[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 35.334947] kauditd_printk_skb: 9 callbacks suppressed [ 35.334958] audit: type=1800 audit(1566556283.802:33): pid=7214 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 35.364800] audit: type=1800 audit(1566556283.802:34): pid=7214 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.033653] audit: type=1400 audit(1566556287.502:35): avc: denied { map } for pid=7386 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program [ 45.473262] audit: type=1400 audit(1566556293.942:36): avc: denied { map } for pid=7399 comm="syz-executor027" path="/root/syz-executor027332423" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.505398] [ 45.507020] ======================================================== [ 45.513479] WARNING: possible irq lock inversion dependency detected [ 45.519943] 4.19.67 #41 Not tainted [ 45.523540] -------------------------------------------------------- [ 45.530089] swapper/1/0 just changed the state of lock: [ 45.535424] 000000001c96fe5a (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 45.544158] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 45.550965] (&fiq->waitq){+.+.} [ 45.550972] [ 45.550972] [ 45.550972] and interrupts could create inverse lock ordering between them. [ 45.550972] [ 45.565812] [ 45.565812] other info that might help us debug this: [ 45.572446] Possible interrupt unsafe locking scenario: [ 45.572446] [ 45.579342] CPU0 CPU1 [ 45.583981] ---- ---- [ 45.588613] lock(&fiq->waitq); [ 45.591952] local_irq_disable(); [ 45.597976] lock(&(&ctx->ctx_lock)->rlock); [ 45.604962] lock(&fiq->waitq); [ 45.610818] [ 45.613545] lock(&(&ctx->ctx_lock)->rlock); [ 45.618182] [ 45.618182] *** DEADLOCK *** [ 45.618182] [ 45.624213] 2 locks held by swapper/1/0: [ 45.628246] #0: 00000000e495080f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 45.636980] #1: 00000000947c82b7 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 45.647187] [ 45.647187] the shortest dependencies between 2nd lock and 1st lock: [ 45.655136] -> (&fiq->waitq){+.+.} ops: 4 { [ 45.659521] HARDIRQ-ON-W at: [ 45.662861] lock_acquire+0x16f/0x3f0 [ 45.668458] _raw_spin_lock+0x2f/0x40 [ 45.674056] flush_bg_queue+0x1f3/0x3d0 [ 45.679826] fuse_request_send_background_locked+0x26d/0x4e0 [ 45.687416] fuse_request_send_background+0x12b/0x180 [ 45.694397] cuse_channel_open+0x5ba/0x830 [ 45.700439] misc_open+0x395/0x4c0 [ 45.705773] chrdev_open+0x245/0x6b0 [ 45.711281] do_dentry_open+0x4c3/0x1210 [ 45.717244] vfs_open+0xa0/0xd0 [ 45.722319] path_openat+0x10d7/0x45e0 [ 45.728006] do_filp_open+0x1a1/0x280 [ 45.733601] do_sys_open+0x3fe/0x550 [ 45.739108] __x64_sys_openat+0x9d/0x100 [ 45.745236] do_syscall_64+0xfd/0x620 [ 45.750947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.757925] SOFTIRQ-ON-W at: [ 45.761267] lock_acquire+0x16f/0x3f0 [ 45.766862] _raw_spin_lock+0x2f/0x40 [ 45.772461] flush_bg_queue+0x1f3/0x3d0 [ 45.778321] fuse_request_send_background_locked+0x26d/0x4e0 [ 45.785931] fuse_request_send_background+0x12b/0x180 [ 45.792917] cuse_channel_open+0x5ba/0x830 [ 45.798950] misc_open+0x395/0x4c0 [ 45.804285] chrdev_open+0x245/0x6b0 [ 45.809899] do_dentry_open+0x4c3/0x1210 [ 45.815758] vfs_open+0xa0/0xd0 [ 45.820839] path_openat+0x10d7/0x45e0 [ 45.826519] do_filp_open+0x1a1/0x280 [ 45.832112] do_sys_open+0x3fe/0x550 [ 45.837619] __x64_sys_openat+0x9d/0x100 [ 45.843474] do_syscall_64+0xfd/0x620 [ 45.849071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.856053] INITIAL USE at: [ 45.859307] lock_acquire+0x16f/0x3f0 [ 45.864815] _raw_spin_lock+0x2f/0x40 [ 45.870325] flush_bg_queue+0x1f3/0x3d0 [ 45.876008] fuse_request_send_background_locked+0x26d/0x4e0 [ 45.883514] fuse_request_send_background+0x12b/0x180 [ 45.890412] cuse_channel_open+0x5ba/0x830 [ 45.896357] misc_open+0x395/0x4c0 [ 45.901608] chrdev_open+0x245/0x6b0 [ 45.907030] do_dentry_open+0x4c3/0x1210 [ 45.913154] vfs_open+0xa0/0xd0 [ 45.918143] path_openat+0x10d7/0x45e0 [ 45.923739] do_filp_open+0x1a1/0x280 [ 45.929247] do_sys_open+0x3fe/0x550 [ 45.934670] __x64_sys_openat+0x9d/0x100 [ 45.940441] do_syscall_64+0xfd/0x620 [ 45.945950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.952845] } [ 45.954712] ... key at: [] __key.42212+0x0/0x40 [ 45.961519] ... acquired at: [ 45.964685] _raw_spin_lock+0x2f/0x40 [ 45.968637] io_submit_one+0xef2/0x2eb0 [ 45.972759] __x64_sys_io_submit+0x1aa/0x520 [ 45.977317] do_syscall_64+0xfd/0x620 [ 45.981276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.986606] [ 45.988223] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 45.993651] IN-SOFTIRQ-W at: [ 45.996906] lock_acquire+0x16f/0x3f0 [ 46.002331] _raw_spin_lock_irq+0x60/0x80 [ 46.008102] free_ioctx_users+0x2d/0x490 [ 46.013787] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 46.020861] rcu_process_callbacks+0xba0/0x1a30 [ 46.027154] __do_softirq+0x25c/0x921 [ 46.032575] irq_exit+0x180/0x1d0 [ 46.037651] smp_apic_timer_interrupt+0x13b/0x550 [ 46.044113] apic_timer_interrupt+0xf/0x20 [ 46.049971] native_safe_halt+0xe/0x10 [ 46.055481] arch_cpu_idle+0xa/0x10 [ 46.060731] default_idle_call+0x36/0x90 [ 46.066410] do_idle+0x377/0x560 [ 46.071400] cpu_startup_entry+0xc8/0xe0 [ 46.077083] start_secondary+0x3e8/0x5b0 [ 46.082766] secondary_startup_64+0xa4/0xb0 [ 46.088706] INITIAL USE at: [ 46.091872] lock_acquire+0x16f/0x3f0 [ 46.097208] _raw_spin_lock_irq+0x60/0x80 [ 46.102900] io_submit_one+0xead/0x2eb0 [ 46.108414] __x64_sys_io_submit+0x1aa/0x520 [ 46.114356] do_syscall_64+0xfd/0x620 [ 46.119693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.126427] } [ 46.128219] ... key at: [] __key.50212+0x0/0x40 [ 46.134947] ... acquired at: [ 46.138023] mark_lock+0x420/0x1370 [ 46.141795] __lock_acquire+0xc62/0x49c0 [ 46.146001] lock_acquire+0x16f/0x3f0 [ 46.149944] _raw_spin_lock_irq+0x60/0x80 [ 46.154254] free_ioctx_users+0x2d/0x490 [ 46.158465] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 46.164065] rcu_process_callbacks+0xba0/0x1a30 [ 46.168876] __do_softirq+0x25c/0x921 [ 46.172820] irq_exit+0x180/0x1d0 [ 46.176417] smp_apic_timer_interrupt+0x13b/0x550 [ 46.181401] apic_timer_interrupt+0xf/0x20 [ 46.185793] native_safe_halt+0xe/0x10 [ 46.189824] arch_cpu_idle+0xa/0x10 [ 46.193596] default_idle_call+0x36/0x90 [ 46.197801] do_idle+0x377/0x560 [ 46.201309] cpu_startup_entry+0xc8/0xe0 [ 46.205516] start_secondary+0x3e8/0x5b0 [ 46.209721] secondary_startup_64+0xa4/0xb0 [ 46.214183] [ 46.215783] [ 46.215783] stack backtrace: [ 46.220252] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.67 #41 [ 46.226449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.235774] Call Trace: [ 46.238328] [ 46.240469] dump_stack+0x172/0x1f0 [ 46.244080] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 46.249413] check_usage_forwards.cold+0x20/0x29 [ 46.254139] ? check_usage_backwards+0x340/0x340 [ 46.258868] ? save_stack_trace+0x1a/0x20 [ 46.262986] ? save_trace+0xe0/0x290 [ 46.266670] mark_lock+0x420/0x1370 [ 46.270271] ? check_usage_backwards+0x340/0x340 [ 46.274995] __lock_acquire+0xc62/0x49c0 [ 46.279025] ? mark_held_locks+0x100/0x100 [ 46.283228] ? mark_held_locks+0x100/0x100 [ 46.287432] ? __wake_up_common_lock+0xfe/0x190 [ 46.292078] ? mark_held_locks+0x100/0x100 [ 46.296284] ? __wake_up_common_lock+0xfe/0x190 [ 46.300922] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 46.305995] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 46.310551] ? trace_hardirqs_on+0x67/0x220 [ 46.314850] ? kasan_check_read+0x11/0x20 [ 46.318973] lock_acquire+0x16f/0x3f0 [ 46.322747] ? free_ioctx_users+0x2d/0x490 [ 46.326953] _raw_spin_lock_irq+0x60/0x80 [ 46.331069] ? free_ioctx_users+0x2d/0x490 [ 46.335274] free_ioctx_users+0x2d/0x490 [ 46.339307] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 46.344469] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 46.349889] ? percpu_ref_exit+0xd0/0xd0 [ 46.353919] rcu_process_callbacks+0xba0/0x1a30 [ 46.358570] ? __rcu_read_unlock+0x170/0x170 [ 46.363037] __do_softirq+0x25c/0x921 [ 46.366811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.372320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.377831] irq_exit+0x180/0x1d0 [ 46.381257] smp_apic_timer_interrupt+0x13b/0x550 [ 46.386071] apic_timer_interrupt+0xf/0x20 [ 46.390288] [ 46.392507] RIP: 0010:native_safe_halt+0xe/0x10 [ 46.397151] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 46.416022] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 46.423705] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 46.430957] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 46.438200] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 46.445439] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 46.452682] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 46.459929] ? default_idle+0x4e/0x320 [ 46.463786] arch_cpu_idle+0xa/0x10 [ 46.467477] default_idle_call+0x36/0x90 [ 46.471525] do_idle+0x377/0x560 [ 46.474867] ? arch_cpu_idle_exit