Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. executing program [ 57.047905] audit: type=1400 audit(1569016033.079:36): avc: denied { map } for pid=7569 comm="syz-executor543" path="/root/syz-executor543662121" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 57.092644] [ 57.094353] ======================================================== [ 57.101065] WARNING: possible irq lock inversion dependency detected [ 57.107811] 4.19.74 #0 Not tainted [ 57.111383] -------------------------------------------------------- [ 57.118635] swapper/1/0 just changed the state of lock: [ 57.124003] 00000000c4126a30 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 57.132937] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 57.140287] (&fiq->waitq){+.+.} [ 57.140298] [ 57.140298] [ 57.140298] and interrupts could create inverse lock ordering between them. [ 57.140298] [ 57.155278] [ 57.155278] other info that might help us debug this: [ 57.161949] Possible interrupt unsafe locking scenario: [ 57.161949] [ 57.168861] CPU0 CPU1 [ 57.173517] ---- ---- [ 57.178164] lock(&fiq->waitq); [ 57.181519] local_irq_disable(); [ 57.187570] lock(&(&ctx->ctx_lock)->rlock); [ 57.197292] lock(&fiq->waitq); [ 57.203176] [ 57.205935] lock(&(&ctx->ctx_lock)->rlock); [ 57.210584] [ 57.210584] *** DEADLOCK *** [ 57.210584] [ 57.216641] 2 locks held by swapper/1/0: [ 57.220950] #0: 0000000018825ba9 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 57.229834] #1: 00000000ada45705 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 57.240136] [ 57.240136] the shortest dependencies between 2nd lock and 1st lock: [ 57.248116] -> (&fiq->waitq){+.+.} ops: 4 { [ 57.252541] HARDIRQ-ON-W at: [ 57.255951] lock_acquire+0x16f/0x3f0 [ 57.261646] _raw_spin_lock+0x2f/0x40 [ 57.267274] flush_bg_queue+0x1f3/0x3d0 [ 57.273087] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.280722] fuse_request_send_background+0x12b/0x180 [ 57.287917] cuse_channel_open+0x5ba/0x830 [ 57.293979] misc_open+0x395/0x4c0 [ 57.299357] chrdev_open+0x245/0x6b0 [ 57.305142] do_dentry_open+0x4c3/0x1210 [ 57.311014] vfs_open+0xa0/0xd0 [ 57.316108] path_openat+0x10d7/0x45e0 [ 57.321904] do_filp_open+0x1a1/0x280 [ 57.327542] do_sys_open+0x3fe/0x550 [ 57.333104] __x64_sys_openat+0x9d/0x100 [ 57.338988] do_syscall_64+0xfd/0x620 [ 57.344614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.351617] SOFTIRQ-ON-W at: [ 57.354993] lock_acquire+0x16f/0x3f0 [ 57.360723] _raw_spin_lock+0x2f/0x40 [ 57.366359] flush_bg_queue+0x1f3/0x3d0 [ 57.372434] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.380217] fuse_request_send_background+0x12b/0x180 [ 57.387253] cuse_channel_open+0x5ba/0x830 [ 57.393766] misc_open+0x395/0x4c0 [ 57.399145] chrdev_open+0x245/0x6b0 [ 57.404761] do_dentry_open+0x4c3/0x1210 [ 57.410634] vfs_open+0xa0/0xd0 [ 57.415762] path_openat+0x10d7/0x45e0 [ 57.421549] do_filp_open+0x1a1/0x280 [ 57.427170] do_sys_open+0x3fe/0x550 [ 57.432710] __x64_sys_openat+0x9d/0x100 [ 57.438606] do_syscall_64+0xfd/0x620 [ 57.444240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.451249] INITIAL USE at: [ 57.454522] lock_acquire+0x16f/0x3f0 [ 57.460393] _raw_spin_lock+0x2f/0x40 [ 57.465919] flush_bg_queue+0x1f3/0x3d0 [ 57.471625] fuse_request_send_background_locked+0x26d/0x4e0 [ 57.479235] fuse_request_send_background+0x12b/0x180 [ 57.486304] cuse_channel_open+0x5ba/0x830 [ 57.492378] misc_open+0x395/0x4c0 [ 57.497661] chrdev_open+0x245/0x6b0 [ 57.503101] do_dentry_open+0x4c3/0x1210 [ 57.508899] vfs_open+0xa0/0xd0 [ 57.513906] path_openat+0x10d7/0x45e0 [ 57.519547] do_filp_open+0x1a1/0x280 [ 57.525089] do_sys_open+0x3fe/0x550 [ 57.530629] __x64_sys_openat+0x9d/0x100 [ 57.536463] do_syscall_64+0xfd/0x620 [ 57.542144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.549088] } [ 57.551197] ... key at: [] __key.42213+0x0/0x40 [ 57.558025] ... acquired at: [ 57.561213] _raw_spin_lock+0x2f/0x40 [ 57.565177] io_submit_one+0xef2/0x2eb0 [ 57.569322] __x64_sys_io_submit+0x1aa/0x520 [ 57.573944] do_syscall_64+0xfd/0x620 [ 57.577909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.583253] [ 57.584864] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 57.590650] IN-SOFTIRQ-W at: [ 57.593924] lock_acquire+0x16f/0x3f0 [ 57.599377] _raw_spin_lock_irq+0x60/0x80 [ 57.605159] free_ioctx_users+0x2d/0x490 [ 57.610864] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 57.617952] rcu_process_callbacks+0xba0/0x1a30 [ 57.624259] __do_softirq+0x25c/0x921 [ 57.629794] irq_exit+0x180/0x1d0 [ 57.634882] smp_apic_timer_interrupt+0x13b/0x550 [ 57.641356] apic_timer_interrupt+0xf/0x20 [ 57.647247] native_safe_halt+0xe/0x10 [ 57.652863] arch_cpu_idle+0xa/0x10 [ 57.658131] default_idle_call+0x36/0x90 [ 57.663837] do_idle+0x377/0x560 [ 57.668835] cpu_startup_entry+0xc8/0xe0 [ 57.674526] start_secondary+0x3e8/0x5b0 [ 57.680218] secondary_startup_64+0xa4/0xb0 [ 57.686169] INITIAL USE at: [ 57.689346] lock_acquire+0x16f/0x3f0 [ 57.694705] _raw_spin_lock_irq+0x60/0x80 [ 57.700398] io_submit_one+0xead/0x2eb0 [ 57.706031] __x64_sys_io_submit+0x1aa/0x520 [ 57.712251] do_syscall_64+0xfd/0x620 [ 57.717620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.724527] } [ 57.726319] ... key at: [] __key.50213+0x0/0x40 [ 57.733059] ... acquired at: [ 57.736259] mark_lock+0x420/0x1370 [ 57.740056] __lock_acquire+0xc62/0x49c0 [ 57.744285] lock_acquire+0x16f/0x3f0 [ 57.748245] _raw_spin_lock_irq+0x60/0x80 [ 57.753031] free_ioctx_users+0x2d/0x490 [ 57.757261] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 57.763025] rcu_process_callbacks+0xba0/0x1a30 [ 57.767879] __do_softirq+0x25c/0x921 [ 57.771846] irq_exit+0x180/0x1d0 [ 57.775460] smp_apic_timer_interrupt+0x13b/0x550 [ 57.780462] apic_timer_interrupt+0xf/0x20 [ 57.784853] native_safe_halt+0xe/0x10 [ 57.788898] arch_cpu_idle+0xa/0x10 [ 57.792692] default_idle_call+0x36/0x90 [ 57.796907] do_idle+0x377/0x560 [ 57.800427] cpu_startup_entry+0xc8/0xe0 [ 57.804677] start_secondary+0x3e8/0x5b0 [ 57.809052] secondary_startup_64+0xa4/0xb0 [ 57.813542] [ 57.815149] [ 57.815149] stack backtrace: [ 57.819644] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.74 #0 [ 57.825786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.835143] Call Trace: [ 57.837713] [ 57.839852] dump_stack+0x172/0x1f0 [ 57.843469] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 57.848828] check_usage_forwards.cold+0x20/0x29 [ 57.853667] ? check_usage_backwards+0x340/0x340 [ 57.858418] ? save_stack_trace+0x1a/0x20 [ 57.862645] ? save_trace+0xe0/0x290 [ 57.866347] mark_lock+0x420/0x1370 [ 57.869962] ? check_usage_backwards+0x340/0x340 [ 57.874729] __lock_acquire+0xc62/0x49c0 [ 57.878784] ? mark_held_locks+0x100/0x100 [ 57.883051] ? mark_held_locks+0x100/0x100 [ 57.887281] ? __wake_up_common_lock+0xfe/0x190 [ 57.891953] ? mark_held_locks+0x100/0x100 [ 57.896186] ? __wake_up_common_lock+0xfe/0x190 [ 57.900850] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 57.905939] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 57.910507] ? trace_hardirqs_on+0x67/0x220 [ 57.914829] ? kasan_check_read+0x11/0x20 [ 57.918978] lock_acquire+0x16f/0x3f0 [ 57.922776] ? free_ioctx_users+0x2d/0x490 [ 57.927039] _raw_spin_lock_irq+0x60/0x80 [ 57.931181] ? free_ioctx_users+0x2d/0x490 [ 57.935420] free_ioctx_users+0x2d/0x490 [ 57.939485] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 57.944672] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 57.950111] ? percpu_ref_exit+0xd0/0xd0 [ 57.954162] rcu_process_callbacks+0xba0/0x1a30 [ 57.958831] ? __rcu_read_unlock+0x170/0x170 [ 57.963246] __do_softirq+0x25c/0x921 [ 57.967043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.972575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.978118] irq_exit+0x180/0x1d0 [ 57.981670] smp_apic_timer_interrupt+0x13b/0x550 [ 57.986604] apic_timer_interrupt+0xf/0x20 [ 57.990822] [ 57.993056] RIP: 0010:native_safe_halt+0xe/0x10 [ 57.997725] Code: ff ff 48 89 df e8 72 db ad fa eb 82 e9 07 00 00 00 0f 00 2d 94 c0 53 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 84 c0 53 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e be 65 fa e8 89 [ 58.018161] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 58.025868] RAX: 1ffffffff10e48c4 RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 58.033230] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 58.041987] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 58.049251] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 58.056692] R13: ffffffff88724610 R14: 0000000000000001 R15: 0000000000000000 [ 58.064170] ? default_idle+0x4e/0x320 [ 58.068070] arch_cpu_idle+0xa/0x10 [ 58.072555] default_idle_call+0x36/0x90 [ 58.079588] do_idle+0x377/0x560 [ 58.084945] ? arch_cpu_idle_exit+0x80/0x80 [ 58.089341] ? do_idle+0x1ca/0x560 [ 58.094082] cpu_startup_entry+0xc8/0xe0 [ 58.098158] ? cpu_in_idle+0x20/0x20 [ 58.102252] ? setup_APIC_timer+0x1aa/0x200 [ 58.106676] start_secondary+0x3e8/0x5b0 [ 58.111013] ? set_cpu_sibling_map+0x1860/0x1860 [ 58.116949] secondary_startup_64+0xa4/0xb0