Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. executing program [ 51.370770] audit: type=1400 audit(1566660423.554:36): avc: denied { map } for pid=7708 comm="syz-executor545" path="/root/syz-executor545020244" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 51.403242] [ 51.404891] ======================================================== [ 51.411613] WARNING: possible irq lock inversion dependency detected [ 51.418147] 4.19.67 #41 Not tainted [ 51.421764] -------------------------------------------------------- [ 51.428243] swapper/0/0 just changed the state of lock: [ 51.433592] 000000004218839b (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 51.442535] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 51.449349] (&fiq->waitq){+.+.} [ 51.449358] [ 51.449358] [ 51.449358] and interrupts could create inverse lock ordering between them. [ 51.449358] [ 51.464381] [ 51.464381] other info that might help us debug this: [ 51.471046] Possible interrupt unsafe locking scenario: [ 51.471046] [ 51.477960] CPU0 CPU1 [ 51.482608] ---- ---- [ 51.487783] lock(&fiq->waitq); [ 51.491133] local_irq_disable(); [ 51.497180] lock(&(&ctx->ctx_lock)->rlock); [ 51.511857] lock(&fiq->waitq); [ 51.517732] [ 51.520473] lock(&(&ctx->ctx_lock)->rlock); [ 51.525121] [ 51.525121] *** DEADLOCK *** [ 51.525121] [ 51.531167] 2 locks held by swapper/0/0: [ 51.535381] #0: 00000000a36b83f3 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 51.544145] #1: 000000005a3da2ae (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 51.554370] [ 51.554370] the shortest dependencies between 2nd lock and 1st lock: [ 51.562336] -> (&fiq->waitq){+.+.} ops: 4 { [ 51.566845] HARDIRQ-ON-W at: [ 51.570211] lock_acquire+0x16f/0x3f0 [ 51.575819] _raw_spin_lock+0x2f/0x40 [ 51.581453] flush_bg_queue+0x1f3/0x3d0 [ 51.587252] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.594947] fuse_request_send_background+0x12b/0x180 [ 51.601940] cuse_channel_open+0x5ba/0x830 [ 51.607995] misc_open+0x395/0x4c0 [ 51.613341] chrdev_open+0x245/0x6b0 [ 51.618865] do_dentry_open+0x4c3/0x1210 [ 51.624766] vfs_open+0xa0/0xd0 [ 51.629885] path_openat+0x10d7/0x45e0 [ 51.635585] do_filp_open+0x1a1/0x280 [ 51.641189] do_sys_open+0x3fe/0x550 [ 51.646707] __x64_sys_openat+0x9d/0x100 [ 51.652581] do_syscall_64+0xfd/0x620 [ 51.658194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.665196] SOFTIRQ-ON-W at: [ 51.668553] lock_acquire+0x16f/0x3f0 [ 51.674156] _raw_spin_lock+0x2f/0x40 [ 51.679762] flush_bg_queue+0x1f3/0x3d0 [ 51.685543] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.693215] fuse_request_send_background+0x12b/0x180 [ 51.700227] cuse_channel_open+0x5ba/0x830 [ 51.706277] misc_open+0x395/0x4c0 [ 51.711627] chrdev_open+0x245/0x6b0 [ 51.717164] do_dentry_open+0x4c3/0x1210 [ 51.723038] vfs_open+0xa0/0xd0 [ 51.734566] path_openat+0x10d7/0x45e0 [ 51.740271] do_filp_open+0x1a1/0x280 [ 51.745895] do_sys_open+0x3fe/0x550 [ 51.751501] __x64_sys_openat+0x9d/0x100 [ 51.757383] do_syscall_64+0xfd/0x620 [ 51.762992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.769983] INITIAL USE at: [ 51.773249] lock_acquire+0x16f/0x3f0 [ 51.778762] _raw_spin_lock+0x2f/0x40 [ 51.784282] flush_bg_queue+0x1f3/0x3d0 [ 51.789983] fuse_request_send_background_locked+0x26d/0x4e0 [ 51.797504] fuse_request_send_background+0x12b/0x180 [ 51.804415] cuse_channel_open+0x5ba/0x830 [ 51.810375] misc_open+0x395/0x4c0 [ 51.815647] chrdev_open+0x245/0x6b0 [ 51.821077] do_dentry_open+0x4c3/0x1210 [ 51.826879] vfs_open+0xa0/0xd0 [ 51.831881] path_openat+0x10d7/0x45e0 [ 51.837484] do_filp_open+0x1a1/0x280 [ 51.843000] do_sys_open+0x3fe/0x550 [ 51.848431] __x64_sys_openat+0x9d/0x100 [ 51.854219] do_syscall_64+0xfd/0x620 [ 51.859745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.866646] } [ 51.868527] ... key at: [] __key.42212+0x0/0x40 [ 51.875339] ... acquired at: [ 51.878511] _raw_spin_lock+0x2f/0x40 [ 51.882471] io_submit_one+0xef2/0x2eb0 [ 51.886599] __x64_sys_io_submit+0x1aa/0x520 [ 51.891170] do_syscall_64+0xfd/0x620 [ 51.895126] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.900462] [ 51.902065] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 51.907530] IN-SOFTIRQ-W at: [ 51.910803] lock_acquire+0x16f/0x3f0 [ 51.916238] _raw_spin_lock_irq+0x60/0x80 [ 51.922016] free_ioctx_users+0x2d/0x490 [ 51.927820] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 51.941761] rcu_process_callbacks+0xba0/0x1a30 [ 51.948074] __do_softirq+0x25c/0x921 [ 51.953513] irq_exit+0x180/0x1d0 [ 51.958597] smp_apic_timer_interrupt+0x13b/0x550 [ 51.965072] apic_timer_interrupt+0xf/0x20 [ 51.970939] native_safe_halt+0xe/0x10 [ 51.976458] arch_cpu_idle+0xa/0x10 [ 51.981722] default_idle_call+0x36/0x90 [ 51.987427] do_idle+0x377/0x560 [ 51.992948] cpu_startup_entry+0xc8/0xe0 [ 51.998640] rest_init+0x219/0x222 [ 52.003813] start_kernel+0x88c/0x8c5 [ 52.009251] x86_64_start_reservations+0x29/0x2b [ 52.015662] x86_64_start_kernel+0x77/0x7b [ 52.021532] secondary_startup_64+0xa4/0xb0 [ 52.027481] INITIAL USE at: [ 52.030664] lock_acquire+0x16f/0x3f0 [ 52.036007] _raw_spin_lock_irq+0x60/0x80 [ 52.041700] io_submit_one+0xead/0x2eb0 [ 52.047221] __x64_sys_io_submit+0x1aa/0x520 [ 52.053174] do_syscall_64+0xfd/0x620 [ 52.058605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.067257] } [ 52.069057] ... key at: [] __key.50212+0x0/0x40 [ 52.075799] ... acquired at: [ 52.078895] mark_lock+0x420/0x1370 [ 52.082679] __lock_acquire+0xc62/0x49c0 [ 52.086996] lock_acquire+0x16f/0x3f0 [ 52.090962] _raw_spin_lock_irq+0x60/0x80 [ 52.095264] free_ioctx_users+0x2d/0x490 [ 52.099483] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.105110] rcu_process_callbacks+0xba0/0x1a30 [ 52.109941] __do_softirq+0x25c/0x921 [ 52.113899] irq_exit+0x180/0x1d0 [ 52.117504] smp_apic_timer_interrupt+0x13b/0x550 [ 52.122501] apic_timer_interrupt+0xf/0x20 [ 52.126888] native_safe_halt+0xe/0x10 [ 52.130952] arch_cpu_idle+0xa/0x10 [ 52.134745] default_idle_call+0x36/0x90 [ 52.138970] do_idle+0x377/0x560 [ 52.142491] cpu_startup_entry+0xc8/0xe0 [ 52.146708] rest_init+0x219/0x222 [ 52.150401] start_kernel+0x88c/0x8c5 [ 52.154360] x86_64_start_reservations+0x29/0x2b [ 52.159293] x86_64_start_kernel+0x77/0x7b [ 52.163711] secondary_startup_64+0xa4/0xb0 [ 52.168184] [ 52.169808] [ 52.169808] stack backtrace: [ 52.174295] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 52.180503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.189839] Call Trace: [ 52.192412] [ 52.194550] dump_stack+0x172/0x1f0 [ 52.198177] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 52.203524] check_usage_forwards.cold+0x20/0x29 [ 52.208260] ? check_usage_backwards+0x340/0x340 [ 52.213033] ? save_stack_trace+0x1a/0x20 [ 52.217164] ? save_trace+0xe0/0x290 [ 52.220870] mark_lock+0x420/0x1370 [ 52.224482] ? check_usage_backwards+0x340/0x340 [ 52.229302] __lock_acquire+0xc62/0x49c0 [ 52.233343] ? mark_held_locks+0x100/0x100 [ 52.237559] ? mark_held_locks+0x100/0x100 [ 52.241776] ? __wake_up_common_lock+0xfe/0x190 [ 52.246429] ? mark_held_locks+0x100/0x100 [ 52.250642] ? __wake_up_common_lock+0xfe/0x190 [ 52.255551] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 52.260646] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 52.265228] ? trace_hardirqs_on+0x67/0x220 [ 52.269536] ? kasan_check_read+0x11/0x20 [ 52.273691] lock_acquire+0x16f/0x3f0 [ 52.277475] ? free_ioctx_users+0x2d/0x490 [ 52.281713] _raw_spin_lock_irq+0x60/0x80 [ 52.285848] ? free_ioctx_users+0x2d/0x490 [ 52.290600] free_ioctx_users+0x2d/0x490 [ 52.294648] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 52.299824] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 52.305279] ? percpu_ref_exit+0xd0/0xd0 [ 52.309409] rcu_process_callbacks+0xba0/0x1a30 [ 52.314064] ? __rcu_read_unlock+0x170/0x170 [ 52.318463] __do_softirq+0x25c/0x921 [ 52.322263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.327786] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.333309] irq_exit+0x180/0x1d0 [ 52.336746] smp_apic_timer_interrupt+0x13b/0x550 [ 52.341570] apic_timer_interrupt+0xf/0x20 [ 52.345974] [ 52.348195] RIP: 0010:native_safe_halt+0xe/0x10 [ 52.352849] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 52.371845] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 52.379543] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 52.387319] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 52.394591] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 52.401853] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 52.409106] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 52.416661] ? default_idle+0x4e/0x320 [ 52.420553] arch_cpu_idle+0xa/0x10 [ 52.424168] default_idle_call+0x36/0x90 [ 52.428238] do_idle+0x377/0x560 [ 52.431585] ? retint_kernel+0x2d/0x2d [ 52.435456] ? arch_cpu_idle_exit+0x80/0x80 [ 52.439760] cpu_startup_entry+0xc8/0xe0 [ 52.443948] ? cpu_in_idle+0x20/0x20 [ 52.447926] rest_init+0x219/0x222 [ 52.451457] start_kernel+0x88c/0x8c5 [ 52.455241] ? mem_encrypt_init+0xb/0xb [ 52.459213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.464731] ? x86_family+0x41/0x50 [ 52.468402] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 52.473943] x86_6