Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c[ 38.969008] audit: type=1800 audit(1569045113.455:33): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 . [ 38.992591] audit: type=1800 audit(1569045113.455:34): pid=7402 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.181929] audit: type=1400 audit(1569045118.665:35): avc: denied { map } for pid=7577 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program [ 50.771039] audit: type=1400 audit(1569045125.255:36): avc: denied { map } for pid=7589 comm="syz-executor536" path="/root/syz-executor536777398" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.804228] [ 50.805883] ======================================================== [ 50.812693] WARNING: possible irq lock inversion dependency detected [ 50.820691] 4.19.74 #0 Not tainted [ 50.824356] -------------------------------------------------------- [ 50.831403] swapper/0/0 just changed the state of lock: [ 50.841831] 00000000c05ed7ec (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 50.851221] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 50.859404] (&fiq->waitq){+.+.} [ 50.859415] [ 50.859415] [ 50.859415] and interrupts could create inverse lock ordering between them. [ 50.859415] [ 50.875390] [ 50.875390] other info that might help us debug this: [ 50.886841] Possible interrupt unsafe locking scenario: [ 50.886841] [ 50.894158] CPU0 CPU1 [ 50.903973] ---- ---- [ 50.910470] lock(&fiq->waitq); [ 50.913961] local_irq_disable(); [ 50.920559] lock(&(&ctx->ctx_lock)->rlock); [ 50.928685] lock(&fiq->waitq); [ 50.934935] [ 50.937691] lock(&(&ctx->ctx_lock)->rlock); [ 50.942592] [ 50.942592] *** DEADLOCK *** [ 50.942592] [ 50.948645] 2 locks held by swapper/0/0: [ 50.952682] #0: 00000000c46e46a6 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 50.966407] #1: 0000000020a5a17c (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 50.978336] [ 50.978336] the shortest dependencies between 2nd lock and 1st lock: [ 50.987602] -> (&fiq->waitq){+.+.} ops: 4 { [ 50.992019] HARDIRQ-ON-W at: [ 50.997237] lock_acquire+0x16f/0x3f0 [ 51.003229] _raw_spin_lock+0x2f/0x40 [ 51.009112] flush_bg_queue+0x1f3/0x3d0 [ 51.017436] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.025785] fuse_request_send_background+0x12b/0x180 [ 51.032984] cuse_channel_open+0x5ba/0x830 [ 51.039201] misc_open+0x395/0x4c0 [ 51.044637] chrdev_open+0x245/0x6b0 [ 51.050276] do_dentry_open+0x4c3/0x1210 [ 51.056201] vfs_open+0xa0/0xd0 [ 51.061397] path_openat+0x10d7/0x45e0 [ 51.067151] do_filp_open+0x1a1/0x280 [ 51.074378] do_sys_open+0x3fe/0x550 [ 51.084959] __x64_sys_openat+0x9d/0x100 [ 51.092355] do_syscall_64+0xfd/0x620 [ 51.097988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.106272] SOFTIRQ-ON-W at: [ 51.109657] lock_acquire+0x16f/0x3f0 [ 51.115983] _raw_spin_lock+0x2f/0x40 [ 51.123894] flush_bg_queue+0x1f3/0x3d0 [ 51.129794] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.137618] fuse_request_send_background+0x12b/0x180 [ 51.144810] cuse_channel_open+0x5ba/0x830 [ 51.151132] misc_open+0x395/0x4c0 [ 51.157037] chrdev_open+0x245/0x6b0 [ 51.162747] do_dentry_open+0x4c3/0x1210 [ 51.168968] vfs_open+0xa0/0xd0 [ 51.176789] path_openat+0x10d7/0x45e0 [ 51.183875] do_filp_open+0x1a1/0x280 [ 51.190604] do_sys_open+0x3fe/0x550 [ 51.201722] __x64_sys_openat+0x9d/0x100 [ 51.207601] do_syscall_64+0xfd/0x620 [ 51.214351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.221354] INITIAL USE at: [ 51.224644] lock_acquire+0x16f/0x3f0 [ 51.230164] _raw_spin_lock+0x2f/0x40 [ 51.235694] flush_bg_queue+0x1f3/0x3d0 [ 51.245572] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.261147] fuse_request_send_background+0x12b/0x180 [ 51.270280] cuse_channel_open+0x5ba/0x830 [ 51.276786] misc_open+0x395/0x4c0 [ 51.282698] chrdev_open+0x245/0x6b0 [ 51.288313] do_dentry_open+0x4c3/0x1210 [ 51.294129] vfs_open+0xa0/0xd0 [ 51.300449] path_openat+0x10d7/0x45e0 [ 51.306179] do_filp_open+0x1a1/0x280 [ 51.311716] do_sys_open+0x3fe/0x550 [ 51.317154] __x64_sys_openat+0x9d/0x100 [ 51.323033] do_syscall_64+0xfd/0x620 [ 51.328573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.336033] } [ 51.337920] ... key at: [] __key.42213+0x0/0x40 [ 51.344735] ... acquired at: [ 51.347926] _raw_spin_lock+0x2f/0x40 [ 51.351883] io_submit_one+0xef2/0x2eb0 [ 51.356027] __x64_sys_io_submit+0x1aa/0x520 [ 51.360618] do_syscall_64+0xfd/0x620 [ 51.365023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.370369] [ 51.371980] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 51.377890] IN-SOFTIRQ-W at: [ 51.381158] lock_acquire+0x16f/0x3f0 [ 51.386690] _raw_spin_lock_irq+0x60/0x80 [ 51.392934] free_ioctx_users+0x2d/0x490 [ 51.399375] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 51.406754] rcu_process_callbacks+0xba0/0x1a30 [ 51.415701] __do_softirq+0x25c/0x921 [ 51.421154] irq_exit+0x180/0x1d0 [ 51.426242] smp_apic_timer_interrupt+0x13b/0x550 [ 51.432805] apic_timer_interrupt+0xf/0x20 [ 51.438681] native_safe_halt+0xe/0x10 [ 51.445176] arch_cpu_idle+0xa/0x10 [ 51.450533] default_idle_call+0x36/0x90 [ 51.456403] do_idle+0x377/0x560 [ 51.461414] cpu_startup_entry+0xc8/0xe0 [ 51.467650] rest_init+0x219/0x222 [ 51.472855] start_kernel+0x88c/0x8c5 [ 51.479130] x86_64_start_reservations+0x29/0x2b [ 51.487539] x86_64_start_kernel+0x77/0x7b [ 51.493426] secondary_startup_64+0xa4/0xb0 [ 51.504159] INITIAL USE at: [ 51.507362] lock_acquire+0x16f/0x3f0 [ 51.513004] _raw_spin_lock_irq+0x60/0x80 [ 51.518706] io_submit_one+0xead/0x2eb0 [ 51.524238] __x64_sys_io_submit+0x1aa/0x520 [ 51.530279] do_syscall_64+0xfd/0x620 [ 51.538329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.545355] } [ 51.547315] ... key at: [] __key.50213+0x0/0x40 [ 51.554048] ... acquired at: [ 51.557146] mark_lock+0x420/0x1370 [ 51.560929] __lock_acquire+0xc62/0x49c0 [ 51.565321] lock_acquire+0x16f/0x3f0 [ 51.569524] _raw_spin_lock_irq+0x60/0x80 [ 51.575172] free_ioctx_users+0x2d/0x490 [ 51.579674] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 51.586102] rcu_process_callbacks+0xba0/0x1a30 [ 51.591222] __do_softirq+0x25c/0x921 [ 51.595300] irq_exit+0x180/0x1d0 [ 51.600254] smp_apic_timer_interrupt+0x13b/0x550 [ 51.606956] apic_timer_interrupt+0xf/0x20 [ 51.612279] native_safe_halt+0xe/0x10 [ 51.616512] arch_cpu_idle+0xa/0x10 [ 51.620309] default_idle_call+0x36/0x90 [ 51.625611] do_idle+0x377/0x560 [ 51.629159] cpu_startup_entry+0xc8/0xe0 [ 51.633405] rest_init+0x219/0x222 [ 51.637195] start_kernel+0x88c/0x8c5 [ 51.641178] x86_64_start_reservations+0x29/0x2b [ 51.646284] x86_64_start_kernel+0x77/0x7b [ 51.650695] secondary_startup_64+0xa4/0xb0 [ 51.655259] [ 51.658443] [ 51.658443] stack backtrace: [ 51.663370] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.74 #0 [ 51.669889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.679246] Call Trace: [ 51.681849] [ 51.684178] dump_stack+0x172/0x1f0 [ 51.688828] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 51.694178] check_usage_forwards.cold+0x20/0x29 [ 51.699179] ? check_usage_backwards+0x340/0x340 [ 51.704436] ? save_stack_trace+0x1a/0x20 [ 51.708934] ? save_trace+0xe0/0x290 [ 51.712649] mark_lock+0x420/0x1370 [ 51.716264] ? check_usage_backwards+0x340/0x340 [ 51.721023] __lock_acquire+0xc62/0x49c0 [ 51.725074] ? mark_held_locks+0x100/0x100 [ 51.729401] ? mark_held_locks+0x100/0x100 [ 51.734331] ? __wake_up_common_lock+0xfe/0x190 [ 51.743605] ? mark_held_locks+0x100/0x100 [ 51.749086] ? __wake_up_common_lock+0xfe/0x190 [ 51.753778] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 51.759036] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 51.764175] ? trace_hardirqs_on+0x67/0x220 [ 51.770494] ? kasan_check_read+0x11/0x20 [ 51.775442] lock_acquire+0x16f/0x3f0 [ 51.779414] ? free_ioctx_users+0x2d/0x490 [ 51.788432] _raw_spin_lock_irq+0x60/0x80 [ 51.793969] ? free_ioctx_users+0x2d/0x490 [ 51.798191] free_ioctx_users+0x2d/0x490 [ 51.802626] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 51.808525] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 51.814088] ? percpu_ref_exit+0xd0/0xd0 [ 51.818331] rcu_process_callbacks+0xba0/0x1a30 [ 51.823501] ? __rcu_read_unlock+0x170/0x170 [ 51.829515] __do_softirq+0x25c/0x921 [ 51.834103] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.839899] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.847454] irq_exit+0x180/0x1d0 [ 51.850986] smp_apic_timer_interrupt+0x13b/0x550 [ 51.857022] apic_timer_interrupt+0xf/0x20 [ 51.861280] [ 51.863512] RIP: 0010:native_safe_halt+0xe/0x10 [ 51.868527] Code: ff ff 48 89 df e8 72 db ad fa eb 82 e9 07 00 00 00 0f 00 2d 94 c0 53 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 84 c0 53 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e be 65 fa e8 89 [ 51.888374] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 51.896323] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 51.903586] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 51.911109] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 51.918360] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 51.925992] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 51.933270] ? default_idle+0x4e/0x320 [ 51.937146] arch_cpu_idle+0xa/0x10 [ 51.940757] default_idle_call+0x36/0x90 [ 51.944818] do_idle+0x377/0x560 [ 51.948184] ? arch_cpu_idle_exit+0x80/0x80 [ 51.952623] ? check_preemption_disabled+0x48/0x290 [ 51.957641] cpu_startup_entry+0xc8/0xe0 [ 51.961686] ? cpu_in_idle+0x20/0x20 [ 51.965389] rest_init+0x219/0x222 [ 51.968926] start_kernel+0x88c/0x8c5 [ 51.972707] ? mem_encrypt_init+0xb/0xb [ 51