[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.928778][ T26] audit: type=1800 audit(1568166779.086:25): pid=8531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.970018][ T26] audit: type=1800 audit(1568166779.096:26): pid=8531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.992062][ T26] audit: type=1800 audit(1568166779.096:27): pid=8531 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.200126][ C1] [ 71.202762][ C1] ======================================================== [ 71.210047][ C1] WARNING: possible irq lock inversion dependency detected [ 71.217280][ C1] 5.3.0-rc6-next-20190830 #75 Not tainted [ 71.222986][ C1] -------------------------------------------------------- [ 71.230342][ C1] ksoftirqd/1/16 just changed the state of lock: [ 71.236648][ C1] ffff8880a4753b58 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 71.246194][ C1] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 71.253718][ C1] (&fiq->waitq){+.+.} [ 71.253726][ C1] [ 71.253726][ C1] [ 71.253726][ C1] and interrupts could create inverse lock ordering between them. [ 71.253726][ C1] [ 71.272059][ C1] [ 71.272059][ C1] other info that might help us debug this: [ 71.280106][ C1] Possible interrupt unsafe locking scenario: [ 71.280106][ C1] [ 71.288477][ C1] CPU0 CPU1 [ 71.294510][ C1] ---- ---- [ 71.299876][ C1] lock(&fiq->waitq); [ 71.305190][ C1] local_irq_disable(); [ 71.312033][ C1] lock(&(&ctx->ctx_lock)->rlock); [ 71.319730][ C1] lock(&fiq->waitq); [ 71.326298][ C1] [ 71.329728][ C1] lock(&(&ctx->ctx_lock)->rlock); [ 71.335071][ C1] [ 71.335071][ C1] *** DEADLOCK *** [ 71.335071][ C1] [ 71.343210][ C1] 2 locks held by ksoftirqd/1/16: [ 71.348205][ C1] #0: ffffffff88fa7e40 (rcu_callback){....}, at: rcu_core+0x60e/0x1560 [ 71.356802][ C1] #1: ffffffff88fa7e80 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x20e/0x570 [ 71.367726][ C1] [ 71.367726][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 71.377215][ C1] -> (&fiq->waitq){+.+.} { [ 71.381702][ C1] HARDIRQ-ON-W at: [ 71.385754][ C1] lock_acquire+0x190/0x410 [ 71.392193][ C1] _raw_spin_lock+0x2f/0x40 [ 71.398641][ C1] flush_bg_queue+0x1f1/0x3b0 [ 71.405145][ C1] fuse_request_queue_background+0x2f8/0x5b0 [ 71.413046][ C1] fuse_request_send_background+0x58/0x110 [ 71.420658][ C1] cuse_channel_open+0x5c3/0x839 [ 71.427530][ C1] misc_open+0x395/0x4c0 [ 71.433582][ C1] chrdev_open+0x245/0x6b0 [ 71.439801][ C1] do_dentry_open+0x4df/0x1250 [ 71.446363][ C1] vfs_open+0xa0/0xd0 [ 71.452167][ C1] path_openat+0x10e9/0x46d0 [ 71.458593][ C1] do_filp_open+0x1a1/0x280 [ 71.464904][ C1] do_sys_open+0x3fe/0x5d0 [ 71.471121][ C1] __x64_sys_openat+0x9d/0x100 [ 71.477685][ C1] do_syscall_64+0xfa/0x760 [ 71.483991][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.491688][ C1] SOFTIRQ-ON-W at: [ 71.495765][ C1] lock_acquire+0x190/0x410 [ 71.502076][ C1] _raw_spin_lock+0x2f/0x40 [ 71.508378][ C1] flush_bg_queue+0x1f1/0x3b0 [ 71.514864][ C1] fuse_request_queue_background+0x2f8/0x5b0 [ 71.523468][ C1] fuse_request_send_background+0x58/0x110 [ 71.531139][ C1] cuse_channel_open+0x5c3/0x839 [ 71.537878][ C1] misc_open+0x395/0x4c0 [ 71.543918][ C1] chrdev_open+0x245/0x6b0 [ 71.550133][ C1] do_dentry_open+0x4df/0x1250 [ 71.556693][ C1] vfs_open+0xa0/0xd0 [ 71.562474][ C1] path_openat+0x10e9/0x46d0 [ 71.568870][ C1] do_filp_open+0x1a1/0x280 [ 71.575254][ C1] do_sys_open+0x3fe/0x5d0 [ 71.581487][ C1] __x64_sys_openat+0x9d/0x100 [ 71.588112][ C1] do_syscall_64+0xfa/0x760 [ 71.594445][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.602134][ C1] INITIAL USE at: [ 71.606270][ C1] lock_acquire+0x190/0x410 [ 71.612957][ C1] _raw_spin_lock+0x2f/0x40 [ 71.619181][ C1] flush_bg_queue+0x1f1/0x3b0 [ 71.625577][ C1] fuse_request_queue_background+0x2f8/0x5b0 [ 71.633270][ C1] fuse_request_send_background+0x58/0x110 [ 71.640805][ C1] cuse_channel_open+0x5c3/0x839 [ 71.647462][ C1] misc_open+0x395/0x4c0 [ 71.653446][ C1] chrdev_open+0x245/0x6b0 [ 71.659585][ C1] do_dentry_open+0x4df/0x1250 [ 71.666072][ C1] vfs_open+0xa0/0xd0 [ 71.671770][ C1] path_openat+0x10e9/0x46d0 [ 71.678072][ C1] do_filp_open+0x1a1/0x280 [ 71.684291][ C1] do_sys_open+0x3fe/0x5d0 [ 71.690417][ C1] __x64_sys_openat+0x9d/0x100 [ 71.696900][ C1] do_syscall_64+0xfa/0x760 [ 71.703239][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.710960][ C1] } [ 71.713544][ C1] ... key at: [] __key.44810+0x0/0x40 [ 71.721057][ C1] ... acquired at: [ 71.724933][ C1] _raw_spin_lock+0x2f/0x40 [ 71.729585][ C1] io_submit_one+0xefa/0x2ef0 [ 71.734424][ C1] __x64_sys_io_submit+0x1bd/0x570 [ 71.739715][ C1] do_syscall_64+0xfa/0x760 [ 71.745043][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.751086][ C1] [ 71.753407][ C1] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 71.758930][ C1] IN-SOFTIRQ-W at: [ 71.762907][ C1] lock_acquire+0x190/0x410 [ 71.769041][ C1] _raw_spin_lock_irq+0x60/0x80 [ 71.775520][ C1] free_ioctx_users+0x2d/0x490 [ 71.781913][ C1] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 71.790143][ C1] rcu_core+0x581/0x1560 [ 71.796544][ C1] rcu_core_si+0x9/0x10 [ 71.802337][ C1] __do_softirq+0x262/0x98c [ 71.808473][ C1] run_ksoftirqd+0x8e/0x110 [ 71.814620][ C1] smpboot_thread_fn+0x6a3/0xa40 [ 71.821188][ C1] kthread+0x361/0x430 [ 71.826886][ C1] ret_from_fork+0x24/0x30 [ 71.832934][ C1] INITIAL USE at: [ 71.836816][ C1] lock_acquire+0x190/0x410 [ 71.842856][ C1] _raw_spin_lock_irq+0x60/0x80 [ 71.849241][ C1] io_submit_one+0xeb5/0x2ef0 [ 71.855451][ C1] __x64_sys_io_submit+0x1bd/0x570 [ 71.862121][ C1] do_syscall_64+0xfa/0x760 [ 71.868192][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.875987][ C1] } [ 71.878528][ C1] ... key at: [] __key.54358+0x0/0x40 [ 71.885952][ C1] ... acquired at: [ 71.889744][ C1] mark_lock+0x517/0x1220 [ 71.894222][ C1] __lock_acquire+0x1e8e/0x4a00 [ 71.899240][ C1] lock_acquire+0x190/0x410 [ 71.903896][ C1] _raw_spin_lock_irq+0x60/0x80 [ 71.908897][ C1] free_ioctx_users+0x2d/0x490 [ 71.913861][ C1] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 71.920265][ C1] rcu_core+0x581/0x1560 [ 71.924650][ C1] rcu_core_si+0x9/0x10 [ 71.928950][ C1] __do_softirq+0x262/0x98c [ 71.933598][ C1] run_ksoftirqd+0x8e/0x110 [ 71.938267][ C1] smpboot_thread_fn+0x6a3/0xa40 [ 71.943349][ C1] kthread+0x361/0x430 [ 71.947562][ C1] ret_from_fork+0x24/0x30 [ 71.952118][ C1] [ 71.954417][ C1] [ 71.954417][ C1] stack backtrace: [ 71.960292][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.3.0-rc6-next-20190830 #75 [ 71.968842][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.978867][ C1] Call Trace: [ 71.982130][ C1] dump_stack+0x172/0x1f0 [ 71.986442][ C1] print_irq_inversion_bug.part.0+0x2e4/0x2f1 [ 71.992480][ C1] check_usage_forwards.cold+0x20/0x29 [ 71.997922][ C1] ? check_usage_backwards+0x330/0x330 [ 72.003365][ C1] ? save_trace+0x3e/0x8c0 [ 72.007759][ C1] mark_lock+0x517/0x1220 [ 72.012063][ C1] ? check_usage_backwards+0x330/0x330 [ 72.017526][ C1] __lock_acquire+0x1e8e/0x4a00 [ 72.022351][ C1] ? __kasan_check_read+0x11/0x20 [ 72.027354][ C1] ? mark_lock+0xc2/0x1220 [ 72.031755][ C1] ? mark_held_locks+0xf0/0xf0 [ 72.036499][ C1] lock_acquire+0x190/0x410 [ 72.040976][ C1] ? free_ioctx_users+0x2d/0x490 [ 72.045889][ C1] _raw_spin_lock_irq+0x60/0x80 [ 72.050710][ C1] ? free_ioctx_users+0x2d/0x490 [ 72.055622][ C1] free_ioctx_users+0x2d/0x490 [ 72.060364][ C1] ? rcu_dynticks_curr_cpu_in_eqs+0x54/0xb0 [ 72.066231][ C1] percpu_ref_switch_to_atomic_rcu+0x4c0/0x570 [ 72.072356][ C1] ? percpu_ref_exit+0xd0/0xd0 [ 72.077100][ C1] rcu_core+0x581/0x1560 [ 72.081316][ C1] ? __rcu_read_unlock+0x6b0/0x6b0 [ 72.086398][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 72.091926][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 72.097876][ C1] rcu_core_si+0x9/0x10 [ 72.102002][ C1] __do_softirq+0x262/0x98c [ 72.106480][ C1] ? takeover_tasklets+0x820/0x820 [ 72.111563][ C1] run_ksoftirqd+0x8e/0x110 [ 72.116036][ C1] smpboot_thread_fn+0x6a3/0xa40 [ 72.120947][ C1] ? smpboot_register_percpu_thread+0x390/0x390 [ 72.127171][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 72.133382][ C1] ? __kthread_parkme+0x108/0x1c0 [ 72.138376][ C1] ? __kasan_check_read+0x11/0x20 [ 72.143374][ C1] kthread+0x361/0x430 [ 72.147415][ C1] ? smpboot_register_percpu_thread+0x390/0x390 [ 72.15