WARNING: CPU: 1 PID: 22777 at include/linux/backing-dev.h:340 inode_to_wb include/linux/backing-dev.h:340 [inline] WARNING: CPU: 1 PID: 22777 at include/linux/backing-dev.h:340 account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 22777 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 panic+0x26a/0x50e kernel/panic.c:186 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:inode_to_wb include/linux/backing-dev.h:340 [inline] RIP: 0010:account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 Code: 88 01 00 00 be ff ff ff ff 48 8d 78 70 e8 ec e1 ca ff 31 ff 89 c3 89 c6 e8 f1 b3 e2 ff 85 db 0f 85 39 f9 ff ff e8 74 b2 e2 ff <0f> 0b e9 2d f9 ff ff e8 68 b2 e2 ff 4c 89 e6 4c 89 ef e8 9d b3 2d RSP: 0018:ffff888040a67420 EFLAGS: 00010016 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000886e000 RDX: 000000000000875d RSI: ffffffff817fd2fc RDI: 0000000000000005 RBP: ffff8880439de4f0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffea000286eac0 R13: ffff8880439de368 R14: ffff8880439de1e0 R15: ffffea000286eac8 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_do_delete fs/nilfs2/btree.c:1261 [inline] nilfs_btree_do_delete+0x293/0x330 fs/nilfs2/btree.c:1248 nilfs_btree_commit_delete fs/nilfs2/btree.c:1562 [inline] nilfs_btree_delete+0x8e2/0x1100 fs/nilfs2/btree.c:1592 nilfs_bmap_do_delete+0x225/0x2e0 fs/nilfs2/bmap.c:176 nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline] nilfs_bmap_truncate+0x109/0x300 fs/nilfs2/bmap.c:297 nilfs_truncate_bmap+0x13d/0x350 fs/nilfs2/inode.c:710 nilfs_truncate+0x26f/0x4e0 fs/nilfs2/inode.c:741 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f635ba1b0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6359f8d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f635bb3af80 RCX: 00007f635ba1b0f9 RDX: 0000000000000000 RSI: 0000000000000600 RDI: 0000000020000080 RBP: 00007f635ba76ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd6df1801f R14: 00007f6359f8d300 R15: 0000000000022000 Kernel Offset: disabled ===================================================== WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 4.19.211-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.3/22777 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: 00000000efc06a4b ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 00000000efc06a4b ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:304 [inline] 00000000efc06a4b ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain kernel/notifier.c:328 [inline] 00000000efc06a4b ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 and this task is already holding: 00000000d9a06b61 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: __set_page_dirty+0x28/0x3e0 fs/buffer.c:579 which would create a new lock dependency: (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} -> ((fb_notifier_list).rwsem){++++} but this new dependency connects a HARDIRQ-irq-safe lock: (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} ... which became HARDIRQ-irq-safe at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 ext4_finish_bio+0x655/0x940 fs/ext4/page-io.c:118 ext4_end_bio+0x179/0x600 fs/ext4/page-io.c:342 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] mod_delayed_work_on+0x1ab/0x1f0 kernel/workqueue.c:1600 kblockd_mod_delayed_work_on+0x26/0x30 block/blk-core.c:3584 __blk_mq_delay_run_hw_queue+0x313/0x5a0 block/blk-mq.c:1400 blk_mq_run_hw_queue+0x16b/0x2f0 block/blk-mq.c:1429 blk_mq_sched_insert_request+0x368/0x760 block/blk-mq-sched.c:406 blk_mq_make_request+0x565/0x1c00 block/blk-mq.c:1945 generic_make_request+0x613/0xdf0 block/blk-core.c:2467 submit_bio+0xb1/0x430 block/blk-core.c:2576 submit_bh_wbc+0x5a7/0x760 fs/buffer.c:3090 ext4_read_block_bitmap_nowait+0x6c7/0x1db0 fs/ext4/balloc.c:492 ext4_read_block_bitmap+0x1c/0xe0 fs/ext4/balloc.c:535 ext4_free_blocks+0x762/0x2ac0 fs/ext4/mballoc.c:4837 ext4_remove_blocks fs/ext4/extents.c:2584 [inline] ext4_ext_rm_leaf fs/ext4/extents.c:2740 [inline] ext4_ext_remove_space+0x26ef/0x3e80 fs/ext4/extents.c:2973 ext4_ext_truncate+0x1ae/0x200 fs/ext4/extents.c:4670 ext4_truncate+0xe27/0x1380 fs/ext4/inode.c:4557 ext4_evict_inode+0x934/0x17b0 fs/ext4/inode.c:305 evict+0x2ed/0x760 fs/inode.c:559 iput_final fs/inode.c:1555 [inline] iput+0x4f1/0x860 fs/inode.c:1581 dentry_unlink_inode+0x265/0x320 fs/dcache.c:374 __dentry_kill+0x3c0/0x640 fs/dcache.c:566 dentry_kill+0xc4/0x510 fs/dcache.c:685 dput+0x55f/0x640 fs/dcache.c:846 do_renameat2+0xb69/0xc70 fs/namei.c:4633 __do_sys_rename fs/namei.c:4675 [inline] __se_sys_rename fs/namei.c:4673 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4673 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe to a HARDIRQ-irq-unsafe lock: ((fb_notifier_list).rwsem){++++} ... which became HARDIRQ-irq-unsafe at: ... down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock((fb_notifier_list).rwsem); local_irq_disable(); lock(&(&(&mapping->i_pages)->xa_lock)->rlock); lock((fb_notifier_list).rwsem); lock(&(&(&mapping->i_pages)->xa_lock)->rlock); *** DEADLOCK *** 7 locks held by syz-executor.3/22777: #0: 00000000c65d26ad (sb_writers#21){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000c65d26ad (sb_writers#21){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000bc812b6a (&sb->s_type->i_mutex_key#26){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000bc812b6a (&sb->s_type->i_mutex_key#26){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 000000008d442026 (sb_internal#3){.+.+}, at: sb_start_intwrite include/linux/fs.h:1626 [inline] #2: 000000008d442026 (sb_internal#3){.+.+}, at: nilfs_transaction_begin+0x1f8/0xa50 fs/nilfs2/segment.c:225 #3: 000000000d950740 (&nilfs->ns_segctor_sem){.+.+}, at: nilfs_transaction_begin+0x231/0xa50 fs/nilfs2/segment.c:228 #4: 00000000ee1b9685 (&bmap->b_sem){++++}, at: nilfs_bmap_truncate+0x7d/0x300 fs/nilfs2/bmap.c:296 #5: 00000000bb41c47e (rcu_read_lock){....}, at: lock_page_memcg+0x0/0x220 include/linux/page_counter.h:64 #6: 00000000d9a06b61 (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.}, at: __set_page_dirty+0x28/0x3e0 fs/buffer.c:579 the dependencies between HARDIRQ-irq-safe lock and the holding lock: -> (&(&(&mapping->i_pages)->xa_lock)->rlock){-.-.} ops: 545760 { IN-HARDIRQ-W at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 ext4_finish_bio+0x655/0x940 fs/ext4/page-io.c:118 ext4_end_bio+0x179/0x600 fs/ext4/page-io.c:342 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline] mod_delayed_work_on+0x1ab/0x1f0 kernel/workqueue.c:1600 kblockd_mod_delayed_work_on+0x26/0x30 block/blk-core.c:3584 __blk_mq_delay_run_hw_queue+0x313/0x5a0 block/blk-mq.c:1400 blk_mq_run_hw_queue+0x16b/0x2f0 block/blk-mq.c:1429 blk_mq_sched_insert_request+0x368/0x760 block/blk-mq-sched.c:406 blk_mq_make_request+0x565/0x1c00 block/blk-mq.c:1945 generic_make_request+0x613/0xdf0 block/blk-core.c:2467 submit_bio+0xb1/0x430 block/blk-core.c:2576 submit_bh_wbc+0x5a7/0x760 fs/buffer.c:3090 ext4_read_block_bitmap_nowait+0x6c7/0x1db0 fs/ext4/balloc.c:492 ext4_read_block_bitmap+0x1c/0xe0 fs/ext4/balloc.c:535 ext4_free_blocks+0x762/0x2ac0 fs/ext4/mballoc.c:4837 ext4_remove_blocks fs/ext4/extents.c:2584 [inline] ext4_ext_rm_leaf fs/ext4/extents.c:2740 [inline] ext4_ext_remove_space+0x26ef/0x3e80 fs/ext4/extents.c:2973 ext4_ext_truncate+0x1ae/0x200 fs/ext4/extents.c:4670 ext4_truncate+0xe27/0x1380 fs/ext4/inode.c:4557 ext4_evict_inode+0x934/0x17b0 fs/ext4/inode.c:305 evict+0x2ed/0x760 fs/inode.c:559 iput_final fs/inode.c:1555 [inline] iput+0x4f1/0x860 fs/inode.c:1581 dentry_unlink_inode+0x265/0x320 fs/dcache.c:374 __dentry_kill+0x3c0/0x640 fs/dcache.c:566 dentry_kill+0xc4/0x510 fs/dcache.c:685 dput+0x55f/0x640 fs/dcache.c:846 do_renameat2+0xb69/0xc70 fs/namei.c:4633 __do_sys_rename fs/namei.c:4675 [inline] __se_sys_rename fs/namei.c:4673 [inline] __x64_sys_rename+0x5d/0x80 fs/namei.c:4673 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe IN-SOFTIRQ-W at: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:152 test_clear_page_writeback+0x1c3/0x1300 mm/page-writeback.c:2725 end_page_writeback+0x1b3/0x410 mm/filemap.c:1252 ext4_finish_bio+0x655/0x940 fs/ext4/page-io.c:118 ext4_end_bio+0x179/0x600 fs/ext4/page-io.c:342 bio_endio+0x488/0x830 block/bio.c:1780 req_bio_endio block/blk-core.c:278 [inline] blk_update_request+0x30f/0xaf0 block/blk-core.c:3112 scsi_end_request+0x7d/0xb60 drivers/scsi/scsi_lib.c:673 scsi_io_completion+0x279/0x17c0 drivers/scsi/scsi_lib.c:1103 scsi_softirq_done+0x336/0x3d0 drivers/scsi/scsi_lib.c:1759 __blk_mq_complete_request block/blk-mq.c:583 [inline] blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620 virtscsi_vq_done drivers/scsi/virtio_scsi.c:223 [inline] virtscsi_req_done+0x14b/0x210 drivers/scsi/virtio_scsi.c:238 vring_interrupt+0x12f/0x220 drivers/virtio/virtio_ring.c:953 __handle_irq_event_percpu+0x27e/0x8e0 kernel/irq/handle.c:149 handle_irq_event_percpu kernel/irq/handle.c:189 [inline] handle_irq_event+0x102/0x290 kernel/irq/handle.c:206 handle_edge_irq+0x260/0xcf0 kernel/irq/chip.c:800 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87 do_IRQ+0x93/0x1c0 arch/x86/kernel/irq.c:246 ret_from_intr+0x0/0x1e try_to_wake_up+0x745/0x1050 kernel/sched/core.c:1951 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 rcu_lock_acquire include/linux/rcupdate.h:242 [inline] rcu_read_lock include/linux/rcupdate.h:627 [inline] inet_twsk_purge+0xff/0x7c0 net/ipv4/inet_timewait_sock.c:267 ops_exit_list+0xf9/0x150 net/core/net_namespace.c:156 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:554 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INITIAL USE at: __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline] _raw_spin_lock_irq+0x5b/0x80 kernel/locking/spinlock.c:160 spin_lock_irq include/linux/spinlock.h:354 [inline] __add_to_page_cache_locked+0x45e/0xb60 mm/filemap.c:879 add_to_page_cache_lru+0x16a/0x680 mm/filemap.c:928 do_read_cache_page+0x50a/0x1170 mm/filemap.c:2818 read_mapping_page include/linux/pagemap.h:402 [inline] read_dev_sector+0xbf/0x500 block/partition-generic.c:671 read_part_sector block/partitions/check.h:38 [inline] adfspart_check_ICS+0x114/0xe70 block/partitions/acorn.c:366 check_partition+0x390/0x690 block/partitions/check.c:167 rescan_partitions+0x1b5/0x970 block/partition-generic.c:535 bdev_disk_changed+0x179/0x1b0 fs/block_dev.c:1435 __blkdev_get+0xb27/0x1480 fs/block_dev.c:1524 blkdev_get+0xb0/0x940 fs/block_dev.c:1627 register_disk block/genhd.c:642 [inline] __device_add_disk+0xb3a/0x10c0 block/genhd.c:723 add_disk include/linux/genhd.h:409 [inline] brd_init+0x295/0x461 drivers/block/brd.c:525 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] __key.6+0x0/0x40 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 inode_to_wb include/linux/backing-dev.h:340 [inline] account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_do_delete fs/nilfs2/btree.c:1261 [inline] nilfs_btree_do_delete+0x293/0x330 fs/nilfs2/btree.c:1248 nilfs_btree_commit_delete fs/nilfs2/btree.c:1562 [inline] nilfs_btree_delete+0x8e2/0x1100 fs/nilfs2/btree.c:1592 nilfs_bmap_do_delete+0x225/0x2e0 fs/nilfs2/bmap.c:176 nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline] nilfs_bmap_truncate+0x109/0x300 fs/nilfs2/bmap.c:297 nilfs_truncate_bmap+0x13d/0x350 fs/nilfs2/inode.c:710 nilfs_truncate+0x26f/0x4e0 fs/nilfs2/inode.c:741 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe the dependencies between the lock to be acquired and HARDIRQ-irq-unsafe lock: -> ((fb_notifier_list).rwsem){++++} ops: 5 { HARDIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 HARDIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-W at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 SOFTIRQ-ON-R at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 do_register_framebuffer drivers/video/fbdev/core/fbmem.c:1718 [inline] register_framebuffer+0x5df/0x9e0 drivers/video/fbdev/core/fbmem.c:1841 vga16fb_probe+0x6b4/0x7b5 drivers/video/fbdev/vga16fb.c:1373 platform_drv_probe+0xd4/0x1b0 drivers/base/platform.c:584 really_probe+0x622/0xbd0 drivers/base/dd.c:506 driver_probe_device+0x218/0x340 drivers/base/dd.c:667 __device_attach_driver+0x29e/0x370 drivers/base/dd.c:754 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:464 __device_attach+0x226/0x470 drivers/base/dd.c:822 bus_probe_device+0x1ea/0x2a0 drivers/base/bus.c:524 device_add+0xb37/0x16d0 drivers/base/core.c:2170 platform_device_add+0x364/0x830 drivers/base/platform.c:420 vga16fb_init+0x152/0x1c8 drivers/video/fbdev/vga16fb.c:1431 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 INITIAL USE at: down_write+0x34/0x90 kernel/locking/rwsem.c:70 blocking_notifier_chain_register+0x78/0x350 kernel/notifier.c:226 fb_console_init+0x1c/0x305 drivers/video/fbdev/core/fbcon.c:3432 fbmem_init+0x105/0x126 drivers/video/fbdev/core/fbmem.c:1932 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [] fb_notifier_list+0x60/0x1a0 ... acquired at: down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 inode_to_wb include/linux/backing-dev.h:340 [inline] account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_do_delete fs/nilfs2/btree.c:1261 [inline] nilfs_btree_do_delete+0x293/0x330 fs/nilfs2/btree.c:1248 nilfs_btree_commit_delete fs/nilfs2/btree.c:1562 [inline] nilfs_btree_delete+0x8e2/0x1100 fs/nilfs2/btree.c:1592 nilfs_bmap_do_delete+0x225/0x2e0 fs/nilfs2/bmap.c:176 nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline] nilfs_bmap_truncate+0x109/0x300 fs/nilfs2/bmap.c:297 nilfs_truncate_bmap+0x13d/0x350 fs/nilfs2/inode.c:710 nilfs_truncate+0x26f/0x4e0 fs/nilfs2/inode.c:741 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 1 PID: 22777 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:1573 [inline] check_usage.cold+0x7ea/0xbad kernel/locking/lockdep.c:1605 check_irq_usage kernel/locking/lockdep.c:1661 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:7 [inline] check_prev_add kernel/locking/lockdep.c:1871 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x1d51/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 down_read+0x36/0x80 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] __blocking_notifier_call_chain kernel/notifier.c:304 [inline] blocking_notifier_call_chain kernel/notifier.c:328 [inline] blocking_notifier_call_chain+0x6f/0xa0 kernel/notifier.c:325 fb_blank+0xb5/0x1d0 drivers/video/fbdev/core/fbmem.c:1074 fbcon_blank+0x932/0xec0 drivers/video/fbdev/core/fbcon.c:2221 do_unblank_screen+0x241/0x610 drivers/tty/vt/vt.c:4294 panic+0x313/0x50e kernel/panic.c:239 __warn.cold+0x20/0x5a kernel/panic.c:541 report_bug+0x262/0x2b0 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:178 [inline] fixup_bug arch/x86/kernel/traps.c:173 [inline] do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038 RIP: 0010:inode_to_wb include/linux/backing-dev.h:340 [inline] RIP: 0010:account_page_dirtied+0x8cc/0xbb0 mm/page-writeback.c:2420 Code: 88 01 00 00 be ff ff ff ff 48 8d 78 70 e8 ec e1 ca ff 31 ff 89 c3 89 c6 e8 f1 b3 e2 ff 85 db 0f 85 39 f9 ff ff e8 74 b2 e2 ff <0f> 0b e9 2d f9 ff ff e8 68 b2 e2 ff 4c 89 e6 4c 89 ef e8 9d b3 2d RSP: 0018:ffff888040a67420 EFLAGS: 00010016 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000886e000 RDX: 000000000000875d RSI: ffffffff817fd2fc RDI: 0000000000000005 RBP: ffff8880439de4f0 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffea000286eac0 R13: ffff8880439de368 R14: ffff8880439de1e0 R15: ffffea000286eac8 __set_page_dirty+0x7f/0x3e0 fs/buffer.c:582 mark_buffer_dirty+0x424/0x5c0 fs/buffer.c:1111 nilfs_btree_do_delete fs/nilfs2/btree.c:1261 [inline] nilfs_btree_do_delete+0x293/0x330 fs/nilfs2/btree.c:1248 nilfs_btree_commit_delete fs/nilfs2/btree.c:1562 [inline] nilfs_btree_delete+0x8e2/0x1100 fs/nilfs2/btree.c:1592 nilfs_bmap_do_delete+0x225/0x2e0 fs/nilfs2/bmap.c:176 nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline] nilfs_bmap_truncate+0x109/0x300 fs/nilfs2/bmap.c:297 nilfs_truncate_bmap+0x13d/0x350 fs/nilfs2/inode.c:710 nilfs_truncate+0x26f/0x4e0 fs/nilfs2/inode.c:741 nilfs_setattr+0x246/0x2a0 fs/nilfs2/inode.c:835 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f635ba1b0f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6359f8d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f635bb3af80 RCX: 00007f635ba1b0f9 RDX: 0000000000000000 RSI: 0000000000000600 RDI: 0000000020000080 RBP: 00007f635ba76ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd6df1801f R14: 00007f6359f8d300 R15: 0000000000022000 Rebooting in 86400 seconds..