Warning: Permanently added '10.128.0.223' (ECDSA) to the list of known hosts. executing program [ 55.548477] audit: type=1400 audit(1560426259.081:36): avc: denied { map } for pid=8011 comm="syz-executor234" path="/root/syz-executor234363446" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 55.585671] [ 55.587308] ======================================================== [ 55.593772] WARNING: possible irq lock inversion dependency detected [ 55.600247] 4.19.50 #22 Not tainted [ 55.603852] -------------------------------------------------------- [ 55.610325] ksoftirqd/0/9 just changed the state of lock: [ 55.615842] 00000000833bc25c (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 55.624679] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 55.631508] (&fiq->waitq){+.+.} [ 55.631516] [ 55.631516] [ 55.631516] and interrupts could create inverse lock ordering between them. [ 55.631516] [ 55.646367] [ 55.646367] other info that might help us debug this: [ 55.653009] Possible interrupt unsafe locking scenario: [ 55.653009] [ 55.659914] CPU0 CPU1 [ 55.664599] ---- ---- [ 55.669251] lock(&fiq->waitq); [ 55.672596] local_irq_disable(); [ 55.678628] lock(&(&ctx->ctx_lock)->rlock); [ 55.685625] lock(&fiq->waitq); [ 55.691491] [ 55.694223] lock(&(&ctx->ctx_lock)->rlock); [ 55.698874] [ 55.698874] *** DEADLOCK *** [ 55.698874] [ 55.704914] 2 locks held by ksoftirqd/0/9: [ 55.709211] #0: 0000000050b6928f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 55.717963] #1: 00000000528fd309 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 55.728097] [ 55.728097] the shortest dependencies between 2nd lock and 1st lock: [ 55.736092] -> (&fiq->waitq){+.+.} ops: 4 { [ 55.740500] HARDIRQ-ON-W at: [ 55.743854] lock_acquire+0x16f/0x3f0 [ 55.749464] _raw_spin_lock+0x2f/0x40 [ 55.755075] flush_bg_queue+0x1f3/0x3d0 [ 55.760854] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.768456] fuse_request_send_background+0x12b/0x180 [ 55.775458] cuse_channel_open+0x5ba/0x830 [ 55.781497] misc_open+0x395/0x4c0 [ 55.786844] chrdev_open+0x245/0x6b0 [ 55.792373] do_dentry_open+0x4c3/0x1200 [ 55.798238] vfs_open+0xa0/0xd0 [ 55.803321] path_openat+0x10d7/0x4690 [ 55.809010] do_filp_open+0x1a1/0x280 [ 55.814618] do_sys_open+0x3fe/0x550 [ 55.820139] __x64_sys_openat+0x9d/0x100 [ 55.826006] do_syscall_64+0xfd/0x620 [ 55.831616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.838612] SOFTIRQ-ON-W at: [ 55.841984] lock_acquire+0x16f/0x3f0 [ 55.847607] _raw_spin_lock+0x2f/0x40 [ 55.853224] flush_bg_queue+0x1f3/0x3d0 [ 55.859004] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.866604] fuse_request_send_background+0x12b/0x180 [ 55.873601] cuse_channel_open+0x5ba/0x830 [ 55.879658] misc_open+0x395/0x4c0 [ 55.885022] chrdev_open+0x245/0x6b0 [ 55.890541] do_dentry_open+0x4c3/0x1200 [ 55.896410] vfs_open+0xa0/0xd0 [ 55.901496] path_openat+0x10d7/0x4690 [ 55.907200] do_filp_open+0x1a1/0x280 [ 55.912805] do_sys_open+0x3fe/0x550 [ 55.918341] __x64_sys_openat+0x9d/0x100 [ 55.924210] do_syscall_64+0xfd/0x620 [ 55.929815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.936802] INITIAL USE at: [ 55.940066] lock_acquire+0x16f/0x3f0 [ 55.945584] _raw_spin_lock+0x2f/0x40 [ 55.951105] flush_bg_queue+0x1f3/0x3d0 [ 55.956831] fuse_request_send_background_locked+0x26d/0x4e0 [ 55.964348] fuse_request_send_background+0x12b/0x180 [ 55.971258] cuse_channel_open+0x5ba/0x830 [ 55.977213] misc_open+0x395/0x4c0 [ 55.982470] chrdev_open+0x245/0x6b0 [ 55.987903] do_dentry_open+0x4c3/0x1200 [ 55.993683] vfs_open+0xa0/0xd0 [ 55.998684] path_openat+0x10d7/0x4690 [ 56.004288] do_filp_open+0x1a1/0x280 [ 56.009803] do_sys_open+0x3fe/0x550 [ 56.015234] __x64_sys_openat+0x9d/0x100 [ 56.021011] do_syscall_64+0xfd/0x620 [ 56.026530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.033456] } [ 56.035343] ... key at: [] __key.42197+0x0/0x40 [ 56.042157] ... acquired at: [ 56.045334] _raw_spin_lock+0x2f/0x40 [ 56.049286] io_submit_one+0xef2/0x2eb0 [ 56.053411] __x64_sys_io_submit+0x1aa/0x520 [ 56.057975] do_syscall_64+0xfd/0x620 [ 56.061931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.067273] [ 56.068877] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 56.074316] IN-SOFTIRQ-W at: [ 56.077584] lock_acquire+0x16f/0x3f0 [ 56.083012] _raw_spin_lock_irq+0x60/0x80 [ 56.088792] free_ioctx_users+0x2d/0x490 [ 56.094486] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.101565] rcu_process_callbacks+0xba0/0x1a30 [ 56.107866] __do_softirq+0x25c/0x921 [ 56.113313] run_ksoftirqd+0x8e/0x110 [ 56.118750] smpboot_thread_fn+0x6a3/0xa30 [ 56.124614] kthread+0x354/0x420 [ 56.129611] ret_from_fork+0x24/0x30 [ 56.134960] INITIAL USE at: [ 56.138138] lock_acquire+0x16f/0x3f0 [ 56.143489] _raw_spin_lock_irq+0x60/0x80 [ 56.149202] io_submit_one+0xead/0x2eb0 [ 56.154724] __x64_sys_io_submit+0x1aa/0x520 [ 56.160677] do_syscall_64+0xfd/0x620 [ 56.166024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.172767] } [ 56.174557] ... key at: [] __key.50192+0x0/0x40 [ 56.181285] ... acquired at: [ 56.184372] mark_lock+0x420/0x1370 [ 56.188153] __lock_acquire+0xc65/0x48f0 [ 56.192365] lock_acquire+0x16f/0x3f0 [ 56.196320] _raw_spin_lock_irq+0x60/0x80 [ 56.200623] free_ioctx_users+0x2d/0x490 [ 56.204838] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.210448] rcu_process_callbacks+0xba0/0x1a30 [ 56.215293] __do_softirq+0x25c/0x921 [ 56.219252] run_ksoftirqd+0x8e/0x110 [ 56.223209] smpboot_thread_fn+0x6a3/0xa30 [ 56.227599] kthread+0x354/0x420 [ 56.231124] ret_from_fork+0x24/0x30 [ 56.234986] [ 56.236587] [ 56.236587] stack backtrace: [ 56.241067] CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.19.50 #22 [ 56.247452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.256783] Call Trace: [ 56.259357] dump_stack+0x172/0x1f0 [ 56.262986] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.268356] check_usage_forwards.cold+0x20/0x29 [ 56.273112] ? check_usage_backwards+0x340/0x340 [ 56.282665] ? save_stack_trace+0x1a/0x20 [ 56.287152] ? save_trace+0xe0/0x290 [ 56.290850] mark_lock+0x420/0x1370 [ 56.294461] ? check_usage_backwards+0x340/0x340 [ 56.299199] __lock_acquire+0xc65/0x48f0 [ 56.303245] ? mark_held_locks+0x100/0x100 [ 56.307467] ? mark_held_locks+0x100/0x100 [ 56.311683] ? __wake_up_common_lock+0xfe/0x190 [ 56.316335] ? mark_held_locks+0x100/0x100 [ 56.320551] ? __wake_up_common_lock+0xfe/0x190 [ 56.325221] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.330336] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 56.334906] ? trace_hardirqs_on+0x67/0x220 [ 56.339213] ? kasan_check_read+0x11/0x20 [ 56.343346] lock_acquire+0x16f/0x3f0 [ 56.347133] ? free_ioctx_users+0x2d/0x490 [ 56.351371] _raw_spin_lock_irq+0x60/0x80 [ 56.355502] ? free_ioctx_users+0x2d/0x490 [ 56.359715] free_ioctx_users+0x2d/0x490 [ 56.363758] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 56.368931] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.374368] ? percpu_ref_exit+0xd0/0xd0 [ 56.378412] rcu_process_callbacks+0xba0/0x1a30 [ 56.383059] ? __rcu_read_unlock+0x170/0x170 [ 56.387447] ? sched_clock+0x2e/0x50 [ 56.391147] __do_softirq+0x25c/0x921 [ 56.394929] ? pci_mmcfg_check_reserved+0x170/0x170 [ 56.399948] ? takeover_