[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 40.578897] audit: type=1800 audit(1569038640.849:33): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 40.602825] audit: type=1800 audit(1569038640.849:34): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.342115] audit: type=1400 audit(1569038642.609:35): avc: denied { map } for pid=7660 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. executing program [ 48.957686] audit: type=1400 audit(1569038649.229:36): avc: denied { map } for pid=7672 comm="syz-executor763" path="/root/syz-executor763297463" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.994994] [ 48.996779] ======================================================== [ 49.003254] WARNING: possible irq lock inversion dependency detected [ 49.009751] 4.19.74 #0 Not tainted [ 49.013282] -------------------------------------------------------- [ 49.019867] swapper/0/0 just changed the state of lock: [ 49.025215] 000000008a592b0d (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 49.033985] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 49.040815] (&fiq->waitq){+.+.} [ 49.040824] [ 49.040824] [ 49.040824] and interrupts could create inverse lock ordering between them. [ 49.040824] [ 49.055673] [ 49.055673] other info that might help us debug this: [ 49.062323] Possible interrupt unsafe locking scenario: [ 49.062323] [ 49.069233] CPU0 CPU1 [ 49.073880] ---- ---- [ 49.078528] lock(&fiq->waitq); [ 49.081879] local_irq_disable(); [ 49.087913] lock(&(&ctx->ctx_lock)->rlock); [ 49.094909] lock(&fiq->waitq); [ 49.100870] [ 49.103606] lock(&(&ctx->ctx_lock)->rlock); [ 49.108262] [ 49.108262] *** DEADLOCK *** [ 49.108262] [ 49.114302] 2 locks held by swapper/0/0: [ 49.118339] #0: 00000000841b97c9 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 49.127176] #1: 0000000093659873 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 49.137310] [ 49.137310] the shortest dependencies between 2nd lock and 1st lock: [ 49.145485] -> (&fiq->waitq){+.+.} ops: 4 { [ 49.149887] HARDIRQ-ON-W at: [ 49.153244] lock_acquire+0x16f/0x3f0 [ 49.158853] _raw_spin_lock+0x2f/0x40 [ 49.164459] flush_bg_queue+0x1f3/0x3d0 [ 49.170242] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.177858] fuse_request_send_background+0x12b/0x180 [ 49.184855] cuse_channel_open+0x5ba/0x830 [ 49.190912] misc_open+0x395/0x4c0 [ 49.196269] chrdev_open+0x245/0x6b0 [ 49.201785] do_dentry_open+0x4c3/0x1210 [ 49.207739] vfs_open+0xa0/0xd0 [ 49.212822] path_openat+0x10d7/0x45e0 [ 49.218515] do_filp_open+0x1a1/0x280 [ 49.224120] do_sys_open+0x3fe/0x550 [ 49.229637] __x64_sys_openat+0x9d/0x100 [ 49.235513] do_syscall_64+0xfd/0x620 [ 49.241120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.248121] SOFTIRQ-ON-W at: [ 49.251471] lock_acquire+0x16f/0x3f0 [ 49.257075] _raw_spin_lock+0x2f/0x40 [ 49.262678] flush_bg_queue+0x1f3/0x3d0 [ 49.268459] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.276059] fuse_request_send_background+0x12b/0x180 [ 49.283051] cuse_channel_open+0x5ba/0x830 [ 49.289090] misc_open+0x395/0x4c0 [ 49.294441] chrdev_open+0x245/0x6b0 [ 49.299968] do_dentry_open+0x4c3/0x1210 [ 49.305833] vfs_open+0xa0/0xd0 [ 49.316714] path_openat+0x10d7/0x45e0 [ 49.322411] do_filp_open+0x1a1/0x280 [ 49.328074] do_sys_open+0x3fe/0x550 [ 49.333606] __x64_sys_openat+0x9d/0x100 [ 49.339487] do_syscall_64+0xfd/0x620 [ 49.345098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.352099] INITIAL USE at: [ 49.355364] lock_acquire+0x16f/0x3f0 [ 49.360880] _raw_spin_lock+0x2f/0x40 [ 49.366412] flush_bg_queue+0x1f3/0x3d0 [ 49.372103] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.379620] fuse_request_send_background+0x12b/0x180 [ 49.386961] cuse_channel_open+0x5ba/0x830 [ 49.392912] misc_open+0x395/0x4c0 [ 49.398170] chrdev_open+0x245/0x6b0 [ 49.403617] do_dentry_open+0x4c3/0x1210 [ 49.409404] vfs_open+0xa0/0xd0 [ 49.414451] path_openat+0x10d7/0x45e0 [ 49.420076] do_filp_open+0x1a1/0x280 [ 49.425689] do_sys_open+0x3fe/0x550 [ 49.431119] __x64_sys_openat+0x9d/0x100 [ 49.436923] do_syscall_64+0xfd/0x620 [ 49.442456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.449368] } [ 49.451243] ... key at: [] __key.42213+0x0/0x40 [ 49.458057] ... acquired at: [ 49.461250] _raw_spin_lock+0x2f/0x40 [ 49.465206] io_submit_one+0xef2/0x2eb0 [ 49.469608] __x64_sys_io_submit+0x1aa/0x520 [ 49.474177] do_syscall_64+0xfd/0x620 [ 49.478204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.483549] [ 49.485168] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 49.490661] IN-SOFTIRQ-W at: [ 49.493978] lock_acquire+0x16f/0x3f0 [ 49.499463] _raw_spin_lock_irq+0x60/0x80 [ 49.505367] free_ioctx_users+0x2d/0x490 [ 49.511226] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.518315] rcu_process_callbacks+0xba0/0x1a30 [ 49.524633] __do_softirq+0x25c/0x921 [ 49.530065] irq_exit+0x180/0x1d0 [ 49.535151] smp_apic_timer_interrupt+0x13b/0x550 [ 49.541625] apic_timer_interrupt+0xf/0x20 [ 49.547580] native_safe_halt+0xe/0x10 [ 49.553099] arch_cpu_idle+0xa/0x10 [ 49.558369] default_idle_call+0x36/0x90 [ 49.564072] do_idle+0x377/0x560 [ 49.569070] cpu_startup_entry+0xc8/0xe0 [ 49.574771] rest_init+0x219/0x222 [ 49.580896] start_kernel+0x88c/0x8c5 [ 49.586330] x86_64_start_reservations+0x29/0x2b [ 49.592713] x86_64_start_kernel+0x77/0x7b [ 49.598582] secondary_startup_64+0xa4/0xb0 [ 49.604545] INITIAL USE at: [ 49.607742] lock_acquire+0x16f/0x3f0 [ 49.613088] _raw_spin_lock_irq+0x60/0x80 [ 49.618816] io_submit_one+0xead/0x2eb0 [ 49.624336] __x64_sys_io_submit+0x1aa/0x520 [ 49.630302] do_syscall_64+0xfd/0x620 [ 49.635651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.642378] } [ 49.644171] ... key at: [] __key.50213+0x0/0x40 [ 49.650901] ... acquired at: [ 49.653988] mark_lock+0x420/0x1370 [ 49.657769] __lock_acquire+0xc62/0x49c0 [ 49.662079] lock_acquire+0x16f/0x3f0 [ 49.666034] _raw_spin_lock_irq+0x60/0x80 [ 49.670344] free_ioctx_users+0x2d/0x490 [ 49.674583] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.680435] rcu_process_callbacks+0xba0/0x1a30 [ 49.685281] __do_softirq+0x25c/0x921 [ 49.689243] irq_exit+0x180/0x1d0 [ 49.692857] smp_apic_timer_interrupt+0x13b/0x550 [ 49.697859] apic_timer_interrupt+0xf/0x20 [ 49.702248] native_safe_halt+0xe/0x10 [ 49.706306] arch_cpu_idle+0xa/0x10 [ 49.710088] default_idle_call+0x36/0x90 [ 49.714303] do_idle+0x377/0x560 [ 49.717824] cpu_startup_entry+0xc8/0xe0 [ 49.722050] rest_init+0x219/0x222 [ 49.725745] start_kernel+0x88c/0x8c5 [ 49.729710] x86_64_start_reservations+0x29/0x2b [ 49.734641] x86_64_start_kernel+0x77/0x7b [ 49.739041] secondary_startup_64+0xa4/0xb0 [ 49.743510] [ 49.745116] [ 49.745116] stack backtrace: [ 49.749598] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.74 #0 [ 49.755722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.765054] Call Trace: [ 49.767618] [ 49.769754] dump_stack+0x172/0x1f0 [ 49.773365] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.778714] check_usage_forwards.cold+0x20/0x29 [ 49.783551] ? check_usage_backwards+0x340/0x340 [ 49.788301] ? save_stack_trace+0x1a/0x20 [ 49.792429] ? save_trace+0xe0/0x290 [ 49.796124] mark_lock+0x420/0x1370 [ 49.799739] ? check_usage_backwards+0x340/0x340 [ 49.804474] __lock_acquire+0xc62/0x49c0 [ 49.808516] ? mark_held_locks+0x100/0x100 [ 49.812737] ? mark_held_locks+0x100/0x100 [ 49.816951] ? __wake_up_common_lock+0xfe/0x190 [ 49.821615] ? mark_held_locks+0x100/0x100 [ 49.825833] ? __wake_up_common_lock+0xfe/0x190 [ 49.830487] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.835583] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 49.840167] ? trace_hardirqs_on+0x67/0x220 [ 49.844483] ? kasan_check_read+0x11/0x20 [ 49.848627] lock_acquire+0x16f/0x3f0 [ 49.852418] ? free_ioctx_users+0x2d/0x490 [ 49.856659] _raw_spin_lock_irq+0x60/0x80 [ 49.860790] ? free_ioctx_users+0x2d/0x490 [ 49.865030] free_ioctx_users+0x2d/0x490 [ 49.869106] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 49.874307] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.879773] ? percpu_ref_exit+0xd0/0xd0 [ 49.883997] rcu_process_callbacks+0xba0/0x1a30 [ 49.888664] ? __rcu_read_unlock+0x170/0x170 [ 49.893078] __do_softirq+0x25c/0x921 [ 49.896863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.902379] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.907906] irq_exit+0x180/0x1d0 [ 49.911349] smp_apic_timer_interrupt+0x13b/0x550 [ 49.916190] apic_timer_interrupt+0xf/0x20 [ 49.920400] [ 49.922618] RIP: 0010:native_safe_halt+0xe/0x10 [ 49.927270] Code: ff ff 48 89 df e8 72 db ad fa eb 82 e9 07 00 00 00 0f 00 2d 94 c0 53 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 84 c0 53 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e be 65 fa e8 89 [ 49.946477] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 49.954186] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 49.961443] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 49.968697] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 49.975948] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 49.983200] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 49.990479] ? default_idle+0x4e/0x320 [ 49.994366] arch_cpu_idle+0xa/0x10 [ 49.997994] default_idle_call+0x36/0x90 [ 50.002040] do_idle+0x377/0x560 [ 50.005407] ? arch_cpu_idle_exit+0x80/0x80 [ 50.009732] ? check_preemption_disabled+0x48/0x290 [ 50.014737] c