BUG: sleeping function called from invalid context in __generic_file

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-49	BUG: sleeping function called from invalid context in __generic_file_fsync				1	1626d	1626d	0/3	auto-closed as invalid on 2020/03/10 13:07
hid-generic 0000:0004:FFFFFFFD.0002: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on sy
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620
in_atomic(): 1, irqs_disabled(): 0, pid: 3197, name: syz-executor.4
1 lock held by syz-executor.4/3197:
 #0:  (sb_writers#6){.+.+.+}, at: [<ffffffff8149a6b6>] file_start_write include/linux/fs.h:2543 [inline]
 #0:  (sb_writers#6){.+.+.+}, at: [<ffffffff8149a6b6>] do_sendfile+0x8a6/0xba0 fs/read_write.c:1228
Preemption disabled at:[<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63

CPU: 1 PID: 3197 Comm: syz-executor.4 Not tainted 4.4.174+ #17
 0000000000000000 ac77befc5d002042 ffff8801db707870 ffffffff81aad1a1
 ffff8800bac897c0 0000000000000101 ffff8800bac897c0 0000000000000101
 ffff8800bac897c0 ffff8801db7078a8 ffffffff813a6f33 ffff8800bac897c0
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813a6f33>] ___might_sleep.cold+0x1c6/0x1dc kernel/sched/core.c:7988
 [<ffffffff81159d30>] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7948
 [<ffffffff8270c15d>] mutex_lock_nested+0x8d/0xb80 kernel/locking/mutex.c:620
 [<ffffffff815135af>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
 [<ffffffff81513718>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635822>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff8271971d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff8115d36b>] ? preempt_count_add+0x3b/0x1d0 kernel/sched/core.c:3069
 [<ffffffff812aef73>] is_module_text_address+0x13/0x50 kernel/module.c:4107
 [<ffffffff8112f548>] __kernel_text_address+0x68/0xa0 kernel/extable.c:103
 [<ffffffff81013549>] print_context_stack+0x59/0xd0 arch/x86/kernel/dumpstack.c:107
 [<ffffffff81012bb9>] dump_trace+0x179/0x390 arch/x86/kernel/dumpstack_64.c:243
 [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63
 [<ffffffff81484820>] save_stack mm/kasan/kasan.c:512 [inline]
 [<ffffffff81484820>] set_track mm/kasan/kasan.c:524 [inline]
 [<ffffffff81484820>] kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:589
 [<ffffffff81481c44>] slab_free_hook mm/slub.c:1383 [inline]
 [<ffffffff81481c44>] slab_free_freelist_hook mm/slub.c:1405 [inline]
 [<ffffffff81481c44>] slab_free mm/slub.c:2859 [inline]
 [<ffffffff81481c44>] kfree+0xf4/0x310 mm/slub.c:3749
 [<ffffffff8153464a>] iter_file_splice_write+0x4da/0xb30 fs/splice.c:1053
 [<ffffffff81530c16>] do_splice_from fs/splice.c:1128 [inline]
 [<ffffffff81530c16>] direct_splice_actor+0x126/0x1a0 fs/splice.c:1294
 [<ffffffff8153252e>] splice_direct_to_actor+0x2ce/0x850 fs/splice.c:1247
 [<ffffffff81532c55>] do_splice_direct+0x1a5/0x260 fs/splice.c:1337
 [<ffffffff8149a2fd>] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229
 [<ffffffff8149c474>] C_SYSC_sendfile fs/read_write.c:1311 [inline]
 [<ffffffff8149c474>] compat_SyS_sendfile+0x144/0x160 fs/read_write.c:1294
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a

=================================
[ INFO: inconsistent lock state ]
4.4.174+ #17 Not tainted
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.4/3197 [HC0[0]:SC1[1]:HE1:SE0] takes:
 (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [<ffffffff815135af>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
{SOFTIRQ-ON-W} state was registered at:
  [<ffffffff81200423>] mark_irqflags kernel/locking/lockdep.c:2817 [inline]
  [<ffffffff81200423>] __lock_acquire+0xe73/0x4f50 kernel/locking/lockdep.c:3169
  [<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
  [<ffffffff8270c191>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
  [<ffffffff8270c191>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
  [<ffffffff814ab41f>] bprm_fill_uid fs/exec.c:1357 [inline]
  [<ffffffff814ab41f>] prepare_binprm+0x2bf/0x770 fs/exec.c:1391
  [<ffffffff814ad996>] do_execveat_common.isra.0+0xd86/0x1e90 fs/exec.c:1620
  [<ffffffff814af422>] do_execve fs/exec.c:1683 [inline]
  [<ffffffff814af422>] SYSC_execve fs/exec.c:1764 [inline]
  [<ffffffff814af422>] SyS_execve+0x42/0x50 fs/exec.c:1759
  [<ffffffff82718ef5>] return_from_execve+0x0/0x23
irq event stamp: 11488
hardirqs last  enabled at (11488): [<ffffffff827197a6>] restore_regs_and_iret+0x0/0x1d
hardirqs last disabled at (11487): [<ffffffff8271a598>] apic_timer_interrupt+0x98/0xb0 arch/x86/entry/entry_64.S:768
softirqs last  enabled at (11202): [<ffffffff8271bdca>] __do_softirq+0x4da/0xa3f kernel/softirq.c:299
softirqs last disabled at (11425): [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
softirqs last disabled at (11425): [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_mutex_key#9);
  <Interrupt>
    lock(&sb->s_type->i_mutex_key#9);

 *** DEADLOCK ***

1 lock held by syz-executor.4/3197:
 #0:  (sb_writers#6){.+.+.+}, at: [<ffffffff8149a6b6>] file_start_write include/linux/fs.h:2543 [inline]
 #0:  (sb_writers#6){.+.+.+}, at: [<ffffffff8149a6b6>] do_sendfile+0x8a6/0xba0 fs/read_write.c:1228

stack backtrace:
CPU: 1 PID: 3197 Comm: syz-executor.4 Not tainted 4.4.174+ #17
 0000000000000000 ac77befc5d002042 ffff8801db707610 ffffffff81aad1a1
 0000000000000090 ffff8800bac897c0 ffffffff83abf2c0 ffffffff84057a80
 ffff8800bac8a0d0 ffff8801db707688 ffffffff813ad456 0000000000000001
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813ad456>] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267
 [<ffffffff811fe1bd>] valid_state kernel/locking/lockdep.c:2280 [inline]
 [<ffffffff811fe1bd>] mark_lock_irq kernel/locking/lockdep.c:2478 [inline]
 [<ffffffff811fe1bd>] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933
 [<ffffffff81200a0e>] mark_irqflags kernel/locking/lockdep.c:2799 [inline]
 [<ffffffff81200a0e>] __lock_acquire+0x145e/0x4f50 kernel/locking/lockdep.c:3169
 [<ffffffff81205f6e>] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592
 [<ffffffff8270c191>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff8270c191>] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621
 [<ffffffff815135af>] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944
 [<ffffffff81513718>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635822>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff8271971d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff8115d36b>] ? preempt_count_add+0x3b/0x1d0 kernel/sched/core.c:3069
 [<ffffffff812aef73>] is_module_text_address+0x13/0x50 kernel/module.c:4107
 [<ffffffff8112f548>] __kernel_text_address+0x68/0xa0 kernel/extable.c:103
 [<ffffffff81013549>] print_context_stack+0x59/0xd0 arch/x86/kernel/dumpstack.c:107
 [<ffffffff81012bb9>] dump_trace+0x179/0x390 arch/x86/kernel/dumpstack_64.c:243
 [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63
 [<ffffffff81484820>] save_stack mm/kasan/kasan.c:512 [inline]
 [<ffffffff81484820>] set_track mm/kasan/kasan.c:524 [inline]
 [<ffffffff81484820>] kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:589
 [<ffffffff81481c44>] slab_free_hook mm/slub.c:1383 [inline]
 [<ffffffff81481c44>] slab_free_freelist_hook mm/slub.c:1405 [inline]
 [<ffffffff81481c44>] slab_free mm/slub.c:2859 [inline]
 [<ffffffff81481c44>] kfree+0xf4/0x310 mm/slub.c:3749
 [<ffffffff8153464a>] iter_file_splice_write+0x4da/0xb30 fs/splice.c:1053
 [<ffffffff81530c16>] do_splice_from fs/splice.c:1128 [inline]
 [<ffffffff81530c16>] direct_splice_actor+0x126/0x1a0 fs/splice.c:1294
 [<ffffffff8153252e>] splice_direct_to_actor+0x2ce/0x850 fs/splice.c:1247
 [<ffffffff81532c55>] do_splice_direct+0x1a5/0x260 fs/splice.c:1337
 [<ffffffff8149a2fd>] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229
 [<ffffffff8149c474>] C_SYSC_sendfile fs/read_write.c:1311 [inline]
 [<ffffffff8149c474>] compat_SyS_sendfile+0x144/0x160 fs/read_write.c:1294
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
BUG: sleeping function called from invalid context at fs/buffer.c:1395
in_atomic(): 1, irqs_disabled(): 0, pid: 3197, name: syz-executor.4
INFO: lockdep is turned off.
Preemption disabled at:[<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63

CPU: 1 PID: 3197 Comm: syz-executor.4 Not tainted 4.4.174+ #17
 0000000000000000 ac77befc5d002042 ffff8801db7076a8 ffffffff81aad1a1
 ffff8800bac897c0 0000000000000101 ffff8800bac897c0 0000000000000101
 ffff8800bac897c0 ffff8801db7076e0 ffffffff813a6f33 ffff8800bac897c0
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813a6f33>] ___might_sleep.cold+0x1c6/0x1dc kernel/sched/core.c:7988
 [<ffffffff81159d30>] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7948
 [<ffffffff815435a1>] __getblk_gfp+0x41/0x80 fs/buffer.c:1395
 [<ffffffff81644432>] sb_getblk include/linux/buffer_head.h:313 [inline]
 [<ffffffff81644432>] __ext4_get_inode_loc+0x332/0xfb0 fs/ext4/inode.c:4054
 [<ffffffff8165261d>] ext4_write_inode+0x21d/0x3d0 fs/ext4/inode.c:4808
 [<ffffffff81526d0a>] write_inode fs/fs-writeback.c:1145 [inline]
 [<ffffffff81526d0a>] __writeback_single_inode+0x51a/0x1380 fs/fs-writeback.c:1343
 [<ffffffff8152a8e6>] writeback_single_inode+0x256/0x450 fs/fs-writeback.c:1397
 [<ffffffff8152abd3>] sync_inode fs/fs-writeback.c:2391 [inline]
 [<ffffffff8152abd3>] sync_inode_metadata+0xc3/0x100 fs/fs-writeback.c:2411
 [<ffffffff8151362e>] __generic_file_fsync+0x14e/0x1c0 fs/libfs.c:951
 [<ffffffff81513718>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635822>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff8271971d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff8115d36b>] ? preempt_count_add+0x3b/0x1d0 kernel/sched/core.c:3069
 [<ffffffff812aef73>] is_module_text_address+0x13/0x50 kernel/module.c:4107
 [<ffffffff8112f548>] __kernel_text_address+0x68/0xa0 kernel/extable.c:103
 [<ffffffff81013549>] print_context_stack+0x59/0xd0 arch/x86/kernel/dumpstack.c:107
 [<ffffffff81012bb9>] dump_trace+0x179/0x390 arch/x86/kernel/dumpstack_64.c:243
 [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63
 [<ffffffff81484820>] save_stack mm/kasan/kasan.c:512 [inline]
 [<ffffffff81484820>] set_track mm/kasan/kasan.c:524 [inline]
 [<ffffffff81484820>] kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:589
 [<ffffffff81481c44>] slab_free_hook mm/slub.c:1383 [inline]
 [<ffffffff81481c44>] slab_free_freelist_hook mm/slub.c:1405 [inline]
 [<ffffffff81481c44>] slab_free mm/slub.c:2859 [inline]
 [<ffffffff81481c44>] kfree+0xf4/0x310 mm/slub.c:3749
 [<ffffffff8153464a>] iter_file_splice_write+0x4da/0xb30 fs/splice.c:1053
 [<ffffffff81530c16>] do_splice_from fs/splice.c:1128 [inline]
 [<ffffffff81530c16>] direct_splice_actor+0x126/0x1a0 fs/splice.c:1294
 [<ffffffff8153252e>] splice_direct_to_actor+0x2ce/0x850 fs/splice.c:1247
 [<ffffffff81532c55>] do_splice_direct+0x1a5/0x260 fs/splice.c:1337
 [<ffffffff8149a2fd>] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229
 [<ffffffff8149c474>] C_SYSC_sendfile fs/read_write.c:1311 [inline]
 [<ffffffff8149c474>] compat_SyS_sendfile+0x144/0x160 fs/read_write.c:1294
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
BUG: scheduling while atomic: syz-executor.4/3197/0x00000102
INFO: lockdep is turned off.
Modules linked in:
Preemption disabled at:[<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63

CPU: 1 PID: 3197 Comm: syz-executor.4 Not tainted 4.4.174+ #17
 0000000000000000 ac77befc5d002042 ffff8801db7073e8 ffffffff81aad1a1
 0000000000000000 ffff8800bac897c0 0000000000000102 0000000000000001
 000000000001e880 ffff8801db707408 ffffffff813a6fa9 ffff8801db71e880
Call Trace:
 <IRQ>  [<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<ffffffff813a6fa9>] __schedule_bug.cold+0x60/0x71 kernel/sched/core.c:3138
 [<ffffffff82708bdb>] schedule_debug kernel/sched/core.c:3153 [inline]
 [<ffffffff82708bdb>] __schedule+0x118b/0x1ee0 kernel/sched/core.c:3265
 [<ffffffff82709b79>] schedule+0x99/0x1d0 kernel/sched/core.c:3355
 [<ffffffff82715c4b>] schedule_timeout+0x47b/0x7c0 kernel/time/timer.c:1515
 [<ffffffff8270787a>] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:4937
 [<ffffffff8270ad93>] io_schedule include/linux/sched.h:447 [inline]
 [<ffffffff8270ad93>] bit_wait_io+0x23/0xc0 kernel/sched/wait.c:595
 [<ffffffff8270a58d>] __wait_on_bit+0xbd/0x140 kernel/sched/wait.c:395
 [<ffffffff8270a6f2>] out_of_line_wait_on_bit+0xe2/0x120 kernel/sched/wait.c:408
 [<ffffffff8153f02e>] wait_on_bit_io include/linux/wait.h:1015 [inline]
 [<ffffffff8153f02e>] __wait_on_buffer+0x5e/0x80 fs/buffer.c:123
 [<ffffffff8154a04e>] wait_on_buffer include/linux/buffer_head.h:342 [inline]
 [<ffffffff8154a04e>] __sync_dirty_buffer+0x17e/0x1d0 fs/buffer.c:3143
 [<ffffffff8154a0bb>] sync_dirty_buffer+0x1b/0x20 fs/buffer.c:3155
 [<ffffffff8165276c>] ext4_write_inode+0x36c/0x3d0 fs/ext4/inode.c:4816
 [<ffffffff81526d0a>] write_inode fs/fs-writeback.c:1145 [inline]
 [<ffffffff81526d0a>] __writeback_single_inode+0x51a/0x1380 fs/fs-writeback.c:1343
 [<ffffffff8152a8e6>] writeback_single_inode+0x256/0x450 fs/fs-writeback.c:1397
 [<ffffffff8152abd3>] sync_inode fs/fs-writeback.c:2391 [inline]
 [<ffffffff8152abd3>] sync_inode_metadata+0xc3/0x100 fs/fs-writeback.c:2411
 [<ffffffff8151362e>] __generic_file_fsync+0x14e/0x1c0 fs/libfs.c:951
 [<ffffffff81513718>] generic_file_fsync+0x78/0x120 fs/libfs.c:977
 [<ffffffff81635822>] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109
 [<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff8271971d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI>  [<ffffffff8115d36b>] ? preempt_count_add+0x3b/0x1d0 kernel/sched/core.c:3069
 [<ffffffff812aef73>] is_module_text_address+0x13/0x50 kernel/module.c:4107
 [<ffffffff8112f548>] __kernel_text_address+0x68/0xa0 kernel/extable.c:103
 [<ffffffff81013549>] print_context_stack+0x59/0xd0 arch/x86/kernel/dumpstack.c:107
 [<ffffffff81012bb9>] dump_trace+0x179/0x390 arch/x86/kernel/dumpstack_64.c:243
 [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63
 [<ffffffff81484820>] save_stack mm/kasan/kasan.c:512 [inline]
 [<ffffffff81484820>] set_track mm/kasan/kasan.c:524 [inline]
 [<ffffffff81484820>] kasan_slab_free+0xb0/0x190 mm/kasan/kasan.c:589
 [<ffffffff81481c44>] slab_free_hook mm/slub.c:1383 [inline]
 [<ffffffff81481c44>] slab_free_freelist_hook mm/slub.c:1405 [inline]
 [<ffffffff81481c44>] slab_free mm/slub.c:2859 [inline]
 [<ffffffff81481c44>] kfree+0xf4/0x310 mm/slub.c:3749
 [<ffffffff8153464a>] iter_file_splice_write+0x4da/0xb30 fs/splice.c:1053
 [<ffffffff81530c16>] do_splice_from fs/splice.c:1128 [inline]
 [<ffffffff81530c16>] direct_splice_actor+0x126/0x1a0 fs/splice.c:1294
 [<ffffffff8153252e>] splice_direct_to_actor+0x2ce/0x850 fs/splice.c:1247
 [<ffffffff81532c55>] do_splice_direct+0x1a5/0x260 fs/splice.c:1337
 [<ffffffff8149a2fd>] do_sendfile+0x4ed/0xba0 fs/read_write.c:1229
 [<ffffffff8149c474>] C_SYSC_sendfile fs/read_write.c:1311 [inline]
 [<ffffffff8149c474>] compat_SyS_sendfile+0x144/0x160 fs/read_write.c:1294
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
softirq: huh, entered softirq 4 BLOCK ffffffff81a5ee40 with preempt_count 00000101, exited with 00000000?