[ 41.144622] audit: type=1800 audit(1559990974.072:29): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 41.183665] audit: type=1800 audit(1559990974.082:30): pid=7615 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.839704] kauditd_printk_skb: 5 callbacks suppressed [ 49.839721] audit: type=1400 audit(1559990982.772:36): avc: denied { map } for pid=7802 comm="syz-executor606" path="/root/syz-executor606255520" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.875833] [ 49.877473] ======================================================== [ 49.883939] WARNING: possible irq lock inversion dependency detected [ 49.890411] 4.19.48 #20 Not tainted [ 49.894061] -------------------------------------------------------- [ 49.900544] swapper/1/0 just changed the state of lock: [ 49.905921] 00000000b3d5862a (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 49.914698] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 49.921525] (&fiq->waitq){+.+.} [ 49.921535] [ 49.921535] [ 49.921535] and interrupts could create inverse lock ordering between them. [ 49.921535] [ 49.936412] [ 49.936412] other info that might help us debug this: [ 49.943066] Possible interrupt unsafe locking scenario: [ 49.943066] [ 49.949977] CPU0 CPU1 [ 49.954641] ---- ---- [ 49.959296] lock(&fiq->waitq); [ 49.962646] local_irq_disable(); [ 49.968681] lock(&(&ctx->ctx_lock)->rlock); [ 49.975680] lock(&fiq->waitq); [ 49.981550] [ 49.984287] lock(&(&ctx->ctx_lock)->rlock); [ 49.988937] [ 49.988937] *** DEADLOCK *** [ 49.988937] [ 49.995021] 2 locks held by swapper/1/0: [ 49.999084] #0: 00000000780815b7 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 50.007845] #1: 00000000da617dc0 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 50.017991] [ 50.017991] the shortest dependencies between 2nd lock and 1st lock: [ 50.025956] -> (&fiq->waitq){+.+.} ops: 4 { [ 50.030357] HARDIRQ-ON-W at: [ 50.033717] lock_acquire+0x16f/0x3f0 [ 50.039332] _raw_spin_lock+0x2f/0x40 [ 50.044944] flush_bg_queue+0x1f3/0x3d0 [ 50.050751] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.058403] fuse_request_send_background+0x12b/0x180 [ 50.065402] cuse_channel_open+0x5ba/0x830 [ 50.071447] misc_open+0x395/0x4c0 [ 50.076809] chrdev_open+0x245/0x6b0 [ 50.082331] do_dentry_open+0x4c3/0x1200 [ 50.088203] vfs_open+0xa0/0xd0 [ 50.093293] path_openat+0x10d7/0x4690 [ 50.098992] do_filp_open+0x1a1/0x280 [ 50.104610] do_sys_open+0x3fe/0x550 [ 50.110912] __x64_sys_openat+0x9d/0x100 [ 50.116791] do_syscall_64+0xfd/0x620 [ 50.122411] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.129406] SOFTIRQ-ON-W at: [ 50.132762] lock_acquire+0x16f/0x3f0 [ 50.138375] _raw_spin_lock+0x2f/0x40 [ 50.144006] flush_bg_queue+0x1f3/0x3d0 [ 50.149821] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.157433] fuse_request_send_background+0x12b/0x180 [ 50.164435] cuse_channel_open+0x5ba/0x830 [ 50.170500] misc_open+0x395/0x4c0 [ 50.175877] chrdev_open+0x245/0x6b0 [ 50.181420] do_dentry_open+0x4c3/0x1200 [ 50.187293] vfs_open+0xa0/0xd0 [ 50.192382] path_openat+0x10d7/0x4690 [ 50.198104] do_filp_open+0x1a1/0x280 [ 50.203727] do_sys_open+0x3fe/0x550 [ 50.209260] __x64_sys_openat+0x9d/0x100 [ 50.215141] do_syscall_64+0xfd/0x620 [ 50.220759] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.227755] INITIAL USE at: [ 50.231029] lock_acquire+0x16f/0x3f0 [ 50.236556] _raw_spin_lock+0x2f/0x40 [ 50.242086] flush_bg_queue+0x1f3/0x3d0 [ 50.247794] fuse_request_send_background_locked+0x26d/0x4e0 [ 50.255323] fuse_request_send_background+0x12b/0x180 [ 50.262244] cuse_channel_open+0x5ba/0x830 [ 50.268206] misc_open+0x395/0x4c0 [ 50.273480] chrdev_open+0x245/0x6b0 [ 50.278944] do_dentry_open+0x4c3/0x1200 [ 50.284733] vfs_open+0xa0/0xd0 [ 50.289743] path_openat+0x10d7/0x4690 [ 50.295363] do_filp_open+0x1a1/0x280 [ 50.300893] do_sys_open+0x3fe/0x550 [ 50.306445] __x64_sys_openat+0x9d/0x100 [ 50.312231] do_syscall_64+0xfd/0x620 [ 50.317760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.324665] } [ 50.326544] ... key at: [] __key.42196+0x0/0x40 [ 50.333361] ... acquired at: [ 50.336565] _raw_spin_lock+0x2f/0x40 [ 50.340525] io_submit_one+0xef2/0x2eb0 [ 50.344655] __x64_sys_io_submit+0x1aa/0x520 [ 50.349225] do_syscall_64+0xfd/0x620 [ 50.353227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.358568] [ 50.360190] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 50.365636] IN-SOFTIRQ-W at: [ 50.368915] lock_acquire+0x16f/0x3f0 [ 50.374352] _raw_spin_lock_irq+0x60/0x80 [ 50.380136] free_ioctx_users+0x2d/0x490 [ 50.385858] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.393034] rcu_process_callbacks+0xba0/0x1a30 [ 50.399346] __do_softirq+0x25c/0x921 [ 50.404783] irq_exit+0x180/0x1d0 [ 50.409871] smp_apic_timer_interrupt+0x13b/0x550 [ 50.416349] apic_timer_interrupt+0xf/0x20 [ 50.422217] native_safe_halt+0xe/0x10 [ 50.427746] arch_cpu_idle+0xa/0x10 [ 50.433008] default_idle_call+0x36/0x90 [ 50.438706] do_idle+0x377/0x560 [ 50.443708] cpu_startup_entry+0xc8/0xe0 [ 50.449665] start_secondary+0x3e8/0x5b0 [ 50.455362] secondary_startup_64+0xa4/0xb0 [ 50.461317] INITIAL USE at: [ 50.464507] lock_acquire+0x16f/0x3f0 [ 50.469864] _raw_spin_lock_irq+0x60/0x80 [ 50.475577] io_submit_one+0xead/0x2eb0 [ 50.481131] __x64_sys_io_submit+0x1aa/0x520 [ 50.487094] do_syscall_64+0xfd/0x620 [ 50.492456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.499189] } [ 50.500994] ... key at: [] __key.50187+0x0/0x40 [ 50.507728] ... acquired at: [ 50.510823] mark_lock+0x420/0x1370 [ 50.514615] __lock_acquire+0xc65/0x48f0 [ 50.518837] lock_acquire+0x16f/0x3f0 [ 50.522800] _raw_spin_lock_irq+0x60/0x80 [ 50.527109] free_ioctx_users+0x2d/0x490 [ 50.531334] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.536946] rcu_process_callbacks+0xba0/0x1a30 [ 50.541793] __do_softirq+0x25c/0x921 [ 50.546040] irq_exit+0x180/0x1d0 [ 50.549676] smp_apic_timer_interrupt+0x13b/0x550 [ 50.554690] apic_timer_interrupt+0xf/0x20 [ 50.559087] native_safe_halt+0xe/0x10 [ 50.563158] arch_cpu_idle+0xa/0x10 [ 50.566947] default_idle_call+0x36/0x90 [ 50.571182] do_idle+0x377/0x560 [ 50.574796] cpu_startup_entry+0xc8/0xe0 [ 50.579021] start_secondary+0x3e8/0x5b0 [ 50.583245] secondary_startup_64+0xa4/0xb0 [ 50.587721] [ 50.589326] [ 50.589326] stack backtrace: [ 50.593809] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.48 #20 [ 50.600031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.609370] Call Trace: [ 50.611943] [ 50.614086] dump_stack+0x172/0x1f0 [ 50.617729] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 50.623086] check_usage_forwards.cold+0x20/0x29 [ 50.627834] ? check_usage_backwards+0x340/0x340 [ 50.632619] ? save_stack_trace+0x1a/0x20 [ 50.636781] ? save_trace+0xe0/0x290 [ 50.640503] mark_lock+0x420/0x1370 [ 50.644126] ? check_usage_backwards+0x340/0x340 [ 50.648876] __lock_acquire+0xc65/0x48f0 [ 50.652925] ? mark_held_locks+0x100/0x100 [ 50.657155] ? mark_held_locks+0x100/0x100 [ 50.661382] ? __wake_up_common_lock+0xfe/0x190 [ 50.666042] ? mark_held_locks+0x100/0x100 [ 50.670265] ? __wake_up_common_lock+0xfe/0x190 [ 50.674923] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 50.680038] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 50.684611] ? trace_hardirqs_on+0x67/0x220 [ 50.688946] ? kasan_check_read+0x11/0x20 [ 50.693083] lock_acquire+0x16f/0x3f0 [ 50.696976] ? free_ioctx_users+0x2d/0x490 [ 50.701227] _raw_spin_lock_irq+0x60/0x80 [ 50.705387] ? free_ioctx_users+0x2d/0x490 [ 50.709623] free_ioctx_users+0x2d/0x490 [ 50.713678] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 50.718860] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.724303] ? percpu_ref_exit+0xd0/0xd0 [ 50.728354] rcu_process_callbacks+0xba0/0x1a30 [ 50.733011] ? __rcu_read_unlock+0x170/0x170 [ 50.737414] __do_softirq+0x25c/0x921 [ 50.741205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.746731] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.752258] irq_exit+0x180/0x1d0 [ 50.755724] smp_apic_timer_interrupt+0x13b/0x550 [ 50.760555] apic_timer_interrupt+0xf/0x20 [ 50.764769] [ 50.767003] RIP: 0010:native_safe_halt+0xe/0x10 [ 50.771677] Code: ff ff 48 89 df e8 72 4c b2 fa eb 82 e9 07 00 00 00 0f 00 2d e4 aa 58 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d d4 aa 58 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 7e 6a fa e8 a9 [ 50.792047] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 50.799745] RAX: 1ffffffff10e46cc RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 50.807024] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 50.814282] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 50.821566] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 50.828830] R13: ffffffff88723650 R14: 0000000000000001 R15: 0000000000000000 [ 50.836103] ? default_idle+0x4e/0x320 [ 50.839993] arch_cpu_idle+0xa/0x10 [ 50.