[ 45.967853][ T26] audit: type=1800 audit(1554168626.005:30): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] startpar: service(s) returned failure: restorecond ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.241' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.189516][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 55.189531][ T26] audit: type=1400 audit(1554168635.255:36): avc: denied { map } for pid=8358 comm="syz-executor709" path="/root/syz-executor709688830" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.439803][ T8360] [ 55.442157][ T8360] ======================================================== [ 55.449335][ T8360] WARNING: possible irq lock inversion dependency detected [ 55.456556][ T8360] 5.1.0-rc3+ #48 Not tainted [ 55.461122][ T8360] -------------------------------------------------------- [ 55.468302][ T8360] syz-executor709/8360 just changed the state of lock: [ 55.475130][ T8360] 000000004de25cb7 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 55.484840][ T8360] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 55.492879][ T8360] (&(&ctx->ctx_lock)->rlock){..-.} [ 55.492888][ T8360] [ 55.492888][ T8360] [ 55.492888][ T8360] and interrupts could create inverse lock ordering between them. [ 55.492888][ T8360] [ 55.512367][ T8360] [ 55.512367][ T8360] other info that might help us debug this: [ 55.520419][ T8360] Chain exists of: [ 55.520419][ T8360] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 55.520419][ T8360] [ 55.534657][ T8360] Possible interrupt unsafe locking scenario: [ 55.534657][ T8360] [ 55.543071][ T8360] CPU0 CPU1 [ 55.548423][ T8360] ---- ---- [ 55.553769][ T8360] lock(&ctx->fault_pending_wqh); [ 55.558878][ T8360] local_irq_disable(); [ 55.565636][ T8360] lock(&(&ctx->ctx_lock)->rlock); [ 55.573343][ T8360] lock(&ctx->fd_wqh); [ 55.580013][ T8360] [ 55.583464][ T8360] lock(&(&ctx->ctx_lock)->rlock); [ 55.588835][ T8360] [ 55.588835][ T8360] *** DEADLOCK *** [ 55.588835][ T8360] [ 55.597143][ T8360] no locks held by syz-executor709/8360. [ 55.602758][ T8360] [ 55.602758][ T8360] the shortest dependencies between 2nd lock and 1st lock: [ 55.612239][ T8360] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 55.617946][ T8360] IN-SOFTIRQ-W at: [ 55.622094][ T8360] lock_acquire+0x16f/0x3f0 [ 55.628581][ T8360] _raw_spin_lock_irq+0x60/0x80 [ 55.635441][ T8360] free_ioctx_users+0x2d/0x4a0 [ 55.642202][ T8360] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 55.650368][ T8360] rcu_core+0x928/0x1390 [ 55.656595][ T8360] __do_softirq+0x266/0x95a [ 55.663085][ T8360] irq_exit+0x180/0x1d0 [ 55.669234][ T8360] smp_apic_timer_interrupt+0x14a/0x570 [ 55.676769][ T8360] apic_timer_interrupt+0xf/0x20 [ 55.683698][ T8360] native_safe_halt+0x2/0x10 [ 55.690272][ T8360] arch_cpu_idle+0x10/0x20 [ 55.696710][ T8360] default_idle_call+0x36/0x90 [ 55.703483][ T8360] do_idle+0x386/0x570 [ 55.709535][ T8360] cpu_startup_entry+0x1b/0x20 [ 55.716309][ T8360] rest_init+0x245/0x37b [ 55.722566][ T8360] arch_call_rest_init+0xe/0x1b [ 55.729417][ T8360] start_kernel+0x816/0x84f [ 55.735907][ T8360] x86_64_start_reservations+0x29/0x2b [ 55.743377][ T8360] x86_64_start_kernel+0x77/0x7b [ 55.750392][ T8360] secondary_startup_64+0xa4/0xb0 [ 55.757398][ T8360] INITIAL USE at: [ 55.761465][ T8360] lock_acquire+0x16f/0x3f0 [ 55.767865][ T8360] _raw_spin_lock_irq+0x60/0x80 [ 55.774607][ T8360] io_submit_one+0xaec/0x2f90 [ 55.781188][ T8360] __x64_sys_io_submit+0x1bd/0x580 [ 55.788222][ T8360] do_syscall_64+0x103/0x610 [ 55.794721][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.802502][ T8360] } [ 55.805166][ T8360] ... key at: [] __key.52649+0x0/0x40 [ 55.812789][ T8360] ... acquired at: [ 55.816760][ T8360] lock_acquire+0x16f/0x3f0 [ 55.821428][ T8360] _raw_spin_lock+0x2f/0x40 [ 55.826086][ T8360] io_submit_one+0xb31/0x2f90 [ 55.830939][ T8360] __x64_sys_io_submit+0x1bd/0x580 [ 55.836215][ T8360] do_syscall_64+0x103/0x610 [ 55.840969][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.847010][ T8360] [ 55.849322][ T8360] -> (&ctx->fd_wqh){....} { [ 55.853983][ T8360] INITIAL USE at: [ 55.857967][ T8360] lock_acquire+0x16f/0x3f0 [ 55.864199][ T8360] _raw_spin_lock_irq+0x60/0x80 [ 55.870776][ T8360] userfaultfd_read+0x27a/0x1940 [ 55.877467][ T8360] __vfs_read+0x8d/0x110 [ 55.883435][ T8360] vfs_read+0x194/0x3e0 [ 55.889338][ T8360] ksys_read+0xea/0x1f0 [ 55.895226][ T8360] __x64_sys_read+0x73/0xb0 [ 55.901454][ T8360] do_syscall_64+0x103/0x610 [ 55.907785][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.915411][ T8360] } [ 55.917992][ T8360] ... key at: [] __key.45459+0x0/0x40 [ 55.925508][ T8360] ... acquired at: [ 55.929410][ T8360] lock_acquire+0x16f/0x3f0 [ 55.934066][ T8360] _raw_spin_lock+0x2f/0x40 [ 55.938740][ T8360] userfaultfd_read+0x540/0x1940 [ 55.943832][ T8360] __vfs_read+0x8d/0x110 [ 55.948252][ T8360] vfs_read+0x194/0x3e0 [ 55.952600][ T8360] ksys_read+0xea/0x1f0 [ 55.956950][ T8360] __x64_sys_read+0x73/0xb0 [ 55.961633][ T8360] do_syscall_64+0x103/0x610 [ 55.966524][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.972596][ T8360] [ 55.974927][ T8360] -> (&ctx->fault_pending_wqh){+.+.} { [ 55.980370][ T8360] HARDIRQ-ON-W at: [ 55.984362][ T8360] lock_acquire+0x16f/0x3f0 [ 55.990504][ T8360] _raw_spin_lock+0x2f/0x40 [ 55.996652][ T8360] userfaultfd_release+0x48e/0x6d0 [ 56.003426][ T8360] __fput+0x2e5/0x8d0 [ 56.009051][ T8360] ____fput+0x16/0x20 [ 56.014696][ T8360] task_work_run+0x14a/0x1c0 [ 56.020960][ T8360] do_exit+0x90a/0x2fa0 [ 56.026766][ T8360] do_group_exit+0x135/0x370 [ 56.033002][ T8360] get_signal+0x399/0x1d50 [ 56.039062][ T8360] do_signal+0x87/0x1940 [ 56.044945][ T8360] exit_to_usermode_loop+0x244/0x2c0 [ 56.052066][ T8360] do_syscall_64+0x52d/0x610 [ 56.058332][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.065866][ T8360] SOFTIRQ-ON-W at: [ 56.069866][ T8360] lock_acquire+0x16f/0x3f0 [ 56.076015][ T8360] _raw_spin_lock+0x2f/0x40 [ 56.082165][ T8360] userfaultfd_release+0x48e/0x6d0 [ 56.088923][ T8360] __fput+0x2e5/0x8d0 [ 56.094544][ T8360] ____fput+0x16/0x20 [ 56.100164][ T8360] task_work_run+0x14a/0x1c0 [ 56.106395][ T8360] do_exit+0x90a/0x2fa0 [ 56.112216][ T8360] do_group_exit+0x135/0x370 [ 56.118450][ T8360] get_signal+0x399/0x1d50 [ 56.124519][ T8360] do_signal+0x87/0x1940 [ 56.130412][ T8360] exit_to_usermode_loop+0x244/0x2c0 [ 56.137338][ T8360] do_syscall_64+0x52d/0x610 [ 56.143565][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.151086][ T8360] INITIAL USE at: [ 56.154980][ T8360] lock_acquire+0x16f/0x3f0 [ 56.161039][ T8360] _raw_spin_lock+0x2f/0x40 [ 56.167121][ T8360] userfaultfd_read+0x540/0x1940 [ 56.173628][ T8360] __vfs_read+0x8d/0x110 [ 56.179447][ T8360] vfs_read+0x194/0x3e0 [ 56.185154][ T8360] ksys_read+0xea/0x1f0 [ 56.190865][ T8360] __x64_sys_read+0x73/0xb0 [ 56.196955][ T8360] do_syscall_64+0x103/0x610 [ 56.203124][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.210564][ T8360] } [ 56.213064][ T8360] ... key at: [] __key.45456+0x0/0x40 [ 56.220511][ T8360] ... acquired at: [ 56.224335][ T8360] mark_lock+0x427/0x1380 [ 56.228943][ T8360] __lock_acquire+0x1317/0x3fb0 [ 56.234054][ T8360] lock_acquire+0x16f/0x3f0 [ 56.238732][ T8360] _raw_spin_lock+0x2f/0x40 [ 56.243420][ T8360] userfaultfd_release+0x48e/0x6d0 [ 56.248717][ T8360] __fput+0x2e5/0x8d0 [ 56.252854][ T8360] ____fput+0x16/0x20 [ 56.257006][ T8360] task_work_run+0x14a/0x1c0 [ 56.261776][ T8360] do_exit+0x90a/0x2fa0 [ 56.266098][ T8360] do_group_exit+0x135/0x370 [ 56.270858][ T8360] get_signal+0x399/0x1d50 [ 56.275454][ T8360] do_signal+0x87/0x1940 [ 56.279866][ T8360] exit_to_usermode_loop+0x244/0x2c0 [ 56.285330][ T8360] do_syscall_64+0x52d/0x610 [ 56.292105][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.298150][ T8360] [ 56.300458][ T8360] [ 56.300458][ T8360] stack backtrace: [ 56.306444][ T8360] CPU: 0 PID: 8360 Comm: syz-executor709 Not tainted 5.1.0-rc3+ #48 [ 56.314557][ T8360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.324777][ T8360] Call Trace: [ 56.328075][ T8360] dump_stack+0x172/0x1f0 [ 56.332412][ T8360] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.338480][ T8360] check_usage_backwards.cold+0x1d/0x26 [ 56.344051][ T8360] ? print_shortest_lock_dependencies+0x90/0x90 [ 56.350295][ T8360] ? save_stack_trace+0x1a/0x20 [ 56.355134][ T8360] mark_lock+0x427/0x1380 [ 56.359454][ T8360] ? print_shortest_lock_dependencies+0x90/0x90 [ 56.365717][ T8360] __lock_acquire+0x1317/0x3fb0 [ 56.370580][ T8360] ? __save_stack_trace+0x99/0x100 [ 56.375706][ T8360] ? mark_held_locks+0xf0/0xf0 [ 56.380579][ T8360] ? save_stack+0xa9/0xd0 [ 56.384899][ T8360] ? save_stack+0x45/0xd0 [ 56.389245][ T8360] ? __kasan_slab_free+0x102/0x150 [ 56.395785][ T8360] ? kasan_slab_free+0xe/0x10 [ 56.400456][ T8360] ? kmem_cache_free+0x86/0x260 [ 56.405315][ T8360] ? free_fs_struct+0x4f/0x70 [ 56.409981][ T8360] ? exit_fs+0xf0/0x130 [ 56.414171][ T8360] lock_acquire+0x16f/0x3f0 [ 56.418775][ T8360] ? userfaultfd_release+0x48e/0x6d0 [ 56.424120][ T8360] _raw_spin_lock+0x2f/0x40 [ 56.428661][ T8360] ? userfaultfd_release+0x48e/0x6d0 [ 56.433966][ T8360] userfaultfd_release+0x48e/0x6d0 [ 56.439071][ T8360] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 56.444886][ T8360] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 56.451116][ T8360] ? ima_file_free+0xc9/0x4a0 [ 56.455807][ T8360] ? __might_sleep+0x95/0x190 [ 56.460483][ T8360] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 56.466301][ T8360] __fput+0x2e5/0x8d0 [ 56.470282][ T8360] ____fput+0x16/0x20 [ 56.474254][ T8360] task_work_run+0x14a/0x1c0 [ 56.484258][ T8360] do_exit+0x90a/0x2fa0 [ 56.488417][ T8360] ? get_signal+0x331/0x1d50 [ 56.493023][ T8360] ? mm_update_next_owner+0x640/0x640 [ 56.498383][ T8360] ? kasan_check_write+0x14/0x20 [ 56.503324][ T8360] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.508510][ T8360] ? get_signal+0x331/0x1d50 [ 56.513085][ T8360] ? _raw_spin_unlock_irq+0x28/0x90 [ 56.518442][ T8360] do_group_exit+0x135/0x370 [ 56.523030][ T8360] get_signal+0x399/0x1d50 [ 56.527445][ T8360] ? __x64_sys_io_submit+0x31f/0x580 [ 56.532723][ T8360] do_signal+0x87/0x1940 [ 56.536968][ T8360] ? lock_downgrade+0x880/0x880 [ 56.541820][ T8360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.548052][ T8360] ? kasan_check_read+0x11/0x20 [ 56.552889][ T8360] ? setup_sigcontext+0x7d0/0x7d0 [ 56.557980][ T8360] ? exit_to_usermode_loop+0x43/0x2c0 [ 56.563349][ T8360] ? do_syscall_64+0x52d/0x610 [ 56.568100][ T8360] ? exit_to_usermode_loop+0x43/0x2c0 [ 56.573460][ T8360] ? lockdep_hardirqs_on+0x418/0x5d0 [ 56.578739][ T8360] ? trace_hardirqs_on+0x67/0x230 [ 56.583774][ T8360] exit_to_usermode_loop+0x244/0x2c0 [ 56.589068][ T8360] do_syscall_64+0x52d/0x610 [ 56.593722][ T8360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.599606][ T8360] RIP: 0033:0x4458d9 [ 56.605305][ T8360] Code: Bad RIP value. [ 56.609357][ T8360] RSP: 002b:00007fbb671a5db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 56.617762][ T8360] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 00000000004458d9 [ 56.625782][ T8360] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac58 [ 56.633753][ T8360] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000 [ 56.641712][ T8360] R10: 0000000000000000 R1