audit: type=1400 audit(1546651278.950:5): avc: denied { associate } for pid=2052 comm="syz-executor853" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33
in_atomic(): 1, irqs_disabled(): 0, pid: 2120, name: syz-executor853
3 locks held by syz-executor853/2120:
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff815773cf>] sb_start_write include/linux/fs.h:1575 [inline]
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff815773cf>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391
#1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81504b30>] inode_lock include/linux/fs.h:768 [inline]
#1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81504b30>] do_truncate2+0x130/0x210 fs/open.c:61
#2: (&ei->i_mmap_sem){++++.+}, at: [<ffffffff816e9191>] ext4_setattr+0x1321/0x21b0 fs/ext4/inode.c:5296
Preemption disabled at:[ 43.412351] [<ffffffff814118bb>] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330
CPU: 1 PID: 2120 Comm: syz-executor853 Not tainted 4.9.148+ #3
ffff8801db7075e0 ffffffff81b456e1 0000000000000000 0000000000000101
ffff8801cc07df00 ffffffff814118bb ffff8801cc07df00 ffff8801db707618
ffffffff813f9ff8 ffff8801cc07df00 ffffffff82ad7ca0 0000000000000021
Call Trace:
<IRQ> [ 43.454338] [<ffffffff81b456e1>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 43.454338] [<ffffffff81b456e1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813f9ff8>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7988
[<ffffffff81166d85>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945
[<ffffffff816d8970>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:33 [inline]
[<ffffffff816d8970>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
[<ffffffff816d8970>] ext4_writepages+0x170/0x2d20 fs/ext4/inode.c:2659
[<ffffffff814344ac>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
[<ffffffff814121bd>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
[<ffffffff8141249c>] filemap_write_and_wait_range mm/filemap.c:578 [inline]
[<ffffffff8141249c>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571
[<ffffffff8158d55b>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
[<ffffffff816b93cf>] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116
[<ffffffff815b37f1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<ffffffff815cf916>] generic_write_sync include/linux/fs.h:2609 [inline]
[<ffffffff815cf916>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<ffffffff815cfda4>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<ffffffff81ab8b5d>] bio_endio+0x1ad/0x200 block/bio.c:1781
[<ffffffff81ad907e>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81ad907e>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
[<ffffffff81e1d5ac>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<ffffffff81e265a5>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<ffffffff81e0916d>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<ffffffff81e24ad9>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<ffffffff81af710e>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<ffffffff8281877d>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<ffffffff810eeae9>] invoke_softirq kernel/softirq.c:368 [inline]
[<ffffffff810eeae9>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<ffffffff828156a1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<ffffffff828156a1>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<ffffffff82813c9d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461
<EOI> [ 43.871166] [<ffffffff82812a9f>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> [ 43.871166] [<ffffffff82812a9f>] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline]
<EOI> [ 43.871166] [<ffffffff82812a9f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191
[<ffffffff814118d3>] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
[<ffffffff814118d3>] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332
[<ffffffff81440db2>] truncate_complete_page mm/truncate.c:128 [inline]
[<ffffffff81440db2>] truncate_inode_page+0x172/0x260 mm/truncate.c:167
[<ffffffff81441593>] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376
[<ffffffff81442089>] truncate_inode_pages mm/truncate.c:401 [inline]
[<ffffffff81442089>] truncate_pagecache+0x69/0x90 mm/truncate.c:710
[<ffffffff816e91ba>] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301
[<ffffffff8156a12b>] notify_change2+0xaab/0xd90 fs/attr.c:313
[<ffffffff81504b48>] do_truncate2+0x148/0x210 fs/open.c:63
[<ffffffff8153e9be>] handle_truncate fs/namei.c:3031 [inline]
[<ffffffff8153e9be>] do_last fs/namei.c:3466 [inline]
[<ffffffff8153e9be>] path_openat+0x12ae/0x2f60 fs/namei.c:3581
[<ffffffff81543451>] do_filp_open+0x1a1/0x280 fs/namei.c:3615
[<ffffffff81507970>] do_sys_open+0x2f0/0x610 fs/open.c:1072
[<ffffffff81507d37>] SYSC_open fs/open.c:1090 [inline]
[<ffffffff81507d37>] SyS_open fs/open.c:1085 [inline]
[<ffffffff81507d37>] SYSC_creat fs/open.c:1110 [inline]
[<ffffffff81507d37>] SyS_creat+0x27/0x30 fs/open.c:1108
[<ffffffff810056bd>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<ffffffff82813393>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
=========================================================
[ INFO: possible irq lock inversion dependency detected ]
4.9.148+ #3 Tainted: G W
---------------------------------------------------------
syz-executor853/2120 just changed the state of lock:
(&sbi->s_journal_flag_rwsem){.+.?.+}, at: [<ffffffff814344ac>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
(&ei->i_data_sem){++++..}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ei->i_data_sem);
local_irq_disable();
lock(&sbi->s_journal_flag_rwsem);
lock(&ei->i_data_sem);
<Interrupt>
lock(&sbi->s_journal_flag_rwsem);
*** DEADLOCK ***
3 locks held by syz-executor853/2120:
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff815773cf>] sb_start_write include/linux/fs.h:1575 [inline]
#0: (sb_writers#4){.+.+.+}, at: [<ffffffff815773cf>] mnt_want_write+0x3f/0xb0 fs/namespace.c:391
#1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81504b30>] inode_lock include/linux/fs.h:768 [inline]
#1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [<ffffffff81504b30>] do_truncate2+0x130/0x210 fs/open.c:61
#2: (&ei->i_mmap_sem){++++.+}, at: [<ffffffff816e9191>] ext4_setattr+0x1321/0x21b0 fs/ext4/inode.c:5296
the shortest dependencies between 2nd lock and 1st lock:
-> (&ei->i_data_sem){++++..} ops: 87465 {
HARDIRQ-ON-W at:
mark_irqflags kernel/locking/lockdep.c:2937 [inline]
__lock_acquire+0xf92/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
HARDIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2929 [inline]
__lock_acquire+0x507/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420
ext4_lookup fs/ext4/namei.c:1559 [inline]
ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545
lookup_slow+0x24b/0x480 fs/namei.c:1709
walk_component+0x71e/0xce0 fs/namei.c:1825
lookup_last fs/namei.c:2307 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324
filename_lookup+0x1a1/0x3b0 fs/namei.c:2358
user_path_at_empty+0x43/0x50 fs/namei.c:2619
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036
kernel_init+0x12/0x163 init/main.c:946
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
SOFTIRQ-ON-W at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SOFTIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420
ext4_lookup fs/ext4/namei.c:1559 [inline]
ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545
lookup_slow+0x24b/0x480 fs/namei.c:1709
walk_component+0x71e/0xce0 fs/namei.c:1825
lookup_last fs/namei.c:2307 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324
filename_lookup+0x1a1/0x3b0 fs/namei.c:2358
user_path_at_empty+0x43/0x50 fs/namei.c:2619
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036
kernel_init+0x12/0x163 init/main.c:946
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
INITIAL USE at:
__lock_acquire+0x5e5/0x4350 kernel/locking/lockdep.c:3306
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420
ext4_lookup fs/ext4/namei.c:1559 [inline]
ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545
lookup_slow+0x24b/0x480 fs/namei.c:1709
walk_component+0x71e/0xce0 fs/namei.c:1825
lookup_last fs/namei.c:2307 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324
filename_lookup+0x1a1/0x3b0 fs/namei.c:2358
user_path_at_empty+0x43/0x50 fs/namei.c:2619
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036
kernel_init+0x12/0x163 init/main.c:946
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
}
... key at: [<ffffffff84237380>] __key.74417+0x0/0x40
... acquired at:
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_map_blocks+0x77a/0x1710 fs/ext4/inode.c:605
mpage_map_one_extent fs/ext4/inode.c:2387 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2443 [inline]
ext4_writepages+0x155e/0x2d20 fs/ext4/inode.c:2783
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
__filemap_fdatawrite mm/filemap.c:398 [inline]
filemap_flush+0x24/0x30 mm/filemap.c:423
ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157
ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
-> (&sbi->s_journal_flag_rwsem){.+.?.+} ops: 315 {
HARDIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2929 [inline]
__lock_acquire+0x507/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
IN-SOFTIRQ-R at:
mark_irqflags kernel/locking/lockdep.c:2923 [inline]
__lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
filemap_write_and_wait_range mm/filemap.c:578 [inline]
filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571
__generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116
vfs_fsync_range+0x111/0x260 fs/sync.c:195
generic_write_sync include/linux/fs.h:2609 [inline]
dio_complete+0x376/0x6e0 fs/direct-io.c:282
dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
bio_endio+0x1ad/0x200 block/bio.c:1781
req_bio_endio block/blk-core.c:157 [inline]
blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
__do_softirq+0x22d/0x964 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x119/0x160 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:669 [inline]
do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
ret_from_intr+0x0/0x20
spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
delete_from_page_cache+0xf3/0x230 mm/filemap.c:332
truncate_complete_page mm/truncate.c:128 [inline]
truncate_inode_page+0x172/0x260 mm/truncate.c:167
truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376
truncate_inode_pages mm/truncate.c:401 [inline]
truncate_pagecache+0x69/0x90 mm/truncate.c:710
ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301
notify_change2+0xaab/0xd90 fs/attr.c:313
do_truncate2+0x148/0x210 fs/open.c:63
handle_truncate fs/namei.c:3031 [inline]
do_last fs/namei.c:3466 [inline]
path_openat+0x12ae/0x2f60 fs/namei.c:3581
do_filp_open+0x1a1/0x280 fs/namei.c:3615
do_sys_open+0x2f0/0x610 fs/open.c:1072
SYSC_open fs/open.c:1090 [inline]
SyS_open fs/open.c:1085 [inline]
SYSC_creat fs/open.c:1110 [inline]
SyS_creat+0x27/0x30 fs/open.c:1108
do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SOFTIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
RECLAIM_FS-ON-R at:
mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660
__lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline]
lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897
slab_pre_alloc_hook mm/slab.h:392 [inline]
slab_alloc_node mm/slub.c:2641 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0x2d/0x2b0 mm/slub.c:2728
kmem_cache_zalloc include/linux/slab.h:626 [inline]
ext4_init_io_end+0x27/0x100 fs/ext4/page-io.c:252
ext4_writepages+0xce9/0x2d20 fs/ext4/inode.c:2750
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
__filemap_fdatawrite mm/filemap.c:398 [inline]
filemap_flush+0x24/0x30 mm/filemap.c:423
ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157
ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
INITIAL USE at:
__lock_acquire+0x5e5/0x4350 kernel/locking/lockdep.c:3306
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
}
... key at: [<ffffffff84237680>] rwsem_key.75110+0x0/0x40
... acquired at:
check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493
mark_lock_irq kernel/locking/lockdep.c:2610 [inline]
mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065
mark_irqflags kernel/locking/lockdep.c:2923 [inline]
__lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
filemap_write_and_wait_range mm/filemap.c:578 [inline]
filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571
__generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116
vfs_fsync_range+0x111/0x260 fs/sync.c:195
generic_write_sync include/linux/fs.h:2609 [inline]
dio_complete+0x376/0x6e0 fs/direct-io.c:282
dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
bio_endio+0x1ad/0x200 block/bio.c:1781
req_bio_endio block/blk-core.c:157 [inline]
blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
__do_softirq+0x22d/0x964 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x119/0x160 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:669 [inline]
do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
ret_from_intr+0x0/0x20
spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
delete_from_page_cache+0xf3/0x230 mm/filemap.c:332
truncate_complete_page mm/truncate.c:128 [inline]
truncate_inode_page+0x172/0x260 mm/truncate.c:167
truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376
truncate_inode_pages mm/truncate.c:401 [inline]
truncate_pagecache+0x69/0x90 mm/truncate.c:710
ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301
notify_change2+0xaab/0xd90 fs/attr.c:313
do_truncate2+0x148/0x210 fs/open.c:63
handle_truncate fs/namei.c:3031 [inline]
do_last fs/namei.c:3466 [inline]
path_openat+0x12ae/0x2f60 fs/namei.c:3581
do_filp_open+0x1a1/0x280 fs/namei.c:3615
do_sys_open+0x2f0/0x610 fs/open.c:1072
SYSC_open fs/open.c:1090 [inline]
SyS_open fs/open.c:1085 [inline]
SYSC_creat fs/open.c:1110 [inline]
SyS_creat+0x27/0x30 fs/open.c:1108
do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
stack backtrace:
CPU: 1 PID: 2120 Comm: syz-executor853 Tainted: G W 4.9.148+ #3
ffff8801db707290 ffffffff81b456e1 0000000000000001 ffffffff84018600
ffff8801db707340 ffff8801cc07df00 ffffffff83cb3520 ffff8801db7072e0
ffffffff813ff73f 0000000100000000 ffff880100000000 ffffffff84018610
Call Trace:
<IRQ> [ 45.442448] [<ffffffff81b456e1>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 45.442448] [<ffffffff81b456e1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813ff73f>] print_irq_inversion_bug kernel/locking/lockdep.c:2468 [inline]
[<ffffffff813ff73f>] print_irq_inversion_bug.cold+0x31a/0x35d kernel/locking/lockdep.c:2413
[<ffffffff81205014>] check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493
[<ffffffff81205f2d>] mark_lock_irq kernel/locking/lockdep.c:2610 [inline]
[<ffffffff81205f2d>] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065
[<ffffffff812083fb>] mark_irqflags kernel/locking/lockdep.c:2923 [inline]
[<ffffffff812083fb>] __lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302
[<ffffffff8120c2a3>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
[<ffffffff816d89a1>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
[<ffffffff816d89a1>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
[<ffffffff816d89a1>] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659
[<ffffffff814344ac>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
[<ffffffff814121bd>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
[<ffffffff8141249c>] filemap_write_and_wait_range mm/filemap.c:578 [inline]
[<ffffffff8141249c>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571
[<ffffffff8158d55b>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
[<ffffffff816b93cf>] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116
[<ffffffff815b37f1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<ffffffff815cf916>] generic_write_sync include/linux/fs.h:2609 [inline]
[<ffffffff815cf916>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<ffffffff815cfda4>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<ffffffff81ab8b5d>] bio_endio+0x1ad/0x200 block/bio.c:1781
[<ffffffff81ad907e>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81ad907e>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
[<ffffffff81e1d5ac>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<ffffffff81e265a5>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<ffffffff81e0916d>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<ffffffff81e24ad9>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<ffffffff81af710e>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<ffffffff8281877d>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<ffffffff810eeae9>] invoke_softirq kernel/softirq.c:368 [inline]
[<ffffffff810eeae9>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<ffffffff828156a1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<ffffffff828156a1>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<ffffffff82813c9d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461
<EOI> [ 45.938793] [<ffffffff82812a9f>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> [ 45.938793] [<ffffffff82812a9f>] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline]
<EOI> [ 45.938793] [<ffffffff82812a9f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191
[<ffffffff814118d3>] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
[<ffffffff814118d3>] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332
[<ffffffff81440db2>] truncate_complete_page mm/truncate.c:128 [inline]
[<ffffffff81440db2>] truncate_inode_page+0x172/0x260 mm/truncate.c:167
[<ffffffff81441593>] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376
[<ffffffff81442089>] truncate_inode_pages mm/truncate.c:401 [inline]
[<ffffffff81442089>] truncate_pagecache+0x69/0x90 mm/truncate.c:710
[<ffffffff816e91ba>] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301
[<ffffffff8156a12b>] notify_change2+0xaab/0xd90 fs/attr.c:313
[<ffffffff81504b48>] do_truncate2+0x148/0x210 fs/open.c:63
[<ffffffff8153e9be>] handle_truncate fs/namei.c:3031 [inline]
[<ffffffff8153e9be>] do_last fs/namei.c:3466 [inline]
[<ffffffff8153e9be>] path_openat+0x12ae/0x2f60 fs/namei.c:3581
[<ffffffff81543451>] do_filp_open+0x1a1/0x280 fs/namei.c:3615
[<ffffffff81507970>] do_sys_open+0x2f0/0x610 fs/open.c:1072
[<ffffffff81507d37>] SYSC_open fs/open.c:1090 [inline]
[<ffffffff81507d37>] SyS_open fs/open.c:1085 [inline]
[<ffffffff81507d37>] SYSC_creat fs/open.c:1110 [inline]
[<ffffffff81507d37>] SyS_creat+0x27/0x30 fs/open.c:1108
[<ffffffff810056bd>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<ffffffff82813393>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:51
in_atomic(): 1, irqs_disabled(): 0, pid: 2120, name: syz-executor853
INFO: lockdep is turned off.
Preemption disabled at:[ 46.140551] [<ffffffff814118bb>] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330
CPU: 1 PID: 2120 Comm: syz-executor853 Tainted: G W 4.9.148+ #3
ffff8801db707a00 ffffffff81b456e1 0000000000000000 0000000000000101
ffff8801cc07df00 ffffffff814118bb ffff8801cc07df00 ffff8801db707a38
ffffffff813f9ff8 ffff8801cc07df00 ffffffff82a50dc0 0000000000000033
Call Trace:
<IRQ> [ 46.183748] [<ffffffff81b456e1>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 46.183748] [<ffffffff81b456e1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813f9ff8>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7988
[<ffffffff81166d85>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945
[<ffffffff8280d201>] down_write+0x21/0xa0 kernel/locking/rwsem.c:51
[<ffffffff8158d58d>] inode_lock include/linux/fs.h:768 [inline]
[<ffffffff8158d58d>] __generic_file_fsync+0xcd/0x1c0 fs/libfs.c:978
[<ffffffff816b93cf>] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116
[<ffffffff815b37f1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<ffffffff815cf916>] generic_write_sync include/linux/fs.h:2609 [inline]
[<ffffffff815cf916>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<ffffffff815cfda4>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<ffffffff81ab8b5d>] bio_endio+0x1ad/0x200 block/bio.c:1781
[<ffffffff81ad907e>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81ad907e>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
[<ffffffff81e1d5ac>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<ffffffff81e265a5>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<ffffffff81e0916d>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<ffffffff81e24ad9>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<ffffffff81af710e>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<ffffffff8281877d>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<ffffffff810eeae9>] invoke_softirq kernel/softirq.c:368 [inline]
[<ffffffff810eeae9>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<ffffffff828156a1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<ffffffff828156a1>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<ffffffff82813c9d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461
<EOI> [ 46.385005] [<ffffffff82812a9f>] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> [ 46.385005] [<ffffffff82812a9f>] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline]
<EOI> [ 46.385005] [<ffffffff82812a9f>] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191
[<ffffffff814118d3>] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
[<ffffffff814118d3>] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332
[<ffffffff81440db2>] truncate_complete_page mm/truncate.c:128 [inline]
[<ffffffff81440db2>] truncate_inode_page+0x172/0x260 mm/truncate.c:167
[<ffffffff81441593>] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376
[<ffffffff81442089>] truncate_inode_pages mm/truncate.c:401 [inline]
[<ffffffff81442089>] truncate_pagecache+0x69/0x90 mm/truncate.c:710
[<ffffffff816e91ba>] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301
[<ffffffff8156a12b>] notify_change2+0xaab/0xd90 fs/attr.c:313
[<ffffffff81504b48>] do_truncate2+0x148/0x210 fs/open.c:63
[<ffffffff8153e9be>] handle_truncate fs/namei.c:3031 [inline]
[<ffffffff8153e9be>] do_last fs/namei.c:3466 [inline]
[<ffffffff8153e9be>] path_openat+0x12ae/0x2f60 fs/namei.c:3581
[<ffffffff81543451>] do_filp_open+0x1a1/0x280 fs/namei.c:3615
[<ffffffff81507970>] do_sys_open+0x2f0/0x610 fs/open.c:1072
[<ffffffff81507d37>] SYSC_open fs/open.c:1090 [inline]
[<ffffffff81507d37>] SyS_open fs/open.c:1085 [inline]
[<ffffffff81507d37>] SYSC_creat fs/open.c:1110 [inline]
[<ffffffff81507d37>] SyS_creat+0x27/0x30 fs/open.c:1108
[<ffffffff810056bd>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<ffffffff82813393>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
BUG: scheduling while atomic: syz-executor853/2120/0x00000102
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:[ 46.580922] [<ffffffff814118bb>] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330