[ 43.169972][ T26] audit: type=1800 audit(1554335950.673:30): pid=8051 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 65.219652][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 65.219668][ T26] audit: type=1400 audit(1554335972.753:35): avc: denied { map } for pid=8225 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.253' (ECDSA) to the list of known hosts. executing program [ 71.478855][ T26] audit: type=1400 audit(1554335979.013:36): avc: denied { map } for pid=8237 comm="syz-executor597" path="/root/syz-executor597880974" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 71.772039][ T8239] [ 71.774390][ T8239] ======================================================== [ 71.781604][ T8239] WARNING: possible irq lock inversion dependency detected [ 71.788864][ T8239] 5.1.0-rc3+ #50 Not tainted [ 71.793440][ T8239] -------------------------------------------------------- [ 71.800675][ T8239] syz-executor597/8239 just changed the state of lock: [ 71.807572][ T8239] 0000000078d28e49 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 71.817477][ T8239] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 71.825525][ T8239] (&(&ctx->ctx_lock)->rlock){..-.} [ 71.825534][ T8239] [ 71.825534][ T8239] [ 71.825534][ T8239] and interrupts could create inverse lock ordering between them. [ 71.825534][ T8239] [ 71.845060][ T8239] [ 71.845060][ T8239] other info that might help us debug this: [ 71.857989][ T8239] Chain exists of: [ 71.857989][ T8239] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 71.857989][ T8239] [ 71.872550][ T8239] Possible interrupt unsafe locking scenario: [ 71.872550][ T8239] [ 71.880946][ T8239] CPU0 CPU1 [ 71.886297][ T8239] ---- ---- [ 71.891639][ T8239] lock(&ctx->fault_pending_wqh); [ 71.896726][ T8239] local_irq_disable(); [ 71.903496][ T8239] lock(&(&ctx->ctx_lock)->rlock); [ 71.911396][ T8239] lock(&ctx->fd_wqh); [ 71.918054][ T8239] [ 71.921585][ T8239] lock(&(&ctx->ctx_lock)->rlock); [ 71.926935][ T8239] [ 71.926935][ T8239] *** DEADLOCK *** [ 71.926935][ T8239] [ 71.935065][ T8239] no locks held by syz-executor597/8239. [ 71.940666][ T8239] [ 71.940666][ T8239] the shortest dependencies between 2nd lock and 1st lock: [ 71.950221][ T8239] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 71.955928][ T8239] IN-SOFTIRQ-W at: [ 71.960163][ T8239] lock_acquire+0x16f/0x3f0 [ 71.966661][ T8239] _raw_spin_lock_irq+0x60/0x80 [ 71.973542][ T8239] free_ioctx_users+0x2d/0x4a0 [ 71.980702][ T8239] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 71.989202][ T8239] rcu_core+0x928/0x1390 [ 71.995626][ T8239] __do_softirq+0x266/0x95a [ 72.002117][ T8239] irq_exit+0x180/0x1d0 [ 72.008295][ T8239] smp_apic_timer_interrupt+0x14a/0x570 [ 72.015828][ T8239] apic_timer_interrupt+0xf/0x20 [ 72.022749][ T8239] native_safe_halt+0x2/0x10 [ 72.029325][ T8239] arch_cpu_idle+0x10/0x20 [ 72.035759][ T8239] default_idle_call+0x36/0x90 [ 72.042695][ T8239] do_idle+0x386/0x570 [ 72.048747][ T8239] cpu_startup_entry+0x1b/0x20 [ 72.055639][ T8239] rest_init+0x245/0x37b [ 72.061869][ T8239] arch_call_rest_init+0xe/0x1b [ 72.068825][ T8239] start_kernel+0x816/0x84f [ 72.075426][ T8239] x86_64_start_reservations+0x29/0x2b [ 72.082909][ T8239] x86_64_start_kernel+0x77/0x7b [ 72.089845][ T8239] secondary_startup_64+0xa4/0xb0 [ 72.096886][ T8239] INITIAL USE at: [ 72.100955][ T8239] lock_acquire+0x16f/0x3f0 [ 72.107411][ T8239] _raw_spin_lock_irq+0x60/0x80 [ 72.114169][ T8239] io_submit_one+0xaec/0x2f90 [ 72.120750][ T8239] __x64_sys_io_submit+0x1bd/0x580 [ 72.127765][ T8239] do_syscall_64+0x103/0x610 [ 72.134251][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.142240][ T8239] } [ 72.144907][ T8239] ... key at: [] __key.52649+0x0/0x40 [ 72.152667][ T8239] ... acquired at: [ 72.156666][ T8239] lock_acquire+0x16f/0x3f0 [ 72.161327][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.165987][ T8239] io_submit_one+0xb31/0x2f90 [ 72.170818][ T8239] __x64_sys_io_submit+0x1bd/0x580 [ 72.176090][ T8239] do_syscall_64+0x103/0x610 [ 72.180837][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.186875][ T8239] [ 72.189183][ T8239] -> (&ctx->fd_wqh){....} { [ 72.193755][ T8239] INITIAL USE at: [ 72.197783][ T8239] lock_acquire+0x16f/0x3f0 [ 72.204134][ T8239] _raw_spin_lock_irq+0x60/0x80 [ 72.210726][ T8239] userfaultfd_read+0x27a/0x1940 [ 72.217386][ T8239] __vfs_read+0x8d/0x110 [ 72.223386][ T8239] vfs_read+0x194/0x3e0 [ 72.229256][ T8239] ksys_read+0xea/0x1f0 [ 72.235137][ T8239] __x64_sys_read+0x73/0xb0 [ 72.241365][ T8239] do_syscall_64+0x103/0x610 [ 72.247726][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.255448][ T8239] } [ 72.258035][ T8239] ... key at: [] __key.45459+0x0/0x40 [ 72.265552][ T8239] ... acquired at: [ 72.269442][ T8239] lock_acquire+0x16f/0x3f0 [ 72.274092][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.278745][ T8239] userfaultfd_read+0x540/0x1940 [ 72.283971][ T8239] __vfs_read+0x8d/0x110 [ 72.288374][ T8239] vfs_read+0x194/0x3e0 [ 72.292682][ T8239] ksys_read+0xea/0x1f0 [ 72.296993][ T8239] __x64_sys_read+0x73/0xb0 [ 72.301654][ T8239] do_syscall_64+0x103/0x610 [ 72.306394][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.312438][ T8239] [ 72.314744][ T8239] -> (&ctx->fault_pending_wqh){+.+.} { [ 72.320178][ T8239] HARDIRQ-ON-W at: [ 72.324151][ T8239] lock_acquire+0x16f/0x3f0 [ 72.330391][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.336535][ T8239] userfaultfd_release+0x48e/0x6d0 [ 72.343280][ T8239] __fput+0x2e5/0x8d0 [ 72.348886][ T8239] ____fput+0x16/0x20 [ 72.354503][ T8239] task_work_run+0x14a/0x1c0 [ 72.360724][ T8239] do_exit+0x90a/0x2fa0 [ 72.366508][ T8239] do_group_exit+0x135/0x370 [ 72.372783][ T8239] get_signal+0x399/0x1d50 [ 72.378856][ T8239] do_signal+0x87/0x1940 [ 72.384832][ T8239] exit_to_usermode_loop+0x244/0x2c0 [ 72.391976][ T8239] do_syscall_64+0x52d/0x610 [ 72.398215][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.405742][ T8239] SOFTIRQ-ON-W at: [ 72.409716][ T8239] lock_acquire+0x16f/0x3f0 [ 72.415915][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.422158][ T8239] userfaultfd_release+0x48e/0x6d0 [ 72.428896][ T8239] __fput+0x2e5/0x8d0 [ 72.434504][ T8239] ____fput+0x16/0x20 [ 72.440235][ T8239] task_work_run+0x14a/0x1c0 [ 72.446506][ T8239] do_exit+0x90a/0x2fa0 [ 72.452337][ T8239] do_group_exit+0x135/0x370 [ 72.458564][ T8239] get_signal+0x399/0x1d50 [ 72.464664][ T8239] do_signal+0x87/0x1940 [ 72.470588][ T8239] exit_to_usermode_loop+0x244/0x2c0 [ 72.477556][ T8239] do_syscall_64+0x52d/0x610 [ 72.483783][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.491381][ T8239] INITIAL USE at: [ 72.495280][ T8239] lock_acquire+0x16f/0x3f0 [ 72.501373][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.507429][ T8239] userfaultfd_read+0x540/0x1940 [ 72.513958][ T8239] __vfs_read+0x8d/0x110 [ 72.519769][ T8239] vfs_read+0x194/0x3e0 [ 72.525473][ T8239] ksys_read+0xea/0x1f0 [ 72.531166][ T8239] __x64_sys_read+0x73/0xb0 [ 72.537342][ T8239] do_syscall_64+0x103/0x610 [ 72.543482][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.550949][ T8239] } [ 72.553442][ T8239] ... key at: [] __key.45456+0x0/0x40 [ 72.560867][ T8239] ... acquired at: [ 72.564658][ T8239] mark_lock+0x427/0x1380 [ 72.569145][ T8239] __lock_acquire+0x1317/0x3fb0 [ 72.574207][ T8239] lock_acquire+0x16f/0x3f0 [ 72.578917][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.583586][ T8239] userfaultfd_release+0x48e/0x6d0 [ 72.588958][ T8239] __fput+0x2e5/0x8d0 [ 72.593092][ T8239] ____fput+0x16/0x20 [ 72.597231][ T8239] task_work_run+0x14a/0x1c0 [ 72.601974][ T8239] do_exit+0x90a/0x2fa0 [ 72.606281][ T8239] do_group_exit+0x135/0x370 [ 72.611023][ T8239] get_signal+0x399/0x1d50 [ 72.615596][ T8239] do_signal+0x87/0x1940 [ 72.620060][ T8239] exit_to_usermode_loop+0x244/0x2c0 [ 72.625505][ T8239] do_syscall_64+0x52d/0x610 [ 72.630292][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.636336][ T8239] [ 72.638638][ T8239] [ 72.638638][ T8239] stack backtrace: [ 72.644599][ T8239] CPU: 0 PID: 8239 Comm: syz-executor597 Not tainted 5.1.0-rc3+ #50 [ 72.652559][ T8239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.662802][ T8239] Call Trace: [ 72.666086][ T8239] dump_stack+0x172/0x1f0 [ 72.670449][ T8239] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 72.676505][ T8239] check_usage_backwards.cold+0x1d/0x26 [ 72.682036][ T8239] ? print_shortest_lock_dependencies+0x90/0x90 [ 72.688365][ T8239] ? save_stack_trace+0x1a/0x20 [ 72.693240][ T8239] mark_lock+0x427/0x1380 [ 72.697559][ T8239] ? print_shortest_lock_dependencies+0x90/0x90 [ 72.703806][ T8239] __lock_acquire+0x1317/0x3fb0 [ 72.708686][ T8239] ? trace_hardirqs_off+0x62/0x220 [ 72.713882][ T8239] ? kasan_check_read+0x11/0x20 [ 72.718720][ T8239] ? mark_held_locks+0xf0/0xf0 [ 72.723479][ T8239] ? save_stack+0xa9/0xd0 [ 72.727792][ T8239] ? save_stack+0x45/0xd0 [ 72.732143][ T8239] ? __kasan_slab_free+0x102/0x150 [ 72.737359][ T8239] ? kasan_slab_free+0xe/0x10 [ 72.742118][ T8239] ? kmem_cache_free+0x86/0x260 [ 72.747051][ T8239] ? free_fs_struct+0x4f/0x70 [ 72.751712][ T8239] ? exit_fs+0xf0/0x130 [ 72.755857][ T8239] lock_acquire+0x16f/0x3f0 [ 72.760347][ T8239] ? userfaultfd_release+0x48e/0x6d0 [ 72.765615][ T8239] _raw_spin_lock+0x2f/0x40 [ 72.770108][ T8239] ? userfaultfd_release+0x48e/0x6d0 [ 72.775491][ T8239] userfaultfd_release+0x48e/0x6d0 [ 72.780586][ T8239] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 72.786377][ T8239] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 72.792621][ T8239] ? ima_file_free+0xc9/0x4a0 [ 72.797283][ T8239] ? __might_sleep+0x95/0x190 [ 72.801943][ T8239] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 72.807725][ T8239] __fput+0x2e5/0x8d0 [ 72.811693][ T8239] ____fput+0x16/0x20 [ 72.815658][ T8239] task_work_run+0x14a/0x1c0 [ 72.820239][ T8239] do_exit+0x90a/0x2fa0 [ 72.824379][ T8239] ? get_signal+0x331/0x1d50 [ 72.829021][ T8239] ? mm_update_next_owner+0x640/0x640 [ 72.834383][ T8239] ? kasan_check_write+0x14/0x20 [ 72.839308][ T8239] ? _raw_spin_unlock_irq+0x28/0x90 [ 72.844487][ T8239] ? get_signal+0x331/0x1d50 [ 72.849065][ T8239] ? _raw_spin_unlock_irq+0x28/0x90 [ 72.854268][ T8239] do_group_exit+0x135/0x370 [ 72.858851][ T8239] get_signal+0x399/0x1d50 [ 72.863259][ T8239] ? __x64_sys_io_submit+0x31f/0x580 [ 72.868526][ T8239] do_signal+0x87/0x1940 [ 72.872751][ T8239] ? lock_downgrade+0x880/0x880 [ 72.877588][ T8239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 72.883921][ T8239] ? kasan_check_read+0x11/0x20 [ 72.888768][ T8239] ? setup_sigcontext+0x7d0/0x7d0 [ 72.893785][ T8239] ? exit_to_usermode_loop+0x43/0x2c0 [ 72.899149][ T8239] ? do_syscall_64+0x52d/0x610 [ 72.903897][ T8239] ? exit_to_usermode_loop+0x43/0x2c0 [ 72.909347][ T8239] ? lockdep_hardirqs_on+0x418/0x5d0 [ 72.914617][ T8239] ? trace_hardirqs_on+0x67/0x230 [ 72.919742][ T8239] exit_to_usermode_loop+0x244/0x2c0 [ 72.925020][ T8239] do_syscall_64+0x52d/0x610 [ 72.929601][ T8239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 72.935475][ T8239] RIP: 0033:0x4458d9 [ 72.939359][ T8239] Code: Bad RIP value. [ 72.943399][ T8239] RSP: 002b:00007fa9ea08fdb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 72.951794][ T8239] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 00000000004458d9 [ 72.959926][ T8239] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac58 [ 72.967893][ T8239] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 72.975849][ T82