[ 37.678461] audit: type=1800 audit(1565860637.843:32): pid=7415 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.529058] audit: type=1800 audit(1565860638.763:33): pid=7415 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.202400] kauditd_printk_skb: 2 callbacks suppressed [ 46.202415] audit: type=1400 audit(1565860646.443:36): avc: denied { map } for pid=7603 comm="syz-executor231" path="/root/syz-executor231445722" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.240769] [ 46.242572] ======================================================== [ 46.249042] WARNING: possible irq lock inversion dependency detected [ 46.255522] 4.19.66 #40 Not tainted [ 46.259129] -------------------------------------------------------- [ 46.265682] swapper/1/0 just changed the state of lock: [ 46.271068] 0000000025405f76 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 46.280134] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 46.286972] (&fiq->waitq){+.+.} [ 46.286981] [ 46.286981] [ 46.286981] and interrupts could create inverse lock ordering between them. [ 46.286981] [ 46.302450] [ 46.302450] other info that might help us debug this: [ 46.309096] Possible interrupt unsafe locking scenario: [ 46.309096] [ 46.316000] CPU0 CPU1 [ 46.320667] ---- ---- [ 46.325314] lock(&fiq->waitq); [ 46.328662] local_irq_disable(); [ 46.334711] lock(&(&ctx->ctx_lock)->rlock); [ 46.341791] lock(&fiq->waitq); [ 46.347667] [ 46.350405] lock(&(&ctx->ctx_lock)->rlock); [ 46.355063] [ 46.355063] *** DEADLOCK *** [ 46.355063] [ 46.361109] 2 locks held by swapper/1/0: [ 46.365142] #0: 0000000084a53657 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 46.374836] #1: 0000000013323a12 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 46.385231] [ 46.385231] the shortest dependencies between 2nd lock and 1st lock: [ 46.393269] -> (&fiq->waitq){+.+.} ops: 4 { [ 46.397687] HARDIRQ-ON-W at: [ 46.401039] lock_acquire+0x16f/0x3f0 [ 46.406659] _raw_spin_lock+0x2f/0x40 [ 46.412288] flush_bg_queue+0x1f3/0x3d0 [ 46.418082] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.426323] fuse_request_send_background+0x12b/0x180 [ 46.433854] cuse_channel_open+0x5ba/0x830 [ 46.439985] misc_open+0x395/0x4c0 [ 46.445352] chrdev_open+0x245/0x6b0 [ 46.450876] do_dentry_open+0x4c3/0x1210 [ 46.456735] vfs_open+0xa0/0xd0 [ 46.461910] path_openat+0x10d7/0x45e0 [ 46.467615] do_filp_open+0x1a1/0x280 [ 46.473219] do_sys_open+0x3fe/0x550 [ 46.478732] __x64_sys_openat+0x9d/0x100 [ 46.484608] do_syscall_64+0xfd/0x620 [ 46.490419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.497409] SOFTIRQ-ON-W at: [ 46.500757] lock_acquire+0x16f/0x3f0 [ 46.506372] _raw_spin_lock+0x2f/0x40 [ 46.511975] flush_bg_queue+0x1f3/0x3d0 [ 46.517766] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.525370] fuse_request_send_background+0x12b/0x180 [ 46.532381] cuse_channel_open+0x5ba/0x830 [ 46.538620] misc_open+0x395/0x4c0 [ 46.545361] chrdev_open+0x245/0x6b0 [ 46.551504] do_dentry_open+0x4c3/0x1210 [ 46.557383] vfs_open+0xa0/0xd0 [ 46.563315] path_openat+0x10d7/0x45e0 [ 46.569009] do_filp_open+0x1a1/0x280 [ 46.574785] do_sys_open+0x3fe/0x550 [ 46.580300] __x64_sys_openat+0x9d/0x100 [ 46.586185] do_syscall_64+0xfd/0x620 [ 46.591918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.598958] INITIAL USE at: [ 46.602220] lock_acquire+0x16f/0x3f0 [ 46.607736] _raw_spin_lock+0x2f/0x40 [ 46.613264] flush_bg_queue+0x1f3/0x3d0 [ 46.618969] fuse_request_send_background_locked+0x26d/0x4e0 [ 46.627098] fuse_request_send_background+0x12b/0x180 [ 46.634006] cuse_channel_open+0x5ba/0x830 [ 46.639957] misc_open+0x395/0x4c0 [ 46.645213] chrdev_open+0x245/0x6b0 [ 46.650661] do_dentry_open+0x4c3/0x1210 [ 46.656455] vfs_open+0xa0/0xd0 [ 46.661546] path_openat+0x10d7/0x45e0 [ 46.667237] do_filp_open+0x1a1/0x280 [ 46.672811] do_sys_open+0x3fe/0x550 [ 46.678241] __x64_sys_openat+0x9d/0x100 [ 46.684021] do_syscall_64+0xfd/0x620 [ 46.689536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.696437] } [ 46.698334] ... key at: [] __key.42212+0x0/0x40 [ 46.705147] ... acquired at: [ 46.708340] _raw_spin_lock+0x2f/0x40 [ 46.712297] io_submit_one+0xef2/0x2eb0 [ 46.716421] __x64_sys_io_submit+0x1aa/0x520 [ 46.720980] do_syscall_64+0xfd/0x620 [ 46.725021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.730630] [ 46.732237] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 46.737668] IN-SOFTIRQ-W at: [ 46.740928] lock_acquire+0x16f/0x3f0 [ 46.746358] _raw_spin_lock_irq+0x60/0x80 [ 46.752135] free_ioctx_users+0x2d/0x490 [ 46.757826] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 46.764905] rcu_process_callbacks+0xba0/0x1a30 [ 46.771205] __do_softirq+0x25c/0x921 [ 46.776742] irq_exit+0x180/0x1d0 [ 46.781823] smp_apic_timer_interrupt+0x13b/0x550 [ 46.788294] apic_timer_interrupt+0xf/0x20 [ 46.794428] native_safe_halt+0xe/0x10 [ 46.800304] arch_cpu_idle+0xa/0x10 [ 46.805581] default_idle_call+0x36/0x90 [ 46.811360] do_idle+0x377/0x560 [ 46.816354] cpu_startup_entry+0xc8/0xe0 [ 46.822333] start_secondary+0x3e8/0x5b0 [ 46.828375] secondary_startup_64+0xa4/0xb0 [ 46.834322] INITIAL USE at: [ 46.837496] lock_acquire+0x16f/0x3f0 [ 46.842839] _raw_spin_lock_irq+0x60/0x80 [ 46.848531] io_submit_one+0xead/0x2eb0 [ 46.854051] __x64_sys_io_submit+0x1aa/0x520 [ 46.860002] do_syscall_64+0xfd/0x620 [ 46.865357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.872080] } [ 46.873871] ... key at: [] __key.50212+0x0/0x40 [ 46.880596] ... acquired at: [ 46.883682] mark_lock+0x420/0x1370 [ 46.887459] __lock_acquire+0xc62/0x49c0 [ 46.891683] lock_acquire+0x16f/0x3f0 [ 46.895648] _raw_spin_lock_irq+0x60/0x80 [ 46.899963] free_ioctx_users+0x2d/0x490 [ 46.904188] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 46.909788] rcu_process_callbacks+0xba0/0x1a30 [ 46.914608] __do_softirq+0x25c/0x921 [ 46.918561] irq_exit+0x180/0x1d0 [ 46.922167] smp_apic_timer_interrupt+0x13b/0x550 [ 46.927249] apic_timer_interrupt+0xf/0x20 [ 46.931650] native_safe_halt+0xe/0x10 [ 46.935692] arch_cpu_idle+0xa/0x10 [ 46.939470] default_idle_call+0x36/0x90 [ 46.943701] do_idle+0x377/0x560 [ 46.947224] cpu_startup_entry+0xc8/0xe0 [ 46.951450] start_secondary+0x3e8/0x5b0 [ 46.955676] secondary_startup_64+0xa4/0xb0 [ 46.960156] [ 46.961762] [ 46.961762] stack backtrace: [ 46.966250] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.66 #40 [ 46.972459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.981988] Call Trace: [ 46.984554] [ 46.986690] dump_stack+0x172/0x1f0 [ 46.990302] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 46.995657] check_usage_forwards.cold+0x20/0x29 [ 47.000745] ? check_usage_backwards+0x340/0x340 [ 47.005580] ? save_stack_trace+0x1a/0x20 [ 47.009714] ? save_trace+0xe0/0x290 [ 47.013411] mark_lock+0x420/0x1370 [ 47.017021] ? check_usage_backwards+0x340/0x340 [ 47.021866] __lock_acquire+0xc62/0x49c0 [ 47.025908] ? mark_held_locks+0x100/0x100 [ 47.030721] ? mark_held_locks+0x100/0x100 [ 47.035426] ? __wake_up_common_lock+0xfe/0x190 [ 47.040858] ? mark_held_locks+0x100/0x100 [ 47.045070] ? __wake_up_common_lock+0xfe/0x190 [ 47.050156] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.055239] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.059802] ? trace_hardirqs_on+0x67/0x220 [ 47.064191] ? kasan_check_read+0x11/0x20 [ 47.068335] lock_acquire+0x16f/0x3f0 [ 47.072118] ? free_ioctx_users+0x2d/0x490 [ 47.076331] _raw_spin_lock_irq+0x60/0x80 [ 47.080460] ? free_ioctx_users+0x2d/0x490 [ 47.084709] free_ioctx_users+0x2d/0x490 [ 47.089277] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 47.094458] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.099893] ? percpu_ref_exit+0xd0/0xd0 [ 47.103933] rcu_process_callbacks+0xba0/0x1a30 [ 47.108584] ? __rcu_read_unlock+0x170/0x170 [ 47.112980] __do_softirq+0x25c/0x921 [ 47.116760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.122291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.127812] irq_exit+0x180/0x1d0 [ 47.131251] smp_apic_timer_interrupt+0x13b/0x550 [ 47.136075] apic_timer_interrupt+0xf/0x20 [ 47.140296] [ 47.142575] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.148871] Code: ff ff 48 89 df e8 12 5a ae fa eb 82 e9 07 00 00 00 0f 00 2d 14 41 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 04 41 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 0e 3e 66 fa e8 89 [ 47.167928] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 47.175635] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 47.182885] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 47.190219] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 47.197486] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 47.204741] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 47.212014] ? default_idle+0x4e/0x320 [ 47.215887] arch_cpu_idle+0xa/0x10 [ 47.219491] default_idle_call+0x36/0x90 [ 47.223534] do_idle+0x377/0x560 [ 47.226881] ? arch_cpu_idle_exit+0x80/0x80 [ 47.231192] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 47.236283] ? complete+0x61/0x80 [ 47.239746] cpu_startup_entry+0xc8/0xe0 [ 47.243896] ? cpu_in_idle+0x20/0x20 [ 47.247591] ? setup_APIC_timer+0x1aa/0x200 [ 47.251891] start_secondary+0x3e8/0x5b0 [ 47.255941