[ 42.618786] audit: type=1800 audit(1560190172.297:30): pid=7758 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 50.893798] kauditd_printk_skb: 4 callbacks suppressed [ 50.893814] audit: type=1400 audit(1560190180.597:35): avc: denied { map } for pid=7934 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. executing program [ 57.505005] audit: type=1400 audit(1560190187.207:36): avc: denied { map } for pid=7946 comm="syz-executor306" path="/root/syz-executor306058166" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 57.539082] [ 57.540726] ======================================================== [ 57.547197] WARNING: possible irq lock inversion dependency detected [ 57.553687] 4.19.49 #21 Not tainted [ 57.557292] -------------------------------------------------------- [ 57.563767] ksoftirqd/0/9 just changed the state of lock: [ 57.569282] 0000000040c94faa (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 57.578029] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 57.584852] (&fiq->waitq){+.+.} [ 57.584862] [ 57.584862] [ 57.584862] and interrupts could create inverse lock ordering between them. [ 57.584862] [ 57.599763] [ 57.599763] other info that might help us debug this: [ 57.606426] Possible interrupt unsafe locking scenario: [ 57.606426] [ 57.613522] CPU0 CPU1 [ 57.618178] ---- ---- [ 57.622818] lock(&fiq->waitq); [ 57.626166] local_irq_disable(); [ 57.632203] lock(&(&ctx->ctx_lock)->rlock); [ 57.639201] lock(&fiq->waitq); [ 57.645069] [ 57.647802] lock(&(&ctx->ctx_lock)->rlock); [ 57.652483] [ 57.652483] *** DEADLOCK *** [ 57.652483] [ 57.658535] 2 locks held by ksoftirqd/0/9: [ 57.662742] #0: 000000009bba6fdf (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 57.671495] #1: 00000000225fc6ec (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 57.681639] [ 57.681639] the shortest dependencies between 2nd lock and 1st lock: [ 57.689597] -> (&fiq->waitq){+.+.} ops: 4 { [ 57.694001] HARDIRQ-ON-W at: [ 57.697424] lock_acquire+0x16f/0x3f0 [ 57.703060] _raw_spin_lock+0x2f/0x40 [ 57.708710] flush_bg_queue+0x1f3/0x3d0 [ 57.714616] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.722236] fuse_request_send_background+0x12b/0x180 [ 57.729276] cuse_channel_open+0x5ba/0x830 [ 57.735446] misc_open+0x395/0x4c0 [ 57.740812] chrdev_open+0x245/0x6b0 [ 57.746337] do_dentry_open+0x4c3/0x1200 [ 57.752214] vfs_open+0xa0/0xd0 [ 57.757307] path_openat+0x10d7/0x4690 [ 57.763029] do_filp_open+0x1a1/0x280 [ 57.768645] do_sys_open+0x3fe/0x550 [ 57.774183] __x64_sys_openat+0x9d/0x100 [ 57.780062] do_syscall_64+0xfd/0x620 [ 57.785686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.792687] SOFTIRQ-ON-W at: [ 57.796134] lock_acquire+0x16f/0x3f0 [ 57.801743] _raw_spin_lock+0x2f/0x40 [ 57.807354] flush_bg_queue+0x1f3/0x3d0 [ 57.813139] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.820747] fuse_request_send_background+0x12b/0x180 [ 57.827750] cuse_channel_open+0x5ba/0x830 [ 57.833794] misc_open+0x395/0x4c0 [ 57.839161] chrdev_open+0x245/0x6b0 [ 57.844685] do_dentry_open+0x4c3/0x1200 [ 57.850556] vfs_open+0xa0/0xd0 [ 57.855643] path_openat+0x10d7/0x4690 [ 57.861343] do_filp_open+0x1a1/0x280 [ 57.866962] do_sys_open+0x3fe/0x550 [ 57.872504] __x64_sys_openat+0x9d/0x100 [ 57.878586] do_syscall_64+0xfd/0x620 [ 57.884200] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.891195] INITIAL USE at: [ 57.894475] lock_acquire+0x16f/0x3f0 [ 57.899998] _raw_spin_lock+0x2f/0x40 [ 57.905539] flush_bg_queue+0x1f3/0x3d0 [ 57.911241] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.918767] fuse_request_send_background+0x12b/0x180 [ 57.925687] cuse_channel_open+0x5ba/0x830 [ 57.931651] misc_open+0x395/0x4c0 [ 57.936917] chrdev_open+0x245/0x6b0 [ 57.942361] do_dentry_open+0x4c3/0x1200 [ 57.948348] vfs_open+0xa0/0xd0 [ 57.953365] path_openat+0x10d7/0x4690 [ 57.959011] do_filp_open+0x1a1/0x280 [ 57.964540] do_sys_open+0x3fe/0x550 [ 57.969979] __x64_sys_openat+0x9d/0x100 [ 57.975781] do_syscall_64+0xfd/0x620 [ 57.981306] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.988211] } [ 57.990090] ... key at: [] __key.42197+0x0/0x40 [ 57.996917] ... acquired at: [ 58.000136] _raw_spin_lock+0x2f/0x40 [ 58.004110] io_submit_one+0xef2/0x2eb0 [ 58.008258] __x64_sys_io_submit+0x1aa/0x520 [ 58.012830] do_syscall_64+0xfd/0x620 [ 58.016787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.022127] [ 58.023730] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 58.029168] IN-SOFTIRQ-W at: [ 58.032437] lock_acquire+0x16f/0x3f0 [ 58.037866] _raw_spin_lock_irq+0x60/0x80 [ 58.043689] free_ioctx_users+0x2d/0x490 [ 58.049431] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 58.056556] rcu_process_callbacks+0xba0/0x1a30 [ 58.062872] __do_softirq+0x25c/0x921 [ 58.068314] run_ksoftirqd+0x8e/0x110 [ 58.073754] smpboot_thread_fn+0x6a3/0xa30 [ 58.079635] kthread+0x354/0x420 [ 58.084638] ret_from_fork+0x24/0x30 [ 58.089981] INITIAL USE at: [ 58.093163] lock_acquire+0x16f/0x3f0 [ 58.098527] _raw_spin_lock_irq+0x60/0x80 [ 58.104226] io_submit_one+0xead/0x2eb0 [ 58.109747] __x64_sys_io_submit+0x1aa/0x520 [ 58.115821] do_syscall_64+0xfd/0x620 [ 58.129431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 58.136172] } [ 58.137966] ... key at: [] __key.50188+0x0/0x40 [ 58.144710] ... acquired at: [ 58.147807] mark_lock+0x420/0x1370 [ 58.151623] __lock_acquire+0xc65/0x48f0 [ 58.156117] lock_acquire+0x16f/0x3f0 [ 58.160082] _raw_spin_lock_irq+0x60/0x80 [ 58.164418] free_ioctx_users+0x2d/0x490 [ 58.168648] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 58.174269] rcu_process_callbacks+0xba0/0x1a30 [ 58.179109] __do_softirq+0x25c/0x921 [ 58.183089] run_ksoftirqd+0x8e/0x110 [ 58.187056] smpboot_thread_fn+0x6a3/0xa30 [ 58.191461] kthread+0x354/0x420 [ 58.194988] ret_from_fork+0x24/0x30 [ 58.198857] [ 58.200464] [ 58.200464] stack backtrace: [ 58.204949] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.49 #21 [ 58.211427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.227997] Call Trace: [ 58.230580] dump_stack+0x172/0x1f0 [ 58.234214] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 58.239661] check_usage_forwards.cold+0x20/0x29 [ 58.244419] ? check_usage_backwards+0x340/0x340 [ 58.249185] ? save_stack_trace+0x1a/0x20 [ 58.253324] ? save_trace+0xe0/0x290 [ 58.257028] mark_lock+0x420/0x1370 [ 58.260647] ? check_usage_backwards+0x340/0x340 [ 58.265416] __lock_acquire+0xc65/0x48f0 [ 58.269470] ? mark_held_locks+0x100/0x100 [ 58.273703] ? mark_held_locks+0x100/0x100 [ 58.277943] ? __wake_up_common_lock+0xfe/0x190 [ 58.282621] ? mark_held_locks+0x100/0x100 [ 58.286839] ? __wake_up_common_lock+0xfe/0x190 [ 58.291512] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 58.296627] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 58.301201] ? trace_hardirqs_on+0x67/0x220 [ 58.305518] ? kasan_check_read+0x11/0x20 [ 58.309771] lock_acquire+0x16f/0x3f0 [ 58.313691] ? free_ioctx_users+0x2d/0x490 [ 58.317913] _raw_spin_lock_irq+0x60/0x80 [ 58.322051] ? free_ioctx_users+0x2d/0x490 [ 58.326273] free_ioctx_users+0x2d/0x490 [ 58.330330] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 58.335518] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 58.340964] ? percpu_ref_exit+0xd0/0xd0 [ 58.345018] rcu_process_callbacks+0xba0/0x1a30 [ 58.349699] ? __rcu_read_unlock+0x170/0x170 [ 58.354123] ? sched_clock+0x2e/0x50 [ 58.357833] __do_softirq+0x25c/0x921 [ 58.361637] ? pci_mmcfg_check_reserved+0x170/0x170 [ 58.366665] ? takeover_tasklets+0x7b0/0x7b0 [ 58.371062] run_ksoftirqd+0x8e/0x110 [ 58.374858] smpboot_thread_fn+0x6a3/0xa30 [ 58.379089] ? sort_range+0x30/0x30 [ 58.382940] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 58.388473] ? __kthread_parkme+0xfb/0x1b0 [ 58.392697] kthread+0x354/0x420 [ 58.396047] ? sort_range+0x30/0x30 [ 58.399655] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 58.405204] ret_from_fork+0x24/0x30