Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. executing program [ 48.671092] audit: type=1400 audit(1567043451.291:36): avc: denied { map } for pid=7518 comm="syz-executor538" path="/root/syz-executor538718608" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.707854] [ 48.709493] ======================================================== [ 48.715967] WARNING: possible irq lock inversion dependency detected [ 48.722435] 4.19.68 #42 Not tainted [ 48.726037] -------------------------------------------------------- [ 48.732504] swapper/1/0 just changed the state of lock: [ 48.737841] 0000000074ff8b59 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.746583] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.753408] (&fiq->waitq){+.+.} [ 48.753416] [ 48.753416] [ 48.753416] and interrupts could create inverse lock ordering between them. [ 48.753416] [ 48.768269] [ 48.768269] other info that might help us debug this: [ 48.774943] Possible interrupt unsafe locking scenario: [ 48.774943] [ 48.781849] CPU0 CPU1 [ 48.786493] ---- ---- [ 48.791143] lock(&fiq->waitq); [ 48.794487] local_irq_disable(); [ 48.800516] lock(&(&ctx->ctx_lock)->rlock); [ 48.807504] lock(&fiq->waitq); [ 48.813370] [ 48.816200] lock(&(&ctx->ctx_lock)->rlock); [ 48.820850] [ 48.820850] *** DEADLOCK *** [ 48.820850] [ 48.826888] 2 locks held by swapper/1/0: [ 48.830925] #0: 00000000d0d3aaa0 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.839672] #1: 00000000a3fa663e (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.849806] [ 48.849806] the shortest dependencies between 2nd lock and 1st lock: [ 48.857759] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.862168] HARDIRQ-ON-W at: [ 48.865522] lock_acquire+0x16f/0x3f0 [ 48.871155] _raw_spin_lock+0x2f/0x40 [ 48.876757] flush_bg_queue+0x1f3/0x3d0 [ 48.882533] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.890139] fuse_request_send_background+0x12b/0x180 [ 48.897131] cuse_channel_open+0x5ba/0x830 [ 48.903185] misc_open+0x395/0x4c0 [ 48.908527] chrdev_open+0x245/0x6b0 [ 48.914040] do_dentry_open+0x4c3/0x1210 [ 48.919907] vfs_open+0xa0/0xd0 [ 48.924990] path_openat+0x10d7/0x45e0 [ 48.930685] do_filp_open+0x1a1/0x280 [ 48.936298] do_sys_open+0x3fe/0x550 [ 48.941828] __x64_sys_openat+0x9d/0x100 [ 48.947695] do_syscall_64+0xfd/0x620 [ 48.953303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.960298] SOFTIRQ-ON-W at: [ 48.963682] lock_acquire+0x16f/0x3f0 [ 48.969284] _raw_spin_lock+0x2f/0x40 [ 48.974920] flush_bg_queue+0x1f3/0x3d0 [ 48.980696] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.988299] fuse_request_send_background+0x12b/0x180 [ 48.995386] cuse_channel_open+0x5ba/0x830 [ 49.001425] misc_open+0x395/0x4c0 [ 49.006820] chrdev_open+0x245/0x6b0 [ 49.012374] do_dentry_open+0x4c3/0x1210 [ 49.018238] vfs_open+0xa0/0xd0 [ 49.023410] path_openat+0x10d7/0x45e0 [ 49.029096] do_filp_open+0x1a1/0x280 [ 49.034697] do_sys_open+0x3fe/0x550 [ 49.040230] __x64_sys_openat+0x9d/0x100 [ 49.046098] do_syscall_64+0xfd/0x620 [ 49.051706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.058705] INITIAL USE at: [ 49.061967] lock_acquire+0x16f/0x3f0 [ 49.067479] _raw_spin_lock+0x2f/0x40 [ 49.072991] flush_bg_queue+0x1f3/0x3d0 [ 49.078694] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.086204] fuse_request_send_background+0x12b/0x180 [ 49.093130] cuse_channel_open+0x5ba/0x830 [ 49.099078] misc_open+0x395/0x4c0 [ 49.104334] chrdev_open+0x245/0x6b0 [ 49.109767] do_dentry_open+0x4c3/0x1210 [ 49.115552] vfs_open+0xa0/0xd0 [ 49.120547] path_openat+0x10d7/0x45e0 [ 49.126147] do_filp_open+0x1a1/0x280 [ 49.131703] do_sys_open+0x3fe/0x550 [ 49.137132] __x64_sys_openat+0x9d/0x100 [ 49.142910] do_syscall_64+0xfd/0x620 [ 49.148450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.155375] } [ 49.157341] ... key at: [] __key.42211+0x0/0x40 [ 49.164153] ... acquired at: [ 49.167323] _raw_spin_lock+0x2f/0x40 [ 49.171277] io_submit_one+0xef2/0x2eb0 [ 49.175403] __x64_sys_io_submit+0x1aa/0x520 [ 49.179964] do_syscall_64+0xfd/0x620 [ 49.183917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.189262] [ 49.190870] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 49.196301] IN-SOFTIRQ-W at: [ 49.199562] lock_acquire+0x16f/0x3f0 [ 49.204988] _raw_spin_lock_irq+0x60/0x80 [ 49.210779] free_ioctx_users+0x2d/0x490 [ 49.216480] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.223557] rcu_process_callbacks+0xba0/0x1a30 [ 49.229854] __do_softirq+0x25c/0x921 [ 49.235285] irq_exit+0x180/0x1d0 [ 49.240365] smp_apic_timer_interrupt+0x13b/0x550 [ 49.246836] apic_timer_interrupt+0xf/0x20 [ 49.252696] native_safe_halt+0xe/0x10 [ 49.258212] arch_cpu_idle+0xa/0x10 [ 49.263464] default_idle_call+0x36/0x90 [ 49.269164] do_idle+0x377/0x560 [ 49.274160] cpu_startup_entry+0xc8/0xe0 [ 49.279935] start_secondary+0x3e8/0x5b0 [ 49.285624] secondary_startup_64+0xa4/0xb0 [ 49.291569] INITIAL USE at: [ 49.294752] lock_acquire+0x16f/0x3f0 [ 49.300092] _raw_spin_lock_irq+0x60/0x80 [ 49.305783] io_submit_one+0xead/0x2eb0 [ 49.311304] __x64_sys_io_submit+0x1aa/0x520 [ 49.317255] do_syscall_64+0xfd/0x620 [ 49.322600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.329325] } [ 49.331120] ... key at: [] __key.50211+0x0/0x40 [ 49.337847] ... acquired at: [ 49.340930] mark_lock+0x420/0x1370 [ 49.344709] __lock_acquire+0xc62/0x49c0 [ 49.348922] lock_acquire+0x16f/0x3f0 [ 49.352883] _raw_spin_lock_irq+0x60/0x80 [ 49.357181] free_ioctx_users+0x2d/0x490 [ 49.361407] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.367159] rcu_process_callbacks+0xba0/0x1a30 [ 49.371980] __do_softirq+0x25c/0x921 [ 49.375932] irq_exit+0x180/0x1d0 [ 49.379541] smp_apic_timer_interrupt+0x13b/0x550 [ 49.384631] apic_timer_interrupt+0xf/0x20 [ 49.389015] native_safe_halt+0xe/0x10 [ 49.393052] arch_cpu_idle+0xa/0x10 [ 49.396832] default_idle_call+0x36/0x90 [ 49.401043] do_idle+0x377/0x560 [ 49.404560] cpu_startup_entry+0xc8/0xe0 [ 49.408780] start_secondary+0x3e8/0x5b0 [ 49.413007] secondary_startup_64+0xa4/0xb0 [ 49.417485] [ 49.419092] [ 49.419092] stack backtrace: [ 49.423566] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.68 #42 [ 49.429772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.439111] Call Trace: [ 49.441670] [ 49.443807] dump_stack+0x172/0x1f0 [ 49.447416] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.452759] check_usage_forwards.cold+0x20/0x29 [ 49.457586] ? check_usage_backwards+0x340/0x340 [ 49.462322] ? save_stack_trace+0x1a/0x20 [ 49.466447] ? save_trace+0xe0/0x290 [ 49.470150] mark_lock+0x420/0x1370 [ 49.473756] ? check_usage_backwards+0x340/0x340 [ 49.478576] __lock_acquire+0xc62/0x49c0 [ 49.482630] ? mark_held_locks+0x100/0x100 [ 49.486848] ? mark_held_locks+0x100/0x100 [ 49.491058] ? __wake_up_common_lock+0xfe/0x190 [ 49.495708] ? mark_held_locks+0x100/0x100 [ 49.499939] ? __wake_up_common_lock+0xfe/0x190 [ 49.504597] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.509680] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 49.514263] ? trace_hardirqs_on+0x67/0x220 [ 49.518578] ? kasan_check_read+0x11/0x20 [ 49.522710] lock_acquire+0x16f/0x3f0 [ 49.526490] ? free_ioctx_users+0x2d/0x490 [ 49.530706] _raw_spin_lock_irq+0x60/0x80 [ 49.534969] ? free_ioctx_users+0x2d/0x490 [ 49.539210] free_ioctx_users+0x2d/0x490 [ 49.543255] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 49.548424] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.553870] ? percpu_ref_exit+0xd0/0xd0 [ 49.557923] rcu_process_callbacks+0xba0/0x1a30 [ 49.562574] ? __rcu_read_unlock+0x170/0x170 [ 49.566964] __do_softirq+0x25c/0x921 [ 49.570747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.576263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.581779] irq_exit+0x180/0x1d0 [ 49.585212] smp_apic_timer_interrupt+0x13b/0x550 [ 49.590035] apic_timer_interrupt+0xf/0x20 [ 49.594242] [ 49.596457] RIP: 0010:native_safe_halt+0xe/0x10 [ 49.601112] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 49.620007] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 49.627697] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 49.634945] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 49.642253] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 49.649518] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 49.656766] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 49.664035] ? default_idle+0x4e/0x320 [ 49.667906] arch_cpu_idle+0xa/0x10 [ 49.671509] default_idle_call+0x36/0x90 [