[ 39.945592] audit: type=1800 audit(1566593265.627:32): pid=7490 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 40.666754] audit: type=1800 audit(1566593266.387:33): pid=7490 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.789168] kauditd_printk_skb: 2 callbacks suppressed [ 47.789184] audit: type=1400 audit(1566593273.517:36): avc: denied { map } for pid=7676 comm="syz-executor056" path="/root/syz-executor056391688" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.827700] [ 47.829351] ======================================================== [ 47.835817] WARNING: possible irq lock inversion dependency detected [ 47.842289] 4.19.67 #41 Not tainted [ 47.845891] -------------------------------------------------------- [ 47.852407] ksoftirqd/1/18 just changed the state of lock: [ 47.858030] 00000000067defa4 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.866809] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.873714] (&fiq->waitq){+.+.} [ 47.873723] [ 47.873723] [ 47.873723] and interrupts could create inverse lock ordering between them. [ 47.873723] [ 47.888612] [ 47.888612] other info that might help us debug this: [ 47.895257] Possible interrupt unsafe locking scenario: [ 47.895257] [ 47.902159] CPU0 CPU1 [ 47.906800] ---- ---- [ 47.911441] lock(&fiq->waitq); [ 47.914807] local_irq_disable(); [ 47.920839] lock(&(&ctx->ctx_lock)->rlock); [ 47.927828] lock(&fiq->waitq); [ 47.933690] [ 47.936424] lock(&(&ctx->ctx_lock)->rlock); [ 47.941176] [ 47.941176] *** DEADLOCK *** [ 47.941176] [ 47.947236] 2 locks held by ksoftirqd/1/18: [ 47.951530] #0: 00000000b417d2f9 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.960275] #1: 00000000b7791013 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.970406] [ 47.970406] the shortest dependencies between 2nd lock and 1st lock: [ 47.978354] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.982748] HARDIRQ-ON-W at: [ 47.986095] lock_acquire+0x16f/0x3f0 [ 47.991713] _raw_spin_lock+0x2f/0x40 [ 47.997320] flush_bg_queue+0x1f3/0x3d0 [ 48.003104] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.010716] fuse_request_send_background+0x12b/0x180 [ 48.017742] cuse_channel_open+0x5ba/0x830 [ 48.023778] misc_open+0x395/0x4c0 [ 48.029121] chrdev_open+0x245/0x6b0 [ 48.034650] do_dentry_open+0x4c3/0x1210 [ 48.040509] vfs_open+0xa0/0xd0 [ 48.045596] path_openat+0x10d7/0x45e0 [ 48.051285] do_filp_open+0x1a1/0x280 [ 48.056902] do_sys_open+0x3fe/0x550 [ 48.062423] __x64_sys_openat+0x9d/0x100 [ 48.068302] do_syscall_64+0xfd/0x620 [ 48.073919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.080908] SOFTIRQ-ON-W at: [ 48.084266] lock_acquire+0x16f/0x3f0 [ 48.089871] _raw_spin_lock+0x2f/0x40 [ 48.095474] flush_bg_queue+0x1f3/0x3d0 [ 48.101249] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.108847] fuse_request_send_background+0x12b/0x180 [ 48.115836] cuse_channel_open+0x5ba/0x830 [ 48.121887] misc_open+0x395/0x4c0 [ 48.127245] chrdev_open+0x245/0x6b0 [ 48.132767] do_dentry_open+0x4c3/0x1210 [ 48.138628] vfs_open+0xa0/0xd0 [ 48.144058] path_openat+0x10d7/0x45e0 [ 48.149751] do_filp_open+0x1a1/0x280 [ 48.155355] do_sys_open+0x3fe/0x550 [ 48.160872] __x64_sys_openat+0x9d/0x100 [ 48.166762] do_syscall_64+0xfd/0x620 [ 48.172370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.179360] INITIAL USE at: [ 48.182619] lock_acquire+0x16f/0x3f0 [ 48.188137] _raw_spin_lock+0x2f/0x40 [ 48.193665] flush_bg_queue+0x1f3/0x3d0 [ 48.199358] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.206869] fuse_request_send_background+0x12b/0x180 [ 48.213771] cuse_channel_open+0x5ba/0x830 [ 48.219738] misc_open+0x395/0x4c0 [ 48.225001] chrdev_open+0x245/0x6b0 [ 48.230438] do_dentry_open+0x4c3/0x1210 [ 48.236445] vfs_open+0xa0/0xd0 [ 48.243368] path_openat+0x10d7/0x45e0 [ 48.249060] do_filp_open+0x1a1/0x280 [ 48.254578] do_sys_open+0x3fe/0x550 [ 48.260025] __x64_sys_openat+0x9d/0x100 [ 48.265891] do_syscall_64+0xfd/0x620 [ 48.271495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.278393] } [ 48.280292] ... key at: [] __key.42212+0x0/0x40 [ 48.287120] ... acquired at: [ 48.290297] _raw_spin_lock+0x2f/0x40 [ 48.294252] io_submit_one+0xef2/0x2eb0 [ 48.298374] __x64_sys_io_submit+0x1aa/0x520 [ 48.302932] do_syscall_64+0xfd/0x620 [ 48.306888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.312221] [ 48.313827] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.319351] IN-SOFTIRQ-W at: [ 48.322612] lock_acquire+0x16f/0x3f0 [ 48.328318] _raw_spin_lock_irq+0x60/0x80 [ 48.334097] free_ioctx_users+0x2d/0x490 [ 48.339792] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.346872] rcu_process_callbacks+0xba0/0x1a30 [ 48.353174] __do_softirq+0x25c/0x921 [ 48.358606] run_ksoftirqd+0x8e/0x110 [ 48.364035] smpboot_thread_fn+0x6a3/0xa30 [ 48.369900] kthread+0x354/0x420 [ 48.374892] ret_from_fork+0x24/0x30 [ 48.380238] INITIAL USE at: [ 48.383413] lock_acquire+0x16f/0x3f0 [ 48.388767] _raw_spin_lock_irq+0x60/0x80 [ 48.394459] io_submit_one+0xead/0x2eb0 [ 48.399975] __x64_sys_io_submit+0x1aa/0x520 [ 48.406035] do_syscall_64+0xfd/0x620 [ 48.411381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.418124] } [ 48.419928] ... key at: [] __key.50212+0x0/0x40 [ 48.426659] ... acquired at: [ 48.429754] mark_lock+0x420/0x1370 [ 48.433534] __lock_acquire+0xc62/0x49c0 [ 48.437836] lock_acquire+0x16f/0x3f0 [ 48.441789] _raw_spin_lock_irq+0x60/0x80 [ 48.446094] free_ioctx_users+0x2d/0x490 [ 48.450327] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.455930] rcu_process_callbacks+0xba0/0x1a30 [ 48.460754] __do_softirq+0x25c/0x921 [ 48.464710] run_ksoftirqd+0x8e/0x110 [ 48.468749] smpboot_thread_fn+0x6a3/0xa30 [ 48.473142] kthread+0x354/0x420 [ 48.476679] ret_from_fork+0x24/0x30 [ 48.480539] [ 48.482148] [ 48.482148] stack backtrace: [ 48.486642] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.67 #41 [ 48.493120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.502450] Call Trace: [ 48.505045] dump_stack+0x172/0x1f0 [ 48.508656] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.514097] check_usage_forwards.cold+0x20/0x29 [ 48.518849] ? check_usage_backwards+0x340/0x340 [ 48.523589] ? save_stack_trace+0x1a/0x20 [ 48.527719] ? save_trace+0xe0/0x290 [ 48.531426] mark_lock+0x420/0x1370 [ 48.535032] ? check_usage_backwards+0x340/0x340 [ 48.539766] __lock_acquire+0xc62/0x49c0 [ 48.543906] ? mark_held_locks+0x100/0x100 [ 48.548157] ? mark_held_locks+0x100/0x100 [ 48.552373] ? __wake_up_common_lock+0xfe/0x190 [ 48.557019] ? mark_held_locks+0x100/0x100 [ 48.561233] ? __wake_up_common_lock+0xfe/0x190 [ 48.565883] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.571056] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.575878] ? trace_hardirqs_on+0x67/0x220 [ 48.580178] ? kasan_check_read+0x11/0x20 [ 48.584304] lock_acquire+0x16f/0x3f0 [ 48.588087] ? free_ioctx_users+0x2d/0x490 [ 48.592303] _raw_spin_lock_irq+0x60/0x80 [ 48.603912] ? free_ioctx_users+0x2d/0x490 [ 48.608324] free_ioctx_users+0x2d/0x490 [ 48.612376] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.617601] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.623036] ? percpu_ref_exit+0xd0/0xd0 [ 48.627078] rcu_process_callbacks+0xba0/0x1a30 [ 48.631730] ? __rcu_read_unlock+0x170/0x170 [ 48.636150] ? sched_clock+0x2e/0x50 [ 48.639849] __do_softirq+0x25c/0x921