syzkaller login: [ 41.315304] audit: type=1400 audit(1567472597.420:35): avc: denied { map } for pid=7471 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts. executing program [ 55.356079] audit: type=1400 audit(1567472611.460:36): avc: denied { map } for pid=7483 comm="syz-executor396" path="/root/syz-executor396154765" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.403362] [ 55.405011] ======================================================== [ 55.411634] WARNING: possible irq lock inversion dependency detected [ 55.418113] 4.19.69 #43 Not tainted [ 55.421733] -------------------------------------------------------- [ 55.428218] swapper/0/0 just changed the state of lock: [ 55.433562] 00000000080248ec (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 55.442309] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 55.449122] (&fiq->waitq){+.+.} [ 55.449130] [ 55.449130] [ 55.449130] and interrupts could create inverse lock ordering between them. [ 55.449130] [ 55.463994] [ 55.463994] other info that might help us debug this: [ 55.470646] Possible interrupt unsafe locking scenario: [ 55.470646] [ 55.477550] CPU0 CPU1 [ 55.482191] ---- ---- [ 55.486835] lock(&fiq->waitq); [ 55.490197] local_irq_disable(); [ 55.496237] lock(&(&ctx->ctx_lock)->rlock); [ 55.503236] lock(&fiq->waitq); [ 55.509109] [ 55.511843] lock(&(&ctx->ctx_lock)->rlock); [ 55.516496] [ 55.516496] *** DEADLOCK *** [ 55.516496] [ 55.522546] 2 locks held by swapper/0/0: [ 55.526602] #0: 00000000c90ece17 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 55.535351] #1: 000000003a7c666a (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 55.545584] [ 55.545584] the shortest dependencies between 2nd lock and 1st lock: [ 55.553573] -> (&fiq->waitq){+.+.} ops: 4 { [ 55.557967] HARDIRQ-ON-W at: [ 55.561480] lock_acquire+0x16f/0x3f0 [ 55.567181] _raw_spin_lock+0x2f/0x40 [ 55.572807] flush_bg_queue+0x1f3/0x3d0 [ 55.578610] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.586305] fuse_request_send_background+0x12b/0x180 [ 55.593301] cuse_channel_open+0x5ba/0x830 [ 55.599354] misc_open+0x395/0x4c0 [ 55.604713] chrdev_open+0x245/0x6b0 [ 55.610237] do_dentry_open+0x4c3/0x1210 [ 55.616109] vfs_open+0xa0/0xd0 [ 55.621197] path_openat+0x10d7/0x45e0 [ 55.626894] do_filp_open+0x1a1/0x280 [ 55.632508] do_sys_open+0x3fe/0x550 [ 55.638051] __x64_sys_openat+0x9d/0x100 [ 55.644024] do_syscall_64+0xfd/0x620 [ 55.649634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.656626] SOFTIRQ-ON-W at: [ 55.659994] lock_acquire+0x16f/0x3f0 [ 55.665710] _raw_spin_lock+0x2f/0x40 [ 55.671331] flush_bg_queue+0x1f3/0x3d0 [ 55.677112] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.684728] fuse_request_send_background+0x12b/0x180 [ 55.691815] cuse_channel_open+0x5ba/0x830 [ 55.697857] misc_open+0x395/0x4c0 [ 55.703208] chrdev_open+0x245/0x6b0 [ 55.708730] do_dentry_open+0x4c3/0x1210 [ 55.714596] vfs_open+0xa0/0xd0 [ 55.719682] path_openat+0x10d7/0x45e0 [ 55.725376] do_filp_open+0x1a1/0x280 [ 55.731153] do_sys_open+0x3fe/0x550 [ 55.736671] __x64_sys_openat+0x9d/0x100 [ 55.742624] do_syscall_64+0xfd/0x620 [ 55.748314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.755304] INITIAL USE at: [ 55.758572] lock_acquire+0x16f/0x3f0 [ 55.764104] _raw_spin_lock+0x2f/0x40 [ 55.769621] flush_bg_queue+0x1f3/0x3d0 [ 55.775423] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.782942] fuse_request_send_background+0x12b/0x180 [ 55.789861] cuse_channel_open+0x5ba/0x830 [ 55.796444] misc_open+0x395/0x4c0 [ 55.801702] chrdev_open+0x245/0x6b0 [ 55.807684] do_dentry_open+0x4c3/0x1210 [ 55.813486] vfs_open+0xa0/0xd0 [ 55.818835] path_openat+0x10d7/0x45e0 [ 55.824447] do_filp_open+0x1a1/0x280 [ 55.829973] do_sys_open+0x3fe/0x550 [ 55.835406] __x64_sys_openat+0x9d/0x100 [ 55.841202] do_syscall_64+0xfd/0x620 [ 55.846737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.853644] } [ 55.855612] ... key at: [] __key.42211+0x0/0x40 [ 55.862435] ... acquired at: [ 55.865631] _raw_spin_lock+0x2f/0x40 [ 55.869590] io_submit_one+0xef2/0x2eb0 [ 55.873735] __x64_sys_io_submit+0x1aa/0x520 [ 55.878311] do_syscall_64+0xfd/0x620 [ 55.882266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.887726] [ 55.889331] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 55.894768] IN-SOFTIRQ-W at: [ 55.898030] lock_acquire+0x16f/0x3f0 [ 55.903487] _raw_spin_lock_irq+0x60/0x80 [ 55.909269] free_ioctx_users+0x2d/0x490 [ 55.914976] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 55.922204] rcu_process_callbacks+0xba0/0x1a30 [ 55.928631] __do_softirq+0x25c/0x921 [ 55.934092] irq_exit+0x180/0x1d0 [ 55.939192] smp_apic_timer_interrupt+0x13b/0x550 [ 55.945688] apic_timer_interrupt+0xf/0x20 [ 55.951567] native_safe_halt+0xe/0x10 [ 55.957092] arch_cpu_idle+0xa/0x10 [ 55.962351] default_idle_call+0x36/0x90 [ 55.968222] do_idle+0x377/0x560 [ 55.973219] cpu_startup_entry+0xc8/0xe0 [ 55.978911] rest_init+0x219/0x222 [ 55.985038] start_kernel+0x88c/0x8c5 [ 55.990472] x86_64_start_reservations+0x29/0x2b [ 55.997591] x86_64_start_kernel+0x77/0x7b [ 56.003465] secondary_startup_64+0xa4/0xb0 [ 56.010020] INITIAL USE at: [ 56.013215] lock_acquire+0x16f/0x3f0 [ 56.018560] _raw_spin_lock_irq+0x60/0x80 [ 56.024271] io_submit_one+0xead/0x2eb0 [ 56.029790] __x64_sys_io_submit+0x1aa/0x520 [ 56.035747] do_syscall_64+0xfd/0x620 [ 56.041092] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.047834] } [ 56.049622] ... key at: [] __key.50211+0x0/0x40 [ 56.056353] ... acquired at: [ 56.059453] mark_lock+0x420/0x1370 [ 56.063250] __lock_acquire+0xc62/0x49c0 [ 56.067481] lock_acquire+0x16f/0x3f0 [ 56.071440] _raw_spin_lock_irq+0x60/0x80 [ 56.075754] free_ioctx_users+0x2d/0x490 [ 56.079982] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.085593] rcu_process_callbacks+0xba0/0x1a30 [ 56.090420] __do_softirq+0x25c/0x921 [ 56.094378] irq_exit+0x180/0x1d0 [ 56.098000] smp_apic_timer_interrupt+0x13b/0x550 [ 56.103034] apic_timer_interrupt+0xf/0x20 [ 56.107420] native_safe_halt+0xe/0x10 [ 56.111474] arch_cpu_idle+0xa/0x10 [ 56.115269] default_idle_call+0x36/0x90 [ 56.119486] do_idle+0x377/0x560 [ 56.123006] cpu_startup_entry+0xc8/0xe0 [ 56.127235] rest_init+0x219/0x222 [ 56.130927] start_kernel+0x88c/0x8c5 [ 56.134882] x86_64_start_reservations+0x29/0x2b [ 56.139797] x86_64_start_kernel+0x77/0x7b [ 56.144189] secondary_startup_64+0xa4/0xb0 [ 56.148661] [ 56.150272] [ 56.150272] stack backtrace: [ 56.154795] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.69 #43 [ 56.161089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.170423] Call Trace: [ 56.173001] [ 56.175255] dump_stack+0x172/0x1f0 [ 56.178879] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.184226] check_usage_forwards.cold+0x20/0x29 [ 56.188963] ? check_usage_backwards+0x340/0x340 [ 56.193716] ? save_stack_trace+0x1a/0x20 [ 56.197934] ? save_trace+0xe0/0x290 [ 56.201627] mark_lock+0x420/0x1370 [ 56.205235] ? check_usage_backwards+0x340/0x340 [ 56.209984] __lock_acquire+0xc62/0x49c0 [ 56.214027] ? mark_held_locks+0x100/0x100 [ 56.218272] ? mark_held_locks+0x100/0x100 [ 56.222499] ? __wake_up_common_lock+0xfe/0x190 [ 56.227248] ? mark_held_locks+0x100/0x100 [ 56.231990] ? __wake_up_common_lock+0xfe/0x190 [ 56.236666] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.241764] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 56.246366] ? trace_hardirqs_on+0x67/0x220 [ 56.250672] ? kasan_check_read+0x11/0x20 [ 56.254804] lock_acquire+0x16f/0x3f0 [ 56.258588] ? free_ioctx_users+0x2d/0x490 [ 56.262806] _raw_spin_lock_irq+0x60/0x80 [ 56.266941] ? free_ioctx_users+0x2d/0x490 [ 56.271154] free_ioctx_users+0x2d/0x490 [ 56.275201] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 56.280387] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.285822] ? percpu_ref_exit+0xd0/0xd0 [ 56.289865] rcu_process_callbacks+0xba0/0x1a30 [ 56.294530] ? __rcu_read_unlock+0x170/0x170 [ 56.298940] __do_softirq+0x25c/0x921 [ 56.302725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.308257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.313867] irq_exit+0x180/0x1d0 [ 56.317304] smp_apic_timer_interrupt+0x13b/0x550 [ 56.322477] apic_timer_interrupt+0xf/0x20 [ 56.326691] [ 56.328912] RIP: 0010:native_safe_halt+0xe/0x10 [ 56.333575] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 56.352551] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 56.360250] RAX: 1ffffffff10e48c4 RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 56.367508] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 56.374770] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 56.382368] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 56.389648] R13: ffffffff88724610 R14: 0000000000000000 R15: 0000000000000000 [ 56.397095] ? default_idle+0x4e/0x320 [ 56.400978] arch_cpu_idle+0xa/0x10 [ 56.404587] default_idle_call+0x36/0x90 [ 56.408644] do_idle+0x377/0x560 [ 56.411991] ? arch_cpu_idle_exit+0x80/0x80 [ 56.416309] ? check_preemption_disabled+0x48/0x290 [ 56.421322] cpu_startup_entry+0xc8/0xe0 [ 56.425371] ? cpu_in_idle+0x20/0x20 [ 56.429070] rest_init+0x219/0x222 [ 56.432592] start_kernel+0x88c/0x8c5 [ 56.436374] ? mem_encrypt_init+0xb/0xb [ 56.440332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.445862] ? x86_family+0x41/0x50 [ 56.449477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 56.455030] x86_64_start_reservations+0x29/0x2b [ 56.459786]