Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. executing program [ 42.703528] audit: type=1400 audit(1566346144.879:36): avc: denied { map } for pid=7187 comm="syz-executor305" path="/root/syz-executor305428163" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 42.750154] [ 42.751769] ======================================================== [ 42.758225] WARNING: possible irq lock inversion dependency detected [ 42.764683] 4.19.67 #41 Not tainted [ 42.768276] -------------------------------------------------------- [ 42.774745] swapper/1/0 just changed the state of lock: [ 42.780076] 000000000448e985 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 42.788807] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 42.795608] (&fiq->waitq){+.+.} [ 42.795614] [ 42.795614] [ 42.795614] and interrupts could create inverse lock ordering between them. [ 42.795614] [ 42.810443] [ 42.810443] other info that might help us debug this: [ 42.817075] Possible interrupt unsafe locking scenario: [ 42.817075] [ 42.823965] CPU0 CPU1 [ 42.828598] ---- ---- [ 42.833231] lock(&fiq->waitq); [ 42.836567] local_irq_disable(); [ 42.842589] lock(&(&ctx->ctx_lock)->rlock); [ 42.849569] lock(&fiq->waitq); [ 42.855419] [ 42.858146] lock(&(&ctx->ctx_lock)->rlock); [ 42.862781] [ 42.862781] *** DEADLOCK *** [ 42.862781] [ 42.868810] 2 locks held by swapper/1/0: [ 42.872836] #0: 0000000026f82e0f (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 42.881566] #1: 00000000ac0ec794 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 42.891700] [ 42.891700] the shortest dependencies between 2nd lock and 1st lock: [ 42.899637] -> (&fiq->waitq){+.+.} ops: 4 { [ 42.904019] HARDIRQ-ON-W at: [ 42.907375] lock_acquire+0x16f/0x3f0 [ 42.912972] _raw_spin_lock+0x2f/0x40 [ 42.918567] flush_bg_queue+0x1f3/0x3d0 [ 42.924341] fuse_request_send_background_locked+0x26d/0x4e0 [ 42.931932] fuse_request_send_background+0x12b/0x180 [ 42.938913] cuse_channel_open+0x5ba/0x830 [ 42.944942] misc_open+0x395/0x4c0 [ 42.950273] chrdev_open+0x245/0x6b0 [ 42.955781] do_dentry_open+0x4c3/0x1210 [ 42.961632] vfs_open+0xa0/0xd0 [ 42.966705] path_openat+0x10d7/0x45e0 [ 42.972399] do_filp_open+0x1a1/0x280 [ 42.977999] do_sys_open+0x3fe/0x550 [ 42.983506] __x64_sys_openat+0x9d/0x100 [ 42.989362] do_syscall_64+0xfd/0x620 [ 42.994953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.001934] SOFTIRQ-ON-W at: [ 43.005271] lock_acquire+0x16f/0x3f0 [ 43.010866] _raw_spin_lock+0x2f/0x40 [ 43.016457] flush_bg_queue+0x1f3/0x3d0 [ 43.022224] fuse_request_send_background_locked+0x26d/0x4e0 [ 43.029814] fuse_request_send_background+0x12b/0x180 [ 43.036796] cuse_channel_open+0x5ba/0x830 [ 43.042823] misc_open+0x395/0x4c0 [ 43.048157] chrdev_open+0x245/0x6b0 [ 43.053839] do_dentry_open+0x4c3/0x1210 [ 43.059691] vfs_open+0xa0/0xd0 [ 43.064762] path_openat+0x10d7/0x45e0 [ 43.070444] do_filp_open+0x1a1/0x280 [ 43.076034] do_sys_open+0x3fe/0x550 [ 43.081547] __x64_sys_openat+0x9d/0x100 [ 43.087415] do_syscall_64+0xfd/0x620 [ 43.093010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.099996] INITIAL USE at: [ 43.103261] lock_acquire+0x16f/0x3f0 [ 43.108766] _raw_spin_lock+0x2f/0x40 [ 43.114273] flush_bg_queue+0x1f3/0x3d0 [ 43.120040] fuse_request_send_background_locked+0x26d/0x4e0 [ 43.127554] fuse_request_send_background+0x12b/0x180 [ 43.134448] cuse_channel_open+0x5ba/0x830 [ 43.140394] misc_open+0x395/0x4c0 [ 43.145642] chrdev_open+0x245/0x6b0 [ 43.151071] do_dentry_open+0x4c3/0x1210 [ 43.156836] vfs_open+0xa0/0xd0 [ 43.161821] path_openat+0x10d7/0x45e0 [ 43.167416] do_filp_open+0x1a1/0x280 [ 43.172923] do_sys_open+0x3fe/0x550 [ 43.178349] __x64_sys_openat+0x9d/0x100 [ 43.184117] do_syscall_64+0xfd/0x620 [ 43.189622] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.196590] } [ 43.198451] ... key at: [] __key.42212+0x0/0x40 [ 43.205255] ... acquired at: [ 43.208419] _raw_spin_lock+0x2f/0x40 [ 43.212365] io_submit_one+0xef2/0x2eb0 [ 43.216484] __x64_sys_io_submit+0x1aa/0x520 [ 43.221037] do_syscall_64+0xfd/0x620 [ 43.224985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.230314] [ 43.231911] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 43.237342] IN-SOFTIRQ-W at: [ 43.240594] lock_acquire+0x16f/0x3f0 [ 43.246013] _raw_spin_lock_irq+0x60/0x80 [ 43.251787] free_ioctx_users+0x2d/0x490 [ 43.257469] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.264539] rcu_process_callbacks+0xba0/0x1a30 [ 43.270829] __do_softirq+0x25c/0x921 [ 43.276248] irq_exit+0x180/0x1d0 [ 43.281323] smp_apic_timer_interrupt+0x13b/0x550 [ 43.287788] apic_timer_interrupt+0xf/0x20 [ 43.293643] native_safe_halt+0xe/0x10 [ 43.299148] arch_cpu_idle+0xa/0x10 [ 43.304413] default_idle_call+0x36/0x90 [ 43.310096] do_idle+0x377/0x560 [ 43.315078] cpu_startup_entry+0xc8/0xe0 [ 43.320759] start_secondary+0x3e8/0x5b0 [ 43.326438] secondary_startup_64+0xa4/0xb0 [ 43.332375] INITIAL USE at: [ 43.335541] lock_acquire+0x16f/0x3f0 [ 43.340872] _raw_spin_lock_irq+0x60/0x80 [ 43.346556] io_submit_one+0xead/0x2eb0 [ 43.352060] __x64_sys_io_submit+0x1aa/0x520 [ 43.357998] do_syscall_64+0xfd/0x620 [ 43.363329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.370135] } [ 43.371909] ... key at: [] __key.50212+0x0/0x40 [ 43.378624] ... acquired at: [ 43.381697] mark_lock+0x420/0x1370 [ 43.385465] __lock_acquire+0xc62/0x49c0 [ 43.389670] lock_acquire+0x16f/0x3f0 [ 43.393615] _raw_spin_lock_irq+0x60/0x80 [ 43.397906] free_ioctx_users+0x2d/0x490 [ 43.402109] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.407701] rcu_process_callbacks+0xba0/0x1a30 [ 43.412510] __do_softirq+0x25c/0x921 [ 43.416452] irq_exit+0x180/0x1d0 [ 43.420050] smp_apic_timer_interrupt+0x13b/0x550 [ 43.425033] apic_timer_interrupt+0xf/0x20 [ 43.429410] native_safe_halt+0xe/0x10 [ 43.433439] arch_cpu_idle+0xa/0x10 [ 43.437210] default_idle_call+0x36/0x90 [ 43.441415] do_idle+0x377/0x560 [ 43.444921] cpu_startup_entry+0xc8/0xe0 [ 43.449125] start_secondary+0x3e8/0x5b0 [ 43.453327] secondary_startup_64+0xa4/0xb0 [ 43.457785] [ 43.459380] [ 43.459380] stack backtrace: [ 43.463847] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.67 #41 [ 43.470046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.479371] Call Trace: [ 43.481928] [ 43.484058] dump_stack+0x172/0x1f0 [ 43.487655] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 43.492987] check_usage_forwards.cold+0x20/0x29 [ 43.497712] ? check_usage_backwards+0x340/0x340 [ 43.502438] ? save_stack_trace+0x1a/0x20 [ 43.506644] ? save_trace+0xe0/0x290 [ 43.510327] mark_lock+0x420/0x1370 [ 43.513922] ? check_usage_backwards+0x340/0x340 [ 43.518645] __lock_acquire+0xc62/0x49c0 [ 43.522675] ? mark_held_locks+0x100/0x100 [ 43.526883] ? mark_held_locks+0x100/0x100 [ 43.531099] ? __wake_up_common_lock+0xfe/0x190 [ 43.535741] ? mark_held_locks+0x100/0x100 [ 43.539944] ? __wake_up_common_lock+0xfe/0x190 [ 43.544591] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 43.549661] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 43.554213] ? trace_hardirqs_on+0x67/0x220 [ 43.558506] ? kasan_check_read+0x11/0x20 [ 43.562622] lock_acquire+0x16f/0x3f0 [ 43.566392] ? free_ioctx_users+0x2d/0x490 [ 43.570596] _raw_spin_lock_irq+0x60/0x80 [ 43.574711] ? free_ioctx_users+0x2d/0x490 [ 43.578913] free_ioctx_users+0x2d/0x490 [ 43.582945] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 43.588106] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 43.593527] ? percpu_ref_exit+0xd0/0xd0 [ 43.597558] rcu_process_callbacks+0xba0/0x1a30 [ 43.602196] ? __rcu_read_unlock+0x170/0x170 [ 43.606577] __do_softirq+0x25c/0x921 [ 43.610361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.615870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.621379] irq_exit+0x180/0x1d0 [ 43.624804] smp_apic_timer_interrupt+0x13b/0x550 [ 43.629617] apic_timer_interrupt+0xf/0x20 [ 43.633819] [ 43.636030] RIP: 0010:native_safe_halt+0xe/0x10 [ 43.640669] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 43.659538] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 43.667217] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 43.674456] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 43.681703] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 43.688941] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 43.696182] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 43.703427] ? default_idle+0x4e/0x320 [ 43.7