BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33
in_atomic(): 1, irqs_disabled(): 0, pid: 22393, name: syz-executor.1
1 lock held by syz-executor.1/22393:
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291
Preemption disabled at:[ 2063.410665] [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline]
Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline]
Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline]
Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline]
Preemption disabled at:[ 2063.410665] [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291
CPU: 1 PID: 22393 Comm: syz-executor.1 Not tainted 4.9.194+ #0
ffff8801db7075e0 ffffffff81b67001 0000000000000000 0000000000000101
ffff8801ab0daf80 ffffffff814a3e2e ffff8801ab0daf80 ffff8801db707618
ffffffff81401cd3 ffff8801ab0daf80 ffffffff82ad9d20 0000000000000021
Call Trace:
<IRQ> [ 2063.452591] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 2063.452591] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<00000000896aee97>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004
[<000000000f62cb45>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961
[<0000000089cbc6b7>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:33 [inline]
[<0000000089cbc6b7>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
[<0000000089cbc6b7>] ext4_writepages+0x170/0x2de0 fs/ext4/inode.c:2658
[<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
[<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
[<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline]
[<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573
[<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
[<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116
[<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline]
[<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784
[<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline]
[<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629
[<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline]
[<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466
<EOI> [ 2063.873513] [<00000000d39254ff>] ? __read_once_size include/linux/compiler.h:264 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? compound_head include/linux/page-flags.h:145 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? PageAnon include/linux/page-flags.h:397 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? zap_pte_range mm/memory.c:1146 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? zap_pmd_range mm/memory.c:1249 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? zap_pud_range mm/memory.c:1270 [inline]
<EOI> [ 2063.873513] [<00000000d39254ff>] ? unmap_page_range+0xaf3/0x1690 mm/memory.c:1291
[<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336
[<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366
[<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024
[<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline]
[<000000006dfd9f92>] mmput kernel/fork.c:908 [inline]
[<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903
[<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline]
[<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829
[<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946
[<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395
[<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
[<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
[<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
[<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
[<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
[<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
=========================================================
[ INFO: possible irq lock inversion dependency detected ]
4.9.194+ #0 Tainted: G W
---------------------------------------------------------
syz-executor.1/22393 just changed the state of lock:
(&sbi->s_journal_flag_rwsem){.+.?.+}, at: [<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
(&ei->i_data_sem){++++..}
and interrupts could create inverse lock ordering between them.
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ei->i_data_sem);
local_irq_disable();
lock(&sbi->s_journal_flag_rwsem);
lock(&ei->i_data_sem);
<Interrupt>
lock(&sbi->s_journal_flag_rwsem);
*** DEADLOCK ***
1 lock held by syz-executor.1/22393:
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline]
#0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291
the shortest dependencies between 2nd lock and 1st lock:
-> (&ei->i_data_sem){++++..} ops: 8370799 {
HARDIRQ-ON-W at:
mark_irqflags kernel/locking/lockdep.c:2937 [inline]
__lock_acquire+0xfa9/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
HARDIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2929 [inline]
__lock_acquire+0x502/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
__ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424
ext4_lookup_entry fs/ext4/namei.c:1529 [inline]
ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597
lookup_slow+0x24b/0x480 fs/namei.c:1793
walk_component+0x71e/0xce0 fs/namei.c:1909
lookup_last fs/namei.c:2391 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408
filename_lookup+0x1a1/0x3b0 fs/namei.c:2442
user_path_at_empty+0x43/0x50 fs/namei.c:2703
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045
kernel_init+0x12/0x163 init/main.c:953
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
SOFTIRQ-ON-W at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SOFTIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
__ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424
ext4_lookup_entry fs/ext4/namei.c:1529 [inline]
ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597
lookup_slow+0x24b/0x480 fs/namei.c:1793
walk_component+0x71e/0xce0 fs/namei.c:1909
lookup_last fs/namei.c:2391 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408
filename_lookup+0x1a1/0x3b0 fs/namei.c:2442
user_path_at_empty+0x43/0x50 fs/namei.c:2703
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045
kernel_init+0x12/0x163 init/main.c:953
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
INITIAL USE at:
__lock_acquire+0x5e0/0x4390 kernel/locking/lockdep.c:3306
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_read+0x44/0xb0 kernel/locking/rwsem.c:22
ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533
ext4_getblk+0x307/0x490 fs/ext4/inode.c:943
__ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424
ext4_lookup_entry fs/ext4/namei.c:1529 [inline]
ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597
lookup_slow+0x24b/0x480 fs/namei.c:1793
walk_component+0x71e/0xce0 fs/namei.c:1909
lookup_last fs/namei.c:2391 [inline]
path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408
filename_lookup+0x1a1/0x3b0 fs/namei.c:2442
user_path_at_empty+0x43/0x50 fs/namei.c:2703
user_path include/linux/namei.h:60 [inline]
do_mount+0x124/0x2970 fs/namespace.c:2816
SYSC_mount fs/namespace.c:3087 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3064
devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357
prepare_namespace+0x1ef/0x21d init/do_mounts.c:603
kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045
kernel_init+0x12/0x163 init/main.c:953
ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375
}
... key at: [<000000005c44b0a1>] __key.74919+0x0/0x40
... acquired at:
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
down_write+0x41/0xa0 kernel/locking/rwsem.c:52
ext4_map_blocks+0x754/0x16d0 fs/ext4/inode.c:605
mpage_map_one_extent fs/ext4/inode.c:2386 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2442 [inline]
ext4_writepages+0x1597/0x2de0 fs/ext4/inode.c:2783
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
__filemap_fdatawrite mm/filemap.c:400 [inline]
filemap_flush+0x24/0x30 mm/filemap.c:425
ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157
ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
-> (&sbi->s_journal_flag_rwsem){.+.?.+} ops: 53826 {
HARDIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2929 [inline]
__lock_acquire+0x502/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
IN-SOFTIRQ-R at:
mark_irqflags kernel/locking/lockdep.c:2923 [inline]
__lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
filemap_write_and_wait_range mm/filemap.c:580 [inline]
filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573
__generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116
vfs_fsync_range+0x111/0x260 fs/sync.c:195
generic_write_sync include/linux/fs.h:2613 [inline]
dio_complete+0x376/0x6e0 fs/direct-io.c:282
dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
bio_endio+0x1ad/0x200 block/bio.c:1784
req_bio_endio block/blk-core.c:157 [inline]
blk_update_request+0x24e/0x9d0 block/blk-core.c:2629
scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
__do_softirq+0x22d/0x964 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x119/0x160 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:669 [inline]
do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
ret_from_intr+0x0/0x20
unmap_single_vma+0x124/0x180 mm/memory.c:1336
unmap_vmas+0x48/0xa0 mm/memory.c:1366
exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024
__mmput kernel/fork.c:886 [inline]
mmput kernel/fork.c:908 [inline]
mmput+0xd5/0x370 kernel/fork.c:903
exit_mm kernel/exit.c:514 [inline]
do_exit+0x6ce/0x2aa0 kernel/exit.c:829
do_group_exit+0x111/0x300 kernel/exit.c:946
get_signal+0x377/0x1cb0 kernel/signal.c:2395
do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
SOFTIRQ-ON-R at:
mark_irqflags kernel/locking/lockdep.c:2941 [inline]
__lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
RECLAIM_FS-ON-R at:
mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660
__lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline]
lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897
slab_pre_alloc_hook mm/slab.h:392 [inline]
slab_alloc_node mm/slub.c:2641 [inline]
slab_alloc mm/slub.c:2723 [inline]
kmem_cache_alloc+0x2d/0x2b0 mm/slub.c:2728
kmem_cache_zalloc include/linux/slab.h:626 [inline]
ext4_init_io_end+0x27/0x100 fs/ext4/page-io.c:252
ext4_writepages+0xd06/0x2de0 fs/ext4/inode.c:2750
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
__filemap_fdatawrite mm/filemap.c:400 [inline]
filemap_flush+0x24/0x30 mm/filemap.c:425
ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157
ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42
__fput+0x274/0x720 fs/file_table.c:208
____fput+0x16/0x20 fs/file_table.c:244
task_work_run+0x108/0x180 kernel/task_work.c:116
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
INITIAL USE at:
__lock_acquire+0x5e0/0x4390 kernel/locking/lockdep.c:3306
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123
SYSC_fadvise64 mm/fadvise.c:182 [inline]
SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180
do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
}
... key at: [<00000000447f8cb9>] rwsem_key.75616+0x0/0x40
... acquired at:
check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493
mark_lock_irq kernel/locking/lockdep.c:2610 [inline]
mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065
mark_irqflags kernel/locking/lockdep.c:2923 [inline]
__lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302
lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
__filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
filemap_write_and_wait_range mm/filemap.c:580 [inline]
filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573
__generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116
vfs_fsync_range+0x111/0x260 fs/sync.c:195
generic_write_sync include/linux/fs.h:2613 [inline]
dio_complete+0x376/0x6e0 fs/direct-io.c:282
dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
bio_endio+0x1ad/0x200 block/bio.c:1784
req_bio_endio block/blk-core.c:157 [inline]
blk_update_request+0x24e/0x9d0 block/blk-core.c:2629
scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
__do_softirq+0x22d/0x964 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x119/0x160 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:669 [inline]
do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
ret_from_intr+0x0/0x20
unmap_single_vma+0x124/0x180 mm/memory.c:1336
unmap_vmas+0x48/0xa0 mm/memory.c:1366
exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024
__mmput kernel/fork.c:886 [inline]
mmput kernel/fork.c:908 [inline]
mmput+0xd5/0x370 kernel/fork.c:903
exit_mm kernel/exit.c:514 [inline]
do_exit+0x6ce/0x2aa0 kernel/exit.c:829
do_group_exit+0x111/0x300 kernel/exit.c:946
get_signal+0x377/0x1cb0 kernel/signal.c:2395
do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_swapgs+0x5d/0xdb
stack backtrace:
CPU: 1 PID: 22393 Comm: syz-executor.1 Tainted: G W 4.9.194+ #0
ffff8801db707290 ffffffff81b67001 0000000000000001 ffffffff8401e400
ffff8801db707340 ffff8801ab0daf80 ffffffff83cb8d30 ffff8801db7072e0
ffffffff8140741a 0000000100000000 ffffffff00000000 ffffffff8401e410
Call Trace:
<IRQ> [ 2065.470736] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 2065.470736] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<0000000072b51779>] print_irq_inversion_bug kernel/locking/lockdep.c:2468 [inline]
[<0000000072b51779>] print_irq_inversion_bug.cold+0x31a/0x35d kernel/locking/lockdep.c:2413
[<00000000d7129d60>] check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493
[<00000000a9870650>] mark_lock_irq kernel/locking/lockdep.c:2610 [inline]
[<00000000a9870650>] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065
[<0000000022d745ef>] mark_irqflags kernel/locking/lockdep.c:2923 [inline]
[<0000000022d745ef>] __lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302
[<00000000696f97d7>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756
[<00000000e67a5b5f>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
[<00000000e67a5b5f>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
[<00000000e67a5b5f>] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658
[<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
[<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
[<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline]
[<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573
[<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
[<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116
[<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline]
[<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784
[<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline]
[<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629
[<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline]
[<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466
<EOI> [ 2065.977829] [<00000000d39254ff>] ? __read_once_size include/linux/compiler.h:264 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? compound_head include/linux/page-flags.h:145 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? PageAnon include/linux/page-flags.h:397 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? zap_pte_range mm/memory.c:1146 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? zap_pmd_range mm/memory.c:1249 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? zap_pud_range mm/memory.c:1270 [inline]
<EOI> [ 2065.977829] [<00000000d39254ff>] ? unmap_page_range+0xaf3/0x1690 mm/memory.c:1291
[<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336
[<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366
[<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024
[<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline]
[<000000006dfd9f92>] mmput kernel/fork.c:908 [inline]
[<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903
[<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline]
[<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829
[<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946
[<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395
[<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
[<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
[<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
[<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
[<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
[<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
BUG: sleeping function called from invalid context at mm/page-writeback.c:2117
in_atomic(): 1, irqs_disabled(): 0, pid: 22393, name: syz-executor.1
INFO: lockdep is turned off.
Preemption disabled at:[ 2066.241179] [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline]
Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline]
Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline]
Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline]
Preemption disabled at:[ 2066.241179] [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291
CPU: 1 PID: 22393 Comm: syz-executor.1 Tainted: G W 4.9.194+ #0
ffff8801db707580 ffffffff81b67001 0000000000000000 0000000000000101
ffff8801ab0daf80 ffffffff814a3e2e ffff8801ab0daf80 ffff8801db7075b8
ffffffff81401cd3 0000000000000000 ffff88018ec964c0 0000000000000200
Call Trace:
<IRQ> [ 2066.284288] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline]
<IRQ> [ 2066.284288] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<00000000896aee97>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004
[<000000003b0d194a>] tag_pages_for_writeback+0xa0/0x190 mm/page-writeback.c:2117
[<00000000d81d0954>] ext4_writepages+0xcb5/0x2de0 fs/ext4/inode.c:2745
[<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338
[<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392
[<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline]
[<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573
[<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974
[<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116
[<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline]
[<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
[<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
[<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784
[<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline]
[<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629
[<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
[<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
[<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
[<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
[<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
[<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
[<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline]
[<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409
[<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
[<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466
<EOI>
[<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336
[<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366
[<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024
[<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline]
[<000000006dfd9f92>] mmput kernel/fork.c:908 [inline]
[<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903
[<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline]
[<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829
[<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946
[<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395
[<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812
[<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159
[<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
[<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
[<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293
[<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
BUG: scheduling while atomic: syz-executor.1/22393/0x00000102
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:
[<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline]
[<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline]
[<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline]
[<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline]
[<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291