Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. executing program [ 53.285785] audit: type=1400 audit(1565987661.567:36): avc: denied { map } for pid=7882 comm="syz-executor073" path="/root/syz-executor073744436" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.322293] [ 53.323919] ======================================================== [ 53.330382] WARNING: possible irq lock inversion dependency detected [ 53.336866] 4.19.67 #41 Not tainted [ 53.340470] -------------------------------------------------------- [ 53.346937] swapper/0/0 just changed the state of lock: [ 53.352284] 00000000a06d3920 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 53.361024] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 53.367833] (&fiq->waitq){+.+.} [ 53.367841] [ 53.367841] [ 53.367841] and interrupts could create inverse lock ordering between them. [ 53.367841] [ 53.382682] [ 53.382682] other info that might help us debug this: [ 53.389322] Possible interrupt unsafe locking scenario: [ 53.389322] [ 53.396281] CPU0 CPU1 [ 53.400927] ---- ---- [ 53.405565] lock(&fiq->waitq); [ 53.408909] local_irq_disable(); [ 53.414939] lock(&(&ctx->ctx_lock)->rlock); [ 53.421948] lock(&fiq->waitq); [ 53.427820] [ 53.430548] lock(&(&ctx->ctx_lock)->rlock); [ 53.435193] [ 53.435193] *** DEADLOCK *** [ 53.435193] [ 53.441233] 2 locks held by swapper/0/0: [ 53.445282] #0: 00000000a9ded38f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 53.454045] #1: 00000000667c48c4 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 53.464184] [ 53.464184] the shortest dependencies between 2nd lock and 1st lock: [ 53.472143] -> (&fiq->waitq){+.+.} ops: 4 { [ 53.476549] HARDIRQ-ON-W at: [ 53.479902] lock_acquire+0x16f/0x3f0 [ 53.485506] _raw_spin_lock+0x2f/0x40 [ 53.491106] flush_bg_queue+0x1f3/0x3d0 [ 53.496898] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.504499] fuse_request_send_background+0x12b/0x180 [ 53.511519] cuse_channel_open+0x5ba/0x830 [ 53.517559] misc_open+0x395/0x4c0 [ 53.522915] chrdev_open+0x245/0x6b0 [ 53.528452] do_dentry_open+0x4c3/0x1210 [ 53.534317] vfs_open+0xa0/0xd0 [ 53.539398] path_openat+0x10d7/0x45e0 [ 53.545092] do_filp_open+0x1a1/0x280 [ 53.550795] do_sys_open+0x3fe/0x550 [ 53.556414] __x64_sys_openat+0x9d/0x100 [ 53.562279] do_syscall_64+0xfd/0x620 [ 53.567883] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.574869] SOFTIRQ-ON-W at: [ 53.578220] lock_acquire+0x16f/0x3f0 [ 53.583822] _raw_spin_lock+0x2f/0x40 [ 53.589423] flush_bg_queue+0x1f3/0x3d0 [ 53.595202] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.602818] fuse_request_send_background+0x12b/0x180 [ 53.609839] cuse_channel_open+0x5ba/0x830 [ 53.615877] misc_open+0x395/0x4c0 [ 53.621221] chrdev_open+0x245/0x6b0 [ 53.626741] do_dentry_open+0x4c3/0x1210 [ 53.632608] vfs_open+0xa0/0xd0 [ 53.637691] path_openat+0x10d7/0x45e0 [ 53.643382] do_filp_open+0x1a1/0x280 [ 53.648982] do_sys_open+0x3fe/0x550 [ 53.654497] __x64_sys_openat+0x9d/0x100 [ 53.660359] do_syscall_64+0xfd/0x620 [ 53.665961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.673608] INITIAL USE at: [ 53.676870] lock_acquire+0x16f/0x3f0 [ 53.682384] _raw_spin_lock+0x2f/0x40 [ 53.687897] flush_bg_queue+0x1f3/0x3d0 [ 53.693587] fuse_request_send_background_locked+0x26d/0x4e0 [ 53.701116] fuse_request_send_background+0x12b/0x180 [ 53.708021] cuse_channel_open+0x5ba/0x830 [ 53.713971] misc_open+0x395/0x4c0 [ 53.719224] chrdev_open+0x245/0x6b0 [ 53.724656] do_dentry_open+0x4c3/0x1210 [ 53.730427] vfs_open+0xa0/0xd0 [ 53.735421] path_openat+0x10d7/0x45e0 [ 53.741021] do_filp_open+0x1a1/0x280 [ 53.746536] do_sys_open+0x3fe/0x550 [ 53.751962] __x64_sys_openat+0x9d/0x100 [ 53.757749] do_syscall_64+0xfd/0x620 [ 53.763280] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.770179] } [ 53.772055] ... key at: [] __key.42212+0x0/0x40 [ 53.778865] ... acquired at: [ 53.782050] _raw_spin_lock+0x2f/0x40 [ 53.786010] io_submit_one+0xef2/0x2eb0 [ 53.790132] __x64_sys_io_submit+0x1aa/0x520 [ 53.794718] do_syscall_64+0xfd/0x620 [ 53.798686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.804038] [ 53.805643] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 53.811076] IN-SOFTIRQ-W at: [ 53.814335] lock_acquire+0x16f/0x3f0 [ 53.819778] _raw_spin_lock_irq+0x60/0x80 [ 53.825560] free_ioctx_users+0x2d/0x490 [ 53.831249] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.838330] rcu_process_callbacks+0xba0/0x1a30 [ 53.844629] __do_softirq+0x25c/0x921 [ 53.850055] irq_exit+0x180/0x1d0 [ 53.855136] smp_apic_timer_interrupt+0x13b/0x550 [ 53.861604] apic_timer_interrupt+0xf/0x20 [ 53.867469] native_safe_halt+0xe/0x10 [ 53.872990] arch_cpu_idle+0xa/0x10 [ 53.878241] default_idle_call+0x36/0x90 [ 53.883929] do_idle+0x377/0x560 [ 53.888923] cpu_startup_entry+0xc8/0xe0 [ 53.894610] rest_init+0x219/0x222 [ 53.899779] start_kernel+0x88c/0x8c5 [ 53.905216] x86_64_start_reservations+0x29/0x2b [ 53.911599] x86_64_start_kernel+0x77/0x7b [ 53.917501] secondary_startup_64+0xa4/0xb0 [ 53.923445] INITIAL USE at: [ 53.926637] lock_acquire+0x16f/0x3f0 [ 53.931987] _raw_spin_lock_irq+0x60/0x80 [ 53.937691] io_submit_one+0xead/0x2eb0 [ 53.943212] __x64_sys_io_submit+0x1aa/0x520 [ 53.949162] do_syscall_64+0xfd/0x620 [ 53.954504] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.961232] } [ 53.963019] ... key at: [] __key.50212+0x0/0x40 [ 53.969744] ... acquired at: [ 53.972827] mark_lock+0x420/0x1370 [ 53.976605] __lock_acquire+0xc62/0x49c0 [ 53.980815] lock_acquire+0x16f/0x3f0 [ 53.984769] _raw_spin_lock_irq+0x60/0x80 [ 53.989074] free_ioctx_users+0x2d/0x490 [ 53.993290] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.998891] rcu_process_callbacks+0xba0/0x1a30 [ 54.003714] __do_softirq+0x25c/0x921 [ 54.007667] irq_exit+0x180/0x1d0 [ 54.011269] smp_apic_timer_interrupt+0x13b/0x550 [ 54.016304] apic_timer_interrupt+0xf/0x20 [ 54.020692] native_safe_halt+0xe/0x10 [ 54.024733] arch_cpu_idle+0xa/0x10 [ 54.028512] default_idle_call+0x36/0x90 [ 54.032735] do_idle+0x377/0x560 [ 54.036252] cpu_startup_entry+0xc8/0xe0 [ 54.040465] rest_init+0x219/0x222 [ 54.044161] start_kernel+0x88c/0x8c5 [ 54.048112] x86_64_start_reservations+0x29/0x2b [ 54.053020] x86_64_start_kernel+0x77/0x7b [ 54.057428] secondary_startup_64+0xa4/0xb0 [ 54.061909] [ 54.063511] [ 54.063511] stack backtrace: [ 54.067988] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 54.074193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.083529] Call Trace: [ 54.086087] [ 54.088221] dump_stack+0x172/0x1f0 [ 54.091846] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 54.097192] check_usage_forwards.cold+0x20/0x29 [ 54.101933] ? check_usage_backwards+0x340/0x340 [ 54.106670] ? save_stack_trace+0x1a/0x20 [ 54.110795] ? save_trace+0xe0/0x290 [ 54.114674] mark_lock+0x420/0x1370 [ 54.118278] ? check_usage_backwards+0x340/0x340 [ 54.123012] __lock_acquire+0xc62/0x49c0 [ 54.127049] ? mark_held_locks+0x100/0x100 [ 54.131277] ? mark_held_locks+0x100/0x100 [ 54.135492] ? __wake_up_common_lock+0xfe/0x190 [ 54.140160] ? mark_held_locks+0x100/0x100 [ 54.144374] ? __wake_up_common_lock+0xfe/0x190 [ 54.149021] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 54.154102] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 54.158664] ? trace_hardirqs_on+0x67/0x220 [ 54.162964] ? kasan_check_read+0x11/0x20 [ 54.167111] lock_acquire+0x16f/0x3f0 [ 54.170895] ? free_ioctx_users+0x2d/0x490 [ 54.175112] _raw_spin_lock_irq+0x60/0x80 [ 54.179236] ? free_ioctx_users+0x2d/0x490 [ 54.183451] free_ioctx_users+0x2d/0x490 [ 54.187492] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 54.192663] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 54.198095] ? percpu_ref_exit+0xd0/0xd0 [ 54.202135] rcu_process_callbacks+0xba0/0x1a30 [ 54.206786] ? __rcu_read_unlock+0x170/0x170 [ 54.211177] __do_softirq+0x25c/0x921 [ 54.214966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.220479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.225998] irq_exit+0x180/0x1d0 [ 54.229430] smp_apic_timer_interrupt+0x13b/0x550 [ 54.234268] apic_timer_interrupt+0xf/0x20 [ 54.238475] [ 54.240692] RIP: 0010:native_safe_halt+0xe/0x10 [ 54.245345] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 54.264230] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 54.271917] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 54.279172] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 54.286418] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 54.293667] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 54.301000] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 54.308261] ? default_idle+0x4e/0x320 [ 54.312131] arch_cpu_idle+0xa/0x10 [ 54.315753] default_idle_call+0x36/0x90 [ 54.319795] do_idle+0x377/0x560 [ 54.323141] ? retint_kernel+0x2d/0x2d [ 54.327006] ? arch_cpu_idle_exit+0x80/0x80 [ 54.331307] cpu_startup_entry+0xc8/0xe0 [ 54.335359] ? cpu_in_idle+0x20/0x20 [ 54.339066] r