random: crng init done audit: type=1400 audit(1546186325.957:5): avc: denied { associate } for pid=2067 comm="syz-executor2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:51 in_atomic(): 1, irqs_disabled(): 0, pid: 3298, name: blkid 1 lock held by blkid/3298: #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pte_range mm/memory.c:1116 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pmd_range mm/memory.c:1249 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pud_range mm/memory.c:1270 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] unmap_page_range+0x6f0/0x1680 mm/memory.c:1291 Preemption disabled at:[ 34.411433] [] spin_lock include/linux/spinlock.h:302 [inline] Preemption disabled at:[ 34.411433] [] zap_pte_range mm/memory.c:1116 [inline] Preemption disabled at:[ 34.411433] [] zap_pmd_range mm/memory.c:1249 [inline] Preemption disabled at:[ 34.411433] [] zap_pud_range mm/memory.c:1270 [inline] Preemption disabled at:[ 34.411433] [] unmap_page_range+0x6f0/0x1680 mm/memory.c:1291 CPU: 0 PID: 3298 Comm: blkid Not tainted 4.9.148+ #87 ffff8801db607a20 ffffffff81b43d59 ffffffff814996b0 0000000000000000 0000000000000101 ffff8801d1904740 ffff8801d1904740 ffff8801db607a58 ffffffff813fa4dd ffff8801d1904740 ffffffff82a4fe80 0000000000000033 Call Trace: [ 34.452375] [] __dump_stack lib/dump_stack.c:15 [inline] [ 34.452375] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] ___might_sleep.cold.31+0x18a/0x1fc kernel/sched/core.c:7988 [] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945 [] down_write+0x21/0xa0 kernel/locking/rwsem.c:51 [] inode_lock include/linux/fs.h:768 [inline] [] __generic_file_fsync+0xc1/0x1a0 fs/libfs.c:978 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2609 [inline] [] dio_complete+0x522/0x6d0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 34.653547] [] ? constant_test_bit arch/x86/include/asm/bitops.h:311 [inline] [ 34.653547] [] ? PageSlab include/linux/page-flags.h:265 [inline] [ 34.653547] [] ? page_mapcount include/linux/mm.h:533 [inline] [ 34.653547] [] ? zap_pte_range mm/memory.c:1163 [inline] [ 34.653547] [] ? zap_pmd_range mm/memory.c:1249 [inline] [ 34.653547] [] ? zap_pud_range mm/memory.c:1270 [inline] [ 34.653547] [] ? unmap_page_range+0xd7b/0x1680 mm/memory.c:1291 [] constant_test_bit arch/x86/include/asm/bitops.h:311 [inline] [] PageSlab include/linux/page-flags.h:265 [inline] [] page_mapcount include/linux/mm.h:533 [inline] [] zap_pte_range mm/memory.c:1163 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0xd7b/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ================================= [ INFO: inconsistent lock state ] 4.9.148+ #87 Tainted: G W --------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. blkid/3298 [HC0[0]:SC1[1]:HE1:SE0] takes: (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [] inode_lock include/linux/fs.h:768 [inline] (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [] __generic_file_fsync+0xc1/0x1a0 fs/libfs.c:978 mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0xbdd/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 inode_lock include/linux/fs.h:768 [inline] bprm_fill_uid fs/exec.c:1506 [inline] prepare_binprm+0x2b7/0x750 fs/exec.c:1540 do_execveat_common.isra.14+0xe9f/0x1ed0 fs/exec.c:1766 do_execve fs/exec.c:1829 [inline] SYSC_execve fs/exec.c:1910 [inline] SyS_execve+0x42/0x50 fs/exec.c:1905 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb irq event stamp: 3084 hardirqs last enabled at (3084): [] restore_regs_and_iret+0x0/0x1d hardirqs last disabled at (3083): [] apic_timer_interrupt+0x98/0xb0 arch/x86/entry/entry_64.S:648 softirqs last enabled at (2026): [] __do_softirq+0x46d/0x964 kernel/softirq.c:314 softirqs last disabled at (3039): [] invoke_softirq kernel/softirq.c:368 [inline] softirqs last disabled at (3039): [] irq_exit+0x11c/0x150 kernel/softirq.c:409 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#9); lock(&sb->s_type->i_mutex_key#9); *** DEADLOCK *** 1 lock held by blkid/3298: #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] spin_lock include/linux/spinlock.h:302 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pte_range mm/memory.c:1116 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pmd_range mm/memory.c:1249 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] zap_pud_range mm/memory.c:1270 [inline] #0: (&(ptlock_ptr(page))->rlock#2){+.+...}, at: [] unmap_page_range+0x6f0/0x1680 mm/memory.c:1291 stack backtrace: CPU: 0 PID: 3298 Comm: blkid Tainted: G W 4.9.148+ #87 ffff8801db607790 ffffffff81b43d59 ffff8801d1904740 ffffffff83cb20f0 ffff8801d1905018 ffff8801d1905038 ffffffff8424ad80 ffff8801db607808 ffffffff81400d8e 0000000000000001 ffffffff00000001 0000000000000000 Call Trace: [ 34.973360] [] __dump_stack lib/dump_stack.c:15 [inline] [ 34.973360] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_usage_bug.cold.40+0x44e/0x57e kernel/locking/lockdep.c:2387 [] valid_state kernel/locking/lockdep.c:2400 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2602 [inline] [] mark_lock+0x2f2/0x1290 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2923 [inline] [] __lock_acquire+0x1084/0x4a10 kernel/locking/lockdep.c:3302 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] down_write+0x41/0xa0 kernel/locking/rwsem.c:52 [] inode_lock include/linux/fs.h:768 [inline] [] __generic_file_fsync+0xc1/0x1a0 fs/libfs.c:978 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2609 [inline] [] dio_complete+0x522/0x6d0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 35.240804] [] ? constant_test_bit arch/x86/include/asm/bitops.h:311 [inline] [ 35.240804] [] ? PageSlab include/linux/page-flags.h:265 [inline] [ 35.240804] [] ? page_mapcount include/linux/mm.h:533 [inline] [ 35.240804] [] ? zap_pte_range mm/memory.c:1163 [inline] [ 35.240804] [] ? zap_pmd_range mm/memory.c:1249 [inline] [ 35.240804] [] ? zap_pud_range mm/memory.c:1270 [inline] [ 35.240804] [] ? unmap_page_range+0xd7b/0x1680 mm/memory.c:1291 [] constant_test_bit arch/x86/include/asm/bitops.h:311 [inline] [] PageSlab include/linux/page-flags.h:265 [inline] [] page_mapcount include/linux/mm.h:533 [inline] [] zap_pte_range mm/memory.c:1163 [inline] [] zap_pmd_range mm/memory.c:1249 [inline] [] zap_pud_range mm/memory.c:1270 [inline] [] unmap_page_range+0xd7b/0x1680 mm/memory.c:1291 [] unmap_single_vma+0x11c/0x170 mm/memory.c:1336 [] unmap_vmas+0x81/0xd0 mm/memory.c:1366 [] exit_mmap+0x1cc/0x3a0 mm/mmap.c:3021 [] __mmput kernel/fork.c:884 [inline] [] mmput+0xcd/0x360 kernel/fork.c:906 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x6c9/0x2a50 kernel/exit.c:820 [] do_group_exit+0x111/0x300 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: scheduling while atomic: blkid/3298/0x00000102 INFO: lockdep is turned off. Modules linked in: Preemption disabled at:[ 35.368341] [] spin_lock include/linux/spinlock.h:302 [inline] Preemption disabled at:[ 35.368341] [] zap_pte_range mm/memory.c:1116 [inline] Preemption disabled at:[ 35.368341] [] zap_pmd_range mm/memory.c:1249 [inline] Preemption disabled at:[ 35.368341] [] zap_pud_range mm/memory.c:1270 [inline] Preemption disabled at:[ 35.368341] [] unmap_page_range+0x6f0/0x1680 mm/memory.c:1291