[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.573299] audit: type=1800 audit(1569694353.547:33): pid=7277 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 36.594625] audit: type=1800 audit(1569694353.547:34): pid=7277 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 42.381026] audit: type=1400 audit(1569694359.357:35): avc: denied { map } for pid=7452 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. executing program [ 48.801470] audit: type=1400 audit(1569694365.777:36): avc: denied { map } for pid=7464 comm="syz-executor488" path="/root/syz-executor488453318" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.830783] [ 48.832426] ======================================================== [ 48.838894] WARNING: possible irq lock inversion dependency detected [ 48.845489] 4.19.75 #0 Not tainted [ 48.849042] -------------------------------------------------------- [ 48.855510] ksoftirqd/1/18 just changed the state of lock: [ 48.862153] 0000000068a89c10 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.870900] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.877717] (&fiq->waitq){+.+.} [ 48.877726] [ 48.877726] [ 48.877726] and interrupts could create inverse lock ordering between them. [ 48.877726] [ 48.892582] [ 48.892582] other info that might help us debug this: [ 48.899223] Possible interrupt unsafe locking scenario: [ 48.899223] [ 48.906385] CPU0 CPU1 [ 48.911026] ---- ---- [ 48.915675] lock(&fiq->waitq); [ 48.919027] local_irq_disable(); [ 48.925066] lock(&(&ctx->ctx_lock)->rlock); [ 48.932065] lock(&fiq->waitq); [ 48.937926] [ 48.940654] lock(&(&ctx->ctx_lock)->rlock); [ 48.945301] [ 48.945301] *** DEADLOCK *** [ 48.945301] [ 48.951359] 2 locks held by ksoftirqd/1/18: [ 48.955654] #0: 0000000038734ca5 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.964416] #1: 000000007e86cad4 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.974548] [ 48.974548] the shortest dependencies between 2nd lock and 1st lock: [ 48.982547] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.986945] HARDIRQ-ON-W at: [ 48.990302] lock_acquire+0x16f/0x3f0 [ 48.995916] _raw_spin_lock+0x2f/0x40 [ 49.001523] flush_bg_queue+0x1f3/0x3d0 [ 49.007337] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.014942] fuse_request_send_background+0x12b/0x180 [ 49.021933] cuse_channel_open+0x5ba/0x830 [ 49.027970] misc_open+0x395/0x4c0 [ 49.033314] chrdev_open+0x245/0x6b0 [ 49.038828] do_dentry_open+0x4c3/0x1210 [ 49.044693] vfs_open+0xa0/0xd0 [ 49.049775] path_openat+0x10d7/0x45e0 [ 49.055461] do_filp_open+0x1a1/0x280 [ 49.061061] do_sys_open+0x3fe/0x550 [ 49.066575] __x64_sys_openat+0x9d/0x100 [ 49.072436] do_syscall_64+0xfd/0x620 [ 49.078038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.085027] SOFTIRQ-ON-W at: [ 49.088374] lock_acquire+0x16f/0x3f0 [ 49.093975] _raw_spin_lock+0x2f/0x40 [ 49.099576] flush_bg_queue+0x1f3/0x3d0 [ 49.105363] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.112961] fuse_request_send_background+0x12b/0x180 [ 49.119962] cuse_channel_open+0x5ba/0x830 [ 49.125998] misc_open+0x395/0x4c0 [ 49.131339] chrdev_open+0x245/0x6b0 [ 49.136855] do_dentry_open+0x4c3/0x1210 [ 49.142731] vfs_open+0xa0/0xd0 [ 49.147826] path_openat+0x10d7/0x45e0 [ 49.153517] do_filp_open+0x1a1/0x280 [ 49.159127] do_sys_open+0x3fe/0x550 [ 49.164656] __x64_sys_openat+0x9d/0x100 [ 49.170528] do_syscall_64+0xfd/0x620 [ 49.176149] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.183180] INITIAL USE at: [ 49.186449] lock_acquire+0x16f/0x3f0 [ 49.191970] _raw_spin_lock+0x2f/0x40 [ 49.197490] flush_bg_queue+0x1f3/0x3d0 [ 49.203183] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.212533] fuse_request_send_background+0x12b/0x180 [ 49.219489] cuse_channel_open+0x5ba/0x830 [ 49.225449] misc_open+0x395/0x4c0 [ 49.230855] chrdev_open+0x245/0x6b0 [ 49.236292] do_dentry_open+0x4c3/0x1210 [ 49.242077] vfs_open+0xa0/0xd0 [ 49.247076] path_openat+0x10d7/0x45e0 [ 49.252695] do_filp_open+0x1a1/0x280 [ 49.258209] do_sys_open+0x3fe/0x550 [ 49.263645] __x64_sys_openat+0x9d/0x100 [ 49.269422] do_syscall_64+0xfd/0x620 [ 49.274940] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.281840] } [ 49.283711] ... key at: [] __key.42217+0x0/0x40 [ 49.290522] ... acquired at: [ 49.293694] _raw_spin_lock+0x2f/0x40 [ 49.297644] io_submit_one+0xef2/0x2eb0 [ 49.301769] __x64_sys_io_submit+0x1aa/0x520 [ 49.306329] do_syscall_64+0xfd/0x620 [ 49.310283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.315630] [ 49.317233] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 49.322672] IN-SOFTIRQ-W at: [ 49.325934] lock_acquire+0x16f/0x3f0 [ 49.331362] _raw_spin_lock_irq+0x60/0x80 [ 49.337139] free_ioctx_users+0x2d/0x490 [ 49.342829] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.349908] rcu_process_callbacks+0xba0/0x1a30 [ 49.356210] __do_softirq+0x25c/0x921 [ 49.361660] run_ksoftirqd+0x8e/0x110 [ 49.367089] smpboot_thread_fn+0x6a3/0xa30 [ 49.372950] kthread+0x354/0x420 [ 49.378205] ret_from_fork+0x24/0x30 [ 49.383543] INITIAL USE at: [ 49.386713] lock_acquire+0x16f/0x3f0 [ 49.392054] _raw_spin_lock_irq+0x60/0x80 [ 49.397747] io_submit_one+0xead/0x2eb0 [ 49.403262] __x64_sys_io_submit+0x1aa/0x520 [ 49.409214] do_syscall_64+0xfd/0x620 [ 49.414557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.421290] } [ 49.423073] ... key at: [] __key.50217+0x0/0x40 [ 49.429811] ... acquired at: [ 49.432892] mark_lock+0x420/0x1370 [ 49.436670] __lock_acquire+0xc62/0x49c0 [ 49.440881] lock_acquire+0x16f/0x3f0 [ 49.444834] _raw_spin_lock_irq+0x60/0x80 [ 49.449131] free_ioctx_users+0x2d/0x490 [ 49.453356] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.458957] rcu_process_callbacks+0xba0/0x1a30 [ 49.463783] __do_softirq+0x25c/0x921 [ 49.467735] run_ksoftirqd+0x8e/0x110 [ 49.471789] smpboot_thread_fn+0x6a3/0xa30 [ 49.476178] kthread+0x354/0x420 [ 49.479698] ret_from_fork+0x24/0x30 [ 49.483559] [ 49.485163] [ 49.485163] stack backtrace: [ 49.489649] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.75 #0 [ 49.496030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.505360] Call Trace: [ 49.507930] dump_stack+0x172/0x1f0 [ 49.511542] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.516894] check_usage_forwards.cold+0x20/0x29 [ 49.521631] ? check_usage_backwards+0x340/0x340 [ 49.526380] ? save_stack_trace+0x1a/0x20 [ 49.530511] ? save_trace+0xe0/0x290 [ 49.534213] mark_lock+0x420/0x1370 [ 49.537820] ? check_usage_backwards+0x340/0x340 [ 49.542553] __lock_acquire+0xc62/0x49c0 [ 49.546590] ? mark_held_locks+0x100/0x100 [ 49.550813] ? mark_held_locks+0x100/0x100 [ 49.555026] ? __wake_up_common_lock+0xfe/0x190 [ 49.559684] ? mark_held_locks+0x100/0x100 [ 49.563900] ? __wake_up_common_lock+0xfe/0x190 [ 49.568579] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.573668] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 49.578243] ? trace_hardirqs_on+0x67/0x220 [ 49.582545] ? kasan_check_read+0x11/0x20 [ 49.586676] lock_acquire+0x16f/0x3f0 [ 49.590469] ? free_ioctx_users+0x2d/0x490 [ 49.594684] _raw_spin_lock_irq+0x60/0x80 [ 49.598811] ? free_ioctx_users+0x2d/0x490 [ 49.603026] free_ioctx_users+0x2d/0x490 [ 49.607081] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 49.612253] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.617682] ? percpu_ref_exit+0xd0/0xd0 [ 49.621727] rcu_process_callbacks+0xba0/0x1a30 [ 49.626376] ? __rcu_read_unlock+0x170/0x170 [ 49.630772] ? sched_clock+0x2e/0x50 [ 49.634466] __do_softirq+0x25c/0x921 [ 49.638244] ? pci_mmcfg_check_reserved+0x170/0x170 [ 49.643241] ? takeover_tasklets+0x7b0/0x7b0 [ 49.647637] run_ksoftirqd+0x8e/0x110 [ 49.651417] smpboot_thread_fn+0x6a3/0xa30