Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. executing program [ 48.598067] audit: type=1400 audit(1566553696.183:36): avc: denied { map } for pid=7447 comm="syz-executor042" path="/root/syz-executor042913174" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.637795] [ 48.639448] ======================================================== [ 48.645919] WARNING: possible irq lock inversion dependency detected [ 48.652399] 4.19.67 #41 Not tainted [ 48.656000] -------------------------------------------------------- [ 48.662468] swapper/0/0 just changed the state of lock: [ 48.667803] 000000009d45c570 (&(&ctx->ctx_lock)->rlock){..-.}, at: free_ioctx_users+0x2d/0x490 [ 48.676552] but this lock took another, SOFTIRQ-unsafe lock in the past: [ 48.683363] (&fiq->waitq){+.+.} [ 48.683371] [ 48.683371] [ 48.683371] and interrupts could create inverse lock ordering between them. [ 48.683371] [ 48.698345] [ 48.698345] other info that might help us debug this: [ 48.704985] Possible interrupt unsafe locking scenario: [ 48.704985] [ 48.711901] CPU0 CPU1 [ 48.716542] ---- ---- [ 48.721180] lock(&fiq->waitq); [ 48.724532] local_irq_disable(); [ 48.730561] lock(&(&ctx->ctx_lock)->rlock); [ 48.737551] lock(&fiq->waitq); [ 48.743409] [ 48.746140] lock(&(&ctx->ctx_lock)->rlock); [ 48.750782] [ 48.750782] *** DEADLOCK *** [ 48.750782] [ 48.756831] 2 locks held by swapper/0/0: [ 48.760865] #0: 000000008a707298 (rcu_callback){....}, at: rcu_process_callbacks+0xc79/0x1a30 [ 48.769614] #1: 000000005ab14c8c (rcu_read_lock_sched){....}, at: percpu_ref_switch_to_atomic_rcu+0x1ca/0x540 [ 48.779778] [ 48.779778] the shortest dependencies between 2nd lock and 1st lock: [ 48.787737] -> (&fiq->waitq){+.+.} ops: 4 { [ 48.792126] HARDIRQ-ON-W at: [ 48.795473] lock_acquire+0x16f/0x3f0 [ 48.801074] _raw_spin_lock+0x2f/0x40 [ 48.806675] flush_bg_queue+0x1f3/0x3d0 [ 48.812449] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.820047] fuse_request_send_background+0x12b/0x180 [ 48.827038] cuse_channel_open+0x5ba/0x830 [ 48.833079] misc_open+0x395/0x4c0 [ 48.838419] chrdev_open+0x245/0x6b0 [ 48.843937] do_dentry_open+0x4c3/0x1210 [ 48.849795] vfs_open+0xa0/0xd0 [ 48.854877] path_openat+0x10d7/0x45e0 [ 48.860564] do_filp_open+0x1a1/0x280 [ 48.866163] do_sys_open+0x3fe/0x550 [ 48.871676] __x64_sys_openat+0x9d/0x100 [ 48.877537] do_syscall_64+0xfd/0x620 [ 48.883228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.890230] SOFTIRQ-ON-W at: [ 48.893578] lock_acquire+0x16f/0x3f0 [ 48.899194] _raw_spin_lock+0x2f/0x40 [ 48.904798] flush_bg_queue+0x1f3/0x3d0 [ 48.910576] fuse_request_send_background_locked+0x26d/0x4e0 [ 48.918176] fuse_request_send_background+0x12b/0x180 [ 48.925166] cuse_channel_open+0x5ba/0x830 [ 48.931201] misc_open+0x395/0x4c0 [ 48.936541] chrdev_open+0x245/0x6b0 [ 48.942055] do_dentry_open+0x4c3/0x1210 [ 48.947916] vfs_open+0xa0/0xd0 [ 48.952995] path_openat+0x10d7/0x45e0 [ 48.958685] do_filp_open+0x1a1/0x280 [ 48.964283] do_sys_open+0x3fe/0x550 [ 48.969797] __x64_sys_openat+0x9d/0x100 [ 48.975659] do_syscall_64+0xfd/0x620 [ 48.981261] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 48.988259] INITIAL USE at: [ 48.991532] lock_acquire+0x16f/0x3f0 [ 48.997060] _raw_spin_lock+0x2f/0x40 [ 49.002576] flush_bg_queue+0x1f3/0x3d0 [ 49.008279] fuse_request_send_background_locked+0x26d/0x4e0 [ 49.015790] fuse_request_send_background+0x12b/0x180 [ 49.022696] cuse_channel_open+0x5ba/0x830 [ 49.028647] misc_open+0x395/0x4c0 [ 49.033900] chrdev_open+0x245/0x6b0 [ 49.039328] do_dentry_open+0x4c3/0x1210 [ 49.045213] vfs_open+0xa0/0xd0 [ 49.050213] path_openat+0x10d7/0x45e0 [ 49.055814] do_filp_open+0x1a1/0x280 [ 49.061352] do_sys_open+0x3fe/0x550 [ 49.066777] __x64_sys_openat+0x9d/0x100 [ 49.072551] do_syscall_64+0xfd/0x620 [ 49.078064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.084975] } [ 49.086850] ... key at: [] __key.42212+0x0/0x40 [ 49.093661] ... acquired at: [ 49.096831] _raw_spin_lock+0x2f/0x40 [ 49.100786] io_submit_one+0xef2/0x2eb0 [ 49.104911] __x64_sys_io_submit+0x1aa/0x520 [ 49.109470] do_syscall_64+0xfd/0x620 [ 49.113421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.118771] [ 49.120374] -> (&(&ctx->ctx_lock)->rlock){..-.} ops: 2 { [ 49.125808] IN-SOFTIRQ-W at: [ 49.129082] lock_acquire+0x16f/0x3f0 [ 49.134510] _raw_spin_lock_irq+0x60/0x80 [ 49.140294] free_ioctx_users+0x2d/0x490 [ 49.145989] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.153064] rcu_process_callbacks+0xba0/0x1a30 [ 49.159359] __do_softirq+0x25c/0x921 [ 49.164787] irq_exit+0x180/0x1d0 [ 49.169868] smp_apic_timer_interrupt+0x13b/0x550 [ 49.176336] apic_timer_interrupt+0xf/0x20 [ 49.182203] native_safe_halt+0xe/0x10 [ 49.187718] arch_cpu_idle+0xa/0x10 [ 49.192971] default_idle_call+0x36/0x90 [ 49.198658] do_idle+0x377/0x560 [ 49.203648] cpu_startup_entry+0xc8/0xe0 [ 49.209349] rest_init+0x219/0x222 [ 49.214533] start_kernel+0x88c/0x8c5 [ 49.219963] x86_64_start_reservations+0x29/0x2b [ 49.226345] x86_64_start_kernel+0x77/0x7b [ 49.232223] secondary_startup_64+0xa4/0xb0 [ 49.238167] INITIAL USE at: [ 49.241338] lock_acquire+0x16f/0x3f0 [ 49.246686] _raw_spin_lock_irq+0x60/0x80 [ 49.252374] io_submit_one+0xead/0x2eb0 [ 49.257903] __x64_sys_io_submit+0x1aa/0x520 [ 49.263858] do_syscall_64+0xfd/0x620 [ 49.269211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.275935] } [ 49.277721] ... key at: [] __key.50212+0x0/0x40 [ 49.284458] ... acquired at: [ 49.287540] mark_lock+0x420/0x1370 [ 49.291335] __lock_acquire+0xc62/0x49c0 [ 49.295546] lock_acquire+0x16f/0x3f0 [ 49.299500] _raw_spin_lock_irq+0x60/0x80 [ 49.303797] free_ioctx_users+0x2d/0x490 [ 49.308026] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.313629] rcu_process_callbacks+0xba0/0x1a30 [ 49.318450] __do_softirq+0x25c/0x921 [ 49.322415] irq_exit+0x180/0x1d0 [ 49.326019] smp_apic_timer_interrupt+0x13b/0x550 [ 49.331013] apic_timer_interrupt+0xf/0x20 [ 49.335397] native_safe_halt+0xe/0x10 [ 49.339434] arch_cpu_idle+0xa/0x10 [ 49.343209] default_idle_call+0x36/0x90 [ 49.347429] do_idle+0x377/0x560 [ 49.350947] cpu_startup_entry+0xc8/0xe0 [ 49.355157] rest_init+0x219/0x222 [ 49.358850] start_kernel+0x88c/0x8c5 [ 49.362803] x86_64_start_reservations+0x29/0x2b [ 49.367711] x86_64_start_kernel+0x77/0x7b [ 49.372102] secondary_startup_64+0xa4/0xb0 [ 49.376569] [ 49.378170] [ 49.378170] stack backtrace: [ 49.382649] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67 #41 [ 49.388855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.398185] Call Trace: [ 49.400742] [ 49.402891] dump_stack+0x172/0x1f0 [ 49.406516] print_irq_inversion_bug.part.0+0x2c0/0x2cd [ 49.411861] check_usage_forwards.cold+0x20/0x29 [ 49.416599] ? check_usage_backwards+0x340/0x340 [ 49.421339] ? save_stack_trace+0x1a/0x20 [ 49.425476] ? save_trace+0xe0/0x290 [ 49.429166] mark_lock+0x420/0x1370 [ 49.432792] ? check_usage_backwards+0x340/0x340 [ 49.437529] __lock_acquire+0xc62/0x49c0 [ 49.441567] ? mark_held_locks+0x100/0x100 [ 49.445785] ? mark_held_locks+0x100/0x100 [ 49.450011] ? __wake_up_common_lock+0xfe/0x190 [ 49.454669] ? mark_held_locks+0x100/0x100 [ 49.458895] ? __wake_up_common_lock+0xfe/0x190 [ 49.463544] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 49.468636] ? lockdep_hardirqs_on+0x19b/0x5d0 [ 49.473210] ? trace_hardirqs_on+0x67/0x220 [ 49.477510] ? kasan_check_read+0x11/0x20 [ 49.481646] lock_acquire+0x16f/0x3f0 [ 49.485427] ? free_ioctx_users+0x2d/0x490 [ 49.489639] _raw_spin_lock_irq+0x60/0x80 [ 49.493762] ? free_ioctx_users+0x2d/0x490 [ 49.497981] free_ioctx_users+0x2d/0x490 [ 49.502021] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 49.507191] percpu_ref_switch_to_atomic_rcu+0x407/0x540 [ 49.512635] ? percpu_ref_exit+0xd0/0xd0 [ 49.516704] rcu_process_callbacks+0xba0/0x1a30 [ 49.521359] ? __rcu_read_unlock+0x170/0x170 [ 49.525750] __do_softirq+0x25c/0x921 [ 49.529534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.535048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.540581] irq_exit+0x180/0x1d0 [ 49.544014] smp_apic_timer_interrupt+0x13b/0x550 [ 49.548834] apic_timer_interrupt+0xf/0x20 [ 49.553040] [ 49.555278] RIP: 0010:native_safe_halt+0xe/0x10 [ 49.559940] Code: ff ff 48 89 df e8 c2 47 ae fa eb 82 e9 07 00 00 00 0f 00 2d 84 2e 54 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 2e 54 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 2b 66 fa e8 99 [ 49.578830] RSP: 0018:ffffffff88607ca8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 49.587211] RAX: 1ffffffff10e489c RBX: ffffffff88679ec0 RCX: 0000000000000000 [ 49.594467] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff8867a73c [ 49.601721] RBP: ffffffff88607cd8 R08: ffffffff88679ec0 R09: 0000000000000000 [ 49.608971] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 49.616219] R13: ffffffff887244d0 R14: 0000000000000000 R15: 0000000000000000 [ 49.623502] ? default_idle+0x4e/0x320 [ 49.627385] arch_cpu_idle+0xa/0x10 [ 49.630991] default_idle_call+0x36/0x90 [ 49.635048] do_idle+0x377/0x560 [ 49.638405] ? arch_cpu_idle_exit+0x80/0x80 [ 49.642708] ? check_preemption_disabled+0x48/0x290 [ 49.647705] cpu_startup_entry+0xc8/0xe0 [ 49.65174