[ 38.016434] audit: type=1800 audit(1568562982.043:32): pid=7422 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.778818] audit: type=1800 audit(1568562982.883:33): pid=7422 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.202791] kauditd_printk_skb: 2 callbacks suppressed [ 47.202806] audit: type=1400 audit(1568562991.313:36): avc: denied { map } for pid=7610 comm="syz-executor455" path="/root/syz-executor455476181" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.239983] [ 47.241634] ======================================================== [ 47.248227] WARNING: possible irq lock inversion dependency detected [ 47.254716] 4.19.72 #0 Not tainted [ 47.258236] -------------------------------------------------------- [ 47.265057] ksoftirqd/1/18 just changed the state of lock: [ 47.270657] 0000000004bca200 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.279422] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.286244] (&fiq->waitq){+.+.} [ 47.286252] [ 47.286252] [ 47.286252] and interrupts could create inverse lock ordering between them. [ 47.286252] [ 47.301283] [ 47.301283] other info that might help us debug this: [ 47.307927] Possible interrupt unsafe locking scenario: [ 47.307927] [ 47.314828] CPU0 CPU1 [ 47.319469] ---- ---- [ 47.324121] lock(&fiq->waitq); [ 47.327486] local_irq_disable(); [ 47.333525] lock(&(&ctx->ctx_lock)->rlock); [ 47.340520] lock(&fiq->waitq); [ 47.346383] [ 47.349121] lock(&(&ctx->ctx_lock)->rlock); [ 47.353771] [ 47.353771] *** DEADLOCK *** [ 47.353771] [ 47.359816] 2 locks held by ksoftirqd/1/18: [ 47.364114] #0: 0000000010c6a7f9 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.372863] #1: 00000000b35bda71 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.383002] [ 47.383002] the shortest dependencies between 2nd lock and 1st lock: [ 47.390965] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.395381] HARDIRQ-ON-W at: [ 47.398736] lock_acquire+0x16f/0x3f0 [ 47.404344] _raw_spin_lock+0x2f/0x40 [ 47.409947] flush_bg_queue+0x1f3/0x3d0 [ 47.415741] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.423362] fuse_request_send_background+0x12b/0x180 [ 47.430355] cuse_channel_open+0x5ba/0x830 [ 47.436395] misc_open+0x395/0x4c0 [ 47.441747] chrdev_open+0x245/0x6b0 [ 47.447265] do_dentry_open+0x4c3/0x1210 [ 47.453172] vfs_open+0xa0/0xd0 [ 47.458450] path_openat+0x10d7/0x45e0 [ 47.464153] do_filp_open+0x1a1/0x280 [ 47.469798] do_sys_open+0x3fe/0x550 [ 47.475315] __x64_sys_openat+0x9d/0x100 [ 47.481184] do_syscall_64+0xfd/0x620 [ 47.486791] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.493787] SOFTIRQ-ON-W at: [ 47.497139] lock_acquire+0x16f/0x3f0 [ 47.502753] _raw_spin_lock+0x2f/0x40 [ 47.508412] flush_bg_queue+0x1f3/0x3d0 [ 47.514193] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.521798] fuse_request_send_background+0x12b/0x180 [ 47.528802] cuse_channel_open+0x5ba/0x830 [ 47.534851] misc_open+0x395/0x4c0 [ 47.540291] chrdev_open+0x245/0x6b0 [ 47.545820] do_dentry_open+0x4c3/0x1210 [ 47.551686] vfs_open+0xa0/0xd0 [ 47.556769] path_openat+0x10d7/0x45e0 [ 47.562461] do_filp_open+0x1a1/0x280 [ 47.568076] do_sys_open+0x3fe/0x550 [ 47.573809] __x64_sys_openat+0x9d/0x100 [ 47.580915] do_syscall_64+0xfd/0x620 [ 47.586638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.593960] INITIAL USE at: [ 47.597341] lock_acquire+0x16f/0x3f0 [ 47.602992] _raw_spin_lock+0x2f/0x40 [ 47.608688] flush_bg_queue+0x1f3/0x3d0 [ 47.614540] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.622068] fuse_request_send_background+0x12b/0x180 [ 47.628985] cuse_channel_open+0x5ba/0x830 [ 47.634955] misc_open+0x395/0x4c0 [ 47.640236] chrdev_open+0x245/0x6b0 [ 47.646070] do_dentry_open+0x4c3/0x1210 [ 47.651869] vfs_open+0xa0/0xd0 [ 47.656888] path_openat+0x10d7/0x45e0 [ 47.662509] do_filp_open+0x1a1/0x280 [ 47.668047] do_sys_open+0x3fe/0x550 [ 47.673496] __x64_sys_openat+0x9d/0x100 [ 47.679315] do_syscall_64+0xfd/0x620 [ 47.684874] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.691807] } [ 47.693698] ... key at: [] __key.42213+0x0/0x40 [ 47.700514] ... acquired at: [ 47.703792] _raw_spin_lock+0x2f/0x40 [ 47.707760] io_submit_one+0xef2/0x2eb0 [ 47.711920] __x64_sys_io_submit+0x1aa/0x520 [ 47.716525] do_syscall_64+0xfd/0x620 [ 47.720595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.725952] [ 47.727566] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.733024] IN-SOFTIRQ-W at: [ 47.736305] lock_acquire+0x16f/0x3f0 [ 47.741764] _raw_spin_lock_irq+0x60/0x80 [ 47.747582] free_ioctx_users+0x2d/0x490 [ 47.753289] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.760401] rcu_process_callbacks+0xba0/0x1a30 [ 47.766708] __do_softirq+0x25c/0x921 [ 47.772177] run_ksoftirqd+0x8e/0x110 [ 47.777631] smpboot_thread_fn+0x6a3/0xa30 [ 47.783592] kthread+0x354/0x420 [ 47.788606] ret_from_fork+0x24/0x30 [ 47.793950] INITIAL USE at: [ 47.797129] lock_acquire+0x16f/0x3f0 [ 47.802491] _raw_spin_lock_irq+0x60/0x80 [ 47.808304] io_submit_one+0xead/0x2eb0 [ 47.813926] __x64_sys_io_submit+0x1aa/0x520 [ 47.819884] do_syscall_64+0xfd/0x620 [ 47.825229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.831960] } [ 47.833759] ... key at: [] __key.50213+0x0/0x40 [ 47.840489] ... acquired at: [ 47.843592] mark_lock+0x420/0x1370 [ 47.847374] __lock_acquire+0xc62/0x49c0 [ 47.851654] lock_acquire+0x16f/0x3f0 [ 47.855645] _raw_spin_lock_irq+0x60/0x80 [ 47.859955] free_ioctx_users+0x2d/0x490 [ 47.864207] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.869826] rcu_process_callbacks+0xba0/0x1a30 [ 47.874674] __do_softirq+0x25c/0x921 [ 47.878631] run_ksoftirqd+0x8e/0x110 [ 47.882590] smpboot_thread_fn+0x6a3/0xa30 [ 47.886980] kthread+0x354/0x420 [ 47.890788] ret_from_fork+0x24/0x30 [ 47.895004] [ 47.896608] [ 47.896608] stack backtrace: [ 47.901097] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.72 #0 [ 47.907493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.916830] Call Trace: [ 47.919420] dump_stack+0x172/0x1f0 [ 47.923048] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 47.928404] check_usage_forwards.cold+0x20/0x29 [ 47.933141] ? check_usage_backwards+0x340/0x340 [ 47.937882] ? save_stack_trace+0x1a/0x20 [ 47.942016] ? save_trace+0xe0/0x290 [ 47.945726] mark_lock+0x420/0x1370 [ 47.949368] ? check_usage_backwards+0x340/0x340 [ 47.954108] __lock_acquire+0xc62/0x49c0 [ 47.958151] ? mark_held_locks+0x100/0x100 [ 47.962373] ? mark_held_locks+0x100/0x100 [ 47.966603] ? __wake_up_common_lock+0xfe/0x190 [ 47.971255] ? mark_held_locks+0x100/0x100 [ 47.975469] ? __wake_up_common_lock+0xfe/0x190 [ 47.980120] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 47.985219] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 47.989795] ? trace_hardirqs_on+0x67/0x220 [ 47.994108] ? kasan_check_read+0x11/0x20 [ 47.998252] lock_acquire+0x16f/0x3f0 [ 48.002109] ? free_ioctx_users+0x2d/0x490 [ 48.006353] _raw_spin_lock_irq+0x60/0x80 [ 48.010507] ? free_ioctx_users+0x2d/0x490 [ 48.014736] free_ioctx_users+0x2d/0x490 [ 48.018803] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.023980] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.029517] ? percpu_ref_exit+0xd0/0xd0 [ 48.033566] rcu_process_callbacks+0xba0/0x1a30 [ 48.038241] ? __rcu_read_unlock+0x170/0x170 [ 48.042746] ? sched_clock+0x2e/0x50 [ 48.046448] __do_softirq+0x25c/0x921 [ 48.050243] ? pci_mmcfg_check_reserved+0x170/0x170 [ 48.055355] ? takeover_tasklets+0x7b0/0x7b0 [ 48.059752] run_ksoftirqd+0x8e/0x110 [ 48.063545] smpboot_thread_fn+0x6a3/0xa30 [ 48.067778] ? sort_range+0x30/0x30 [ 48.071393] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 48.076919] ? __kthread_parkme+0xfb/0x1b0 [ 48.081151] kthread+0x354/0x420 [ 48.084516] ? sort_range+0x30/0x30 [ 48.088127] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 48.093652] ret_from_fork+0x24/0x30