[ 38.316710] audit: type=1800 audit(1567005809.408:32): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.958978] audit: type=1800 audit(1567005810.138:33): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.473893] kauditd_printk_skb: 2 callbacks suppressed [ 49.473908] audit: type=1400 audit(1567005820.658:36): avc: denied { map } for pid=7602 comm="syz-executor678" path="/root/syz-executor678037567" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.510716] [ 49.512589] ======================================================== [ 49.519136] WARNING: possible irq lock inversion dependency detected [ 49.525761] 4.19.68 #42 Not tainted [ 49.529502] -------------------------------------------------------- [ 49.536110] ksoftirqd/1/18 just changed the state of lock: [ 49.541908] 00000000fa17e3f3 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 49.550769] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 49.558046] (&fiq->waitq){+.+.} [ 49.558059] [ 49.558059] [ 49.558059] and interrupts could create inverse lock ordering between them. [ 49.558059] [ 49.573017] [ 49.573017] other info that might help us debug this: [ 49.579782] Possible interrupt unsafe locking scenario: [ 49.579782] [ 49.586878] CPU0 CPU1 [ 49.591531] ---- ---- [ 49.596361] lock(&fiq->waitq); [ 49.599726] local_irq_disable(); [ 49.605773] lock(&(&ctx->ctx_lock)->rlock); [ 49.612782] lock(&fiq->waitq); [ 49.618807] [ 49.621564] lock(&(&ctx->ctx_lock)->rlock); [ 49.626230] [ 49.626230] *** DEADLOCK *** [ 49.626230] [ 49.632648] 2 locks held by ksoftirqd/1/18: [ 49.637056] #0: 00000000ce11307f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 49.646250] #1: 0000000034136fe5 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 49.656468] [ 49.656468] the shortest dependencies between 2nd lock and 1st lock: [ 49.664434] -> (&fiq->waitq){+.+.} ops: 4 { [ 49.669148] HARDIRQ-ON-W at: [ 49.672632] lock_acquire+0x16f/0x3f0 [ 49.678370] _raw_spin_lock+0x2f/0x40 [ 49.684289] flush_bg_queue+0x1f3/0x3d0 [ 49.690216] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.698027] fuse_request_send_background+0x12b/0x180 [ 49.705215] cuse_channel_open+0x5ba/0x830 [ 49.711309] misc_open+0x395/0x4c0 [ 49.716680] chrdev_open+0x245/0x6b0 [ 49.722309] do_dentry_open+0x4c3/0x1210 [ 49.728346] vfs_open+0xa0/0xd0 [ 49.733476] path_openat+0x10d7/0x45e0 [ 49.739295] do_filp_open+0x1a1/0x280 [ 49.744926] do_sys_open+0x3fe/0x550 [ 49.750459] __x64_sys_openat+0x9d/0x100 [ 49.756348] do_syscall_64+0xfd/0x620 [ 49.762098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.769106] SOFTIRQ-ON-W at: [ 49.772938] lock_acquire+0x16f/0x3f0 [ 49.778903] _raw_spin_lock+0x2f/0x40 [ 49.784725] flush_bg_queue+0x1f3/0x3d0 [ 49.790545] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.798302] fuse_request_send_background+0x12b/0x180 [ 49.805520] cuse_channel_open+0x5ba/0x830 [ 49.811780] misc_open+0x395/0x4c0 [ 49.817357] chrdev_open+0x245/0x6b0 [ 49.822925] do_dentry_open+0x4c3/0x1210 [ 49.828839] vfs_open+0xa0/0xd0 [ 49.833949] path_openat+0x10d7/0x45e0 [ 49.839865] do_filp_open+0x1a1/0x280 [ 49.849401] do_sys_open+0x3fe/0x550 [ 49.854953] __x64_sys_openat+0x9d/0x100 [ 49.860867] do_syscall_64+0xfd/0x620 [ 49.866525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.873722] INITIAL USE at: [ 49.877098] lock_acquire+0x16f/0x3f0 [ 49.882744] _raw_spin_lock+0x2f/0x40 [ 49.888375] flush_bg_queue+0x1f3/0x3d0 [ 49.894093] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.901741] fuse_request_send_background+0x12b/0x180 [ 49.908762] cuse_channel_open+0x5ba/0x830 [ 49.914835] misc_open+0x395/0x4c0 [ 49.920114] chrdev_open+0x245/0x6b0 [ 49.925722] do_dentry_open+0x4c3/0x1210 [ 49.931524] vfs_open+0xa0/0xd0 [ 49.936555] path_openat+0x10d7/0x45e0 [ 49.942189] do_filp_open+0x1a1/0x280 [ 49.947728] do_sys_open+0x3fe/0x550 [ 49.953479] __x64_sys_openat+0x9d/0x100 [ 49.959597] do_syscall_64+0xfd/0x620 [ 49.965174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.972101] } [ 49.974001] ... key at: [] __key.42211+0x0/0x40 [ 49.981024] ... acquired at: [ 49.984228] _raw_spin_lock+0x2f/0x40 [ 49.988223] io_submit_one+0xef2/0x2eb0 [ 49.992362] __x64_sys_io_submit+0x1aa/0x520 [ 49.996974] do_syscall_64+0xfd/0x620 [ 50.001122] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.006573] [ 50.008208] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 50.013660] IN-SOFTIRQ-W at: [ 50.016948] lock_acquire+0x16f/0x3f0 [ 50.022402] _raw_spin_lock_irq+0x60/0x80 [ 50.028351] free_ioctx_users+0x2d/0x490 [ 50.034294] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.041509] rcu_process_callbacks+0xba0/0x1a30 [ 50.048002] __do_softirq+0x25c/0x921 [ 50.053454] run_ksoftirqd+0x8e/0x110 [ 50.059028] smpboot_thread_fn+0x6a3/0xa30 [ 50.064918] kthread+0x354/0x420 [ 50.069962] ret_from_fork+0x24/0x30 [ 50.075315] INITIAL USE at: [ 50.078631] lock_acquire+0x16f/0x3f0 [ 50.084026] _raw_spin_lock_irq+0x60/0x80 [ 50.089957] io_submit_one+0xead/0x2eb0 [ 50.095503] __x64_sys_io_submit+0x1aa/0x520 [ 50.101568] do_syscall_64+0xfd/0x620 [ 50.106942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.114058] } [ 50.116007] ... key at: [] __key.50211+0x0/0x40 [ 50.123568] ... acquired at: [ 50.127057] mark_lock+0x420/0x1370 [ 50.131761] __lock_acquire+0xc62/0x49c0 [ 50.136199] lock_acquire+0x16f/0x3f0 [ 50.140426] _raw_spin_lock_irq+0x60/0x80 [ 50.144928] free_ioctx_users+0x2d/0x490 [ 50.149632] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.155283] rcu_process_callbacks+0xba0/0x1a30 [ 50.160558] __do_softirq+0x25c/0x921 [ 50.164720] run_ksoftirqd+0x8e/0x110 [ 50.168780] smpboot_thread_fn+0x6a3/0xa30 [ 50.173378] kthread+0x354/0x420 [ 50.176932] ret_from_fork+0x24/0x30 [ 50.181363] [ 50.183051] [ 50.183051] stack backtrace: [ 50.187740] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.68 #42 [ 50.194613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.204207] Call Trace: [ 50.207231] dump_stack+0x172/0x1f0 [ 50.211018] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 50.216383] check_usage_forwards.cold+0x20/0x29 [ 50.221140] ? check_usage_backwards+0x340/0x340 [ 50.225972] ? save_stack_trace+0x1a/0x20 [ 50.230320] ? save_trace+0xe0/0x290 [ 50.234761] mark_lock+0x420/0x1370 [ 50.238405] ? check_usage_backwards+0x340/0x340 [ 50.243172] __lock_acquire+0xc62/0x49c0 [ 50.247688] ? mark_held_locks+0x100/0x100 [ 50.252259] ? mark_held_locks+0x100/0x100 [ 50.256611] ? __wake_up_common_lock+0xfe/0x190 [ 50.261280] ? mark_held_locks+0x100/0x100 [ 50.265811] ? __wake_up_common_lock+0xfe/0x190 [ 50.271048] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 50.276456] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 50.281414] ? trace_hardirqs_on+0x67/0x220 [ 50.286088] ? kasan_check_read+0x11/0x20 [ 50.290251] lock_acquire+0x16f/0x3f0 [ 50.294369] ? free_ioctx_users+0x2d/0x490 [ 50.298913] _raw_spin_lock_irq+0x60/0x80 [ 50.303490] ? free_ioctx_users+0x2d/0x490 [ 50.307877] free_ioctx_users+0x2d/0x490 [ 50.312080] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 50.317584] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.323053] ? percpu_ref_exit+0xd0/0xd0 [ 50.327125] rcu_process_callbacks+0xba0/0x1a30 [ 50.331813] ? __rcu_read_unlock+0x170/0x170 [ 50.336407] ? sched_clock+0x2e/0x50 [ 50.340310] __do_softirq+0x25c/0x921 [ 50.344541] ? pci_mmcfg_check_reserved+0x170/0x170 [ 50.349573] ? takeover_tasklets+0x7b0/0x7b0 [ 50.354114] run_ksoftirqd+0x8e/0x110 [ 50.357930] smpboot_thread_fn+0x6a3/0xa30 [ 50.362494] ? sort_range+0x30/0x30 [ 50.366328] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 50.371872] ? __kthread_parkme+0xfb/0x1b0 [ 50.376376] kt