[ 38.358582] audit: type=1800 audit(1566751199.576:31): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 38.386772] audit: type=1800 audit(1566751199.576:32): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.899520] kauditd_printk_skb: 3 callbacks suppressed [ 47.899535] audit: type=1400 audit(1566751209.186:36): avc: denied { map } for pid=7715 comm="syz-executor132" path="/root/syz-executor132104063" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.940732] [ 47.943105] ======================================================== [ 47.952676] WARNING: possible irq lock inversion dependency detected [ 47.968267] 4.19.68 #42 Not tainted [ 47.972739] -------------------------------------------------------- [ 47.985046] swapper/1/0 just changed the state of lock: [ 47.991041] 000000006e22161b (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.001241] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.011889] (&fiq->waitq){+.+.} [ 48.011901] [ 48.011901] [ 48.011901] and interrupts could create inverse lock ordering between them. [ 48.011901] [ 48.028341] [ 48.028341] other info that might help us debug this: [ 48.035833] Possible interrupt unsafe locking scenario: [ 48.035833] [ 48.044241] CPU0 CPU1 [ 48.049231] ---- ---- [ 48.054036] lock(&fiq->waitq); [ 48.057661] local_irq_disable(); [ 48.064026] lock(&(&ctx->ctx_lock)->rlock); [ 48.071447] lock(&fiq->waitq); [ 48.079208] [ 48.082159] lock(&(&ctx->ctx_lock)->rlock); [ 48.087378] [ 48.087378] *** DEADLOCK *** [ 48.087378] [ 48.096085] 2 locks held by swapper/1/0: [ 48.100965] #0: 0000000086ebac99 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.110159] #1: 000000007514fe21 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.120785] [ 48.120785] the shortest dependencies between 2nd lock and 1st lock: [ 48.129026] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.133626] HARDIRQ-ON-W at: [ 48.137138] lock_acquire+0x16f/0x3f0 [ 48.143245] _raw_spin_lock+0x2f/0x40 [ 48.149749] flush_bg_queue+0x1f3/0x3d0 [ 48.156258] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.164691] fuse_request_send_background+0x12b/0x180 [ 48.171883] cuse_channel_open+0x5ba/0x830 [ 48.178680] misc_open+0x395/0x4c0 [ 48.184103] chrdev_open+0x245/0x6b0 [ 48.189777] do_dentry_open+0x4c3/0x1210 [ 48.196102] vfs_open+0xa0/0xd0 [ 48.202270] path_openat+0x10d7/0x45e0 [ 48.208327] do_filp_open+0x1a1/0x280 [ 48.215055] do_sys_open+0x3fe/0x550 [ 48.221649] __x64_sys_openat+0x9d/0x100 [ 48.227869] do_syscall_64+0xfd/0x620 [ 48.233942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.241152] SOFTIRQ-ON-W at: [ 48.245541] lock_acquire+0x16f/0x3f0 [ 48.251607] _raw_spin_lock+0x2f/0x40 [ 48.259230] flush_bg_queue+0x1f3/0x3d0 [ 48.265272] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.273386] fuse_request_send_background+0x12b/0x180 [ 48.280625] cuse_channel_open+0x5ba/0x830 [ 48.286693] misc_open+0x395/0x4c0 [ 48.292297] chrdev_open+0x245/0x6b0 [ 48.298140] do_dentry_open+0x4c3/0x1210 [ 48.304313] vfs_open+0xa0/0xd0 [ 48.309693] path_openat+0x10d7/0x45e0 [ 48.315588] do_filp_open+0x1a1/0x280 [ 48.321620] do_sys_open+0x3fe/0x550 [ 48.328069] __x64_sys_openat+0x9d/0x100 [ 48.334039] do_syscall_64+0xfd/0x620 [ 48.339670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.347032] INITIAL USE at: [ 48.350418] lock_acquire+0x16f/0x3f0 [ 48.356524] _raw_spin_lock+0x2f/0x40 [ 48.362233] flush_bg_queue+0x1f3/0x3d0 [ 48.368239] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.376618] fuse_request_send_background+0x12b/0x180 [ 48.383708] cuse_channel_open+0x5ba/0x830 [ 48.390118] misc_open+0x395/0x4c0 [ 48.395502] chrdev_open+0x245/0x6b0 [ 48.401514] do_dentry_open+0x4c3/0x1210 [ 48.407784] vfs_open+0xa0/0xd0 [ 48.413113] path_openat+0x10d7/0x45e0 [ 48.418832] do_filp_open+0x1a1/0x280 [ 48.424607] do_sys_open+0x3fe/0x550 [ 48.430521] __x64_sys_openat+0x9d/0x100 [ 48.436344] do_syscall_64+0xfd/0x620 [ 48.442088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.449190] } [ 48.451172] ... key at: [] __key.42211+0x0/0x40 [ 48.458530] ... acquired at: [ 48.462306] _raw_spin_lock+0x2f/0x40 [ 48.466485] io_submit_one+0xef2/0x2eb0 [ 48.470737] __x64_sys_io_submit+0x1aa/0x520 [ 48.475767] do_syscall_64+0xfd/0x620 [ 48.479761] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.485398] [ 48.487074] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.492993] IN-SOFTIRQ-W at: [ 48.496313] lock_acquire+0x16f/0x3f0 [ 48.501923] _raw_spin_lock_irq+0x60/0x80 [ 48.507841] free_ioctx_users+0x2d/0x490 [ 48.513685] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.520802] rcu_process_callbacks+0xba0/0x1a30 [ 48.527291] __do_softirq+0x25c/0x921 [ 48.532828] irq_exit+0x180/0x1d0 [ 48.538032] smp_apic_timer_interrupt+0x13b/0x550 [ 48.544726] apic_timer_interrupt+0xf/0x20 [ 48.550682] native_safe_halt+0xe/0x10 [ 48.556456] arch_cpu_idle+0xa/0x10 [ 48.561836] default_idle_call+0x36/0x90 [ 48.567590] do_idle+0x377/0x560 [ 48.572668] cpu_startup_entry+0xc8/0xe0 [ 48.578743] start_secondary+0x3e8/0x5b0 [ 48.584846] secondary_startup_64+0xa4/0xb0 [ 48.591063] INITIAL USE at: [ 48.594270] lock_acquire+0x16f/0x3f0 [ 48.599710] _raw_spin_lock_irq+0x60/0x80 [ 48.605658] io_submit_one+0xead/0x2eb0 [ 48.611339] __x64_sys_io_submit+0x1aa/0x520 [ 48.617424] do_syscall_64+0xfd/0x620 [ 48.622810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.629726] } [ 48.631532] ... key at: [] __key.50211+0x0/0x40 [ 48.638391] ... acquired at: [ 48.641630] mark_lock+0x420/0x1370 [ 48.645519] __lock_acquire+0xc62/0x49c0 [ 48.650069] lock_acquire+0x16f/0x3f0 [ 48.654111] _raw_spin_lock_irq+0x60/0x80 [ 48.658750] free_ioctx_users+0x2d/0x490 [ 48.663072] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.668809] rcu_process_callbacks+0xba0/0x1a30 [ 48.673843] __do_softirq+0x25c/0x921 [ 48.677880] irq_exit+0x180/0x1d0 [ 48.681548] smp_apic_timer_interrupt+0x13b/0x550 [ 48.686649] apic_timer_interrupt+0xf/0x20 [ 48.691142] native_safe_halt+0xe/0x10 [ 48.695205] arch_cpu_idle+0xa/0x10 [ 48.699442] default_idle_call+0x36/0x90 [ 48.703684] do_idle+0x377/0x560 [ 48.707402] cpu_startup_entry+0xc8/0xe0 [ 48.711645] start_secondary+0x3e8/0x5b0 [ 48.716040] secondary_startup_64+0xa4/0xb0 [ 48.720522] [ 48.722144] [ 48.722144] stack backtrace: [ 48.726998] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.68 #42 [ 48.733233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.742654] Call Trace: [ 48.745417] [ 48.747627] dump_stack+0x172/0x1f0 [ 48.751457] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.757164] check_usage_forwards.cold+0x20/0x29 [ 48.761970] ? check_usage_backwards+0x340/0x340 [ 48.766848] ? save_stack_trace+0x1a/0x20 [ 48.771101] ? save_trace+0xe0/0x290 [ 48.774924] mark_lock+0x420/0x1370 [ 48.778642] ? check_usage_backwards+0x340/0x340 [ 48.783645] __lock_acquire+0xc62/0x49c0 [ 48.787829] ? mark_held_locks+0x100/0x100 [ 48.796220] ? mark_held_locks+0x100/0x100 [ 48.800569] ? __wake_up_common_lock+0xfe/0x190 [ 48.805363] ? mark_held_locks+0x100/0x100 [ 48.809602] ? __wake_up_common_lock+0xfe/0x190 [ 48.814349] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.819599] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.824320] ? trace_hardirqs_on+0x67/0x220 [ 48.828706] ? kasan_check_read+0x11/0x20 [ 48.833148] lock_acquire+0x16f/0x3f0 [ 48.836978] ? free_ioctx_users+0x2d/0x490 [ 48.841398] _raw_spin_lock_irq+0x60/0x80 [ 48.845663] ? free_ioctx_users+0x2d/0x490 [ 48.850081] free_ioctx_users+0x2d/0x490 [ 48.854375] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.859647] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.865303] ? percpu_ref_exit+0xd0/0xd0 [ 48.869377] rcu_process_callbacks+0xba0/0x1a30 [ 48.874107] ? __rcu_read_unlock+0x170/0x170 [ 48.879230] __do_softirq+0x25c/0x921 [ 48.883326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.889511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.895576] irq_exit+0x180/0x1d0 [ 48.899258] smp_apic_timer_interrupt+0x13b/0x550 [ 48.904119] apic_timer_interrupt+0xf/0x20 [ 48.908354] [ 48.910598] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.915406] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 48.935872] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 48.943648] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 48.950922] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 48.958195] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 48.965607] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 48.973100] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 48.980661] ? default_idle+0x4e/0x320 [ 48.984820] arch_cpu_idle+0xa/0x10 [ 48.988576] default_idle_call+0x36/0x90 [ 48.992661] do_idle+0x377/0x560 [ 48.996108] ? arch_cpu_idle_exit+0x80/0x80 [ 49.000579] ? _raw_spin_unlock_irqrestore