Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 37.539256] audit: type=1800 audit(1569222869.230:33): pid=7273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.560638] audit: type=1800 audit(1569222869.240:34): pid=7273 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 40.924302] audit: type=1400 audit(1569222872.620:35): avc: denied { map } for pid=7444 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. executing program [ 51.933005] audit: type=1400 audit(1569222883.630:36): avc: denied { map } for pid=7457 comm="syz-executor109" path="/root/syz-executor109050996" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.971317] [ 51.972956] ======================================================== [ 51.979421] WARNING: possible irq lock inversion dependency detected [ 51.985890] 4.19.75 #0 Not tainted [ 51.989404] -------------------------------------------------------- [ 51.995888] swapper/1/0 just changed the state of lock: [ 52.001280] 000000002e47b87f (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 52.010027] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 52.016855] (&fiq->waitq){+.+.} [ 52.016864] [ 52.016864] [ 52.016864] and interrupts could create inverse lock ordering between them. [ 52.016864] [ 52.031711] [ 52.031711] other info that might help us debug this: [ 52.038352] Possible interrupt unsafe locking scenario: [ 52.038352] [ 52.045252] CPU0 CPU1 [ 52.049896] ---- ---- [ 52.054554] lock(&fiq->waitq); [ 52.057902] local_irq_disable(); [ 52.063934] lock(&(&ctx->ctx_lock)->rlock); [ 52.070926] lock(&fiq->waitq); [ 52.076786] [ 52.079515] lock(&(&ctx->ctx_lock)->rlock); [ 52.084159] [ 52.084159] *** DEADLOCK *** [ 52.084159] [ 52.090222] 2 locks held by swapper/1/0: [ 52.094262] #0: 00000000c09a53db (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 52.103017] #1: 0000000053d5c795 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 52.113147] [ 52.113147] the shortest dependencies between 2nd lock and 1st lock: [ 52.121110] -> (&fiq->waitq){+.+.} ops: 4 { [ 52.125504] HARDIRQ-ON-W at: [ 52.128866] lock_acquire+0x16f/0x3f0 [ 52.134481] _raw_spin_lock+0x2f/0x40 [ 52.140087] flush_bg_queue+0x1f3/0x3d0 [ 52.145864] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.153637] fuse_request_send_background+0x12b/0x180 [ 52.160638] cuse_channel_open+0x5ba/0x830 [ 52.166678] misc_open+0x395/0x4c0 [ 52.172040] chrdev_open+0x245/0x6b0 [ 52.177555] do_dentry_open+0x4c3/0x1210 [ 52.183416] vfs_open+0xa0/0xd0 [ 52.188496] path_openat+0x10d7/0x45e0 [ 52.194189] do_filp_open+0x1a1/0x280 [ 52.199804] do_sys_open+0x3fe/0x550 [ 52.205323] __x64_sys_openat+0x9d/0x100 [ 52.211208] do_syscall_64+0xfd/0x620 [ 52.217008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.224591] SOFTIRQ-ON-W at: [ 52.227956] lock_acquire+0x16f/0x3f0 [ 52.233571] _raw_spin_lock+0x2f/0x40 [ 52.239184] flush_bg_queue+0x1f3/0x3d0 [ 52.244965] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.252570] fuse_request_send_background+0x12b/0x180 [ 52.259651] cuse_channel_open+0x5ba/0x830 [ 52.265702] misc_open+0x395/0x4c0 [ 52.271055] chrdev_open+0x245/0x6b0 [ 52.276579] do_dentry_open+0x4c3/0x1210 [ 52.282440] vfs_open+0xa0/0xd0 [ 52.287522] path_openat+0x10d7/0x45e0 [ 52.293215] do_filp_open+0x1a1/0x280 [ 52.298824] do_sys_open+0x3fe/0x550 [ 52.304350] __x64_sys_openat+0x9d/0x100 [ 52.310301] do_syscall_64+0xfd/0x620 [ 52.315916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.322903] INITIAL USE at: [ 52.326180] lock_acquire+0x16f/0x3f0 [ 52.331701] _raw_spin_lock+0x2f/0x40 [ 52.337215] flush_bg_queue+0x1f3/0x3d0 [ 52.343612] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.351134] fuse_request_send_background+0x12b/0x180 [ 52.358046] cuse_channel_open+0x5ba/0x830 [ 52.364180] misc_open+0x395/0x4c0 [ 52.369436] chrdev_open+0x245/0x6b0 [ 52.374868] do_dentry_open+0x4c3/0x1210 [ 52.380645] vfs_open+0xa0/0xd0 [ 52.385644] path_openat+0x10d7/0x45e0 [ 52.391259] do_filp_open+0x1a1/0x280 [ 52.396788] do_sys_open+0x3fe/0x550 [ 52.402218] __x64_sys_openat+0x9d/0x100 [ 52.407998] do_syscall_64+0xfd/0x620 [ 52.413540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.420442] } [ 52.422316] ... key at: [] __key.42217+0x0/0x40 [ 52.429153] ... acquired at: [ 52.432354] _raw_spin_lock+0x2f/0x40 [ 52.436323] io_submit_one+0xef2/0x2eb0 [ 52.440464] __x64_sys_io_submit+0x1aa/0x520 [ 52.445036] do_syscall_64+0xfd/0x620 [ 52.449004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.454344] [ 52.455949] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 52.461396] IN-SOFTIRQ-W at: [ 52.464778] lock_acquire+0x16f/0x3f0 [ 52.470262] _raw_spin_lock_irq+0x60/0x80 [ 52.476047] free_ioctx_users+0x2d/0x490 [ 52.481741] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.488838] rcu_process_callbacks+0xba0/0x1a30 [ 52.495149] __do_softirq+0x25c/0x921 [ 52.500850] irq_exit+0x180/0x1d0 [ 52.505939] smp_apic_timer_interrupt+0x13b/0x550 [ 52.512414] apic_timer_interrupt+0xf/0x20 [ 52.518442] native_safe_halt+0xe/0x10 [ 52.523962] arch_cpu_idle+0xa/0x10 [ 52.529220] default_idle_call+0x36/0x90 [ 52.534915] do_idle+0x377/0x560 [ 52.539912] cpu_startup_entry+0xc8/0xe0 [ 52.545604] start_secondary+0x3e8/0x5b0 [ 52.551296] secondary_startup_64+0xa4/0xb0 [ 52.557244] INITIAL USE at: [ 52.560418] lock_acquire+0x16f/0x3f0 [ 52.565760] _raw_spin_lock_irq+0x60/0x80 [ 52.571465] io_submit_one+0xead/0x2eb0 [ 52.576988] __x64_sys_io_submit+0x1aa/0x520 [ 52.582943] do_syscall_64+0xfd/0x620 [ 52.588286] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.595015] } [ 52.596803] ... key at: [] __key.50217+0x0/0x40 [ 52.603560] ... acquired at: [ 52.606646] mark_lock+0x420/0x1370 [ 52.610439] __lock_acquire+0xc62/0x49c0 [ 52.614670] lock_acquire+0x16f/0x3f0 [ 52.618626] _raw_spin_lock_irq+0x60/0x80 [ 52.622931] free_ioctx_users+0x2d/0x490 [ 52.627330] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.632993] rcu_process_callbacks+0xba0/0x1a30 [ 52.637827] __do_softirq+0x25c/0x921 [ 52.641958] irq_exit+0x180/0x1d0 [ 52.645571] smp_apic_timer_interrupt+0x13b/0x550 [ 52.650658] apic_timer_interrupt+0xf/0x20 [ 52.655051] native_safe_halt+0xe/0x10 [ 52.659094] arch_cpu_idle+0xa/0x10 [ 52.662876] default_idle_call+0x36/0x90 [ 52.667104] do_idle+0x377/0x560 [ 52.670712] cpu_startup_entry+0xc8/0xe0 [ 52.674963] start_secondary+0x3e8/0x5b0 [ 52.679190] secondary_startup_64+0xa4/0xb0 [ 52.683665] [ 52.685294] [ 52.685294] stack backtrace: [ 52.689774] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.75 #0 [ 52.695899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.705235] Call Trace: [ 52.707798] [ 52.709945] dump_stack+0x172/0x1f0 [ 52.713558] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 52.718905] check_usage_forwards.cold+0x20/0x29 [ 52.723763] ? check_usage_backwards+0x340/0x340 [ 52.728502] ? save_stack_trace+0x1a/0x20 [ 52.732742] ? save_trace+0xe0/0x290 [ 52.736442] mark_lock+0x420/0x1370 [ 52.740059] ? check_usage_backwards+0x340/0x340 [ 52.744815] __lock_acquire+0xc62/0x49c0 [ 52.748914] ? mark_held_locks+0x100/0x100 [ 52.753134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.757877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.762617] ? mark_held_locks+0x100/0x100 [ 52.766833] ? mark_held_locks+0x100/0x100 [ 52.771058] ? _raw_spin_unlock_irqrestore+0x95/0xe0 [ 52.776267] lock_acquire+0x16f/0x3f0 [ 52.780068] ? free_ioctx_users+0x2d/0x490 [ 52.784300] _raw_spin_lock_irq+0x60/0x80 [ 52.788458] ? free_ioctx_users+0x2d/0x490 [ 52.792684] free_ioctx_users+0x2d/0x490 [ 52.796730] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 52.802012] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.807446] ? percpu_ref_exit+0xd0/0xd0 [ 52.811492] rcu_process_callbacks+0xba0/0x1a30 [ 52.816142] ? __rcu_read_unlock+0x170/0x170 [ 52.820541] __do_softirq+0x25c/0x921 [ 52.824325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.829842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.835376] irq_exit+0x180/0x1d0 [ 52.838818] smp_apic_timer_interrupt+0x13b/0x550 [ 52.843665] apic_timer_interrupt+0xf/0x20 [ 52.847886] [ 52.850114] RIP: 0010:native_safe_halt+0xe/0x10 [ 52.854773] Code: ff ff 48 89 df e8 a2 cf ad fa eb 82 e9 07 00 00 00 0f 00 2d d4 b4 53 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 b4 53 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 be b2 65 fa e8 99 [ 52.874353] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 52.882046] RAX: 1ffffffff10e48c4 RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 52.889306] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 52.896558] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 52.903898] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 52.911154] R13: ffffffff88724610 R14: 0000000000000001 R15: 0000000000000000 [ 52.918443] ? default_idle+0x4e/0x320 [ 52.922331] arch_cpu_idle+0xa/0x10 [ 52.925938] default_idle_call+0x36/0x90 [ 52.929991] do_idle+0x377/0x560 [ 52.933344] ? arch_cpu_idle_exit+0x80/0x80