Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program [ 60.936219] audit: type=1400 audit(1560475400.212:36): avc: denied { map } for pid=7996 comm="syz-executor941" path="/root/syz-executor941994061" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.967098] [ 60.968732] ======================================================== [ 60.975217] WARNING: possible irq lock inversion dependency detected [ 60.981744] 4.19.50 #22 Not tainted [ 60.985362] -------------------------------------------------------- [ 60.991851] swapper/1/0 just changed the state of lock: [ 60.997207] 000000002ec6420f (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 61.006096] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 61.012920] (&fiq->waitq){+.+.} [ 61.012930] [ 61.012930] [ 61.012930] and interrupts could create inverse lock ordering between them. [ 61.012930] [ 61.027895] [ 61.027895] other info that might help us debug this: [ 61.034549] Possible interrupt unsafe locking scenario: [ 61.034549] [ 61.041589] CPU0 CPU1 [ 61.046242] ---- ---- [ 61.050917] lock(&fiq->waitq); [ 61.054269] local_irq_disable(); [ 61.060307] lock(&(&ctx->ctx_lock)->rlock); [ 61.067705] lock(&fiq->waitq); [ 61.074960] [ 61.077797] lock(&(&ctx->ctx_lock)->rlock); [ 61.082708] [ 61.082708] *** DEADLOCK *** [ 61.082708] [ 61.088958] 2 locks held by swapper/1/0: [ 61.093135] #0: 00000000c1b41598 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 61.101997] #1: 00000000a94ed541 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 61.112378] [ 61.112378] the shortest dependencies between 2nd lock and 1st lock: [ 61.121708] -> (&fiq->waitq){+.+.} ops: 4 { [ 61.126283] HARDIRQ-ON-W at: [ 61.130119] lock_acquire+0x16f/0x3f0 [ 61.135755] _raw_spin_lock+0x2f/0x40 [ 61.141394] flush_bg_queue+0x1f3/0x3d0 [ 61.147202] fuse_request_send_background_locked+0x26d/0x4e0 [ 61.155235] fuse_request_send_background+0x12b/0x180 [ 61.162550] cuse_channel_open+0x5ba/0x830 [ 61.168919] misc_open+0x395/0x4c0 [ 61.174382] chrdev_open+0x245/0x6b0 [ 61.180002] do_dentry_open+0x4c3/0x1200 [ 61.186276] vfs_open+0xa0/0xd0 [ 61.191517] path_openat+0x10d7/0x4690 [ 61.197668] do_filp_open+0x1a1/0x280 [ 61.203285] do_sys_open+0x3fe/0x550 [ 61.208952] __x64_sys_openat+0x9d/0x100 [ 61.215465] do_syscall_64+0xfd/0x620 [ 61.221095] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.228094] SOFTIRQ-ON-W at: [ 61.231463] lock_acquire+0x16f/0x3f0 [ 61.237081] _raw_spin_lock+0x2f/0x40 [ 61.242809] flush_bg_queue+0x1f3/0x3d0 [ 61.248827] fuse_request_send_background_locked+0x26d/0x4e0 [ 61.256912] fuse_request_send_background+0x12b/0x180 [ 61.264570] cuse_channel_open+0x5ba/0x830 [ 61.270980] misc_open+0x395/0x4c0 [ 61.276478] chrdev_open+0x245/0x6b0 [ 61.282022] do_dentry_open+0x4c3/0x1200 [ 61.288619] vfs_open+0xa0/0xd0 [ 61.293810] path_openat+0x10d7/0x4690 [ 61.299976] do_filp_open+0x1a1/0x280 [ 61.305600] do_sys_open+0x3fe/0x550 [ 61.311137] __x64_sys_openat+0x9d/0x100 [ 61.317020] do_syscall_64+0xfd/0x620 [ 61.322645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.329853] INITIAL USE at: [ 61.333402] lock_acquire+0x16f/0x3f0 [ 61.338935] _raw_spin_lock+0x2f/0x40 [ 61.344472] flush_bg_queue+0x1f3/0x3d0 [ 61.350246] fuse_request_send_background_locked+0x26d/0x4e0 [ 61.358101] fuse_request_send_background+0x12b/0x180 [ 61.365194] cuse_channel_open+0x5ba/0x830 [ 61.371311] misc_open+0x395/0x4c0 [ 61.376654] chrdev_open+0x245/0x6b0 [ 61.382301] do_dentry_open+0x4c3/0x1200 [ 61.388310] vfs_open+0xa0/0xd0 [ 61.393427] path_openat+0x10d7/0x4690 [ 61.399046] do_filp_open+0x1a1/0x280 [ 61.404592] do_sys_open+0x3fe/0x550 [ 61.410046] __x64_sys_openat+0x9d/0x100 [ 61.415970] do_syscall_64+0xfd/0x620 [ 61.421665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.428588] } [ 61.430672] ... key at: [] __key.42197+0x0/0x40 [ 61.437596] ... acquired at: [ 61.440899] _raw_spin_lock+0x2f/0x40 [ 61.444873] io_submit_one+0xef2/0x2eb0 [ 61.449734] __x64_sys_io_submit+0x1aa/0x520 [ 61.454554] do_syscall_64+0xfd/0x620 [ 61.458856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.464207] [ 61.465823] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 61.471443] IN-SOFTIRQ-W at: [ 61.474789] lock_acquire+0x16f/0x3f0 [ 61.480269] _raw_spin_lock_irq+0x60/0x80 [ 61.486070] free_ioctx_users+0x2d/0x490 [ 61.491787] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 61.499400] rcu_process_callbacks+0xba0/0x1a30 [ 61.506610] __do_softirq+0x25c/0x921 [ 61.512098] irq_exit+0x180/0x1d0 [ 61.517210] smp_apic_timer_interrupt+0x13b/0x550 [ 61.523936] apic_timer_interrupt+0xf/0x20 [ 61.529880] native_safe_halt+0xe/0x10 [ 61.535520] arch_cpu_idle+0xa/0x10 [ 61.540884] default_idle_call+0x36/0x90 [ 61.546586] do_idle+0x377/0x560 [ 61.551992] cpu_startup_entry+0xc8/0xe0 [ 61.557885] start_secondary+0x3e8/0x5b0 [ 61.564137] secondary_startup_64+0xa4/0xb0 [ 61.570239] INITIAL USE at: [ 61.573819] lock_acquire+0x16f/0x3f0 [ 61.579499] _raw_spin_lock_irq+0x60/0x80 [ 61.585220] io_submit_one+0xead/0x2eb0 [ 61.590868] __x64_sys_io_submit+0x1aa/0x520 [ 61.596848] do_syscall_64+0xfd/0x620 [ 61.602511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.609405] } [ 61.611281] ... key at: [] __key.50192+0x0/0x40 [ 61.618717] ... acquired at: [ 61.621825] mark_lock+0x420/0x1370 [ 61.625747] __lock_acquire+0xc65/0x48f0 [ 61.630467] lock_acquire+0x16f/0x3f0 [ 61.634601] _raw_spin_lock_irq+0x60/0x80 [ 61.639024] free_ioctx_users+0x2d/0x490 [ 61.643263] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 61.648876] rcu_process_callbacks+0xba0/0x1a30 [ 61.653867] __do_softirq+0x25c/0x921 [ 61.657846] irq_exit+0x180/0x1d0 [ 61.661572] smp_apic_timer_interrupt+0x13b/0x550 [ 61.666607] apic_timer_interrupt+0xf/0x20 [ 61.671028] native_safe_halt+0xe/0x10 [ 61.675103] arch_cpu_idle+0xa/0x10 [ 61.678909] default_idle_call+0x36/0x90 [ 61.683143] do_idle+0x377/0x560 [ 61.686849] cpu_startup_entry+0xc8/0xe0 [ 61.691190] start_secondary+0x3e8/0x5b0 [ 61.695545] secondary_startup_64+0xa4/0xb0 [ 61.700033] [ 61.701658] [ 61.701658] stack backtrace: [ 61.706301] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.50 #22 [ 61.712605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.722105] Call Trace: [ 61.724842] [ 61.727517] dump_stack+0x172/0x1f0 [ 61.731198] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 61.736715] check_usage_forwards.cold+0x20/0x29 [ 61.741499] ? check_usage_backwards+0x340/0x340 [ 61.746311] ? save_stack_trace+0x1a/0x20 [ 61.750591] ? save_trace+0xe0/0x290 [ 61.754307] mark_lock+0x420/0x1370 [ 61.757972] ? check_usage_backwards+0x340/0x340 [ 61.762842] __lock_acquire+0xc65/0x48f0 [ 61.766902] ? mark_held_locks+0x100/0x100 [ 61.771534] ? mark_held_locks+0x100/0x100 [ 61.775777] ? __wake_up_common_lock+0xfe/0x190 [ 61.780453] ? mark_held_locks+0x100/0x100 [ 61.785018] ? __wake_up_common_lock+0xfe/0x190 [ 61.789915] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 61.795129] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 61.800128] ? trace_hardirqs_on+0x67/0x220 [ 61.804586] ? kasan_check_read+0x11/0x20 [ 61.809070] lock_acquire+0x16f/0x3f0 [ 61.814443] ? free_ioctx_users+0x2d/0x490 [ 61.819011] _raw_spin_lock_irq+0x60/0x80 [ 61.823603] ? free_ioctx_users+0x2d/0x490 [ 61.827835] free_ioctx_users+0x2d/0x490 [ 61.831894] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 61.837086] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 61.844113] ? percpu_ref_exit+0xd0/0xd0 [ 61.848370] rcu_process_callbacks+0xba0/0x1a30 [ 61.853594] ? __rcu_read_unlock+0x170/0x170 [ 61.858037] __do_softirq+0x25c/0x921 [ 61.861837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.868088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.873644] irq_exit+0x180/0x1d0 [ 61.877105] smp_apic_timer_interrupt+0x13b/0x550 [ 61.882086] apic_timer_interrupt+0xf/0x20 [ 61.886833] [ 61.890132] RIP: 0010:native_safe_halt+0xe/0x10 [ 61.894980] Code: ff ff 48 89 df e8 22 41 b2 fa eb 82 e9 07 00 00 00 0f 00 2d 84 9c 58 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 9c 58 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 ae 72 6a fa e8 49 [ 61.914151] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 61.921979] RAX: 1ffffffff10e46cc RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 61.929255] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 61.936803] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 61.944302] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 61.951623] R13: ffffffff88723650 R14: 0000000000000001 R15: 0000000000000000 [ 61.959061] ? default_idle+0x4e/0x320 [ 61.962962] arch_cpu_idle+0xa/0x10 [ 61.966733] default_idle_call+0x36/0x90 [ 61.970923] do_idle+0x377/0x560 [ 61.974415] ? arch_cpu_idle_exit+0x80/0x80 [ 61.978779] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 61.983886] ? complete+0x61/0x80 [ 61.987857] cpu_startup_entry