Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. executing program [ 56.208107] audit: type=1400 audit(1565865995.435:36): avc: denied { map } for pid=8160 comm="syz-executor105" path="/root/syz-executor105056944" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.239426] [ 56.241094] ======================================================== [ 56.247567] WARNING: possible irq lock inversion dependency detected [ 56.254048] 4.19.66 #40 Not tainted [ 56.257659] -------------------------------------------------------- [ 56.264182] ksoftirqd/1/18 just changed the state of lock: [ 56.269786] 00000000a9452022 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 56.278537] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 56.285364] (&fiq->waitq){+.+.} [ 56.285373] [ 56.285373] [ 56.285373] and interrupts could create inverse lock ordering between them. [ 56.285373] [ 56.300226] [ 56.300226] other info that might help us debug this: [ 56.306881] Possible interrupt unsafe locking scenario: [ 56.306881] [ 56.313793] CPU0 CPU1 [ 56.318534] ---- ---- [ 56.323192] lock(&fiq->waitq); [ 56.326542] local_irq_disable(); [ 56.332577] lock(&(&ctx->ctx_lock)->rlock); [ 56.339591] lock(&fiq->waitq); [ 56.345465] [ 56.348210] lock(&(&ctx->ctx_lock)->rlock); [ 56.352870] [ 56.352870] *** DEADLOCK *** [ 56.352870] [ 56.358919] 2 locks held by ksoftirqd/1/18: [ 56.363240] #0: 0000000098317270 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 56.372015] #1: 00000000a9ee9eb1 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 56.382170] [ 56.382170] the shortest dependencies between 2nd lock and 1st lock: [ 56.390159] -> (&fiq->waitq){+.+.} ops: 4 { [ 56.394559] HARDIRQ-ON-W at: [ 56.397927] lock_acquire+0x16f/0x3f0 [ 56.403554] _raw_spin_lock+0x2f/0x40 [ 56.409166] flush_bg_queue+0x1f3/0x3d0 [ 56.414964] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.422601] fuse_request_send_background+0x12b/0x180 [ 56.429608] cuse_channel_open+0x5ba/0x830 [ 56.435671] misc_open+0x395/0x4c0 [ 56.441026] chrdev_open+0x245/0x6b0 [ 56.446578] do_dentry_open+0x4c3/0x1210 [ 56.452479] vfs_open+0xa0/0xd0 [ 56.457600] path_openat+0x10d7/0x45e0 [ 56.463296] do_filp_open+0x1a1/0x280 [ 56.468913] do_sys_open+0x3fe/0x550 [ 56.474441] __x64_sys_openat+0x9d/0x100 [ 56.480318] do_syscall_64+0xfd/0x620 [ 56.486034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.493265] SOFTIRQ-ON-W at: [ 56.496637] lock_acquire+0x16f/0x3f0 [ 56.502270] _raw_spin_lock+0x2f/0x40 [ 56.507903] flush_bg_queue+0x1f3/0x3d0 [ 56.513693] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.521306] fuse_request_send_background+0x12b/0x180 [ 56.528440] cuse_channel_open+0x5ba/0x830 [ 56.534671] misc_open+0x395/0x4c0 [ 56.540032] chrdev_open+0x245/0x6b0 [ 56.547303] do_dentry_open+0x4c3/0x1210 [ 56.553187] vfs_open+0xa0/0xd0 [ 56.558311] path_openat+0x10d7/0x45e0 [ 56.564013] do_filp_open+0x1a1/0x280 [ 56.569620] do_sys_open+0x3fe/0x550 [ 56.575140] __x64_sys_openat+0x9d/0x100 [ 56.581010] do_syscall_64+0xfd/0x620 [ 56.586638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.593649] INITIAL USE at: [ 56.596921] lock_acquire+0x16f/0x3f0 [ 56.602459] _raw_spin_lock+0x2f/0x40 [ 56.607984] flush_bg_queue+0x1f3/0x3d0 [ 56.613684] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.621218] fuse_request_send_background+0x12b/0x180 [ 56.628148] cuse_channel_open+0x5ba/0x830 [ 56.634114] misc_open+0x395/0x4c0 [ 56.639397] chrdev_open+0x245/0x6b0 [ 56.644845] do_dentry_open+0x4c3/0x1210 [ 56.650635] vfs_open+0xa0/0xd0 [ 56.655643] path_openat+0x10d7/0x45e0 [ 56.661263] do_filp_open+0x1a1/0x280 [ 56.666792] do_sys_open+0x3fe/0x550 [ 56.672234] __x64_sys_openat+0x9d/0x100 [ 56.678029] do_syscall_64+0xfd/0x620 [ 56.683571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.690494] } [ 56.692373] ... key at: [] __key.42212+0x0/0x40 [ 56.699300] ... acquired at: [ 56.702488] _raw_spin_lock+0x2f/0x40 [ 56.706472] io_submit_one+0xef2/0x2eb0 [ 56.710620] __x64_sys_io_submit+0x1aa/0x520 [ 56.715202] do_syscall_64+0xfd/0x620 [ 56.719165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.724509] [ 56.726151] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 56.731621] IN-SOFTIRQ-W at: [ 56.734892] lock_acquire+0x16f/0x3f0 [ 56.740331] _raw_spin_lock_irq+0x60/0x80 [ 56.746128] free_ioctx_users+0x2d/0x490 [ 56.751840] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.758934] rcu_process_callbacks+0xba0/0x1a30 [ 56.765253] __do_softirq+0x25c/0x921 [ 56.770712] run_ksoftirqd+0x8e/0x110 [ 56.776160] smpboot_thread_fn+0x6a3/0xa30 [ 56.782044] kthread+0x354/0x420 [ 56.787051] ret_from_fork+0x24/0x30 [ 56.792401] INITIAL USE at: [ 56.795602] lock_acquire+0x16f/0x3f0 [ 56.800958] _raw_spin_lock_irq+0x60/0x80 [ 56.806666] io_submit_one+0xead/0x2eb0 [ 56.812284] __x64_sys_io_submit+0x1aa/0x520 [ 56.819604] do_syscall_64+0xfd/0x620 [ 56.824965] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.831712] } [ 56.833524] ... key at: [] __key.50212+0x0/0x40 [ 56.840261] ... acquired at: [ 56.843371] mark_lock+0x420/0x1370 [ 56.847165] __lock_acquire+0xc62/0x49c0 [ 56.851383] lock_acquire+0x16f/0x3f0 [ 56.855344] _raw_spin_lock_irq+0x60/0x80 [ 56.859653] free_ioctx_users+0x2d/0x490 [ 56.863976] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.869596] rcu_process_callbacks+0xba0/0x1a30 [ 56.874540] __do_softirq+0x25c/0x921 [ 56.878499] run_ksoftirqd+0x8e/0x110 [ 56.882549] smpboot_thread_fn+0x6a3/0xa30 [ 56.886949] kthread+0x354/0x420 [ 56.890494] ret_from_fork+0x24/0x30 [ 56.894380] [ 56.896010] [ 56.896010] stack backtrace: [ 56.900581] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.66 #40 [ 56.907163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.916512] Call Trace: [ 56.919107] dump_stack+0x172/0x1f0 [ 56.922729] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.928111] check_usage_forwards.cold+0x20/0x29 [ 56.932861] ? check_usage_backwards+0x340/0x340 [ 56.937613] ? save_stack_trace+0x1a/0x20 [ 56.941760] ? save_trace+0xe0/0x290 [ 56.945456] mark_lock+0x420/0x1370 [ 56.949073] ? check_usage_backwards+0x340/0x340 [ 56.953818] __lock_acquire+0xc62/0x49c0 [ 56.957889] ? mark_held_locks+0x100/0x100 [ 56.962127] ? mark_held_locks+0x100/0x100 [ 56.966352] ? __wake_up_common_lock+0xfe/0x190 [ 56.971132] ? mark_held_locks+0x100/0x100 [ 56.975367] ? __wake_up_common_lock+0xfe/0x190 [ 56.980033] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.985253] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 56.989866] ? trace_hardirqs_on+0x67/0x220 [ 56.994833] ? kasan_check_read+0x11/0x20 [ 56.998986] lock_acquire+0x16f/0x3f0 [ 57.002788] ? free_ioctx_users+0x2d/0x490 [ 57.007062] _raw_spin_lock_irq+0x60/0x80 [ 57.011209] ? free_ioctx_users+0x2d/0x490 [ 57.015459] free_ioctx_users+0x2d/0x490 [ 57.019626] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 57.024815] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 57.030928] ? percpu_ref_exit+0xd0/0xd0 [ 57.034985] rcu_process_callbacks+0xba0/0x1a30 [ 57.039649] ? __rcu_read_unlock+0x170/0x170 [ 57.044061] ? sched_clock+0x2e/0x50 [ 57.048176] __do_softirq+0x25c/0x921 [ 57.052596] ? pci_mmcfg_check_reserved+0x170/0x170 [ 57.057621] ? takeover_tasklets+0x7b0/0x7b0 [