Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts. executing program [ 68.386984] audit: type=1400 audit(1559677938.243:36): avc: denied { map } for pid=7813 comm="syz-executor496" path="/root/syz-executor496840080" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 68.430422] [ 68.432120] ======================================================== [ 68.438602] WARNING: possible irq lock inversion dependency detected [ 68.445215] 4.19.48 #20 Not tainted [ 68.448924] -------------------------------------------------------- [ 68.455513] swapper/1/0 just changed the state of lock: [ 68.460861] 000000002173f197 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 68.469650] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 68.476494] (&fiq->waitq){+.+.} [ 68.476509] [ 68.476509] [ 68.476509] and interrupts could create inverse lock ordering between them. [ 68.476509] [ 68.491404] [ 68.491404] other info that might help us debug this: [ 68.498065] Possible interrupt unsafe locking scenario: [ 68.498065] [ 68.504976] CPU0 CPU1 [ 68.509624] ---- ---- [ 68.514275] lock(&fiq->waitq); [ 68.517628] local_irq_disable(); [ 68.523665] lock(&(&ctx->ctx_lock)->rlock); [ 68.530692] lock(&fiq->waitq); [ 68.536572] [ 68.539331] lock(&(&ctx->ctx_lock)->rlock); [ 68.544002] [ 68.544002] *** DEADLOCK *** [ 68.544002] [ 68.550046] 2 locks held by swapper/1/0: [ 68.554086] #0: 00000000d64f8bab (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 68.562874] #1: 0000000015f53a81 (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 68.573053] [ 68.573053] the shortest dependencies between 2nd lock and 1st lock: [ 68.581028] -> (&fiq->waitq){+.+.} ops: 4 { [ 68.585432] HARDIRQ-ON-W at: [ 68.588791] lock_acquire+0x16f/0x3f0 [ 68.594418] _raw_spin_lock+0x2f/0x40 [ 68.600041] flush_bg_queue+0x1f3/0x3d0 [ 68.605860] fuse_request_send_background_locked+0x26d/0x4e0 [ 68.613491] fuse_request_send_background+0x12b/0x180 [ 68.620501] cuse_channel_open+0x5ba/0x830 [ 68.626584] misc_open+0x395/0x4c0 [ 68.631946] chrdev_open+0x245/0x6b0 [ 68.637562] do_dentry_open+0x4c3/0x1200 [ 68.643439] vfs_open+0xa0/0xd0 [ 68.648538] path_openat+0x10d7/0x4690 [ 68.654245] do_filp_open+0x1a1/0x280 [ 68.659875] do_sys_open+0x3fe/0x550 [ 68.665454] __x64_sys_openat+0x9d/0x100 [ 68.671361] do_syscall_64+0xfd/0x620 [ 68.676983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.683983] SOFTIRQ-ON-W at: [ 68.687345] lock_acquire+0x16f/0x3f0 [ 68.692963] _raw_spin_lock+0x2f/0x40 [ 68.698617] flush_bg_queue+0x1f3/0x3d0 [ 68.704408] fuse_request_send_background_locked+0x26d/0x4e0 [ 68.712019] fuse_request_send_background+0x12b/0x180 [ 68.719022] cuse_channel_open+0x5ba/0x830 [ 68.725073] misc_open+0x395/0x4c0 [ 68.730455] chrdev_open+0x245/0x6b0 [ 68.735991] do_dentry_open+0x4c3/0x1200 [ 68.741886] vfs_open+0xa0/0xd0 [ 68.747885] path_openat+0x10d7/0x4690 [ 68.753625] do_filp_open+0x1a1/0x280 [ 68.759269] do_sys_open+0x3fe/0x550 [ 68.764798] __x64_sys_openat+0x9d/0x100 [ 68.770691] do_syscall_64+0xfd/0x620 [ 68.776300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.784715] INITIAL USE at: [ 68.787995] lock_acquire+0x16f/0x3f0 [ 68.793524] _raw_spin_lock+0x2f/0x40 [ 68.799054] flush_bg_queue+0x1f3/0x3d0 [ 68.804752] fuse_request_send_background_locked+0x26d/0x4e0 [ 68.812290] fuse_request_send_background+0x12b/0x180 [ 68.819318] cuse_channel_open+0x5ba/0x830 [ 68.825286] misc_open+0x395/0x4c0 [ 68.830573] chrdev_open+0x245/0x6b0 [ 68.836011] do_dentry_open+0x4c3/0x1200 [ 68.841849] vfs_open+0xa0/0xd0 [ 68.846860] path_openat+0x10d7/0x4690 [ 68.852474] do_filp_open+0x1a1/0x280 [ 68.858004] do_sys_open+0x3fe/0x550 [ 68.863544] __x64_sys_openat+0x9d/0x100 [ 68.869363] do_syscall_64+0xfd/0x620 [ 68.874900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.881816] } [ 68.883708] ... key at: [] __key.42196+0x0/0x40 [ 68.890565] ... acquired at: [ 68.893769] _raw_spin_lock+0x2f/0x40 [ 68.897731] io_submit_one+0xef2/0x2eb0 [ 68.901869] __x64_sys_io_submit+0x1aa/0x520 [ 68.906446] do_syscall_64+0xfd/0x620 [ 68.910415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.915759] [ 68.917387] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 68.922839] IN-SOFTIRQ-W at: [ 68.926118] lock_acquire+0x16f/0x3f0 [ 68.931562] _raw_spin_lock_irq+0x60/0x80 [ 68.937355] free_ioctx_users+0x2d/0x490 [ 68.943060] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 68.950270] rcu_process_callbacks+0xba0/0x1a30 [ 68.956585] __do_softirq+0x25c/0x921 [ 68.962030] irq_exit+0x180/0x1d0 [ 68.967131] smp_apic_timer_interrupt+0x13b/0x550 [ 68.973640] apic_timer_interrupt+0xf/0x20 [ 68.979526] native_safe_halt+0xe/0x10 [ 68.985065] arch_cpu_idle+0xa/0x10 [ 68.990335] default_idle_call+0x36/0x90 [ 68.996036] do_idle+0x377/0x560 [ 69.001043] cpu_startup_entry+0xc8/0xe0 [ 69.006761] start_secondary+0x3e8/0x5b0 [ 69.012469] secondary_startup_64+0xa4/0xb0 [ 69.018428] INITIAL USE at: [ 69.021617] lock_acquire+0x16f/0x3f0 [ 69.026995] _raw_spin_lock_irq+0x60/0x80 [ 69.032701] io_submit_one+0xead/0x2eb0 [ 69.038250] __x64_sys_io_submit+0x1aa/0x520 [ 69.044217] do_syscall_64+0xfd/0x620 [ 69.049572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.056305] } [ 69.058111] ... key at: [] __key.50187+0x0/0x40 [ 69.064845] ... acquired at: [ 69.067942] mark_lock+0x420/0x1370 [ 69.071736] __lock_acquire+0xc65/0x48f0 [ 69.075979] lock_acquire+0x16f/0x3f0 [ 69.079949] _raw_spin_lock_irq+0x60/0x80 [ 69.084270] free_ioctx_users+0x2d/0x490 [ 69.088494] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 69.094208] rcu_process_callbacks+0xba0/0x1a30 [ 69.099062] __do_softirq+0x25c/0x921 [ 69.103024] irq_exit+0x180/0x1d0 [ 69.106641] smp_apic_timer_interrupt+0x13b/0x550 [ 69.111653] apic_timer_interrupt+0xf/0x20 [ 69.116051] native_safe_halt+0xe/0x10 [ 69.120121] arch_cpu_idle+0xa/0x10 [ 69.123916] default_idle_call+0x36/0x90 [ 69.128145] do_idle+0x377/0x560 [ 69.131774] cpu_startup_entry+0xc8/0xe0 [ 69.136020] start_secondary+0x3e8/0x5b0 [ 69.140250] secondary_startup_64+0xa4/0xb0 [ 69.144745] [ 69.146350] [ 69.146350] stack backtrace: [ 69.150847] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.48 #20 [ 69.157063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.166421] Call Trace: [ 69.169006] [ 69.171175] dump_stack+0x172/0x1f0 [ 69.174885] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 69.180250] check_usage_forwards.cold+0x20/0x29 [ 69.185020] ? check_usage_backwards+0x340/0x340 [ 69.189779] ? save_stack_trace+0x1a/0x20 [ 69.193962] ? save_trace+0xe0/0x290 [ 69.197669] mark_lock+0x420/0x1370 [ 69.201311] ? check_usage_backwards+0x340/0x340 [ 69.206098] __lock_acquire+0xc65/0x48f0 [ 69.210172] ? mark_held_locks+0x100/0x100 [ 69.214439] ? mark_held_locks+0x100/0x100 [ 69.218683] ? __wake_up_common_lock+0xfe/0x190 [ 69.223351] ? mark_held_locks+0x100/0x100 [ 69.227660] ? __wake_up_common_lock+0xfe/0x190 [ 69.232323] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 69.237442] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 69.242028] ? trace_hardirqs_on+0x67/0x220 [ 69.246364] ? kasan_check_read+0x11/0x20 [ 69.250511] lock_acquire+0x16f/0x3f0 [ 69.254321] ? free_ioctx_users+0x2d/0x490 [ 69.258551] _raw_spin_lock_irq+0x60/0x80 [ 69.262685] ? free_ioctx_users+0x2d/0x490 [ 69.266908] free_ioctx_users+0x2d/0x490 [ 69.270962] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 69.276140] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 69.281586] ? percpu_ref_exit+0xd0/0xd0 [ 69.285892] rcu_process_callbacks+0xba0/0x1a30 [ 69.290555] ? __rcu_read_unlock+0x170/0x170 [ 69.294979] __do_softirq+0x25c/0x921 [ 69.298772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.304299] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.309853] irq_exit+0x180/0x1d0 [ 69.313309] smp_apic_timer_interrupt+0x13b/0x550 [ 69.318142] apic_timer_interrupt+0xf/0x20 [ 69.322357] [ 69.324582] RIP: 0010:native_safe_halt+0xe/0x10 [ 69.329245] Code: ff ff 48 89 df e8 72 4c b2 fa eb 82 e9 07 00 00 00 0f 00 2d e4 aa 58 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d d4 aa 58 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 4e 7e 6a fa e8 a9 [ 69.348161] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 69.355889] RAX: 1ffffffff10e46cc RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 69.363168] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 69.370447] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 69.377716] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 69.384992] R13: ffffffff88723650 R14: 0000000000000001 R15: 0000000000000000 [ 69.392288] ? default_idle+0x4e/0x320 [ 69.396177] arch_cpu_idle+0xa/0x10 [ 69.399805] default_idle_call+0x36/0x90 [ 69.404738] do_idle+0x377/0x560 [ 69.408089] ? arch_cpu_idle_exit+0x80/0x80 [ 69.412415] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 69.417504] ? complete+0x61/0x80 [ 69.420943] cpu_startup_entry+0xc8/0xe0 [ 69.425002] ? cpu_in_idle+0x20/0x20 [ 69.428716] ? setup_APIC_timer+0x1aa/0x200 [ 69.433040] start_secondary+0x3e8/0x5b0 [ 69.437087] ? set_cpu_sibling_map+0x1860/0x1860