Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts. executing program [ 49.394404] audit: type=1400 audit(1566324625.601:36): avc: denied { map } for pid=7617 comm="syz-executor526" path="/root/syz-executor526563145" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 49.436562] [ 49.438203] ======================================================== [ 49.444667] WARNING: possible irq lock inversion dependency detected [ 49.451222] 4.19.67 #41 Not tainted [ 49.454823] -------------------------------------------------------- [ 49.461293] swapper/0/0 just changed the state of lock: [ 49.466632] 00000000356c309d (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 49.475379] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 49.482201] (&fiq->waitq){+.+.} [ 49.482208] [ 49.482208] [ 49.482208] and interrupts could create inverse lock ordering between them. [ 49.482208] [ 49.497139] [ 49.497139] other info that might help us debug this: [ 49.503782] Possible interrupt unsafe locking scenario: [ 49.503782] [ 49.510683] CPU0 CPU1 [ 49.515414] ---- ---- [ 49.520055] lock(&fiq->waitq); [ 49.523403] local_irq_disable(); [ 49.529431] lock(&(&ctx->ctx_lock)->rlock); [ 49.536418] lock(&fiq->waitq); [ 49.542276] [ 49.545006] lock(&(&ctx->ctx_lock)->rlock); [ 49.549655] [ 49.549655] *** DEADLOCK *** [ 49.549655] [ 49.555694] 2 locks held by swapper/0/0: [ 49.559760] #0: 0000000066be9dd0 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 49.568549] #1: 00000000f0759316 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 49.578695] [ 49.578695] the shortest dependencies between 2nd lock and 1st lock: [ 49.586649] -> (&fiq->waitq){+.+.} ops: 4 { [ 49.591059] HARDIRQ-ON-W at: [ 49.594434] lock_acquire+0x16f/0x3f0 [ 49.600043] _raw_spin_lock+0x2f/0x40 [ 49.605646] flush_bg_queue+0x1f3/0x3d0 [ 49.611421] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.619023] fuse_request_send_background+0x12b/0x180 [ 49.626018] cuse_channel_open+0x5ba/0x830 [ 49.632065] misc_open+0x395/0x4c0 [ 49.637407] chrdev_open+0x245/0x6b0 [ 49.642926] do_dentry_open+0x4c3/0x1210 [ 49.648790] vfs_open+0xa0/0xd0 [ 49.653871] path_openat+0x10d7/0x45e0 [ 49.659560] do_filp_open+0x1a1/0x280 [ 49.665160] do_sys_open+0x3fe/0x550 [ 49.670674] __x64_sys_openat+0x9d/0x100 [ 49.676538] do_syscall_64+0xfd/0x620 [ 49.682168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.689171] SOFTIRQ-ON-W at: [ 49.692523] lock_acquire+0x16f/0x3f0 [ 49.698122] _raw_spin_lock+0x2f/0x40 [ 49.703727] flush_bg_queue+0x1f3/0x3d0 [ 49.709517] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.717118] fuse_request_send_background+0x12b/0x180 [ 49.724110] cuse_channel_open+0x5ba/0x830 [ 49.730155] misc_open+0x395/0x4c0 [ 49.735496] chrdev_open+0x245/0x6b0 [ 49.741014] do_dentry_open+0x4c3/0x1210 [ 49.746891] vfs_open+0xa0/0xd0 [ 49.752334] path_openat+0x10d7/0x45e0 [ 49.758027] do_filp_open+0x1a1/0x280 [ 49.763648] do_sys_open+0x3fe/0x550 [ 49.769198] __x64_sys_openat+0x9d/0x100 [ 49.775062] do_syscall_64+0xfd/0x620 [ 49.780821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.787809] INITIAL USE at: [ 49.791071] lock_acquire+0x16f/0x3f0 [ 49.796585] _raw_spin_lock+0x2f/0x40 [ 49.802109] flush_bg_queue+0x1f3/0x3d0 [ 49.807817] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.815342] fuse_request_send_background+0x12b/0x180 [ 49.822245] cuse_channel_open+0x5ba/0x830 [ 49.828195] misc_open+0x395/0x4c0 [ 49.833448] chrdev_open+0x245/0x6b0 [ 49.838881] do_dentry_open+0x4c3/0x1210 [ 49.844671] vfs_open+0xa0/0xd0 [ 49.849673] path_openat+0x10d7/0x45e0 [ 49.855275] do_filp_open+0x1a1/0x280 [ 49.860812] do_sys_open+0x3fe/0x550 [ 49.866244] __x64_sys_openat+0x9d/0x100 [ 49.872022] do_syscall_64+0xfd/0x620 [ 49.877541] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.884449] } [ 49.886321] ... key at: [] __key.42212+0x0/0x40 [ 49.893138] ... acquired at: [ 49.896312] _raw_spin_lock+0x2f/0x40 [ 49.900273] io_submit_one+0xef2/0x2eb0 [ 49.904403] __x64_sys_io_submit+0x1aa/0x520 [ 49.908966] do_syscall_64+0xfd/0x620 [ 49.912916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.918250] [ 49.919852] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 49.925286] IN-SOFTIRQ-W at: [ 49.928549] lock_acquire+0x16f/0x3f0 [ 49.933979] _raw_spin_lock_irq+0x60/0x80 [ 49.939757] free_ioctx_users+0x2d/0x490 [ 49.945467] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.952551] rcu_process_callbacks+0xba0/0x1a30 [ 49.958848] __do_softirq+0x25c/0x921 [ 49.964280] irq_exit+0x180/0x1d0 [ 49.969362] smp_apic_timer_interrupt+0x13b/0x550 [ 49.975835] apic_timer_interrupt+0xf/0x20 [ 49.981703] native_safe_halt+0xe/0x10 [ 49.987222] arch_cpu_idle+0xa/0x10 [ 49.992479] default_idle_call+0x36/0x90 [ 49.998164] do_idle+0x377/0x560 [ 50.003156] cpu_startup_entry+0xc8/0xe0 [ 50.008850] rest_init+0x219/0x222 [ 50.014023] start_kernel+0x88c/0x8c5 [ 50.019454] x86_64_start_reservations+0x29/0x2b [ 50.025835] x86_64_start_kernel+0x77/0x7b [ 50.031711] secondary_startup_64+0xa4/0xb0 [ 50.037660] INITIAL USE at: [ 50.040836] lock_acquire+0x16f/0x3f0 [ 50.046178] _raw_spin_lock_irq+0x60/0x80 [ 50.051872] io_submit_one+0xead/0x2eb0 [ 50.057405] __x64_sys_io_submit+0x1aa/0x520 [ 50.063356] do_syscall_64+0xfd/0x620 [ 50.068713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.075437] } [ 50.077223] ... key at: [] __key.50212+0x0/0x40 [ 50.083965] ... acquired at: [ 50.087052] mark_lock+0x420/0x1370 [ 50.090831] __lock_acquire+0xc62/0x49c0 [ 50.095041] lock_acquire+0x16f/0x3f0 [ 50.098994] _raw_spin_lock_irq+0x60/0x80 [ 50.103310] free_ioctx_users+0x2d/0x490 [ 50.107544] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.113164] rcu_process_callbacks+0xba0/0x1a30 [ 50.117990] __do_softirq+0x25c/0x921 [ 50.121945] irq_exit+0x180/0x1d0 [ 50.125552] smp_apic_timer_interrupt+0x13b/0x550 [ 50.130550] apic_timer_interrupt+0xf/0x20 [ 50.134936] native_safe_halt+0xe/0x10 [ 50.138980] arch_cpu_idle+0xa/0x10 [ 50.142852] default_idle_call+0x36/0x90 [ 50.147065] do_idle+0x377/0x560 [ 50.150597] cpu_startup_entry+0xc8/0xe0 [ 50.154814] rest_init+0x219/0x222 [ 50.158529] start_kernel+0x88c/0x8c5 [ 50.162484] x86_64_start_reservations+0x29/0x2b [ 50.167390] x86_64_start_kernel+0x77/0x7b [ 50.171778] secondary_startup_64+0xa4/0xb0 [ 50.176246] [ 50.177850] [ 50.177850] stack backtrace: [ 50.182328] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 50.188535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.197865] Call Trace: [ 50.200436] [ 50.202577] dump_stack+0x172/0x1f0 [ 50.206222] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 50.211579] check_usage_forwards.cold+0x20/0x29 [ 50.216318] ? check_usage_backwards+0x340/0x340 [ 50.221055] ? save_stack_trace+0x1a/0x20 [ 50.225182] ? save_trace+0xe0/0x290 [ 50.228880] mark_lock+0x420/0x1370 [ 50.232486] ? check_usage_backwards+0x340/0x340 [ 50.237223] __lock_acquire+0xc62/0x49c0 [ 50.241263] ? mark_held_locks+0x100/0x100 [ 50.245489] ? mark_held_locks+0x100/0x100 [ 50.249732] ? __wake_up_common_lock+0xfe/0x190 [ 50.254487] ? mark_held_locks+0x100/0x100 [ 50.258705] ? __wake_up_common_lock+0xfe/0x190 [ 50.263358] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 50.268447] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 50.273013] ? trace_hardirqs_on+0x67/0x220 [ 50.277315] ? kasan_check_read+0x11/0x20 [ 50.281450] lock_acquire+0x16f/0x3f0 [ 50.285249] ? free_ioctx_users+0x2d/0x490 [ 50.289555] _raw_spin_lock_irq+0x60/0x80 [ 50.293685] ? free_ioctx_users+0x2d/0x490 [ 50.297914] free_ioctx_users+0x2d/0x490 [ 50.301956] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 50.307372] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 50.312805] ? percpu_ref_exit+0xd0/0xd0 [ 50.316844] rcu_process_callbacks+0xba0/0x1a30 [ 50.321494] ? __rcu_read_unlock+0x170/0x170 [ 50.325980] __do_softirq+0x25c/0x921 [ 50.329794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.335333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.340857] irq_exit+0x180/0x1d0 [ 50.344293] smp_apic_timer_interrupt+0x13b/0x550 [ 50.349125] apic_timer_interrupt+0xf/0x20 [ 50.353336] [ 50.355559] RIP: 0010:native_safe_halt+0xe/0x10 [ 50.360228] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 50.379115] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 50.386803] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 50.394054] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 50.401300] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 50.408549] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 50.415800] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 50.423096] ? default_idle+0x4e/0x320 [ 50.426966] arch_cpu_idle+0xa/0x10 [ 50.430573] default_idle_call+0x36/0x90 [ 50.434613] do_idle+0x377/0x560 [ 50.437959] ? arch_cpu_idle_exit+0x80/0x80 [ 50.442259] ? check_preemption_disabled+0x48/0x290 [ 50.447255] cpu_st