Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 39.696663] audit: type=1800 audit(1566855419.494:33): pid=7401 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 44.733087] kauditd_printk_skb: 1 callbacks suppressed
[ 44.733100] audit: type=1400 audit(1566855424.534:35): avc: denied { map } for pid=7575 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
executing program
[ 60.243434] audit: type=1400 audit(1566855440.044:36): avc: denied { map } for pid=7587 comm="syz-executor884" path="/root/syz-executor884497525" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 60.277791]
[ 60.279501] ========================================================
[ 60.286366] WARNING: possible irq lock inversion dependency detected
[ 60.293331] 4.19.68 #42 Not tainted
[ 60.297096] --------------------------------------------------------
[ 60.303995] swapper/1/0 just changed the state of lock:
[ 60.309779] 000000009a20d5cf (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490
[ 60.319285] but this lock took another, SOFTIRQ-unsafe lock in the past:
[ 60.361910] (&fiq->waitq){+.+.}
[ 60.361924]
[ 60.361924]
[ 60.361924] and interrupts could create inverse lock ordering between them.
[ 60.361924]
[ 60.378519]
[ 60.378519] other info that might help us debug this:
[ 60.385977] Possible interrupt unsafe locking scenario:
[ 60.385977]
[ 60.393646] CPU0 CPU1
[ 60.398890] ---- ----
[ 60.403763] lock(&fiq->waitq);
[ 60.407757] local_irq_disable();
[ 60.414194] lock(&(&ctx->ctx_lock)->rlock);
[ 60.421653] lock(&fiq->waitq);
[ 60.427996] <Interrupt>
[ 60.430948] lock(&(&ctx->ctx_lock)->rlock);
[ 60.435933]
[ 60.435933] *** DEADLOCK ***
[ 60.435933]
[ 60.442519] 2 locks held by swapper/1/0:
[ 60.446701] #0: 000000000c56e93b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30
[ 60.455672] #1: 00000000ac52555c (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540
[ 60.467229]
[ 60.467229] the shortest dependencies between 2nd lock and 1st lock:
[ 60.475536] -> (&fiq->waitq){+.+.} ops: 4 {
[ 60.480545] HARDIRQ-ON-W at:
[ 60.484647] lock_acquire+0x16f/0x3f0
[ 60.490634] _raw_spin_lock+0x2f/0x40
[ 60.496911] flush_bg_queue+0x1f3/0x3d0
[ 60.503160] fuse_request_send_background_locked+0x26d/0x4e0
[ 60.511632] fuse_request_send_background+0x12b/0x180
[ 60.519164] cuse_channel_open+0x5ba/0x830
[ 60.525761] misc_open+0x395/0x4c0
[ 60.533034] chrdev_open+0x245/0x6b0
[ 60.538796] do_dentry_open+0x4c3/0x1210
[ 60.545954] vfs_open+0xa0/0xd0
[ 60.551073] path_openat+0x10d7/0x45e0
[ 60.556882] do_filp_open+0x1a1/0x280
[ 60.562515] do_sys_open+0x3fe/0x550
[ 60.568413] __x64_sys_openat+0x9d/0x100
[ 60.574944] do_syscall_64+0xfd/0x620
[ 60.580922] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.588119] SOFTIRQ-ON-W at:
[ 60.591750] lock_acquire+0x16f/0x3f0
[ 60.597807] _raw_spin_lock+0x2f/0x40
[ 60.603682] flush_bg_queue+0x1f3/0x3d0
[ 60.609918] fuse_request_send_background_locked+0x26d/0x4e0
[ 60.618317] fuse_request_send_background+0x12b/0x180
[ 60.625731] cuse_channel_open+0x5ba/0x830
[ 60.632280] misc_open+0x395/0x4c0
[ 60.638025] chrdev_open+0x245/0x6b0
[ 60.643913] do_dentry_open+0x4c3/0x1210
[ 60.650113] vfs_open+0xa0/0xd0
[ 60.655397] path_openat+0x10d7/0x45e0
[ 60.661730] do_filp_open+0x1a1/0x280
[ 60.667751] do_sys_open+0x3fe/0x550
[ 60.675625] __x64_sys_openat+0x9d/0x100
[ 60.681837] do_syscall_64+0xfd/0x620
[ 60.687917] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.695412] INITIAL USE at:
[ 60.698866] lock_acquire+0x16f/0x3f0
[ 60.704626] _raw_spin_lock+0x2f/0x40
[ 60.710960] flush_bg_queue+0x1f3/0x3d0
[ 60.718296] fuse_request_send_background_locked+0x26d/0x4e0
[ 60.726360] fuse_request_send_background+0x12b/0x180
[ 60.733958] cuse_channel_open+0x5ba/0x830
[ 60.740447] misc_open+0x395/0x4c0
[ 60.746395] chrdev_open+0x245/0x6b0
[ 60.752577] do_dentry_open+0x4c3/0x1210
[ 60.758631] vfs_open+0xa0/0xd0
[ 60.764043] path_openat+0x10d7/0x45e0
[ 60.769662] do_filp_open+0x1a1/0x280
[ 60.775276] do_sys_open+0x3fe/0x550
[ 60.780875] __x64_sys_openat+0x9d/0x100
[ 60.786811] do_syscall_64+0xfd/0x620
[ 60.792651] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.799722] }
[ 60.801753] ... key at: [<ffffffff8a439e40>] __key.42211+0x0/0x40
[ 60.808861] ... acquired at:
[ 60.812065] _raw_spin_lock+0x2f/0x40
[ 60.816218] io_submit_one+0xef2/0x2eb0
[ 60.821158] __x64_sys_io_submit+0x1aa/0x520
[ 60.825878] do_syscall_64+0xfd/0x620
[ 60.830170] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.835525]
[ 60.837224] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 {
[ 60.842961] IN-SOFTIRQ-W at:
[ 60.846337] lock_acquire+0x16f/0x3f0
[ 60.852436] _raw_spin_lock_irq+0x60/0x80
[ 60.858657] free_ioctx_users+0x2d/0x490
[ 60.864962] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 60.872698] rcu_process_callbacks+0xba0/0x1a30
[ 60.879214] __do_softirq+0x25c/0x921
[ 60.884852] irq_exit+0x180/0x1d0
[ 60.890268] smp_apic_timer_interrupt+0x13b/0x550
[ 60.896865] apic_timer_interrupt+0xf/0x20
[ 60.903129] native_safe_halt+0xe/0x10
[ 60.908789] arch_cpu_idle+0xa/0x10
[ 60.914335] default_idle_call+0x36/0x90
[ 60.920814] do_idle+0x377/0x560
[ 60.926071] cpu_startup_entry+0xc8/0xe0
[ 60.932153] start_secondary+0x3e8/0x5b0
[ 60.939230] secondary_startup_64+0xa4/0xb0
[ 60.945485] INITIAL USE at:
[ 60.948927] lock_acquire+0x16f/0x3f0
[ 60.954642] _raw_spin_lock_irq+0x60/0x80
[ 60.960489] io_submit_one+0xead/0x2eb0
[ 60.966210] __x64_sys_io_submit+0x1aa/0x520
[ 60.972903] do_syscall_64+0xfd/0x620
[ 60.978517] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.985267] }
[ 60.987078] ... key at: [<ffffffff8a3a03a0>] __key.50211+0x0/0x40
[ 60.994365] ... acquired at:
[ 60.997612] mark_lock+0x420/0x1370
[ 61.002176] __lock_acquire+0xc62/0x49c0
[ 61.007003] lock_acquire+0x16f/0x3f0
[ 61.011032] _raw_spin_lock_irq+0x60/0x80
[ 61.015863] free_ioctx_users+0x2d/0x490
[ 61.020151] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 61.025970] rcu_process_callbacks+0xba0/0x1a30
[ 61.031121] __do_softirq+0x25c/0x921
[ 61.035397] irq_exit+0x180/0x1d0
[ 61.039439] smp_apic_timer_interrupt+0x13b/0x550
[ 61.044464] apic_timer_interrupt+0xf/0x20
[ 61.049293] native_safe_halt+0xe/0x10
[ 61.053639] arch_cpu_idle+0xa/0x10
[ 61.057453] default_idle_call+0x36/0x90
[ 61.061683] do_idle+0x377/0x560
[ 61.065211] cpu_startup_entry+0xc8/0xe0
[ 61.069713] start_secondary+0x3e8/0x5b0
[ 61.074317] secondary_startup_64+0xa4/0xb0
[ 61.079172]
[ 61.081043]
[ 61.081043] stack backtrace:
[ 61.085931] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.68 #42
[ 61.092477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 61.102061] Call Trace:
[ 61.105019] <IRQ>
[ 61.107182] dump_stack+0x172/0x1f0
[ 61.110818] print_irq_inversion_bug.part.0+0x2c0/0x2cd
[ 61.116420] check_usage_forwards.cold+0x20/0x29
[ 61.121326] ? check_usage_backwards+0x340/0x340
[ 61.126433] ? save_stack_trace+0x1a/0x20
[ 61.131229] ? save_trace+0xe0/0x290
[ 61.135467] mark_lock+0x420/0x1370
[ 61.139305] ? check_usage_backwards+0x340/0x340
[ 61.144270] __lock_acquire+0xc62/0x49c0
[ 61.148439] ? mark_held_locks+0x100/0x100
[ 61.152756] ? mark_held_locks+0x100/0x100
[ 61.157202] ? __wake_up_common_lock+0xfe/0x190
[ 61.162095] ? mark_held_locks+0x100/0x100
[ 61.166583] ? __wake_up_common_lock+0xfe/0x190
[ 61.171470] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 61.176679] ? lockdep_hardirqs_on+0x19b/0x5d0
[ 61.181250] ? trace_hardirqs_on+0x67/0x220
[ 61.185787] ? kasan_check_read+0x11/0x20
[ 61.190142] lock_acquire+0x16f/0x3f0
[ 61.194309] ? free_ioctx_users+0x2d/0x490
[ 61.198807] _raw_spin_lock_irq+0x60/0x80
[ 61.203036] ? free_ioctx_users+0x2d/0x490
[ 61.207963] free_ioctx_users+0x2d/0x490
[ 61.212246] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0
[ 61.217704] percpu_ref_switch_to_atomic_rcu+0x407/0x540
[ 61.223475] ? percpu_ref_exit+0xd0/0xd0
[ 61.227631] rcu_process_callbacks+0xba0/0x1a30
[ 61.232387] ? __rcu_read_unlock+0x170/0x170
[ 61.237434] __do_softirq+0x25c/0x921
[ 61.241783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.247917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.253676] irq_exit+0x180/0x1d0
[ 61.257121] smp_apic_timer_interrupt+0x13b/0x550
[ 61.262053] apic_timer_interrupt+0xf/0x20
[ 61.266399] </IRQ>
[ 61.268793] RIP: 0010:native_safe_halt+0xe/0x10
[ 61.273575] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 <c3> 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29
[ 61.293504] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 61.301248] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000
[ 61.309001] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c
[ 61.316653] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000
[ 61.324482] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[ 61.332187] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000
[ 61.339802] ? default_idle+0x4e/0x320
[ 61.344055] arch_cpu_idle+0xa/0x10
[ 61.347994] default_idle_call+0x36/0x90
[ 61.352200] do_idle+0x377/0x560
[ 61.355676] ? arch_cpu_idle_exit+0x80/0x80
[ 61.360156] ? _raw_spin_unlock_irqrestore+0xa4/0xe0