[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 37.634840] audit: type=1800 audit(1569014062.386:33): pid=7273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [?25l[?1c7[ ok 8[?25h[?0c. [ 37.662759] audit: type=1800 audit(1569014062.386:34): pid=7273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.702434] audit: type=1400 audit(1569014064.456:35): avc: denied { map } for pid=7448 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. executing program [ 47.146507] audit: type=1400 audit(1569014071.896:36): avc: denied { map } for pid=7461 comm="syz-executor068" path="/root/syz-executor068270242" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.182657] [ 47.184307] ======================================================== [ 47.190771] WARNING: possible irq lock inversion dependency detected [ 47.197243] 4.19.74 #0 Not tainted [ 47.200759] -------------------------------------------------------- [ 47.207229] ksoftirqd/0/9 just changed the state of lock: [ 47.212746] 00000000767c18e0 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.221492] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.228308] (&fiq->waitq){+.+.} [ 47.228317] [ 47.228317] [ 47.228317] and interrupts could create inverse lock ordering between them. [ 47.228317] [ 47.243179] [ 47.243179] other info that might help us debug this: [ 47.249821] Possible interrupt unsafe locking scenario: [ 47.249821] [ 47.256723] CPU0 CPU1 [ 47.261370] ---- ---- [ 47.266018] lock(&fiq->waitq); [ 47.269382] local_irq_disable(); [ 47.275414] lock(&(&ctx->ctx_lock)->rlock); [ 47.282405] lock(&fiq->waitq); [ 47.288270] [ 47.291005] lock(&(&ctx->ctx_lock)->rlock); [ 47.295652] [ 47.295652] *** DEADLOCK *** [ 47.295652] [ 47.301692] 2 locks held by ksoftirqd/0/9: [ 47.305903] #0: 00000000c5b5927d (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.314649] #1: 000000005752d3a7 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.324792] [ 47.324792] the shortest dependencies between 2nd lock and 1st lock: [ 47.332754] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.337154] HARDIRQ-ON-W at: [ 47.340514] lock_acquire+0x16f/0x3f0 [ 47.346127] _raw_spin_lock+0x2f/0x40 [ 47.351733] flush_bg_queue+0x1f3/0x3d0 [ 47.357516] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.365129] fuse_request_send_background+0x12b/0x180 [ 47.372142] cuse_channel_open+0x5ba/0x830 [ 47.378188] misc_open+0x395/0x4c0 [ 47.383552] chrdev_open+0x245/0x6b0 [ 47.389079] do_dentry_open+0x4c3/0x1210 [ 47.394953] vfs_open+0xa0/0xd0 [ 47.400060] path_openat+0x10d7/0x45e0 [ 47.405766] do_filp_open+0x1a1/0x280 [ 47.411395] do_sys_open+0x3fe/0x550 [ 47.416927] __x64_sys_openat+0x9d/0x100 [ 47.422803] do_syscall_64+0xfd/0x620 [ 47.428421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.435417] SOFTIRQ-ON-W at: [ 47.438767] lock_acquire+0x16f/0x3f0 [ 47.444374] _raw_spin_lock+0x2f/0x40 [ 47.449980] flush_bg_queue+0x1f3/0x3d0 [ 47.455761] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.463365] fuse_request_send_background+0x12b/0x180 [ 47.470359] cuse_channel_open+0x5ba/0x830 [ 47.476398] misc_open+0x395/0x4c0 [ 47.481748] chrdev_open+0x245/0x6b0 [ 47.487287] do_dentry_open+0x4c3/0x1210 [ 47.493150] vfs_open+0xa0/0xd0 [ 47.498235] path_openat+0x10d7/0x45e0 [ 47.503940] do_filp_open+0x1a1/0x280 [ 47.509542] do_sys_open+0x3fe/0x550 [ 47.515071] __x64_sys_openat+0x9d/0x100 [ 47.520938] do_syscall_64+0xfd/0x620 [ 47.526548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.533538] INITIAL USE at: [ 47.536803] lock_acquire+0x16f/0x3f0 [ 47.542325] _raw_spin_lock+0x2f/0x40 [ 47.547853] flush_bg_queue+0x1f3/0x3d0 [ 47.553557] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.561081] fuse_request_send_background+0x12b/0x180 [ 47.568003] cuse_channel_open+0x5ba/0x830 [ 47.573989] misc_open+0x395/0x4c0 [ 47.579266] chrdev_open+0x245/0x6b0 [ 47.584716] do_dentry_open+0x4c3/0x1210 [ 47.590507] vfs_open+0xa0/0xd0 [ 47.595512] path_openat+0x10d7/0x45e0 [ 47.601119] do_filp_open+0x1a1/0x280 [ 47.606639] do_sys_open+0x3fe/0x550 [ 47.612114] __x64_sys_openat+0x9d/0x100 [ 47.617901] do_syscall_64+0xfd/0x620 [ 47.623423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.630329] } [ 47.632205] ... key at: [] __key.42213+0x0/0x40 [ 47.639020] ... acquired at: [ 47.642210] _raw_spin_lock+0x2f/0x40 [ 47.646167] io_submit_one+0xef2/0x2eb0 [ 47.650293] __x64_sys_io_submit+0x1aa/0x520 [ 47.654856] do_syscall_64+0xfd/0x620 [ 47.658811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.664147] [ 47.665757] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.671205] IN-SOFTIRQ-W at: [ 47.674483] lock_acquire+0x16f/0x3f0 [ 47.679922] _raw_spin_lock_irq+0x60/0x80 [ 47.685709] free_ioctx_users+0x2d/0x490 [ 47.691403] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.698494] rcu_process_callbacks+0xba0/0x1a30 [ 47.704795] __do_softirq+0x25c/0x921 [ 47.710228] run_ksoftirqd+0x8e/0x110 [ 47.715660] smpboot_thread_fn+0x6a3/0xa30 [ 47.721553] kthread+0x354/0x420 [ 47.726564] ret_from_fork+0x24/0x30 [ 47.731905] INITIAL USE at: [ 47.735085] lock_acquire+0x16f/0x3f0 [ 47.740428] _raw_spin_lock_irq+0x60/0x80 [ 47.746124] io_submit_one+0xead/0x2eb0 [ 47.751641] __x64_sys_io_submit+0x1aa/0x520 [ 47.757596] do_syscall_64+0xfd/0x620 [ 47.762942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.769670] } [ 47.771470] ... key at: [] __key.50213+0x0/0x40 [ 47.778213] ... acquired at: [ 47.781301] mark_lock+0x420/0x1370 [ 47.785082] __lock_acquire+0xc62/0x49c0 [ 47.789296] lock_acquire+0x16f/0x3f0 [ 47.793265] _raw_spin_lock_irq+0x60/0x80 [ 47.797570] free_ioctx_users+0x2d/0x490 [ 47.801787] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.807418] rcu_process_callbacks+0xba0/0x1a30 [ 47.812256] __do_softirq+0x25c/0x921 [ 47.816212] run_ksoftirqd+0x8e/0x110 [ 47.820166] smpboot_thread_fn+0x6a3/0xa30 [ 47.824556] kthread+0x354/0x420 [ 47.828077] ret_from_fork+0x24/0x30 [ 47.831937] [ 47.833541] [ 47.833541] stack backtrace: [ 47.838021] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.74 #0 [ 47.844316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.853939] Call Trace: [ 47.856511] dump_stack+0x172/0x1f0 [ 47.860124] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.865471] check_usage_forwards.cold+0x20/0x29 [ 47.870208] ? check_usage_backwards+0x340/0x340 [ 47.874965] ? save_stack_trace+0x1a/0x20 [ 47.879181] ? save_trace+0xe0/0x290 [ 47.882876] mark_lock+0x420/0x1370 [ 47.886484] ? check_usage_backwards+0x340/0x340 [ 47.891235] __lock_acquire+0xc62/0x49c0 [ 47.895276] ? mark_held_locks+0x100/0x100 [ 47.899506] ? mark_held_locks+0x100/0x100 [ 47.903724] ? __wake_up_common_lock+0xfe/0x190 [ 47.908374] ? mark_held_locks+0x100/0x100 [ 47.912592] ? __wake_up_common_lock+0xfe/0x190 [ 47.917252] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.922342] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.926918] ? trace_hardirqs_on+0x67/0x220 [ 47.931233] ? kasan_check_read+0x11/0x20 [ 47.935363] lock_acquire+0x16f/0x3f0 [ 47.939149] ? free_ioctx_users+0x2d/0x490 [ 47.943383] _raw_spin_lock_irq+0x60/0x80 [ 47.947514] ? free_ioctx_users+0x2d/0x490 [ 47.951728] free_ioctx_users+0x2d/0x490 [ 47.955772] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 47.960947] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.966903] ? percpu_ref_exit+0xd0/0xd0 [ 47.970955] rcu_process_callbacks+0xba0/0x1a30 [ 47.975622] ? __rcu_read_unlock+0x170/0x170 [ 47.980272] ? sched_clock+0x2e/0x50 [ 47.983974] __do_softirq+0x25c/0x921 [ 47.987755] ? pci_mmcfg_check_reserved+0x170/0x170 [ 47.992765] ? takeover_tasklets+0x7b0/0x7b0 [ 47.997157] run_ksoftirqd+0x8e/0x1