[ 40.967209] audit: type=1800 audit(1565910534.017:30): pid=7652 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.742082] kauditd_printk_skb: 4 callbacks suppressed [ 46.742097] audit: type=1400 audit(1565910539.837:35): avc: denied { map } for pid=7826 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. executing program [ 54.100361] audit: type=1400 audit(1565910547.197:36): avc: denied { map } for pid=7838 comm="syz-executor458" path="/root/syz-executor458706671" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.134080] [ 54.135724] ======================================================== [ 54.142191] WARNING: possible irq lock inversion dependency detected [ 54.148759] 4.19.66 #40 Not tainted [ 54.152362] -------------------------------------------------------- [ 54.158835] swapper/1/0 just changed the state of lock: [ 54.164177] 000000000169d59f (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 54.172954] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 54.179799] (&fiq->waitq){+.+.} [ 54.179810] [ 54.179810] [ 54.179810] and interrupts could create inverse lock ordering between them. [ 54.179810] [ 54.196852] [ 54.196852] other info that might help us debug this: [ 54.203527] Possible interrupt unsafe locking scenario: [ 54.203527] [ 54.210450] CPU0 CPU1 [ 54.215118] ---- ---- [ 54.219773] lock(&fiq->waitq); [ 54.223126] local_irq_disable(); [ 54.236552] lock(&(&ctx->ctx_lock)->rlock); [ 54.243577] lock(&fiq->waitq); [ 54.249479] [ 54.252238] lock(&(&ctx->ctx_lock)->rlock); [ 54.256903] [ 54.256903] *** DEADLOCK *** [ 54.256903] [ 54.262959] 2 locks held by swapper/1/0: [ 54.267005] #0: 00000000176f434b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 54.275772] #1: 000000003a4ad5f4 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 54.285934] [ 54.285934] the shortest dependencies between 2nd lock and 1st lock: [ 54.293903] -> (&fiq->waitq){+.+.} ops: 8 { [ 54.298308] HARDIRQ-ON-W at: [ 54.301689] lock_acquire+0x16f/0x3f0 [ 54.307301] _raw_spin_lock+0x2f/0x40 [ 54.312926] flush_bg_queue+0x1f3/0x3d0 [ 54.318750] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.326364] fuse_request_send_background+0x12b/0x180 [ 54.333363] cuse_channel_open+0x5ba/0x830 [ 54.339429] misc_open+0x395/0x4c0 [ 54.344781] chrdev_open+0x245/0x6b0 [ 54.350307] do_dentry_open+0x4c3/0x1210 [ 54.356177] vfs_open+0xa0/0xd0 [ 54.361268] path_openat+0x10d7/0x45e0 [ 54.367019] do_filp_open+0x1a1/0x280 [ 54.372634] do_sys_open+0x3fe/0x550 [ 54.378184] __x64_sys_openat+0x9d/0x100 [ 54.384058] do_syscall_64+0xfd/0x620 [ 54.389695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.396690] SOFTIRQ-ON-W at: [ 54.400080] lock_acquire+0x16f/0x3f0 [ 54.405693] _raw_spin_lock+0x2f/0x40 [ 54.411300] flush_bg_queue+0x1f3/0x3d0 [ 54.417177] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.424820] fuse_request_send_background+0x12b/0x180 [ 54.431904] cuse_channel_open+0x5ba/0x830 [ 54.437982] misc_open+0x395/0x4c0 [ 54.443362] chrdev_open+0x245/0x6b0 [ 54.448898] do_dentry_open+0x4c3/0x1210 [ 54.454795] vfs_open+0xa0/0xd0 [ 54.459886] path_openat+0x10d7/0x45e0 [ 54.465587] do_filp_open+0x1a1/0x280 [ 54.471282] do_sys_open+0x3fe/0x550 [ 54.476805] __x64_sys_openat+0x9d/0x100 [ 54.482695] do_syscall_64+0xfd/0x620 [ 54.488307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.495318] INITIAL USE at: [ 54.498609] lock_acquire+0x16f/0x3f0 [ 54.504132] _raw_spin_lock+0x2f/0x40 [ 54.509675] flush_bg_queue+0x1f3/0x3d0 [ 54.515389] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.522926] fuse_request_send_background+0x12b/0x180 [ 54.529834] cuse_channel_open+0x5ba/0x830 [ 54.535796] misc_open+0x395/0x4c0 [ 54.541059] chrdev_open+0x245/0x6b0 [ 54.546509] do_dentry_open+0x4c3/0x1210 [ 54.552295] vfs_open+0xa0/0xd0 [ 54.557389] path_openat+0x10d7/0x45e0 [ 54.563021] do_filp_open+0x1a1/0x280 [ 54.568550] do_sys_open+0x3fe/0x550 [ 54.573996] __x64_sys_openat+0x9d/0x100 [ 54.579792] do_syscall_64+0xfd/0x620 [ 54.585324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.592231] } [ 54.594119] ... key at: [] __key.42212+0x0/0x40 [ 54.600941] ... acquired at: [ 54.604125] _raw_spin_lock+0x2f/0x40 [ 54.608092] io_submit_one+0xef2/0x2eb0 [ 54.612460] __x64_sys_io_submit+0x1aa/0x520 [ 54.617057] do_syscall_64+0xfd/0x620 [ 54.621018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.626364] [ 54.627970] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 54.633438] IN-SOFTIRQ-W at: [ 54.636721] lock_acquire+0x16f/0x3f0 [ 54.642164] _raw_spin_lock_irq+0x60/0x80 [ 54.647959] free_ioctx_users+0x2d/0x490 [ 54.653680] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.660794] rcu_process_callbacks+0xba0/0x1a30 [ 54.667130] __do_softirq+0x25c/0x921 [ 54.672572] irq_exit+0x180/0x1d0 [ 54.677672] smp_apic_timer_interrupt+0x13b/0x550 [ 54.684163] apic_timer_interrupt+0xf/0x20 [ 54.690128] native_safe_halt+0xe/0x10 [ 54.695667] arch_cpu_idle+0xa/0x10 [ 54.700960] default_idle_call+0x36/0x90 [ 54.706669] do_idle+0x377/0x560 [ 54.711703] cpu_startup_entry+0xc8/0xe0 [ 54.724459] start_secondary+0x3e8/0x5b0 [ 54.736130] secondary_startup_64+0xa4/0xb0 [ 54.742092] INITIAL USE at: [ 54.745288] lock_acquire+0x16f/0x3f0 [ 54.750642] _raw_spin_lock_irq+0x60/0x80 [ 54.756392] io_submit_one+0xead/0x2eb0 [ 54.761927] __x64_sys_io_submit+0x1aa/0x520 [ 54.767916] do_syscall_64+0xfd/0x620 [ 54.773287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.780023] } [ 54.781816] ... key at: [] __key.50212+0x0/0x40 [ 54.788574] ... acquired at: [ 54.791688] mark_lock+0x420/0x1370 [ 54.795482] __lock_acquire+0xc62/0x49c0 [ 54.799713] lock_acquire+0x16f/0x3f0 [ 54.803767] _raw_spin_lock_irq+0x60/0x80 [ 54.808110] free_ioctx_users+0x2d/0x490 [ 54.812364] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.817984] rcu_process_callbacks+0xba0/0x1a30 [ 54.822809] __do_softirq+0x25c/0x921 [ 54.826772] irq_exit+0x180/0x1d0 [ 54.830383] smp_apic_timer_interrupt+0x13b/0x550 [ 54.835386] apic_timer_interrupt+0xf/0x20 [ 54.839776] native_safe_halt+0xe/0x10 [ 54.843824] arch_cpu_idle+0xa/0x10 [ 54.847624] default_idle_call+0x36/0x90 [ 54.851883] do_idle+0x377/0x560 [ 54.855422] cpu_startup_entry+0xc8/0xe0 [ 54.859639] start_secondary+0x3e8/0x5b0 [ 54.863862] secondary_startup_64+0xa4/0xb0 [ 54.868334] [ 54.869939] [ 54.869939] stack backtrace: [ 54.874419] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.66 #40 [ 54.880656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.889992] Call Trace: [ 54.892573] [ 54.894717] dump_stack+0x172/0x1f0 [ 54.898330] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.903686] check_usage_forwards.cold+0x20/0x29 [ 54.908461] ? check_usage_backwards+0x340/0x340 [ 54.913209] ? save_stack_trace+0x1a/0x20 [ 54.917348] ? save_trace+0xe0/0x290 [ 54.921073] mark_lock+0x420/0x1370 [ 54.924694] ? check_usage_backwards+0x340/0x340 [ 54.929438] __lock_acquire+0xc62/0x49c0 [ 54.933479] ? mark_held_locks+0x100/0x100 [ 54.937701] ? mark_held_locks+0x100/0x100 [ 54.941936] ? __wake_up_common_lock+0xfe/0x190 [ 54.946608] ? mark_held_locks+0x100/0x100 [ 54.950823] ? __wake_up_common_lock+0xfe/0x190 [ 54.955472] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.960580] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 54.965155] ? trace_hardirqs_on+0x67/0x220 [ 54.969458] ? kasan_check_read+0x11/0x20 [ 54.973607] lock_acquire+0x16f/0x3f0 [ 54.977409] ? free_ioctx_users+0x2d/0x490 [ 54.981644] _raw_spin_lock_irq+0x60/0x80 [ 54.985790] ? free_ioctx_users+0x2d/0x490 [ 54.990010] free_ioctx_users+0x2d/0x490 [ 54.994056] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.999229] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 55.004675] ? percpu_ref_exit+0xd0/0xd0 [ 55.008722] rcu_process_callbacks+0xba0/0x1a30 [ 55.013390] ? __rcu_read_unlock+0x170/0x170 [ 55.017786] __do_softirq+0x25c/0x921 [ 55.021585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.027109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.032632] irq_exit+0x180/0x1d0 [ 55.036087] smp_apic_timer_interrupt+0x13b/0x550 [ 55.040913] apic_timer_interrupt+0xf/0x20 [ 55.045214] [ 55.047435] RIP: 0010:native_safe_halt+0xe/0x10 [ 55.052102] Code: ff ff 48 89 df e8 12 5a ae fa eb 82 e9 07 00 00 00 0f 00 2d 14 41 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 04 41 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 0e 3e 66 fa e8 89 [ 55.071001] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 55.078830] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 55.086090] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 55.093354] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 55.100632] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 55.107938] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 55.115219] ? default_idle+0x4e/0x320 [ 55.119100] arch_cpu_idle+0xa/0x10 [ 55.122716] default_idle_call+0x36/0x90 [ 55.126767] do_idle+0x377/0x560 [ 55.130123] ? arch_cpu_idle_exit+0x80/0x80 [ 55.134435] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 55.139544] ? complete+0x61/0x80 [ 55.142991] cpu_startup_entry+0xc8/0xe0 [ 55.147048] ? cpu_in_idle+0x20/0x20 [ 55.150762] ? setup_APIC_timer+0x1aa/0x200