[ 37.452324] audit: type=1800 audit(1567361894.580:32): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 38.348885] audit: type=1800 audit(1567361895.500:33): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.316654] kauditd_printk_skb: 2 callbacks suppressed [ 47.316668] audit: type=1400 audit(1567361904.470:36): avc: denied { map } for pid=7603 comm="syz-executor319" path="/root/syz-executor319673738" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.353446] [ 47.355249] ======================================================== [ 47.361771] WARNING: possible irq lock inversion dependency detected [ 47.368246] 4.19.69 #43 Not tainted [ 47.371905] -------------------------------------------------------- [ 47.378382] ksoftirqd/1/18 just changed the state of lock: [ 47.384024] 000000004652b02b (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.392772] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.399626] (&fiq->waitq){+.+.} [ 47.399635] [ 47.399635] [ 47.399635] and interrupts could create inverse lock ordering between them. [ 47.399635] [ 47.414493] [ 47.414493] other info that might help us debug this: [ 47.421158] Possible interrupt unsafe locking scenario: [ 47.421158] [ 47.428063] CPU0 CPU1 [ 47.432706] ---- ---- [ 47.437350] lock(&fiq->waitq); [ 47.440724] local_irq_disable(); [ 47.446780] lock(&(&ctx->ctx_lock)->rlock); [ 47.453802] lock(&fiq->waitq); [ 47.459683] [ 47.462433] lock(&(&ctx->ctx_lock)->rlock); [ 47.467113] [ 47.467113] *** DEADLOCK *** [ 47.467113] [ 47.473182] 2 locks held by ksoftirqd/1/18: [ 47.477482] #0: 000000002ed96a0b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.486245] #1: 00000000c7252f7d (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.496398] [ 47.496398] the shortest dependencies between 2nd lock and 1st lock: [ 47.504353] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.508764] HARDIRQ-ON-W at: [ 47.512123] lock_acquire+0x16f/0x3f0 [ 47.517729] _raw_spin_lock+0x2f/0x40 [ 47.523353] flush_bg_queue+0x1f3/0x3d0 [ 47.529159] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.536765] fuse_request_send_background+0x12b/0x180 [ 47.543760] cuse_channel_open+0x5ba/0x830 [ 47.549817] misc_open+0x395/0x4c0 [ 47.555166] chrdev_open+0x245/0x6b0 [ 47.560685] do_dentry_open+0x4c3/0x1210 [ 47.566570] vfs_open+0xa0/0xd0 [ 47.571654] path_openat+0x10d7/0x45e0 [ 47.577805] do_filp_open+0x1a1/0x280 [ 47.583421] do_sys_open+0x3fe/0x550 [ 47.588948] __x64_sys_openat+0x9d/0x100 [ 47.594837] do_syscall_64+0xfd/0x620 [ 47.600532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.607523] SOFTIRQ-ON-W at: [ 47.610892] lock_acquire+0x16f/0x3f0 [ 47.616523] _raw_spin_lock+0x2f/0x40 [ 47.622129] flush_bg_queue+0x1f3/0x3d0 [ 47.627910] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.635792] fuse_request_send_background+0x12b/0x180 [ 47.642827] cuse_channel_open+0x5ba/0x830 [ 47.648957] misc_open+0x395/0x4c0 [ 47.654319] chrdev_open+0x245/0x6b0 [ 47.659843] do_dentry_open+0x4c3/0x1210 [ 47.670228] vfs_open+0xa0/0xd0 [ 47.675317] path_openat+0x10d7/0x45e0 [ 47.681013] do_filp_open+0x1a1/0x280 [ 47.686619] do_sys_open+0x3fe/0x550 [ 47.692138] __x64_sys_openat+0x9d/0x100 [ 47.698008] do_syscall_64+0xfd/0x620 [ 47.703621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.710623] INITIAL USE at: [ 47.713908] lock_acquire+0x16f/0x3f0 [ 47.719437] _raw_spin_lock+0x2f/0x40 [ 47.724975] flush_bg_queue+0x1f3/0x3d0 [ 47.730689] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.738224] fuse_request_send_background+0x12b/0x180 [ 47.745131] cuse_channel_open+0x5ba/0x830 [ 47.751085] misc_open+0x395/0x4c0 [ 47.756346] chrdev_open+0x245/0x6b0 [ 47.761791] do_dentry_open+0x4c3/0x1210 [ 47.767570] vfs_open+0xa0/0xd0 [ 47.772568] path_openat+0x10d7/0x45e0 [ 47.778185] do_filp_open+0x1a1/0x280 [ 47.783707] do_sys_open+0x3fe/0x550 [ 47.789152] __x64_sys_openat+0x9d/0x100 [ 47.794935] do_syscall_64+0xfd/0x620 [ 47.800522] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.807528] } [ 47.809426] ... key at: [] __key.42211+0x0/0x40 [ 47.816354] ... acquired at: [ 47.819533] _raw_spin_lock+0x2f/0x40 [ 47.823499] io_submit_one+0xef2/0x2eb0 [ 47.827627] __x64_sys_io_submit+0x1aa/0x520 [ 47.832195] do_syscall_64+0xfd/0x620 [ 47.836151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.841488] [ 47.843094] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 47.848560] IN-SOFTIRQ-W at: [ 47.851827] lock_acquire+0x16f/0x3f0 [ 47.857277] _raw_spin_lock_irq+0x60/0x80 [ 47.863061] free_ioctx_users+0x2d/0x490 [ 47.868768] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.875871] rcu_process_callbacks+0xba0/0x1a30 [ 47.882179] __do_softirq+0x25c/0x921 [ 47.887612] run_ksoftirqd+0x8e/0x110 [ 47.893044] smpboot_thread_fn+0x6a3/0xa30 [ 47.898909] kthread+0x354/0x420 [ 47.903920] ret_from_fork+0x24/0x30 [ 47.909259] INITIAL USE at: [ 47.912455] lock_acquire+0x16f/0x3f0 [ 47.917801] _raw_spin_lock_irq+0x60/0x80 [ 47.923587] io_submit_one+0xead/0x2eb0 [ 47.929103] __x64_sys_io_submit+0x1aa/0x520 [ 47.935079] do_syscall_64+0xfd/0x620 [ 47.940432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.947163] } [ 47.948948] ... key at: [] __key.50211+0x0/0x40 [ 47.955675] ... acquired at: [ 47.958779] mark_lock+0x420/0x1370 [ 47.962576] __lock_acquire+0xc62/0x49c0 [ 47.966791] lock_acquire+0x16f/0x3f0 [ 47.970745] _raw_spin_lock_irq+0x60/0x80 [ 47.975049] free_ioctx_users+0x2d/0x490 [ 47.979288] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 47.984897] rcu_process_callbacks+0xba0/0x1a30 [ 47.989725] __do_softirq+0x25c/0x921 [ 47.993772] run_ksoftirqd+0x8e/0x110 [ 47.997740] smpboot_thread_fn+0x6a3/0xa30 [ 48.002128] kthread+0x354/0x420 [ 48.005649] ret_from_fork+0x24/0x30 [ 48.009511] [ 48.011117] [ 48.011117] stack backtrace: [ 48.015603] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.69 #43 [ 48.022072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.031421] Call Trace: [ 48.033996] dump_stack+0x172/0x1f0 [ 48.037605] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.042967] check_usage_forwards.cold+0x20/0x29 [ 48.047705] ? check_usage_backwards+0x340/0x340 [ 48.052446] ? save_stack_trace+0x1a/0x20 [ 48.056585] ? save_trace+0xe0/0x290 [ 48.060280] mark_lock+0x420/0x1370 [ 48.063918] ? check_usage_backwards+0x340/0x340 [ 48.068658] __lock_acquire+0xc62/0x49c0 [ 48.072696] ? mark_held_locks+0x100/0x100 [ 48.076933] ? mark_held_locks+0x100/0x100 [ 48.082355] ? __wake_up_common_lock+0xfe/0x190 [ 48.087009] ? mark_held_locks+0x100/0x100 [ 48.091238] ? __wake_up_common_lock+0xfe/0x190 [ 48.095893] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.100985] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.105562] ? trace_hardirqs_on+0x67/0x220 [ 48.109868] ? kasan_check_read+0x11/0x20 [ 48.114021] lock_acquire+0x16f/0x3f0 [ 48.117829] ? free_ioctx_users+0x2d/0x490 [ 48.122052] _raw_spin_lock_irq+0x60/0x80 [ 48.126182] ? free_ioctx_users+0x2d/0x490 [ 48.131009] free_ioctx_users+0x2d/0x490 [ 48.135058] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.140248] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.145682] ? percpu_ref_exit+0xd0/0xd0 [ 48.149740] rcu_process_callbacks+0xba0/0x1a30 [ 48.154407] ? __rcu_read_unlock+0x170/0x170 [ 48.158813] ? sched_clock+0x2e/0x50 [ 48.162512] __do_softirq+0x25c/0x921 [ 48.166315] ? pci_mmcfg_check_reserved+0x170/0x170