audit: type=1400 audit(1546651278.950:5): avc: denied { associate } for pid=2052 comm="syz-executor853" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33 in_atomic(): 1, irqs_disabled(): 0, pid: 2120, name: syz-executor853 3 locks held by syz-executor853/2120: #0: (sb_writers#4){.+.+.+}, at: [] sb_start_write include/linux/fs.h:1575 [inline] #0: (sb_writers#4){.+.+.+}, at: [] mnt_want_write+0x3f/0xb0 fs/namespace.c:391 #1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [] inode_lock include/linux/fs.h:768 [inline] #1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [] do_truncate2+0x130/0x210 fs/open.c:61 #2: (&ei->i_mmap_sem){++++.+}, at: [] ext4_setattr+0x1321/0x21b0 fs/ext4/inode.c:5296 Preemption disabled at:[ 43.412351] [] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330 CPU: 1 PID: 2120 Comm: syz-executor853 Not tainted 4.9.148+ #3 ffff8801db7075e0 ffffffff81b456e1 0000000000000000 0000000000000101 ffff8801cc07df00 ffffffff814118bb ffff8801cc07df00 ffff8801db707618 ffffffff813f9ff8 ffff8801cc07df00 ffffffff82ad7ca0 0000000000000021 Call Trace: [ 43.454338] [] __dump_stack lib/dump_stack.c:15 [inline] [ 43.454338] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7988 [] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945 [] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:33 [inline] [] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [] ext4_writepages+0x170/0x2d20 fs/ext4/inode.c:2659 [] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 [] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 [] filemap_write_and_wait_range mm/filemap.c:578 [inline] [] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571 [] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 [] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2609 [inline] [] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [] bio_endio+0x1ad/0x200 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628 [] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x119/0x160 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 43.871166] [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline] [ 43.871166] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [ 43.871166] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332 [] truncate_complete_page mm/truncate.c:128 [inline] [] truncate_inode_page+0x172/0x260 mm/truncate.c:167 [] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376 [] truncate_inode_pages mm/truncate.c:401 [inline] [] truncate_pagecache+0x69/0x90 mm/truncate.c:710 [] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301 [] notify_change2+0xaab/0xd90 fs/attr.c:313 [] do_truncate2+0x148/0x210 fs/open.c:63 [] handle_truncate fs/namei.c:3031 [inline] [] do_last fs/namei.c:3466 [inline] [] path_openat+0x12ae/0x2f60 fs/namei.c:3581 [] do_filp_open+0x1a1/0x280 fs/namei.c:3615 [] do_sys_open+0x2f0/0x610 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open fs/open.c:1085 [inline] [] SYSC_creat fs/open.c:1110 [inline] [] SyS_creat+0x27/0x30 fs/open.c:1108 [] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ========================================================= [ INFO: possible irq lock inversion dependency detected ] 4.9.148+ #3 Tainted: G W --------------------------------------------------------- syz-executor853/2120 just changed the state of lock: (&sbi->s_journal_flag_rwsem){.+.?.+}, at: [] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 (&ei->i_data_sem){++++..} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem); local_irq_disable(); lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_data_sem); lock(&sbi->s_journal_flag_rwsem); *** DEADLOCK *** 3 locks held by syz-executor853/2120: #0: (sb_writers#4){.+.+.+}, at: [] sb_start_write include/linux/fs.h:1575 [inline] #0: (sb_writers#4){.+.+.+}, at: [] mnt_want_write+0x3f/0xb0 fs/namespace.c:391 #1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [] inode_lock include/linux/fs.h:768 [inline] #1: (&sb->s_type->i_mutex_key#9){+.+.+.}, at: [] do_truncate2+0x130/0x210 fs/open.c:61 #2: (&ei->i_mmap_sem){++++.+}, at: [] ext4_setattr+0x1321/0x21b0 fs/ext4/inode.c:5296 the shortest dependencies between 2nd lock and 1st lock: -> (&ei->i_data_sem){++++..} ops: 87465 { HARDIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2937 [inline] __lock_acquire+0xf92/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0x507/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420 ext4_lookup fs/ext4/namei.c:1559 [inline] ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545 lookup_slow+0x24b/0x480 fs/namei.c:1709 walk_component+0x71e/0xce0 fs/namei.c:1825 lookup_last fs/namei.c:2307 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324 filename_lookup+0x1a1/0x3b0 fs/namei.c:2358 user_path_at_empty+0x43/0x50 fs/namei.c:2619 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036 kernel_init+0x12/0x163 init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 SOFTIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420 ext4_lookup fs/ext4/namei.c:1559 [inline] ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545 lookup_slow+0x24b/0x480 fs/namei.c:1709 walk_component+0x71e/0xce0 fs/namei.c:1825 lookup_last fs/namei.c:2307 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324 filename_lookup+0x1a1/0x3b0 fs/namei.c:2358 user_path_at_empty+0x43/0x50 fs/namei.c:2619 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036 kernel_init+0x12/0x163 init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 INITIAL USE at: __lock_acquire+0x5e5/0x4350 kernel/locking/lockdep.c:3306 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x36a/0x1710 fs/ext4/inode.c:533 ext4_getblk+0x307/0x490 fs/ext4/inode.c:943 ext4_find_entry+0xa43/0x12b0 fs/ext4/namei.c:1420 ext4_lookup fs/ext4/namei.c:1559 [inline] ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1545 lookup_slow+0x24b/0x480 fs/namei.c:1709 walk_component+0x71e/0xce0 fs/namei.c:1825 lookup_last fs/namei.c:2307 [inline] path_lookupat.isra.0+0x18f/0x3f0 fs/namei.c:2324 filename_lookup+0x1a1/0x3b0 fs/namei.c:2358 user_path_at_empty+0x43/0x50 fs/namei.c:2619 user_path include/linux/namei.h:60 [inline] do_mount+0x124/0x2970 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xab/0x120 fs/namespace.c:3064 devtmpfs_mount+0x4a/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1ef/0x21d init/do_mounts.c:603 kernel_init_freeable+0x3a5/0x3c3 init/main.c:1036 kernel_init+0x12/0x163 init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 } ... key at: [] __key.74417+0x0/0x40 ... acquired at: lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_map_blocks+0x77a/0x1710 fs/ext4/inode.c:605 mpage_map_one_extent fs/ext4/inode.c:2387 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2443 [inline] ext4_writepages+0x155e/0x2d20 fs/ext4/inode.c:2783 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 __filemap_fdatawrite mm/filemap.c:398 [inline] filemap_flush+0x24/0x30 mm/filemap.c:423 ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> (&sbi->s_journal_flag_rwsem){.+.?.+} ops: 315 { HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0x507/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb IN-SOFTIRQ-R at: mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 filemap_write_and_wait_range mm/filemap.c:578 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571 __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116 vfs_fsync_range+0x111/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2609 [inline] dio_complete+0x376/0x6e0 fs/direct-io.c:282 dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 bio_endio+0x1ad/0x200 block/bio.c:1781 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628 scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 __do_softirq+0x22d/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x119/0x160 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332 truncate_complete_page mm/truncate.c:128 [inline] truncate_inode_page+0x172/0x260 mm/truncate.c:167 truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376 truncate_inode_pages mm/truncate.c:401 [inline] truncate_pagecache+0x69/0x90 mm/truncate.c:710 ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301 notify_change2+0xaab/0xd90 fs/attr.c:313 do_truncate2+0x148/0x210 fs/open.c:63 handle_truncate fs/namei.c:3031 [inline] do_last fs/namei.c:3466 [inline] path_openat+0x12ae/0x2f60 fs/namei.c:3581 do_filp_open+0x1a1/0x280 fs/namei.c:3615 do_sys_open+0x2f0/0x610 fs/open.c:1072 SYSC_open fs/open.c:1090 [inline] SyS_open fs/open.c:1085 [inline] SYSC_creat fs/open.c:1110 [inline] SyS_creat+0x27/0x30 fs/open.c:1108 do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0x55c/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb RECLAIM_FS-ON-R at: mark_held_locks+0xb1/0x100 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18c/0x2b0 kernel/locking/lockdep.c:2897 slab_pre_alloc_hook mm/slab.h:392 [inline] slab_alloc_node mm/slub.c:2641 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x2d/0x2b0 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] ext4_init_io_end+0x27/0x100 fs/ext4/page-io.c:252 ext4_writepages+0xce9/0x2d20 fs/ext4/inode.c:2750 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 __filemap_fdatawrite mm/filemap.c:398 [inline] filemap_flush+0x24/0x30 mm/filemap.c:423 ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x274/0x720 fs/file_table.c:208 ____fput+0x16/0x20 fs/file_table.c:244 task_work_run+0x108/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb INITIAL USE at: __lock_acquire+0x5e5/0x4350 kernel/locking/lockdep.c:3306 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 SyS_fadvise64_64+0x701/0x830 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb } ... key at: [] rwsem_key.75110+0x0/0x40 ... acquired at: check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493 mark_lock_irq kernel/locking/lockdep.c:2610 [inline] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065 mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302 lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 filemap_write_and_wait_range mm/filemap.c:578 [inline] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571 __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116 vfs_fsync_range+0x111/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2609 [inline] dio_complete+0x376/0x6e0 fs/direct-io.c:282 dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 bio_endio+0x1ad/0x200 block/bio.c:1781 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628 scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 __do_softirq+0x22d/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x119/0x160 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332 truncate_complete_page mm/truncate.c:128 [inline] truncate_inode_page+0x172/0x260 mm/truncate.c:167 truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376 truncate_inode_pages mm/truncate.c:401 [inline] truncate_pagecache+0x69/0x90 mm/truncate.c:710 ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301 notify_change2+0xaab/0xd90 fs/attr.c:313 do_truncate2+0x148/0x210 fs/open.c:63 handle_truncate fs/namei.c:3031 [inline] do_last fs/namei.c:3466 [inline] path_openat+0x12ae/0x2f60 fs/namei.c:3581 do_filp_open+0x1a1/0x280 fs/namei.c:3615 do_sys_open+0x2f0/0x610 fs/open.c:1072 SYSC_open fs/open.c:1090 [inline] SyS_open fs/open.c:1085 [inline] SYSC_creat fs/open.c:1110 [inline] SyS_creat+0x27/0x30 fs/open.c:1108 do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb stack backtrace: CPU: 1 PID: 2120 Comm: syz-executor853 Tainted: G W 4.9.148+ #3 ffff8801db707290 ffffffff81b456e1 0000000000000001 ffffffff84018600 ffff8801db707340 ffff8801cc07df00 ffffffff83cb3520 ffff8801db7072e0 ffffffff813ff73f 0000000100000000 ffff880100000000 ffffffff84018610 Call Trace: [ 45.442448] [] __dump_stack lib/dump_stack.c:15 [inline] [ 45.442448] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] print_irq_inversion_bug kernel/locking/lockdep.c:2468 [inline] [] print_irq_inversion_bug.cold+0x31a/0x35d kernel/locking/lockdep.c:2413 [] check_usage_forwards+0x144/0x280 kernel/locking/lockdep.c:2493 [] mark_lock_irq kernel/locking/lockdep.c:2610 [inline] [] mark_lock+0x42d/0x12e0 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2923 [inline] [] __lock_acquire+0xf6b/0x4350 kernel/locking/lockdep.c:3302 [] lock_acquire+0x133/0x3d0 kernel/locking/lockdep.c:3756 [] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] [] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [] ext4_writepages+0x1a1/0x2d20 fs/ext4/inode.c:2659 [] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331 [] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390 [] filemap_write_and_wait_range mm/filemap.c:578 [inline] [] filemap_write_and_wait_range+0x5c/0xb0 mm/filemap.c:571 [] __generic_file_fsync+0x9b/0x1c0 fs/libfs.c:974 [] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2609 [inline] [] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [] bio_endio+0x1ad/0x200 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628 [] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x119/0x160 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 45.938793] [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline] [ 45.938793] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [ 45.938793] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332 [] truncate_complete_page mm/truncate.c:128 [inline] [] truncate_inode_page+0x172/0x260 mm/truncate.c:167 [] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376 [] truncate_inode_pages mm/truncate.c:401 [inline] [] truncate_pagecache+0x69/0x90 mm/truncate.c:710 [] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301 [] notify_change2+0xaab/0xd90 fs/attr.c:313 [] do_truncate2+0x148/0x210 fs/open.c:63 [] handle_truncate fs/namei.c:3031 [inline] [] do_last fs/namei.c:3466 [inline] [] path_openat+0x12ae/0x2f60 fs/namei.c:3581 [] do_filp_open+0x1a1/0x280 fs/namei.c:3615 [] do_sys_open+0x2f0/0x610 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open fs/open.c:1085 [inline] [] SYSC_creat fs/open.c:1110 [inline] [] SyS_creat+0x27/0x30 fs/open.c:1108 [] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:51 in_atomic(): 1, irqs_disabled(): 0, pid: 2120, name: syz-executor853 INFO: lockdep is turned off. Preemption disabled at:[ 46.140551] [] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330 CPU: 1 PID: 2120 Comm: syz-executor853 Tainted: G W 4.9.148+ #3 ffff8801db707a00 ffffffff81b456e1 0000000000000000 0000000000000101 ffff8801cc07df00 ffffffff814118bb ffff8801cc07df00 ffff8801db707a38 ffffffff813f9ff8 ffff8801cc07df00 ffffffff82a50dc0 0000000000000033 Call Trace: [ 46.183748] [] __dump_stack lib/dump_stack.c:15 [inline] [ 46.183748] [] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [] ___might_sleep.cold+0x1c1/0x1fa kernel/sched/core.c:7988 [] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945 [] down_write+0x21/0xa0 kernel/locking/rwsem.c:51 [] inode_lock include/linux/fs.h:768 [inline] [] __generic_file_fsync+0xcd/0x1c0 fs/libfs.c:978 [] ext4_sync_file+0x64f/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x111/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2609 [inline] [] dio_complete+0x376/0x6e0 fs/direct-io.c:282 [] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323 [] bio_endio+0x1ad/0x200 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628 [] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x22d/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x119/0x160 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 46.385005] [] ? arch_local_irq_restore arch/x86/include/asm/paravirt.h:768 [inline] [ 46.385005] [] ? __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:162 [inline] [ 46.385005] [] ? _raw_spin_unlock_irqrestore+0x5f/0x70 kernel/locking/spinlock.c:191 [] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline] [] delete_from_page_cache+0xf3/0x230 mm/filemap.c:332 [] truncate_complete_page mm/truncate.c:128 [inline] [] truncate_inode_page+0x172/0x260 mm/truncate.c:167 [] truncate_inode_pages_range+0x643/0xfe0 mm/truncate.c:376 [] truncate_inode_pages mm/truncate.c:401 [inline] [] truncate_pagecache+0x69/0x90 mm/truncate.c:710 [] ext4_setattr+0x134a/0x21b0 fs/ext4/inode.c:5301 [] notify_change2+0xaab/0xd90 fs/attr.c:313 [] do_truncate2+0x148/0x210 fs/open.c:63 [] handle_truncate fs/namei.c:3031 [inline] [] do_last fs/namei.c:3466 [inline] [] path_openat+0x12ae/0x2f60 fs/namei.c:3581 [] do_filp_open+0x1a1/0x280 fs/namei.c:3615 [] do_sys_open+0x2f0/0x610 fs/open.c:1072 [] SYSC_open fs/open.c:1090 [inline] [] SyS_open fs/open.c:1085 [inline] [] SYSC_creat fs/open.c:1110 [inline] [] SyS_creat+0x27/0x30 fs/open.c:1108 [] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: scheduling while atomic: syz-executor853/2120/0x00000102 INFO: lockdep is turned off. Modules linked in: Preemption disabled at:[ 46.580922] [] delete_from_page_cache+0xdb/0x230 mm/filemap.c:330