] ? percpu_ref_exit+0xd0/0xd0 [ 52.644349] rcu_process_callbacks+0xba0/0x1a30 [ 52.649011] ? __rcu_read_unlock+0x170/0x170 [ 52.653411] __do_softirq+0x25c/0x921 [ 52.657201] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.663127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.668658] irq_exit+0x180/0x1d0 [ 52.672135] smp_apic_timer_interrupt+0x13b/0x550 [ 52.676966] apic_timer_interrupt+0xf/0x20 [ 52.681184] [ 52.683411] RIP: 0010:native_safe_halt+0xe/0x10 [ 52.688067] Code: ff ff 48 89 df e8 12 5a ae fa eb 82 e9 07 00 00 00 0f 00 2d 14 41 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 04 41 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 0e 3e 66 fa e8 89 [ 52.707007] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 52.714738] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 52.722222] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 52.729509] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 52.736774] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 52.744028] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 52.751297] ? default_idle+0x4e/0x320 [ 52.755173] arch_cpu_idle+0xa/0x10 [ 52.758790] default_idle_call+0x36/0x90 [ 52.762838] do_idle+0x377/0x560 [ 52.766188] ? arch_cpu_idle_exit+0x80/0x80 [ 52.771123] ? check_preemption_disabled+0x48