Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c[ 39.266088] audit: type=1800 audit(1567586458.969:33): pid=7365 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 . [ 39.290783] audit: type=1800 audit(1567586458.979:34): pid=7365 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.639300] audit: type=1400 audit(1567586460.349:35): avc: denied { map } for pid=7542 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts. executing program [ 47.175504] audit: type=1400 audit(1567586466.879:36): avc: denied { map } for pid=7554 comm="syz-executor993" path="/root/syz-executor993933448" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.218489] [ 47.220127] ======================================================== [ 47.226634] WARNING: possible irq lock inversion dependency detected [ 47.233126] 4.19.69 #43 Not tainted [ 47.236730] -------------------------------------------------------- [ 47.243204] swapper/0/0 just changed the state of lock: [ 47.248550] 00000000fbc38db0 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.257307] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.264121] (&fiq->waitq){+.+.} [ 47.264128] [ 47.264128] [ 47.264128] and interrupts could create inverse lock ordering between them. [ 47.264128] [ 47.278972] [ 47.278972] other info that might help us debug this: [ 47.285628] Possible interrupt unsafe locking scenario: [ 47.285628] [ 47.292546] CPU0 CPU1 [ 47.297189] ---- ---- [ 47.301830] lock(&fiq->waitq); [ 47.305195] local_irq_disable(); [ 47.311225] lock(&(&ctx->ctx_lock)->rlock); [ 47.318216] lock(&fiq->waitq); [ 47.324077] [ 47.326814] lock(&(&ctx->ctx_lock)->rlock); [ 47.331462] [ 47.331462] *** DEADLOCK *** [ 47.331462] [ 47.337501] 2 locks held by swapper/0/0: [ 47.341535] #0: 00000000eb1dcba1 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.350292] #1: 00000000203af562 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.360420] [ 47.360420] the shortest dependencies between 2nd lock and 1st lock: [ 47.368375] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.372766] HARDIRQ-ON-W at: [ 47.376115] lock_acquire+0x16f/0x3f0 [ 47.381719] _raw_spin_lock+0x2f/0x40 [ 47.387337] flush_bg_queue+0x1f3/0x3d0 [ 47.393130] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.400730] fuse_request_send_background+0x12b/0x180 [ 47.407720] cuse_channel_open+0x5ba/0x830 [ 47.413757] misc_open+0x395/0x4c0 [ 47.419100] chrdev_open+0x245/0x6b0 [ 47.424616] do_dentry_open+0x4c3/0x1210 [ 47.430478] vfs_open+0xa0/0xd0 [ 47.435562] path_openat+0x10d7/0x45e0 [ 47.441251] do_filp_open+0x1a1/0x280 [ 47.446856] do_sys_open+0x3fe/0x550 [ 47.452372] __x64_sys_openat+0x9d/0x100 [ 47.458238] do_syscall_64+0xfd/0x620 [ 47.463864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.470960] SOFTIRQ-ON-W at: [ 47.474348] lock_acquire+0x16f/0x3f0 [ 47.479956] _raw_spin_lock+0x2f/0x40 [ 47.485558] flush_bg_queue+0x1f3/0x3d0 [ 47.491339] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.498940] fuse_request_send_background+0x12b/0x180 [ 47.505949] cuse_channel_open+0x5ba/0x830 [ 47.511993] misc_open+0x395/0x4c0 [ 47.517340] chrdev_open+0x245/0x6b0 [ 47.522859] do_dentry_open+0x4c3/0x1210 [ 47.528723] vfs_open+0xa0/0xd0 [ 47.533820] path_openat+0x10d7/0x45e0 [ 47.539523] do_filp_open+0x1a1/0x280 [ 47.545125] do_sys_open+0x3fe/0x550 [ 47.550638] __x64_sys_openat+0x9d/0x100 [ 47.556504] do_syscall_64+0xfd/0x620 [ 47.562150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.569138] INITIAL USE at: [ 47.572400] lock_acquire+0x16f/0x3f0 [ 47.577916] _raw_spin_lock+0x2f/0x40 [ 47.583443] flush_bg_queue+0x1f3/0x3d0 [ 47.589144] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.596705] fuse_request_send_background+0x12b/0x180 [ 47.603611] cuse_channel_open+0x5ba/0x830 [ 47.609568] misc_open+0x395/0x4c0 [ 47.614844] chrdev_open+0x245/0x6b0 [ 47.620279] do_dentry_open+0x4c3/0x1210 [ 47.626155] vfs_open+0xa0/0xd0 [ 47.631154] path_openat+0x10d7/0x45e0 [ 47.636776] do_filp_open+0x1a1/0x280 [ 47.642318] do_sys_open+0x3fe/0x550 [ 47.647766] __x64_sys_openat+0x9d/0x100 [ 47.653568] do_syscall_64+0xfd/0x620 [ 47.659087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.665993] } [ 47.667867] ... key at: [] __key.42211+0x0/0x40 [ 47.674683] ... acquired at: [ 47.677901] _raw_spin_lock+0x2f/0x40 [ 47.681905] io_submit_one+0xef2/0x2eb0 [ 47.686033] __x64_sys_io_submit+0x1aa/0x520 [ 47.690600] do_syscall_64+0xfd/0x620 [ 47.694558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.699909] [ 47.701517] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.706955] IN-SOFTIRQ-W at: [ 47.710217] lock_acquire+0x16f/0x3f0 [ 47.715646] _raw_spin_lock_irq+0x60/0x80 [ 47.721438] free_ioctx_users+0x2d/0x490 [ 47.727146] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.734228] rcu_process_callbacks+0xba0/0x1a30 [ 47.740539] __do_softirq+0x25c/0x921 [ 47.745969] irq_exit+0x180/0x1d0 [ 47.751064] smp_apic_timer_interrupt+0x13b/0x550 [ 47.757534] apic_timer_interrupt+0xf/0x20 [ 47.763396] native_safe_halt+0xe/0x10 [ 47.768929] arch_cpu_idle+0xa/0x10 [ 47.774184] default_idle_call+0x36/0x90 [ 47.779874] do_idle+0x377/0x560 [ 47.784867] cpu_startup_entry+0xc8/0xe0 [ 47.790559] rest_init+0x219/0x222 [ 47.795732] start_kernel+0x88c/0x8c5 [ 47.801252] x86_64_start_reservations+0x29/0x2b [ 47.807640] x86_64_start_kernel+0x77/0x7b [ 47.813504] secondary_startup_64+0xa4/0xb0 [ 47.819453] INITIAL USE at: [ 47.822650] lock_acquire+0x16f/0x3f0 [ 47.828005] _raw_spin_lock_irq+0x60/0x80 [ 47.833696] io_submit_one+0xead/0x2eb0 [ 47.839224] __x64_sys_io_submit+0x1aa/0x520 [ 47.845174] do_syscall_64+0xfd/0x620 [ 47.850532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.857256] } [ 47.859039] ... key at: [] __key.50211+0x0/0x40 [ 47.865764] ... acquired at: [ 47.868869] mark_lock+0x420/0x1370 [ 47.872648] __lock_acquire+0xc62/0x49c0 [ 47.876874] lock_acquire+0x16f/0x3f0 [ 47.880826] _raw_spin_lock_irq+0x60/0x80 [ 47.885141] free_ioctx_users+0x2d/0x490 [ 47.889357] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.894971] rcu_process_callbacks+0xba0/0x1a30 [ 47.899794] __do_softirq+0x25c/0x921 [ 47.903748] irq_exit+0x180/0x1d0 [ 47.907352] smp_apic_timer_interrupt+0x13b/0x550 [ 47.912360] apic_timer_interrupt+0xf/0x20 [ 47.916745] native_safe_halt+0xe/0x10 [ 47.920788] arch_cpu_idle+0xa/0x10 [ 47.924582] default_idle_call+0x36/0x90 [ 47.928798] do_idle+0x377/0x560 [ 47.932334] cpu_startup_entry+0xc8/0xe0 [ 47.936563] rest_init+0x219/0x222 [ 47.940257] start_kernel+0x88c/0x8c5 [ 47.944226] x86_64_start_reservations+0x29/0x2b [ 47.949153] x86_64_start_kernel+0x77/0x7b [ 47.953540] secondary_startup_64+0xa4/0xb0 [ 47.958007] [ 47.959612] [ 47.959612] stack backtrace: [ 47.964103] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 47.970312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.979643] Call Trace: [ 47.982204] [ 47.984339] dump_stack+0x172/0x1f0 [ 47.987948] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.993306] check_usage_forwards.cold+0x20/0x29 [ 47.998045] ? check_usage_backwards+0x340/0x340 [ 48.002799] ? save_stack_trace+0x1a/0x20 [ 48.006925] ? save_trace+0xe0/0x290 [ 48.010619] mark_lock+0x420/0x1370 [ 48.014237] ? check_usage_backwards+0x340/0x340 [ 48.018973] __lock_acquire+0xc62/0x49c0 [ 48.023012] ? mark_held_locks+0x100/0x100 [ 48.027229] ? mark_held_locks+0x100/0x100 [ 48.031457] ? __wake_up_common_lock+0xfe/0x190 [ 48.036105] ? mark_held_locks+0x100/0x100 [ 48.040318] ? __wake_up_common_lock+0xfe/0x190 [ 48.044966] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.050048] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.054626] ? trace_hardirqs_on+0x67/0x220 [ 48.058928] ? kasan_check_read+0x11/0x20 [ 48.063053] lock_acquire+0x16f/0x3f0 [ 48.066847] ? free_ioctx_users+0x2d/0x490 [ 48.071063] _raw_spin_lock_irq+0x60/0x80 [ 48.075201] ? free_ioctx_users+0x2d/0x490 [ 48.079415] free_ioctx_users+0x2d/0x490 [ 48.083457] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.088627] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.094058] ? percpu_ref_exit+0xd0/0xd0 [ 48.098097] rcu_process_callbacks+0xba0/0x1a30 [ 48.102755] ? __rcu_read_unlock+0x170/0x170 [ 48.107150] __do_softirq+0x25c/0x921 [ 48.110932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.116449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.121968] irq_exit+0x180/0x1d0 [ 48.125402] smp_apic_timer_interrupt+0x13b/0x550 [ 48.130238] apic_timer_interrupt+0xf/0x20 [ 48.134451] [ 48.136669] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.141327] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 48.160209] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 48.167905] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 48.175154] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 48.182405] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 48.189652] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 48.196900] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 48.204162] ? default_idle+0x4e/0x320 [ 48.208033] arch_cpu_idle+0xa/0x10 [ 48.211639] default_idle_call+0x36/0x90 [ 48.215679] do_idle+0x377/0x560 [ 48.219024] ? arch_cpu_idle_exit+0x80/0x80 [ 48.223325] ? check_preemption_disabled+0x48/0x290 [ 48.228335] cpu_st