Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. executing program [ 56.164167] audit: type=1400 audit(1565889873.500:36): avc: denied { map } for pid=8004 comm="syz-executor264" path="/root/syz-executor264004320" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.191666] [ 56.193345] ======================================================== [ 56.199809] WARNING: possible irq lock inversion dependency detected [ 56.206400] 4.19.66 #40 Not tainted [ 56.210004] -------------------------------------------------------- [ 56.216471] swapper/1/0 just changed the state of lock: [ 56.221813] 000000006e204d7f (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 56.230563] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 56.237526] (&fiq->waitq){+.+.} [ 56.237534] [ 56.237534] [ 56.237534] and interrupts could create inverse lock ordering between them. [ 56.237534] [ 56.252378] [ 56.252378] other info that might help us debug this: [ 56.259023] Possible interrupt unsafe locking scenario: [ 56.259023] [ 56.265937] CPU0 CPU1 [ 56.270602] ---- ---- [ 56.275259] lock(&fiq->waitq); [ 56.278608] local_irq_disable(); [ 56.284639] lock(&(&ctx->ctx_lock)->rlock); [ 56.291630] lock(&fiq->waitq); [ 56.297497] [ 56.300228] lock(&(&ctx->ctx_lock)->rlock); [ 56.304878] [ 56.304878] *** DEADLOCK *** [ 56.304878] [ 56.310994] 2 locks held by swapper/1/0: [ 56.315036] #0: 00000000d7bc5219 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 56.323784] #1: 0000000014bcc3cd (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 56.333925] [ 56.333925] the shortest dependencies between 2nd lock and 1st lock: [ 56.341931] -> (&fiq->waitq){+.+.} ops: 4 { [ 56.346351] HARDIRQ-ON-W at: [ 56.349700] lock_acquire+0x16f/0x3f0 [ 56.355302] _raw_spin_lock+0x2f/0x40 [ 56.360922] flush_bg_queue+0x1f3/0x3d0 [ 56.366703] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.374306] fuse_request_send_background+0x12b/0x180 [ 56.381416] cuse_channel_open+0x5ba/0x830 [ 56.387547] misc_open+0x395/0x4c0 [ 56.392893] chrdev_open+0x245/0x6b0 [ 56.398412] do_dentry_open+0x4c3/0x1210 [ 56.404275] vfs_open+0xa0/0xd0 [ 56.409357] path_openat+0x10d7/0x45e0 [ 56.415044] do_filp_open+0x1a1/0x280 [ 56.420690] do_sys_open+0x3fe/0x550 [ 56.426228] __x64_sys_openat+0x9d/0x100 [ 56.432093] do_syscall_64+0xfd/0x620 [ 56.437694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.444752] SOFTIRQ-ON-W at: [ 56.448104] lock_acquire+0x16f/0x3f0 [ 56.453710] _raw_spin_lock+0x2f/0x40 [ 56.459315] flush_bg_queue+0x1f3/0x3d0 [ 56.465095] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.472723] fuse_request_send_background+0x12b/0x180 [ 56.479732] cuse_channel_open+0x5ba/0x830 [ 56.485773] misc_open+0x395/0x4c0 [ 56.491131] chrdev_open+0x245/0x6b0 [ 56.496657] do_dentry_open+0x4c3/0x1210 [ 56.502527] vfs_open+0xa0/0xd0 [ 56.507609] path_openat+0x10d7/0x45e0 [ 56.513303] do_filp_open+0x1a1/0x280 [ 56.518906] do_sys_open+0x3fe/0x550 [ 56.524421] __x64_sys_openat+0x9d/0x100 [ 56.530283] do_syscall_64+0xfd/0x620 [ 56.535887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.542873] INITIAL USE at: [ 56.546191] lock_acquire+0x16f/0x3f0 [ 56.551713] _raw_spin_lock+0x2f/0x40 [ 56.557226] flush_bg_queue+0x1f3/0x3d0 [ 56.562922] fuse_request_send_background_locked+0x26d/0x4e0 [ 56.570485] fuse_request_send_background+0x12b/0x180 [ 56.577398] cuse_channel_open+0x5ba/0x830 [ 56.583353] misc_open+0x395/0x4c0 [ 56.588614] chrdev_open+0x245/0x6b0 [ 56.594048] do_dentry_open+0x4c3/0x1210 [ 56.599835] vfs_open+0xa0/0xd0 [ 56.604840] path_openat+0x10d7/0x45e0 [ 56.610441] do_filp_open+0x1a1/0x280 [ 56.616049] do_sys_open+0x3fe/0x550 [ 56.621483] __x64_sys_openat+0x9d/0x100 [ 56.627265] do_syscall_64+0xfd/0x620 [ 56.632785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.639690] } [ 56.641572] ... key at: [] __key.42212+0x0/0x40 [ 56.648389] ... acquired at: [ 56.651568] _raw_spin_lock+0x2f/0x40 [ 56.655530] io_submit_one+0xef2/0x2eb0 [ 56.659674] __x64_sys_io_submit+0x1aa/0x520 [ 56.664239] do_syscall_64+0xfd/0x620 [ 56.668226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.673558] [ 56.675159] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 56.680591] IN-SOFTIRQ-W at: [ 56.683862] lock_acquire+0x16f/0x3f0 [ 56.689287] _raw_spin_lock_irq+0x60/0x80 [ 56.695061] free_ioctx_users+0x2d/0x490 [ 56.700755] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.707842] rcu_process_callbacks+0xba0/0x1a30 [ 56.714144] __do_softirq+0x25c/0x921 [ 56.719573] irq_exit+0x180/0x1d0 [ 56.724660] smp_apic_timer_interrupt+0x13b/0x550 [ 56.731129] apic_timer_interrupt+0xf/0x20 [ 56.736994] native_safe_halt+0xe/0x10 [ 56.742520] arch_cpu_idle+0xa/0x10 [ 56.747788] default_idle_call+0x36/0x90 [ 56.753473] do_idle+0x377/0x560 [ 56.758463] cpu_startup_entry+0xc8/0xe0 [ 56.764152] start_secondary+0x3e8/0x5b0 [ 56.769840] secondary_startup_64+0xa4/0xb0 [ 56.775781] INITIAL USE at: [ 56.778952] lock_acquire+0x16f/0x3f0 [ 56.784293] _raw_spin_lock_irq+0x60/0x80 [ 56.789985] io_submit_one+0xead/0x2eb0 [ 56.795504] __x64_sys_io_submit+0x1aa/0x520 [ 56.801458] do_syscall_64+0xfd/0x620 [ 56.806802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.813526] } [ 56.815312] ... key at: [] __key.50212+0x0/0x40 [ 56.822060] ... acquired at: [ 56.825143] mark_lock+0x420/0x1370 [ 56.828926] __lock_acquire+0xc62/0x49c0 [ 56.833199] lock_acquire+0x16f/0x3f0 [ 56.837201] _raw_spin_lock_irq+0x60/0x80 [ 56.841509] free_ioctx_users+0x2d/0x490 [ 56.845736] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 56.851345] rcu_process_callbacks+0xba0/0x1a30 [ 56.856172] __do_softirq+0x25c/0x921 [ 56.860123] irq_exit+0x180/0x1d0 [ 56.863727] smp_apic_timer_interrupt+0x13b/0x550 [ 56.868720] apic_timer_interrupt+0xf/0x20 [ 56.873107] native_safe_halt+0xe/0x10 [ 56.877154] arch_cpu_idle+0xa/0x10 [ 56.880931] default_idle_call+0x36/0x90 [ 56.885143] do_idle+0x377/0x560 [ 56.888676] cpu_startup_entry+0xc8/0xe0 [ 56.892887] start_secondary+0x3e8/0x5b0 [ 56.897097] secondary_startup_64+0xa4/0xb0 [ 56.901567] [ 56.903166] [ 56.903166] stack backtrace: [ 56.907640] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.66 #40 [ 56.913852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.923181] Call Trace: [ 56.925738] [ 56.927870] dump_stack+0x172/0x1f0 [ 56.931477] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 56.936824] check_usage_forwards.cold+0x20/0x29 [ 56.941566] ? check_usage_backwards+0x340/0x340 [ 56.946305] ? save_stack_trace+0x1a/0x20 [ 56.950428] ? save_trace+0xe0/0x290 [ 56.954120] mark_lock+0x420/0x1370 [ 56.957759] ? check_usage_backwards+0x340/0x340 [ 56.962492] __lock_acquire+0xc62/0x49c0 [ 56.966530] ? mark_held_locks+0x100/0x100 [ 56.970743] ? mark_held_locks+0x100/0x100 [ 56.975011] ? __wake_up_common_lock+0xfe/0x190 [ 56.979664] ? mark_held_locks+0x100/0x100 [ 56.983889] ? __wake_up_common_lock+0xfe/0x190 [ 56.988539] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 56.993630] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 56.998203] ? trace_hardirqs_on+0x67/0x220 [ 57.002503] ? kasan_check_read+0x11/0x20 [ 57.006629] lock_acquire+0x16f/0x3f0 [ 57.010413] ? free_ioctx_users+0x2d/0x490 [ 57.014669] _raw_spin_lock_irq+0x60/0x80 [ 57.018810] ? free_ioctx_users+0x2d/0x490 [ 57.023041] free_ioctx_users+0x2d/0x490 [ 57.027084] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 57.032257] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 57.037694] ? percpu_ref_exit+0xd0/0xd0 [ 57.041743] rcu_process_callbacks+0xba0/0x1a30 [ 57.046443] ? __rcu_read_unlock+0x170/0x170 [ 57.050843] __do_softirq+0x25c/0x921 [ 57.054626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.060184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.065720] irq_exit+0x180/0x1d0 [ 57.069159] smp_apic_timer_interrupt+0x13b/0x550 [ 57.073981] apic_timer_interrupt+0xf/0x20 [ 57.078234] [ 57.080462] RIP: 0010:native_safe_halt+0xe/0x10 [ 57.085111] Code: ff ff 48 89 df e8 12 5a ae fa eb 82 e9 07 00 00 00 0f 00 2d 14 41 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 04 41 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 0e 3e 66 fa e8 89 [ 57.103991] RSP: 0018:ffff8880aa27fd00 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 57.111680] RAX: 1ffffffff10e489c RBX: ffff8880aa2703c0 RCX: 0000000000000000 [ 57.118934] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa270c3c [ 57.126185] RBP: ffff8880aa27fd30 R08: ffff8880aa2703c0 R09: 0000000000000000 [ 57.133436] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 57.140683] R13: ffffffff887244d0 R14: 0000000000000001 R15: 0000000000000000 [ 57.147945] ? default_idle+0x4e/0x320 [ 57.151820] arch_cpu_idle+0xa/0x10 [ 57.155436] default_idle_call+0x36/0x90 [ 57.159482] do_idle+0x377/0x560 [ 57.162828] ? arch_cpu_idle_exit+0x80/0x80 [ 57.167232] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 57.172323] ? complete+0x61/0x80 [ 57.175901] cpu_startup_entry+0xc8/0xe0 [ 57.179950] ? cpu_in_idle+0x20/0x20 [ 57.183651] ? setup_APIC_timer+0x1aa/0x200 [ 57.187952] start_secondary+0x3e8/0x5b0 [ 57.191995] ? set_cpu_sibling_map+0x1860/0x1860 [ 57.196732] secondary_startup_64+0xa4/0xb0