Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 47.540837] kauditd_printk_skb: 2 callbacks suppressed [ 47.540851] audit: type=1400 audit(1567475986.937:36): avc: denied { map } for pid=7562 comm="syz-executor160" path="/root/syz-executor160568284" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.579431] [ 47.581221] ======================================================== [ 47.587704] WARNING: possible irq lock inversion dependency detected [ 47.594196] 4.19.69 #43 Not tainted [ 47.597800] -------------------------------------------------------- [ 47.604274] swapper/1/0 just changed the state of lock: [ 47.609633] 0000000057995cf4 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 47.618383] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 47.625298] (&fiq->waitq){+.+.} [ 47.625306] [ 47.625306] [ 47.625306] and interrupts could create inverse lock ordering between them. [ 47.625306] [ 47.640180] [ 47.640180] other info that might help us debug this: [ 47.646823] Possible interrupt unsafe locking scenario: [ 47.646823] [ 47.653734] CPU0 CPU1 [ 47.658392] ---- ---- [ 47.663036] lock(&fiq->waitq); [ 47.666388] local_irq_disable(); [ 47.672431] lock(&(&ctx->ctx_lock)->rlock); [ 47.679423] lock(&fiq->waitq); [ 47.685482] [ 47.688217] lock(&(&ctx->ctx_lock)->rlock); [ 47.692877] [ 47.692877] *** DEADLOCK *** [ 47.692877] [ 47.699183] 2 locks held by swapper/1/0: [ 47.704476] #0: 0000000003eb559e (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 47.713544] #1: 000000004637390a (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 47.723690] [ 47.723690] the shortest dependencies between 2nd lock and 1st lock: [ 47.731747] -> (&fiq->waitq){+.+.} ops: 4 { [ 47.736159] HARDIRQ-ON-W at: [ 47.739523] lock_acquire+0x16f/0x3f0 [ 47.745132] _raw_spin_lock+0x2f/0x40 [ 47.750744] flush_bg_queue+0x1f3/0x3d0 [ 47.756534] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.764312] fuse_request_send_background+0x12b/0x180 [ 47.771316] cuse_channel_open+0x5ba/0x830 [ 47.777360] misc_open+0x395/0x4c0 [ 47.782721] chrdev_open+0x245/0x6b0 [ 47.788242] do_dentry_open+0x4c3/0x1210 [ 47.794121] vfs_open+0xa0/0xd0 [ 47.799210] path_openat+0x10d7/0x45e0 [ 47.804915] do_filp_open+0x1a1/0x280 [ 47.810530] do_sys_open+0x3fe/0x550 [ 47.816064] __x64_sys_openat+0x9d/0x100 [ 47.821949] do_syscall_64+0xfd/0x620 [ 47.827569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.834570] SOFTIRQ-ON-W at: [ 47.837926] lock_acquire+0x16f/0x3f0 [ 47.843548] _raw_spin_lock+0x2f/0x40 [ 47.849173] flush_bg_queue+0x1f3/0x3d0 [ 47.855213] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.862836] fuse_request_send_background+0x12b/0x180 [ 47.869918] cuse_channel_open+0x5ba/0x830 [ 47.875959] misc_open+0x395/0x4c0 [ 47.881307] chrdev_open+0x245/0x6b0 [ 47.886840] do_dentry_open+0x4c3/0x1210 [ 47.892715] vfs_open+0xa0/0xd0 [ 47.897822] path_openat+0x10d7/0x45e0 [ 47.903558] do_filp_open+0x1a1/0x280 [ 47.909183] do_sys_open+0x3fe/0x550 [ 47.914705] __x64_sys_openat+0x9d/0x100 [ 47.920574] do_syscall_64+0xfd/0x620 [ 47.926183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.933186] INITIAL USE at: [ 47.936449] lock_acquire+0x16f/0x3f0 [ 47.941968] _raw_spin_lock+0x2f/0x40 [ 47.947499] flush_bg_queue+0x1f3/0x3d0 [ 47.953192] fuse_request_send_background_locked+0x26d/0x4e0 [ 47.961451] fuse_request_send_background+0x12b/0x180 [ 47.968366] cuse_channel_open+0x5ba/0x830 [ 47.974323] misc_open+0x395/0x4c0 [ 47.979694] chrdev_open+0x245/0x6b0 [ 47.985337] do_dentry_open+0x4c3/0x1210 [ 47.991268] vfs_open+0xa0/0xd0 [ 47.996459] path_openat+0x10d7/0x45e0 [ 48.002087] do_filp_open+0x1a1/0x280 [ 48.007623] do_sys_open+0x3fe/0x550 [ 48.013057] __x64_sys_openat+0x9d/0x100 [ 48.018865] do_syscall_64+0xfd/0x620 [ 48.024566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.031472] } [ 48.033349] ... key at: [] __key.42211+0x0/0x40 [ 48.040164] ... acquired at: [ 48.043352] _raw_spin_lock+0x2f/0x40 [ 48.047326] io_submit_one+0xef2/0x2eb0 [ 48.051455] __x64_sys_io_submit+0x1aa/0x520 [ 48.056033] do_syscall_64+0xfd/0x620 [ 48.059992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.065330] [ 48.066949] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.072394] IN-SOFTIRQ-W at: [ 48.075717] lock_acquire+0x16f/0x3f0 [ 48.081262] _raw_spin_lock_irq+0x60/0x80 [ 48.087045] free_ioctx_users+0x2d/0x490 [ 48.092742] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.099917] rcu_process_callbacks+0xba0/0x1a30 [ 48.106219] __do_softirq+0x25c/0x921 [ 48.111681] irq_exit+0x180/0x1d0 [ 48.116767] smp_apic_timer_interrupt+0x13b/0x550 [ 48.123330] apic_timer_interrupt+0xf/0x20 [ 48.129210] native_safe_halt+0xe/0x10 [ 48.134743] arch_cpu_idle+0xa/0x10 [ 48.140012] default_idle_call+0x36/0x90 [ 48.145709] do_idle+0x377/0x560 [ 48.150710] cpu_startup_entry+0xc8/0xe0 [ 48.156523] start_secondary+0x3e8/0x5b0 [ 48.162225] secondary_startup_64+0xa4/0xb0 [ 48.168697] INITIAL USE at: [ 48.171887] lock_acquire+0x16f/0x3f0 [ 48.177251] _raw_spin_lock_irq+0x60/0x80 [ 48.182968] io_submit_one+0xead/0x2eb0 [ 48.188492] __x64_sys_io_submit+0x1aa/0x520 [ 48.194445] do_syscall_64+0xfd/0x620 [ 48.199797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.206525] } [ 48.208324] ... key at: [] __key.50211+0x0/0x40 [ 48.215052] ... acquired at: [ 48.218151] mark_lock+0x420/0x1370 [ 48.221932] __lock_acquire+0xc62/0x49c0 [ 48.226157] lock_acquire+0x16f/0x3f0 [ 48.230112] _raw_spin_lock_irq+0x60/0x80 [ 48.234417] free_ioctx_users+0x2d/0x490 [ 48.238636] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.244245] rcu_process_callbacks+0xba0/0x1a30 [ 48.249086] __do_softirq+0x25c/0x921 [ 48.253066] irq_exit+0x180/0x1d0 [ 48.256681] smp_apic_timer_interrupt+0x13b/0x550 [ 48.261682] apic_timer_interrupt+0xf/0x20 [ 48.266073] native_safe_halt+0xe/0x10 [ 48.270116] arch_cpu_idle+0xa/0x10 [ 48.273895] default_idle_call+0x36/0x90 [ 48.278118] do_idle+0x377/0x560 [ 48.281648] cpu_startup_entry+0xc8/0xe0 [ 48.285867] start_secondary+0x3e8/0x5b0 [ 48.290109] secondary_startup_64+0xa4/0xb0 [ 48.294578] [ 48.296186] [ 48.296186] stack backtrace: [ 48.300665] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.69 #43 [ 48.306888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.316235] Call Trace: [ 48.318800] [ 48.320937] dump_stack+0x172/0x1f0 [ 48.324550] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.329895] check_usage_forwards.cold+0x20/0x29 [ 48.334631] ? check_usage_backwards+0x340/0x340 [ 48.339389] ? save_stack_trace+0x1a/0x20 [ 48.343522] ? save_trace+0xe0/0x290 [ 48.347215] mark_lock+0x420/0x1370 [ 48.350822] ? check_usage_backwards+0x340/0x340 [ 48.355570] __lock_acquire+0xc62/0x49c0 [ 48.359637] ? mark_held_locks+0x100/0x100 [ 48.363863] ? mark_held_locks+0x100/0x100 [ 48.368088] ? __wake_up_common_lock+0xfe/0x190 [ 48.372775] ? mark_held_locks+0x100/0x100 [ 48.376993] ? __wake_up_common_lock+0xfe/0x190 [ 48.381661] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.386757] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.391337] ? trace_hardirqs_on+0x67/0x220 [ 48.395727] ? kasan_check_read+0x11/0x20 [ 48.399871] lock_acquire+0x16f/0x3f0 [ 48.403654] ? free_ioctx_users+0x2d/0x490 [ 48.407889] _raw_spin_lock_irq+0x60/0x80 [ 48.412020] ? free_ioctx_users+0x2d/0x490 [ 48.416234] free_ioctx_users+0x2d/0x490 [ 48.420285] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.425474] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.430907] ? percpu_ref_exit+0xd0/0xd0 [ 48.434964] rcu_process_callbacks+0xba0/0x1a30 [ 48.439618] ? __rcu_read_unlock+0x170/0x170 [ 48.444010] __do_softirq+0x25c/0x921 [ 48.447791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.453318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.458840] irq_exit+0x180/0x1d0 [ 48.462288] smp_apic_timer_interrupt+0x13b/0x550 [ 48.467143] apic_timer_interrupt+0xf/0x20 [ 48.471369] [ 48.473588] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.478267] Code: ff ff 48 89 df e8 02 2c ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 1e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 1e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 0e 66 fa e8 09 [ 48.497151] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 48.504942] RAX: 1ffffffff10e48c4 RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 48.512456] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 48.519711] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 48.526972] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 48.534235] R13: ffffffff88724610 R14: 0000000000000001 R15: 0000000000000000 [ 48.541511] ? default_idle+0x4e/0x320