Starting mcstransd: [....] Starting periodic command[ 39.107186] audit: type=1800 audit(1567402375.705:32): pid=7322 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.708450] audit: type=1800 audit(1567402376.305:33): pid=7322 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.443905] kauditd_printk_skb: 2 callbacks suppressed [ 48.443920] audit: type=1400 audit(1567402385.045:36): avc: denied { map } for pid=7508 comm="syz-executor177" path="/root/syz-executor177948417" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.492798] [ 48.494462] ======================================================== [ 48.500936] WARNING: possible irq lock inversion dependency detected [ 48.507412] 4.19.69 #43 Not tainted [ 48.511017] -------------------------------------------------------- [ 48.517484] swapper/1/0 just changed the state of lock: [ 48.522838] 00000000f8ef5fcd (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.531585] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.538401] (&fiq->waitq){+.+.} [ 48.538410] [ 48.538410] [ 48.538410] and interrupts could create inverse lock ordering between them. [ 48.538410] [ 48.553292] [ 48.553292] other info that might help us debug this: [ 48.559936] Possible interrupt unsafe locking scenario: [ 48.559936] [ 48.566842] CPU0 CPU1 [ 48.571487] ---- ---- [ 48.576127] lock(&fiq->waitq); [ 48.579474] local_irq_disable(); [ 48.585505] lock(&(&ctx->ctx_lock)->rlock); [ 48.592498] lock(&fiq->waitq); [ 48.598362] [ 48.601106] lock(&(&ctx->ctx_lock)->rlock); [ 48.605771] [ 48.605771] *** DEADLOCK *** [ 48.605771] [ 48.611844] 2 locks held by swapper/1/0: [ 48.615885] #0: 000000001576ff3e (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.624632] #1: 0000000018626179 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.634766] [ 48.634766] the shortest dependencies between 2nd lock and 1st lock: [ 48.642716] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.647110] HARDIRQ-ON-W at: [ 48.650479] lock_acquire+0x16f/0x3f0 [ 48.656087] _raw_spin_lock+0x2f/0x40 [ 48.661691] flush_bg_queue+0x1f3/0x3d0 [ 48.667470] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.675069] fuse_request_send_background+0x12b/0x180 [ 48.682064] cuse_channel_open+0x5ba/0x830 [ 48.688108] misc_open+0x395/0x4c0 [ 48.693454] chrdev_open+0x245/0x6b0 [ 48.698988] do_dentry_open+0x4c3/0x1210 [ 48.704873] vfs_open+0xa0/0xd0 [ 48.710019] path_openat+0x10d7/0x45e0 [ 48.715728] do_filp_open+0x1a1/0x280 [ 48.721336] do_sys_open+0x3fe/0x550 [ 48.726856] __x64_sys_openat+0x9d/0x100 [ 48.732722] do_syscall_64+0xfd/0x620 [ 48.738334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.745321] SOFTIRQ-ON-W at: [ 48.748674] lock_acquire+0x16f/0x3f0 [ 48.754282] _raw_spin_lock+0x2f/0x40 [ 48.759905] flush_bg_queue+0x1f3/0x3d0 [ 48.765706] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.773322] fuse_request_send_background+0x12b/0x180 [ 48.780328] cuse_channel_open+0x5ba/0x830 [ 48.786373] misc_open+0x395/0x4c0 [ 48.791715] chrdev_open+0x245/0x6b0 [ 48.797232] do_dentry_open+0x4c3/0x1210 [ 48.803188] vfs_open+0xa0/0xd0 [ 48.808274] path_openat+0x10d7/0x45e0 [ 48.813984] do_filp_open+0x1a1/0x280 [ 48.819595] do_sys_open+0x3fe/0x550 [ 48.825129] __x64_sys_openat+0x9d/0x100 [ 48.831003] do_syscall_64+0xfd/0x620 [ 48.836787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.846309] INITIAL USE at: [ 48.849601] lock_acquire+0x16f/0x3f0 [ 48.855125] _raw_spin_lock+0x2f/0x40 [ 48.860751] flush_bg_queue+0x1f3/0x3d0 [ 48.866450] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.873965] fuse_request_send_background+0x12b/0x180 [ 48.880873] cuse_channel_open+0x5ba/0x830 [ 48.886830] misc_open+0x395/0x4c0 [ 48.892112] chrdev_open+0x245/0x6b0 [ 48.897545] do_dentry_open+0x4c3/0x1210 [ 48.903326] vfs_open+0xa0/0xd0 [ 48.908322] path_openat+0x10d7/0x45e0 [ 48.913926] do_filp_open+0x1a1/0x280 [ 48.919440] do_sys_open+0x3fe/0x550 [ 48.924869] __x64_sys_openat+0x9d/0x100 [ 48.930649] do_syscall_64+0xfd/0x620 [ 48.936166] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.943085] } [ 48.945486] ... key at: [] __key.42211+0x0/0x40 [ 48.952300] ... acquired at: [ 48.955477] _raw_spin_lock+0x2f/0x40 [ 48.959431] io_submit_one+0xef2/0x2eb0 [ 48.963562] __x64_sys_io_submit+0x1aa/0x520 [ 48.968123] do_syscall_64+0xfd/0x620 [ 48.972079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.977415] [ 48.979019] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.984455] IN-SOFTIRQ-W at: [ 48.987720] lock_acquire+0x16f/0x3f0 [ 48.993156] _raw_spin_lock_irq+0x60/0x80 [ 48.998948] free_ioctx_users+0x2d/0x490 [ 49.004642] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.011725] rcu_process_callbacks+0xba0/0x1a30 [ 49.018029] __do_softirq+0x25c/0x921 [ 49.023483] irq_exit+0x180/0x1d0 [ 49.028572] smp_apic_timer_interrupt+0x13b/0x550 [ 49.035046] apic_timer_interrupt+0xf/0x20 [ 49.040930] native_safe_halt+0xe/0x10 [ 49.046455] arch_cpu_idle+0xa/0x10 [ 49.051712] default_idle_call+0x36/0x90 [ 49.057406] do_idle+0x377/0x560 [ 49.062427] cpu_startup_entry+0xc8/0xe0 [ 49.068125] start_secondary+0x3e8/0x5b0 [ 49.073829] secondary_startup_64+0xa4/0xb0 [ 49.079788] INITIAL USE at: [ 49.082966] lock_acquire+0x16f/0x3f0 [ 49.088307] _raw_spin_lock_irq+0x60/0x80 [ 49.094021] io_submit_one+0xead/0x2eb0 [ 49.099542] __x64_sys_io_submit+0x1aa/0x520 [ 49.105517] do_syscall_64+0xfd/0x620 [ 49.110866] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.117591] } [ 49.119378] ... key at: [] __key.50211+0x0/0x40 [ 49.126104] ... acquired at: [ 49.129192] mark_lock+0x420/0x1370 [ 49.132973] __lock_acquire+0xc62/0x49c0 [ 49.137189] lock_acquire+0x16f/0x3f0 [ 49.141146] _raw_spin_lock_irq+0x60/0x80 [ 49.145470] free_ioctx_users+0x2d/0x490 [ 49.149684] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.155288] rcu_process_callbacks+0xba0/0x1a30 [ 49.160119] __do_softirq+0x25c/0x921 [ 49.164076] irq_exit+0x180/0x1d0 [ 49.167683] smp_apic_timer_interrupt+0x13b/0x550 [ 49.172694] apic_timer_interrupt+0xf/0x20 [ 49.177083] native_safe_halt+0xe/0x10 [ 49.181122] arch_cpu_idle+0xa/0x10 [ 49.184906] default_idle_call+0x36/0x90 [ 49.189119] do_idle+0x377/0x560 [ 49.192636] cpu_startup_entry+0xc8/0xe0 [ 49.196849] start_secondary+0x3e8/0x5b0 [ 49.201098] secondary_startup_64+0xa4/0xb0 [ 49.205565] [ 49.207168] [ 49.207168] stack backtrace: [ 49.211645] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.69 #43 [ 49.217852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.227227] Call Trace: [ 49.229790] [ 49.231927] dump_stack+0x172/0x1f0 [ 49.235537] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.240879] check_usage_forwards.cold+0x20/0x29 [ 49.245616] ? check_usage_backwards+0x340/0x340 [ 49.250356] ? save_stack_trace+0x1a/0x20 [ 49.254483] ? save_trace+0xe0/0x290 [ 49.258175] mark_lock+0x420/0x1370 [ 49.261779] ? check_usage_backwards+0x340/0x340 [ 49.266515] __lock_acquire+0xc62/0x49c0 [ 49.270554] ? mark_held_locks+0x100/0x100 [ 49.274770] ? mark_held_locks+0x100/0x100 [ 49.278983] ? __wake_up_common_lock+0xfe/0x190 [ 49.283631] ? mark_held_locks+0x100/0x100 [ 49.287845] ? __wake_up_common_lock+0xfe/0x190 [ 49.292493] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.297592] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 49.302156] ? trace_hardirqs_on+0x67/0x220 [ 49.306460] ? kasan_check_read+0x11/0x20 [ 49.310588] lock_acquire+0x16f/0x3f0 [ 49.314371] ? free_ioctx_users+0x2d/0x490 [ 49.318587] _raw_spin_lock_irq+0x60/0x80 [ 49.322740] ? free_ioctx_users+0x2d/0x490 [ 49.326956] free_ioctx_users+0x2d/0x490 [ 49.331015] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 49.336191] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.341639] ? percpu_ref_exit+0xd0/0xd0 [ 49.345684] rcu_process_callbacks+0xba0/0x1a30 [ 49.350336] ? __rcu_read_unlock+0x170/0x170 [ 49.354731] __do_softirq+0x25c/0x921 [ 49.358517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.364036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.369556] irq_exit+0x180/0x1d0 [ 49.372992] smp_apic_timer_interrupt+0x13b/0x550 [ 49.377821] apic_timer_interrupt+0xf/0x20 [ 49.382031] [ 49.384250] RIP: 0010:native_safe_halt+0xe/0x10 [ 49.388899] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 49.407783] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 49.415491] RAX: 1ffffffff10e48c4 RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 49.422743] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 49.430426] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 49.437677] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 49.444929] R13: ffffffff88724610 R14: 0000000000000001 R15: 0000000000000000 [ 49.452221] ? default_idle+0x4e/0x320 [ 49.456093] arch_cpu_idle+0xa/0x10 [ 49.459702] default_idle_call+0x36/0x90 [ 49.463746] do_idle+0x377/0x560 [ 49.467092] ? arch_cpu_idle_exit+0x80/0x80 [ 49.471392] ? do_idle+0x1ca/0x560 [ 49.474911] cpu_startup_entry+0xc8/0xe0 [ 49.478952] ? cpu_in_idle+0x20/0x20 [ 49.482651] ? setup_APIC_timer+0x1aa/0x200 [ 49.486951] start_secondary+0x3e8/0x5b0 [ 49.490996] ? set_cpu_sibling_map+0x1860/0x1860 [ 49.495734] secondary_startup_