BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33 in_atomic(): 1, irqs_disabled(): 0, pid: 22393, name: syz-executor.1 1 lock held by syz-executor.1/22393: #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291 Preemption disabled at:[ 2063.410665] [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline] Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline] Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline] Preemption disabled at:[ 2063.410665] [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline] Preemption disabled at:[ 2063.410665] [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291 CPU: 1 PID: 22393 Comm: syz-executor.1 Not tainted 4.9.194+ #0 ffff8801db7075e0 ffffffff81b67001 0000000000000000 0000000000000101 ffff8801ab0daf80 ffffffff814a3e2e ffff8801ab0daf80 ffff8801db707618 ffffffff81401cd3 ffff8801ab0daf80 ffffffff82ad9d20 0000000000000021 Call Trace: [ 2063.452591] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline] [ 2063.452591] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000896aee97>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000000f62cb45>] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7961 [<0000000089cbc6b7>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:33 [inline] [<0000000089cbc6b7>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [<0000000089cbc6b7>] ext4_writepages+0x170/0x2de0 fs/ext4/inode.c:2658 [<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 [<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline] [<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 [<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 [<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116 [<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline] [<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784 [<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline] [<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629 [<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline] [<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409 [<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466 [ 2063.873513] [<00000000d39254ff>] ? __read_once_size include/linux/compiler.h:264 [inline] [ 2063.873513] [<00000000d39254ff>] ? compound_head include/linux/page-flags.h:145 [inline] [ 2063.873513] [<00000000d39254ff>] ? PageAnon include/linux/page-flags.h:397 [inline] [ 2063.873513] [<00000000d39254ff>] ? zap_pte_range mm/memory.c:1146 [inline] [ 2063.873513] [<00000000d39254ff>] ? zap_pmd_range mm/memory.c:1249 [inline] [ 2063.873513] [<00000000d39254ff>] ? zap_pud_range mm/memory.c:1270 [inline] [ 2063.873513] [<00000000d39254ff>] ? unmap_page_range+0xaf3/0x1690 mm/memory.c:1291 [<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336 [<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366 [<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024 [<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline] [<000000006dfd9f92>] mmput kernel/fork.c:908 [inline] [<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903 [<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline] [<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829 [<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946 [<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395 [<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 [<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 [<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] [<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] [<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 [<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ========================================================= [ INFO: possible irq lock inversion dependency detected ] 4.9.194+ #0 Tainted: G W --------------------------------------------------------- syz-executor.1/22393 just changed the state of lock: (&sbi->s_journal_flag_rwsem){.+.?.+}, at: [<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 (&ei->i_data_sem){++++..} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem); local_irq_disable(); lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_data_sem); lock(&sbi->s_journal_flag_rwsem); *** DEADLOCK *** 1 lock held by syz-executor.1/22393: #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291 the shortest dependencies between 2nd lock and 1st lock: -> (&ei->i_data_sem){++++..} ops: 8370799 { HARDIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2937 [inline] __lock_acquire+0xfa9/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0x502/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 __ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424 ext4_lookup_entry fs/ext4/namei.c:1529 [inline] ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597 lookup_slow+0x24b/0x480 fs/namei.c:1793 walk_component+0x71e/0xce0 fs/namei.c:1909 lookup_last fs/namei.c:2391 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408 filename_lookup+0x1a1/0x3b0 fs/namei.c:2442 user_path_at_empty+0x43/0x50 fs/namei.c:2703 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045 kernel_init+0x12/0x163 init/main.c:953 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 SOFTIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 __ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424 ext4_lookup_entry fs/ext4/namei.c:1529 [inline] ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597 lookup_slow+0x24b/0x480 fs/namei.c:1793 walk_component+0x71e/0xce0 fs/namei.c:1909 lookup_last fs/namei.c:2391 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408 filename_lookup+0x1a1/0x3b0 fs/namei.c:2442 user_path_at_empty+0x43/0x50 fs/namei.c:2703 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045 kernel_init+0x12/0x163 init/main.c:953 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 INITIAL USE at: __lock_acquire+0x5e0/0x4390 kernel/locking/lockdep.c:3306 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x344/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 __ext4_find_entry+0xa1a/0xf80 fs/ext4/namei.c:1424 ext4_lookup_entry fs/ext4/namei.c:1529 [inline] ext4_lookup+0x16b/0x5f0 fs/ext4/namei.c:1597 lookup_slow+0x24b/0x480 fs/namei.c:1793 walk_component+0x71e/0xce0 fs/namei.c:1909 lookup_last fs/namei.c:2391 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2408 filename_lookup+0x1a1/0x3b0 fs/namei.c:2442 user_path_at_empty+0x43/0x50 fs/namei.c:2703 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3aa/0x3c8 init/main.c:1045 kernel_init+0x12/0x163 init/main.c:953 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:375 } ... key at: [<000000005c44b0a1>] __key.74919+0x0/0x40 ... acquired at: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_map_blocks+0x754/0x16d0 fs/ext4/inode.c:605 mpage_map_one_extent fs/ext4/inode.c:2386 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2442 [inline] ext4_writepages+0x1597/0x2de0 fs/ext4/inode.c:2783 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 __filemap_fdatawrite mm/filemap.c:400 [inline] filemap_flush+0x24/0x30 mm/filemap.c:425 ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> (&sbi->s_journal_flag_rwsem){.+.?.+} ops: 53826 { HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0x502/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb IN-SOFTIRQ-R at: mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116 vfs_fsync_range+0x111/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2613 [inline] dio_complete+0x376/0x6e0 fs/direct-io.c:282 dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 bio_endio+0x1ad/0x200 block/bio.c:1784 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629 scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 __do_softirq+0x22d/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x119/0x160 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 unmap_single_vma+0x124/0x180 mm/memory.c:1336 unmap_vmas+0x48/0xa0 mm/memory.c:1366 exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024 __mmput kernel/fork.c:886 [inline] mmput kernel/fork.c:908 [inline] mmput+0xd5/0x370 kernel/fork.c:903 exit_mm kernel/exit.c:514 [inline] do_exit+0x6ce/0x2aa0 kernel/exit.c:829 do_group_exit+0x111/0x300 kernel/exit.c:946 get_signal+0x377/0x1cb0 kernel/signal.c:2395 do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x557/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb RECLAIM_FS-ON-R at: mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 slab_pre_alloc_hook mm/slab.h:392 [inline] slab_alloc_node mm/slub.c:2641 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x2d/0x2b0 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] ext4_init_io_end+0x27/0x100 fs/ext4/page-io.c:252 ext4_writepages+0xd06/0x2de0 fs/ext4/inode.c:2750 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 __filemap_fdatawrite mm/filemap.c:400 [inline] filemap_flush+0x24/0x30 mm/filemap.c:425 ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:163 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb INITIAL USE at: __lock_acquire+0x5e0/0x4390 kernel/locking/lockdep.c:3306 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288 entry_SYSCALL_64_after_swapgs+0x5d/0xdb } ... key at: [<00000000447f8cb9>] rwsem_key.75616+0x0/0x40 ... acquired at: check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493 mark_lock_irq kernel/locking/lockdep.c:2610 [inline] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065 mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 filemap_write_and_wait_range mm/filemap.c:580 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116 vfs_fsync_range+0x111/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2613 [inline] dio_complete+0x376/0x6e0 fs/direct-io.c:282 dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 bio_endio+0x1ad/0x200 block/bio.c:1784 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629 scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 __do_softirq+0x22d/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x119/0x160 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 unmap_single_vma+0x124/0x180 mm/memory.c:1336 unmap_vmas+0x48/0xa0 mm/memory.c:1366 exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024 __mmput kernel/fork.c:886 [inline] mmput kernel/fork.c:908 [inline] mmput+0xd5/0x370 kernel/fork.c:903 exit_mm kernel/exit.c:514 [inline] do_exit+0x6ce/0x2aa0 kernel/exit.c:829 do_group_exit+0x111/0x300 kernel/exit.c:946 get_signal+0x377/0x1cb0 kernel/signal.c:2395 do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_swapgs+0x5d/0xdb stack backtrace: CPU: 1 PID: 22393 Comm: syz-executor.1 Tainted: G W 4.9.194+ #0 ffff8801db707290 ffffffff81b67001 0000000000000001 ffffffff8401e400 ffff8801db707340 ffff8801ab0daf80 ffffffff83cb8d30 ffff8801db7072e0 ffffffff8140741a 0000000100000000 ffffffff00000000 ffffffff8401e410 Call Trace: [ 2065.470736] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline] [ 2065.470736] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<0000000072b51779>] print_irq_inversion_bug kernel/locking/lockdep.c:2468 [inline] [<0000000072b51779>] print_irq_inversion_bug.cold+0x31a/0x35d kernel/locking/lockdep.c:2413 [<00000000d7129d60>] check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493 [<00000000a9870650>] mark_lock_irq kernel/locking/lockdep.c:2610 [inline] [<00000000a9870650>] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065 [<0000000022d745ef>] mark_irqflags kernel/locking/lockdep.c:2923 [inline] [<0000000022d745ef>] __lock_acquire+0xf82/0x4390 kernel/locking/lockdep.c:3302 [<00000000696f97d7>] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [<00000000e67a5b5f>] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] [<00000000e67a5b5f>] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [<00000000e67a5b5f>] ext4_writepages+0x1a1/0x2de0 fs/ext4/inode.c:2658 [<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 [<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline] [<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 [<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 [<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116 [<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline] [<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784 [<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline] [<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629 [<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline] [<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409 [<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466 [ 2065.977829] [<00000000d39254ff>] ? __read_once_size include/linux/compiler.h:264 [inline] [ 2065.977829] [<00000000d39254ff>] ? compound_head include/linux/page-flags.h:145 [inline] [ 2065.977829] [<00000000d39254ff>] ? PageAnon include/linux/page-flags.h:397 [inline] [ 2065.977829] [<00000000d39254ff>] ? zap_pte_range mm/memory.c:1146 [inline] [ 2065.977829] [<00000000d39254ff>] ? zap_pmd_range mm/memory.c:1249 [inline] [ 2065.977829] [<00000000d39254ff>] ? zap_pud_range mm/memory.c:1270 [inline] [ 2065.977829] [<00000000d39254ff>] ? unmap_page_range+0xaf3/0x1690 mm/memory.c:1291 [<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336 [<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366 [<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024 [<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline] [<000000006dfd9f92>] mmput kernel/fork.c:908 [inline] [<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903 [<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline] [<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829 [<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946 [<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395 [<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 [<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 [<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] [<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] [<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 [<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: sleeping function called from invalid context at mm/page-writeback.c:2117 in_atomic(): 1, irqs_disabled(): 0, pid: 22393, name: syz-executor.1 INFO: lockdep is turned off. Preemption disabled at:[ 2066.241179] [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline] Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline] Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline] Preemption disabled at:[ 2066.241179] [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline] Preemption disabled at:[ 2066.241179] [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291 CPU: 1 PID: 22393 Comm: syz-executor.1 Tainted: G W 4.9.194+ #0 ffff8801db707580 ffffffff81b67001 0000000000000000 0000000000000101 ffff8801ab0daf80 ffffffff814a3e2e ffff8801ab0daf80 ffff8801db7075b8 ffffffff81401cd3 0000000000000000 ffff88018ec964c0 0000000000000200 Call Trace: [ 2066.284288] [<00000000e920f234>] __dump_stack lib/dump_stack.c:15 [inline] [ 2066.284288] [<00000000e920f234>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<00000000896aee97>] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:8004 [<000000003b0d194a>] tag_pages_for_writeback+0xa0/0x190 mm/page-writeback.c:2117 [<00000000d81d0954>] ext4_writepages+0xcb5/0x2de0 fs/ext4/inode.c:2745 [<000000003b39ecf6>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2338 [<00000000c02dca68>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:392 [<00000000a69273b7>] filemap_write_and_wait_range mm/filemap.c:580 [inline] [<00000000a69273b7>] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:573 [<0000000096455492>] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 [<00000000f1c435a0>] ext4_sync_file+0x656/0x1090 fs/ext4/fsync.c:116 [<0000000025755349>] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [<000000006c3dc663>] generic_write_sync include/linux/fs.h:2613 [inline] [<000000006c3dc663>] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [<00000000c2f4c42a>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [<00000000c05d4f49>] bio_endio+0x1ad/0x200 block/bio.c:1784 [<00000000a0305ac9>] req_bio_endio block/blk-core.c:157 [inline] [<00000000a0305ac9>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2629 [<000000006af3b07e>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [<00000000f0d0394d>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [<0000000031f425d3>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [<000000006cb2996d>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [<000000006438ee24>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [<00000000ad3bdf81>] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [<0000000018565230>] invoke_softirq kernel/softirq.c:368 [inline] [<0000000018565230>] irq_exit+0x119/0x160 kernel/softirq.c:409 [<0000000019443631>] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [<0000000019443631>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [<0000000009dd5314>] common_interrupt+0xa5/0xa5 arch/x86/entry/entry_64.S:466 [<000000005ab9696f>] unmap_single_vma+0x124/0x180 mm/memory.c:1336 [<000000002dc57d71>] unmap_vmas+0x48/0xa0 mm/memory.c:1366 [<00000000f501f37e>] exit_mmap+0x1e3/0x3b0 mm/mmap.c:3024 [<000000006dfd9f92>] __mmput kernel/fork.c:886 [inline] [<000000006dfd9f92>] mmput kernel/fork.c:908 [inline] [<000000006dfd9f92>] mmput+0xd5/0x370 kernel/fork.c:903 [<0000000036717d6f>] exit_mm kernel/exit.c:514 [inline] [<0000000036717d6f>] do_exit+0x6ce/0x2aa0 kernel/exit.c:829 [<000000009cc8f4ff>] do_group_exit+0x111/0x300 kernel/exit.c:946 [<00000000cf52cfa3>] get_signal+0x377/0x1cb0 kernel/signal.c:2395 [<0000000025f7b110>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:812 [<00000000ad5721ff>] exit_to_usermode_loop+0x11c/0x160 arch/x86/entry/common.c:159 [<000000003a62c2a3>] prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline] [<000000003a62c2a3>] syscall_return_slowpath arch/x86/entry/common.c:266 [inline] [<000000003a62c2a3>] do_syscall_64+0x3ab/0x5c0 arch/x86/entry/common.c:293 [<0000000064ce4dd9>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: scheduling while atomic: syz-executor.1/22393/0x00000102 INFO: lockdep is turned off. Modules linked in: Preemption disabled at: [<00000000379c475e>] spin_lock include/linux/spinlock.h:302 [inline] [<00000000379c475e>] zap_pte_range mm/memory.c:1116 [inline] [<00000000379c475e>] zap_pmd_range mm/memory.c:1249 [inline] [<00000000379c475e>] zap_pud_range mm/memory.c:1270 [inline] [<00000000379c475e>] unmap_page_range+0x67e/0x1690 mm/memory.c:1291