[ 42.282645] audit: type=1800 audit(1565810115.711:30): pid=7835 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.139014] kauditd_printk_skb: 4 callbacks suppressed [ 47.139030] audit: type=1400 audit(1565810120.611:35): avc: denied { map } for pid=8007 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. executing program [ 53.813832] audit: type=1400 audit(1565810127.281:36): avc: denied { map } for pid=8019 comm="syz-executor282" path="/root/syz-executor282960522" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.848640] [ 53.850293] ======================================================== [ 53.856762] WARNING: possible irq lock inversion dependency detected [ 53.863232] 4.19.66 #40 Not tainted [ 53.866850] -------------------------------------------------------- [ 53.873321] ksoftirqd/0/9 just changed the state of lock: [ 53.878853] 00000000e98a62ef (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 53.887603] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 53.894422] (&fiq->waitq){+.+.} [ 53.894432] [ 53.894432] [ 53.894432] and interrupts could create inverse lock ordering between them. [ 53.894432] [ 53.909286] [ 53.909286] other info that might help us debug this: [ 53.915931] Possible interrupt unsafe locking scenario: [ 53.915931] [ 53.922862] CPU0 CPU1 [ 53.927508] ---- ---- [ 53.932150] lock(&fiq->waitq); [ 53.935496] local_irq_disable(); [ 53.941526] lock(&(&ctx->ctx_lock)->rlock); [ 53.948522] lock(&fiq->waitq); [ 53.954386] [ 53.957120] lock(&(&ctx->ctx_lock)->rlock); [ 53.961767] [ 53.961767] *** DEADLOCK *** [ 53.961767] [ 53.967808] 2 locks held by ksoftirqd/0/9: [ 53.972018] #0: 00000000ba34729b (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 53.980767] #1: 00000000013c16da (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 53.991002] [ 53.991002] the shortest dependencies between 2nd lock and 1st lock: [ 53.998965] -> (&fiq->waitq){+.+.} ops: 4 { [ 54.003366] HARDIRQ-ON-W at: [ 54.006719] lock_acquire+0x16f/0x3f0 [ 54.012328] _raw_spin_lock+0x2f/0x40 [ 54.017954] flush_bg_queue+0x1f3/0x3d0 [ 54.023738] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.031341] fuse_request_send_background+0x12b/0x180 [ 54.038337] cuse_channel_open+0x5ba/0x830 [ 54.044378] misc_open+0x395/0x4c0 [ 54.049727] chrdev_open+0x245/0x6b0 [ 54.055269] do_dentry_open+0x4c3/0x1210 [ 54.061140] vfs_open+0xa0/0xd0 [ 54.066228] path_openat+0x10d7/0x45e0 [ 54.071928] do_filp_open+0x1a1/0x280 [ 54.077534] do_sys_open+0x3fe/0x550 [ 54.083067] __x64_sys_openat+0x9d/0x100 [ 54.088936] do_syscall_64+0xfd/0x620 [ 54.094547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.101536] SOFTIRQ-ON-W at: [ 54.104888] lock_acquire+0x16f/0x3f0 [ 54.110495] _raw_spin_lock+0x2f/0x40 [ 54.116104] flush_bg_queue+0x1f3/0x3d0 [ 54.121903] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.129511] fuse_request_send_background+0x12b/0x180 [ 54.136508] cuse_channel_open+0x5ba/0x830 [ 54.142551] misc_open+0x395/0x4c0 [ 54.147906] chrdev_open+0x245/0x6b0 [ 54.153432] do_dentry_open+0x4c3/0x1210 [ 54.159303] vfs_open+0xa0/0xd0 [ 54.164388] path_openat+0x10d7/0x45e0 [ 54.170099] do_filp_open+0x1a1/0x280 [ 54.175704] do_sys_open+0x3fe/0x550 [ 54.181320] __x64_sys_openat+0x9d/0x100 [ 54.187636] do_syscall_64+0xfd/0x620 [ 54.193257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.200252] INITIAL USE at: [ 54.203628] lock_acquire+0x16f/0x3f0 [ 54.209175] _raw_spin_lock+0x2f/0x40 [ 54.214703] flush_bg_queue+0x1f3/0x3d0 [ 54.220419] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.227949] fuse_request_send_background+0x12b/0x180 [ 54.234864] cuse_channel_open+0x5ba/0x830 [ 54.240823] misc_open+0x395/0x4c0 [ 54.246104] chrdev_open+0x245/0x6b0 [ 54.251544] do_dentry_open+0x4c3/0x1210 [ 54.257324] vfs_open+0xa0/0xd0 [ 54.262326] path_openat+0x10d7/0x45e0 [ 54.267934] do_filp_open+0x1a1/0x280 [ 54.273458] do_sys_open+0x3fe/0x550 [ 54.278896] __x64_sys_openat+0x9d/0x100 [ 54.284679] do_syscall_64+0xfd/0x620 [ 54.290217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.297140] } [ 54.299017] ... key at: [] __key.42212+0x0/0x40 [ 54.305840] ... acquired at: [ 54.309019] _raw_spin_lock+0x2f/0x40 [ 54.312977] io_submit_one+0xef2/0x2eb0 [ 54.317121] __x64_sys_io_submit+0x1aa/0x520 [ 54.321687] do_syscall_64+0xfd/0x620 [ 54.325649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.335587] [ 54.337207] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 54.342644] IN-SOFTIRQ-W at: [ 54.345907] lock_acquire+0x16f/0x3f0 [ 54.351338] _raw_spin_lock_irq+0x60/0x80 [ 54.357119] free_ioctx_users+0x2d/0x490 [ 54.362813] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.369915] rcu_process_callbacks+0xba0/0x1a30 [ 54.376218] __do_softirq+0x25c/0x921 [ 54.381653] run_ksoftirqd+0x8e/0x110 [ 54.387105] smpboot_thread_fn+0x6a3/0xa30 [ 54.392976] kthread+0x354/0x420 [ 54.397991] ret_from_fork+0x24/0x30 [ 54.403335] INITIAL USE at: [ 54.406517] lock_acquire+0x16f/0x3f0 [ 54.412256] _raw_spin_lock_irq+0x60/0x80 [ 54.417959] io_submit_one+0xead/0x2eb0 [ 54.423480] __x64_sys_io_submit+0x1aa/0x520 [ 54.429433] do_syscall_64+0xfd/0x620 [ 54.434799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.441529] } [ 54.443339] ... key at: [] __key.50212+0x0/0x40 [ 54.450067] ... acquired at: [ 54.453150] mark_lock+0x420/0x1370 [ 54.456925] __lock_acquire+0xc62/0x49c0 [ 54.461141] lock_acquire+0x16f/0x3f0 [ 54.465096] _raw_spin_lock_irq+0x60/0x80 [ 54.469398] free_ioctx_users+0x2d/0x490 [ 54.473631] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.479257] rcu_process_callbacks+0xba0/0x1a30 [ 54.484080] __do_softirq+0x25c/0x921 [ 54.488033] run_ksoftirqd+0x8e/0x110 [ 54.491986] smpboot_thread_fn+0x6a3/0xa30 [ 54.496373] kthread+0x354/0x420 [ 54.499899] ret_from_fork+0x24/0x30 [ 54.503759] [ 54.505364] [ 54.505364] stack backtrace: [ 54.509843] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.66 #40 [ 54.516225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.525565] Call Trace: [ 54.528142] dump_stack+0x172/0x1f0 [ 54.531766] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.537116] check_usage_forwards.cold+0x20/0x29 [ 54.541858] ? check_usage_backwards+0x340/0x340 [ 54.546602] ? save_stack_trace+0x1a/0x20 [ 54.550742] ? save_trace+0xe0/0x290 [ 54.554433] mark_lock+0x420/0x1370 [ 54.558041] ? check_usage_backwards+0x340/0x340 [ 54.562778] __lock_acquire+0xc62/0x49c0 [ 54.566818] ? mark_held_locks+0x100/0x100 [ 54.571038] ? mark_held_locks+0x100/0x100 [ 54.575252] ? __wake_up_common_lock+0xfe/0x190 [ 54.579922] ? mark_held_locks+0x100/0x100 [ 54.584148] ? __wake_up_common_lock+0xfe/0x190 [ 54.588797] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.593881] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 54.598466] ? trace_hardirqs_on+0x67/0x220 [ 54.602785] ? kasan_check_read+0x11/0x20 [ 54.606927] lock_acquire+0x16f/0x3f0 [ 54.610723] ? free_ioctx_users+0x2d/0x490 [ 54.614939] _raw_spin_lock_irq+0x60/0x80 [ 54.619072] ? free_ioctx_users+0x2d/0x490 [ 54.623391] free_ioctx_users+0x2d/0x490 [ 54.627438] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.632621] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.638053] ? percpu_ref_exit+0xd0/0xd0 [ 54.642100] rcu_process_callbacks+0xba0/0x1a30 [ 54.646759] ? __rcu_read_unlock+0x170/0x170 [ 54.651148] ? sched_clock+0x2e/0x50 [ 54.654848] __do_softirq+0x25c/0x921 [ 54.658646] ? pci_mmcfg_check_reserved+0x170/0x170 [ 54.663676] ? takeover_tasklets+0x7b0/0x7