[ 40.262245][ T26] audit: type=1800 audit(1569187818.347:27): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 40.291442][ T26] audit: type=1800 audit(1569187818.347:28): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.950063][ T26] audit: type=1800 audit(1569187819.107:29): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 40.970132][ T26] audit: type=1800 audit(1569187819.107:30): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.806759][ C0] [ 47.809108][ C0] ======================================================== [ 47.816288][ C0] WARNING: possible irq lock inversion dependency detected [ 47.823455][ C0] 5.3.0+ #0 Not tainted [ 47.827581][ C0] -------------------------------------------------------- [ 47.834771][ C0] swapper/0/0 just changed the state of lock: [ 47.840815][ C0] ffff888095f3bb58 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x33/0x1d0 [ 47.850279][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.857814][ C0] (&fiq->waitq){+.+.} [ 47.857819][ C0] [ 47.857819][ C0] [ 47.857819][ C0] and interrupts could create inverse lock ordering between them. [ 47.857819][ C0] [ 47.876144][ C0] [ 47.876144][ C0] other info that might help us debug this: [ 47.884181][ C0] Possible interrupt unsafe locking scenario: [ 47.884181][ C0] [ 47.892484][ C0] CPU0 CPU1 [ 47.897830][ C0] ---- ---- [ 47.903233][ C0] lock(&fiq->waitq); [ 47.907416][ C0] local_irq_disable(); [ 47.914222][ C0] lock(&(&ctx->ctx_lock)->rlock); [ 47.921916][ C0] lock(&fiq->waitq); [ 47.928491][ C0] [ 47.931964][ C0] lock(&(&ctx->ctx_lock)->rlock); [ 47.937328][ C0] [ 47.937328][ C0] *** DEADLOCK *** [ 47.937328][ C0] [ 47.945555][ C0] 2 locks held by swapper/0/0: [ 47.950300][ C0] #0: ffffffff888d3940 (rcu_callback){....}, at: rcu_lock_acquire+0x4/0x30 [ 47.958953][ C0] #1: ffffffff888d38d8 (rcu_read_lock_sched){....}, at: rcu_lock_acquire+0x9/0x40 [ 47.968210][ C0] [ 47.968210][ C0] the shortest dependencies between 2nd lock and 1st lock: [ 47.977664][ C0] -> (&fiq->waitq){+.+.} { [ 47.982160][ C0] HARDIRQ-ON-W at: [ 47.986323][ C0] lock_acquire+0x158/0x250 [ 47.992658][ C0] _raw_spin_lock+0x2d/0x40 [ 47.998975][ C0] fuse_request_queue_background+0x673/0xc60 [ 48.006929][ C0] fuse_request_send_background+0x56/0x100 [ 48.014583][ C0] cuse_channel_open+0x485/0x660 [ 48.021320][ C0] misc_open+0x3ef/0x440 [ 48.027372][ C0] chrdev_open+0x509/0x590 [ 48.033593][ C0] do_dentry_open+0x73b/0xf90 [ 48.040076][ C0] vfs_open+0x73/0x80 [ 48.045870][ C0] path_openat+0x1397/0x4460 [ 48.052274][ C0] do_filp_open+0x192/0x3d0 [ 48.058821][ C0] do_sys_open+0x29f/0x560 [ 48.065163][ C0] __x64_sys_openat+0xa2/0xb0 [ 48.071708][ C0] do_syscall_64+0xf7/0x1c0 [ 48.078205][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.085894][ C0] SOFTIRQ-ON-W at: [ 48.089952][ C0] lock_acquire+0x158/0x250 [ 48.096265][ C0] _raw_spin_lock+0x2d/0x40 [ 48.102622][ C0] fuse_request_queue_background+0x673/0xc60 [ 48.110441][ C0] fuse_request_send_background+0x56/0x100 [ 48.118061][ C0] cuse_channel_open+0x485/0x660 [ 48.124884][ C0] misc_open+0x3ef/0x440 [ 48.130936][ C0] chrdev_open+0x509/0x590 [ 48.137163][ C0] do_dentry_open+0x73b/0xf90 [ 48.143651][ C0] vfs_open+0x73/0x80 [ 48.149437][ C0] path_openat+0x1397/0x4460 [ 48.155826][ C0] do_filp_open+0x192/0x3d0 [ 48.162299][ C0] do_sys_open+0x29f/0x560 [ 48.168510][ C0] __x64_sys_openat+0xa2/0xb0 [ 48.174985][ C0] do_syscall_64+0xf7/0x1c0 [ 48.181283][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.188966][ C0] INITIAL USE at: [ 48.192921][ C0] lock_acquire+0x158/0x250 [ 48.199146][ C0] _raw_spin_lock+0x2d/0x40 [ 48.205357][ C0] fuse_request_queue_background+0x673/0xc60 [ 48.213139][ C0] fuse_request_send_background+0x56/0x100 [ 48.221783][ C0] cuse_channel_open+0x485/0x660 [ 48.228440][ C0] misc_open+0x3ef/0x440 [ 48.234412][ C0] chrdev_open+0x509/0x590 [ 48.240547][ C0] do_dentry_open+0x73b/0xf90 [ 48.246934][ C0] vfs_open+0x73/0x80 [ 48.253078][ C0] path_openat+0x1397/0x4460 [ 48.259386][ C0] do_filp_open+0x192/0x3d0 [ 48.265614][ C0] do_sys_open+0x29f/0x560 [ 48.271757][ C0] __x64_sys_openat+0xa2/0xb0 [ 48.278157][ C0] do_syscall_64+0xf7/0x1c0 [ 48.284384][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.291977][ C0] } [ 48.294553][ C0] ... key at: [] fuse_iqueue_init.__key+0x0/0x10 [ 48.303112][ C0] ... acquired at: [ 48.307197][ C0] lock_acquire+0x158/0x250 [ 48.311859][ C0] _raw_spin_lock+0x2d/0x40 [ 48.316526][ C0] io_submit_one+0x108c/0x1970 [ 48.321445][ C0] __se_sys_io_submit+0x12f/0x240 [ 48.326615][ C0] __x64_sys_io_submit+0x7b/0x90 [ 48.331711][ C0] do_syscall_64+0xf7/0x1c0 [ 48.336359][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.343002][ C0] [ 48.345311][ C0] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 48.350828][ C0] IN-SOFTIRQ-W at: [ 48.354832][ C0] lock_acquire+0x158/0x250 [ 48.361048][ C0] _raw_spin_lock_irq+0x6a/0x80 [ 48.367519][ C0] free_ioctx_users+0x33/0x1d0 [ 48.373906][ C0] percpu_ref_put+0x1c6/0x1d0 [ 48.380330][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420 [ 48.388107][ C0] rcu_core+0x843/0x1050 [ 48.393972][ C0] rcu_core_si+0x9/0x10 [ 48.399758][ C0] __do_softirq+0x333/0x7c4 [ 48.406155][ C0] irq_exit+0x227/0x230 [ 48.411929][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 48.419190][ C0] apic_timer_interrupt+0xf/0x20 [ 48.425833][ C0] native_safe_halt+0xe/0x10 [ 48.432226][ C0] arch_cpu_idle+0xa/0x10 [ 48.438278][ C0] default_idle_call+0x59/0xa0 [ 48.444671][ C0] do_idle+0x140/0x670 [ 48.450372][ C0] cpu_startup_entry+0x25/0x30 [ 48.456883][ C0] rest_init+0x29d/0x2b0 [ 48.462762][ C0] arch_call_rest_init+0xe/0x10 [ 48.469243][ C0] start_kernel+0x6f5/0x7f6 [ 48.475385][ C0] x86_64_start_reservations+0x18/0x2e [ 48.482469][ C0] x86_64_start_kernel+0x7a/0x7d [ 48.489035][ C0] secondary_startup_64+0xa4/0xb0 [ 48.495687][ C0] INITIAL USE at: [ 48.499625][ C0] lock_acquire+0x158/0x250 [ 48.505706][ C0] _raw_spin_lock_irq+0x6a/0x80 [ 48.512111][ C0] io_submit_one+0x1057/0x1970 [ 48.518432][ C0] __se_sys_io_submit+0x12f/0x240 [ 48.525085][ C0] __x64_sys_io_submit+0x7b/0x90 [ 48.531558][ C0] do_syscall_64+0xf7/0x1c0 [ 48.537596][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.545019][ C0] } [ 48.547506][ C0] ... key at: [] ioctx_alloc.__key+0x0/0x10 [ 48.555542][ C0] ... acquired at: [ 48.559341][ C0] mark_lock+0x46b/0x1650 [ 48.563813][ C0] __lock_acquire+0x5a0/0x1be0 [ 48.568732][ C0] lock_acquire+0x158/0x250 [ 48.573389][ C0] _raw_spin_lock_irq+0x6a/0x80 [ 48.578400][ C0] free_ioctx_users+0x33/0x1d0 [ 48.583522][ C0] percpu_ref_put+0x1c6/0x1d0 [ 48.588353][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420 [ 48.594784][ C0] rcu_core+0x843/0x1050 [ 48.599194][ C0] rcu_core_si+0x9/0x10 [ 48.603520][ C0] __do_softirq+0x333/0x7c4 [ 48.608175][ C0] irq_exit+0x227/0x230 [ 48.612485][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 48.618237][ C0] apic_timer_interrupt+0xf/0x20 [ 48.623352][ C0] native_safe_halt+0xe/0x10 [ 48.628091][ C0] arch_cpu_idle+0xa/0x10 [ 48.632567][ C0] default_idle_call+0x59/0xa0 [ 48.637490][ C0] do_idle+0x140/0x670 [ 48.641708][ C0] cpu_startup_entry+0x25/0x30 [ 48.646715][ C0] rest_init+0x29d/0x2b0 [ 48.651116][ C0] arch_call_rest_init+0xe/0x10 [ 48.656123][ C0] start_kernel+0x6f5/0x7f6 [ 48.660777][ C0] x86_64_start_reservations+0x18/0x2e [ 48.666606][ C0] x86_64_start_kernel+0x7a/0x7d [ 48.671710][ C0] secondary_startup_64+0xa4/0xb0 [ 48.676914][ C0] [ 48.679569][ C0] [ 48.679569][ C0] stack backtrace: [ 48.685449][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0+ #0 [ 48.692240][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.702668][ C0] Call Trace: [ 48.705959][ C0] [ 48.708803][ C0] dump_stack+0x1d8/0x2f8 [ 48.713109][ C0] print_irq_inversion_bug+0x940/0xb80 [ 48.718727][ C0] ? __kasan_check_read+0x11/0x20 [ 48.723722][ C0] ? valid_state+0x80/0x1350 [ 48.728298][ C0] check_usage_forwards+0x144/0x240 [ 48.733471][ C0] ? save_trace+0x3f/0xa20 [ 48.737862][ C0] ? check_usage_backwards+0x240/0x240 [ 48.743288][ C0] mark_lock+0x46b/0x1650 [ 48.747594][ C0] ? __kasan_check_read+0x11/0x20 [ 48.752664][ C0] ? mark_lock+0x107/0x1650 [ 48.757155][ C0] __lock_acquire+0x5a0/0x1be0 [ 48.761911][ C0] ? trace_lock_acquire+0x159/0x1d0 [ 48.767184][ C0] lock_acquire+0x158/0x250 [ 48.771669][ C0] ? free_ioctx_users+0x33/0x1d0 [ 48.776601][ C0] _raw_spin_lock_irq+0x6a/0x80 [ 48.781442][ C0] ? free_ioctx_users+0x33/0x1d0 [ 48.786349][ C0] free_ioctx_users+0x33/0x1d0 [ 48.792041][ C0] percpu_ref_put+0x1c6/0x1d0 [ 48.796690][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420 [ 48.803076][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 48.809179][ C0] rcu_core+0x843/0x1050 [ 48.813396][ C0] rcu_core_si+0x9/0x10 [ 48.817525][ C0] __do_softirq+0x333/0x7c4 [ 48.822000][ C0] ? irq_exit+0x227/0x230 [ 48.826299][ C0] irq_exit+0x227/0x230 [ 48.830427][ C0] smp_apic_timer_interrupt+0x113/0x280 [ 48.835942][ C0] apic_timer_interrupt+0xf/0x20 [ 48.840852][ C0] [ 48.843762][ C0] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.849114][ C0] Code: 3b fa eb ae 89 d9 80 e1 07 80 c1 03 38 c1 7c ba 48 89 df e8 d4 b8 3b fa eb b0 90 90 e9 07 00 00 00 0f 00 2d 26 98 51 00 fb f4 90 e9 07 00 00 00 0f 00 2d 16 98 51 00 f4 c3 90 90 55 48 89 e5 [ 48.868924][ C0] RSP: 0018:ffffffff88807dc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 48.877307][ C0] RAX: 1ffffffff1115179 RBX: ffffffff88875a00 RCX: dffffc0000000000 [ 48.885257][ C0] RDX: 0000000000000000 RSI: ffffffff812ba81a RDI: ffffffff88876244 [ 48.894161][ C0] RBP: ffffffff88807dc8 R08: ffffffff88876258 R09: fffffbfff110eb41 [ 48.903156][ C0] R10: fffffbfff110eb41 R11: 0000000000000000 R12: dffffc0000000000 [ 48.911099][ C0] R13: 1ffffffff110eb40 R14: dffffc0000000000 R15: 1ffffffff1115177 [ 48.919063][ C0] ? arch_cpu_idle+0xa/0x10 [ 48.923539][ C0] ? default_idle+0x50/0x70 [ 48.928034][ C0] arch_cpu_idle+0xa/0x10 [ 48.932334][ C0] default_idle_call+0x59/0xa0 [ 48.937079][ C0] do_idle+0x140/0x670 [ 48.941148][ C0] ? debug_smp_processor_id+0x1c/0x20 [ 48.946503][ C0] cpu_startup_entry+0x25/0x30 [ 48.951321][ C0] rest_init+0x29d/0x2b0 [ 48.955536][ C0] arch_call_rest_init+0xe/0x10 [ 48.960360][