Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 36.956570] audit: type=1800 audit(1567345223.273:33): pid=7388 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 36.982222] audit: type=1800 audit(1567345223.273:34): pid=7388 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.542662] audit: type=1400 audit(1567345226.863:35): avc: denied { map } for pid=7561 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program [ 47.144680] audit: type=1400 audit(1567345233.463:36): avc: denied { map } for pid=7574 comm="syz-executor065" path="/root/syz-executor065718624" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.180912] [ 47.182554] ======================================================== [ 47.189019] WARNING: possible irq lock inversion dependency detected [ 47.195487] 4.19.69 #43 Not tainted [ 47.199087] -------------------------------------------------------- [ 47.205602] swapper/1/0 just changed the state of lock: [ 47.210945] 000000009236a543 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.219690] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.226502] (&fiq->waitq){+.+.} [ 47.226510] [ 47.226510] [ 47.226510] and interrupts could create inverse lock ordering between them. [ 47.226510] [ 47.241360] [ 47.241360] other info that might help us debug this: [ 47.248002] Possible interrupt unsafe locking scenario: [ 47.248002] [ 47.254920] CPU0 CPU1 [ 47.259561] ---- ---- [ 47.264202] lock(&fiq->waitq); [ 47.267571] local_irq_disable(); [ 47.273605] lock(&(&ctx->ctx_lock)->rlock); [ 47.280597] lock(&fiq->waitq); [ 47.286483] [ 47.289214] lock(&(&ctx->ctx_lock)->rlock); [ 47.293857] [ 47.293857] *** DEADLOCK *** [ 47.293857] [ 47.299895] 2 locks held by swapper/1/0: [ 47.303932] #0: 00000000770e51bc (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.312678] #1: 00000000acc3ca54 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.322810] [ 47.322810] the shortest dependencies between 2nd lock and 1st lock: [ 47.330759] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.335152] HARDIRQ-ON-W at: [ 47.338500] lock_acquire+0x16f/0x3f0 [ 47.344106] _raw_spin_lock+0x2f/0x40 [ 47.349709] flush_bg_queue+0x1f3/0x3d0 [ 47.355484] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.363081] fuse_request_send_background+0x12b/0x180 [ 47.370073] cuse_channel_open+0x5ba/0x830 [ 47.376109] misc_open+0x395/0x4c0 [ 47.381452] chrdev_open+0x245/0x6b0 [ 47.386972] do_dentry_open+0x4c3/0x1210 [ 47.392833] vfs_open+0xa0/0xd0 [ 47.397930] path_openat+0x10d7/0x45e0 [ 47.403621] do_filp_open+0x1a1/0x280 [ 47.409219] do_sys_open+0x3fe/0x550 [ 47.414734] __x64_sys_openat+0x9d/0x100 [ 47.420607] do_syscall_64+0xfd/0x620 [ 47.426306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.433292] SOFTIRQ-ON-W at: [ 47.436642] lock_acquire+0x16f/0x3f0 [ 47.442247] _raw_spin_lock+0x2f/0x40 [ 47.447849] flush_bg_queue+0x1f3/0x3d0 [ 47.453626] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.461223] fuse_request_send_background+0x12b/0x180 [ 47.468217] cuse_channel_open+0x5ba/0x830 [ 47.474860] misc_open+0x395/0x4c0 [ 47.480202] chrdev_open+0x245/0x6b0 [ 47.485720] do_dentry_open+0x4c3/0x1210 [ 47.491580] vfs_open+0xa0/0xd0 [ 47.496661] path_openat+0x10d7/0x45e0 [ 47.502351] do_filp_open+0x1a1/0x280 [ 47.507969] do_sys_open+0x3fe/0x550 [ 47.513483] __x64_sys_openat+0x9d/0x100 [ 47.519348] do_syscall_64+0xfd/0x620 [ 47.524952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.531939] INITIAL USE at: [ 47.535214] lock_acquire+0x16f/0x3f0 [ 47.540731] _raw_spin_lock+0x2f/0x40 [ 47.546251] flush_bg_queue+0x1f3/0x3d0 [ 47.551942] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.559451] fuse_request_send_background+0x12b/0x180 [ 47.566355] cuse_channel_open+0x5ba/0x830 [ 47.572337] misc_open+0x395/0x4c0 [ 47.577595] chrdev_open+0x245/0x6b0 [ 47.583025] do_dentry_open+0x4c3/0x1210 [ 47.588799] vfs_open+0xa0/0xd0 [ 47.593796] path_openat+0x10d7/0x45e0 [ 47.599414] do_filp_open+0x1a1/0x280 [ 47.604933] do_sys_open+0x3fe/0x550 [ 47.610361] __x64_sys_openat+0x9d/0x100 [ 47.616158] do_syscall_64+0xfd/0x620 [ 47.621676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.628575] } [ 47.630448] ... key at: [] __key.42211+0x0/0x40 [ 47.637260] ... acquired at: [ 47.640447] _raw_spin_lock+0x2f/0x40 [ 47.644402] io_submit_one+0xef2/0x2eb0 [ 47.648527] __x64_sys_io_submit+0x1aa/0x520 [ 47.653090] do_syscall_64+0xfd/0x620 [ 47.657041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.662395] [ 47.664002] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.669443] IN-SOFTIRQ-W at: [ 47.672706] lock_acquire+0x16f/0x3f0 [ 47.678135] _raw_spin_lock_irq+0x60/0x80 [ 47.683930] free_ioctx_users+0x2d/0x490 [ 47.689623] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.696706] rcu_process_callbacks+0xba0/0x1a30 [ 47.703008] __do_softirq+0x25c/0x921 [ 47.708437] irq_exit+0x180/0x1d0 [ 47.713535] smp_apic_timer_interrupt+0x13b/0x550 [ 47.720008] apic_timer_interrupt+0xf/0x20 [ 47.725872] native_safe_halt+0xe/0x10 [ 47.731423] arch_cpu_idle+0xa/0x10 [ 47.736678] default_idle_call+0x36/0x90 [ 47.742367] do_idle+0x377/0x560 [ 47.747359] cpu_startup_entry+0xc8/0xe0 [ 47.753054] start_secondary+0x3e8/0x5b0 [ 47.758743] secondary_startup_64+0xa4/0xb0 [ 47.764690] INITIAL USE at: [ 47.767884] lock_acquire+0x16f/0x3f0 [ 47.773230] _raw_spin_lock_irq+0x60/0x80 [ 47.778922] io_submit_one+0xead/0x2eb0 [ 47.784452] __x64_sys_io_submit+0x1aa/0x520 [ 47.790402] do_syscall_64+0xfd/0x620 [ 47.795748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.802474] } [ 47.804278] ... key at: [] __key.50211+0x0/0x40 [ 47.811013] ... acquired at: [ 47.814101] mark_lock+0x420/0x1370 [ 47.817881] __lock_acquire+0xc62/0x49c0 [ 47.822095] lock_acquire+0x16f/0x3f0 [ 47.826049] _raw_spin_lock_irq+0x60/0x80 [ 47.830350] free_ioctx_users+0x2d/0x490 [ 47.834565] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.840166] rcu_process_callbacks+0xba0/0x1a30 [ 47.844991] __do_softirq+0x25c/0x921 [ 47.848947] irq_exit+0x180/0x1d0 [ 47.852552] smp_apic_timer_interrupt+0x13b/0x550 [ 47.857564] apic_timer_interrupt+0xf/0x20 [ 47.861951] native_safe_halt+0xe/0x10 [ 47.865993] arch_cpu_idle+0xa/0x10 [ 47.869769] default_idle_call+0x36/0x90 [ 47.873983] do_idle+0x377/0x560 [ 47.877503] cpu_startup_entry+0xc8/0xe0 [ 47.881720] start_secondary+0x3e8/0x5b0 [ 47.887163] secondary_startup_64+0xa4/0xb0 [ 47.891631] [ 47.893236] [ 47.893236] stack backtrace: [ 47.897731] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.69 #43 [ 47.903939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.913272] Call Trace: [ 47.915834] [ 47.917973] dump_stack+0x172/0x1f0 [ 47.921593] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.926950] check_usage_forwards.cold+0x20/0x29 [ 47.931688] ? check_usage_backwards+0x340/0x340 [ 47.936426] ? save_stack_trace+0x1a/0x20 [ 47.940554] ? save_trace+0xe0/0x290 [ 47.944306] mark_lock+0x420/0x1370 [ 47.947910] ? check_usage_backwards+0x340/0x340 [ 47.952644] __lock_acquire+0xc62/0x49c0 [ 47.956691] ? mark_held_locks+0x100/0x100 [ 47.960905] ? mark_held_locks+0x100/0x100 [ 47.965119] ? __wake_up_common_lock+0xfe/0x190 [ 47.969786] ? mark_held_locks+0x100/0x100 [ 47.974001] ? __wake_up_common_lock+0xfe/0x190 [ 47.978648] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.983729] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.988294] ? trace_hardirqs_on+0x67/0x220 [ 47.992598] ? kasan_check_read+0x11/0x20 [ 47.996725] lock_acquire+0x16f/0x3f0 [ 48.000507] ? free_ioctx_users+0x2d/0x490 [ 48.004723] _raw_spin_lock_irq+0x60/0x80 [ 48.008849] ? free_ioctx_users+0x2d/0x490 [ 48.013171] free_ioctx_users+0x2d/0x490 [ 48.017213] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.022388] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.027827] ? percpu_ref_exit+0xd0/0xd0 [ 48.031874] rcu_process_callbacks+0xba0/0x1a30 [ 48.036534] ? __rcu_read_unlock+0x170/0x170 [ 48.040929] __do_softirq+0x25c/0x921 [ 48.044725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.050238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.055761] irq_exit+0x180/0x1d0 [ 48.059215] smp_apic_timer_interrupt+0x13b/0x550 [ 48.064060] apic_timer_interrupt+0xf/0x20 [ 48.068271] [ 48.070486] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.075155] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 48.094131] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 48.101822] RAX: 1ffffffff10e48c4 RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 48.109070] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 48.116319] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 48.123590] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 48.130838] R13: ffffffff88724610 R14: 0000000000000001 R15: 0000000000000000 [ 48.138108] ? default_idle+0x4e/0x320 [ 48.141980] arch_cpu_idle+0xa/0x10 [ 48.145585] default_idle_call+0x36/0x