Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.298434] audit: type=1800 audit(1566748280.016:33): pid=7355 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.326669] audit: type=1800 audit(1566748280.016:34): pid=7355 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.976887] audit: type=1400 audit(1566748284.696:35): avc: denied { map } for pid=7530 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. executing program [ 52.758928] audit: type=1400 audit(1566748295.476:36): avc: denied { map } for pid=7542 comm="syz-executor713" path="/root/syz-executor713551221" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.795470] [ 52.797147] ======================================================== [ 52.803827] WARNING: possible irq lock inversion dependency detected [ 52.810354] 4.19.68 #42 Not tainted [ 52.814072] -------------------------------------------------------- [ 52.820676] ksoftirqd/1/18 just changed the state of lock: [ 52.826287] 000000007bd5fdd1 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 52.835053] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 52.842237] (&fiq->waitq){+.+.} [ 52.842247] [ 52.842247] [ 52.842247] and interrupts could create inverse lock ordering between them. [ 52.842247] [ 52.857110] [ 52.857110] other info that might help us debug this: [ 52.868233] Possible interrupt unsafe locking scenario: [ 52.868233] [ 52.875155] CPU0 CPU1 [ 52.879814] ---- ---- [ 52.884623] lock(&fiq->waitq); [ 52.895173] local_irq_disable(); [ 52.905991] lock(&(&ctx->ctx_lock)->rlock); [ 52.913016] lock(&fiq->waitq); [ 52.918913] [ 52.921684] lock(&(&ctx->ctx_lock)->rlock); [ 52.927378] [ 52.927378] *** DEADLOCK *** [ 52.927378] [ 52.933448] 2 locks held by ksoftirqd/1/18: [ 52.937749] #0: 00000000691e0668 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 52.946552] #1: 00000000cb01f3ae (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 52.956756] [ 52.956756] the shortest dependencies between 2nd lock and 1st lock: [ 52.964711] -> (&fiq->waitq){+.+.} ops: 4 { [ 52.969215] HARDIRQ-ON-W at: [ 52.972604] lock_acquire+0x16f/0x3f0 [ 52.978229] _raw_spin_lock+0x2f/0x40 [ 52.983858] flush_bg_queue+0x1f3/0x3d0 [ 52.989646] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.997259] fuse_request_send_background+0x12b/0x180 [ 53.004276] cuse_channel_open+0x5ba/0x830 [ 53.010352] misc_open+0x395/0x4c0 [ 53.015712] chrdev_open+0x245/0x6b0 [ 53.021262] do_dentry_open+0x4c3/0x1210 [ 53.027140] vfs_open+0xa0/0xd0 [ 53.032233] path_openat+0x10d7/0x45e0 [ 53.037955] do_filp_open+0x1a1/0x280 [ 53.043570] do_sys_open+0x3fe/0x550 [ 53.049088] __x64_sys_openat+0x9d/0x100 [ 53.054974] do_syscall_64+0xfd/0x620 [ 53.060613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.067608] SOFTIRQ-ON-W at: [ 53.071969] lock_acquire+0x16f/0x3f0 [ 53.077602] _raw_spin_lock+0x2f/0x40 [ 53.083214] flush_bg_queue+0x1f3/0x3d0 [ 53.090104] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.098061] fuse_request_send_background+0x12b/0x180 [ 53.105182] cuse_channel_open+0x5ba/0x830 [ 53.111228] misc_open+0x395/0x4c0 [ 53.116584] chrdev_open+0x245/0x6b0 [ 53.122109] do_dentry_open+0x4c3/0x1210 [ 53.128451] vfs_open+0xa0/0xd0 [ 53.133573] path_openat+0x10d7/0x45e0 [ 53.139279] do_filp_open+0x1a1/0x280 [ 53.144891] do_sys_open+0x3fe/0x550 [ 53.150434] __x64_sys_openat+0x9d/0x100 [ 53.156310] do_syscall_64+0xfd/0x620 [ 53.161963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.169062] INITIAL USE at: [ 53.172423] lock_acquire+0x16f/0x3f0 [ 53.177958] _raw_spin_lock+0x2f/0x40 [ 53.183484] flush_bg_queue+0x1f3/0x3d0 [ 53.189186] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.196716] fuse_request_send_background+0x12b/0x180 [ 53.203723] cuse_channel_open+0x5ba/0x830 [ 53.209686] misc_open+0x395/0x4c0 [ 53.215163] chrdev_open+0x245/0x6b0 [ 53.220613] do_dentry_open+0x4c3/0x1210 [ 53.226470] vfs_open+0xa0/0xd0 [ 53.231486] path_openat+0x10d7/0x45e0 [ 53.237212] do_filp_open+0x1a1/0x280 [ 53.242906] do_sys_open+0x3fe/0x550 [ 53.248451] __x64_sys_openat+0x9d/0x100 [ 53.254239] do_syscall_64+0xfd/0x620 [ 53.259875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.266803] } [ 53.268683] ... key at: [] __key.42211+0x0/0x40 [ 53.275878] ... acquired at: [ 53.279107] _raw_spin_lock+0x2f/0x40 [ 53.283078] io_submit_one+0xef2/0x2eb0 [ 53.287219] __x64_sys_io_submit+0x1aa/0x520 [ 53.292676] do_syscall_64+0xfd/0x620 [ 53.296640] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.301996] [ 53.303697] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 53.309265] IN-SOFTIRQ-W at: [ 53.312624] lock_acquire+0x16f/0x3f0 [ 53.318240] _raw_spin_lock_irq+0x60/0x80 [ 53.324894] free_ioctx_users+0x2d/0x490 [ 53.331800] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.338939] rcu_process_callbacks+0xba0/0x1a30 [ 53.345282] __do_softirq+0x25c/0x921 [ 53.350731] run_ksoftirqd+0x8e/0x110 [ 53.356178] smpboot_thread_fn+0x6a3/0xa30 [ 53.362164] kthread+0x354/0x420 [ 53.367257] ret_from_fork+0x24/0x30 [ 53.372864] INITIAL USE at: [ 53.376068] lock_acquire+0x16f/0x3f0 [ 53.381428] _raw_spin_lock_irq+0x60/0x80 [ 53.387500] io_submit_one+0xead/0x2eb0 [ 53.393141] __x64_sys_io_submit+0x1aa/0x520 [ 53.400247] do_syscall_64+0xfd/0x620 [ 53.405885] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.413417] } [ 53.416602] ... key at: [] __key.50211+0x0/0x40 [ 53.423481] ... acquired at: [ 53.426586] mark_lock+0x420/0x1370 [ 53.430367] __lock_acquire+0xc62/0x49c0 [ 53.434582] lock_acquire+0x16f/0x3f0 [ 53.438544] _raw_spin_lock_irq+0x60/0x80 [ 53.442848] free_ioctx_users+0x2d/0x490 [ 53.447075] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.452682] rcu_process_callbacks+0xba0/0x1a30 [ 53.457538] __do_softirq+0x25c/0x921 [ 53.461523] run_ksoftirqd+0x8e/0x110 [ 53.465510] smpboot_thread_fn+0x6a3/0xa30 [ 53.469929] kthread+0x354/0x420 [ 53.473477] ret_from_fork+0x24/0x30 [ 53.477359] [ 53.478982] [ 53.478982] stack backtrace: [ 53.483468] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.68 #42 [ 53.489961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.499294] Call Trace: [ 53.501901] dump_stack+0x172/0x1f0 [ 53.505537] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 53.510892] check_usage_forwards.cold+0x20/0x29 [ 53.515635] ? check_usage_backwards+0x340/0x340 [ 53.520406] ? save_stack_trace+0x1a/0x20 [ 53.524565] ? save_trace+0xe0/0x290 [ 53.528273] mark_lock+0x420/0x1370 [ 53.531976] ? check_usage_backwards+0x340/0x340 [ 53.536822] __lock_acquire+0xc62/0x49c0 [ 53.540990] ? mark_held_locks+0x100/0x100 [ 53.545217] ? mark_held_locks+0x100/0x100 [ 53.549455] ? __wake_up_common_lock+0xfe/0x190 [ 53.554114] ? mark_held_locks+0x100/0x100 [ 53.558343] ? __wake_up_common_lock+0xfe/0x190 [ 53.563015] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 53.568751] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 53.573332] ? trace_hardirqs_on+0x67/0x220 [ 53.577664] ? kasan_check_read+0x11/0x20 [ 53.581933] lock_acquire+0x16f/0x3f0 [ 53.590784] ? free_ioctx_users+0x2d/0x490 [ 53.595106] _raw_spin_lock_irq+0x60/0x80 [ 53.599252] ? free_ioctx_users+0x2d/0x490 [ 53.603814] free_ioctx_users+0x2d/0x490 [ 53.607915] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 53.613128] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.618845] ? percpu_ref_exit+0xd0/0xd0 [ 53.623370] rcu_process_callbacks+0xba0/0x1a30 [ 53.628046] ? __rcu_read_unlock+0x170/0x170 [ 53.632464] ? sched_clock+0x2e/0x50 [ 53.636187] __do_softirq+0x25c/0x921 [ 53.639995] ? pci_mmcfg_check_reserved+0x170/0x170 [ 53.645029] ? takeover_tasklets+0x7b0/0x7b0 [ 53.649428] run_ksoftirqd+0x8e/0x110 [ 53.653212] smpboot_thread_fn+0x6a3/0xa30 [ 53.657611] ? sort_range+0x30/0x30 [ 53.661333] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x2