audit: type=1400 audit(1548334634.144:367): avc: denied { create } for pid=26172 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 BUG: sleeping function called from invalid context at mm/page-writeback.c:2120 in_atomic(): 1, irqs_disabled(): 0, pid: 26149, name: syz-executor3 no locks held by syz-executor3/26149. Preemption disabled at:[] try_to_wake_up+0x2b/0x1110 kernel/sched/core.c:1974 CPU: 0 PID: 26149 Comm: syz-executor3 Not tainted 4.4.171+ #12 0000000000000000 d8739c36c825d041 ffff8801db607520 ffffffff81aacd31 ffff8800a4e417c0 0000000000000101 ffff8800a4e417c0 0000000000000101 ffff8800a4e417c0 ffff8801db607558 ffffffff813a6d2d 0000000000000000 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] ___might_sleep.cold+0x1c6/0x1dc kernel/sched/core.c:7988 [] tag_pages_for_writeback+0xa0/0x1a0 mm/page-writeback.c:2120 [] ext4_writepages+0xaf9/0x2c40 fs/ext4/inode.c:2582 [] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2334 [] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:347 [] filemap_write_and_wait_range mm/filemap.c:533 [inline] [] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:527 [] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:940 [] generic_file_fsync+0x78/0x120 fs/libfs.c:977 [] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2517 [inline] [] dio_complete+0x3e6/0x720 fs/direct-io.c:266 [] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312 [] bio_endio+0x187/0x1e0 block/bio.c:1786 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x267/0xa50 block/blk-core.c:2653 [] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695 [] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918 [] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654 [] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] try_to_wake_up+0x701/0x1110 kernel/sched/core.c:2072 [] wake_up_q+0xbb/0x130 kernel/sched/core.c:582 [] futex_wake+0x3e0/0x490 kernel/futex.c:1449 [] do_futex+0x8f4/0x1a80 kernel/futex.c:3230 [] SYSC_futex kernel/futex.c:3286 [inline] [] SyS_futex+0x23b/0x340 kernel/futex.c:3254 [] entry_SYSCALL_64_fastpath+0x1e/0x9a ================================= [ INFO: inconsistent lock state ] 4.4.171+ #12 Not tainted --------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor3/26149 [HC0[0]:SC1[1]:HE1:SE0] takes: (&sb->s_type->i_mutex_key#9){+.?.+.}, at: [] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944 {SOFTIRQ-ON-W} state was registered at: [] mark_irqflags kernel/locking/lockdep.c:2817 [inline] [] __lock_acquire+0xe73/0x4f50 kernel/locking/lockdep.c:3169 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] bprm_fill_uid fs/exec.c:1357 [inline] [] prepare_binprm+0x2bf/0x770 fs/exec.c:1391 [] do_execveat_common.isra.0+0xd86/0x1e90 fs/exec.c:1620 [] do_execve fs/exec.c:1683 [inline] [] SYSC_execve fs/exec.c:1764 [inline] [] SyS_execve+0x42/0x50 fs/exec.c:1759 [] return_from_execve+0x0/0x23 irq event stamp: 4280 hardirqs last enabled at (4280): [] quarantine_put+0xda/0x180 mm/kasan/quarantine.c:209 hardirqs last disabled at (4279): [] quarantine_put+0x52/0x180 mm/kasan/quarantine.c:186 softirqs last enabled at (0): [] copy_process+0x121a/0x68a0 kernel/fork.c:1466 softirqs last disabled at (4229): [] invoke_softirq kernel/softirq.c:350 [inline] softirqs last disabled at (4229): [] irq_exit+0x10a/0x150 kernel/softirq.c:391 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&sb->s_type->i_mutex_key#9); lock(&sb->s_type->i_mutex_key#9); *** DEADLOCK *** no locks held by syz-executor3/26149. stack backtrace: CPU: 0 PID: 26149 Comm: syz-executor3 Not tainted 4.4.171+ #12 0000000000000000 d8739c36c825d041 ffff8801db607610 ffffffff81aacd31 0000000000000090 ffff8800a4e417c0 ffffffff83abf470 ffffffff84057a80 ffff8800a4e420a8 ffff8801db607688 ffffffff813ad250 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_usage_bug.cold+0x454/0x592 kernel/locking/lockdep.c:2267 [] valid_state kernel/locking/lockdep.c:2280 [inline] [] mark_lock_irq kernel/locking/lockdep.c:2478 [inline] [] mark_lock+0x6fd/0x1440 kernel/locking/lockdep.c:2933 [] mark_irqflags kernel/locking/lockdep.c:2799 [inline] [] __lock_acquire+0x145e/0x4f50 kernel/locking/lockdep.c:3169 [] lock_acquire+0x15e/0x450 kernel/locking/lockdep.c:3592 [] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [] mutex_lock_nested+0xc1/0xb80 kernel/locking/mutex.c:621 [] __generic_file_fsync+0xcf/0x1c0 fs/libfs.c:944 [] generic_file_fsync+0x78/0x120 fs/libfs.c:977 [] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2517 [inline] [] dio_complete+0x3e6/0x720 fs/direct-io.c:266 [] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312 [] bio_endio+0x187/0x1e0 block/bio.c:1786 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x267/0xa50 block/blk-core.c:2653 [] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695 [] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918 [] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654 [] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 audit_printk_skb: 18 callbacks suppressed audit: type=1400 audit(1548334635.474:374): avc: denied { create } for pid=26179 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [] try_to_wake_up+0x701/0x1110 kernel/sched/core.c:2072 [] wake_up_q+0xbb/0x130 kernel/sched/core.c:582 [] futex_wake+0x3e0/0x490 kernel/futex.c:1449 [] do_futex+0x8f4/0x1a80 kernel/futex.c:3230 [] SYSC_futex kernel/futex.c:3286 [inline] [] SyS_futex+0x23b/0x340 kernel/futex.c:3254 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: sleeping function called from invalid context at include/linux/buffer_head.h:352 in_atomic(): 1, irqs_disabled(): 0, pid: 26149, name: syz-executor3 INFO: lockdep is turned off. Preemption disabled at:[] try_to_wake_up+0x2b/0x1110 kernel/sched/core.c:1974 CPU: 0 PID: 26149 Comm: syz-executor3 Not tainted 4.4.171+ #12 0000000000000000 d8739c36c825d041 ffff8801db607848 ffffffff81aacd31 ffff8800a4e417c0 0000000000000101 ffff8800a4e417c0 0000000000000101 ffff8800a4e417c0 ffff8801db607880 ffffffff813a6d2d ffff8800a4e417c0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] ___might_sleep.cold+0x1c6/0x1dc kernel/sched/core.c:7988 [] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7948 [] lock_buffer include/linux/buffer_head.h:352 [inline] [] write_dirty_buffer+0x25/0xb0 fs/buffer.c:3117 [] fsync_buffers_list fs/buffer.c:763 [inline] [] sync_mapping_buffers+0x2f6/0x880 fs/buffer.c:581 [] __generic_file_fsync+0xf3/0x1c0 fs/libfs.c:945 [] generic_file_fsync+0x78/0x120 fs/libfs.c:977 [] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2517 [inline] [] dio_complete+0x3e6/0x720 fs/direct-io.c:266 [] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312 [] bio_endio+0x187/0x1e0 block/bio.c:1786 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x267/0xa50 block/blk-core.c:2653 [] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695 [] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918 [] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654 [] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] try_to_wake_up+0x701/0x1110 kernel/sched/core.c:2072 [] wake_up_q+0xbb/0x130 kernel/sched/core.c:582 [] futex_wake+0x3e0/0x490 kernel/futex.c:1449 [] do_futex+0x8f4/0x1a80 kernel/futex.c:3230 [] SYSC_futex kernel/futex.c:3286 [inline] [] SyS_futex+0x23b/0x340 kernel/futex.c:3254 [] entry_SYSCALL_64_fastpath+0x1e/0x9a BUG: scheduling while atomic: syz-executor3/26149/0x00000102 INFO: lockdep is turned off. Modules linked in: Preemption disabled at:[] try_to_wake_up+0x2b/0x1110 kernel/sched/core.c:1974 CPU: 0 PID: 26149 Comm: syz-executor3 Not tainted 4.4.171+ #12 0000000000000000 d8739c36c825d041 ffff8801db607508 ffffffff81aacd31 0000000000000000 ffff8800a4e417c0 0000000000000102 0000000000000000 000000000001e880 ffff8801db607528 ffffffff813a6da3 ffff8801db61e880 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] __schedule_bug.cold+0x60/0x71 kernel/sched/core.c:3138 [] schedule_debug kernel/sched/core.c:3153 [inline] [] __schedule+0x118b/0x1ee0 kernel/sched/core.c:3265 [] schedule+0x99/0x1d0 kernel/sched/core.c:3355 [] schedule_timeout+0x47b/0x7c0 kernel/time/timer.c:1515 [] io_schedule_timeout+0x1ba/0x390 kernel/sched/core.c:4937 [] io_schedule include/linux/sched.h:447 [inline] [] bit_wait_io+0x23/0xc0 kernel/sched/wait.c:595 [] __wait_on_bit+0xbd/0x140 kernel/sched/wait.c:395 [] out_of_line_wait_on_bit+0xe2/0x120 kernel/sched/wait.c:408 [] wait_on_bit_io include/linux/wait.h:1015 [inline] [] __wait_on_buffer+0x5e/0x80 fs/buffer.c:123 [] wait_on_buffer include/linux/buffer_head.h:342 [inline] [] fsync_buffers_list fs/buffer.c:795 [inline] [] sync_mapping_buffers+0x52e/0x880 fs/buffer.c:581 [] __generic_file_fsync+0xf3/0x1c0 fs/libfs.c:945 [] generic_file_fsync+0x78/0x120 fs/libfs.c:977 [] ext4_sync_file+0x772/0xf10 fs/ext4/fsync.c:109 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2517 [inline] [] dio_complete+0x3e6/0x720 fs/direct-io.c:266 [] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312 [] bio_endio+0x187/0x1e0 block/bio.c:1786 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x267/0xa50 block/blk-core.c:2653 [] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695 [] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918 [] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654 [] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35 [] __do_softirq+0x226/0xa3f kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10a/0x150 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:652 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623 [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:812 [inline] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] try_to_wake_up+0x701/0x1110 kernel/sched/core.c:2072 [] wake_up_q+0xbb/0x130 kernel/sched/core.c:582 [] futex_wake+0x3e0/0x490 kernel/futex.c:1449 [] do_futex+0x8f4/0x1a80 kernel/futex.c:3230 [] SYSC_futex kernel/futex.c:3286 [inline] [] SyS_futex+0x23b/0x340 kernel/futex.c:3254 [] entry_SYSCALL_64_fastpath+0x1e/0x9a syz-executor2 (26211) used greatest stack depth: 23232 bytes left softirq: huh, entered softirq 4 BLOCK ffffffff81a5e9d0 with preempt_count 00000101, exited with 00000000? audit: type=1400 audit(1548334637.224:375): avc: denied { create } for pid=26251 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334637.984:376): avc: denied { create } for pid=26251 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334639.714:377): avc: denied { create } for pid=26283 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334639.744:378): avc: denied { create } for pid=26283 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334642.724:379): avc: denied { create } for pid=26347 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334642.874:380): avc: denied { create } for pid=26382 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 audit: type=1400 audit(1548334643.494:381): avc: denied { create } for pid=26347 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0