[ 39.357706] audit: type=1800 audit(1567006967.316:32): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.190717] audit: type=1800 audit(1567006968.236:33): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.931405] kauditd_printk_skb: 2 callbacks suppressed [ 46.931421] audit: type=1400 audit(1567006974.976:36): avc: denied { map } for pid=7662 comm="syz-executor816" path="/root/syz-executor816626352" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.968679] [ 46.970341] ======================================================== [ 46.976943] WARNING: possible irq lock inversion dependency detected [ 46.983452] 4.19.68 #42 Not tainted [ 46.987069] -------------------------------------------------------- [ 46.993545] swapper/1/0 just changed the state of lock: [ 46.998903] 00000000a4840af4 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.007782] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.014602] (&fiq->waitq){+.+.} [ 47.014612] [ 47.014612] [ 47.014612] and interrupts could create inverse lock ordering between them. [ 47.014612] [ 47.029476] [ 47.029476] other info that might help us debug this: [ 47.036154] Possible interrupt unsafe locking scenario: [ 47.036154] [ 47.043069] CPU0 CPU1 [ 47.047718] ---- ---- [ 47.052367] lock(&fiq->waitq); [ 47.055717] local_irq_disable(); [ 47.061756] lock(&(&ctx->ctx_lock)->rlock); [ 47.068748] lock(&fiq->waitq); [ 47.074628] [ 47.077363] lock(&(&ctx->ctx_lock)->rlock); [ 47.082105] [ 47.082105] *** DEADLOCK *** [ 47.082105] [ 47.088152] 2 locks held by swapper/1/0: [ 47.092194] #0: 000000007c7df994 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.100951] #1: 000000001d89fb13 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.111111] [ 47.111111] the shortest dependencies between 2nd lock and 1st lock: [ 47.119072] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.123569] HARDIRQ-ON-W at: [ 47.126943] lock_acquire+0x16f/0x3f0 [ 47.132567] _raw_spin_lock+0x2f/0x40 [ 47.138197] flush_bg_queue+0x1f3/0x3d0 [ 47.143984] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.151625] fuse_request_send_background+0x12b/0x180 [ 47.158646] cuse_channel_open+0x5ba/0x830 [ 47.164838] misc_open+0x395/0x4c0 [ 47.170211] chrdev_open+0x245/0x6b0 [ 47.175794] do_dentry_open+0x4c3/0x1210 [ 47.181689] vfs_open+0xa0/0xd0 [ 47.188256] path_openat+0x10d7/0x45e0 [ 47.193968] do_filp_open+0x1a1/0x280 [ 47.199612] do_sys_open+0x3fe/0x550 [ 47.205165] __x64_sys_openat+0x9d/0x100 [ 47.211065] do_syscall_64+0xfd/0x620 [ 47.218047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.225056] SOFTIRQ-ON-W at: [ 47.228424] lock_acquire+0x16f/0x3f0 [ 47.234045] _raw_spin_lock+0x2f/0x40 [ 47.240010] flush_bg_queue+0x1f3/0x3d0 [ 47.245978] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.253905] fuse_request_send_background+0x12b/0x180 [ 47.260916] cuse_channel_open+0x5ba/0x830 [ 47.266985] misc_open+0x395/0x4c0 [ 47.272370] chrdev_open+0x245/0x6b0 [ 47.277917] do_dentry_open+0x4c3/0x1210 [ 47.283808] vfs_open+0xa0/0xd0 [ 47.288906] path_openat+0x10d7/0x45e0 [ 47.294611] do_filp_open+0x1a1/0x280 [ 47.300227] do_sys_open+0x3fe/0x550 [ 47.305857] __x64_sys_openat+0x9d/0x100 [ 47.312343] do_syscall_64+0xfd/0x620 [ 47.317970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.324976] INITIAL USE at: [ 47.328254] lock_acquire+0x16f/0x3f0 [ 47.333800] _raw_spin_lock+0x2f/0x40 [ 47.339444] flush_bg_queue+0x1f3/0x3d0 [ 47.345167] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.352708] fuse_request_send_background+0x12b/0x180 [ 47.359630] cuse_channel_open+0x5ba/0x830 [ 47.365681] misc_open+0x395/0x4c0 [ 47.370986] chrdev_open+0x245/0x6b0 [ 47.376435] do_dentry_open+0x4c3/0x1210 [ 47.382238] vfs_open+0xa0/0xd0 [ 47.387254] path_openat+0x10d7/0x45e0 [ 47.392882] do_filp_open+0x1a1/0x280 [ 47.398411] do_sys_open+0x3fe/0x550 [ 47.403857] __x64_sys_openat+0x9d/0x100 [ 47.409818] do_syscall_64+0xfd/0x620 [ 47.415372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.422286] } [ 47.424199] ... key at: [] __key.42211+0x0/0x40 [ 47.431042] ... acquired at: [ 47.434231] _raw_spin_lock+0x2f/0x40 [ 47.438198] io_submit_one+0xef2/0x2eb0 [ 47.442341] __x64_sys_io_submit+0x1aa/0x520 [ 47.447003] do_syscall_64+0xfd/0x620 [ 47.450980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.456327] [ 47.457966] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.463439] IN-SOFTIRQ-W at: [ 47.466722] lock_acquire+0x16f/0x3f0 [ 47.472163] _raw_spin_lock_irq+0x60/0x80 [ 47.477955] free_ioctx_users+0x2d/0x490 [ 47.483755] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.490850] rcu_process_callbacks+0xba0/0x1a30 [ 47.497160] __do_softirq+0x25c/0x921 [ 47.502627] irq_exit+0x180/0x1d0 [ 47.507740] smp_apic_timer_interrupt+0x13b/0x550 [ 47.514223] apic_timer_interrupt+0xf/0x20 [ 47.520099] native_safe_halt+0xe/0x10 [ 47.525631] arch_cpu_idle+0xa/0x10 [ 47.530906] default_idle_call+0x36/0x90 [ 47.536783] do_idle+0x377/0x560 [ 47.541813] cpu_startup_entry+0xc8/0xe0 [ 47.547518] start_secondary+0x3e8/0x5b0 [ 47.553323] secondary_startup_64+0xa4/0xb0 [ 47.559280] INITIAL USE at: [ 47.562466] lock_acquire+0x16f/0x3f0 [ 47.567945] _raw_spin_lock_irq+0x60/0x80 [ 47.573781] io_submit_one+0xead/0x2eb0 [ 47.579309] __x64_sys_io_submit+0x1aa/0x520 [ 47.585277] do_syscall_64+0xfd/0x620 [ 47.590632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.597382] } [ 47.599204] ... key at: [] __key.50211+0x0/0x40 [ 47.617864] ... acquired at: [ 47.621096] mark_lock+0x420/0x1370 [ 47.624884] __lock_acquire+0xc62/0x49c0 [ 47.629104] lock_acquire+0x16f/0x3f0 [ 47.633068] _raw_spin_lock_irq+0x60/0x80 [ 47.637383] free_ioctx_users+0x2d/0x490 [ 47.641615] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.647249] rcu_process_callbacks+0xba0/0x1a30 [ 47.652085] __do_softirq+0x25c/0x921 [ 47.656051] irq_exit+0x180/0x1d0 [ 47.659663] smp_apic_timer_interrupt+0x13b/0x550 [ 47.664664] apic_timer_interrupt+0xf/0x20 [ 47.669063] native_safe_halt+0xe/0x10 [ 47.673139] arch_cpu_idle+0xa/0x10 [ 47.676938] default_idle_call+0x36/0x90 [ 47.681166] do_idle+0x377/0x560 [ 47.684690] cpu_startup_entry+0xc8/0xe0 [ 47.688919] start_secondary+0x3e8/0x5b0 [ 47.693148] secondary_startup_64+0xa4/0xb0 [ 47.697626] [ 47.699250] [ 47.699250] stack backtrace: [ 47.703755] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.68 #42 [ 47.709969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.720631] Call Trace: [ 47.723203] [ 47.725352] dump_stack+0x172/0x1f0 [ 47.728972] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.734330] check_usage_forwards.cold+0x20/0x29 [ 47.739078] ? check_usage_backwards+0x340/0x340 [ 47.743841] ? save_stack_trace+0x1a/0x20 [ 47.747976] ? save_trace+0xe0/0x290 [ 47.751678] mark_lock+0x420/0x1370 [ 47.755302] ? check_usage_backwards+0x340/0x340 [ 47.760047] __lock_acquire+0xc62/0x49c0 [ 47.764182] ? mark_held_locks+0x100/0x100 [ 47.768499] ? mark_held_locks+0x100/0x100 [ 47.772726] ? __wake_up_common_lock+0xfe/0x190 [ 47.777384] ? mark_held_locks+0x100/0x100 [ 47.781611] ? __wake_up_common_lock+0xfe/0x190 [ 47.786267] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.791380] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.795955] ? trace_hardirqs_on+0x67/0x220 [ 47.800266] ? kasan_check_read+0x11/0x20 [ 47.804495] lock_acquire+0x16f/0x3f0 [ 47.808379] ? free_ioctx_users+0x2d/0x490 [ 47.812606] _raw_spin_lock_irq+0x60/0x80 [ 47.816748] ? free_ioctx_users+0x2d/0x490 [ 47.820977] free_ioctx_users+0x2d/0x490 [ 47.825036] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 47.830221] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.835662] ? percpu_ref_exit+0xd0/0xd0 [ 47.839712] rcu_process_callbacks+0xba0/0x1a30 [ 47.844380] ? __rcu_read_unlock+0x170/0x170 [ 47.848783] __do_softirq+0x25c/0x921 [ 47.852576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.858121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.863660] irq_exit+0x180/0x1d0 [ 47.867106] smp_apic_timer_interrupt+0x13b/0x550 [ 47.871960] apic_timer_interrupt+0xf/0x20 [ 47.876176] [ 47.878408] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.883068] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 47.901963] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 47.909665] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 47.916925] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 47.924184] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 47.931445] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 47.938704] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 47.945980] ? default_idle+0x4e/0x320 [ 47.949863] arch_cpu_idle+0xa/0x10 [ 47.953653] default_idle_call+0x36/0x90 [ 47.957705] do_idle+0x377/0x560 [ 47.961089] ? arch_cpu_idle_exit+0x80/0x80 [ 47.965411] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 47.970506] ? complete+0x61/0x80 [ 47.973949] cpu_startup_entry+0xc8/0xe0 [ 47.978022] ? cpu_in_idle+0x20/0x20 [ 47.981756] ? setup_APIC_timer+0x1aa/0x200 [ 47.98608