Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program [ 53.416765] audit: type=1400 audit(1560127756.498:36): avc: denied { map } for pid=7740 comm="syz-executor480" path="/root/syz-executor480043082" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.453550] [ 53.455193] ======================================================== [ 53.468349] WARNING: possible irq lock inversion dependency detected [ 53.478177] 4.19.49 #21 Not tainted [ 53.481783] -------------------------------------------------------- [ 53.488257] ksoftirqd/0/9 just changed the state of lock: [ 53.493775] 0000000031ffc8dc (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 53.502526] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 53.509436] (&fiq->waitq){+.+.} [ 53.509446] [ 53.509446] [ 53.509446] and interrupts could create inverse lock ordering between them. [ 53.509446] [ 53.524295] [ 53.524295] other info that might help us debug this: [ 53.531029] Possible interrupt unsafe locking scenario: [ 53.531029] [ 53.537945] CPU0 CPU1 [ 53.542593] ---- ---- [ 53.547236] lock(&fiq->waitq); [ 53.550602] local_irq_disable(); [ 53.556639] lock(&(&ctx->ctx_lock)->rlock); [ 53.563641] lock(&fiq->waitq); [ 53.569513] [ 53.572243] lock(&(&ctx->ctx_lock)->rlock); [ 53.576890] [ 53.576890] *** DEADLOCK *** [ 53.576890] [ 53.582947] 2 locks held by ksoftirqd/0/9: [ 53.587166] #0: 00000000dff5dc23 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 53.595936] #1: 000000007d607131 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 53.606076] [ 53.606076] the shortest dependencies between 2nd lock and 1st lock: [ 53.614051] -> (&fiq->waitq){+.+.} ops: 4 { [ 53.618457] HARDIRQ-ON-W at: [ 53.621814] lock_acquire+0x16f/0x3f0 [ 53.627426] _raw_spin_lock+0x2f/0x40 [ 53.633065] flush_bg_queue+0x1f3/0x3d0 [ 53.638862] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.646474] fuse_request_send_background+0x12b/0x180 [ 53.653475] cuse_channel_open+0x5ba/0x830 [ 53.659540] misc_open+0x395/0x4c0 [ 53.664900] chrdev_open+0x245/0x6b0 [ 53.670421] do_dentry_open+0x4c3/0x1200 [ 53.676292] vfs_open+0xa0/0xd0 [ 53.681381] path_openat+0x10d7/0x4690 [ 53.687080] do_filp_open+0x1a1/0x280 [ 53.692691] do_sys_open+0x3fe/0x550 [ 53.698216] __x64_sys_openat+0x9d/0x100 [ 53.704103] do_syscall_64+0xfd/0x620 [ 53.709715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.716727] SOFTIRQ-ON-W at: [ 53.720086] lock_acquire+0x16f/0x3f0 [ 53.725698] _raw_spin_lock+0x2f/0x40 [ 53.731312] flush_bg_queue+0x1f3/0x3d0 [ 53.737098] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.744711] fuse_request_send_background+0x12b/0x180 [ 53.751720] cuse_channel_open+0x5ba/0x830 [ 53.757772] misc_open+0x395/0x4c0 [ 53.763138] chrdev_open+0x245/0x6b0 [ 53.768689] do_dentry_open+0x4c3/0x1200 [ 53.774588] vfs_open+0xa0/0xd0 [ 53.779687] path_openat+0x10d7/0x4690 [ 53.785405] do_filp_open+0x1a1/0x280 [ 53.791017] do_sys_open+0x3fe/0x550 [ 53.796539] __x64_sys_openat+0x9d/0x100 [ 53.802411] do_syscall_64+0xfd/0x620 [ 53.808037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.815033] INITIAL USE at: [ 53.818328] lock_acquire+0x16f/0x3f0 [ 53.823850] _raw_spin_lock+0x2f/0x40 [ 53.829371] flush_bg_queue+0x1f3/0x3d0 [ 53.835098] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.842623] fuse_request_send_background+0x12b/0x180 [ 53.849548] cuse_channel_open+0x5ba/0x830 [ 53.855505] misc_open+0x395/0x4c0 [ 53.860767] chrdev_open+0x245/0x6b0 [ 53.866209] do_dentry_open+0x4c3/0x1200 [ 53.872018] vfs_open+0xa0/0xd0 [ 53.877114] path_openat+0x10d7/0x4690 [ 53.882754] do_filp_open+0x1a1/0x280 [ 53.888293] do_sys_open+0x3fe/0x550 [ 53.893762] __x64_sys_openat+0x9d/0x100 [ 53.899563] do_syscall_64+0xfd/0x620 [ 53.905102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.912012] } [ 53.913894] ... key at: [] __key.42197+0x0/0x40 [ 53.920716] ... acquired at: [ 53.923901] _raw_spin_lock+0x2f/0x40 [ 53.927892] io_submit_one+0xef2/0x2eb0 [ 53.932048] __x64_sys_io_submit+0x1aa/0x520 [ 53.936620] do_syscall_64+0xfd/0x620 [ 53.940584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.945927] [ 53.947534] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 53.952980] IN-SOFTIRQ-W at: [ 53.956275] lock_acquire+0x16f/0x3f0 [ 53.961714] _raw_spin_lock_irq+0x60/0x80 [ 53.967503] free_ioctx_users+0x2d/0x490 [ 53.973210] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.980318] rcu_process_callbacks+0xba0/0x1a30 [ 53.986628] __do_softirq+0x25c/0x921 [ 53.992080] run_ksoftirqd+0x8e/0x110 [ 53.997631] smpboot_thread_fn+0x6a3/0xa30 [ 54.003501] kthread+0x354/0x420 [ 54.008501] ret_from_fork+0x24/0x30 [ 54.013844] INITIAL USE at: [ 54.017029] lock_acquire+0x16f/0x3f0 [ 54.022378] _raw_spin_lock_irq+0x60/0x80 [ 54.028093] io_submit_one+0xead/0x2eb0 [ 54.033642] __x64_sys_io_submit+0x1aa/0x520 [ 54.039605] do_syscall_64+0xfd/0x620 [ 54.044957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.051800] } [ 54.053593] ... key at: [] __key.50188+0x0/0x40 [ 54.060320] ... acquired at: [ 54.063412] mark_lock+0x420/0x1370 [ 54.067194] __lock_acquire+0xc65/0x48f0 [ 54.071411] lock_acquire+0x16f/0x3f0 [ 54.075369] _raw_spin_lock_irq+0x60/0x80 [ 54.079672] free_ioctx_users+0x2d/0x490 [ 54.083912] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.089520] rcu_process_callbacks+0xba0/0x1a30 [ 54.094356] __do_softirq+0x25c/0x921 [ 54.098315] run_ksoftirqd+0x8e/0x110 [ 54.102283] smpboot_thread_fn+0x6a3/0xa30 [ 54.106802] kthread+0x354/0x420 [ 54.111053] ret_from_fork+0x24/0x30 [ 54.114923] [ 54.116834] [ 54.116834] stack backtrace: [ 54.121508] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.49 #21 [ 54.127901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.137409] Call Trace: [ 54.139996] dump_stack+0x172/0x1f0 [ 54.143810] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.149700] check_usage_forwards.cold+0x20/0x29 [ 54.154454] ? check_usage_backwards+0x340/0x340 [ 54.159225] ? save_stack_trace+0x1a/0x20 [ 54.163360] ? save_trace+0xe0/0x290 [ 54.167058] mark_lock+0x420/0x1370 [ 54.170668] ? check_usage_backwards+0x340/0x340 [ 54.185534] __lock_acquire+0xc65/0x48f0 [ 54.189591] ? mark_held_locks+0x100/0x100 [ 54.193840] ? mark_held_locks+0x100/0x100 [ 54.198066] ? __wake_up_common_lock+0xfe/0x190 [ 54.202735] ? mark_held_locks+0x100/0x100 [ 54.206956] ? __wake_up_common_lock+0xfe/0x190 [ 54.211608] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.216716] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 54.221288] ? trace_hardirqs_on+0x67/0x220 [ 54.225607] ? kasan_check_read+0x11/0x20 [ 54.229741] lock_acquire+0x16f/0x3f0 [ 54.233532] ? free_ioctx_users+0x2d/0x490 [ 54.237751] _raw_spin_lock_irq+0x60/0x80 [ 54.241896] ? free_ioctx_users+0x2d/0x490 [ 54.246121] free_ioctx_users+0x2d/0x490 [ 54.250183] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.255383] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.260823] ? percpu_ref_exit+0xd0/0xd0 [ 54.264890] rcu_process_callbacks+0xba0/0x1a30 [ 54.269549] ? __rcu_read_unlock+0x170/0x170 [ 54.273941] ? sched_clock+0x2e/0x50 [ 54.277640] __do_softirq+0x25c/0x921 [ 54.281425] ? pci_mmcfg_check_reserved+0x170/0x170 [ 54.286449] ? takeover_tasklets+0x7b0/0x7b0 [ 54.290844] run_ksoftirqd+0x8e/0x110 [ 54.294634] smpboot_thread_fn+0x6a3/0xa30 [ 54.298871] ? sort_range+0x30/0x30 [ 54.302485] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 54.308004] ? __kthread_parkme+0xfb/0x1b0 [ 54.312220] kthread+0x354/0x420 [ 54.315574] ? sort_range+0x30/0x30 [ 54.319203] ? kth