Warning: Permanently added '10.128.1.40' (ECDSA) to the list of known hosts. executing program [ 53.885695] audit: type=1400 audit(1560148398.169:36): avc: denied { map } for pid=7891 comm="syz-executor530" path="/root/syz-executor530385855" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.921524] [ 53.923204] ======================================================== [ 53.929677] WARNING: possible irq lock inversion dependency detected [ 53.936175] 4.19.49 #21 Not tainted [ 53.939835] -------------------------------------------------------- [ 53.946313] ksoftirqd/0/9 just changed the state of lock: [ 53.951921] 000000005687a720 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 53.960692] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 53.967516] (&fiq->waitq){+.+.} [ 53.967526] [ 53.967526] [ 53.967526] and interrupts could create inverse lock ordering between them. [ 53.967526] [ 53.982414] [ 53.982414] other info that might help us debug this: [ 53.989073] Possible interrupt unsafe locking scenario: [ 53.989073] [ 53.996083] CPU0 CPU1 [ 54.000778] ---- ---- [ 54.005453] lock(&fiq->waitq); [ 54.008825] local_irq_disable(); [ 54.014863] lock(&(&ctx->ctx_lock)->rlock); [ 54.021888] lock(&fiq->waitq); [ 54.028137] [ 54.030875] lock(&(&ctx->ctx_lock)->rlock); [ 54.035552] [ 54.035552] *** DEADLOCK *** [ 54.035552] [ 54.041713] 2 locks held by ksoftirqd/0/9: [ 54.046601] #0: 0000000058f307c5 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 54.055396] #1: 000000004b7c0e6b (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 54.065643] [ 54.065643] the shortest dependencies between 2nd lock and 1st lock: [ 54.073707] -> (&fiq->waitq){+.+.} ops: 4 { [ 54.078130] HARDIRQ-ON-W at: [ 54.081521] lock_acquire+0x16f/0x3f0 [ 54.087249] _raw_spin_lock+0x2f/0x40 [ 54.092886] flush_bg_queue+0x1f3/0x3d0 [ 54.098683] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.106295] fuse_request_send_background+0x12b/0x180 [ 54.113407] cuse_channel_open+0x5ba/0x830 [ 54.119500] misc_open+0x395/0x4c0 [ 54.124873] chrdev_open+0x245/0x6b0 [ 54.130478] do_dentry_open+0x4c3/0x1200 [ 54.136367] vfs_open+0xa0/0xd0 [ 54.141471] path_openat+0x10d7/0x4690 [ 54.147188] do_filp_open+0x1a1/0x280 [ 54.152811] do_sys_open+0x3fe/0x550 [ 54.158367] __x64_sys_openat+0x9d/0x100 [ 54.164304] do_syscall_64+0xfd/0x620 [ 54.169921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.176961] SOFTIRQ-ON-W at: [ 54.180324] lock_acquire+0x16f/0x3f0 [ 54.186166] _raw_spin_lock+0x2f/0x40 [ 54.192984] flush_bg_queue+0x1f3/0x3d0 [ 54.198776] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.206394] fuse_request_send_background+0x12b/0x180 [ 54.213401] cuse_channel_open+0x5ba/0x830 [ 54.219453] misc_open+0x395/0x4c0 [ 54.225158] chrdev_open+0x245/0x6b0 [ 54.230706] do_dentry_open+0x4c3/0x1200 [ 54.236583] vfs_open+0xa0/0xd0 [ 54.241678] path_openat+0x10d7/0x4690 [ 54.247377] do_filp_open+0x1a1/0x280 [ 54.254274] do_sys_open+0x3fe/0x550 [ 54.259801] __x64_sys_openat+0x9d/0x100 [ 54.265673] do_syscall_64+0xfd/0x620 [ 54.271293] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.278474] INITIAL USE at: [ 54.281752] lock_acquire+0x16f/0x3f0 [ 54.287285] _raw_spin_lock+0x2f/0x40 [ 54.292808] flush_bg_queue+0x1f3/0x3d0 [ 54.298523] fuse_request_send_background_locked+0x26d/0x4e0 [ 54.306050] fuse_request_send_background+0x12b/0x180 [ 54.313085] cuse_channel_open+0x5ba/0x830 [ 54.319047] misc_open+0x395/0x4c0 [ 54.324313] chrdev_open+0x245/0x6b0 [ 54.329769] do_dentry_open+0x4c3/0x1200 [ 54.335555] vfs_open+0xa0/0xd0 [ 54.340592] path_openat+0x10d7/0x4690 [ 54.346225] do_filp_open+0x1a1/0x280 [ 54.351750] do_sys_open+0x3fe/0x550 [ 54.357185] __x64_sys_openat+0x9d/0x100 [ 54.362985] do_syscall_64+0xfd/0x620 [ 54.368511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.375513] } [ 54.377400] ... key at: [] __key.42197+0x0/0x40 [ 54.384234] ... acquired at: [ 54.387420] _raw_spin_lock+0x2f/0x40 [ 54.391378] io_submit_one+0xef2/0x2eb0 [ 54.395532] __x64_sys_io_submit+0x1aa/0x520 [ 54.400105] do_syscall_64+0xfd/0x620 [ 54.404068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.409433] [ 54.411088] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 54.416544] IN-SOFTIRQ-W at: [ 54.419833] lock_acquire+0x16f/0x3f0 [ 54.425290] _raw_spin_lock_irq+0x60/0x80 [ 54.431088] free_ioctx_users+0x2d/0x490 [ 54.436802] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.443896] rcu_process_callbacks+0xba0/0x1a30 [ 54.450223] __do_softirq+0x25c/0x921 [ 54.455672] run_ksoftirqd+0x8e/0x110 [ 54.461145] smpboot_thread_fn+0x6a3/0xa30 [ 54.467029] kthread+0x354/0x420 [ 54.472057] ret_from_fork+0x24/0x30 [ 54.478365] INITIAL USE at: [ 54.489505] lock_acquire+0x16f/0x3f0 [ 54.494865] _raw_spin_lock_irq+0x60/0x80 [ 54.500576] io_submit_one+0xead/0x2eb0 [ 54.506106] __x64_sys_io_submit+0x1aa/0x520 [ 54.512078] do_syscall_64+0xfd/0x620 [ 54.517444] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.525227] } [ 54.527019] ... key at: [] __key.50188+0x0/0x40 [ 54.533751] ... acquired at: [ 54.536961] mark_lock+0x420/0x1370 [ 54.540747] __lock_acquire+0xc65/0x48f0 [ 54.544985] lock_acquire+0x16f/0x3f0 [ 54.548954] _raw_spin_lock_irq+0x60/0x80 [ 54.553288] free_ioctx_users+0x2d/0x490 [ 54.557530] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.563171] rcu_process_callbacks+0xba0/0x1a30 [ 54.568118] __do_softirq+0x25c/0x921 [ 54.572189] run_ksoftirqd+0x8e/0x110 [ 54.576153] smpboot_thread_fn+0x6a3/0xa30 [ 54.580564] kthread+0x354/0x420 [ 54.584095] ret_from_fork+0x24/0x30 [ 54.587967] [ 54.589573] [ 54.589573] stack backtrace: [ 54.594057] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.49 #21 [ 54.600453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.609802] Call Trace: [ 54.612417] dump_stack+0x172/0x1f0 [ 54.616042] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.621405] check_usage_forwards.cold+0x20/0x29 [ 54.626158] ? check_usage_backwards+0x340/0x340 [ 54.630923] ? save_stack_trace+0x1a/0x20 [ 54.635082] ? save_trace+0xe0/0x290 [ 54.638786] mark_lock+0x420/0x1370 [ 54.642418] ? check_usage_backwards+0x340/0x340 [ 54.647274] __lock_acquire+0xc65/0x48f0 [ 54.651331] ? mark_held_locks+0x100/0x100 [ 54.655559] ? mark_held_locks+0x100/0x100 [ 54.659802] ? __wake_up_common_lock+0xfe/0x190 [ 54.664487] ? mark_held_locks+0x100/0x100 [ 54.668708] ? __wake_up_common_lock+0xfe/0x190 [ 54.673970] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.679095] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 54.683696] ? trace_hardirqs_on+0x67/0x220 [ 54.688014] ? kasan_check_read+0x11/0x20 [ 54.692169] lock_acquire+0x16f/0x3f0 [ 54.695972] ? free_ioctx_users+0x2d/0x490 [ 54.700201] _raw_spin_lock_irq+0x60/0x80 [ 54.704526] ? free_ioctx_users+0x2d/0x490 [ 54.708858] free_ioctx_users+0x2d/0x490 [ 54.712922] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.718125] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.723600] ? percpu_ref_exit+0xd0/0xd0 [ 54.727655] rcu_process_callbacks+0xba0/0x1a30 [ 54.732316] ? __rcu_read_unlock+0x170/0x170 [ 54.736717] ? sched_clock+0x2e/0x50 [ 54.740425] __do_softirq+0x25c/0x921 [ 54.744219] ? pci_mmcfg_check_reserved+0x170/0x170 [ 54.749230] ? takeover_tasklets+0x7b0/0x7b0 [ 54.753652] run_ksoftirqd+0x8e/0x110 [ 54.757471] smpboot_thread_fn+0x6a3/0xa30 [ 54.761711] ? sort_range+0x30/0x30 [ 54.765411] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.770938] ? __kthread_parkme+0xfb/0x1b0 [ 54.775178] kthread+0x354/0x420 [ 54.778542] ? sort_range+0x30/0x30 [ 54.782157] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 54.787688] ret_from_f