Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 36.854200] audit: type=1800 audit(1567346282.885:33): pid=7300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [?25l[?1c7[ ok 8[?25h[?0c. [ 36.889851] audit: type=1800 audit(1567346282.925:34): pid=7300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.837403] audit: type=1400 audit(1567346287.865:35): avc: denied { map } for pid=7473 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.237' (ECDSA) to the list of known hosts. executing program [ 53.842928] audit: type=1400 audit(1567346299.875:36): avc: denied { map } for pid=7485 comm="syz-executor758" path="/root/syz-executor758505045" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.888969] [ 53.890792] ======================================================== [ 53.897428] WARNING: possible irq lock inversion dependency detected [ 53.904029] 4.19.69 #43 Not tainted [ 53.907645] -------------------------------------------------------- [ 53.915140] swapper/0/0 just changed the state of lock: [ 53.920861] 00000000cb9a2048 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 53.930776] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 53.937746] (&fiq->waitq){+.+.} [ 53.937758] [ 53.937758] [ 53.937758] and interrupts could create inverse lock ordering between them. [ 53.937758] [ 53.953301] [ 53.953301] other info that might help us debug this: [ 53.960193] Possible interrupt unsafe locking scenario: [ 53.960193] [ 53.967126] CPU0 CPU1 [ 53.971852] ---- ---- [ 53.976614] lock(&fiq->waitq); [ 53.980064] local_irq_disable(); [ 53.986110] lock(&(&ctx->ctx_lock)->rlock); [ 53.993343] lock(&fiq->waitq); [ 53.999499] [ 54.002385] lock(&(&ctx->ctx_lock)->rlock); [ 54.007384] [ 54.007384] *** DEADLOCK *** [ 54.007384] [ 54.013608] 2 locks held by swapper/0/0: [ 54.017796] #0: 0000000092c3a05f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 54.026725] #1: 000000008bbaeacd (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 54.037095] [ 54.037095] the shortest dependencies between 2nd lock and 1st lock: [ 54.045242] -> (&fiq->waitq){+.+.} ops: 4 { [ 54.049887] HARDIRQ-ON-W at: [ 54.053606] lock_acquire+0x16f/0x3f0 [ 54.059376] _raw_spin_lock+0x2f/0x40 [ 54.065282] flush_bg_queue+0x1f3/0x3d0 [ 54.071321] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.079050] fuse_request_send_background+0x12b/0x180 [ 54.086524] cuse_channel_open+0x5ba/0x830 [ 54.092759] misc_open+0x395/0x4c0 [ 54.098379] chrdev_open+0x245/0x6b0 [ 54.104007] do_dentry_open+0x4c3/0x1210 [ 54.110172] vfs_open+0xa0/0xd0 [ 54.115307] path_openat+0x10d7/0x45e0 [ 54.121157] do_filp_open+0x1a1/0x280 [ 54.126986] do_sys_open+0x3fe/0x550 [ 54.132601] __x64_sys_openat+0x9d/0x100 [ 54.139043] do_syscall_64+0xfd/0x620 [ 54.144816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.152282] SOFTIRQ-ON-W at: [ 54.155914] lock_acquire+0x16f/0x3f0 [ 54.161692] _raw_spin_lock+0x2f/0x40 [ 54.167566] flush_bg_queue+0x1f3/0x3d0 [ 54.173712] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.181534] fuse_request_send_background+0x12b/0x180 [ 54.189248] cuse_channel_open+0x5ba/0x830 [ 54.195607] misc_open+0x395/0x4c0 [ 54.201057] chrdev_open+0x245/0x6b0 [ 54.207201] do_dentry_open+0x4c3/0x1210 [ 54.213584] vfs_open+0xa0/0xd0 [ 54.218873] path_openat+0x10d7/0x45e0 [ 54.224834] do_filp_open+0x1a1/0x280 [ 54.230547] do_sys_open+0x3fe/0x550 [ 54.236440] __x64_sys_openat+0x9d/0x100 [ 54.242622] do_syscall_64+0xfd/0x620 [ 54.248748] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.255847] INITIAL USE at: [ 54.259493] lock_acquire+0x16f/0x3f0 [ 54.265437] _raw_spin_lock+0x2f/0x40 [ 54.271124] flush_bg_queue+0x1f3/0x3d0 [ 54.277935] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.285577] fuse_request_send_background+0x12b/0x180 [ 54.292661] cuse_channel_open+0x5ba/0x830 [ 54.298776] misc_open+0x395/0x4c0 [ 54.304046] chrdev_open+0x245/0x6b0 [ 54.309729] do_dentry_open+0x4c3/0x1210 [ 54.315752] vfs_open+0xa0/0xd0 [ 54.321421] path_openat+0x10d7/0x45e0 [ 54.327489] do_filp_open+0x1a1/0x280 [ 54.333494] do_sys_open+0x3fe/0x550 [ 54.339038] __x64_sys_openat+0x9d/0x100 [ 54.344846] do_syscall_64+0xfd/0x620 [ 54.350736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.357877] } [ 54.359910] ... key at: [] __key.42211+0x0/0x40 [ 54.367148] ... acquired at: [ 54.370658] _raw_spin_lock+0x2f/0x40 [ 54.374973] io_submit_one+0xef2/0x2eb0 [ 54.379529] __x64_sys_io_submit+0x1aa/0x520 [ 54.384337] do_syscall_64+0xfd/0x620 [ 54.388310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.394479] [ 54.396095] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 54.401892] IN-SOFTIRQ-W at: [ 54.405285] lock_acquire+0x16f/0x3f0 [ 54.410942] _raw_spin_lock_irq+0x60/0x80 [ 54.416903] free_ioctx_users+0x2d/0x490 [ 54.422831] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.430336] rcu_process_callbacks+0xba0/0x1a30 [ 54.436650] __do_softirq+0x25c/0x921 [ 54.442092] irq_exit+0x180/0x1d0 [ 54.447184] smp_apic_timer_interrupt+0x13b/0x550 [ 54.453666] apic_timer_interrupt+0xf/0x20 [ 54.459666] native_safe_halt+0xe/0x10 [ 54.465474] arch_cpu_idle+0xa/0x10 [ 54.470770] default_idle_call+0x36/0x90 [ 54.476465] do_idle+0x377/0x560 [ 54.481467] cpu_startup_entry+0xc8/0xe0 [ 54.487429] rest_init+0x219/0x222 [ 54.492807] start_kernel+0x88c/0x8c5 [ 54.498477] x86_64_start_reservations+0x29/0x2b [ 54.505300] x86_64_start_kernel+0x77/0x7b [ 54.511576] secondary_startup_64+0xa4/0xb0 [ 54.517965] INITIAL USE at: [ 54.521269] lock_acquire+0x16f/0x3f0 [ 54.526927] _raw_spin_lock_irq+0x60/0x80 [ 54.532877] io_submit_one+0xead/0x2eb0 [ 54.538662] __x64_sys_io_submit+0x1aa/0x520 [ 54.544925] do_syscall_64+0xfd/0x620 [ 54.550422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.557336] } [ 54.559262] ... key at: [] __key.50211+0x0/0x40 [ 54.566383] ... acquired at: [ 54.569490] mark_lock+0x420/0x1370 [ 54.573462] __lock_acquire+0xc62/0x49c0 [ 54.577692] lock_acquire+0x16f/0x3f0 [ 54.581932] _raw_spin_lock_irq+0x60/0x80 [ 54.586403] free_ioctx_users+0x2d/0x490 [ 54.590630] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.596428] rcu_process_callbacks+0xba0/0x1a30 [ 54.601416] __do_softirq+0x25c/0x921 [ 54.605624] irq_exit+0x180/0x1d0 [ 54.609504] smp_apic_timer_interrupt+0x13b/0x550 [ 54.615691] apic_timer_interrupt+0xf/0x20 [ 54.620350] native_safe_halt+0xe/0x10 [ 54.624755] arch_cpu_idle+0xa/0x10 [ 54.628552] default_idle_call+0x36/0x90 [ 54.633151] do_idle+0x377/0x560 [ 54.637100] cpu_startup_entry+0xc8/0xe0 [ 54.641559] rest_init+0x219/0x222 [ 54.645686] start_kernel+0x88c/0x8c5 [ 54.649962] x86_64_start_reservations+0x29/0x2b [ 54.654885] x86_64_start_kernel+0x77/0x7b [ 54.659404] secondary_startup_64+0xa4/0xb0 [ 54.664172] [ 54.665942] [ 54.665942] stack backtrace: [ 54.670583] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 54.677154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.686811] Call Trace: [ 54.689509] [ 54.691826] dump_stack+0x172/0x1f0 [ 54.695625] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.701314] check_usage_forwards.cold+0x20/0x29 [ 54.706511] ? check_usage_backwards+0x340/0x340 [ 54.711513] ? save_stack_trace+0x1a/0x20 [ 54.715654] ? save_trace+0xe0/0x290 [ 54.719533] mark_lock+0x420/0x1370 [ 54.723277] ? check_usage_backwards+0x340/0x340 [ 54.728146] __lock_acquire+0xc62/0x49c0 [ 54.732610] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.737594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.743057] ? mark_held_locks+0x100/0x100 [ 54.747281] ? mark_held_locks+0x100/0x100 [ 54.751842] ? _raw_spin_unlock_irqrestore+0x95/0xe0 [ 54.757301] lock_acquire+0x16f/0x3f0 [ 54.761100] ? free_ioctx_users+0x2d/0x490 [ 54.765463] _raw_spin_lock_irq+0x60/0x80 [ 54.769604] ? free_ioctx_users+0x2d/0x490 [ 54.773830] free_ioctx_users+0x2d/0x490 [ 54.777969] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.783352] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.788800] ? percpu_ref_exit+0xd0/0xd0 [ 54.792936] rcu_process_callbacks+0xba0/0x1a30 [ 54.797743] ? __rcu_read_unlock+0x170/0x170 [ 54.802604] __do_softirq+0x25c/0x921 [ 54.806483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.812123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.817671] irq_exit+0x180/0x1d0 [ 54.821258] smp_apic_timer_interrupt+0x13b/0x550 [ 54.826096] apic_timer_interrupt+0xf/0x20 [ 54.830520] [ 54.832759] RIP: 0010:native_safe_halt+0xe/0x10 [ 54.837528] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 54.856967] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 54.865020] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 54.872571] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 54.879959] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 54.887423] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 54.894770] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 54.902479] ? default_idle+0x4e/0x320 [ 54.906511] arch_cpu_idle+0xa/0x10 [ 54.910367] default_idle_call+0x36/0x90 [ 54.914427] do_idle+0x377/0x560 [ 54.917898] ? arch_cpu_idle_exit+0x80/0x80 [ 54.922422] ? check_preemption_disabled+0x48/0x290 [ 54.927607] cpu_startup_entry+0xc8/0xe0 [ 54.931902] ? cpu_in_idle+0x20/0x20 [ 54.935726] rest_init+0x219/0x222 [ 54.939487] start_kernel+0x88c/0x8c5 [ 54.943282] ? mem_encrypt_init+0xb/0xb [