[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.360706][ T26] audit: type=1800 audit(1567322279.408:25): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 54.383875][ T26] audit: type=1800 audit(1567322279.408:26): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 54.404671][ T26] audit: type=1800 audit(1567322279.408:27): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 63.512579][ C0] [ 63.514957][ C0] ======================================================== [ 63.522138][ C0] WARNING: possible irq lock inversion dependency detected [ 63.529302][ C0] 5.3.0-rc6-next-20190830 #75 Not tainted [ 63.534988][ C0] -------------------------------------------------------- [ 63.542154][ C0] ksoftirqd/0/9 just changed the state of lock: [ 63.548358][ C0] ffff888098845b58 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 63.557795][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 63.565313][ C0] (&fiq->waitq){+.+.} [ 63.565319][ C0] [ 63.565319][ C0] [ 63.565319][ C0] and interrupts could create inverse lock ordering between them. [ 63.565319][ C0] [ 63.583632][ C0] [ 63.583632][ C0] other info that might help us debug this: [ 63.591661][ C0] Possible interrupt unsafe locking scenario: [ 63.591661][ C0] [ 63.599968][ C0] CPU0 CPU1 [ 63.605308][ C0] ---- ---- [ 63.610646][ C0] lock(&fiq->waitq); [ 63.614684][ C0] local_irq_disable(); [ 63.621413][ C0] lock(&(&ctx->ctx_lock)->rlock); [ 63.629100][ C0] lock(&fiq->waitq); [ 63.635653][ C0] [ 63.639079][ C0] lock(&(&ctx->ctx_lock)->rlock); [ 63.644420][ C0] [ 63.644420][ C0] *** DEADLOCK *** [ 63.644420][ C0] [ 63.652538][ C0] 2 locks held by ksoftirqd/0/9: [ 63.657465][ C0] #0: ffffffff88fa7e40 (rcu_callback){....}, at: rcu_core+0x60e/0x1560 [ 63.665772][ C0] #1: ffffffff88fa7e80 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x20e/0x570 [ 63.676596][ C0] [ 63.676596][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 63.685931][ C0] -> (&fiq->waitq){+.+.} { [ 63.690402][ C0] HARDIRQ-ON-W at: [ 63.694447][ C0] lock_acquire+0x190/0x410 [ 63.700752][ C0] _raw_spin_lock+0x2f/0x40 [ 63.707053][ C0] flush_bg_queue+0x1f1/0x3b0 [ 63.713532][ C0] fuse_request_queue_background+0x2f8/0x5b0 [ 63.721304][ C0] fuse_request_send_background+0x58/0x110 [ 63.728905][ C0] cuse_channel_open+0x5c3/0x839 [ 63.735638][ C0] misc_open+0x395/0x4c0 [ 63.741681][ C0] chrdev_open+0x245/0x6b0 [ 63.747892][ C0] do_dentry_open+0x4df/0x1250 [ 63.754450][ C0] vfs_open+0xa0/0xd0 [ 63.760225][ C0] path_openat+0x10e9/0x46d0 [ 63.766610][ C0] do_filp_open+0x1a1/0x280 [ 63.772912][ C0] do_sys_open+0x3fe/0x5d0 [ 63.779122][ C0] __x64_sys_openat+0x9d/0x100 [ 63.785685][ C0] do_syscall_64+0xfa/0x760 [ 63.791985][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.799677][ C0] SOFTIRQ-ON-W at: [ 63.803722][ C0] lock_acquire+0x190/0x410 [ 63.810018][ C0] _raw_spin_lock+0x2f/0x40 [ 63.816322][ C0] flush_bg_queue+0x1f1/0x3b0 [ 63.822802][ C0] fuse_request_queue_background+0x2f8/0x5b0 [ 63.830572][ C0] fuse_request_send_background+0x58/0x110 [ 63.838173][ C0] cuse_channel_open+0x5c3/0x839 [ 63.844905][ C0] misc_open+0x395/0x4c0 [ 63.850944][ C0] chrdev_open+0x245/0x6b0 [ 63.857156][ C0] do_dentry_open+0x4df/0x1250 [ 63.863714][ C0] vfs_open+0xa0/0xd0 [ 63.869492][ C0] path_openat+0x10e9/0x46d0 [ 63.875876][ C0] do_filp_open+0x1a1/0x280 [ 63.882174][ C0] do_sys_open+0x3fe/0x5d0 [ 63.888382][ C0] __x64_sys_openat+0x9d/0x100 [ 63.894943][ C0] do_syscall_64+0xfa/0x760 [ 63.901240][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.908923][ C0] INITIAL USE at: [ 63.912881][ C0] lock_acquire+0x190/0x410 [ 63.919089][ C0] _raw_spin_lock+0x2f/0x40 [ 63.925299][ C0] flush_bg_queue+0x1f1/0x3b0 [ 63.931685][ C0] fuse_request_queue_background+0x2f8/0x5b0 [ 63.939372][ C0] fuse_request_send_background+0x58/0x110 [ 63.946886][ C0] cuse_channel_open+0x5c3/0x839 [ 63.953552][ C0] misc_open+0x395/0x4c0 [ 63.959521][ C0] chrdev_open+0x245/0x6b0 [ 63.965645][ C0] do_dentry_open+0x4df/0x1250 [ 63.972119][ C0] vfs_open+0xa0/0xd0 [ 63.977808][ C0] path_openat+0x10e9/0x46d0 [ 63.984119][ C0] do_filp_open+0x1a1/0x280 [ 63.990331][ C0] do_sys_open+0x3fe/0x5d0 [ 63.996455][ C0] __x64_sys_openat+0x9d/0x100 [ 64.003015][ C0] do_syscall_64+0xfa/0x760 [ 64.009229][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.016824][ C0] } [ 64.019409][ C0] ... key at: [] __key.44810+0x0/0x40 [ 64.026927][ C0] ... acquired at: [ 64.030792][ C0] _raw_spin_lock+0x2f/0x40 [ 64.035440][ C0] io_submit_one+0xefa/0x2ef0 [ 64.040261][ C0] __x64_sys_io_submit+0x1bd/0x570 [ 64.045520][ C0] do_syscall_64+0xfa/0x760 [ 64.050170][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.056201][ C0] [ 64.058513][ C0] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 64.064034][ C0] IN-SOFTIRQ-W at: [ 64.067989][ C0] lock_acquire+0x190/0x410 [ 64.074114][ C0] _raw_spin_lock_irq+0x60/0x80 [ 64.080601][ C0] free_ioctx_users+0x2d/0x490 [ 64.086990][ C0] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 64.094764][ C0] rcu_core+0x581/0x1560 [ 64.100625][ C0] rcu_core_si+0x9/0x10 [ 64.106402][ C0] __do_softirq+0x262/0x98c [ 64.112530][ C0] run_ksoftirqd+0x8e/0x110 [ 64.118665][ C0] smpboot_thread_fn+0x6a3/0xa40 [ 64.125222][ C0] kthread+0x361/0x430 [ 64.130914][ C0] ret_from_fork+0x24/0x30 [ 64.136948][ C0] INITIAL USE at: [ 64.140818][ C0] lock_acquire+0x190/0x410 [ 64.146871][ C0] _raw_spin_lock_irq+0x60/0x80 [ 64.153259][ C0] io_submit_one+0xeb5/0x2ef0 [ 64.159470][ C0] __x64_sys_io_submit+0x1bd/0x570 [ 64.166117][ C0] do_syscall_64+0xfa/0x760 [ 64.172159][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.179607][ C0] } [ 64.182093][ C0] ... key at: [] __key.54358+0x0/0x40 [ 64.189527][ C0] ... acquired at: [ 64.193313][ C0] mark_lock+0x517/0x1220 [ 64.197786][ C0] __lock_acquire+0x1e8e/0x4a00 [ 64.202783][ C0] lock_acquire+0x190/0x410 [ 64.207431][ C0] _raw_spin_lock_irq+0x60/0x80 [ 64.212427][ C0] free_ioctx_users+0x2d/0x490 [ 64.217338][ C0] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 64.223634][ C0] rcu_core+0x581/0x1560 [ 64.228021][ C0] rcu_core_si+0x9/0x10 [ 64.232321][ C0] __do_softirq+0x262/0x98c [ 64.236969][ C0] run_ksoftirqd+0x8e/0x110 [ 64.241619][ C0] smpboot_thread_fn+0x6a3/0xa40 [ 64.246701][ C0] kthread+0x361/0x430 [ 64.250914][ C0] ret_from_fork+0x24/0x30 [ 64.255469][ C0] [ 64.257768][ C0] [ 64.257768][ C0] stack backtrace: [ 64.263634][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.3.0-rc6-next-20190830 #75 [ 64.272108][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.282133][ C0] Call Trace: [ 64.285398][ C0] dump_stack+0x172/0x1f0 [ 64.289702][ C0] print_irq_inversion_bug.part.0+0x2e4/0x2f1 [ 64.295739][ C0] check_usage_forwards.cold+0x20/0x29 [ 64.301172][ C0] ? check_usage_backwards+0x330/0x330 [ 64.306605][ C0] ? save_trace+0x3e/0x8c0 [ 64.311002][ C0] mark_lock+0x517/0x1220 [ 64.315304][ C0] ? check_usage_backwards+0x330/0x330 [ 64.320746][ C0] __lock_acquire+0x1e8e/0x4a00 [ 64.325569][ C0] ? __kasan_check_read+0x11/0x20 [ 64.330655][ C0] ? mark_lock+0xc2/0x1220 [ 64.335047][ C0] ? mark_held_locks+0xf0/0xf0 [ 64.339799][ C0] lock_acquire+0x190/0x410 [ 64.344278][ C0] ? free_ioctx_users+0x2d/0x490 [ 64.349205][ C0] _raw_spin_lock_irq+0x60/0x80 [ 64.354056][ C0] ? free_ioctx_users+0x2d/0x490 [ 64.358969][ C0] free_ioctx_users+0x2d/0x490 [ 64.363707][ C0] ? rcu_dynticks_curr_cpu_in_eqs+0x54/0xb0 [ 64.370730][ C0] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 64.376863][ C0] ? percpu_ref_exit+0xd0/0xd0 [ 64.381598][ C0] rcu_core+0x581/0x1560 [ 64.385815][ C0] ? __rcu_read_unlock+0x6b0/0x6b0 [ 64.390898][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.396414][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.402366][ C0] rcu_core_si+0x9/0x10 [ 64.406494][ C0] __do_softirq+0x262/0x98c [ 64.410974][ C0] ? takeover_tasklets+0x820/0x820 [ 64.416055][ C0] run_ksoftirqd+0x8e/0x110 [ 64.420546][ C0] smpboot_thread_fn+0x6a3/0xa40 [ 64.425457][ C0] ? smpboot_register_percpu_thread+0x390/0x390 [ 64.431687][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 64.437899][ C0] ? __kthread_parkme+0x108/0x1c0 [ 64.442896][ C0] ? __kasan_check_read+0x11/0x20 [ 64.447891][ C0] kthread+0x361/0x430 [ 64.451955][ C0] ? smpboot_register_percpu_thread+0x390/0x390 [ 64.458168][ C0] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 64.464397][ C0] ret_fr