[ 42.920356] audit: type=1800 audit(1560537258.544:29): pid=7730 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 42.951242] audit: type=1800 audit(1560537258.554:30): pid=7730 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.147' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.336332] kauditd_printk_skb: 5 callbacks suppressed [ 52.336348] audit: type=1400 audit(1560537267.964:36): avc: denied { map } for pid=7917 comm="syz-executor211" path="/root/syz-executor211176695" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.380587] [ 52.382279] ======================================================== [ 52.388774] WARNING: possible irq lock inversion dependency detected [ 52.395254] 4.19.50 #22 Not tainted [ 52.398864] -------------------------------------------------------- [ 52.405344] swapper/0/0 just changed the state of lock: [ 52.410695] 00000000ad9633eb (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 52.419732] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 52.426571] (&fiq->waitq){+.+.} [ 52.426581] [ 52.426581] [ 52.426581] and interrupts could create inverse lock ordering between them. [ 52.426581] [ 52.441444] [ 52.441444] other info that might help us debug this: [ 52.448205] Possible interrupt unsafe locking scenario: [ 52.448205] [ 52.455214] CPU0 CPU1 [ 52.459870] ---- ---- [ 52.464526] lock(&fiq->waitq); [ 52.468335] local_irq_disable(); [ 52.474531] lock(&(&ctx->ctx_lock)->rlock); [ 52.481539] lock(&fiq->waitq); [ 52.487420] [ 52.490165] lock(&(&ctx->ctx_lock)->rlock); [ 52.494822] [ 52.494822] *** DEADLOCK *** [ 52.494822] [ 52.500880] 2 locks held by swapper/0/0: [ 52.505013] #0: 00000000167b2cc2 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 52.513793] #1: 000000000e61db80 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 52.523945] [ 52.523945] the shortest dependencies between 2nd lock and 1st lock: [ 52.534309] -> (&fiq->waitq){+.+.} ops: 4 { [ 52.538731] HARDIRQ-ON-W at: [ 52.542106] lock_acquire+0x16f/0x3f0 [ 52.547745] _raw_spin_lock+0x2f/0x40 [ 52.553374] flush_bg_queue+0x1f3/0x3d0 [ 52.559168] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.566783] fuse_request_send_background+0x12b/0x180 [ 52.573797] cuse_channel_open+0x5ba/0x830 [ 52.579858] misc_open+0x395/0x4c0 [ 52.585221] chrdev_open+0x245/0x6b0 [ 52.590773] do_dentry_open+0x4c3/0x1200 [ 52.596654] vfs_open+0xa0/0xd0 [ 52.601841] path_openat+0x10d7/0x4690 [ 52.607551] do_filp_open+0x1a1/0x280 [ 52.613180] do_sys_open+0x3fe/0x550 [ 52.618720] __x64_sys_openat+0x9d/0x100 [ 52.624601] do_syscall_64+0xfd/0x620 [ 52.630214] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.637226] SOFTIRQ-ON-W at: [ 52.640610] lock_acquire+0x16f/0x3f0 [ 52.646236] _raw_spin_lock+0x2f/0x40 [ 52.651854] flush_bg_queue+0x1f3/0x3d0 [ 52.657679] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.665776] fuse_request_send_background+0x12b/0x180 [ 52.672887] cuse_channel_open+0x5ba/0x830 [ 52.678957] misc_open+0x395/0x4c0 [ 52.684328] chrdev_open+0x245/0x6b0 [ 52.689892] do_dentry_open+0x4c3/0x1200 [ 52.695779] vfs_open+0xa0/0xd0 [ 52.701009] path_openat+0x10d7/0x4690 [ 52.706719] do_filp_open+0x1a1/0x280 [ 52.712427] do_sys_open+0x3fe/0x550 [ 52.717966] __x64_sys_openat+0x9d/0x100 [ 52.723850] do_syscall_64+0xfd/0x620 [ 52.729596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.736594] INITIAL USE at: [ 52.746743] lock_acquire+0x16f/0x3f0 [ 52.752292] _raw_spin_lock+0x2f/0x40 [ 52.757834] flush_bg_queue+0x1f3/0x3d0 [ 52.763548] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.772548] fuse_request_send_background+0x12b/0x180 [ 52.779518] cuse_channel_open+0x5ba/0x830 [ 52.785495] misc_open+0x395/0x4c0 [ 52.790772] chrdev_open+0x245/0x6b0 [ 52.796228] do_dentry_open+0x4c3/0x1200 [ 52.802034] vfs_open+0xa0/0xd0 [ 52.807045] path_openat+0x10d7/0x4690 [ 52.812673] do_filp_open+0x1a1/0x280 [ 52.818227] do_sys_open+0x3fe/0x550 [ 52.823676] __x64_sys_openat+0x9d/0x100 [ 52.829469] do_syscall_64+0xfd/0x620 [ 52.835006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.842052] } [ 52.843943] ... key at: [] __key.42197+0x0/0x40 [ 52.850771] ... acquired at: [ 52.854009] _raw_spin_lock+0x2f/0x40 [ 52.857993] io_submit_one+0xef2/0x2eb0 [ 52.862138] __x64_sys_io_submit+0x1aa/0x520 [ 52.866719] do_syscall_64+0xfd/0x620 [ 52.870730] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.876076] [ 52.877685] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 52.883132] IN-SOFTIRQ-W at: [ 52.886411] lock_acquire+0x16f/0x3f0 [ 52.891946] _raw_spin_lock_irq+0x60/0x80 [ 52.897737] free_ioctx_users+0x2d/0x490 [ 52.903456] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.910579] rcu_process_callbacks+0xba0/0x1a30 [ 52.916893] __do_softirq+0x25c/0x921 [ 52.922543] irq_exit+0x180/0x1d0 [ 52.927655] smp_apic_timer_interrupt+0x13b/0x550 [ 52.934144] apic_timer_interrupt+0xf/0x20 [ 52.940023] native_safe_halt+0xe/0x10 [ 52.945576] arch_cpu_idle+0xa/0x10 [ 52.950872] default_idle_call+0x36/0x90 [ 52.956582] do_idle+0x377/0x560 [ 52.961751] cpu_startup_entry+0xc8/0xe0 [ 52.967487] rest_init+0xf1/0xf6 [ 52.972510] start_kernel+0x88c/0x8c5 [ 52.977963] x86_64_start_reservations+0x29/0x2b [ 52.984390] x86_64_start_kernel+0x77/0x7b [ 52.990288] secondary_startup_64+0xa4/0xb0 [ 52.996526] INITIAL USE at: [ 52.999726] lock_acquire+0x16f/0x3f0 [ 53.005100] _raw_spin_lock_irq+0x60/0x80 [ 53.010817] io_submit_one+0xead/0x2eb0 [ 53.016409] __x64_sys_io_submit+0x1aa/0x520 [ 53.022457] do_syscall_64+0xfd/0x620 [ 53.028483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.035433] } [ 53.037255] ... key at: [] __key.50192+0x0/0x40 [ 53.043997] ... acquired at: [ 53.047180] mark_lock+0x420/0x1370 [ 53.050980] __lock_acquire+0xc65/0x48f0 [ 53.055573] lock_acquire+0x16f/0x3f0 [ 53.059685] _raw_spin_lock_irq+0x60/0x80 [ 53.064384] free_ioctx_users+0x2d/0x490 [ 53.068631] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.074260] rcu_process_callbacks+0xba0/0x1a30 [ 53.079159] __do_softirq+0x25c/0x921 [ 53.083140] irq_exit+0x180/0x1d0 [ 53.086770] smp_apic_timer_interrupt+0x13b/0x550 [ 53.091878] apic_timer_interrupt+0xf/0x20 [ 53.096366] native_safe_halt+0xe/0x10 [ 53.100971] arch_cpu_idle+0xa/0x10 [ 53.104774] default_idle_call+0x36/0x90 [ 53.109012] do_idle+0x377/0x560 [ 53.112580] cpu_startup_entry+0xc8/0xe0 [ 53.117012] rest_init+0xf1/0xf6 [ 53.120552] start_kernel+0x88c/0x8c5 [ 53.124883] x86_64_start_reservations+0x29/0x2b [ 53.129826] x86_64_start_kernel+0x77/0x7b [ 53.134236] secondary_startup_64+0xa4/0xb0 [ 53.138722] [ 53.140353] [ 53.140353] stack backtrace: [ 53.144868] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.50 #22 [ 53.151324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.161418] Call Trace: [ 53.164990] [ 53.168239] dump_stack+0x172/0x1f0 [ 53.172044] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 53.177502] check_usage_forwards.cold+0x20/0x29 [ 53.182715] ? check_usage_backwards+0x340/0x340 [ 53.188042] ? save_stack_trace+0x1a/0x20 [ 53.192240] ? save_trace+0xe0/0x290 [ 53.196135] mark_lock+0x420/0x1370 [ 53.205405] ? check_usage_backwards+0x340/0x340 [ 53.210279] __lock_acquire+0xc65/0x48f0 [ 53.214374] ? mark_held_locks+0x100/0x100 [ 53.218613] ? mark_held_locks+0x100/0x100 [ 53.222840] ? __wake_up_common_lock+0xfe/0x190 [ 53.227641] ? mark_held_locks+0x100/0x100 [ 53.231866] ? __wake_up_common_lock+0xfe/0x190 [ 53.236522] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 53.241617] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 53.247503] ? trace_hardirqs_on+0x67/0x220 [ 53.251997] ? kasan_check_read+0x11/0x20 [ 53.256144] lock_acquire+0x16f/0x3f0 [ 53.259941] ? free_ioctx_users+0x2d/0x490 [ 53.264369] _raw_spin_lock_irq+0x60/0x80 [ 53.268531] ? free_ioctx_users+0x2d/0x490 [ 53.273300] free_ioctx_users+0x2d/0x490 [ 53.277558] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 53.282769] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.288249] ? percpu_ref_exit+0xd0/0xd0 [ 53.292327] rcu_process_callbacks+0xba0/0x1a30 [ 53.297001] ? __rcu_read_unlock+0x170/0x170 [ 53.301410] __do_softirq+0x25c/0x921 [ 53.305204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.310828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.316371] irq_exit+0x180/0x1d0 [ 53.321082] smp_apic_timer_interrupt+0x13b/0x550 [ 53.326112] apic_timer_interrupt+0xf/0x20 [ 53.330336] [ 53.332595] RIP: 0010:native_safe_halt+0xe/0x10 [ 53.337268] Code: ff ff 48 89 df e8 22 41 b2 fa eb 82 e9 07 00 00 00 0f 00 2d 84 9c 58 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 9c 58 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 ae 72 6a fa e8 49 [ 53.356519] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 53.364249] RAX: 1ffffffff10e46cc RBX: ffffffff88679e80 RCX: 0000000000000000 [ 53.371801] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a6fc [ 53.379605] RBP: ffffffff88607cd8 R08: ffffffff88679e80 R09: 0000000000000000 [ 53.387089] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 53.394504] R13: ffffffff88723650 R14: 0000000000000000 R15: 0000000000000000 [ 53.401931] ? default_idle+0x4e/0x320 [ 53.405817] arch_cpu_idle+0xa/0x10 [ 53.409453] default_idle_call+0x36/0x90 [ 53.413516] do_idle+0x377/0x560 [ 53.416871] ? arch_cpu_idle_exit+0x80/0x80 [ 53.421179] ? check_preemption_disabled+0x48/0x290 [ 53.426203] cpu_startup_entry+0xc8/0xe0 [ 53.430361] ? cpu_in_idle+0x20/0x20 [ 53.434083] rest_init+0xf1/0xf6 [ 53.437441] start_kernel+0x88c/0x8c5