NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds NILFS (loop3): invalid segment: Checksum error in segment payload NILFS (loop3): trying rollback from an earlier position WARNING: CPU: 0 PID: 3539 at include/linux/backing-dev.h:340 inode_to_wb include/linux/backing-dev.h:340 [inline] WARNING: CPU: 0 PID: 3539 at include/linux/backing-dev.h:340 account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 NILFS (loop3): recovery complete Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 3539 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 panic+0x26a/0x50e kernel/panic.c:186 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds WARNING: CPU: 1 PID: 3567 at include/linux/backing-dev.h:340 inode_to_wb include/linux/backing-dev.h:340 [inline] WARNING: CPU: 1 PID: 3567 at include/linux/backing-dev.h:340 __test_set_page_writeback+0x1366/0x1750 mm/page-writeback.c:2783 Modules linked in: invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 CPU: 1 PID: 3567 Comm: segctord Not tainted 4.19.211-syzkaller #0 RIP: 0010:inode_to_wb include/linux/backing-dev.h:340 [inline] RIP: 0010:account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Code: 88 01 00 00 be ff ff ff ff 48 8d 78 70 e8 ec e1 ca ff 31 ff 89 c3 89 c6 e8 f1 b3 e2 ff 85 db 0f 85 39 f9 ff ff e8 74 b2 e2 ff <0f> 0b e9 2d f9 ff ff e8 68 b2 e2 ff 4c 89 e6 4c 89 ef e8 9d b3 2d RIP: 0010:inode_to_wb include/linux/backing-dev.h:340 [inline] RIP: 0010:__test_set_page_writeback+0x1366/0x1750 mm/page-writeback.c:2783 RSP: 0018:ffff888097207118 EFLAGS: 00010012 Code: ff ff ff 48 8d 78 70 e8 98 8c ca ff 31 ff 89 c6 89 44 24 18 e8 9b 5e e2 ff 8b 44 24 18 85 c0 0f 85 47 fb ff ff e8 1a 5d e2 ff <0f> 0b e9 3b fb ff ff e8 0e 5d e2 ff 4c 8b 74 24 08 49 83 ee 01 e9 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90006323000 RSP: 0018:ffff88808c64fa88 EFLAGS: 00010093 RDX: 00000000000014c8 RSI: ffffffff817fd2fc RDI: 0000000000000005 RAX: ffff888090ef0500 RBX: ffff888049ed29b0 RCX: ffffffff81802845 RBP: ffff888052b72c08 R08: 0000000000000000 R09: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff81802856 RDI: 0000000000000005 R10: 0000000000000005 R11: 0000000000000000 R12: ffffea0002cd86c0 RBP: ffffea00027afe80 R08: 0000000000000001 R09: 0000000000000000 R13: ffff888052b72a80 R14: ffff888052b728f8 R15: ffffea0002cd86c8 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffff888049ed2b40 R15: ffff888049ed29b8 FS: 0000000000000000(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3042b000 CR3: 00000000a1829000 CR4: 00000000003406e0 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 Call Trace: nilfs_btree_commit_convert_and_insert fs/nilfs2/btree.c:1812 [inline] nilfs_btree_convert_and_insert+0xed5/0x1250 fs/nilfs2/btree.c:1877 set_page_writeback include/linux/page-flags.h:497 [inline] nilfs_begin_page_io+0x18a/0x250 fs/nilfs2/segment.c:1639 nilfs_segctor_prepare_write fs/nilfs2/segment.c:1689 [inline] nilfs_segctor_do_construct+0x484f/0x8360 fs/nilfs2/segment.c:2065 nilfs_bmap_do_insert fs/nilfs2/bmap.c:111 [inline] nilfs_bmap_insert+0x2a1/0x3f0 fs/nilfs2/bmap.c:147 nilfs_mdt_insert_new_block fs/nilfs2/mdt.c:44 [inline] nilfs_mdt_create_block fs/nilfs2/mdt.c:93 [inline] nilfs_mdt_get_block+0x59a/0xd40 fs/nilfs2/mdt.c:254 nilfs_segctor_construct+0x764/0xae0 fs/nilfs2/segment.c:2372 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2480 [inline] nilfs_segctor_thread+0x3cb/0xf50 fs/nilfs2/segment.c:2563 nilfs_palloc_get_block+0xc4/0x2b0 fs/nilfs2/alloc.c:216 nilfs_palloc_get_entry_block+0x17b/0x230 fs/nilfs2/alloc.c:318 nilfs_dat_prepare_entry fs/nilfs2/dat.c:43 [inline] nilfs_dat_prepare_alloc fs/nilfs2/dat.c:69 [inline] nilfs_dat_prepare_alloc+0x61/0xb0 fs/nilfs2/dat.c:61 nilfs_bmap_prepare_alloc_ptr fs/nilfs2/bmap.h:183 [inline] nilfs_direct_insert+0x3cb/0x4e0 fs/nilfs2/direct.c:122 nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] nilfs_bmap_insert+0x27a/0x3f0 fs/nilfs2/bmap.c:147 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 irq event stamp: 384 hardirqs last enabled at (383): [] mod_lruvec_page_state include/linux/memcontrol.h:713 [inline] hardirqs last enabled at (383): [] dec_lruvec_page_state include/linux/memcontrol.h:1215 [inline] hardirqs last enabled at (383): [] clear_page_dirty_for_io+0xb3b/0xee0 mm/page-writeback.c:2699 hardirqs last disabled at (384): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (384): [] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:152 softirqs last enabled at (64): [] __do_softirq+0x678/0x980 kernel/softirq.c:318 nilfs_get_block+0x4d5/0x970 fs/nilfs2/inode.c:96 softirqs last disabled at (27): [] invoke_softirq kernel/softirq.c:372 [inline] softirqs last disabled at (27): [] irq_exit+0x215/0x260 kernel/softirq.c:412 ---[ end trace 1c44e0bdb1e8301f ]--- __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 nilfs_write_begin+0xa5/0x1b0 fs/nilfs2/inode.c:267 generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3c933720f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3c918e4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f3c93491f80 RCX: 00007f3c933720f9 RDX: 0000000000000020 RSI: 0000000020000240 RDI: 0000000000000004 RBP: 00007f3c933cdae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe26a9041f R14: 00007f3c918e4300 R15: 0000000000022000 Kernel Offset: disabled ===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 4.19.211-syzkaller #0 Tainted: G W ----------------------------------------------------- syz-executor.1/3539 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: 000000002f7d79b2 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 000000002f7d79b2 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 000000002f7d79b2 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 000000002f7d79b2 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 and this task is already holding: 000000002966dcf4 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: __set_page_dirty+0x28/0x3e0 fs/buffer.c:579 which would create a new lock dependency: (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} -> ((fb_notifier_list).rwsem){++++} but this new dependency connects a HARDIRQ-irq-safe lock: (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} ... which became HARDIRQ-irq-safe at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 ext4_finish_bio+0x655/0x940 fs/ext4/page-io.c:118 ext4_end_bio+0x179/0x600 fs/ext4/page-io.c:342 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e task_tgid_vnr include/linux/sched.h:1305 [inline] __ia32_sys_getpid+0x1a/0x20 kernel/sys.c:890 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe to a HARDIRQ-irq-unsafe lock: ((fb_notifier_list).rwsem){++++} ... which became HARDIRQ-irq-unsafe at: ... down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock((fb_notifier_list).rwsem); local_irq_disable(); lock(&(&(&mapping->i_pages)->xa_lock)->rlock); lock((fb_notifier_list).rwsem); lock(&(&(&mapping->i_pages)->xa_lock)->rlock); *** DEADLOCK *** 9 locks held by syz-executor.1/3539: #0: 00000000475d98e9 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767 #1: 000000007b04cf07 (sb_writers#20){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline] #1: 000000007b04cf07 (sb_writers#20){.+.+}, at: vfs_write+0x463/0x540 fs/read_write.c:548 #2: 00000000e24e46df (&sb->s_type->i_mutex_key#24){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #2: 00000000e24e46df (&sb->s_type->i_mutex_key#24){+.+.}, at: generic_file_write_iter+0x99/0x730 mm/filemap.c:3320 #3: 00000000b34b8318 (sb_internal#4){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #3: 00000000b34b8318 (sb_internal#4){.+.+}, at: nilfs_transaction_begin+0x1f8/0xa50 fs/nilfs2/segment.c:225 #4: 0000000029c9d611 (&nilfs->ns_segctor_sem){++++}, at: nilfs_transaction_begin+0x231/0xa50 fs/nilfs2/segment.c:228 #5: 000000003546c510 (&bmap->b_sem){++++}, at: nilfs_bmap_insert+0x94/0x3f0 fs/nilfs2/bmap.c:146 #6: 00000000f45c349b (&nilfs_bmap_dat_lock_key){++++}, at: nilfs_bmap_insert+0x94/0x3f0 fs/nilfs2/bmap.c:146 #7: 00000000a12373ab (rcu_read_lock){....}, at: lock_page_memcg+0x0/0x220 include/linux/page_counter.h:64 #8: 000000002966dcf4 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: __set_page_dirty+0x28/0x3e0 fs/buffer.c:579 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} ops: 7528336 { IN-HARDIRQ-W at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 ext4_finish_bio+0x655/0x940 fs/ext4/page-io.c:118 ext4_end_bio+0x179/0x600 fs/ext4/page-io.c:342 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e task_tgid_vnr include/linux/sched.h:1305 [inline] __ia32_sys_getpid+0x1a/0x20 kernel/sys.c:890 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe IN-SOFTIRQ-W at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 end_buffer_async_write+0x57b/0x8f0 fs/buffer.c:348 end_bio_bh_io_sync+0xe2/0x130 fs/buffer.c:2976 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e variable_test_bit arch/x86/include/asm/bitops.h:324 [inline] cpumask_test_cpu include/linux/cpumask.h:344 [inline] trace_kmem_cache_free include/trace/events/kmem.h:144 [inline] kmem_cache_free+0xcd/0x260 mm/slab.c:3768 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0x8ff/0x18b0 kernel/rcu/tree.c:2881 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 __read_once_size include/linux/compiler.h:263 [inline] compound_head include/linux/page-flags.h:142 [inline] filemap_map_pages+0x3d2/0x11c0 mm/filemap.c:2668 do_fault_around mm/memory.c:3776 [inline] do_read_fault mm/memory.c:3810 [inline] do_fault mm/memory.c:3944 [inline] handle_pte_fault mm/memory.c:4175 [inline] __handle_mm_fault+0x2a8e/0x41c0 mm/memory.c:4299 handle_mm_fault+0x436/0xb10 mm/memory.c:4336 __do_page_fault+0x68e/0xd60 arch/x86/mm/fault.c:1412 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 INITIAL USE at: __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5b/0x80 kernel/locking/spinlock.c:160 spin_lock_irq include/linux/spinlock.h:354 [inline] __add_to_page_cache_locked+0x45e/0xb60 mm/filemap.c:879 add_to_page_cache_lru+0x16a/0x680 mm/filemap.c:928 do_read_cache_page+0x50a/0x1170 mm/filemap.c:2818 read_mapping_page include/linux/pagemap.h:402 [inline] read_dev_sector+0xbf/0x500 block/partition-generic.c:671 read_part_sector block/partitions/check.h:38 [inline] adfspart_check_ICS+0x114/0xe70 block/partitions/acorn.c:366 check_partition+0x390/0x690 block/partitions/check.c:167 rescan_partitions+0x1b5/0x970 block/partition-generic.c:535 bdev_disk_changed+0x179/0x1b0 fs/block_dev.c:1435 __blkdev_get+0xb27/0x1480 fs/block_dev.c:1524 blkdev_get+0xb0/0x940 fs/block_dev.c:1627 register_disk block/genhd.c:642 [inline] __device_add_disk+0xb3a/0x10c0 block/genhd.c:723 add_disk include/linux/genhd.h:409 [inline] brd_init+0x295/0x461 drivers/block/brd.c:525 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] __key.6+0x0/0x40 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 inode_to_wb include/linux/backing-dev.h:340 [inline] account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_commit_convert_and_insert fs/nilfs2/btree.c:1812 [inline] nilfs_btree_convert_and_insert+0xed5/0x1250 fs/nilfs2/btree.c:1877 nilfs_bmap_do_insert fs/nilfs2/bmap.c:111 [inline] nilfs_bmap_insert+0x2a1/0x3f0 fs/nilfs2/bmap.c:147 nilfs_mdt_insert_new_block fs/nilfs2/mdt.c:44 [inline] nilfs_mdt_create_block fs/nilfs2/mdt.c:93 [inline] nilfs_mdt_get_block+0x59a/0xd40 fs/nilfs2/mdt.c:254 nilfs_palloc_get_block+0xc4/0x2b0 fs/nilfs2/alloc.c:216 nilfs_palloc_get_entry_block+0x17b/0x230 fs/nilfs2/alloc.c:318 nilfs_dat_prepare_entry fs/nilfs2/dat.c:43 [inline] nilfs_dat_prepare_alloc fs/nilfs2/dat.c:69 [inline] nilfs_dat_prepare_alloc+0x61/0xb0 fs/nilfs2/dat.c:61 nilfs_bmap_prepare_alloc_ptr fs/nilfs2/bmap.h:183 [inline] nilfs_direct_insert+0x3cb/0x4e0 fs/nilfs2/direct.c:122 nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] nilfs_bmap_insert+0x27a/0x3f0 fs/nilfs2/bmap.c:147 nilfs_get_block+0x4d5/0x970 fs/nilfs2/inode.c:96 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 nilfs_write_begin+0xa5/0x1b0 fs/nilfs2/inode.c:267 generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> ((fb_notifier_list).rwsem){++++} ops: 13 { HARDIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 HARDIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INITIAL USE at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] fb_notifier_list+0x60/0x1a0 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 inode_to_wb include/linux/backing-dev.h:340 [inline] account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_commit_convert_and_insert fs/nilfs2/btree.c:1812 [inline] nilfs_btree_convert_and_insert+0xed5/0x1250 fs/nilfs2/btree.c:1877 nilfs_bmap_do_insert fs/nilfs2/bmap.c:111 [inline] nilfs_bmap_insert+0x2a1/0x3f0 fs/nilfs2/bmap.c:147 nilfs_mdt_insert_new_block fs/nilfs2/mdt.c:44 [inline] nilfs_mdt_create_block fs/nilfs2/mdt.c:93 [inline] nilfs_mdt_get_block+0x59a/0xd40 fs/nilfs2/mdt.c:254 nilfs_palloc_get_block+0xc4/0x2b0 fs/nilfs2/alloc.c:216 nilfs_palloc_get_entry_block+0x17b/0x230 fs/nilfs2/alloc.c:318 nilfs_dat_prepare_entry fs/nilfs2/dat.c:43 [inline] nilfs_dat_prepare_alloc fs/nilfs2/dat.c:69 [inline] nilfs_dat_prepare_alloc+0x61/0xb0 fs/nilfs2/dat.c:61 nilfs_bmap_prepare_alloc_ptr fs/nilfs2/bmap.h:183 [inline] nilfs_direct_insert+0x3cb/0x4e0 fs/nilfs2/direct.c:122 nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] nilfs_bmap_insert+0x27a/0x3f0 fs/nilfs2/bmap.c:147 nilfs_get_block+0x4d5/0x970 fs/nilfs2/inode.c:96 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 nilfs_write_begin+0xa5/0x1b0 fs/nilfs2/inode.c:267 generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 0 PID: 3539 Comm: syz-executor.1 Tainted: G W 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:1573 [inline] check_usage.cold+0x7ea/0xbad kernel/locking/lockdep.c:1605 check_irq_usage kernel/locking/lockdep.c:1661 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:7 [inline] check_prev_add kernel/locking/lockdep.c:1871 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x1d51/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:inode_to_wb include/linux/backing-dev.h:340 [inline] RIP: 0010:account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 Code: 88 01 00 00 be ff ff ff ff 48 8d 78 70 e8 ec e1 ca ff 31 ff 89 c3 89 c6 e8 f1 b3 e2 ff 85 db 0f 85 39 f9 ff ff e8 74 b2 e2 ff <0f> 0b e9 2d f9 ff ff e8 68 b2 e2 ff 4c 89 e6 4c 89 ef e8 9d b3 2d RSP: 0018:ffff888097207118 EFLAGS: 00010012 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc90006323000 RDX: 00000000000014c8 RSI: ffffffff817fd2fc RDI: 0000000000000005 RBP: ffff888052b72c08 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffea0002cd86c0 R13: ffff888052b72a80 R14: ffff888052b728f8 R15: ffffea0002cd86c8 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_commit_convert_and_insert fs/nilfs2/btree.c:1812 [inline] nilfs_btree_convert_and_insert+0xed5/0x1250 fs/nilfs2/btree.c:1877 nilfs_bmap_do_insert fs/nilfs2/bmap.c:111 [inline] nilfs_bmap_insert+0x2a1/0x3f0 fs/nilfs2/bmap.c:147 nilfs_mdt_insert_new_block fs/nilfs2/mdt.c:44 [inline] nilfs_mdt_create_block fs/nilfs2/mdt.c:93 [inline] nilfs_mdt_get_block+0x59a/0xd40 fs/nilfs2/mdt.c:254 nilfs_palloc_get_block+0xc4/0x2b0 fs/nilfs2/alloc.c:216 nilfs_palloc_get_entry_block+0x17b/0x230 fs/nilfs2/alloc.c:318 nilfs_dat_prepare_entry fs/nilfs2/dat.c:43 [inline] nilfs_dat_prepare_alloc fs/nilfs2/dat.c:69 [inline] nilfs_dat_prepare_alloc+0x61/0xb0 fs/nilfs2/dat.c:61 nilfs_bmap_prepare_alloc_ptr fs/nilfs2/bmap.h:183 [inline] nilfs_direct_insert+0x3cb/0x4e0 fs/nilfs2/direct.c:122 nilfs_bmap_do_insert fs/nilfs2/bmap.c:121 [inline] nilfs_bmap_insert+0x27a/0x3f0 fs/nilfs2/bmap.c:147 nilfs_get_block+0x4d5/0x970 fs/nilfs2/inode.c:96 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 nilfs_write_begin+0xa5/0x1b0 fs/nilfs2/inode.c:267 generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] new_sync_write fs/read_write.c:474 [inline] __vfs_write+0x51b/0x770 fs/read_write.c:487 vfs_write+0x1f3/0x540 fs/read_write.c:549 ksys_write+0x12b/0x2a0 fs/read_write.c:599 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f3c933720f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3c918e4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f3c93491f80 RCX: 00007f3c933720f9 RDX: 0000000000000020 RSI: 0000000020000240 RDI: 0000000000000004 RBP: 00007f3c933cdae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe26a9041f R14: 00007f3c918e4300 R15: 0000000000022000 Rebooting in 86400 seconds..