[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 35.313672] audit: type=1800 audit(1566080355.405:33): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [?25l[?1c7[1[ 35.335004] audit: type=1800 audit(1566080355.415:34): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 G[ ok 8[?25h[?0c. [ 35.859762] audit: type=1400 audit(1566080355.955:35): avc: denied { map } for pid=7397 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.293322] audit: type=1400 audit(1566080362.385:36): avc: denied { map } for pid=7411 comm="syz-executor947" path="/root/syz-executor947131200" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.335665] [ 42.337304] ======================================================== [ 42.343771] WARNING: possible irq lock inversion dependency detected [ 42.350251] 4.19.67 #41 Not tainted [ 42.353852] -------------------------------------------------------- [ 42.360323] swapper/0/0 just changed the state of lock: [ 42.365658] 000000007c09dcda (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 42.374398] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 42.381246] (&fiq->waitq){+.+.} [ 42.381257] [ 42.381257] [ 42.381257] and interrupts could create inverse lock ordering between them. [ 42.381257] [ 42.396126] [ 42.396126] other info that might help us debug this: [ 42.402770] Possible interrupt unsafe locking scenario: [ 42.402770] [ 42.409698] CPU0 CPU1 [ 42.414341] ---- ---- [ 42.419013] lock(&fiq->waitq); [ 42.422389] local_irq_disable(); [ 42.428421] lock(&(&ctx->ctx_lock)->rlock); [ 42.435408] lock(&fiq->waitq); [ 42.441267] [ 42.443994] lock(&(&ctx->ctx_lock)->rlock); [ 42.448638] [ 42.448638] *** DEADLOCK *** [ 42.448638] [ 42.454674] 2 locks held by swapper/0/0: [ 42.458705] #0: 00000000894797fb (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 42.467459] #1: 00000000f9a87079 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 42.477583] [ 42.477583] the shortest dependencies between 2nd lock and 1st lock: [ 42.485533] -> (&fiq->waitq){+.+.} ops: 4 { [ 42.489934] HARDIRQ-ON-W at: [ 42.493280] lock_acquire+0x16f/0x3f0 [ 42.498881] _raw_spin_lock+0x2f/0x40 [ 42.504484] flush_bg_queue+0x1f3/0x3d0 [ 42.510260] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.517867] fuse_request_send_background+0x12b/0x180 [ 42.524866] cuse_channel_open+0x5ba/0x830 [ 42.530900] misc_open+0x395/0x4c0 [ 42.536245] chrdev_open+0x245/0x6b0 [ 42.541760] do_dentry_open+0x4c3/0x1210 [ 42.547622] vfs_open+0xa0/0xd0 [ 42.552703] path_openat+0x10d7/0x45e0 [ 42.558392] do_filp_open+0x1a1/0x280 [ 42.563993] do_sys_open+0x3fe/0x550 [ 42.569506] __x64_sys_openat+0x9d/0x100 [ 42.575365] do_syscall_64+0xfd/0x620 [ 42.580964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.587947] SOFTIRQ-ON-W at: [ 42.591289] lock_acquire+0x16f/0x3f0 [ 42.596886] _raw_spin_lock+0x2f/0x40 [ 42.602484] flush_bg_queue+0x1f3/0x3d0 [ 42.608257] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.615853] fuse_request_send_background+0x12b/0x180 [ 42.622840] cuse_channel_open+0x5ba/0x830 [ 42.628875] misc_open+0x395/0x4c0 [ 42.634217] chrdev_open+0x245/0x6b0 [ 42.639730] do_dentry_open+0x4c3/0x1210 [ 42.645614] vfs_open+0xa0/0xd0 [ 42.650695] path_openat+0x10d7/0x45e0 [ 42.656384] do_filp_open+0x1a1/0x280 [ 42.661982] do_sys_open+0x3fe/0x550 [ 42.667497] __x64_sys_openat+0x9d/0x100 [ 42.673357] do_syscall_64+0xfd/0x620 [ 42.678959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.685945] INITIAL USE at: [ 42.689200] lock_acquire+0x16f/0x3f0 [ 42.694713] _raw_spin_lock+0x2f/0x40 [ 42.700226] flush_bg_queue+0x1f3/0x3d0 [ 42.705934] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.713443] fuse_request_send_background+0x12b/0x180 [ 42.720341] cuse_channel_open+0x5ba/0x830 [ 42.726294] misc_open+0x395/0x4c0 [ 42.731561] chrdev_open+0x245/0x6b0 [ 42.736989] do_dentry_open+0x4c3/0x1210 [ 42.742761] vfs_open+0xa0/0xd0 [ 42.747753] path_openat+0x10d7/0x45e0 [ 42.753355] do_filp_open+0x1a1/0x280 [ 42.758868] do_sys_open+0x3fe/0x550 [ 42.764291] __x64_sys_openat+0x9d/0x100 [ 42.770067] do_syscall_64+0xfd/0x620 [ 42.775579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.782476] } [ 42.784347] ... key at: [] __key.42212+0x0/0x40 [ 42.791157] ... acquired at: [ 42.794323] _raw_spin_lock+0x2f/0x40 [ 42.798269] io_submit_one+0xef2/0x2eb0 [ 42.802391] __x64_sys_io_submit+0x1aa/0x520 [ 42.806945] do_syscall_64+0xfd/0x620 [ 42.810894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.816226] [ 42.817832] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 42.823272] IN-SOFTIRQ-W at: [ 42.826541] lock_acquire+0x16f/0x3f0 [ 42.831965] _raw_spin_lock_irq+0x60/0x80 [ 42.837739] free_ioctx_users+0x2d/0x490 [ 42.843428] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 42.850590] rcu_process_callbacks+0xba0/0x1a30 [ 42.856883] __do_softirq+0x25c/0x921 [ 42.862307] irq_exit+0x180/0x1d0 [ 42.867386] smp_apic_timer_interrupt+0x13b/0x550 [ 42.873855] apic_timer_interrupt+0xf/0x20 [ 42.879718] native_safe_halt+0xe/0x10 [ 42.885232] arch_cpu_idle+0xa/0x10 [ 42.890485] default_idle_call+0x36/0x90 [ 42.896169] do_idle+0x377/0x560 [ 42.901162] cpu_startup_entry+0xc8/0xe0 [ 42.906864] rest_init+0x219/0x222 [ 42.912031] start_kernel+0x88c/0x8c5 [ 42.917465] x86_64_start_reservations+0x29/0x2b [ 42.923849] x86_64_start_kernel+0x77/0x7b [ 42.929714] secondary_startup_64+0xa4/0xb0 [ 42.935662] INITIAL USE at: [ 42.938844] lock_acquire+0x16f/0x3f0 [ 42.944283] _raw_spin_lock_irq+0x60/0x80 [ 42.949969] io_submit_one+0xead/0x2eb0 [ 42.955484] __x64_sys_io_submit+0x1aa/0x520 [ 42.961443] do_syscall_64+0xfd/0x620 [ 42.966783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.973517] } [ 42.975297] ... key at: [] __key.50212+0x0/0x40 [ 42.982019] ... acquired at: [ 42.985098] mark_lock+0x420/0x1370 [ 42.988875] __lock_acquire+0xc62/0x49c0 [ 42.993084] lock_acquire+0x16f/0x3f0 [ 42.997033] _raw_spin_lock_irq+0x60/0x80 [ 43.001326] free_ioctx_users+0x2d/0x490 [ 43.005546] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.011166] rcu_process_callbacks+0xba0/0x1a30 [ 43.016004] __do_softirq+0x25c/0x921 [ 43.019955] irq_exit+0x180/0x1d0 [ 43.023558] smp_apic_timer_interrupt+0x13b/0x550 [ 43.028550] apic_timer_interrupt+0xf/0x20 [ 43.032933] native_safe_halt+0xe/0x10 [ 43.036984] arch_cpu_idle+0xa/0x10 [ 43.040759] default_idle_call+0x36/0x90 [ 43.044972] do_idle+0x377/0x560 [ 43.048488] cpu_startup_entry+0xc8/0xe0 [ 43.052696] rest_init+0x219/0x222 [ 43.056387] start_kernel+0x88c/0x8c5 [ 43.060340] x86_64_start_reservations+0x29/0x2b [ 43.065244] x86_64_start_kernel+0x77/0x7b [ 43.069628] secondary_startup_64+0xa4/0xb0 [ 43.074090] [ 43.075689] [ 43.075689] stack backtrace: [ 43.080252] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 43.086454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.095783] Call Trace: [ 43.098359] [ 43.100486] dump_stack+0x172/0x1f0 [ 43.104092] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 43.109431] check_usage_forwards.cold+0x20/0x29 [ 43.114165] ? check_usage_backwards+0x340/0x340 [ 43.118904] ? save_stack_trace+0x1a/0x20 [ 43.123029] ? save_trace+0xe0/0x290 [ 43.126718] mark_lock+0x420/0x1370 [ 43.130338] ? check_usage_backwards+0x340/0x340 [ 43.135070] __lock_acquire+0xc62/0x49c0 [ 43.139119] ? mark_held_locks+0x100/0x100 [ 43.143335] ? mark_held_locks+0x100/0x100 [ 43.147546] ? __wake_up_common_lock+0xfe/0x190 [ 43.152191] ? mark_held_locks+0x100/0x100 [ 43.156401] ? __wake_up_common_lock+0xfe/0x190 [ 43.161051] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 43.166132] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 43.170696] ? trace_hardirqs_on+0x67/0x220 [ 43.174993] ? kasan_check_read+0x11/0x20 [ 43.179117] lock_acquire+0x16f/0x3f0 [ 43.182893] ? free_ioctx_users+0x2d/0x490 [ 43.187105] _raw_spin_lock_irq+0x60/0x80 [ 43.191228] ? free_ioctx_users+0x2d/0x490 [ 43.195440] free_ioctx_users+0x2d/0x490 [ 43.199499] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 43.204667] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.210098] ? percpu_ref_exit+0xd0/0xd0 [ 43.214137] rcu_process_callbacks+0xba0/0x1a30 [ 43.218785] ? __rcu_read_unlock+0x170/0x170 [ 43.223176] __do_softirq+0x25c/0x921 [ 43.226959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.232472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.237986] irq_exit+0x180/0x1d0 [ 43.241413] smp_apic_timer_interrupt+0x13b/0x550 [ 43.246232] apic_timer_interrupt+0xf/0x20 [ 43.250442] [ 43.252669] RIP: 0010:native_safe_halt+0xe/0x10 [ 43.257321] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 43.276201] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 43.283885] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 43.291132] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 43.298378] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 43.305721] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 43.312967] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 43.320746] ? default_idle+0x4e/0x320 [ 43.324611] arch_cpu_idle+0xa/0x10 [ 43.328215] default_idle_call+0x36/0x90 [ 43.332250] do_idle+0x377/0x560 [ 43.335593] ? arch_cpu_idle_exit+0x80/0x80 [ 43.339895] ? check_preemption_disabled+0x48/0x290 [ 43.344899] cpu_startup_entry+0x