[ 40.262245][ T26] audit: type=1800 audit(1569187818.347:27): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 40.291442][ T26] audit: type=1800 audit(1569187818.347:28): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 40.950063][ T26] audit: type=1800 audit(1569187819.107:29): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[ 40.970132][ T26] audit: type=1800 audit(1569187819.107:30): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 47.806759][ C0]
[ 47.809108][ C0] ========================================================
[ 47.816288][ C0] WARNING: possible irq lock inversion dependency detected
[ 47.823455][ C0] 5.3.0+ #0 Not tainted
[ 47.827581][ C0] --------------------------------------------------------
[ 47.834771][ C0] swapper/0/0 just changed the state of lock:
[ 47.840815][ C0] ffff888095f3bb58 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x33/0x1d0
[ 47.850279][ C0] but this lock took another, SOFTIRQ-unsafe lock in the past:
[ 47.857814][ C0] (&fiq->waitq){+.+.}
[ 47.857819][ C0]
[ 47.857819][ C0]
[ 47.857819][ C0] and interrupts could create inverse lock ordering between them.
[ 47.857819][ C0]
[ 47.876144][ C0]
[ 47.876144][ C0] other info that might help us debug this:
[ 47.884181][ C0] Possible interrupt unsafe locking scenario:
[ 47.884181][ C0]
[ 47.892484][ C0] CPU0 CPU1
[ 47.897830][ C0] ---- ----
[ 47.903233][ C0] lock(&fiq->waitq);
[ 47.907416][ C0] local_irq_disable();
[ 47.914222][ C0] lock(&(&ctx->ctx_lock)->rlock);
[ 47.921916][ C0] lock(&fiq->waitq);
[ 47.928491][ C0] <Interrupt>
[ 47.931964][ C0] lock(&(&ctx->ctx_lock)->rlock);
[ 47.937328][ C0]
[ 47.937328][ C0] *** DEADLOCK ***
[ 47.937328][ C0]
[ 47.945555][ C0] 2 locks held by swapper/0/0:
[ 47.950300][ C0] #0: ffffffff888d3940 (rcu_callback){....}, at: rcu_lock_acquire+0x4/0x30
[ 47.958953][ C0] #1: ffffffff888d38d8 (rcu_read_lock_sched){....}, at: rcu_lock_acquire+0x9/0x40
[ 47.968210][ C0]
[ 47.968210][ C0] the shortest dependencies between 2nd lock and 1st lock:
[ 47.977664][ C0] -> (&fiq->waitq){+.+.} {
[ 47.982160][ C0] HARDIRQ-ON-W at:
[ 47.986323][ C0] lock_acquire+0x158/0x250
[ 47.992658][ C0] _raw_spin_lock+0x2d/0x40
[ 47.998975][ C0] fuse_request_queue_background+0x673/0xc60
[ 48.006929][ C0] fuse_request_send_background+0x56/0x100
[ 48.014583][ C0] cuse_channel_open+0x485/0x660
[ 48.021320][ C0] misc_open+0x3ef/0x440
[ 48.027372][ C0] chrdev_open+0x509/0x590
[ 48.033593][ C0] do_dentry_open+0x73b/0xf90
[ 48.040076][ C0] vfs_open+0x73/0x80
[ 48.045870][ C0] path_openat+0x1397/0x4460
[ 48.052274][ C0] do_filp_open+0x192/0x3d0
[ 48.058821][ C0] do_sys_open+0x29f/0x560
[ 48.065163][ C0] __x64_sys_openat+0xa2/0xb0
[ 48.071708][ C0] do_syscall_64+0xf7/0x1c0
[ 48.078205][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 48.085894][ C0] SOFTIRQ-ON-W at:
[ 48.089952][ C0] lock_acquire+0x158/0x250
[ 48.096265][ C0] _raw_spin_lock+0x2d/0x40
[ 48.102622][ C0] fuse_request_queue_background+0x673/0xc60
[ 48.110441][ C0] fuse_request_send_background+0x56/0x100
[ 48.118061][ C0] cuse_channel_open+0x485/0x660
[ 48.124884][ C0] misc_open+0x3ef/0x440
[ 48.130936][ C0] chrdev_open+0x509/0x590
[ 48.137163][ C0] do_dentry_open+0x73b/0xf90
[ 48.143651][ C0] vfs_open+0x73/0x80
[ 48.149437][ C0] path_openat+0x1397/0x4460
[ 48.155826][ C0] do_filp_open+0x192/0x3d0
[ 48.162299][ C0] do_sys_open+0x29f/0x560
[ 48.168510][ C0] __x64_sys_openat+0xa2/0xb0
[ 48.174985][ C0] do_syscall_64+0xf7/0x1c0
[ 48.181283][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 48.188966][ C0] INITIAL USE at:
[ 48.192921][ C0] lock_acquire+0x158/0x250
[ 48.199146][ C0] _raw_spin_lock+0x2d/0x40
[ 48.205357][ C0] fuse_request_queue_background+0x673/0xc60
[ 48.213139][ C0] fuse_request_send_background+0x56/0x100
[ 48.221783][ C0] cuse_channel_open+0x485/0x660
[ 48.228440][ C0] misc_open+0x3ef/0x440
[ 48.234412][ C0] chrdev_open+0x509/0x590
[ 48.240547][ C0] do_dentry_open+0x73b/0xf90
[ 48.246934][ C0] vfs_open+0x73/0x80
[ 48.253078][ C0] path_openat+0x1397/0x4460
[ 48.259386][ C0] do_filp_open+0x192/0x3d0
[ 48.265614][ C0] do_sys_open+0x29f/0x560
[ 48.271757][ C0] __x64_sys_openat+0xa2/0xb0
[ 48.278157][ C0] do_syscall_64+0xf7/0x1c0
[ 48.284384][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 48.291977][ C0] }
[ 48.294553][ C0] ... key at: [<ffffffff89ad0ee0>] fuse_iqueue_init.__key+0x0/0x10
[ 48.303112][ C0] ... acquired at:
[ 48.307197][ C0] lock_acquire+0x158/0x250
[ 48.311859][ C0] _raw_spin_lock+0x2d/0x40
[ 48.316526][ C0] io_submit_one+0x108c/0x1970
[ 48.321445][ C0] __se_sys_io_submit+0x12f/0x240
[ 48.326615][ C0] __x64_sys_io_submit+0x7b/0x90
[ 48.331711][ C0] do_syscall_64+0xf7/0x1c0
[ 48.336359][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 48.343002][ C0]
[ 48.345311][ C0] -> (&(&ctx->ctx_lock)->rlock){..-.} {
[ 48.350828][ C0] IN-SOFTIRQ-W at:
[ 48.354832][ C0] lock_acquire+0x158/0x250
[ 48.361048][ C0] _raw_spin_lock_irq+0x6a/0x80
[ 48.367519][ C0] free_ioctx_users+0x33/0x1d0
[ 48.373906][ C0] percpu_ref_put+0x1c6/0x1d0
[ 48.380330][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420
[ 48.388107][ C0] rcu_core+0x843/0x1050
[ 48.393972][ C0] rcu_core_si+0x9/0x10
[ 48.399758][ C0] __do_softirq+0x333/0x7c4
[ 48.406155][ C0] irq_exit+0x227/0x230
[ 48.411929][ C0] smp_apic_timer_interrupt+0x113/0x280
[ 48.419190][ C0] apic_timer_interrupt+0xf/0x20
[ 48.425833][ C0] native_safe_halt+0xe/0x10
[ 48.432226][ C0] arch_cpu_idle+0xa/0x10
[ 48.438278][ C0] default_idle_call+0x59/0xa0
[ 48.444671][ C0] do_idle+0x140/0x670
[ 48.450372][ C0] cpu_startup_entry+0x25/0x30
[ 48.456883][ C0] rest_init+0x29d/0x2b0
[ 48.462762][ C0] arch_call_rest_init+0xe/0x10
[ 48.469243][ C0] start_kernel+0x6f5/0x7f6
[ 48.475385][ C0] x86_64_start_reservations+0x18/0x2e
[ 48.482469][ C0] x86_64_start_kernel+0x7a/0x7d
[ 48.489035][ C0] secondary_startup_64+0xa4/0xb0
[ 48.495687][ C0] INITIAL USE at:
[ 48.499625][ C0] lock_acquire+0x158/0x250
[ 48.505706][ C0] _raw_spin_lock_irq+0x6a/0x80
[ 48.512111][ C0] io_submit_one+0x1057/0x1970
[ 48.518432][ C0] __se_sys_io_submit+0x12f/0x240
[ 48.525085][ C0] __x64_sys_io_submit+0x7b/0x90
[ 48.531558][ C0] do_syscall_64+0xf7/0x1c0
[ 48.537596][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 48.545019][ C0] }
[ 48.547506][ C0] ... key at: [<ffffffff89a3e7f0>] ioctx_alloc.__key+0x0/0x10
[ 48.555542][ C0] ... acquired at:
[ 48.559341][ C0] mark_lock+0x46b/0x1650
[ 48.563813][ C0] __lock_acquire+0x5a0/0x1be0
[ 48.568732][ C0] lock_acquire+0x158/0x250
[ 48.573389][ C0] _raw_spin_lock_irq+0x6a/0x80
[ 48.578400][ C0] free_ioctx_users+0x33/0x1d0
[ 48.583522][ C0] percpu_ref_put+0x1c6/0x1d0
[ 48.588353][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420
[ 48.594784][ C0] rcu_core+0x843/0x1050
[ 48.599194][ C0] rcu_core_si+0x9/0x10
[ 48.603520][ C0] __do_softirq+0x333/0x7c4
[ 48.608175][ C0] irq_exit+0x227/0x230
[ 48.612485][ C0] smp_apic_timer_interrupt+0x113/0x280
[ 48.618237][ C0] apic_timer_interrupt+0xf/0x20
[ 48.623352][ C0] native_safe_halt+0xe/0x10
[ 48.628091][ C0] arch_cpu_idle+0xa/0x10
[ 48.632567][ C0] default_idle_call+0x59/0xa0
[ 48.637490][ C0] do_idle+0x140/0x670
[ 48.641708][ C0] cpu_startup_entry+0x25/0x30
[ 48.646715][ C0] rest_init+0x29d/0x2b0
[ 48.651116][ C0] arch_call_rest_init+0xe/0x10
[ 48.656123][ C0] start_kernel+0x6f5/0x7f6
[ 48.660777][ C0] x86_64_start_reservations+0x18/0x2e
[ 48.666606][ C0] x86_64_start_kernel+0x7a/0x7d
[ 48.671710][ C0] secondary_startup_64+0xa4/0xb0
[ 48.676914][ C0]
[ 48.679569][ C0]
[ 48.679569][ C0] stack backtrace:
[ 48.685449][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0+ #0
[ 48.692240][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 48.702668][ C0] Call Trace:
[ 48.705959][ C0] <IRQ>
[ 48.708803][ C0] dump_stack+0x1d8/0x2f8
[ 48.713109][ C0] print_irq_inversion_bug+0x940/0xb80
[ 48.718727][ C0] ? __kasan_check_read+0x11/0x20
[ 48.723722][ C0] ? valid_state+0x80/0x1350
[ 48.728298][ C0] check_usage_forwards+0x144/0x240
[ 48.733471][ C0] ? save_trace+0x3f/0xa20
[ 48.737862][ C0] ? check_usage_backwards+0x240/0x240
[ 48.743288][ C0] mark_lock+0x46b/0x1650
[ 48.747594][ C0] ? __kasan_check_read+0x11/0x20
[ 48.752664][ C0] ? mark_lock+0x107/0x1650
[ 48.757155][ C0] __lock_acquire+0x5a0/0x1be0
[ 48.761911][ C0] ? trace_lock_acquire+0x159/0x1d0
[ 48.767184][ C0] lock_acquire+0x158/0x250
[ 48.771669][ C0] ? free_ioctx_users+0x33/0x1d0
[ 48.776601][ C0] _raw_spin_lock_irq+0x6a/0x80
[ 48.781442][ C0] ? free_ioctx_users+0x33/0x1d0
[ 48.786349][ C0] free_ioctx_users+0x33/0x1d0
[ 48.792041][ C0] percpu_ref_put+0x1c6/0x1d0
[ 48.796690][ C0] percpu_ref_switch_to_atomic_rcu+0x344/0x420
[ 48.803076][ C0] ? percpu_ref_noop_confirm_switch+0x10/0x10
[ 48.809179][ C0] rcu_core+0x843/0x1050
[ 48.813396][ C0] rcu_core_si+0x9/0x10
[ 48.817525][ C0] __do_softirq+0x333/0x7c4
[ 48.822000][ C0] ? irq_exit+0x227/0x230
[ 48.826299][ C0] irq_exit+0x227/0x230
[ 48.830427][ C0] smp_apic_timer_interrupt+0x113/0x280
[ 48.835942][ C0] apic_timer_interrupt+0xf/0x20
[ 48.840852][ C0] </IRQ>
[ 48.843762][ C0] RIP: 0010:native_safe_halt+0xe/0x10
[ 48.849114][ C0] Code: 3b fa eb ae 89 d9 80 e1 07 80 c1 03 38 c1 7c ba 48 89 df e8 d4 b8 3b fa eb b0 90 90 e9 07 00 00 00 0f 00 2d 26 98 51 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 16 98 51 00 f4 c3 90 90 55 48 89 e5
[ 48.868924][ C0] RSP: 0018:ffffffff88807dc0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 48.877307][ C0] RAX: 1ffffffff1115179 RBX: ffffffff88875a00 RCX: dffffc0000000000
[ 48.885257][ C0] RDX: 0000000000000000 RSI: ffffffff812ba81a RDI: ffffffff88876244
[ 48.894161][ C0] RBP: ffffffff88807dc8 R08: ffffffff88876258 R09: fffffbfff110eb41
[ 48.903156][ C0] R10: fffffbfff110eb41 R11: 0000000000000000 R12: dffffc0000000000
[ 48.911099][ C0] R13: 1ffffffff110eb40 R14: dffffc0000000000 R15: 1ffffffff1115177
[ 48.919063][ C0] ? arch_cpu_idle+0xa/0x10
[ 48.923539][ C0] ? default_idle+0x50/0x70
[ 48.928034][ C0] arch_cpu_idle+0xa/0x10
[ 48.932334][ C0] default_idle_call+0x59/0xa0
[ 48.937079][ C0] do_idle+0x140/0x670
[ 48.941148][ C0] ? debug_smp_processor_id+0x1c/0x20
[ 48.946503][ C0] cpu_startup_entry+0x25/0x30
[ 48.951321][ C0] rest_init+0x29d/0x2b0
[ 48.955536][ C0] arch_call_rest_init+0xe/0x10
[ 48.960360][