Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 37.436970] audit: type=1800 audit(1567155597.793:33): pid=7312 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.555841] kauditd_printk_skb: 1 callbacks suppressed [ 41.555857] audit: type=1400 audit(1567155601.913:35): avc: denied { map } for pid=7488 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.132' (ECDSA) to the list of known hosts. executing program [ 48.026063] audit: type=1400 audit(1567155608.383:36): avc: denied { map } for pid=7500 comm="syz-executor348" path="/root/syz-executor348220054" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.072464] [ 48.074144] ======================================================== [ 48.080616] WARNING: possible irq lock inversion dependency detected [ 48.087221] 4.19.69 #43 Not tainted [ 48.090828] -------------------------------------------------------- [ 48.097303] swapper/0/0 just changed the state of lock: [ 48.102648] 0000000007d17782 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.111400] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.118224] (&fiq->waitq){+.+.} [ 48.118235] [ 48.118235] [ 48.118235] and interrupts could create inverse lock ordering between them. [ 48.118235] [ 48.133088] [ 48.133088] other info that might help us debug this: [ 48.139744] Possible interrupt unsafe locking scenario: [ 48.139744] [ 48.147106] CPU0 CPU1 [ 48.151764] ---- ---- [ 48.156430] lock(&fiq->waitq); [ 48.159804] local_irq_disable(); [ 48.165844] lock(&(&ctx->ctx_lock)->rlock); [ 48.172844] lock(&fiq->waitq); [ 48.178710] [ 48.181442] lock(&(&ctx->ctx_lock)->rlock); [ 48.186094] [ 48.186094] *** DEADLOCK *** [ 48.186094] [ 48.192141] 2 locks held by swapper/0/0: [ 48.196201] #0: 000000001e405154 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.205238] #1: 0000000049b03f13 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.215381] [ 48.215381] the shortest dependencies between 2nd lock and 1st lock: [ 48.223344] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.227746] HARDIRQ-ON-W at: [ 48.231103] lock_acquire+0x16f/0x3f0 [ 48.236734] _raw_spin_lock+0x2f/0x40 [ 48.242348] flush_bg_queue+0x1f3/0x3d0 [ 48.248134] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.255743] fuse_request_send_background+0x12b/0x180 [ 48.262742] cuse_channel_open+0x5ba/0x830 [ 48.268813] misc_open+0x395/0x4c0 [ 48.274185] chrdev_open+0x245/0x6b0 [ 48.279723] do_dentry_open+0x4c3/0x1210 [ 48.285591] vfs_open+0xa0/0xd0 [ 48.290677] path_openat+0x10d7/0x45e0 [ 48.296383] do_filp_open+0x1a1/0x280 [ 48.301994] do_sys_open+0x3fe/0x550 [ 48.307539] __x64_sys_openat+0x9d/0x100 [ 48.313419] do_syscall_64+0xfd/0x620 [ 48.319030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.326022] SOFTIRQ-ON-W at: [ 48.329378] lock_acquire+0x16f/0x3f0 [ 48.334986] _raw_spin_lock+0x2f/0x40 [ 48.340593] flush_bg_queue+0x1f3/0x3d0 [ 48.346377] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.353991] fuse_request_send_background+0x12b/0x180 [ 48.361005] cuse_channel_open+0x5ba/0x830 [ 48.367059] misc_open+0x395/0x4c0 [ 48.372407] chrdev_open+0x245/0x6b0 [ 48.377940] do_dentry_open+0x4c3/0x1210 [ 48.383811] vfs_open+0xa0/0xd0 [ 48.388895] path_openat+0x10d7/0x45e0 [ 48.394605] do_filp_open+0x1a1/0x280 [ 48.400211] do_sys_open+0x3fe/0x550 [ 48.405752] __x64_sys_openat+0x9d/0x100 [ 48.411631] do_syscall_64+0xfd/0x620 [ 48.417239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.424231] INITIAL USE at: [ 48.427496] lock_acquire+0x16f/0x3f0 [ 48.433114] _raw_spin_lock+0x2f/0x40 [ 48.438636] flush_bg_queue+0x1f3/0x3d0 [ 48.444332] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.451848] fuse_request_send_background+0x12b/0x180 [ 48.458759] cuse_channel_open+0x5ba/0x830 [ 48.464717] misc_open+0x395/0x4c0 [ 48.469993] chrdev_open+0x245/0x6b0 [ 48.475480] do_dentry_open+0x4c3/0x1210 [ 48.481270] vfs_open+0xa0/0xd0 [ 48.486273] path_openat+0x10d7/0x45e0 [ 48.491881] do_filp_open+0x1a1/0x280 [ 48.497496] do_sys_open+0x3fe/0x550 [ 48.502932] __x64_sys_openat+0x9d/0x100 [ 48.508714] do_syscall_64+0xfd/0x620 [ 48.514267] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.521530] } [ 48.523409] ... key at: [] __key.42211+0x0/0x40 [ 48.530226] ... acquired at: [ 48.533594] _raw_spin_lock+0x2f/0x40 [ 48.537558] io_submit_one+0xef2/0x2eb0 [ 48.541690] __x64_sys_io_submit+0x1aa/0x520 [ 48.546263] do_syscall_64+0xfd/0x620 [ 48.550219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.555569] [ 48.557199] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.562639] IN-SOFTIRQ-W at: [ 48.565909] lock_acquire+0x16f/0x3f0 [ 48.571456] _raw_spin_lock_irq+0x60/0x80 [ 48.577246] free_ioctx_users+0x2d/0x490 [ 48.582945] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.590061] rcu_process_callbacks+0xba0/0x1a30 [ 48.596370] __do_softirq+0x25c/0x921 [ 48.601806] irq_exit+0x180/0x1d0 [ 48.606917] smp_apic_timer_interrupt+0x13b/0x550 [ 48.613416] apic_timer_interrupt+0xf/0x20 [ 48.619288] native_safe_halt+0xe/0x10 [ 48.624811] arch_cpu_idle+0xa/0x10 [ 48.630067] default_idle_call+0x36/0x90 [ 48.635785] do_idle+0x377/0x560 [ 48.640786] cpu_startup_entry+0xc8/0xe0 [ 48.646503] rest_init+0x219/0x222 [ 48.651684] start_kernel+0x88c/0x8c5 [ 48.657127] x86_64_start_reservations+0x29/0x2b [ 48.663520] x86_64_start_kernel+0x77/0x7b [ 48.669389] secondary_startup_64+0xa4/0xb0 [ 48.675342] INITIAL USE at: [ 48.678653] lock_acquire+0x16f/0x3f0 [ 48.684136] _raw_spin_lock_irq+0x60/0x80 [ 48.689847] io_submit_one+0xead/0x2eb0 [ 48.695399] __x64_sys_io_submit+0x1aa/0x520 [ 48.701377] do_syscall_64+0xfd/0x620 [ 48.706731] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.713468] } [ 48.715265] ... key at: [] __key.50211+0x0/0x40 [ 48.721995] ... acquired at: [ 48.725088] mark_lock+0x420/0x1370 [ 48.728866] __lock_acquire+0xc62/0x49c0 [ 48.733087] lock_acquire+0x16f/0x3f0 [ 48.737054] _raw_spin_lock_irq+0x60/0x80 [ 48.741361] free_ioctx_users+0x2d/0x490 [ 48.745583] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.751189] rcu_process_callbacks+0xba0/0x1a30 [ 48.756024] __do_softirq+0x25c/0x921 [ 48.759991] irq_exit+0x180/0x1d0 [ 48.763601] smp_apic_timer_interrupt+0x13b/0x550 [ 48.768597] apic_timer_interrupt+0xf/0x20 [ 48.773003] native_safe_halt+0xe/0x10 [ 48.777064] arch_cpu_idle+0xa/0x10 [ 48.780846] default_idle_call+0x36/0x90 [ 48.785073] do_idle+0x377/0x560 [ 48.788593] cpu_startup_entry+0xc8/0xe0 [ 48.792853] rest_init+0x219/0x222 [ 48.796901] start_kernel+0x88c/0x8c5 [ 48.800861] x86_64_start_reservations+0x29/0x2b [ 48.805776] x86_64_start_kernel+0x77/0x7b [ 48.810177] secondary_startup_64+0xa4/0xb0 [ 48.814647] [ 48.816251] [ 48.816251] stack backtrace: [ 48.820748] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 48.826977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.836323] Call Trace: [ 48.838886] [ 48.841027] dump_stack+0x172/0x1f0 [ 48.844647] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.850256] check_usage_forwards.cold+0x20/0x29 [ 48.855005] ? check_usage_backwards+0x340/0x340 [ 48.859761] ? save_stack_trace+0x1a/0x20 [ 48.863916] ? save_trace+0xe0/0x290 [ 48.867612] mark_lock+0x420/0x1370 [ 48.871235] ? check_usage_backwards+0x340/0x340 [ 48.875987] __lock_acquire+0xc62/0x49c0 [ 48.880028] ? mark_held_locks+0x100/0x100 [ 48.884248] ? mark_held_locks+0x100/0x100 [ 48.888466] ? __wake_up_common_lock+0xfe/0x190 [ 48.893120] ? mark_held_locks+0x100/0x100 [ 48.897533] ? __wake_up_common_lock+0xfe/0x190 [ 48.902191] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.910267] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.921612] ? trace_hardirqs_on+0x67/0x220 [ 48.925950] ? kasan_check_read+0x11/0x20 [ 48.930110] lock_acquire+0x16f/0x3f0 [ 48.933921] ? free_ioctx_users+0x2d/0x490 [ 48.938149] _raw_spin_lock_irq+0x60/0x80 [ 48.942276] ? free_ioctx_users+0x2d/0x490 [ 48.946511] free_ioctx_users+0x2d/0x490 [ 48.950554] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.955841] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.961291] ? percpu_ref_exit+0xd0/0xd0 [ 48.965350] rcu_process_callbacks+0xba0/0x1a30 [ 48.970016] ? __rcu_read_unlock+0x170/0x170 [ 48.974511] __do_softirq+0x25c/0x921 [ 48.978316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.983868] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.989422] irq_exit+0x180/0x1d0 [ 48.992938] smp_apic_timer_interrupt+0x13b/0x550 [ 48.997770] apic_timer_interrupt+0xf/0x20 [ 49.001984] [ 49.004212] RIP: 0010:native_safe_halt+0xe/0x10 [ 49.008874] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 49.027778] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 49.035470] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 49.042722] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 49.049995] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 49.057264] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 49.064523] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 49.072440] ? default_idle+0x4e/0x320 [ 49.076318] arch_cpu_idle+0xa/0x10 [ 49.079928] default_idle_call+0x36/0x90 [ 49.083976] do_idle+0x377/0x560 [ 49.087341] ? arch_cpu_idle_exit+0x80/0x80 [ 49.091660] ? check_preemption_disabled+0x48/0x290 [ 49.096666] cpu_startup_entry+0xc8/0xe0 [ 49.100727] ? cpu_in_idle+0x20/0x20 [ 49.104454] rest_init+0x219/0x222 [ 49.107980] start_kernel+0x88c/0x8c5 [ 49.111773] ? mem_encrypt_init+0xb/0xb [ 49.115736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.121257] ? x86_family+0x41/0x50 [ 49.124870] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.