Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 67.157888][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 67.157900][ T26] audit: type=1800 audit(1560730598.864:33): pid=9209 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 67.186242][ T26] audit: type=1800 audit(1560730598.864:34): pid=9209 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 69.457035][ T26] audit: type=1400 audit(1560730601.164:35): avc: denied { map } for pid=9388 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program [ 75.872719][ T26] audit: type=1400 audit(1560730607.584:36): avc: denied { map } for pid=9400 comm="syz-executor754" path="/root/syz-executor754178883" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 76.143099][ T9402] [ 76.145442][ T9402] ======================================================== [ 76.152605][ T9402] WARNING: possible irq lock inversion dependency detected [ 76.159774][ T9402] 5.2.0-rc4+ #27 Not tainted [ 76.164332][ T9402] -------------------------------------------------------- [ 76.171499][ T9402] syz-executor754/9402 just changed the state of lock: [ 76.178318][ T9402] 000000002beb0f83 (&ctx->fault_pending_wqh){+.+.}, at: userfaultfd_release+0x4ca/0x710 [ 76.188037][ T9402] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 76.196084][ T9402] (&(&ctx->ctx_lock)->rlock){..-.} [ 76.196091][ T9402] [ 76.196091][ T9402] [ 76.196091][ T9402] and interrupts could create inverse lock ordering between them. [ 76.196091][ T9402] [ 76.215665][ T9402] [ 76.215665][ T9402] other info that might help us debug this: [ 76.223701][ T9402] Chain exists of: [ 76.223701][ T9402] &(&ctx->ctx_lock)->rlock --> &ctx->fd_wqh --> &ctx->fault_pending_wqh [ 76.223701][ T9402] [ 76.237935][ T9402] Possible interrupt unsafe locking scenario: [ 76.237935][ T9402] [ 76.246251][ T9402] CPU0 CPU1 [ 76.251604][ T9402] ---- ---- [ 76.256961][ T9402] lock(&ctx->fault_pending_wqh); [ 76.262047][ T9402] local_irq_disable(); [ 76.268779][ T9402] lock(&(&ctx->ctx_lock)->rlock); [ 76.276472][ T9402] lock(&ctx->fd_wqh); [ 76.283120][ T9402] [ 76.286551][ T9402] lock(&(&ctx->ctx_lock)->rlock); [ 76.291894][ T9402] [ 76.291894][ T9402] *** DEADLOCK *** [ 76.291894][ T9402] [ 76.300036][ T9402] no locks held by syz-executor754/9402. [ 76.305664][ T9402] [ 76.305664][ T9402] the shortest dependencies between 2nd lock and 1st lock: [ 76.315006][ T9402] -> (&(&ctx->ctx_lock)->rlock){..-.} { [ 76.320702][ T9402] IN-SOFTIRQ-W at: [ 76.324865][ T9402] lock_acquire+0x16f/0x3f0 [ 76.331371][ T9402] _raw_spin_lock_irq+0x60/0x80 [ 76.338204][ T9402] free_ioctx_users+0x2d/0x490 [ 76.344946][ T9402] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 76.353077][ T9402] rcu_core+0xba5/0x1500 [ 76.359295][ T9402] __do_softirq+0x25c/0x94c [ 76.365773][ T9402] irq_exit+0x180/0x1d0 [ 76.371918][ T9402] smp_apic_timer_interrupt+0x13b/0x550 [ 76.379451][ T9402] apic_timer_interrupt+0xf/0x20 [ 76.386380][ T9402] native_safe_halt+0xe/0x10 [ 76.392950][ T9402] arch_cpu_idle+0xa/0x10 [ 76.399251][ T9402] default_idle_call+0x36/0x90 [ 76.405986][ T9402] do_idle+0x377/0x560 [ 76.412033][ T9402] cpu_startup_entry+0x1b/0x20 [ 76.418773][ T9402] rest_init+0x245/0x37b [ 76.424989][ T9402] arch_call_rest_init+0xe/0x1b [ 76.431813][ T9402] start_kernel+0x854/0x893 [ 76.438292][ T9402] x86_64_start_reservations+0x29/0x2b [ 76.445725][ T9402] x86_64_start_kernel+0x77/0x7b [ 76.452639][ T9402] secondary_startup_64+0xa4/0xb0 [ 76.459630][ T9402] INITIAL USE at: [ 76.463683][ T9402] lock_acquire+0x16f/0x3f0 [ 76.470072][ T9402] _raw_spin_lock_irq+0x60/0x80 [ 76.476810][ T9402] io_submit_one+0xeb5/0x2ef0 [ 76.483373][ T9402] __x64_sys_io_submit+0x1bd/0x570 [ 76.490373][ T9402] do_syscall_64+0xfd/0x680 [ 76.496765][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.504570][ T9402] } [ 76.507232][ T9402] ... key at: [] __key.53428+0x0/0x40 [ 76.514844][ T9402] ... acquired at: [ 76.518805][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.523455][ T9402] io_submit_one+0xefa/0x2ef0 [ 76.528278][ T9402] __x64_sys_io_submit+0x1bd/0x570 [ 76.533534][ T9402] do_syscall_64+0xfd/0x680 [ 76.538185][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.544215][ T9402] [ 76.546512][ T9402] -> (&ctx->fd_wqh){....} { [ 76.551075][ T9402] INITIAL USE at: [ 76.555035][ T9402] lock_acquire+0x16f/0x3f0 [ 76.561254][ T9402] _raw_spin_lock_irq+0x60/0x80 [ 76.567817][ T9402] userfaultfd_read+0x27a/0x1940 [ 76.574491][ T9402] do_iter_read+0x4a4/0x660 [ 76.580713][ T9402] vfs_readv+0xf0/0x160 [ 76.586583][ T9402] do_readv+0x15b/0x330 [ 76.592452][ T9402] __x64_sys_readv+0x75/0xb0 [ 76.598752][ T9402] do_syscall_64+0xfd/0x680 [ 76.604971][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.612569][ T9402] } [ 76.615165][ T9402] ... key at: [] __key.46104+0x0/0x40 [ 76.622681][ T9402] ... acquired at: [ 76.626554][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.631206][ T9402] userfaultfd_read+0x540/0x1940 [ 76.636289][ T9402] do_iter_read+0x4a4/0x660 [ 76.640944][ T9402] vfs_readv+0xf0/0x160 [ 76.645261][ T9402] do_readv+0x15b/0x330 [ 76.649564][ T9402] __x64_sys_readv+0x75/0xb0 [ 76.654304][ T9402] do_syscall_64+0xfd/0x680 [ 76.658953][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.664988][ T9402] [ 76.667291][ T9402] -> (&ctx->fault_pending_wqh){+.+.} { [ 76.672720][ T9402] HARDIRQ-ON-W at: [ 76.676696][ T9402] lock_acquire+0x16f/0x3f0 [ 76.682824][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.688956][ T9402] userfaultfd_release+0x4ca/0x710 [ 76.695691][ T9402] __fput+0x2ff/0x890 [ 76.701322][ T9402] ____fput+0x16/0x20 [ 76.706930][ T9402] task_work_run+0x145/0x1c0 [ 76.713146][ T9402] do_exit+0x90a/0x2fa0 [ 76.718925][ T9402] do_group_exit+0x135/0x370 [ 76.725143][ T9402] get_signal+0x471/0x24b0 [ 76.731190][ T9402] do_signal+0x87/0x1900 [ 76.737076][ T9402] exit_to_usermode_loop+0x244/0x2c0 [ 76.743990][ T9402] do_syscall_64+0x58e/0x680 [ 76.750299][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.757813][ T9402] SOFTIRQ-ON-W at: [ 76.761789][ T9402] lock_acquire+0x16f/0x3f0 [ 76.767916][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.774047][ T9402] userfaultfd_release+0x4ca/0x710 [ 76.780782][ T9402] __fput+0x2ff/0x890 [ 76.786411][ T9402] ____fput+0x16/0x20 [ 76.792054][ T9402] task_work_run+0x145/0x1c0 [ 76.798281][ T9402] do_exit+0x90a/0x2fa0 [ 76.804065][ T9402] do_group_exit+0x135/0x370 [ 76.810282][ T9402] get_signal+0x471/0x24b0 [ 76.816353][ T9402] do_signal+0x87/0x1900 [ 76.822228][ T9402] exit_to_usermode_loop+0x244/0x2c0 [ 76.829140][ T9402] do_syscall_64+0x58e/0x680 [ 76.835358][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.842872][ T9402] INITIAL USE at: [ 76.846747][ T9402] lock_acquire+0x16f/0x3f0 [ 76.852793][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.858861][ T9402] userfaultfd_read+0x540/0x1940 [ 76.865340][ T9402] do_iter_read+0x4a4/0x660 [ 76.871380][ T9402] vfs_readv+0xf0/0x160 [ 76.877076][ T9402] do_readv+0x15b/0x330 [ 76.882772][ T9402] __x64_sys_readv+0x75/0xb0 [ 76.888905][ T9402] do_syscall_64+0xfd/0x680 [ 76.894954][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.902381][ T9402] } [ 76.904890][ T9402] ... key at: [] __key.46101+0x0/0x40 [ 76.912316][ T9402] ... acquired at: [ 76.916124][ T9402] mark_lock+0x420/0x1370 [ 76.920606][ T9402] __lock_acquire+0x12df/0x5490 [ 76.925606][ T9402] lock_acquire+0x16f/0x3f0 [ 76.930259][ T9402] _raw_spin_lock+0x2f/0x40 [ 76.934915][ T9402] userfaultfd_release+0x4ca/0x710 [ 76.940173][ T9402] __fput+0x2ff/0x890 [ 76.944302][ T9402] ____fput+0x16/0x20 [ 76.948429][ T9402] task_work_run+0x145/0x1c0 [ 76.953167][ T9402] do_exit+0x90a/0x2fa0 [ 76.957474][ T9402] do_group_exit+0x135/0x370 [ 76.962213][ T9402] get_signal+0x471/0x24b0 [ 76.966780][ T9402] do_signal+0x87/0x1900 [ 76.971177][ T9402] exit_to_usermode_loop+0x244/0x2c0 [ 76.976626][ T9402] do_syscall_64+0x58e/0x680 [ 76.981367][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.987420][ T9402] [ 76.989742][ T9402] [ 76.989742][ T9402] stack backtrace: [ 76.995614][ T9402] CPU: 0 PID: 9402 Comm: syz-executor754 Not tainted 5.2.0-rc4+ #27 [ 77.003564][ T9402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.013597][ T9402] Call Trace: [ 77.016870][ T9402] dump_stack+0x172/0x1f0 [ 77.021181][ T9402] print_irq_inversion_bug.part.0+0x2c5/0x2d2 [ 77.027228][ T9402] check_usage_backwards.cold+0x1d/0x26 [ 77.032755][ T9402] ? print_shortest_lock_dependencies+0x90/0x90 [ 77.038975][ T9402] ? stack_trace_save+0xac/0xe0 [ 77.043808][ T9402] ? stack_trace_consume_entry+0x190/0x190 [ 77.050711][ T9402] ? kasan_check_write+0x14/0x20 [ 77.055630][ T9402] ? graph_lock+0x7b/0x200 [ 77.060128][ T9402] ? __lockdep_reset_lock+0x450/0x450 [ 77.065477][ T9402] mark_lock+0x420/0x1370 [ 77.069786][ T9402] ? print_shortest_lock_dependencies+0x90/0x90 [ 77.076002][ T9402] __lock_acquire+0x12df/0x5490 [ 77.080826][ T9402] ? kasan_check_write+0x14/0x20 [ 77.085743][ T9402] ? mark_held_locks+0xf0/0xf0 [ 77.090486][ T9402] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 77.096271][ T9402] ? stack_depot_save+0x25a/0x450 [ 77.101274][ T9402] lock_acquire+0x16f/0x3f0 [ 77.105756][ T9402] ? userfaultfd_release+0x4ca/0x710 [ 77.111018][ T9402] _raw_spin_lock+0x2f/0x40 [ 77.115498][ T9402] ? userfaultfd_release+0x4ca/0x710 [ 77.120777][ T9402] userfaultfd_release+0x4ca/0x710 [ 77.125870][ T9402] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 77.131656][ T9402] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 77.137872][ T9402] ? ima_file_free+0xc9/0x4a0 [ 77.142525][ T9402] __fput+0x2ff/0x890 [ 77.146490][ T9402] ? userfaultfd_wake_function+0x2f0/0x2f0 [ 77.152271][ T9402] ____fput+0x16/0x20 [ 77.156245][ T9402] task_work_run+0x145/0x1c0 [ 77.160808][ T9402] do_exit+0x90a/0x2fa0 [ 77.164938][ T9402] ? get_signal+0x387/0x24b0 [ 77.169522][ T9402] ? mm_update_next_owner+0x640/0x640 [ 77.174889][ T9402] ? kasan_check_write+0x14/0x20 [ 77.179801][ T9402] ? _raw_spin_unlock_irq+0x28/0x90 [ 77.184976][ T9402] ? get_signal+0x387/0x24b0 [ 77.189545][ T9402] ? _raw_spin_unlock_irq+0x28/0x90 [ 77.194721][ T9402] do_group_exit+0x135/0x370 [ 77.199290][ T9402] get_signal+0x471/0x24b0 [ 77.203686][ T9402] ? exit_robust_list+0x2c0/0x2c0 [ 77.208694][ T9402] do_signal+0x87/0x1900 [ 77.212915][ T9402] ? lock_downgrade+0x880/0x880 [ 77.217744][ T9402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 77.223961][ T9402] ? kasan_check_read+0x11/0x20 [ 77.228793][ T9402] ? setup_sigcontext+0x7d0/0x7d0 [ 77.233797][ T9402] ? exit_to_usermode_loop+0x43/0x2c0 [ 77.239144][ T9402] ? do_syscall_64+0x58e/0x680 [ 77.243884][ T9402] ? exit_to_usermode_loop+0x43/0x2c0 [ 77.249232][ T9402] ? lockdep_hardirqs_on+0x418/0x5d0 [ 77.254495][ T9402] ? trace_hardirqs_on+0x67/0x220 [ 77.259505][ T9402] exit_to_usermode_loop+0x244/0x2c0 [ 77.264768][ T9402] do_syscall_64+0x58e/0x680 [ 77.269340][ T9402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.275207][ T9402] RIP: 0033:0x445919 [ 77.279081][ T9402] Code: Bad RIP value. [ 77.283146][ T9402] RSP: 002b:00007f4e6b5e5db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 77.291595][ T9402] RAX: fffffffffffffe00 RBX: 00000000006dac58 RCX: 000000