Warning: Permanently added '10.128.10.36' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.106786] kauditd_printk_skb: 5 callbacks suppressed [ 52.106803] audit: type=1400 audit(1560026071.732:36): avc: denied { map } for pid=7915 comm="syz-executor492" path="/root/syz-executor492144377" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 52.152987] [ 52.154674] ======================================================== [ 52.161152] WARNING: possible irq lock inversion dependency detected [ 52.167623] 4.19.48 #20 Not tainted [ 52.171226] -------------------------------------------------------- [ 52.177695] swapper/0/0 just changed the state of lock: [ 52.183041] 0000000088e43bd5 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 52.191784] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 52.198632] (&fiq->waitq){+.+.} [ 52.198641] [ 52.198641] [ 52.198641] and interrupts could create inverse lock ordering between them. [ 52.198641] [ 52.213502] [ 52.213502] other info that might help us debug this: [ 52.220150] Possible interrupt unsafe locking scenario: [ 52.220150] [ 52.227055] CPU0 CPU1 [ 52.232408] ---- ---- [ 52.237065] lock(&fiq->waitq); [ 52.240427] local_irq_disable(); [ 52.246459] lock(&(&ctx->ctx_lock)->rlock); [ 52.253453] lock(&fiq->waitq); [ 52.259316] [ 52.262048] lock(&(&ctx->ctx_lock)->rlock); [ 52.266696] [ 52.266696] *** DEADLOCK *** [ 52.266696] [ 52.272760] 2 locks held by swapper/0/0: [ 52.276816] #0: 000000006b19f389 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 52.285566] #1: 0000000031ea03cb (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 52.295698] [ 52.295698] the shortest dependencies between 2nd lock and 1st lock: [ 52.303763] -> (&fiq->waitq){+.+.} ops: 4 { [ 52.308182] HARDIRQ-ON-W at: [ 52.311537] lock_acquire+0x16f/0x3f0 [ 52.317143] _raw_spin_lock+0x2f/0x40 [ 52.322752] flush_bg_queue+0x1f3/0x3d0 [ 52.328529] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.336156] fuse_request_send_background+0x12b/0x180 [ 52.343155] cuse_channel_open+0x5ba/0x830 [ 52.349210] misc_open+0x395/0x4c0 [ 52.354563] chrdev_open+0x245/0x6b0 [ 52.360082] do_dentry_open+0x4c3/0x1200 [ 52.365952] vfs_open+0xa0/0xd0 [ 52.371044] path_openat+0x10d7/0x4690 [ 52.376740] do_filp_open+0x1a1/0x280 [ 52.382362] do_sys_open+0x3fe/0x550 [ 52.387921] __x64_sys_openat+0x9d/0x100 [ 52.393801] do_syscall_64+0xfd/0x620 [ 52.399410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.406399] SOFTIRQ-ON-W at: [ 52.409748] lock_acquire+0x16f/0x3f0 [ 52.415352] _raw_spin_lock+0x2f/0x40 [ 52.420975] flush_bg_queue+0x1f3/0x3d0 [ 52.426785] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.434416] fuse_request_send_background+0x12b/0x180 [ 52.441409] cuse_channel_open+0x5ba/0x830 [ 52.447447] misc_open+0x395/0x4c0 [ 52.452791] chrdev_open+0x245/0x6b0 [ 52.458308] do_dentry_open+0x4c3/0x1200 [ 52.464171] vfs_open+0xa0/0xd0 [ 52.469255] path_openat+0x10d7/0x4690 [ 52.474944] do_filp_open+0x1a1/0x280 [ 52.480573] do_sys_open+0x3fe/0x550 [ 52.486092] __x64_sys_openat+0x9d/0x100 [ 52.491958] do_syscall_64+0xfd/0x620 [ 52.497575] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.504570] INITIAL USE at: [ 52.507854] lock_acquire+0x16f/0x3f0 [ 52.513372] _raw_spin_lock+0x2f/0x40 [ 52.518906] flush_bg_queue+0x1f3/0x3d0 [ 52.524611] fuse_request_send_background_locked+0x26d/0x4e0 [ 52.532125] fuse_request_send_background+0x12b/0x180 [ 52.539039] cuse_channel_open+0x5ba/0x830 [ 52.545019] misc_open+0x395/0x4c0 [ 52.550303] chrdev_open+0x245/0x6b0 [ 52.555734] do_dentry_open+0x4c3/0x1200 [ 52.561510] vfs_open+0xa0/0xd0 [ 52.566524] path_openat+0x10d7/0x4690 [ 52.572147] do_filp_open+0x1a1/0x280 [ 52.577667] do_sys_open+0x3fe/0x550 [ 52.583097] __x64_sys_openat+0x9d/0x100 [ 52.588875] do_syscall_64+0xfd/0x620 [ 52.594393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.601311] } [ 52.603185] ... key at: [] __key.42196+0x0/0x40 [ 52.609999] ... acquired at: [ 52.613173] _raw_spin_lock+0x2f/0x40 [ 52.617126] io_submit_one+0xef2/0x2eb0 [ 52.621252] __x64_sys_io_submit+0x1aa/0x520 [ 52.625816] do_syscall_64+0xfd/0x620 [ 52.629780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.635119] [ 52.636735] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 52.642173] IN-SOFTIRQ-W at: [ 52.645458] lock_acquire+0x16f/0x3f0 [ 52.650891] _raw_spin_lock_irq+0x60/0x80 [ 52.656669] free_ioctx_users+0x2d/0x490 [ 52.662372] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.669475] rcu_process_callbacks+0xba0/0x1a30 [ 52.675952] __do_softirq+0x25c/0x921 [ 52.681394] irq_exit+0x180/0x1d0 [ 52.686477] smp_apic_timer_interrupt+0x13b/0x550 [ 52.692949] apic_timer_interrupt+0xf/0x20 [ 52.698815] native_safe_halt+0xe/0x10 [ 52.704334] arch_cpu_idle+0xa/0x10 [ 52.709605] default_idle_call+0x36/0x90 [ 52.715320] do_idle+0x377/0x560 [ 52.720316] cpu_startup_entry+0xc8/0xe0 [ 52.726027] rest_init+0xf1/0xf6 [ 52.731059] start_kernel+0x88c/0x8c5 [ 52.736504] x86_64_start_reservations+0x29/0x2b [ 52.742907] x86_64_start_kernel+0x77/0x7b [ 52.748776] secondary_startup_64+0xa4/0xb0 [ 52.754723] INITIAL USE at: [ 52.757916] lock_acquire+0x16f/0x3f0 [ 52.763259] _raw_spin_lock_irq+0x60/0x80 [ 52.768953] io_submit_one+0xead/0x2eb0 [ 52.774470] __x64_sys_io_submit+0x1aa/0x520 [ 52.780423] do_syscall_64+0xfd/0x620 [ 52.785767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.792492] } [ 52.794285] ... key at: [] __key.50187+0x0/0x40 [ 52.801046] ... acquired at: [ 52.804161] mark_lock+0x420/0x1370 [ 52.807946] __lock_acquire+0xc65/0x48f0 [ 52.812178] lock_acquire+0x16f/0x3f0 [ 52.816133] _raw_spin_lock_irq+0x60/0x80 [ 52.820433] free_ioctx_users+0x2d/0x490 [ 52.824650] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.830257] rcu_process_callbacks+0xba0/0x1a30 [ 52.835082] __do_softirq+0x25c/0x921 [ 52.839043] irq_exit+0x180/0x1d0 [ 52.842655] smp_apic_timer_interrupt+0x13b/0x550 [ 52.848002] apic_timer_interrupt+0xf/0x20 [ 52.852405] native_safe_halt+0xe/0x10 [ 52.856448] arch_cpu_idle+0xa/0x10 [ 52.860228] default_idle_call+0x36/0x90 [ 52.864442] do_idle+0x377/0x560 [ 52.867971] cpu_startup_entry+0xc8/0xe0 [ 52.872183] rest_init+0xf1/0xf6 [ 52.875702] start_kernel+0x88c/0x8c5 [ 52.879655] x86_64_start_reservations+0x29/0x2b [ 52.884562] x86_64_start_kernel+0x77/0x7b [ 52.888956] secondary_startup_64+0xa4/0xb0 [ 52.893425] [ 52.895027] [ 52.895027] stack backtrace: [ 52.899533] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.48 #20 [ 52.905744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.915079] Call Trace: [ 52.917658] [ 52.919796] dump_stack+0x172/0x1f0 [ 52.923408] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 52.928759] check_usage_forwards.cold+0x20/0x29 [ 52.933513] ? check_usage_backwards+0x340/0x340 [ 52.938276] ? save_stack_trace+0x1a/0x20 [ 52.942403] ? save_trace+0xe0/0x290 [ 52.946101] mark_lock+0x420/0x1370 [ 52.949710] ? check_usage_backwards+0x340/0x340 [ 52.954449] __lock_acquire+0xc65/0x48f0 [ 52.958505] ? mark_held_locks+0x100/0x100 [ 52.962737] ? mark_held_locks+0x100/0x100 [ 52.966963] ? __wake_up_common_lock+0xfe/0x190 [ 52.971614] ? mark_held_locks+0x100/0x100 [ 52.975847] ? __wake_up_common_lock+0xfe/0x190 [ 52.980499] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 52.985583] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 52.990148] ? trace_hardirqs_on+0x67/0x220 [ 52.994452] ? kasan_check_read+0x11/0x20 [ 52.998579] lock_acquire+0x16f/0x3f0 [ 53.002360] ? free_ioctx_users+0x2d/0x490 [ 53.006580] _raw_spin_lock_irq+0x60/0x80 [ 53.010708] ? free_ioctx_users+0x2d/0x490 [ 53.014922] free_ioctx_users+0x2d/0x490 [ 53.018966] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 53.024144] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 53.029576] ? percpu_ref_exit+0xd0/0xd0 [ 53.033620] rcu_process_callbacks+0xba0/0x1a30 [ 53.038270] ? __rcu_read_unlock+0x170/0x170 [ 53.042663] __do_softirq+0x25c/0x921 [ 53.046445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.051974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.057526] irq_exit+0x180/0x1d0 [ 53.060976] smp_apic_timer_interrupt+0x13b/0x550 [ 53.065802] apic_timer_interrupt+0xf/0x20 [ 53.070011] [ 53.072232] RIP: 0010:native_safe_halt+0xe/0x10 [ 53.076886] Code: ff ff 48 89 df e8 72 4c b2 fa eb 82 e9 07 00 00 00 0f 00 2d e4 aa 58 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d d4 aa 58 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 7e 6a fa e8 a9 [ 53.095773] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 53.103482] RAX: 1ffffffff10e46cc RBX: ffffffff88679e80 RCX: 0000000000000000 [ 53.110733] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a6fc [ 53.117983] RBP: ffffffff88607cd8 R08: ffffffff88679e80 R09: 0000000000000000 [ 53.125233] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 53.132483] R13: ffffffff88723650 R14: 0000000000000000 R15: 0000000000000000 [ 53.139751] ? default_idle+0x4e/0x320 [ 53.143626] arch_cpu_idle+0xa/0x10 [ 53.147238] default_idle_call+0x36/0x90 [ 53.151282] do_idle+0x377/0x560 [ 53.154630] ? arch_cpu_idle_exit+0x80/0x80 [ 53.158944] ? check_preemp