Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.546545] audit: type=1800 audit(1567360835.714:33): pid=7502 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.699562] kauditd_printk_skb: 1 callbacks suppressed [ 44.699577] audit: type=1400 audit(1567360839.864:35): avc: denied { map } for pid=7676 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.246' (ECDSA) to the list of known hosts. executing program [ 54.686978] audit: type=1400 audit(1567360849.854:36): avc: denied { map } for pid=7688 comm="syz-executor491" path="/root/syz-executor491493073" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.730422] [ 54.732169] ======================================================== [ 54.738739] WARNING: possible irq lock inversion dependency detected [ 54.745321] 4.19.69 #43 Not tainted [ 54.749035] -------------------------------------------------------- [ 54.755809] swapper/0/0 just changed the state of lock: [ 54.761360] 000000000a2d275d (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 54.770223] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 54.777135] (&fiq->waitq){+.+.} [ 54.777145] [ 54.777145] [ 54.777145] and interrupts could create inverse lock ordering between them. [ 54.777145] [ 54.792753] [ 54.792753] other info that might help us debug this: [ 54.799600] Possible interrupt unsafe locking scenario: [ 54.799600] [ 54.806632] CPU0 CPU1 [ 54.811311] ---- ---- [ 54.816095] lock(&fiq->waitq); [ 54.819546] local_irq_disable(); [ 54.825598] lock(&(&ctx->ctx_lock)->rlock); [ 54.833530] lock(&fiq->waitq); [ 54.839662] [ 54.842727] lock(&(&ctx->ctx_lock)->rlock); [ 54.847387] [ 54.847387] *** DEADLOCK *** [ 54.847387] [ 54.853434] 2 locks held by swapper/0/0: [ 54.857679] #0: 0000000066101ac7 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 54.866683] #1: 0000000080a23baa (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 54.876839] [ 54.876839] the shortest dependencies between 2nd lock and 1st lock: [ 54.885074] -> (&fiq->waitq){+.+.} ops: 4 { [ 54.889565] HARDIRQ-ON-W at: [ 54.892927] lock_acquire+0x16f/0x3f0 [ 54.898568] _raw_spin_lock+0x2f/0x40 [ 54.904187] flush_bg_queue+0x1f3/0x3d0 [ 54.909992] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.917847] fuse_request_send_background+0x12b/0x180 [ 54.925040] cuse_channel_open+0x5ba/0x830 [ 54.931179] misc_open+0x395/0x4c0 [ 54.936737] chrdev_open+0x245/0x6b0 [ 54.942396] do_dentry_open+0x4c3/0x1210 [ 54.948400] vfs_open+0xa0/0xd0 [ 54.953676] path_openat+0x10d7/0x45e0 [ 54.959639] do_filp_open+0x1a1/0x280 [ 54.965274] do_sys_open+0x3fe/0x550 [ 54.970820] __x64_sys_openat+0x9d/0x100 [ 54.976704] do_syscall_64+0xfd/0x620 [ 54.982666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.990592] SOFTIRQ-ON-W at: [ 54.994116] lock_acquire+0x16f/0x3f0 [ 54.999834] _raw_spin_lock+0x2f/0x40 [ 55.005451] flush_bg_queue+0x1f3/0x3d0 [ 55.011309] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.019332] fuse_request_send_background+0x12b/0x180 [ 55.026497] cuse_channel_open+0x5ba/0x830 [ 55.032683] misc_open+0x395/0x4c0 [ 55.038165] chrdev_open+0x245/0x6b0 [ 55.043705] do_dentry_open+0x4c3/0x1210 [ 55.049603] vfs_open+0xa0/0xd0 [ 55.054709] path_openat+0x10d7/0x45e0 [ 55.060413] do_filp_open+0x1a1/0x280 [ 55.066290] do_sys_open+0x3fe/0x550 [ 55.071991] __x64_sys_openat+0x9d/0x100 [ 55.078118] do_syscall_64+0xfd/0x620 [ 55.083879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.090880] INITIAL USE at: [ 55.094155] lock_acquire+0x16f/0x3f0 [ 55.099772] _raw_spin_lock+0x2f/0x40 [ 55.106188] flush_bg_queue+0x1f3/0x3d0 [ 55.111898] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.119727] fuse_request_send_background+0x12b/0x180 [ 55.126703] cuse_channel_open+0x5ba/0x830 [ 55.132797] misc_open+0x395/0x4c0 [ 55.138263] chrdev_open+0x245/0x6b0 [ 55.144078] do_dentry_open+0x4c3/0x1210 [ 55.150053] vfs_open+0xa0/0xd0 [ 55.155270] path_openat+0x10d7/0x45e0 [ 55.161158] do_filp_open+0x1a1/0x280 [ 55.167087] do_sys_open+0x3fe/0x550 [ 55.172537] __x64_sys_openat+0x9d/0x100 [ 55.178654] do_syscall_64+0xfd/0x620 [ 55.184215] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.191140] } [ 55.193028] ... key at: [] __key.42211+0x0/0x40 [ 55.200024] ... acquired at: [ 55.203307] _raw_spin_lock+0x2f/0x40 [ 55.207323] io_submit_one+0xef2/0x2eb0 [ 55.211470] __x64_sys_io_submit+0x1aa/0x520 [ 55.216039] do_syscall_64+0xfd/0x620 [ 55.220033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.225761] [ 55.227426] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 55.232874] IN-SOFTIRQ-W at: [ 55.236183] lock_acquire+0x16f/0x3f0 [ 55.241981] _raw_spin_lock_irq+0x60/0x80 [ 55.247859] free_ioctx_users+0x2d/0x490 [ 55.253587] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 55.260877] rcu_process_callbacks+0xba0/0x1a30 [ 55.267190] __do_softirq+0x25c/0x921 [ 55.272716] irq_exit+0x180/0x1d0 [ 55.277821] smp_apic_timer_interrupt+0x13b/0x550 [ 55.284307] apic_timer_interrupt+0xf/0x20 [ 55.290789] native_safe_halt+0xe/0x10 [ 55.296319] arch_cpu_idle+0xa/0x10 [ 55.301586] default_idle_call+0x36/0x90 [ 55.307399] do_idle+0x377/0x560 [ 55.312460] cpu_startup_entry+0xc8/0xe0 [ 55.318179] rest_init+0x219/0x222 [ 55.323452] start_kernel+0x88c/0x8c5 [ 55.328990] x86_64_start_reservations+0x29/0x2b [ 55.335564] x86_64_start_kernel+0x77/0x7b [ 55.341558] secondary_startup_64+0xa4/0xb0 [ 55.347649] INITIAL USE at: [ 55.350838] lock_acquire+0x16f/0x3f0 [ 55.356215] _raw_spin_lock_irq+0x60/0x80 [ 55.362271] io_submit_one+0xead/0x2eb0 [ 55.368008] __x64_sys_io_submit+0x1aa/0x520 [ 55.373991] do_syscall_64+0xfd/0x620 [ 55.379355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.386191] } [ 55.388544] ... key at: [] __key.50211+0x0/0x40 [ 55.395500] ... acquired at: [ 55.398726] mark_lock+0x420/0x1370 [ 55.402604] __lock_acquire+0xc62/0x49c0 [ 55.407069] lock_acquire+0x16f/0x3f0 [ 55.411060] _raw_spin_lock_irq+0x60/0x80 [ 55.415462] free_ioctx_users+0x2d/0x490 [ 55.419688] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 55.425454] rcu_process_callbacks+0xba0/0x1a30 [ 55.431060] __do_softirq+0x25c/0x921 [ 55.435051] irq_exit+0x180/0x1d0 [ 55.438684] smp_apic_timer_interrupt+0x13b/0x550 [ 55.443698] apic_timer_interrupt+0xf/0x20 [ 55.448189] native_safe_halt+0xe/0x10 [ 55.452244] arch_cpu_idle+0xa/0x10 [ 55.456033] default_idle_call+0x36/0x90 [ 55.460273] do_idle+0x377/0x560 [ 55.463887] cpu_startup_entry+0xc8/0xe0 [ 55.468129] rest_init+0x219/0x222 [ 55.471830] start_kernel+0x88c/0x8c5 [ 55.475791] x86_64_start_reservations+0x29/0x2b [ 55.480794] x86_64_start_kernel+0x77/0x7b [ 55.485227] secondary_startup_64+0xa4/0xb0 [ 55.489722] [ 55.491343] [ 55.491343] stack backtrace: [ 55.495923] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 55.503776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.513120] Call Trace: [ 55.515698] [ 55.517848] dump_stack+0x172/0x1f0 [ 55.523074] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 55.528651] check_usage_forwards.cold+0x20/0x29 [ 55.533976] ? check_usage_backwards+0x340/0x340 [ 55.539087] ? save_stack_trace+0x1a/0x20 [ 55.543447] ? save_trace+0xe0/0x290 [ 55.547171] mark_lock+0x420/0x1370 [ 55.550793] ? check_usage_backwards+0x340/0x340 [ 55.555536] __lock_acquire+0xc62/0x49c0 [ 55.559694] ? mark_held_locks+0x100/0x100 [ 55.563923] ? mark_held_locks+0x100/0x100 [ 55.568169] ? __wake_up_common_lock+0xfe/0x190 [ 55.572853] ? mark_held_locks+0x100/0x100 [ 55.577075] ? __wake_up_common_lock+0xfe/0x190 [ 55.581758] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 55.587210] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 55.591871] ? trace_hardirqs_on+0x67/0x220 [ 55.596372] ? kasan_check_read+0x11/0x20 [ 55.600515] lock_acquire+0x16f/0x3f0 [ 55.604437] ? free_ioctx_users+0x2d/0x490 [ 55.608666] _raw_spin_lock_irq+0x60/0x80 [ 55.613246] ? free_ioctx_users+0x2d/0x490 [ 55.617573] free_ioctx_users+0x2d/0x490 [ 55.621631] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 55.626888] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 55.632361] ? percpu_ref_exit+0xd0/0xd0 [ 55.636477] rcu_process_callbacks+0xba0/0x1a30 [ 55.641293] ? __rcu_read_unlock+0x170/0x170 [ 55.645906] __do_softirq+0x25c/0x921 [ 55.649727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.655292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.660822] irq_exit+0x180/0x1d0 [ 55.664298] smp_apic_timer_interrupt+0x13b/0x550 [ 55.669154] apic_timer_interrupt+0xf/0x20 [ 55.673387] [ 55.675710] RIP: 0010:native_safe_halt+0xe/0x10 [ 55.680472] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 55.699382] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 55.707112] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 55.714412] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 55.721734] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 55.729142] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 55.736425] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 55.743712] ? default_idle+0x4e/0x320 [ 55.747811] arch_cpu_idle+0xa/0x10 [ 55.751433] default_idle_call+0x36/0x90 [ 55.755498] do_idle+0x377/0x560 [ 55.758968] ? arch_cpu_idle_exit+0x80/0x80 [ 55.763306] ? check_preemption_disabled+0x48/0x290 [ 55.768430] cpu_startup_entry+0xc8/0xe0 [ 55.772796] ? cpu_in_idle+0x20/0x20 [ 55.776585] rest_init+0x219/0x222 [ 55.780383] start_kernel+0x88c/0x8c5 [ 55.784187] ? mem_encrypt_init+0xb/0xb [ 55.788273] ? __sanitizer_cov_trace_con