[ 38.945078] audit: type=1800 audit(1565951188.503:31): pid=7433 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [ 39.004005] audit: type=1800 audit(1565951188.533:32): pid=7433 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 46.926736] kauditd_printk_skb: 3 callbacks suppressed [ 46.926752] audit: type=1400 audit(1565951196.493:36): avc: denied { map } for pid=7619 comm="syz-executor878" path="/root/syz-executor878678354" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.966066] [ 46.967714] ======================================================== [ 46.974187] WARNING: possible irq lock inversion dependency detected [ 46.980661] 4.19.67 #41 Not tainted [ 46.984263] -------------------------------------------------------- [ 46.990908] swapper/0/0 just changed the state of lock: [ 46.996247] 00000000d5fb6d2e (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.004995] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.011828] (&fiq->waitq){+.+.} [ 47.011837] [ 47.011837] [ 47.011837] and interrupts could create inverse lock ordering between them. [ 47.011837] [ 47.026743] [ 47.026743] other info that might help us debug this: [ 47.033389] Possible interrupt unsafe locking scenario: [ 47.033389] [ 47.040294] CPU0 CPU1 [ 47.044955] ---- ---- [ 47.049597] lock(&fiq->waitq); [ 47.052979] local_irq_disable(); [ 47.059029] lock(&(&ctx->ctx_lock)->rlock); [ 47.066023] lock(&fiq->waitq); [ 47.071908] [ 47.074645] lock(&(&ctx->ctx_lock)->rlock); [ 47.079470] [ 47.079470] *** DEADLOCK *** [ 47.079470] [ 47.085513] 2 locks held by swapper/0/0: [ 47.089551] #0: 000000004398287b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.098303] #1: 000000008d69259e (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.108440] [ 47.108440] the shortest dependencies between 2nd lock and 1st lock: [ 47.116416] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.120814] HARDIRQ-ON-W at: [ 47.124172] lock_acquire+0x16f/0x3f0 [ 47.129778] _raw_spin_lock+0x2f/0x40 [ 47.135401] flush_bg_queue+0x1f3/0x3d0 [ 47.141183] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.148806] fuse_request_send_background+0x12b/0x180 [ 47.155827] cuse_channel_open+0x5ba/0x830 [ 47.161871] misc_open+0x395/0x4c0 [ 47.167234] chrdev_open+0x245/0x6b0 [ 47.172762] do_dentry_open+0x4c3/0x1210 [ 47.178651] vfs_open+0xa0/0xd0 [ 47.183737] path_openat+0x10d7/0x45e0 [ 47.189460] do_filp_open+0x1a1/0x280 [ 47.195067] do_sys_open+0x3fe/0x550 [ 47.200585] __x64_sys_openat+0x9d/0x100 [ 47.206453] do_syscall_64+0xfd/0x620 [ 47.212079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.219070] SOFTIRQ-ON-W at: [ 47.222419] lock_acquire+0x16f/0x3f0 [ 47.228043] _raw_spin_lock+0x2f/0x40 [ 47.233667] flush_bg_queue+0x1f3/0x3d0 [ 47.239451] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.247058] fuse_request_send_background+0x12b/0x180 [ 47.254056] cuse_channel_open+0x5ba/0x830 [ 47.260117] misc_open+0x395/0x4c0 [ 47.265470] chrdev_open+0x245/0x6b0 [ 47.271010] do_dentry_open+0x4c3/0x1210 [ 47.276895] vfs_open+0xa0/0xd0 [ 47.281984] path_openat+0x10d7/0x45e0 [ 47.287702] do_filp_open+0x1a1/0x280 [ 47.293310] do_sys_open+0x3fe/0x550 [ 47.298836] __x64_sys_openat+0x9d/0x100 [ 47.304702] do_syscall_64+0xfd/0x620 [ 47.310311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.317303] INITIAL USE at: [ 47.320569] lock_acquire+0x16f/0x3f0 [ 47.326103] _raw_spin_lock+0x2f/0x40 [ 47.331620] flush_bg_queue+0x1f3/0x3d0 [ 47.337324] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.344841] fuse_request_send_background+0x12b/0x180 [ 47.351836] cuse_channel_open+0x5ba/0x830 [ 47.357791] misc_open+0x395/0x4c0 [ 47.363047] chrdev_open+0x245/0x6b0 [ 47.368495] do_dentry_open+0x4c3/0x1210 [ 47.374275] vfs_open+0xa0/0xd0 [ 47.379272] path_openat+0x10d7/0x45e0 [ 47.384876] do_filp_open+0x1a1/0x280 [ 47.390394] do_sys_open+0x3fe/0x550 [ 47.395824] __x64_sys_openat+0x9d/0x100 [ 47.401602] do_syscall_64+0xfd/0x620 [ 47.407138] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.414044] } [ 47.415919] ... key at: [] __key.42212+0x0/0x40 [ 47.422735] ... acquired at: [ 47.425912] _raw_spin_lock+0x2f/0x40 [ 47.429865] io_submit_one+0xef2/0x2eb0 [ 47.434006] __x64_sys_io_submit+0x1aa/0x520 [ 47.438570] do_syscall_64+0xfd/0x620 [ 47.442527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.447865] [ 47.449467] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.454901] IN-SOFTIRQ-W at: [ 47.458166] lock_acquire+0x16f/0x3f0 [ 47.463599] _raw_spin_lock_irq+0x60/0x80 [ 47.469378] free_ioctx_users+0x2d/0x490 [ 47.475074] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.482175] rcu_process_callbacks+0xba0/0x1a30 [ 47.488664] __do_softirq+0x25c/0x921 [ 47.494113] irq_exit+0x180/0x1d0 [ 47.499231] smp_apic_timer_interrupt+0x13b/0x550 [ 47.506209] apic_timer_interrupt+0xf/0x20 [ 47.512077] native_safe_halt+0xe/0x10 [ 47.517597] arch_cpu_idle+0xa/0x10 [ 47.522864] default_idle_call+0x36/0x90 [ 47.528556] do_idle+0x377/0x560 [ 47.533550] cpu_startup_entry+0xc8/0xe0 [ 47.539244] rest_init+0x219/0x222 [ 47.544415] start_kernel+0x88c/0x8c5 [ 47.549865] x86_64_start_reservations+0x29/0x2b [ 47.556259] x86_64_start_kernel+0x77/0x7b [ 47.562128] secondary_startup_64+0xa4/0xb0 [ 47.568101] INITIAL USE at: [ 47.571309] lock_acquire+0x16f/0x3f0 [ 47.576658] _raw_spin_lock_irq+0x60/0x80 [ 47.582355] io_submit_one+0xead/0x2eb0 [ 47.587890] __x64_sys_io_submit+0x1aa/0x520 [ 47.593844] do_syscall_64+0xfd/0x620 [ 47.599193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.606043] } [ 47.607833] ... key at: [] __key.50212+0x0/0x40 [ 47.614559] ... acquired at: [ 47.617646] mark_lock+0x420/0x1370 [ 47.621427] __lock_acquire+0xc62/0x49c0 [ 47.625662] lock_acquire+0x16f/0x3f0 [ 47.629641] _raw_spin_lock_irq+0x60/0x80 [ 47.633945] free_ioctx_users+0x2d/0x490 [ 47.638166] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.643778] rcu_process_callbacks+0xba0/0x1a30 [ 47.648602] __do_softirq+0x25c/0x921 [ 47.652660] irq_exit+0x180/0x1d0 [ 47.656283] smp_apic_timer_interrupt+0x13b/0x550 [ 47.661297] apic_timer_interrupt+0xf/0x20 [ 47.665694] native_safe_halt+0xe/0x10 [ 47.669749] arch_cpu_idle+0xa/0x10 [ 47.673531] default_idle_call+0x36/0x90 [ 47.677835] do_idle+0x377/0x560 [ 47.681373] cpu_startup_entry+0xc8/0xe0 [ 47.685782] rest_init+0x219/0x222 [ 47.689479] start_kernel+0x88c/0x8c5 [ 47.693453] x86_64_start_reservations+0x29/0x2b [ 47.698364] x86_64_start_kernel+0x77/0x7b [ 47.702756] secondary_startup_64+0xa4/0xb0 [ 47.707225] [ 47.708830] [ 47.708830] stack backtrace: [ 47.713309] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 47.719635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.729155] Call Trace: [ 47.731734] [ 47.733877] dump_stack+0x172/0x1f0 [ 47.737490] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.742837] check_usage_forwards.cold+0x20/0x29 [ 47.747578] ? check_usage_backwards+0x340/0x340 [ 47.752322] ? save_stack_trace+0x1a/0x20 [ 47.756468] ? save_trace+0xe0/0x290 [ 47.760163] mark_lock+0x420/0x1370 [ 47.763773] ? check_usage_backwards+0x340/0x340 [ 47.768509] __lock_acquire+0xc62/0x49c0 [ 47.772550] ? mark_held_locks+0x100/0x100 [ 47.776772] ? mark_held_locks+0x100/0x100 [ 47.781003] ? __wake_up_common_lock+0xfe/0x190 [ 47.785657] ? mark_held_locks+0x100/0x100 [ 47.789875] ? __wake_up_common_lock+0xfe/0x190 [ 47.794550] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.799646] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.804214] ? trace_hardirqs_on+0x67/0x220 [ 47.808519] ? kasan_check_read+0x11/0x20 [ 47.812651] lock_acquire+0x16f/0x3f0 [ 47.816435] ? free_ioctx_users+0x2d/0x490 [ 47.820677] _raw_spin_lock_irq+0x60/0x80 [ 47.824811] ? free_ioctx_users+0x2d/0x490 [ 47.829025] free_ioctx_users+0x2d/0x490 [ 47.833089] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 47.838270] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.843702] ? percpu_ref_exit+0xd0/0xd0 [ 47.847757] rcu_process_callbacks+0xba0/0x1a30 [ 47.852428] ? __rcu_read_unlock+0x170/0x170 [ 47.856852] __do_softirq+0x25c/0x921 [ 47.860640] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.866173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.871722] irq_exit+0x180/0x1d0 [ 47.875159] smp_apic_timer_interrupt+0x13b/0x550 [ 47.879996] apic_timer_interrupt+0xf/0x20 [ 47.884207] [ 47.886430] RIP: 0010:native_safe_halt+0xe/0x10 [ 47.891102] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 47.910019] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 47.917713] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 47.924966] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 47.932219] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 47.939490] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 47.946747] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 47.954023] ? default_idle+0x4e/0x320 [ 47.957926] arch_cpu_idle+0xa/0x10 [ 47.961557] default_idle_call+0x36/0x90 [ 47.965607] do_idle+0x377/0x560 [ 47.968972] ? arch_cpu_idle_exit+0x80/0x80 [ 47.973284] ? check_preemption_disabled+0x48/0x290 [ 47.978286] cpu_startup_entry+