[ 38.989499] audit: type=1800 audit(1566900566.996:31): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 39.027212] audit: type=1800 audit(1566900567.006:32): pid=7506 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.889006] kauditd_printk_skb: 3 callbacks suppressed [ 47.889020] audit: type=1400 audit(1566900575.956:36): avc: denied { map } for pid=7693 comm="syz-executor838" path="/root/syz-executor838276574" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.934247] [ 47.935906] ======================================================== [ 47.942374] WARNING: possible irq lock inversion dependency detected [ 47.948888] 4.19.68 #42 Not tainted [ 47.952592] -------------------------------------------------------- [ 47.959065] swapper/0/0 just changed the state of lock: [ 47.964580] 00000000c524b46e (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.973326] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.980228] (&fiq->waitq){+.+.} [ 47.980237] [ 47.980237] [ 47.980237] and interrupts could create inverse lock ordering between them. [ 47.980237] [ 47.995205] [ 47.995205] other info that might help us debug this: [ 48.001852] Possible interrupt unsafe locking scenario: [ 48.001852] [ 48.008756] CPU0 CPU1 [ 48.013399] ---- ---- [ 48.018043] lock(&fiq->waitq); [ 48.021392] local_irq_disable(); [ 48.027435] lock(&(&ctx->ctx_lock)->rlock); [ 48.034434] lock(&fiq->waitq); [ 48.040339] [ 48.043225] lock(&(&ctx->ctx_lock)->rlock); [ 48.047894] [ 48.047894] *** DEADLOCK *** [ 48.047894] [ 48.053956] 2 locks held by swapper/0/0: [ 48.058016] #0: 000000005e792f97 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.066773] #1: 000000004caf35a8 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.076945] [ 48.076945] the shortest dependencies between 2nd lock and 1st lock: [ 48.085014] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.089410] HARDIRQ-ON-W at: [ 48.092776] lock_acquire+0x16f/0x3f0 [ 48.098399] _raw_spin_lock+0x2f/0x40 [ 48.104005] flush_bg_queue+0x1f3/0x3d0 [ 48.109812] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.117430] fuse_request_send_background+0x12b/0x180 [ 48.124432] cuse_channel_open+0x5ba/0x830 [ 48.132861] misc_open+0x395/0x4c0 [ 48.138213] chrdev_open+0x245/0x6b0 [ 48.143734] do_dentry_open+0x4c3/0x1210 [ 48.149601] vfs_open+0xa0/0xd0 [ 48.154722] path_openat+0x10d7/0x45e0 [ 48.160419] do_filp_open+0x1a1/0x280 [ 48.166140] do_sys_open+0x3fe/0x550 [ 48.171664] __x64_sys_openat+0x9d/0x100 [ 48.177558] do_syscall_64+0xfd/0x620 [ 48.183171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.190159] SOFTIRQ-ON-W at: [ 48.193509] lock_acquire+0x16f/0x3f0 [ 48.199112] _raw_spin_lock+0x2f/0x40 [ 48.204726] flush_bg_queue+0x1f3/0x3d0 [ 48.210545] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.218156] fuse_request_send_background+0x12b/0x180 [ 48.225171] cuse_channel_open+0x5ba/0x830 [ 48.231232] misc_open+0x395/0x4c0 [ 48.236579] chrdev_open+0x245/0x6b0 [ 48.242117] do_dentry_open+0x4c3/0x1210 [ 48.247987] vfs_open+0xa0/0xd0 [ 48.253077] path_openat+0x10d7/0x45e0 [ 48.258782] do_filp_open+0x1a1/0x280 [ 48.264391] do_sys_open+0x3fe/0x550 [ 48.270015] __x64_sys_openat+0x9d/0x100 [ 48.276000] do_syscall_64+0xfd/0x620 [ 48.281637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.288741] INITIAL USE at: [ 48.292008] lock_acquire+0x16f/0x3f0 [ 48.297623] _raw_spin_lock+0x2f/0x40 [ 48.303140] flush_bg_queue+0x1f3/0x3d0 [ 48.308865] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.316379] fuse_request_send_background+0x12b/0x180 [ 48.323290] cuse_channel_open+0x5ba/0x830 [ 48.329245] misc_open+0x395/0x4c0 [ 48.337460] chrdev_open+0x245/0x6b0 [ 48.342896] do_dentry_open+0x4c3/0x1210 [ 48.348700] vfs_open+0xa0/0xd0 [ 48.353727] path_openat+0x10d7/0x45e0 [ 48.359342] do_filp_open+0x1a1/0x280 [ 48.364862] do_sys_open+0x3fe/0x550 [ 48.370318] __x64_sys_openat+0x9d/0x100 [ 48.376101] do_syscall_64+0xfd/0x620 [ 48.381644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.388547] } [ 48.390428] ... key at: [] __key.42211+0x0/0x40 [ 48.397246] ... acquired at: [ 48.400424] _raw_spin_lock+0x2f/0x40 [ 48.404417] io_submit_one+0xef2/0x2eb0 [ 48.408555] __x64_sys_io_submit+0x1aa/0x520 [ 48.413137] do_syscall_64+0xfd/0x620 [ 48.417096] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.422527] [ 48.424130] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.429604] IN-SOFTIRQ-W at: [ 48.432994] lock_acquire+0x16f/0x3f0 [ 48.438539] _raw_spin_lock_irq+0x60/0x80 [ 48.444344] free_ioctx_users+0x2d/0x490 [ 48.450037] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.457135] rcu_process_callbacks+0xba0/0x1a30 [ 48.463444] __do_softirq+0x25c/0x921 [ 48.468875] irq_exit+0x180/0x1d0 [ 48.473985] smp_apic_timer_interrupt+0x13b/0x550 [ 48.480469] apic_timer_interrupt+0xf/0x20 [ 48.486470] native_safe_halt+0xe/0x10 [ 48.492017] arch_cpu_idle+0xa/0x10 [ 48.497297] default_idle_call+0x36/0x90 [ 48.503015] do_idle+0x377/0x560 [ 48.508015] cpu_startup_entry+0xc8/0xe0 [ 48.513750] rest_init+0x219/0x222 [ 48.518937] start_kernel+0x88c/0x8c5 [ 48.524374] x86_64_start_reservations+0x29/0x2b [ 48.530893] x86_64_start_kernel+0x77/0x7b [ 48.536764] secondary_startup_64+0xa4/0xb0 [ 48.542718] INITIAL USE at: [ 48.545997] lock_acquire+0x16f/0x3f0 [ 48.551342] _raw_spin_lock_irq+0x60/0x80 [ 48.557036] io_submit_one+0xead/0x2eb0 [ 48.562596] __x64_sys_io_submit+0x1aa/0x520 [ 48.568548] do_syscall_64+0xfd/0x620 [ 48.573943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.580718] } [ 48.582507] ... key at: [] __key.50211+0x0/0x40 [ 48.589403] ... acquired at: [ 48.592492] mark_lock+0x420/0x1370 [ 48.596297] __lock_acquire+0xc62/0x49c0 [ 48.600536] lock_acquire+0x16f/0x3f0 [ 48.604528] _raw_spin_lock_irq+0x60/0x80 [ 48.608873] free_ioctx_users+0x2d/0x490 [ 48.613140] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.618831] rcu_process_callbacks+0xba0/0x1a30 [ 48.623665] __do_softirq+0x25c/0x921 [ 48.627623] irq_exit+0x180/0x1d0 [ 48.631272] smp_apic_timer_interrupt+0x13b/0x550 [ 48.636293] apic_timer_interrupt+0xf/0x20 [ 48.640747] native_safe_halt+0xe/0x10 [ 48.644821] arch_cpu_idle+0xa/0x10 [ 48.648602] default_idle_call+0x36/0x90 [ 48.652816] do_idle+0x377/0x560 [ 48.656333] cpu_startup_entry+0xc8/0xe0 [ 48.660549] rest_init+0x219/0x222 [ 48.664375] start_kernel+0x88c/0x8c5 [ 48.668377] x86_64_start_reservations+0x29/0x2b [ 48.673287] x86_64_start_kernel+0x77/0x7b [ 48.677763] secondary_startup_64+0xa4/0xb0 [ 48.682244] [ 48.683877] [ 48.683877] stack backtrace: [ 48.688383] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.68 #42 [ 48.694788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.704320] Call Trace: [ 48.706905] [ 48.709052] dump_stack+0x172/0x1f0 [ 48.712682] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.718147] check_usage_forwards.cold+0x20/0x29 [ 48.722917] ? check_usage_backwards+0x340/0x340 [ 48.727746] ? save_stack_trace+0x1a/0x20 [ 48.731900] ? save_trace+0xe0/0x290 [ 48.735594] mark_lock+0x420/0x1370 [ 48.739237] ? check_usage_backwards+0x340/0x340 [ 48.743979] __lock_acquire+0xc62/0x49c0 [ 48.748018] ? mark_held_locks+0x100/0x100 [ 48.752262] ? mark_held_locks+0x100/0x100 [ 48.756492] ? __wake_up_common_lock+0xfe/0x190 [ 48.761150] ? mark_held_locks+0x100/0x100 [ 48.765365] ? __wake_up_common_lock+0xfe/0x190 [ 48.770148] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.775241] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.779803] ? trace_hardirqs_on+0x67/0x220 [ 48.784108] ? kasan_check_read+0x11/0x20 [ 48.788353] lock_acquire+0x16f/0x3f0 [ 48.792242] ? free_ioctx_users+0x2d/0x490 [ 48.796490] _raw_spin_lock_irq+0x60/0x80 [ 48.800630] ? free_ioctx_users+0x2d/0x490 [ 48.804869] free_ioctx_users+0x2d/0x490 [ 48.808911] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.814093] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.819529] ? percpu_ref_exit+0xd0/0xd0 [ 48.823570] rcu_process_callbacks+0xba0/0x1a30 [ 48.828220] ? __rcu_read_unlock+0x170/0x170 [ 48.832614] __do_softirq+0x25c/0x921 [ 48.836400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.841928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.847710] irq_exit+0x180/0x1d0 [ 48.851187] smp_apic_timer_interrupt+0x13b/0x550 [ 48.856195] apic_timer_interrupt+0xf/0x20 [ 48.860425] [ 48.862649] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.867304] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 48.886437] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 48.894145] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 48.901408] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 48.908658] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 48.915995] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 48.923352] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 48.930639] ? default_idle+0x4e/0x320 [ 48.934563] arch_cpu_idle+0xa/0x10 [ 48.938186] default_idle_call+0x36/0x90 [ 48.942247] do_idle+0x377/0x560 [ 48.945609] ? arch_cpu_idle_exit+0x80/0x80 [ 48.949912] ? check_preemption_disabled+0x48/0x290 [ 48.954934] cpu_startup_entry+0xc8/0xe0 [ 48.958977] ? cpu_in_idle+0x20/0x20 [ 48.962688] rest_init+0x219/0x222 [ 48.966229] start_kernel+0x88c/0x8c5 [ 48.970012] ? mem_encrypt_init+0xb/0xb [ 48.973984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.979533] ? x86_family+0x41/0x50 [ 48.983146] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.988668] x86_64_start_reservations+0x29/0x2b [ 48