[ 38.868948] audit: type=1800 audit(1567015749.219:31): pid=7520 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 38.902662] audit: type=1800 audit(1567015749.229:32): pid=7520 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.553533] kauditd_printk_skb: 3 callbacks suppressed [ 46.553555] audit: type=1400 audit(1567015756.959:36): avc: denied { map } for pid=7707 comm="syz-executor885" path="/root/syz-executor885739256" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.586878] [ 46.588518] ======================================================== [ 46.594994] WARNING: possible irq lock inversion dependency detected [ 46.601532] 4.19.68 #42 Not tainted [ 46.605278] -------------------------------------------------------- [ 46.611764] swapper/0/0 just changed the state of lock: [ 46.617160] 00000000674502f6 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 46.625920] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 46.632932] (&fiq->waitq){+.+.} [ 46.632941] [ 46.632941] [ 46.632941] and interrupts could create inverse lock ordering between them. [ 46.632941] [ 46.647884] [ 46.647884] other info that might help us debug this: [ 46.654533] Possible interrupt unsafe locking scenario: [ 46.654533] [ 46.661622] CPU0 CPU1 [ 46.666276] ---- ---- [ 46.670921] lock(&fiq->waitq); [ 46.674272] local_irq_disable(); [ 46.680309] lock(&(&ctx->ctx_lock)->rlock); [ 46.687306] lock(&fiq->waitq); [ 46.693540] [ 46.696282] lock(&(&ctx->ctx_lock)->rlock); [ 46.700956] [ 46.700956] *** DEADLOCK *** [ 46.700956] [ 46.707021] 2 locks held by swapper/0/0: [ 46.711153] #0: 000000002927a99d (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 46.720296] #1: 00000000017c5f85 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 46.730449] [ 46.730449] the shortest dependencies between 2nd lock and 1st lock: [ 46.738414] -> (&fiq->waitq){+.+.} ops: 4 { [ 46.742945] HARDIRQ-ON-W at: [ 46.746329] lock_acquire+0x16f/0x3f0 [ 46.751951] _raw_spin_lock+0x2f/0x40 [ 46.757568] flush_bg_queue+0x1f3/0x3d0 [ 46.763357] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.770967] fuse_request_send_background+0x12b/0x180 [ 46.777977] cuse_channel_open+0x5ba/0x830 [ 46.784109] misc_open+0x395/0x4c0 [ 46.789466] chrdev_open+0x245/0x6b0 [ 46.795013] do_dentry_open+0x4c3/0x1210 [ 46.800917] vfs_open+0xa0/0xd0 [ 46.806036] path_openat+0x10d7/0x45e0 [ 46.811740] do_filp_open+0x1a1/0x280 [ 46.817379] do_sys_open+0x3fe/0x550 [ 46.822927] __x64_sys_openat+0x9d/0x100 [ 46.828812] do_syscall_64+0xfd/0x620 [ 46.834432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.841480] SOFTIRQ-ON-W at: [ 46.844864] lock_acquire+0x16f/0x3f0 [ 46.850495] _raw_spin_lock+0x2f/0x40 [ 46.856212] flush_bg_queue+0x1f3/0x3d0 [ 46.862976] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.870656] fuse_request_send_background+0x12b/0x180 [ 46.877700] cuse_channel_open+0x5ba/0x830 [ 46.883839] misc_open+0x395/0x4c0 [ 46.889267] chrdev_open+0x245/0x6b0 [ 46.894892] do_dentry_open+0x4c3/0x1210 [ 46.900767] vfs_open+0xa0/0xd0 [ 46.905859] path_openat+0x10d7/0x45e0 [ 46.911577] do_filp_open+0x1a1/0x280 [ 46.917289] do_sys_open+0x3fe/0x550 [ 46.922831] __x64_sys_openat+0x9d/0x100 [ 46.928730] do_syscall_64+0xfd/0x620 [ 46.934357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.941438] INITIAL USE at: [ 46.944710] lock_acquire+0x16f/0x3f0 [ 46.950414] _raw_spin_lock+0x2f/0x40 [ 46.956072] flush_bg_queue+0x1f3/0x3d0 [ 46.962214] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.969842] fuse_request_send_background+0x12b/0x180 [ 46.976854] cuse_channel_open+0x5ba/0x830 [ 46.983175] misc_open+0x395/0x4c0 [ 46.988438] chrdev_open+0x245/0x6b0 [ 46.994223] do_dentry_open+0x4c3/0x1210 [ 47.000105] vfs_open+0xa0/0xd0 [ 47.005110] path_openat+0x10d7/0x45e0 [ 47.010816] do_filp_open+0x1a1/0x280 [ 47.016446] do_sys_open+0x3fe/0x550 [ 47.022123] __x64_sys_openat+0x9d/0x100 [ 47.028053] do_syscall_64+0xfd/0x620 [ 47.033579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.040498] } [ 47.042391] ... key at: [] __key.42211+0x0/0x40 [ 47.049405] ... acquired at: [ 47.052610] _raw_spin_lock+0x2f/0x40 [ 47.056575] io_submit_one+0xef2/0x2eb0 [ 47.060715] __x64_sys_io_submit+0x1aa/0x520 [ 47.065293] do_syscall_64+0xfd/0x620 [ 47.069258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.074611] [ 47.076261] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.081713] IN-SOFTIRQ-W at: [ 47.084983] lock_acquire+0x16f/0x3f0 [ 47.090446] _raw_spin_lock_irq+0x60/0x80 [ 47.096252] free_ioctx_users+0x2d/0x490 [ 47.101974] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.109079] rcu_process_callbacks+0xba0/0x1a30 [ 47.115401] __do_softirq+0x25c/0x921 [ 47.120840] irq_exit+0x180/0x1d0 [ 47.125926] smp_apic_timer_interrupt+0x13b/0x550 [ 47.132669] apic_timer_interrupt+0xf/0x20 [ 47.138556] native_safe_halt+0xe/0x10 [ 47.144111] arch_cpu_idle+0xa/0x10 [ 47.149375] default_idle_call+0x36/0x90 [ 47.155348] do_idle+0x377/0x560 [ 47.160348] cpu_startup_entry+0xc8/0xe0 [ 47.166041] rest_init+0x219/0x222 [ 47.171389] start_kernel+0x88c/0x8c5 [ 47.176851] x86_64_start_reservations+0x29/0x2b [ 47.183333] x86_64_start_kernel+0x77/0x7b [ 47.189239] secondary_startup_64+0xa4/0xb0 [ 47.195196] INITIAL USE at: [ 47.198381] lock_acquire+0x16f/0x3f0 [ 47.203743] _raw_spin_lock_irq+0x60/0x80 [ 47.209531] io_submit_one+0xead/0x2eb0 [ 47.215069] __x64_sys_io_submit+0x1aa/0x520 [ 47.221047] do_syscall_64+0xfd/0x620 [ 47.226408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.233140] } [ 47.234936] ... key at: [] __key.50211+0x0/0x40 [ 47.241691] ... acquired at: [ 47.244790] mark_lock+0x420/0x1370 [ 47.249029] __lock_acquire+0xc62/0x49c0 [ 47.253271] lock_acquire+0x16f/0x3f0 [ 47.257247] _raw_spin_lock_irq+0x60/0x80 [ 47.261553] free_ioctx_users+0x2d/0x490 [ 47.265793] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.271436] rcu_process_callbacks+0xba0/0x1a30 [ 47.276743] __do_softirq+0x25c/0x921 [ 47.280704] irq_exit+0x180/0x1d0 [ 47.284400] smp_apic_timer_interrupt+0x13b/0x550 [ 47.289400] apic_timer_interrupt+0xf/0x20 [ 47.293806] native_safe_halt+0xe/0x10 [ 47.297857] arch_cpu_idle+0xa/0x10 [ 47.301639] default_idle_call+0x36/0x90 [ 47.305885] do_idle+0x377/0x560 [ 47.309428] cpu_startup_entry+0xc8/0xe0 [ 47.313648] rest_init+0x219/0x222 [ 47.317370] start_kernel+0x88c/0x8c5 [ 47.321341] x86_64_start_reservations+0x29/0x2b [ 47.326456] x86_64_start_kernel+0x77/0x7b [ 47.330853] secondary_startup_64+0xa4/0xb0 [ 47.335350] [ 47.337224] [ 47.337224] stack backtrace: [ 47.341962] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.68 #42 [ 47.348182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.357528] Call Trace: [ 47.360094] [ 47.362336] dump_stack+0x172/0x1f0 [ 47.365949] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.371302] check_usage_forwards.cold+0x20/0x29 [ 47.376177] ? check_usage_backwards+0x340/0x340 [ 47.380949] ? save_stack_trace+0x1a/0x20 [ 47.385089] ? save_trace+0xe0/0x290 [ 47.388816] mark_lock+0x420/0x1370 [ 47.392433] ? check_usage_backwards+0x340/0x340 [ 47.397196] __lock_acquire+0xc62/0x49c0 [ 47.401245] ? mark_held_locks+0x100/0x100 [ 47.405480] ? mark_held_locks+0x100/0x100 [ 47.409727] ? __wake_up_common_lock+0xfe/0x190 [ 47.414468] ? mark_held_locks+0x100/0x100 [ 47.418702] ? __wake_up_common_lock+0xfe/0x190 [ 47.423376] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.428563] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.433134] ? trace_hardirqs_on+0x67/0x220 [ 47.437454] ? kasan_check_read+0x11/0x20 [ 47.441619] lock_acquire+0x16f/0x3f0 [ 47.445409] ? free_ioctx_users+0x2d/0x490 [ 47.449633] _raw_spin_lock_irq+0x60/0x80 [ 47.453785] ? free_ioctx_users+0x2d/0x490 [ 47.458027] free_ioctx_users+0x2d/0x490 [ 47.462074] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 47.467282] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.472719] ? percpu_ref_exit+0xd0/0xd0 [ 47.476774] rcu_process_callbacks+0xba0/0x1a30 [ 47.481521] ? __rcu_read_unlock+0x170/0x170 [ 47.486169] __do_softirq+0x25c/0x921 [ 47.489957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.495502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.501256] irq_exit+0x180/0x1d0 [ 47.504703] smp_apic_timer_interrupt+0x13b/0x550 [ 47.509778] apic_timer_interrupt+0xf/0x20 [ 47.514170] [ 47.517046] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.521826] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 47.541211] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 47.548962] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 47.556268] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 47.563534] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 47.570794] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 47.578053] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 47.585327] ? default_idle+0x4e/0x320 [ 47.589305] arch_cpu_idle+0xa/0x10 [ 47.593031] default_idle_call+0x36/0x90 [ 47.597166] do_idle+0x377/0x560 [ 47.600533] ? arch_cpu_idle_exit+0x80/0x80 [ 47.604931] ? check_preemption_disabled+0x48/0x290 [ 47.609944] cpu_startup_entry+0xc8/0xe0 [ 47.613992] ? cpu_in_idle+0x20/0x20 [ 47.617795] rest_init+0x219/0x222 [ 47.621432] start_kernel+0x88c/0x8c5 [ 47.625294] ? mem_encrypt_init+0xb/0xb [ 47.629383] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.635190] ? x86_family+0x41/0x50 [ 47.638833] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 47.644399] x86_64_start_reservations+0x29/0x2b [ 47.649157] x86_64_start_kernel+0x77/0x7b [ 47.653398] secondary_startup_64+0xa4/0xb0