[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.329871] kauditd_printk_skb: 9 callbacks suppressed [ 33.329882] audit: type=1400 audit(1566191722.113:35): avc: denied { map } for pid=7002 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts. executing program [ 42.236330] audit: type=1400 audit(1566191731.023:36): avc: denied { map } for pid=7016 comm="syz-executor959" path="/root/syz-executor959835334" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.276191] [ 42.277840] ======================================================== [ 42.284551] WARNING: possible irq lock inversion dependency detected [ 42.291012] 4.19.67 #41 Not tainted [ 42.294605] -------------------------------------------------------- [ 42.301063] swapper/1/0 just changed the state of lock: [ 42.306411] 000000004e157c75 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 42.315161] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 42.321970] (&fiq->waitq){+.+.} [ 42.321978] [ 42.321978] [ 42.321978] and interrupts could create inverse lock ordering between them. [ 42.321978] [ 42.336851] [ 42.336851] other info that might help us debug this: [ 42.343572] Possible interrupt unsafe locking scenario: [ 42.343572] [ 42.350465] CPU0 CPU1 [ 42.355097] ---- ---- [ 42.359728] lock(&fiq->waitq); [ 42.363064] local_irq_disable(); [ 42.369084] lock(&(&ctx->ctx_lock)->rlock); [ 42.376062] lock(&fiq->waitq); [ 42.381919] [ 42.384647] lock(&(&ctx->ctx_lock)->rlock); [ 42.389287] [ 42.389287] *** DEADLOCK *** [ 42.389287] [ 42.395315] 2 locks held by swapper/1/0: [ 42.399343] #0: 0000000098082c48 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 42.408390] #1: 0000000087e9a57a (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 42.418513] [ 42.418513] the shortest dependencies between 2nd lock and 1st lock: [ 42.426579] -> (&fiq->waitq){+.+.} ops: 4 { [ 42.430962] HARDIRQ-ON-W at: [ 42.434309] lock_acquire+0x16f/0x3f0 [ 42.439903] _raw_spin_lock+0x2f/0x40 [ 42.445496] flush_bg_queue+0x1f3/0x3d0 [ 42.451263] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.458937] fuse_request_send_background+0x12b/0x180 [ 42.465919] cuse_channel_open+0x5ba/0x830 [ 42.471945] misc_open+0x395/0x4c0 [ 42.477276] chrdev_open+0x245/0x6b0 [ 42.482790] do_dentry_open+0x4c3/0x1210 [ 42.488649] vfs_open+0xa0/0xd0 [ 42.493725] path_openat+0x10d7/0x45e0 [ 42.499404] do_filp_open+0x1a1/0x280 [ 42.504994] do_sys_open+0x3fe/0x550 [ 42.510497] __x64_sys_openat+0x9d/0x100 [ 42.516350] do_syscall_64+0xfd/0x620 [ 42.521946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.528923] SOFTIRQ-ON-W at: [ 42.532259] lock_acquire+0x16f/0x3f0 [ 42.537850] _raw_spin_lock+0x2f/0x40 [ 42.543447] flush_bg_queue+0x1f3/0x3d0 [ 42.549212] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.556803] fuse_request_send_background+0x12b/0x180 [ 42.563787] cuse_channel_open+0x5ba/0x830 [ 42.569814] misc_open+0x395/0x4c0 [ 42.575144] chrdev_open+0x245/0x6b0 [ 42.580650] do_dentry_open+0x4c3/0x1210 [ 42.586500] vfs_open+0xa0/0xd0 [ 42.591573] path_openat+0x10d7/0x45e0 [ 42.597251] do_filp_open+0x1a1/0x280 [ 42.602843] do_sys_open+0x3fe/0x550 [ 42.608349] __x64_sys_openat+0x9d/0x100 [ 42.614203] do_syscall_64+0xfd/0x620 [ 42.619796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.626776] INITIAL USE at: [ 42.630030] lock_acquire+0x16f/0x3f0 [ 42.635538] _raw_spin_lock+0x2f/0x40 [ 42.641046] flush_bg_queue+0x1f3/0x3d0 [ 42.646725] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.654227] fuse_request_send_background+0x12b/0x180 [ 42.661125] cuse_channel_open+0x5ba/0x830 [ 42.667067] misc_open+0x395/0x4c0 [ 42.672314] chrdev_open+0x245/0x6b0 [ 42.677737] do_dentry_open+0x4c3/0x1210 [ 42.683503] vfs_open+0xa0/0xd0 [ 42.688491] path_openat+0x10d7/0x45e0 [ 42.694085] do_filp_open+0x1a1/0x280 [ 42.699691] do_sys_open+0x3fe/0x550 [ 42.705126] __x64_sys_openat+0x9d/0x100 [ 42.710891] do_syscall_64+0xfd/0x620 [ 42.716395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.723288] } [ 42.725153] ... key at: [] __key.42212+0x0/0x40 [ 42.731958] ... acquired at: [ 42.735120] _raw_spin_lock+0x2f/0x40 [ 42.739067] io_submit_one+0xef2/0x2eb0 [ 42.743181] __x64_sys_io_submit+0x1aa/0x520 [ 42.747733] do_syscall_64+0xfd/0x620 [ 42.751677] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.757005] [ 42.758604] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 42.764031] IN-SOFTIRQ-W at: [ 42.767283] lock_acquire+0x16f/0x3f0 [ 42.772705] _raw_spin_lock_irq+0x60/0x80 [ 42.778473] free_ioctx_users+0x2d/0x490 [ 42.784156] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 42.791236] rcu_process_callbacks+0xba0/0x1a30 [ 42.797541] __do_softirq+0x25c/0x921 [ 42.802965] irq_exit+0x180/0x1d0 [ 42.808057] smp_apic_timer_interrupt+0x13b/0x550 [ 42.814521] apic_timer_interrupt+0xf/0x20 [ 42.820379] native_safe_halt+0xe/0x10 [ 42.825983] arch_cpu_idle+0xa/0x10 [ 42.831232] default_idle_call+0x36/0x90 [ 42.836916] do_idle+0x377/0x560 [ 42.841915] cpu_startup_entry+0xc8/0xe0 [ 42.847598] start_secondary+0x3e8/0x5b0 [ 42.853282] secondary_startup_64+0xa4/0xb0 [ 42.859220] INITIAL USE at: [ 42.862385] lock_acquire+0x16f/0x3f0 [ 42.867804] _raw_spin_lock_irq+0x60/0x80 [ 42.873495] io_submit_one+0xead/0x2eb0 [ 42.879006] __x64_sys_io_submit+0x1aa/0x520 [ 42.884948] do_syscall_64+0xfd/0x620 [ 42.890280] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.897106] } [ 42.898892] ... key at: [] __key.50212+0x0/0x40 [ 42.905616] ... acquired at: [ 42.908692] mark_lock+0x420/0x1370 [ 42.912461] __lock_acquire+0xc62/0x49c0 [ 42.916778] lock_acquire+0x16f/0x3f0 [ 42.920724] _raw_spin_lock_irq+0x60/0x80 [ 42.925017] free_ioctx_users+0x2d/0x490 [ 42.929222] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 42.935036] rcu_process_callbacks+0xba0/0x1a30 [ 42.939848] __do_softirq+0x25c/0x921 [ 42.943789] irq_exit+0x180/0x1d0 [ 42.947513] smp_apic_timer_interrupt+0x13b/0x550 [ 42.952509] apic_timer_interrupt+0xf/0x20 [ 42.956890] native_safe_halt+0xe/0x10 [ 42.960921] arch_cpu_idle+0xa/0x10 [ 42.964695] default_idle_call+0x36/0x90 [ 42.968902] do_idle+0x377/0x560 [ 42.972431] cpu_startup_entry+0xc8/0xe0 [ 42.976636] start_secondary+0x3e8/0x5b0 [ 42.980842] secondary_startup_64+0xa4/0xb0 [ 42.985302] [ 42.986901] [ 42.986901] stack backtrace: [ 42.991373] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.67 #41 [ 42.997572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.006894] Call Trace: [ 43.009453] [ 43.011578] dump_stack+0x172/0x1f0 [ 43.015180] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 43.020519] check_usage_forwards.cold+0x20/0x29 [ 43.025246] ? check_usage_backwards+0x340/0x340 [ 43.029975] ? save_stack_trace+0x1a/0x20 [ 43.034094] ? save_trace+0xe0/0x290 [ 43.037781] mark_lock+0x420/0x1370 [ 43.041383] ? check_usage_backwards+0x340/0x340 [ 43.046111] __lock_acquire+0xc62/0x49c0 [ 43.050144] ? mark_held_locks+0x100/0x100 [ 43.054369] ? mark_held_locks+0x100/0x100 [ 43.058574] ? __wake_up_common_lock+0xfe/0x190 [ 43.063216] ? mark_held_locks+0x100/0x100 [ 43.067422] ? __wake_up_common_lock+0xfe/0x190 [ 43.072062] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 43.077138] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 43.081693] ? trace_hardirqs_on+0x67/0x220 [ 43.085989] ? kasan_check_read+0x11/0x20 [ 43.090110] lock_acquire+0x16f/0x3f0 [ 43.093885] ? free_ioctx_users+0x2d/0x490 [ 43.098095] _raw_spin_lock_irq+0x60/0x80 [ 43.102217] ? free_ioctx_users+0x2d/0x490 [ 43.106427] free_ioctx_users+0x2d/0x490 [ 43.110471] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 43.115700] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.121123] ? percpu_ref_exit+0xd0/0xd0 [ 43.125158] rcu_process_callbacks+0xba0/0x1a30 [ 43.129800] ? __rcu_read_unlock+0x170/0x170 [ 43.134180] ? sched_clock+0x2e/0x50 [ 43.137868] __do_softirq+0x25c/0x921 [ 43.141645] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.147155] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.152668] irq_exit+0x180/0x1d0 [ 43.156113] smp_apic_timer_interrupt+0x13b/0x550 [ 43.160926] apic_timer_interrupt+0xf/0x20 [ 43.165126] [ 43.167339] RIP: 0010:native_safe_halt+0xe/0x10 [ 43.171981] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 43.190854] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 43.198536] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 43.205783] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 43.213029] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 43.220274] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 43.227519] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 43.234893] ? default_idle+0x4e/0x320 [ 43.238755] arch_cpu_id