[ 48.195255][ T26] audit: type=1800 audit(1554225556.052:30): pid=7968 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 53.303575][ T26] kauditd_printk_skb: 4 callbacks suppressed
[ 53.303590][ T26] audit: type=1400 audit(1554225561.192:35): avc: denied { map } for pid=8144 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.63' (ECDSA) to the list of known hosts.
executing program
[ 59.839641][ T26] audit: type=1400 audit(1554225567.732:36): avc: denied { map } for pid=8156 comm="syz-executor293" path="/root/syz-executor293063623" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 60.106627][ T8158]
[ 60.108988][ T8158] ========================================================
[ 60.116167][ T8158] WARNING: possible irq lock inversion dependency detected
[ 60.123352][ T8158] 5.1.0-rc3+ #48 Not tainted
[ 60.127928][ T8158] --------------------------------------------------------
[ 60.135116][ T8158] syz-executor293/8158 just changed the state of lock:
[ 60.141943][ T8158] 000000008228862b (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x48e/0x6d0
[ 60.151645][ T8158] but this lock was taken by another, SOFTIRQ-safe lock in the past:
[ 60.159673][ T8158] (&(&ctx->ctx_lock)->rlock){..-.}
[ 60.159679][ T8158]
[ 60.159679][ T8158]
[ 60.159679][ T8158] and interrupts could create inverse lock ordering between them.
[ 60.159679][ T8158]
[ 60.179154][ T8158]
[ 60.179154][ T8158] other info that might help us debug this:
[ 60.187203][ T8158] Chain exists of:
[ 60.187203][ T8158] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh
[ 60.187203][ T8158]
[ 60.201408][ T8158] Possible interrupt unsafe locking scenario:
[ 60.201408][ T8158]
[ 60.209735][ T8158] CPU0 CPU1
[ 60.215079][ T8158] ---- ----
[ 60.220431][ T8158] lock(&ctx->fault_pending_wqh);
[ 60.225518][ T8158] local_irq_disable();
[ 60.232246][ T8158] lock(&(&ctx->ctx_lock)->rlock);
[ 60.239938][ T8158] lock(&ctx->fd_wqh);
[ 60.246594][ T8158] <Interrupt>
[ 60.250021][ T8158] lock(&(&ctx->ctx_lock)->rlock);
[ 60.255365][ T8158]
[ 60.255365][ T8158] *** DEADLOCK ***
[ 60.255365][ T8158]
[ 60.263488][ T8158] no locks held by syz-executor293/8158.
[ 60.269142][ T8158]
[ 60.269142][ T8158] the shortest dependencies between 2nd lock and 1st lock:
[ 60.278487][ T8158] -> (&(&ctx->ctx_lock)->rlock){..-.} {
[ 60.284180][ T8158] IN-SOFTIRQ-W at:
[ 60.288318][ T8158] lock_acquire+0x16f/0x3f0
[ 60.294822][ T8158] _raw_spin_lock_irq+0x60/0x80
[ 60.301649][ T8158] free_ioctx_users+0x2d/0x4a0
[ 60.308385][ T8158] percpu_ref_switch_to_atomic_rcu+0x3e7/0x520
[ 60.316515][ T8158] rcu_core+0x928/0x1390
[ 60.322730][ T8158] __do_softirq+0x266/0x95a
[ 60.329223][ T8158] irq_exit+0x180/0x1d0
[ 60.335371][ T8158] smp_apic_timer_interrupt+0x14a/0x570
[ 60.342909][ T8158] apic_timer_interrupt+0xf/0x20
[ 60.349831][ T8158] native_safe_halt+0x2/0x10
[ 60.356411][ T8158] arch_cpu_idle+0x10/0x20
[ 60.362811][ T8158] default_idle_call+0x36/0x90
[ 60.369548][ T8158] do_idle+0x386/0x570
[ 60.375588][ T8158] cpu_startup_entry+0x1b/0x20
[ 60.382321][ T8158] rest_init+0x245/0x37b
[ 60.388551][ T8158] arch_call_rest_init+0xe/0x1b
[ 60.395373][ T8158] start_kernel+0x816/0x84f
[ 60.401848][ T8158] x86_64_start_reservations+0x29/0x2b
[ 60.409280][ T8158] x86_64_start_kernel+0x77/0x7b
[ 60.416194][ T8158] secondary_startup_64+0xa4/0xb0
[ 60.423184][ T8158] INITIAL USE at:
[ 60.427231][ T8158] lock_acquire+0x16f/0x3f0
[ 60.433620][ T8158] _raw_spin_lock_irq+0x60/0x80
[ 60.440372][ T8158] io_submit_one+0xaec/0x2f90
[ 60.446934][ T8158] __x64_sys_io_submit+0x1bd/0x580
[ 60.453932][ T8158] do_syscall_64+0x103/0x610
[ 60.460409][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.468180][ T8158] }
[ 60.470834][ T8158] ... key at: [<ffffffff8a5e8ea0>] __key.52649+0x0/0x40
[ 60.478430][ T8158] ... acquired at:
[ 60.482406][ T8158] lock_acquire+0x16f/0x3f0
[ 60.487076][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.491730][ T8158] io_submit_one+0xb31/0x2f90
[ 60.496555][ T8158] __x64_sys_io_submit+0x1bd/0x580
[ 60.501816][ T8158] do_syscall_64+0x103/0x610
[ 60.506574][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.512622][ T8158]
[ 60.514943][ T8158] -> (&ctx->fd_wqh){....} {
[ 60.519509][ T8158] INITIAL USE at:
[ 60.523490][ T8158] lock_acquire+0x16f/0x3f0
[ 60.529708][ T8158] _raw_spin_lock_irq+0x60/0x80
[ 60.536273][ T8158] userfaultfd_read+0x27a/0x1940
[ 60.542931][ T8158] __vfs_read+0x8d/0x110
[ 60.548900][ T8158] vfs_read+0x194/0x3e0
[ 60.554770][ T8158] ksys_read+0xea/0x1f0
[ 60.560658][ T8158] __x64_sys_read+0x73/0xb0
[ 60.566885][ T8158] do_syscall_64+0x103/0x610
[ 60.573218][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.580839][ T8158] }
[ 60.583422][ T8158] ... key at: [<ffffffff8a5e8c20>] __key.45459+0x0/0x40
[ 60.590934][ T8158] ... acquired at:
[ 60.594843][ T8158] lock_acquire+0x16f/0x3f0
[ 60.599504][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.604154][ T8158] userfaultfd_read+0x540/0x1940
[ 60.609240][ T8158] __vfs_read+0x8d/0x110
[ 60.613634][ T8158] vfs_read+0x194/0x3e0
[ 60.617941][ T8158] ksys_read+0xea/0x1f0
[ 60.622245][ T8158] __x64_sys_read+0x73/0xb0
[ 60.626912][ T8158] do_syscall_64+0x103/0x610
[ 60.631738][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.637769][ T8158]
[ 60.640067][ T8158] -> (&ctx->fault_pending_wqh){+.+.} {
[ 60.645497][ T8158] HARDIRQ-ON-W at:
[ 60.649456][ T8158] lock_acquire+0x16f/0x3f0
[ 60.655579][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.661710][ T8158] userfaultfd_release+0x48e/0x6d0
[ 60.668454][ T8158] __fput+0x2e5/0x8d0
[ 60.674056][ T8158] ____fput+0x16/0x20
[ 60.679663][ T8158] task_work_run+0x14a/0x1c0
[ 60.685880][ T8158] do_exit+0x90a/0x2fa0
[ 60.691660][ T8158] do_group_exit+0x135/0x370
[ 60.697881][ T8158] get_signal+0x399/0x1d50
[ 60.703922][ T8158] do_signal+0x87/0x1940
[ 60.709788][ T8158] exit_to_usermode_loop+0x244/0x2c0
[ 60.716716][ T8158] do_syscall_64+0x52d/0x610
[ 60.722931][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.730440][ T8158] SOFTIRQ-ON-W at:
[ 60.734399][ T8158] lock_acquire+0x16f/0x3f0
[ 60.740525][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.746654][ T8158] userfaultfd_release+0x48e/0x6d0
[ 60.753393][ T8158] __fput+0x2e5/0x8d0
[ 60.758997][ T8158] ____fput+0x16/0x20
[ 60.764615][ T8158] task_work_run+0x14a/0x1c0
[ 60.770843][ T8158] do_exit+0x90a/0x2fa0
[ 60.776626][ T8158] do_group_exit+0x135/0x370
[ 60.782841][ T8158] get_signal+0x399/0x1d50
[ 60.788885][ T8158] do_signal+0x87/0x1940
[ 60.794752][ T8158] exit_to_usermode_loop+0x244/0x2c0
[ 60.801660][ T8158] do_syscall_64+0x52d/0x610
[ 60.807886][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.816085][ T8158] INITIAL USE at:
[ 60.819965][ T8158] lock_acquire+0x16f/0x3f0
[ 60.826003][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.832041][ T8158] userfaultfd_read+0x540/0x1940
[ 60.838518][ T8158] __vfs_read+0x8d/0x110
[ 60.844315][ T8158] vfs_read+0x194/0x3e0
[ 60.850016][ T8158] ksys_read+0xea/0x1f0
[ 60.855711][ T8158] __x64_sys_read+0x73/0xb0
[ 60.861755][ T8158] do_syscall_64+0x103/0x610
[ 60.867888][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.875311][ T8158] }
[ 60.877795][ T8158] ... key at: [<ffffffff8a5e8ce0>] __key.45456+0x0/0x40
[ 60.885218][ T8158] ... acquired at:
[ 60.889002][ T8158] mark_lock+0x427/0x1380
[ 60.893492][ T8158] __lock_acquire+0x1317/0x3fb0
[ 60.898488][ T8158] lock_acquire+0x16f/0x3f0
[ 60.903139][ T8158] _raw_spin_lock+0x2f/0x40
[ 60.907790][ T8158] userfaultfd_release+0x48e/0x6d0
[ 60.913061][ T8158] __fput+0x2e5/0x8d0
[ 60.917190][ T8158] ____fput+0x16/0x20
[ 60.921316][ T8158] task_work_run+0x14a/0x1c0
[ 60.926053][ T8158] do_exit+0x90a/0x2fa0
[ 60.930370][ T8158] do_group_exit+0x135/0x370
[ 60.935117][ T8158] get_signal+0x399/0x1d50
[ 60.939689][ T8158] do_signal+0x87/0x1940
[ 60.944082][ T8158] exit_to_usermode_loop+0x244/0x2c0
[ 60.949512][ T8158] do_syscall_64+0x52d/0x610
[ 60.954252][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 60.960282][ T8158]
[ 60.962597][ T8158]
[ 60.962597][ T8158] stack backtrace:
[ 60.968464][ T8158] CPU: 0 PID: 8158 Comm: syz-executor293 Not tainted 5.1.0-rc3+ #48
[ 60.976410][ T8158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 60.986453][ T8158] Call Trace:
[ 60.989737][ T8158] dump_stack+0x172/0x1f0
[ 60.994046][ T8158] print_irq_inversion_bug.part.0+0x2c0/0x2cd
[ 61.000088][ T8158] check_usage_backwards.cold+0x1d/0x26
[ 61.005609][ T8158] ? print_shortest_lock_dependencies+0x90/0x90
[ 61.011828][ T8158] ? save_stack_trace+0x1a/0x20
[ 61.016657][ T8158] mark_lock+0x427/0x1380
[ 61.020980][ T8158] ? print_shortest_lock_dependencies+0x90/0x90
[ 61.027195][ T8158] __lock_acquire+0x1317/0x3fb0
[ 61.032022][ T8158] ? trace_hardirqs_off+0x62/0x220
[ 61.037115][ T8158] ? kasan_check_read+0x11/0x20
[ 61.041964][ T8158] ? mark_held_locks+0xf0/0xf0
[ 61.046716][ T8158] ? save_stack+0xa9/0xd0
[ 61.051020][ T8158] ? save_stack+0x45/0xd0
[ 61.055323][ T8158] ? __kasan_slab_free+0x102/0x150
[ 61.060421][ T8158] ? kasan_slab_free+0xe/0x10
[ 61.065086][ T8158] ? kmem_cache_free+0x86/0x260
[ 61.069927][ T8158] ? free_fs_struct+0x4f/0x70
[ 61.074575][ T8158] ? exit_fs+0xf0/0x130
[ 61.078706][ T8158] lock_acquire+0x16f/0x3f0
[ 61.083199][ T8158] ? userfaultfd_release+0x48e/0x6d0
[ 61.088460][ T8158] _raw_spin_lock+0x2f/0x40
[ 61.092939][ T8158] ? userfaultfd_release+0x48e/0x6d0
[ 61.098243][ T8158] userfaultfd_release+0x48e/0x6d0
[ 61.103333][ T8158] ? userfaultfd_wake_function+0x2f0/0x2f0
[ 61.109115][ T8158] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 61.115354][ T8158] ? ima_file_free+0xc9/0x4a0
[ 61.120010][ T8158] ? __might_sleep+0x95/0x190
[ 61.124663][ T8158] ? userfaultfd_wake_function+0x2f0/0x2f0
[ 61.130439][ T8158] __fput+0x2e5/0x8d0
[ 61.134410][ T8158] ____fput+0x16/0x20
[ 61.138365][ T8158] task_work_run+0x14a/0x1c0
[ 61.142929][ T8158] do_exit+0x90a/0x2fa0
[ 61.147074][ T8158] ? get_signal+0x331/0x1d50
[ 61.151641][ T8158] ? mm_update_next_owner+0x640/0x640
[ 61.156989][ T8158] ? kasan_check_write+0x14/0x20
[ 61.161903][ T8158] ? _raw_spin_unlock_irq+0x28/0x90
[ 61.167073][ T8158] ? get_signal+0x331/0x1d50
[ 61.171636][ T8158] ? _raw_spin_unlock_irq+0x28/0x90
[ 61.176822][ T8158] do_group_exit+0x135/0x370
[ 61.181401][ T8158] get_signal+0x399/0x1d50
[ 61.185794][ T8158] ? __x64_sys_io_submit+0x31f/0x580
[ 61.191057][ T8158] do_signal+0x87/0x1940
[ 61.195287][ T8158] ? lock_downgrade+0x880/0x880
[ 61.200110][ T8158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 61.206327][ T8158] ? kasan_check_read+0x11/0x20
[ 61.211155][ T8158] ? setup_sigcontext+0x7d0/0x7d0
[ 61.216157][ T8158] ? exit_to_usermode_loop+0x43/0x2c0
[ 61.221499][ T8158] ? do_syscall_64+0x52d/0x610
[ 61.226236][ T8158] ? exit_to_usermode_loop+0x43/0x2c0
[ 61.231583][ T8158] ? lockdep_hardirqs_on+0x418/0x5d0
[ 61.236841][ T8158] ? trace_hardirqs_on+0x67/0x230
[ 61.241841][ T8158] exit_to_usermode_loop+0x244/0x2c0
[ 61.247100][ T8158] do_syscall_64+0x52d/0x610
[ 61.251666][ T8158] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 61.257530][ T8158] RIP: 0033:0x4458d9
[ 61.261407][ T8158] Code: Bad RIP value.
[ 61.265444][ T8158] RSP: 002b:00007f8ea0a77db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 61.273882][ T8158] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 00000000004458d9
[ 61.281829][ T8158] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac58
[ 61.289775][ T8158] RBP: 00000000006dac50 R08: 0000000000000000 R09: 0000000000000000
[ 61.297747][ T8158] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac5c
[ 61.305696][ T8158] R13: 00007ffc0cc2938f R14: 00007f8ea0a789c0 R15: 20