Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 38.534281] audit: type=1800 audit(1567417222.610:33): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 38.559086] audit: type=1800 audit(1567417222.610:34): pid=7448 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.488336] audit: type=1400 audit(1567417227.560:35): avc: denied { map } for pid=7624 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts. executing program [ 50.166698] audit: type=1400 audit(1567417234.240:36): avc: denied { map } for pid=7636 comm="syz-executor720" path="/root/syz-executor720452397" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.203114] [ 50.204758] ======================================================== [ 50.211222] WARNING: possible irq lock inversion dependency detected [ 50.217859] 4.19.69 #43 Not tainted [ 50.221470] -------------------------------------------------------- [ 50.227942] swapper/0/0 just changed the state of lock: [ 50.233282] 0000000033a4349f (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 50.242030] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 50.248865] (&fiq->waitq){+.+.} [ 50.248877] [ 50.248877] [ 50.248877] and interrupts could create inverse lock ordering between them. [ 50.248877] [ 50.263990] [ 50.263990] other info that might help us debug this: [ 50.270750] Possible interrupt unsafe locking scenario: [ 50.270750] [ 50.277662] CPU0 CPU1 [ 50.282514] ---- ---- [ 50.287161] lock(&fiq->waitq); [ 50.290515] local_irq_disable(); [ 50.296547] lock(&(&ctx->ctx_lock)->rlock); [ 50.303714] lock(&fiq->waitq); [ 50.309792] [ 50.312529] lock(&(&ctx->ctx_lock)->rlock); [ 50.317285] [ 50.317285] *** DEADLOCK *** [ 50.317285] [ 50.323331] 2 locks held by swapper/0/0: [ 50.327479] #0: 000000007b3074e9 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 50.336231] #1: 00000000c7394b81 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 50.346469] [ 50.346469] the shortest dependencies between 2nd lock and 1st lock: [ 50.354455] -> (&fiq->waitq){+.+.} ops: 4 { [ 50.358876] HARDIRQ-ON-W at: [ 50.362307] lock_acquire+0x16f/0x3f0 [ 50.367922] _raw_spin_lock+0x2f/0x40 [ 50.373551] flush_bg_queue+0x1f3/0x3d0 [ 50.379354] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.386965] fuse_request_send_background+0x12b/0x180 [ 50.393977] cuse_channel_open+0x5ba/0x830 [ 50.400111] misc_open+0x395/0x4c0 [ 50.405461] chrdev_open+0x245/0x6b0 [ 50.410984] do_dentry_open+0x4c3/0x1210 [ 50.416863] vfs_open+0xa0/0xd0 [ 50.421954] path_openat+0x10d7/0x45e0 [ 50.427883] do_filp_open+0x1a1/0x280 [ 50.433610] do_sys_open+0x3fe/0x550 [ 50.439137] __x64_sys_openat+0x9d/0x100 [ 50.445009] do_syscall_64+0xfd/0x620 [ 50.450627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.457623] SOFTIRQ-ON-W at: [ 50.460977] lock_acquire+0x16f/0x3f0 [ 50.466607] _raw_spin_lock+0x2f/0x40 [ 50.472328] flush_bg_queue+0x1f3/0x3d0 [ 50.478229] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.485842] fuse_request_send_background+0x12b/0x180 [ 50.492846] cuse_channel_open+0x5ba/0x830 [ 50.498895] misc_open+0x395/0x4c0 [ 50.504248] chrdev_open+0x245/0x6b0 [ 50.509953] do_dentry_open+0x4c3/0x1210 [ 50.515826] vfs_open+0xa0/0xd0 [ 50.520927] path_openat+0x10d7/0x45e0 [ 50.526646] do_filp_open+0x1a1/0x280 [ 50.539237] do_sys_open+0x3fe/0x550 [ 50.544793] __x64_sys_openat+0x9d/0x100 [ 50.550669] do_syscall_64+0xfd/0x620 [ 50.556372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.563361] INITIAL USE at: [ 50.566626] lock_acquire+0x16f/0x3f0 [ 50.572238] _raw_spin_lock+0x2f/0x40 [ 50.577762] flush_bg_queue+0x1f3/0x3d0 [ 50.583481] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.591020] fuse_request_send_background+0x12b/0x180 [ 50.598371] cuse_channel_open+0x5ba/0x830 [ 50.604522] misc_open+0x395/0x4c0 [ 50.609788] chrdev_open+0x245/0x6b0 [ 50.615314] do_dentry_open+0x4c3/0x1210 [ 50.621101] vfs_open+0xa0/0xd0 [ 50.626128] path_openat+0x10d7/0x45e0 [ 50.631742] do_filp_open+0x1a1/0x280 [ 50.637296] do_sys_open+0x3fe/0x550 [ 50.642738] __x64_sys_openat+0x9d/0x100 [ 50.648617] do_syscall_64+0xfd/0x620 [ 50.654143] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.661067] } [ 50.662949] ... key at: [] __key.42211+0x0/0x40 [ 50.669769] ... acquired at: [ 50.672950] _raw_spin_lock+0x2f/0x40 [ 50.676958] io_submit_one+0xef2/0x2eb0 [ 50.681098] __x64_sys_io_submit+0x1aa/0x520 [ 50.685772] do_syscall_64+0xfd/0x620 [ 50.689734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.695075] [ 50.696684] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 50.702147] IN-SOFTIRQ-W at: [ 50.705424] lock_acquire+0x16f/0x3f0 [ 50.710879] _raw_spin_lock_irq+0x60/0x80 [ 50.716676] free_ioctx_users+0x2d/0x490 [ 50.722373] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.729872] rcu_process_callbacks+0xba0/0x1a30 [ 50.736363] __do_softirq+0x25c/0x921 [ 50.742095] irq_exit+0x180/0x1d0 [ 50.747283] smp_apic_timer_interrupt+0x13b/0x550 [ 50.753766] apic_timer_interrupt+0xf/0x20 [ 50.759816] native_safe_halt+0xe/0x10 [ 50.765359] arch_cpu_idle+0xa/0x10 [ 50.770623] default_idle_call+0x36/0x90 [ 50.776342] do_idle+0x377/0x560 [ 50.781604] cpu_startup_entry+0xc8/0xe0 [ 50.787394] rest_init+0x219/0x222 [ 50.792764] start_kernel+0x88c/0x8c5 [ 50.798467] x86_64_start_reservations+0x29/0x2b [ 50.804951] x86_64_start_kernel+0x77/0x7b [ 50.810843] secondary_startup_64+0xa4/0xb0 [ 50.816798] INITIAL USE at: [ 50.819981] lock_acquire+0x16f/0x3f0 [ 50.825333] _raw_spin_lock_irq+0x60/0x80 [ 50.831029] io_submit_one+0xead/0x2eb0 [ 50.836547] __x64_sys_io_submit+0x1aa/0x520 [ 50.842513] do_syscall_64+0xfd/0x620 [ 50.847867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.854594] } [ 50.856380] ... key at: [] __key.50211+0x0/0x40 [ 50.863107] ... acquired at: [ 50.866301] mark_lock+0x420/0x1370 [ 50.870087] __lock_acquire+0xc62/0x49c0 [ 50.874302] lock_acquire+0x16f/0x3f0 [ 50.878258] _raw_spin_lock_irq+0x60/0x80 [ 50.882573] free_ioctx_users+0x2d/0x490 [ 50.886795] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.892406] rcu_process_callbacks+0xba0/0x1a30 [ 50.897238] __do_softirq+0x25c/0x921 [ 50.901240] irq_exit+0x180/0x1d0 [ 50.904856] smp_apic_timer_interrupt+0x13b/0x550 [ 50.909862] apic_timer_interrupt+0xf/0x20 [ 50.914276] native_safe_halt+0xe/0x10 [ 50.918325] arch_cpu_idle+0xa/0x10 [ 50.922104] default_idle_call+0x36/0x90 [ 50.926333] do_idle+0x377/0x560 [ 50.929904] cpu_startup_entry+0xc8/0xe0 [ 50.934122] rest_init+0x219/0x222 [ 50.937820] start_kernel+0x88c/0x8c5 [ 50.941798] x86_64_start_reservations+0x29/0x2b [ 50.946717] x86_64_start_kernel+0x77/0x7b [ 50.951118] secondary_startup_64+0xa4/0xb0 [ 50.955612] [ 50.957230] [ 50.957230] stack backtrace: [ 50.961710] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 50.968294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.977721] Call Trace: [ 50.980300] [ 50.982451] dump_stack+0x172/0x1f0 [ 50.986475] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 50.991845] check_usage_forwards.cold+0x20/0x29 [ 50.996777] ? check_usage_backwards+0x340/0x340 [ 51.001530] ? save_stack_trace+0x1a/0x20 [ 51.005883] ? save_trace+0xe0/0x290 [ 51.009584] mark_lock+0x420/0x1370 [ 51.013456] ? check_usage_backwards+0x340/0x340 [ 51.018201] __lock_acquire+0xc62/0x49c0 [ 51.022521] ? mark_held_locks+0x100/0x100 [ 51.026760] ? mark_held_locks+0x100/0x100 [ 51.031068] ? __wake_up_common_lock+0xfe/0x190 [ 51.035735] ? mark_held_locks+0x100/0x100 [ 51.039970] ? __wake_up_common_lock+0xfe/0x190 [ 51.044626] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.049714] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 51.054368] ? trace_hardirqs_on+0x67/0x220 [ 51.058676] ? kasan_check_read+0x11/0x20 [ 51.062928] lock_acquire+0x16f/0x3f0 [ 51.066721] ? free_ioctx_users+0x2d/0x490 [ 51.070941] _raw_spin_lock_irq+0x60/0x80 [ 51.075075] ? free_ioctx_users+0x2d/0x490 [ 51.080080] free_ioctx_users+0x2d/0x490 [ 51.084130] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 51.089302] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 51.094841] ? percpu_ref_exit+0xd0/0xd0 [ 51.098886] rcu_process_callbacks+0xba0/0x1a30 [ 51.103538] ? __rcu_read_unlock+0x170/0x170 [ 51.107968] __do_softirq+0x25c/0x921 [ 51.111751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.117299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.122837] irq_exit+0x180/0x1d0 [ 51.126278] smp_apic_timer_interrupt+0x13b/0x550 [ 51.131174] apic_timer_interrupt+0xf/0x20 [ 51.135435] [ 51.137682] RIP: 0010:native_safe_halt+0xe/0x10 [ 51.142537] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 51.161733] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 51.169543] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 51.181286] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 51.189000] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 51.196268] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 51.203522] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 51.210880] ? default_idle+0x4e/0x320 [ 51.214780] arch_cpu_idle+0xa/0x10 [ 51.218433] default_idle_call+0x36/0x90 [ 51.222518] do_idle+0x377/0x560 [ 51.225902] ? arch_cpu_idle_exit+0x80/0x80 [ 51.230308] ? check_preemption_disabled+0x48/0x290 [ 51.235325] cpu_startup_entry+0xc8/0xe0 [ 51.239543] ? cpu_in_idle+0x20/0x20 [ 51.243248] rest_init+0x219/0x222 [ 51.246816] start_kernel+0x88c/0x8c5 [ 51.250606] ? mem_encrypt_init+0xb/0xb [ 51.254588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.260149] ? x86_family+0x41/0x50 [ 51.263765] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.269336] x86_64_start_re