[ 53.596431][ T26] audit: type=1800 audit(1554517989.806:30): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 58.587804][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 58.587820][ T26] audit: type=1400 audit(1554517994.836:35): avc: denied { map } for pid=8232 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.172' (ECDSA) to the list of known hosts. executing program [ 65.099428][ T26] audit: type=1400 audit(1554518001.356:36): avc: denied { map } for pid=8244 comm="syz-executor397" path="/root/syz-executor397794625" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 70.201013][ T8245] [ 70.203389][ T8245] ======================================================== [ 70.211525][ T8245] WARNING: possible irq lock inversion dependency detected [ 70.218728][ T8245] 5.1.0-rc3+ #54 Not tainted [ 70.223296][ T8245] -------------------------------------------------------- [ 70.230479][ T8245] syz-executor397/8245 just changed the state of lock: [ 70.237312][ T8245] 00000000267cc82c (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0 [ 70.254276][ T8245] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 70.262320][ T8245] (&(&ctx->ctx_lock)->rlock){..-.} [ 70.262329][ T8245] [ 70.262329][ T8245] [ 70.262329][ T8245] and interrupts could create inverse lock ordering between them. [ 70.262329][ T8245] [ 70.282292][ T8245] [ 70.282292][ T8245] other info that might help us debug this: [ 70.291135][ T8245] Chain exists of: [ 70.291135][ T8245] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 70.291135][ T8245] [ 70.310867][ T8245] Possible interrupt unsafe locking scenario: [ 70.310867][ T8245] [ 70.319181][ T8245] CPU0 CPU1 [ 70.324534][ T8245] ---- ---- [ 70.329878][ T8245] lock(&ctx->fault_pending_wqh); [ 70.334973][ T8245] local_irq_disable(); [ 70.343117][ T8245] lock(&(&ctx->ctx_lock)->rlock); [ 70.350827][ T8245] lock(&ctx->fd_wqh); [ 70.357484][ T8245] [ 70.360935][ T8245] lock(&(&ctx->ctx_lock)->rlock); [ 70.366299][ T8245] [ 70.366299][ T8245] *** DEADLOCK *** [ 70.366299][ T8245] [ 70.374697][ T8245] no locks held by syz-executor397/8245. [ 70.380822][ T8245] [ 70.380822][ T8245] the shortest dependencies between 2nd lock and 1st lock: [ 70.390176][ T8245] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 70.395884][ T8245] IN-SOFTIRQ-W at: [ 70.400049][ T8245] lock_acquire+0x16f/0x3f0 [ 70.406617][ T8245] _raw_spin_lock_irq+0x60/0x80 [ 70.413643][ T8245] free_ioctx_users+0x2d/0x4a0 [ 70.420440][ T8245] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520 [ 70.428586][ T8245] rcu_core+0x928/0x1390 [ 70.434818][ T8245] __do_softirq+0x266/0x95a [ 70.441312][ T8245] irq_exit+0x180/0x1d0 [ 70.451495][ T8245] smp_apic_timer_interrupt+0x14a/0x570 [ 70.459041][ T8245] apic_timer_interrupt+0xf/0x20 [ 70.465989][ T8245] native_safe_halt+0x2/0x10 [ 70.473389][ T8245] arch_cpu_idle+0x10/0x20 [ 70.479814][ T8245] default_idle_call+0x36/0x90 [ 70.486564][ T8245] do_idle+0x386/0x570 [ 70.492613][ T8245] cpu_startup_entry+0x1b/0x20 [ 70.500617][ T8245] start_secondary+0x360/0x4d0 [ 70.507371][ T8245] secondary_startup_64+0xa4/0xb0 [ 70.514402][ T8245] INITIAL USE at: [ 70.518461][ T8245] lock_acquire+0x16f/0x3f0 [ 70.524871][ T8245] _raw_spin_lock_irq+0x60/0x80 [ 70.531624][ T8245] io_submit_one+0xaec/0x2f90 [ 70.538203][ T8245] __x64_sys_io_submit+0x1bd/0x580 [ 70.545208][ T8245] do_syscall_64+0x103/0x610 [ 70.551708][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.559581][ T8245] } [ 70.562267][ T8245] ... key at: [] __key.52649+0x0/0x40 [ 70.569869][ T8245] ... acquired at: [ 70.573843][ T8245] lock_acquire+0x16f/0x3f0 [ 70.578508][ T8245] _raw_spin_lock+0x2f/0x40 [ 70.583180][ T8245] io_submit_one+0xb31/0x2f90 [ 70.588116][ T8245] __x64_sys_io_submit+0x1bd/0x580 [ 70.593425][ T8245] do_syscall_64+0x103/0x610 [ 70.598181][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.604221][ T8245] [ 70.606525][ T8245] -> (&ctx->fd_wqh){....} { [ 70.611092][ T8245] INITIAL USE at: [ 70.615077][ T8245] lock_acquire+0x16f/0x3f0 [ 70.621311][ T8245] _raw_spin_lock_irqsave+0x95/0xcd [ 70.628253][ T8245] add_wait_queue+0x4c/0x170 [ 70.634575][ T8245] aio_poll_queue_proc+0x9e/0x110 [ 70.641342][ T8245] userfaultfd_poll+0x93/0x220 [ 70.647842][ T8245] io_submit_one+0xa8a/0x2f90 [ 70.654254][ T8245] __x64_sys_io_submit+0x1bd/0x580 [ 70.661094][ T8245] do_syscall_64+0x103/0x610 [ 70.667411][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.675032][ T8245] } [ 70.677616][ T8245] ... key at: [] __key.45459+0x0/0x40 [ 70.685154][ T8245] ... acquired at: [ 70.689042][ T8245] lock_acquire+0x16f/0x3f0 [ 70.693708][ T8245] _raw_spin_lock+0x2f/0x40 [ 70.698388][ T8245] userfaultfd_read+0x540/0x1940 [ 70.703494][ T8245] __vfs_read+0x8d/0x110 [ 70.707910][ T8245] vfs_read+0x194/0x3e0 [ 70.712226][ T8245] ksys_read+0xea/0x1f0 [ 70.716534][ T8245] __x64_sys_read+0x73/0xb0 [ 70.721194][ T8245] do_syscall_64+0x103/0x610 [ 70.726161][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.732320][ T8245] [ 70.734627][ T8245] -> (&ctx->fault_pending_wqh){+.+.} { [ 70.740059][ T8245] HARDIRQ-ON-W at: [ 70.744041][ T8245] lock_acquire+0x16f/0x3f0 [ 70.750201][ T8245] _raw_spin_lock+0x2f/0x40 [ 70.756349][ T8245] userfaultfd_release+0x48e/0x6d0 [ 70.763092][ T8245] __fput+0x2e5/0x8d0 [ 70.768700][ T8245] ____fput+0x16/0x20 [ 70.774341][ T8245] task_work_run+0x14a/0x1c0 [ 70.780565][ T8245] do_exit+0x90a/0x2fa0 [ 70.786353][ T8245] do_group_exit+0x135/0x370 [ 70.792860][ T8245] get_signal+0x399/0x1d50 [ 70.798920][ T8245] do_signal+0x87/0x1940 [ 70.804807][ T8245] exit_to_usermode_loop+0x244/0x2c0 [ 70.811724][ T8245] do_syscall_64+0x52d/0x610 [ 70.817959][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.825480][ T8245] SOFTIRQ-ON-W at: [ 70.829455][ T8245] lock_acquire+0x16f/0x3f0 [ 70.835590][ T8245] _raw_spin_lock+0x2f/0x40 [ 70.841728][ T8245] userfaultfd_release+0x48e/0x6d0 [ 70.848488][ T8245] __fput+0x2e5/0x8d0 [ 70.854114][ T8245] ____fput+0x16/0x20 [ 70.859763][ T8245] task_work_run+0x14a/0x1c0 [ 70.866139][ T8245] do_exit+0x90a/0x2fa0 [ 70.871952][ T8245] do_group_exit+0x135/0x370 [ 70.878194][ T8245] get_signal+0x399/0x1d50 [ 70.884268][ T8245] do_signal+0x87/0x1940 [ 70.890463][ T8245] exit_to_usermode_loop+0x244/0x2c0 [ 70.897401][ T8245] do_syscall_64+0x52d/0x610 [ 70.903652][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.911181][ T8245] INITIAL USE at: [ 70.915073][ T8245] lock_acquire+0x16f/0x3f0 [ 70.921343][ T8245] _raw_spin_lock+0x2f/0x40 [ 70.927404][ T8245] userfaultfd_read+0x540/0x1940 [ 70.933899][ T8245] __vfs_read+0x8d/0x110 [ 70.940305][ T8245] vfs_read+0x194/0x3e0 [ 70.946242][ T8245] ksys_read+0xea/0x1f0 [ 70.952353][ T8245] __x64_sys_read+0x73/0xb0 [ 70.958415][ T8245] do_syscall_64+0x103/0x610 [ 70.964560][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.971997][ T8245] } [ 70.974492][ T8245] ... key at: [] __key.45456+0x0/0x40 [ 70.981984][ T8245] ... acquired at: [ 70.985785][ T8245] mark_lock+0x427/0x1380 [ 70.990280][ T8245] __lock_acquire+0x1317/0x3fb0 [ 70.995282][ T8245] lock_acquire+0x16f/0x3f0 [ 71.000267][ T8245] _raw_spin_lock+0x2f/0x40 [ 71.005286][ T8245] userfaultfd_release+0x48e/0x6d0 [ 71.010898][ T8245] __fput+0x2e5/0x8d0 [ 71.015040][ T8245] ____fput+0x16/0x20 [ 71.019173][ T8245] task_work_run+0x14a/0x1c0 [ 71.023918][ T8245] do_exit+0x90a/0x2fa0 [ 71.028279][ T8245] do_group_exit+0x135/0x370 [ 71.033072][ T8245] get_signal+0x399/0x1d50 [ 71.037696][ T8245] do_signal+0x87/0x1940 [ 71.042102][ T8245] exit_to_usermode_loop+0x244/0x2c0 [ 71.047669][ T8245] do_syscall_64+0x52d/0x610 [ 71.052428][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.058608][ T8245] [ 71.061004][ T8245] [ 71.061004][ T8245] stack backtrace: [ 71.066943][ T8245] CPU: 0 PID: 8245 Comm: syz-executor397 Not tainted 5.1.0-rc3+ #54 [ 71.075051][ T8245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.085114][ T8245] Call Trace: [ 71.088411][ T8245] dump_stack+0x172/0x1f0 [ 71.092729][ T8245] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 71.098870][ T8245] check_usage_backwards.cold+0x1d/0x26 [ 71.104400][ T8245] ? print_shortest_lock_dependencies+0x90/0x90 [ 71.111142][ T8245] ? save_stack_trace+0x1a/0x20 [ 71.116003][ T8245] ? depot_save_stack+0x1de/0x460 [ 71.121013][ T8245] mark_lock+0x427/0x1380 [ 71.125393][ T8245] ? print_shortest_lock_dependencies+0x90/0x90 [ 71.131625][ T8245] __lock_acquire+0x1317/0x3fb0 [ 71.136472][ T8245] ? trace_hardirqs_off+0x62/0x220 [ 71.141582][ T8245] ? kasan_check_read+0x11/0x20 [ 71.146424][ T8245] ? mark_held_locks+0xf0/0xf0 [ 71.151189][ T8245] ? save_stack+0xa9/0xd0 [ 71.155504][ T8245] ? save_stack+0x45/0xd0 [ 71.159926][ T8245] ? __kasan_slab_free+0x102/0x150 [ 71.165022][ T8245] ? kasan_slab_free+0xe/0x10 [ 71.170511][ T8245] ? kmem_cache_free+0x86/0x260 [ 71.175415][ T8245] ? free_fs_struct+0x4f/0x70 [ 71.180162][ T8245] ? exit_fs+0xf0/0x130 [ 71.184632][ T8245] lock_acquire+0x16f/0x3f0 [ 71.189124][ T8245] ? userfaultfd_release+0x48e/0x6d0 [ 71.194433][ T8245] _raw_spin_lock+0x2f/0x40 [ 71.198998][ T8245] ? userfaultfd_release+0x48e/0x6d0 [ 71.204318][ T8245] userfaultfd_release+0x48e/0x6d0 [ 71.209427][ T8245] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 71.215219][ T8245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 71.221605][ T8245] ? ima_file_free+0xc9/0x4a0 [ 71.226263][ T8245] ? __might_sleep+0x95/0x190 [ 71.230966][ T8245] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 71.236799][ T8245] __fput+0x2e5/0x8d0 [ 71.240771][ T8245] ____fput+0x16/0x20 [ 71.244791][ T8245] task_work_run+0x14a/0x1c0 [ 71.249375][ T8245] do_exit+0x90a/0x2fa0 [ 71.253517][ T8245] ? get_signal+0x331/0x1d50 [ 71.258093][ T8245] ? mm_update_next_owner+0x640/0x640 [ 71.263451][ T8245] ? kasan_check_write+0x14/0x20 [ 71.268430][ T8245] ? _raw_spin_unlock_irq+0x28/0x90 [ 71.273628][ T8245] ? get_signal+0x331/0x1d50 [ 71.278269][ T8245] ? _raw_spin_unlock_irq+0x28/0x90 [ 71.283527][ T8245] do_group_exit+0x135/0x370 [ 71.288259][ T8245] get_signal+0x399/0x1d50 [ 71.292730][ T8245] ? fsnotify+0xbc0/0xbc0 [ 71.297095][ T8245] ? fsnotify_first_mark+0x210/0x210 [ 71.302474][ T8245] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 71.308705][ T8245] do_signal+0x87/0x1940 [ 71.312935][ T8245] ? __vfs_read+0x95/0x110 [ 71.317332][ T8245] ? userfaultfd_event_wait_completion+0xa50/0xa50 [ 71.323975][ T8245] ? setup_sigcontext+0x7d0/0x7d0 [ 71.328992][ T8245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 71.335212][ T8245] ? vfs_read+0x15d/0x3e0 [ 71.339527][ T8245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 71.345807][ T8245] ? ksys_read+0x166/0x1f0 [ 71.350286][ T8245] ? exit_to_usermode_loop+0x43/0x2c0 [ 71.355640][ T8245] ? do_syscall_64+0x52d/0x610 [ 71.360378][ T8245] ? exit_to_usermode_loop+0x43/0x2c0 [ 71.365738][ T8245] ? lockdep_hardirqs_on+0x418/0x5d0 [ 71.371016][ T8245] ? trace_hardirqs_on+0x67/0x230 [ 71.376029][ T8245] exit_to_usermode_loop+0x244/0x2c0 [ 71.381483][ T8245] do_syscall_64+0x52d/0x610 [ 71.386414][ T8245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.392355][ T8245] RIP: 0033:0x441279 [ 71.396246][ T8245] Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 71.416361][ T8245] RSP: 002b:00007ffc90abc5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 71.424873][ T8245] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000441279 [ 71.432909][ T8245] RDX: 0000000000000107 RSI: 0000000020000180 RDI: 0000000000000004 [ 71.441015][ T8245] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 executing program [ 71.449124][ T8245] R10: 00000000004002c8 R11: 0000000000000246 R12: 00000000004020a0 [ 71.457206][ T8245] R13: 0000000000402130 R14: 0000000000000000 R15: 0000000000000000 executing program