Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.282015] audit: type=1800 audit(1566901692.488:33): pid=7280 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.404666] kauditd_printk_skb: 1 callbacks suppressed [ 42.404680] audit: type=1400 audit(1566901697.618:35): avc: denied { map } for pid=7454 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. executing program [ 55.582964] audit: type=1400 audit(1566901710.788:36): avc: denied { map } for pid=7466 comm="syz-executor957" path="/root/syz-executor957102795" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.613981] [ 55.615617] ======================================================== [ 55.622150] WARNING: possible irq lock inversion dependency detected [ 55.628632] 4.19.68 #42 Not tainted [ 55.632278] -------------------------------------------------------- [ 55.638759] ksoftirqd/1/18 just changed the state of lock: [ 55.644367] 000000002170ee33 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 55.653121] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 55.659939] (&fiq->waitq){+.+.} [ 55.659947] [ 55.659947] [ 55.659947] and interrupts could create inverse lock ordering between them. [ 55.659947] [ 55.674969] [ 55.674969] other info that might help us debug this: [ 55.681612] Possible interrupt unsafe locking scenario: [ 55.681612] [ 55.688528] CPU0 CPU1 [ 55.693245] ---- ---- [ 55.697901] lock(&fiq->waitq); [ 55.701333] local_irq_disable(); [ 55.707373] lock(&(&ctx->ctx_lock)->rlock); [ 55.714367] lock(&fiq->waitq); [ 55.720230] [ 55.723016] lock(&(&ctx->ctx_lock)->rlock); [ 55.727802] [ 55.727802] *** DEADLOCK *** [ 55.727802] [ 55.733845] 2 locks held by ksoftirqd/1/18: [ 55.738148] #0: 000000001dafab6b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 55.746946] #1: 00000000e5ff42a4 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 55.757097] [ 55.757097] the shortest dependencies between 2nd lock and 1st lock: [ 55.765049] -> (&fiq->waitq){+.+.} ops: 4 { [ 55.769442] HARDIRQ-ON-W at: [ 55.772794] lock_acquire+0x16f/0x3f0 [ 55.778399] _raw_spin_lock+0x2f/0x40 [ 55.784004] flush_bg_queue+0x1f3/0x3d0 [ 55.789798] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.797403] fuse_request_send_background+0x12b/0x180 [ 55.804421] cuse_channel_open+0x5ba/0x830 [ 55.810464] misc_open+0x395/0x4c0 [ 55.815916] chrdev_open+0x245/0x6b0 [ 55.821540] do_dentry_open+0x4c3/0x1210 [ 55.827418] vfs_open+0xa0/0xd0 [ 55.832507] path_openat+0x10d7/0x45e0 [ 55.838199] do_filp_open+0x1a1/0x280 [ 55.843856] do_sys_open+0x3fe/0x550 [ 55.849389] __x64_sys_openat+0x9d/0x100 [ 55.855263] do_syscall_64+0xfd/0x620 [ 55.860872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.867860] SOFTIRQ-ON-W at: [ 55.871214] lock_acquire+0x16f/0x3f0 [ 55.876831] _raw_spin_lock+0x2f/0x40 [ 55.882441] flush_bg_queue+0x1f3/0x3d0 [ 55.888274] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.895889] fuse_request_send_background+0x12b/0x180 [ 55.902884] cuse_channel_open+0x5ba/0x830 [ 55.908926] misc_open+0x395/0x4c0 [ 55.914269] chrdev_open+0x245/0x6b0 [ 55.919785] do_dentry_open+0x4c3/0x1210 [ 55.925932] vfs_open+0xa0/0xd0 [ 55.931078] path_openat+0x10d7/0x45e0 [ 55.936941] do_filp_open+0x1a1/0x280 [ 55.942601] do_sys_open+0x3fe/0x550 [ 55.948167] __x64_sys_openat+0x9d/0x100 [ 55.954041] do_syscall_64+0xfd/0x620 [ 55.959646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.966636] INITIAL USE at: [ 55.969904] lock_acquire+0x16f/0x3f0 [ 55.975424] _raw_spin_lock+0x2f/0x40 [ 55.981192] flush_bg_queue+0x1f3/0x3d0 [ 55.986890] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.994414] fuse_request_send_background+0x12b/0x180 [ 56.001330] cuse_channel_open+0x5ba/0x830 [ 56.007293] misc_open+0x395/0x4c0 [ 56.012553] chrdev_open+0x245/0x6b0 [ 56.017998] do_dentry_open+0x4c3/0x1210 [ 56.023823] vfs_open+0xa0/0xd0 [ 56.028829] path_openat+0x10d7/0x45e0 [ 56.034435] do_filp_open+0x1a1/0x280 [ 56.039963] do_sys_open+0x3fe/0x550 [ 56.045409] __x64_sys_openat+0x9d/0x100 [ 56.051198] do_syscall_64+0xfd/0x620 [ 56.056768] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.063768] } [ 56.065653] ... key at: [] __key.42211+0x0/0x40 [ 56.073478] ... acquired at: [ 56.076657] _raw_spin_lock+0x2f/0x40 [ 56.080760] io_submit_one+0xef2/0x2eb0 [ 56.084898] __x64_sys_io_submit+0x1aa/0x520 [ 56.089527] do_syscall_64+0xfd/0x620 [ 56.093491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.098835] [ 56.100443] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 56.105894] IN-SOFTIRQ-W at: [ 56.109242] lock_acquire+0x16f/0x3f0 [ 56.114684] _raw_spin_lock_irq+0x60/0x80 [ 56.120474] free_ioctx_users+0x2d/0x490 [ 56.126193] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.133285] rcu_process_callbacks+0xba0/0x1a30 [ 56.139614] __do_softirq+0x25c/0x921 [ 56.145054] run_ksoftirqd+0x8e/0x110 [ 56.150490] smpboot_thread_fn+0x6a3/0xa30 [ 56.156474] kthread+0x354/0x420 [ 56.161495] ret_from_fork+0x24/0x30 [ 56.166840] INITIAL USE at: [ 56.170019] lock_acquire+0x16f/0x3f0 [ 56.175476] _raw_spin_lock_irq+0x60/0x80 [ 56.181244] io_submit_one+0xead/0x2eb0 [ 56.186777] __x64_sys_io_submit+0x1aa/0x520 [ 56.192737] do_syscall_64+0xfd/0x620 [ 56.198090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.204865] } [ 56.206662] ... key at: [] __key.50211+0x0/0x40 [ 56.213390] ... acquired at: [ 56.216488] mark_lock+0x420/0x1370 [ 56.220272] __lock_acquire+0xc62/0x49c0 [ 56.224531] lock_acquire+0x16f/0x3f0 [ 56.228492] _raw_spin_lock_irq+0x60/0x80 [ 56.232797] free_ioctx_users+0x2d/0x490 [ 56.237018] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.242637] rcu_process_callbacks+0xba0/0x1a30 [ 56.247466] __do_softirq+0x25c/0x921 [ 56.251421] run_ksoftirqd+0x8e/0x110 [ 56.255379] smpboot_thread_fn+0x6a3/0xa30 [ 56.259769] kthread+0x354/0x420 [ 56.263304] ret_from_fork+0x24/0x30 [ 56.267179] [ 56.268789] [ 56.268789] stack backtrace: [ 56.273279] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.68 #42 [ 56.279751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.289132] Call Trace: [ 56.291724] dump_stack+0x172/0x1f0 [ 56.295338] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.300685] check_usage_forwards.cold+0x20/0x29 [ 56.305435] ? check_usage_backwards+0x340/0x340 [ 56.310187] ? save_stack_trace+0x1a/0x20 [ 56.314329] ? save_trace+0xe0/0x290 [ 56.318027] mark_lock+0x420/0x1370 [ 56.321639] ? check_usage_backwards+0x340/0x340 [ 56.326390] __lock_acquire+0xc62/0x49c0 [ 56.331445] ? mark_held_locks+0x100/0x100 [ 56.335755] ? mark_held_locks+0x100/0x100 [ 56.339970] ? __wake_up_common_lock+0xfe/0x190 [ 56.344622] ? mark_held_locks+0x100/0x100 [ 56.348990] ? __wake_up_common_lock+0xfe/0x190 [ 56.353648] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.358738] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 56.363320] ? trace_hardirqs_on+0x67/0x220 [ 56.367631] ? kasan_check_read+0x11/0x20 [ 56.371763] lock_acquire+0x16f/0x3f0 [ 56.375637] ? free_ioctx_users+0x2d/0x490 [ 56.379872] _raw_spin_lock_irq+0x60/0x80 [ 56.386271] ? free_ioctx_users+0x2d/0x490 [ 56.390493] free_ioctx_users+0x2d/0x490 [ 56.394539] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 56.399713] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.405146] ? percpu_ref_exit+0xd0/0xd0 [ 56.409200] rcu_process_callbacks+0xba0/0x1a30 [ 56.413917] ? __rcu_read_unlock+0x170/0x170 [ 56.418316] ? sched_clock+0x2e/0x50 [ 56.422017] __do_softirq+0x25c/0x921 [ 56.425803] ? pci_mmcfg_check_reserved+0x170/0x170 [ 56.430809] ? takeover_tasklets+0x7b0/0x7b0 [ 56.435197] ru