syzkaller login: [ 42.218811] audit: type=1400 audit(1567301604.907:35): avc: denied { map } for pid=7555 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts. executing program [ 52.754194] audit: type=1400 audit(1567301615.447:36): avc: denied { map } for pid=7567 comm="syz-executor320" path="/root/syz-executor320961079" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.790687] [ 52.792342] ======================================================== [ 52.799253] WARNING: possible irq lock inversion dependency detected [ 52.805742] 4.19.69 #43 Not tainted [ 52.809379] -------------------------------------------------------- [ 52.815964] ksoftirqd/1/18 just changed the state of lock: [ 52.821683] 000000005f81bd64 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 52.830448] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 52.837273] (&fiq->waitq){+.+.} [ 52.837283] [ 52.837283] [ 52.837283] and interrupts could create inverse lock ordering between them. [ 52.837283] [ 52.852385] [ 52.852385] other info that might help us debug this: [ 52.859047] Possible interrupt unsafe locking scenario: [ 52.859047] [ 52.866082] CPU0 CPU1 [ 52.870733] ---- ---- [ 52.875380] lock(&fiq->waitq); [ 52.878867] local_irq_disable(); [ 52.885090] lock(&(&ctx->ctx_lock)->rlock); [ 52.892093] lock(&fiq->waitq); [ 52.897964] [ 52.900789] lock(&(&ctx->ctx_lock)->rlock); [ 52.905475] [ 52.905475] *** DEADLOCK *** [ 52.905475] [ 52.911591] 2 locks held by ksoftirqd/1/18: [ 52.915959] #0: 000000009597d14e (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 52.924772] #1: 00000000caa885f1 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 52.935386] [ 52.935386] the shortest dependencies between 2nd lock and 1st lock: [ 52.943539] -> (&fiq->waitq){+.+.} ops: 4 { [ 52.948050] HARDIRQ-ON-W at: [ 52.951411] lock_acquire+0x16f/0x3f0 [ 52.957025] _raw_spin_lock+0x2f/0x40 [ 52.962640] flush_bg_queue+0x1f3/0x3d0 [ 52.968425] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.976295] fuse_request_send_background+0x12b/0x180 [ 52.983597] cuse_channel_open+0x5ba/0x830 [ 52.989690] misc_open+0x395/0x4c0 [ 52.995068] chrdev_open+0x245/0x6b0 [ 53.000601] do_dentry_open+0x4c3/0x1210 [ 53.006582] vfs_open+0xa0/0xd0 [ 53.011684] path_openat+0x10d7/0x45e0 [ 53.017382] do_filp_open+0x1a1/0x280 [ 53.023094] do_sys_open+0x3fe/0x550 [ 53.028821] __x64_sys_openat+0x9d/0x100 [ 53.034819] do_syscall_64+0xfd/0x620 [ 53.040431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.047427] SOFTIRQ-ON-W at: [ 53.050785] lock_acquire+0x16f/0x3f0 [ 53.056533] _raw_spin_lock+0x2f/0x40 [ 53.062149] flush_bg_queue+0x1f3/0x3d0 [ 53.067945] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.075651] fuse_request_send_background+0x12b/0x180 [ 53.082775] cuse_channel_open+0x5ba/0x830 [ 53.088934] misc_open+0x395/0x4c0 [ 53.094297] chrdev_open+0x245/0x6b0 [ 53.100009] do_dentry_open+0x4c3/0x1210 [ 53.105878] vfs_open+0xa0/0xd0 [ 53.110973] path_openat+0x10d7/0x45e0 [ 53.116680] do_filp_open+0x1a1/0x280 [ 53.122390] do_sys_open+0x3fe/0x550 [ 53.127963] __x64_sys_openat+0x9d/0x100 [ 53.133844] do_syscall_64+0xfd/0x620 [ 53.139475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.146649] INITIAL USE at: [ 53.149961] lock_acquire+0x16f/0x3f0 [ 53.155497] _raw_spin_lock+0x2f/0x40 [ 53.161027] flush_bg_queue+0x1f3/0x3d0 [ 53.166719] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.174382] fuse_request_send_background+0x12b/0x180 [ 53.181438] cuse_channel_open+0x5ba/0x830 [ 53.187410] misc_open+0x395/0x4c0 [ 53.192955] chrdev_open+0x245/0x6b0 [ 53.198403] do_dentry_open+0x4c3/0x1210 [ 53.204294] vfs_open+0xa0/0xd0 [ 53.209295] path_openat+0x10d7/0x45e0 [ 53.214920] do_filp_open+0x1a1/0x280 [ 53.220446] do_sys_open+0x3fe/0x550 [ 53.225886] __x64_sys_openat+0x9d/0x100 [ 53.231679] do_syscall_64+0xfd/0x620 [ 53.237198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.244428] } [ 53.246308] ... key at: [] __key.42211+0x0/0x40 [ 53.253177] ... acquired at: [ 53.256385] _raw_spin_lock+0x2f/0x40 [ 53.260356] io_submit_one+0xef2/0x2eb0 [ 53.264620] __x64_sys_io_submit+0x1aa/0x520 [ 53.269212] do_syscall_64+0xfd/0x620 [ 53.273181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.278602] [ 53.280215] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 53.285659] IN-SOFTIRQ-W at: [ 53.289088] lock_acquire+0x16f/0x3f0 [ 53.294645] _raw_spin_lock_irq+0x60/0x80 [ 53.300585] free_ioctx_users+0x2d/0x490 [ 53.306300] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.313403] rcu_process_callbacks+0xba0/0x1a30 [ 53.319771] __do_softirq+0x25c/0x921 [ 53.325225] run_ksoftirqd+0x8e/0x110 [ 53.330762] smpboot_thread_fn+0x6a3/0xa30 [ 53.336699] kthread+0x354/0x420 [ 53.341712] ret_from_fork+0x24/0x30 [ 53.347066] INITIAL USE at: [ 53.350255] lock_acquire+0x16f/0x3f0 [ 53.355614] _raw_spin_lock_irq+0x60/0x80 [ 53.361319] io_submit_one+0xead/0x2eb0 [ 53.366841] __x64_sys_io_submit+0x1aa/0x520 [ 53.372809] do_syscall_64+0xfd/0x620 [ 53.378252] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.384997] } [ 53.386800] ... key at: [] __key.50211+0x0/0x40 [ 53.393645] ... acquired at: [ 53.396835] mark_lock+0x420/0x1370 [ 53.400618] __lock_acquire+0xc62/0x49c0 [ 53.404846] lock_acquire+0x16f/0x3f0 [ 53.408896] _raw_spin_lock_irq+0x60/0x80 [ 53.413224] free_ioctx_users+0x2d/0x490 [ 53.417565] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.423186] rcu_process_callbacks+0xba0/0x1a30 [ 53.428092] __do_softirq+0x25c/0x921 [ 53.432100] run_ksoftirqd+0x8e/0x110 [ 53.436170] smpboot_thread_fn+0x6a3/0xa30 [ 53.440579] kthread+0x354/0x420 [ 53.444243] ret_from_fork+0x24/0x30 [ 53.448112] [ 53.449720] [ 53.449720] stack backtrace: [ 53.454357] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.69 #43 [ 53.461046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.470824] Call Trace: [ 53.473407] dump_stack+0x172/0x1f0 [ 53.477016] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 53.482430] check_usage_forwards.cold+0x20/0x29 [ 53.487193] ? check_usage_backwards+0x340/0x340 [ 53.491948] ? save_stack_trace+0x1a/0x20 [ 53.496147] ? save_trace+0xe0/0x290 [ 53.499994] mark_lock+0x420/0x1370 [ 53.503695] ? check_usage_backwards+0x340/0x340 [ 53.508441] __lock_acquire+0xc62/0x49c0 [ 53.512495] ? mark_held_locks+0x100/0x100 [ 53.516841] ? mark_held_locks+0x100/0x100 [ 53.521070] ? __wake_up_common_lock+0xfe/0x190 [ 53.525743] ? mark_held_locks+0x100/0x100 [ 53.530065] ? __wake_up_common_lock+0xfe/0x190 [ 53.534740] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 53.539983] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 53.544557] ? trace_hardirqs_on+0x67/0x220 [ 53.548877] ? kasan_check_read+0x11/0x20 [ 53.553015] lock_acquire+0x16f/0x3f0 [ 53.556812] ? free_ioctx_users+0x2d/0x490 [ 53.561149] _raw_spin_lock_irq+0x60/0x80 [ 53.565331] ? free_ioctx_users+0x2d/0x490 [ 53.569558] free_ioctx_users+0x2d/0x490 [ 53.573611] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 53.578914] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.584466] ? percpu_ref_exit+0xd0/0xd0 [ 53.588625] rcu_process_callbacks+0xba0/0x1a30 [ 53.593299] ? __rcu_read_unlock+0x170/0x170 [ 53.597998] ? sched_clock+0x2e/0x50 [ 53.601713] __do_softirq+0x25c/0x921 [ 53.605617] ? pci_mmcfg_