[ 110.432566][ T27] audit: type=1800 audit(1581197979.992:36): pid=10999 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 111.224725][ T27] audit: type=1400 audit(1581197980.892:37): avc: denied { watch } for pid=11086 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 121.135726][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 121.135741][ T27] audit: type=1400 audit(1581197990.802:42): avc: denied { map } for pid=11188 comm="syz-executor505" path="/root/syz-executor505484127" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 121.154753][T11189] IPVS: ftp: loaded support on port[0] = 21 [ 121.232918][ C0] [ 121.235277][ C0] ================================ [ 121.240420][ C0] WARNING: inconsistent lock state [ 121.245550][ C0] 5.5.0-syzkaller #0 Not tainted [ 121.250561][ C0] -------------------------------- [ 121.255686][ C0] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 121.262539][ C0] ksoftirqd/0/9 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 121.268684][ C0] ffff8880a00ad1c8 (&(&local->client_conns_lock)->rlock){+.?.}, at: rxrpc_put_client_conn+0x6ed/0xc90 [ 121.280211][ C0] {SOFTIRQ-ON-W} state was registered at: [ 121.285936][ C0] lock_acquire+0x190/0x410 [ 121.290518][ C0] _raw_spin_lock+0x2f/0x40 [ 121.295101][ C0] rxrpc_connect_call+0x358/0x4e30 [ 121.300284][ C0] rxrpc_new_client_call+0x9c0/0x1ad0 [ 121.305811][ C0] rxrpc_do_sendmsg+0xffa/0x1d5f [ 121.310823][ C0] rxrpc_sendmsg+0x4d6/0x5f0 [ 121.315491][ C0] sock_sendmsg+0xd7/0x130 [ 121.320033][ C0] ____sys_sendmsg+0x358/0x880 [ 121.324873][ C0] ___sys_sendmsg+0x100/0x170 [ 121.329736][ C0] __sys_sendmmsg+0x1bf/0x4d0 [ 121.334552][ C0] __x64_sys_sendmmsg+0x9d/0x100 [ 121.339566][ C0] do_syscall_64+0xfa/0x790 [ 121.344164][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.350603][ C0] irq event stamp: 615314 [ 121.354924][ C0] hardirqs last enabled at (615314): [] _raw_spin_unlock_irqrestore+0x66/0xe0 [ 121.365409][ C0] hardirqs last disabled at (615313): [] _raw_spin_lock_irqsave+0x6f/0xcd [ 121.375467][ C0] softirqs last enabled at (615194): [] __do_softirq+0x6cd/0x98c [ 121.384832][ C0] softirqs last disabled at (615199): [] run_ksoftirqd+0x8e/0x110 [ 121.394288][ C0] [ 121.394288][ C0] other info that might help us debug this: [ 121.402543][ C0] Possible unsafe locking scenario: [ 121.402543][ C0] [ 121.410158][ C0] CPU0 [ 121.413428][ C0] ---- [ 121.416818][ C0] lock(&(&local->client_conns_lock)->rlock); [ 121.423020][ C0] [ 121.426455][ C0] lock(&(&local->client_conns_lock)->rlock); [ 121.432770][ C0] [ 121.432770][ C0] *** DEADLOCK *** [ 121.432770][ C0] [ 121.440995][ C0] 1 lock held by ksoftirqd/0/9: [ 121.445988][ C0] #0: ffffffff89bac140 (rcu_callback){....}, at: rcu_core+0x562/0x1390 [ 121.454450][ C0] [ 121.454450][ C0] stack backtrace: [ 121.460955][ C0] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-syzkaller #0 [ 121.468801][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.478887][ C0] Call Trace: [ 121.482190][ C0] dump_stack+0x197/0x210 [ 121.486521][ C0] print_usage_bug.cold+0x327/0x378 [ 121.492423][ C0] mark_lock+0xbb4/0x1220 [ 121.496754][ C0] ? kfree+0x10a/0x2c0 [ 121.500894][ C0] ? check_usage_backwards+0x330/0x330 [ 121.506355][ C0] ? __nf_hook_entries_free+0x31/0x40 [ 121.511741][ C0] __lock_acquire+0x1e8e/0x4a00 [ 121.516601][ C0] ? find_held_lock+0x35/0x130 [ 121.521465][ C0] ? __kasan_check_read+0x11/0x20 [ 121.526517][ C0] ? mark_lock+0xc2/0x1220 [ 121.530961][ C0] ? mark_held_locks+0xf0/0xf0 [ 121.535718][ C0] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 121.541527][ C0] lock_acquire+0x190/0x410 [ 121.546075][ C0] ? rxrpc_put_client_conn+0x6ed/0xc90 [ 121.551533][ C0] _raw_spin_lock+0x2f/0x40 [ 121.556151][ C0] ? rxrpc_put_client_conn+0x6ed/0xc90 [ 121.561601][ C0] rxrpc_put_client_conn+0x6ed/0xc90 [ 121.566892][ C0] ? rxrpc_rcu_destroy_call+0xbd/0x200 [ 121.572350][ C0] rxrpc_rcu_destroy_call+0xbd/0x200 [ 121.577807][ C0] rcu_core+0x5e1/0x1390 [ 121.582033][ C0] ? __rcu_read_unlock+0x700/0x700 [ 121.587262][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 121.593100][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 121.599077][ C0] rcu_core_si+0x9/0x10 [ 121.603235][ C0] __do_softirq+0x262/0x98c [ 121.607842][ C0] ? takeover_tasklets+0x820/0x820 [ 121.613060][ C0] run_ksoftirqd+0x8e/0x110 [ 121.617559][ C0] smpboot_thread_fn+0x6a3/0xa40 [ 121.622507][ C0] ? __smpboot_create_thread.part.0+0x340/0x340 [ 121.628834][ C0] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x2