Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. executing program [ 47.974828] audit: type=1400 audit(1566854279.150:36): avc: denied { map } for pid=7539 comm="syz-executor751" path="/root/syz-executor751301888" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.014836] [ 48.016490] ======================================================== [ 48.022958] WARNING: possible irq lock inversion dependency detected [ 48.029432] 4.19.68 #42 Not tainted [ 48.033049] -------------------------------------------------------- [ 48.039518] swapper/0/0 just changed the state of lock: [ 48.044870] 00000000ec682ae3 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.053632] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.060446] (&fiq->waitq){+.+.} [ 48.060454] [ 48.060454] [ 48.060454] and interrupts could create inverse lock ordering between them. [ 48.060454] [ 48.075311] [ 48.075311] other info that might help us debug this: [ 48.081974] Possible interrupt unsafe locking scenario: [ 48.081974] [ 48.089002] CPU0 CPU1 [ 48.093642] ---- ---- [ 48.098284] lock(&fiq->waitq); [ 48.101630] local_irq_disable(); [ 48.107679] lock(&(&ctx->ctx_lock)->rlock); [ 48.114668] lock(&fiq->waitq); [ 48.120532] [ 48.123262] lock(&(&ctx->ctx_lock)->rlock); [ 48.127907] [ 48.127907] *** DEADLOCK *** [ 48.127907] [ 48.133947] 2 locks held by swapper/0/0: [ 48.137984] #0: 00000000af4557e1 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.146739] #1: 00000000b87c53bc (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.156932] [ 48.156932] the shortest dependencies between 2nd lock and 1st lock: [ 48.164884] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.169278] HARDIRQ-ON-W at: [ 48.172631] lock_acquire+0x16f/0x3f0 [ 48.178234] _raw_spin_lock+0x2f/0x40 [ 48.183836] flush_bg_queue+0x1f3/0x3d0 [ 48.189615] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.197228] fuse_request_send_background+0x12b/0x180 [ 48.204220] cuse_channel_open+0x5ba/0x830 [ 48.210255] misc_open+0x395/0x4c0 [ 48.215598] chrdev_open+0x245/0x6b0 [ 48.221116] do_dentry_open+0x4c3/0x1210 [ 48.226983] vfs_open+0xa0/0xd0 [ 48.232064] path_openat+0x10d7/0x45e0 [ 48.237751] do_filp_open+0x1a1/0x280 [ 48.243353] do_sys_open+0x3fe/0x550 [ 48.248885] __x64_sys_openat+0x9d/0x100 [ 48.254751] do_syscall_64+0xfd/0x620 [ 48.260354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.267341] SOFTIRQ-ON-W at: [ 48.270687] lock_acquire+0x16f/0x3f0 [ 48.276290] _raw_spin_lock+0x2f/0x40 [ 48.281893] flush_bg_queue+0x1f3/0x3d0 [ 48.287681] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.295279] fuse_request_send_background+0x12b/0x180 [ 48.302283] cuse_channel_open+0x5ba/0x830 [ 48.308323] misc_open+0x395/0x4c0 [ 48.313665] chrdev_open+0x245/0x6b0 [ 48.319185] do_dentry_open+0x4c3/0x1210 [ 48.325049] vfs_open+0xa0/0xd0 [ 48.330145] path_openat+0x10d7/0x45e0 [ 48.335834] do_filp_open+0x1a1/0x280 [ 48.341438] do_sys_open+0x3fe/0x550 [ 48.346974] __x64_sys_openat+0x9d/0x100 [ 48.352863] do_syscall_64+0xfd/0x620 [ 48.358467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.365457] INITIAL USE at: [ 48.368733] lock_acquire+0x16f/0x3f0 [ 48.374247] _raw_spin_lock+0x2f/0x40 [ 48.379776] flush_bg_queue+0x1f3/0x3d0 [ 48.385466] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.392979] fuse_request_send_background+0x12b/0x180 [ 48.399884] cuse_channel_open+0x5ba/0x830 [ 48.405840] misc_open+0x395/0x4c0 [ 48.411111] chrdev_open+0x245/0x6b0 [ 48.416551] do_dentry_open+0x4c3/0x1210 [ 48.422340] vfs_open+0xa0/0xd0 [ 48.427334] path_openat+0x10d7/0x45e0 [ 48.432938] do_filp_open+0x1a1/0x280 [ 48.438456] do_sys_open+0x3fe/0x550 [ 48.443882] __x64_sys_openat+0x9d/0x100 [ 48.449659] do_syscall_64+0xfd/0x620 [ 48.455175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.462074] } [ 48.463965] ... key at: [] __key.42211+0x0/0x40 [ 48.470778] ... acquired at: [ 48.473955] _raw_spin_lock+0x2f/0x40 [ 48.477909] io_submit_one+0xef2/0x2eb0 [ 48.482033] __x64_sys_io_submit+0x1aa/0x520 [ 48.486595] do_syscall_64+0xfd/0x620 [ 48.490547] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.495883] [ 48.497489] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 48.502924] IN-SOFTIRQ-W at: [ 48.506198] lock_acquire+0x16f/0x3f0 [ 48.511640] _raw_spin_lock_irq+0x60/0x80 [ 48.517439] free_ioctx_users+0x2d/0x490 [ 48.523147] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.530232] rcu_process_callbacks+0xba0/0x1a30 [ 48.536531] __do_softirq+0x25c/0x921 [ 48.541961] irq_exit+0x180/0x1d0 [ 48.547059] smp_apic_timer_interrupt+0x13b/0x550 [ 48.553529] apic_timer_interrupt+0xf/0x20 [ 48.559389] native_safe_halt+0xe/0x10 [ 48.564906] arch_cpu_idle+0xa/0x10 [ 48.570161] default_idle_call+0x36/0x90 [ 48.575867] do_idle+0x377/0x560 [ 48.580860] cpu_startup_entry+0xc8/0xe0 [ 48.586569] rest_init+0x219/0x222 [ 48.591740] start_kernel+0x88c/0x8c5 [ 48.597169] x86_64_start_reservations+0x29/0x2b [ 48.603551] x86_64_start_kernel+0x77/0x7b [ 48.609415] secondary_startup_64+0xa4/0xb0 [ 48.615361] INITIAL USE at: [ 48.618551] lock_acquire+0x16f/0x3f0 [ 48.623895] _raw_spin_lock_irq+0x60/0x80 [ 48.629587] io_submit_one+0xead/0x2eb0 [ 48.635103] __x64_sys_io_submit+0x1aa/0x520 [ 48.641051] do_syscall_64+0xfd/0x620 [ 48.646402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.653129] } [ 48.654943] ... key at: [] __key.50211+0x0/0x40 [ 48.661671] ... acquired at: [ 48.664754] mark_lock+0x420/0x1370 [ 48.668531] __lock_acquire+0xc62/0x49c0 [ 48.672758] lock_acquire+0x16f/0x3f0 [ 48.676727] _raw_spin_lock_irq+0x60/0x80 [ 48.681030] free_ioctx_users+0x2d/0x490 [ 48.685354] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.690973] rcu_process_callbacks+0xba0/0x1a30 [ 48.695794] __do_softirq+0x25c/0x921 [ 48.699763] irq_exit+0x180/0x1d0 [ 48.703369] smp_apic_timer_interrupt+0x13b/0x550 [ 48.708363] apic_timer_interrupt+0xf/0x20 [ 48.712748] native_safe_halt+0xe/0x10 [ 48.716805] arch_cpu_idle+0xa/0x10 [ 48.720585] default_idle_call+0x36/0x90 [ 48.724796] do_idle+0x377/0x560 [ 48.728313] cpu_startup_entry+0xc8/0xe0 [ 48.732540] rest_init+0x219/0x222 [ 48.736233] start_kernel+0x88c/0x8c5 [ 48.740199] x86_64_start_reservations+0x29/0x2b [ 48.745117] x86_64_start_kernel+0x77/0x7b [ 48.749503] secondary_startup_64+0xa4/0xb0 [ 48.753983] [ 48.755588] [ 48.755588] stack backtrace: [ 48.760078] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.68 #42 [ 48.766285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.775617] Call Trace: [ 48.778177] [ 48.780309] dump_stack+0x172/0x1f0 [ 48.783920] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 48.789273] check_usage_forwards.cold+0x20/0x29 [ 48.794011] ? check_usage_backwards+0x340/0x340 [ 48.798749] ? save_stack_trace+0x1a/0x20 [ 48.802895] ? save_trace+0xe0/0x290 [ 48.806602] mark_lock+0x420/0x1370 [ 48.810209] ? check_usage_backwards+0x340/0x340 [ 48.814947] __lock_acquire+0xc62/0x49c0 [ 48.818988] ? mark_held_locks+0x100/0x100 [ 48.823218] ? mark_held_locks+0x100/0x100 [ 48.827436] ? __wake_up_common_lock+0xfe/0x190 [ 48.832085] ? mark_held_locks+0x100/0x100 [ 48.836299] ? __wake_up_common_lock+0xfe/0x190 [ 48.840959] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 48.846057] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 48.850634] ? trace_hardirqs_on+0x67/0x220 [ 48.854939] ? kasan_check_read+0x11/0x20 [ 48.859066] lock_acquire+0x16f/0x3f0 [ 48.862848] ? free_ioctx_users+0x2d/0x490 [ 48.867080] _raw_spin_lock_irq+0x60/0x80 [ 48.871205] ? free_ioctx_users+0x2d/0x490 [ 48.875420] free_ioctx_users+0x2d/0x490 [ 48.879461] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 48.884636] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 48.890069] ? percpu_ref_exit+0xd0/0xd0 [ 48.894123] rcu_process_callbacks+0xba0/0x1a30 [ 48.898787] ? __rcu_read_unlock+0x170/0x170 [ 48.903192] __do_softirq+0x25c/0x921 [ 48.906986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.912515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 48.918054] irq_exit+0x180/0x1d0 [ 48.921489] smp_apic_timer_interrupt+0x13b/0x550 [ 48.926312] apic_timer_interrupt+0xf/0x20 [ 48.930522] [ 48.932739] RIP: 0010:native_safe_halt+0xe/0x10 [ 48.937392] Code: ff ff 48 89 df e8 42 63 ae fa eb 82 e9 07 00 00 00 0f 00 2d d4 53 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 53 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 8e 45 66 fa e8 29 [ 48.956288] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13 [ 48.963975] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 48.974572] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 48.981827] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 48.989085] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 48.996333] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 49.003609] ? default_idle+0x4e/0x320 [ 49.007479] arch_cpu_idle+0xa/0x10 [ 49.011690] default_idle_call+0x36/0x90 [ 49.015731] do_idle+0x377/0x560 [ 49.019077] ? arch_cpu_idle_exit+0x80/0x80 [ 49.023378] ? check_preemption_disabled+0x48/0x290 [ 49.028377]