[ 46.648384] audit: type=1800 audit(1565657288.026:30): pid=7727 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 52.314882] kauditd_printk_skb: 4 callbacks suppressed [ 52.314897] audit: type=1400 audit(1565657293.716:35): avc: denied { map } for pid=7902 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.222' (ECDSA) to the list of known hosts. executing program [ 59.059583] audit: type=1400 audit(1565657300.456:36): avc: denied { map } for pid=7914 comm="syz-executor269" path="/root/syz-executor269906150" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.103522] [ 59.105247] ======================================================== [ 59.111721] WARNING: possible irq lock inversion dependency detected [ 59.118193] 4.19.66 #40 Not tainted [ 59.121797] -------------------------------------------------------- [ 59.128268] ksoftirqd/1/18 just changed the state of lock: [ 59.134052] 00000000980cd5ec (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 59.142966] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 59.157283] (&fiq->waitq){+.+.} [ 59.157292] [ 59.157292] [ 59.157292] and interrupts could create inverse lock ordering between them. [ 59.157292] [ 59.172351] [ 59.172351] other info that might help us debug this: [ 59.179092] Possible interrupt unsafe locking scenario: [ 59.179092] [ 59.186000] CPU0 CPU1 [ 59.190756] ---- ---- [ 59.195402] lock(&fiq->waitq); [ 59.198825] local_irq_disable(); [ 59.204865] lock(&(&ctx->ctx_lock)->rlock); [ 59.211860] lock(&fiq->waitq); [ 59.217844] [ 59.220583] lock(&(&ctx->ctx_lock)->rlock); [ 59.225264] [ 59.225264] *** DEADLOCK *** [ 59.225264] [ 59.231306] 2 locks held by ksoftirqd/1/18: [ 59.235606] #0: 000000003d8ac6bd (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 59.244380] #1: 000000004a0f68c5 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 59.254540] [ 59.254540] the shortest dependencies between 2nd lock and 1st lock: [ 59.262569] -> (&fiq->waitq){+.+.} ops: 7 { [ 59.266972] HARDIRQ-ON-W at: [ 59.270461] lock_acquire+0x16f/0x3f0 [ 59.276104] _raw_spin_lock+0x2f/0x40 [ 59.281762] flush_bg_queue+0x1f3/0x3d0 [ 59.287553] fuse_request_send_background_locked+0x26d/0x4e0 [ 59.295152] fuse_request_send_background+0x12b/0x180 [ 59.302160] fuse_fill_super+0x13b7/0x1720 [ 59.308219] mount_nodev+0x66/0x110 [ 59.313657] fuse_mount+0x2d/0x40 [ 59.318920] mount_fs+0xa8/0x31f [ 59.324099] vfs_kern_mount.part.0+0x6f/0x410 [ 59.330396] do_mount+0x53e/0x2bc0 [ 59.335771] ksys_mount+0xdb/0x150 [ 59.341115] __x64_sys_mount+0xbe/0x150 [ 59.346944] do_syscall_64+0xfd/0x620 [ 59.352560] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.359552] SOFTIRQ-ON-W at: [ 59.362901] lock_acquire+0x16f/0x3f0 [ 59.368507] _raw_spin_lock+0x2f/0x40 [ 59.374127] flush_bg_queue+0x1f3/0x3d0 [ 59.380026] fuse_request_send_background_locked+0x26d/0x4e0 [ 59.387634] fuse_request_send_background+0x12b/0x180 [ 59.394636] fuse_fill_super+0x13b7/0x1720 [ 59.400678] mount_nodev+0x66/0x110 [ 59.406143] fuse_mount+0x2d/0x40 [ 59.411415] mount_fs+0xa8/0x31f [ 59.416682] vfs_kern_mount.part.0+0x6f/0x410 [ 59.423091] do_mount+0x53e/0x2bc0 [ 59.428445] ksys_mount+0xdb/0x150 [ 59.433835] __x64_sys_mount+0xbe/0x150 [ 59.439622] do_syscall_64+0xfd/0x620 [ 59.445343] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.452334] INITIAL USE at: [ 59.455667] lock_acquire+0x16f/0x3f0 [ 59.461318] _raw_spin_lock+0x2f/0x40 [ 59.466840] flush_bg_queue+0x1f3/0x3d0 [ 59.472648] fuse_request_send_background_locked+0x26d/0x4e0 [ 59.480195] fuse_request_send_background+0x12b/0x180 [ 59.487106] fuse_fill_super+0x13b7/0x1720 [ 59.493058] mount_nodev+0x66/0x110 [ 59.498405] fuse_mount+0x2d/0x40 [ 59.503776] mount_fs+0xa8/0x31f [ 59.508861] vfs_kern_mount.part.0+0x6f/0x410 [ 59.515412] do_mount+0x53e/0x2bc0 [ 59.520670] ksys_mount+0xdb/0x150 [ 59.525935] __x64_sys_mount+0xbe/0x150 [ 59.531639] do_syscall_64+0xfd/0x620 [ 59.537165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.544087] } [ 59.546105] ... key at: [] __key.42212+0x0/0x40 [ 59.552922] ... acquired at: [ 59.556096] _raw_spin_lock+0x2f/0x40 [ 59.560152] io_submit_one+0xef2/0x2eb0 [ 59.564285] __x64_sys_io_submit+0x1aa/0x520 [ 59.568847] do_syscall_64+0xfd/0x620 [ 59.572799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.578255] [ 59.580120] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 59.585561] IN-SOFTIRQ-W at: [ 59.588834] lock_acquire+0x16f/0x3f0 [ 59.594264] _raw_spin_lock_irq+0x60/0x80 [ 59.600049] free_ioctx_users+0x2d/0x490 [ 59.605746] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 59.612829] rcu_process_callbacks+0xba0/0x1a30 [ 59.619167] __do_softirq+0x25c/0x921 [ 59.624603] run_ksoftirqd+0x8e/0x110 [ 59.630033] smpboot_thread_fn+0x6a3/0xa30 [ 59.635903] kthread+0x354/0x420 [ 59.640906] ret_from_fork+0x24/0x30 [ 59.646246] INITIAL USE at: [ 59.649421] lock_acquire+0x16f/0x3f0 [ 59.654832] _raw_spin_lock_irq+0x60/0x80 [ 59.660536] io_submit_one+0xead/0x2eb0 [ 59.666055] __x64_sys_io_submit+0x1aa/0x520 [ 59.672012] do_syscall_64+0xfd/0x620 [ 59.677362] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.684094] } [ 59.685883] ... key at: [] __key.50212+0x0/0x40 [ 59.692607] ... acquired at: [ 59.695688] mark_lock+0x420/0x1370 [ 59.699477] __lock_acquire+0xc62/0x49c0 [ 59.703750] lock_acquire+0x16f/0x3f0 [ 59.707709] _raw_spin_lock_irq+0x60/0x80 [ 59.712016] free_ioctx_users+0x2d/0x490 [ 59.716299] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 59.721914] rcu_process_callbacks+0xba0/0x1a30 [ 59.726742] __do_softirq+0x25c/0x921 [ 59.730741] run_ksoftirqd+0x8e/0x110 [ 59.734700] smpboot_thread_fn+0x6a3/0xa30 [ 59.739094] kthread+0x354/0x420 [ 59.742614] ret_from_fork+0x24/0x30 [ 59.746523] [ 59.748140] [ 59.748140] stack backtrace: [ 59.752743] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.66 #40 [ 59.759211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.768576] Call Trace: [ 59.771254] dump_stack+0x172/0x1f0 [ 59.774870] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 59.780320] check_usage_forwards.cold+0x20/0x29 [ 59.785110] ? check_usage_backwards+0x340/0x340 [ 59.789859] ? save_stack_trace+0x1a/0x20 [ 59.793985] ? save_trace+0xe0/0x290 [ 59.797683] mark_lock+0x420/0x1370 [ 59.801292] ? check_usage_backwards+0x340/0x340 [ 59.806136] __lock_acquire+0xc62/0x49c0 [ 59.810293] ? mark_held_locks+0x100/0x100 [ 59.814512] ? mark_held_locks+0x100/0x100 [ 59.818724] ? __wake_up_common_lock+0xfe/0x190 [ 59.823487] ? mark_held_locks+0x100/0x100 [ 59.827700] ? __wake_up_common_lock+0xfe/0x190 [ 59.832353] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 59.837444] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 59.842021] ? trace_hardirqs_on+0x67/0x220 [ 59.846328] ? kasan_check_read+0x11/0x20 [ 59.850468] lock_acquire+0x16f/0x3f0 [ 59.854325] ? free_ioctx_users+0x2d/0x490 [ 59.858562] _raw_spin_lock_irq+0x60/0x80 [ 59.862702] ? free_ioctx_users+0x2d/0x490 [ 59.866918] free_ioctx_users+0x2d/0x490 [ 59.870959] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 59.876135] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 59.881569] ? percpu_ref_exit+0xd0/0xd0 [ 59.885611] rcu_process_callbacks+0xba0/0x1a30 [ 59.890258] ? __rcu_read_unlock+0x170/0x170 [ 59.894659] ? sched_clock+0x2e/0x50 [ 59.898363] __do_softirq+0x25c/0x921 [ 59.902240] ? pci_mmcfg_check_reserved+0x170/0x170 [ 59.907291] ? takeover_tasklets+0x7b0/0x7b0 [ 59.911683] run