BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:33 in_atomic(): 1, irqs_disabled(): 0, pid: 18146, name: syz-executor.2 2 locks held by syz-executor.2/18146: #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:66 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock fs/pipe.c:74 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_wait+0x1a3/0x1d0 fs/pipe.c:122 #1: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x272/0xa60 arch/x86/mm/fault.c:1335 Preemption disabled at:[ 1909.443384] [] __do_softirq+0xdd/0x964 kernel/softirq.c:265 CPU: 0 PID: 18146 Comm: syz-executor.2 Not tainted 4.9.141+ #1 ffff8801db607660 ffffffff81b42e79 ffffffff8281ca6d 0000000000000000 0000000000000100 ffff88017183af80 ffff88017183af80 ffff8801db607698 ffffffff813f9ecf ffff88017183af80 ffffffff82ad6720 0000000000000021 Call Trace: [ 1909.484766] [] __dump_stack lib/dump_stack.c:15 [inline] [ 1909.484766] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] ___might_sleep.cold.31+0x18a/0x1fc kernel/sched/core.c:7988 [] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945 [] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:33 [inline] [] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [] ext4_writepages+0x16d/0x2e00 fs/ext4/inode.c:2659 [] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 [] __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 [] filemap_write_and_wait_range+0x59/0xb0 mm/filemap.c:578 [] __generic_file_fsync+0x93/0x1a0 fs/libfs.c:974 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2607 [inline] [] dio_complete+0x512/0x6c0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 1909.813877] [] ? my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [ 1909.813877] [] ? do_anonymous_page mm/memory.c:2744 [inline] [ 1909.813877] [] ? handle_pte_fault mm/memory.c:3514 [inline] [ 1909.813877] [] ? __handle_mm_fault mm/memory.c:3603 [inline] [ 1909.813877] [] ? handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [] do_anonymous_page mm/memory.c:2744 [inline] [] handle_pte_fault mm/memory.c:3514 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 [] pipe_write+0x219/0xd50 fs/pipe.c:433 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3d7/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ========================================================= [ INFO: possible irq lock inversion dependency detected ] 4.9.141+ #1 Tainted: G W --------------------------------------------------------- syz-executor.2/18146 just changed the state of lock: (&sbi->s_journal_flag_rwsem){.+.?.+}, at: [] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 (&ei->i_data_sem){++++..} and interrupts could create inverse lock ordering between them. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=18162 comm=syz-executor.5 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_data_sem); local_irq_disable(); lock(&sbi->s_journal_flag_rwsem); lock(&ei->i_data_sem); lock(&sbi->s_journal_flag_rwsem); *** DEADLOCK *** 2 locks held by syz-executor.2/18146: #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock_nested fs/pipe.c:66 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_lock fs/pipe.c:74 [inline] #0: (&pipe->mutex/1){+.+.+.}, at: [] pipe_wait+0x1a3/0x1d0 fs/pipe.c:122 #1: (&mm->mmap_sem){++++++}, at: [] __do_page_fault+0x272/0xa60 arch/x86/mm/fault.c:1335 the shortest dependencies between 2nd lock and 1st lock: -> (&ei->i_data_sem){++++..} ops: 1375512 { HARDIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2937 [inline] __lock_acquire+0x10b0/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x263/0x700 fs/file_table.c:208 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x10c/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x129/0x150 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0xb79/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x361/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x2cc/0x450 fs/ext4/inode.c:943 ext4_find_entry+0xa94/0x12c0 fs/ext4/namei.c:1420 ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1559 lookup_slow+0x24a/0x470 fs/namei.c:1668 walk_component+0x822/0xcf0 fs/namei.c:1784 lookup_last fs/namei.c:2266 [inline] path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283 filename_lookup.part.18+0x177/0x370 fs/namei.c:2317 filename_lookup fs/namei.c:2310 [inline] user_path_at_empty+0x53/0x70 fs/namei.c:2578 user_path include/linux/namei.h:60 [inline] do_mount+0x134/0x28a0 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xea/0x100 fs/namespace.c:3064 devtmpfs_mount+0x49/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1e4/0x210 init/do_mounts.c:603 kernel_init_freeable+0x38e/0x3ac init/main.c:1036 kernel_init+0x11/0x15e init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 SOFTIRQ-ON-W at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0xbdd/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_release_file+0x25b/0x2e0 fs/ext4/file.c:50 __fput+0x263/0x700 fs/file_table.c:208 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x10c/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x129/0x150 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0xbdd/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x361/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x2cc/0x450 fs/ext4/inode.c:943 ext4_find_entry+0xa94/0x12c0 fs/ext4/namei.c:1420 ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1559 lookup_slow+0x24a/0x470 fs/namei.c:1668 walk_component+0x822/0xcf0 fs/namei.c:1784 lookup_last fs/namei.c:2266 [inline] path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283 filename_lookup.part.18+0x177/0x370 fs/namei.c:2317 filename_lookup fs/namei.c:2310 [inline] user_path_at_empty+0x53/0x70 fs/namei.c:2578 user_path include/linux/namei.h:60 [inline] do_mount+0x134/0x28a0 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xea/0x100 fs/namespace.c:3064 devtmpfs_mount+0x49/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1e4/0x210 init/do_mounts.c:603 kernel_init_freeable+0x38e/0x3ac init/main.c:1036 kernel_init+0x11/0x15e init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 INITIAL USE at: __lock_acquire+0x654/0x4a10 kernel/locking/lockdep.c:3306 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_read+0x44/0xb0 kernel/locking/rwsem.c:22 ext4_map_blocks+0x361/0x16d0 fs/ext4/inode.c:533 ext4_getblk+0x2cc/0x450 fs/ext4/inode.c:943 ext4_find_entry+0xa94/0x12c0 fs/ext4/namei.c:1420 ext4_lookup+0x139/0x5e0 fs/ext4/namei.c:1559 lookup_slow+0x24a/0x470 fs/namei.c:1668 walk_component+0x822/0xcf0 fs/namei.c:1784 lookup_last fs/namei.c:2266 [inline] path_lookupat.isra.10+0x186/0x410 fs/namei.c:2283 filename_lookup.part.18+0x177/0x370 fs/namei.c:2317 filename_lookup fs/namei.c:2310 [inline] user_path_at_empty+0x53/0x70 fs/namei.c:2578 user_path include/linux/namei.h:60 [inline] do_mount+0x134/0x28a0 fs/namespace.c:2816 SYSC_mount fs/namespace.c:3087 [inline] SyS_mount+0xea/0x100 fs/namespace.c:3064 devtmpfs_mount+0x49/0x70 drivers/base/devtmpfs.c:357 prepare_namespace+0x1e4/0x210 init/do_mounts.c:603 kernel_init_freeable+0x38e/0x3ac init/main.c:1036 kernel_init+0x11/0x15e init/main.c:946 ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373 } ... key at: [] __key.74437+0x0/0x40 ... acquired at: lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 down_write+0x41/0xa0 kernel/locking/rwsem.c:52 ext4_map_blocks+0x6d3/0x16d0 fs/ext4/inode.c:605 mpage_map_one_extent fs/ext4/inode.c:2387 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2443 [inline] ext4_writepages+0x1551/0x2e00 fs/ext4/inode.c:2783 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 __filemap_fdatawrite mm/filemap.c:398 [inline] filemap_flush+0x23/0x30 mm/filemap.c:423 ext4_alloc_da_blocks+0xd9/0x330 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x263/0x700 fs/file_table.c:208 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x10c/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x129/0x150 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb -> (&sbi->s_journal_flag_rwsem){.+.?.+} ops: 196556 { HARDIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2929 [inline] __lock_acquire+0xb79/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 SyS_fadvise64_64+0x6db/0x7d0 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb IN-SOFTIRQ-R at: mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0x1084/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 filemap_write_and_wait_range+0x59/0xb0 mm/filemap.c:578 __generic_file_fsync+0x93/0x1a0 fs/libfs.c:974 ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 vfs_fsync_range+0x10c/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2607 [inline] dio_complete+0x512/0x6c0 fs/direct-io.c:282 dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 bio_endio+0x1a5/0x1f0 block/bio.c:1781 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 __do_softirq+0x20e/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x11c/0x150 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 my_zero_pfn include/asm-generic/pgtable.h:639 [inline] do_anonymous_page mm/memory.c:2744 [inline] handle_pte_fault mm/memory.c:3514 [inline] __handle_mm_fault mm/memory.c:3603 [inline] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 pipe_write+0x219/0xd50 fs/pipe.c:433 new_sync_write fs/read_write.c:496 [inline] __vfs_write+0x3d7/0x580 fs/read_write.c:509 vfs_write+0x187/0x520 fs/read_write.c:557 SYSC_write fs/read_write.c:604 [inline] SyS_write+0xd9/0x1c0 fs/read_write.c:596 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb SOFTIRQ-ON-R at: mark_irqflags kernel/locking/lockdep.c:2941 [inline] __lock_acquire+0xbdd/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 SyS_fadvise64_64+0x6db/0x7d0 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb RECLAIM_FS-ON-R at: mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660 __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline] lockdep_trace_alloc+0x18e/0x2a0 kernel/locking/lockdep.c:2897 slab_pre_alloc_hook mm/slab.h:392 [inline] slab_alloc_node mm/slub.c:2641 [inline] slab_alloc mm/slub.c:2723 [inline] kmem_cache_alloc+0x2d/0x2b0 mm/slub.c:2728 kmem_cache_zalloc include/linux/slab.h:626 [inline] ext4_init_io_end+0x25/0x100 fs/ext4/page-io.c:252 ext4_writepages+0xcd0/0x2e00 fs/ext4/inode.c:2750 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 __filemap_fdatawrite mm/filemap.c:398 [inline] filemap_flush+0x23/0x30 mm/filemap.c:423 ext4_alloc_da_blocks+0xd9/0x330 fs/ext4/inode.c:3157 ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42 __fput+0x263/0x700 fs/file_table.c:208 ____fput+0x15/0x20 fs/file_table.c:244 task_work_run+0x10c/0x180 kernel/task_work.c:116 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop+0x129/0x150 arch/x86/entry/common.c:162 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline] syscall_return_slowpath arch/x86/entry/common.c:263 [inline] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_swapgs+0x5d/0xdb INITIAL USE at: __lock_acquire+0x654/0x4a10 kernel/locking/lockdep.c:3306 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 SyS_fadvise64_64+0x6db/0x7d0 mm/fadvise.c:123 SYSC_fadvise64 mm/fadvise.c:182 [inline] SyS_fadvise64+0x2c/0x40 mm/fadvise.c:180 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb } ... key at: [] rwsem_key.75130+0x0/0x40 ... acquired at: check_usage_forwards+0x14e/0x290 kernel/locking/lockdep.c:2493 mark_lock_irq kernel/locking/lockdep.c:2610 [inline] mark_lock+0x6ec/0x1290 kernel/locking/lockdep.c:3065 mark_irqflags kernel/locking/lockdep.c:2923 [inline] __lock_acquire+0x1084/0x4a10 kernel/locking/lockdep.c:3302 lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 filemap_write_and_wait_range+0x59/0xb0 mm/filemap.c:578 __generic_file_fsync+0x93/0x1a0 fs/libfs.c:974 ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 vfs_fsync_range+0x10c/0x260 fs/sync.c:195 generic_write_sync include/linux/fs.h:2607 [inline] dio_complete+0x512/0x6c0 fs/direct-io.c:282 dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 bio_endio+0x1a5/0x1f0 block/bio.c:1781 req_bio_endio block/blk-core.c:157 [inline] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 __do_softirq+0x20e/0x964 kernel/softirq.c:288 invoke_softirq kernel/softirq.c:368 [inline] irq_exit+0x11c/0x150 kernel/softirq.c:409 exiting_irq arch/x86/include/asm/apic.h:669 [inline] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 ret_from_intr+0x0/0x20 my_zero_pfn include/asm-generic/pgtable.h:639 [inline] do_anonymous_page mm/memory.c:2744 [inline] handle_pte_fault mm/memory.c:3514 [inline] __handle_mm_fault mm/memory.c:3603 [inline] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 pipe_write+0x219/0xd50 fs/pipe.c:433 new_sync_write fs/read_write.c:496 [inline] __vfs_write+0x3d7/0x580 fs/read_write.c:509 vfs_write+0x187/0x520 fs/read_write.c:557 SYSC_write fs/read_write.c:604 [inline] SyS_write+0xd9/0x1c0 fs/read_write.c:596 do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 entry_SYSCALL_64_after_swapgs+0x5d/0xdb stack backtrace: CPU: 0 PID: 18146 Comm: syz-executor.2 Tainted: G W 4.9.141+ #1 ffff8801db6072d0 ffffffff81b42e79 ffffffff84010b80 ffff8801db6073a0 ffff88017183af80 0000000000000001 ffffffff84010b80 ffff8801db607320 ffffffff813ff4da 0000000100000000 ffffffff83cab520 ffffffff83ca2910 Call Trace: [ 1911.331736] [] __dump_stack lib/dump_stack.c:15 [inline] [ 1911.331736] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_irq_inversion_bug.cold.38+0x319/0x32d kernel/locking/lockdep.c:2468 [] check_usage_forwards+0x14e/0x290 kernel/locking/lockdep.c:2493 [] mark_lock_irq kernel/locking/lockdep.c:2610 [inline] [] mark_lock+0x6ec/0x1290 kernel/locking/lockdep.c:3065 [] mark_irqflags kernel/locking/lockdep.c:2923 [inline] [] __lock_acquire+0x1084/0x4a10 kernel/locking/lockdep.c:3302 [] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756 [] percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] [] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] [] ext4_writepages+0x19e/0x2e00 fs/ext4/inode.c:2659 [] do_writepages+0xef/0x1d0 mm/page-writeback.c:2331 [] __filemap_fdatawrite_range+0x1a9/0x250 mm/filemap.c:390 [] filemap_write_and_wait_range+0x59/0xb0 mm/filemap.c:578 [] __generic_file_fsync+0x93/0x1a0 fs/libfs.c:974 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2607 [inline] [] dio_complete+0x512/0x6c0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 1911.770500] [] ? my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [ 1911.770500] [] ? do_anonymous_page mm/memory.c:2744 [inline] [ 1911.770500] [] ? handle_pte_fault mm/memory.c:3514 [inline] [ 1911.770500] [] ? __handle_mm_fault mm/memory.c:3603 [inline] [ 1911.770500] [] ? handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [] do_anonymous_page mm/memory.c:2744 [inline] [] handle_pte_fault mm/memory.c:3514 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 [] pipe_write+0x219/0xd50 fs/pipe.c:433 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3d7/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:51 in_atomic(): 1, irqs_disabled(): 0, pid: 18146, name: syz-executor.2 INFO: lockdep is turned off. Preemption disabled at:[ 1911.944977] [] __do_softirq+0xdd/0x964 kernel/softirq.c:265 CPU: 0 PID: 18146 Comm: syz-executor.2 Tainted: G W 4.9.141+ #1 ffff8801db607a20 ffffffff81b42e79 ffffffff8281ca6d 0000000000000000 0000000000000100 ffff88017183af80 ffff88017183af80 ffff8801db607a58 ffffffff813f9ecf ffff88017183af80 ffffffff82a4fa80 0000000000000033 Call Trace: [ 1911.987666] [] __dump_stack lib/dump_stack.c:15 [inline] [ 1911.987666] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] ___might_sleep.cold.31+0x18a/0x1fc kernel/sched/core.c:7988 [] __might_sleep+0x95/0x1a0 kernel/sched/core.c:7945 [] down_write+0x21/0xa0 kernel/locking/rwsem.c:51 [] inode_lock include/linux/fs.h:766 [inline] [] __generic_file_fsync+0xc1/0x1a0 fs/libfs.c:978 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2607 [inline] [] dio_complete+0x512/0x6c0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 1912.189148] [] ? my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [ 1912.189148] [] ? do_anonymous_page mm/memory.c:2744 [inline] [ 1912.189148] [] ? handle_pte_fault mm/memory.c:3514 [inline] [ 1912.189148] [] ? __handle_mm_fault mm/memory.c:3603 [inline] [ 1912.189148] [] ? handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [] do_anonymous_page mm/memory.c:2744 [inline] [] handle_pte_fault mm/memory.c:3514 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 [] pipe_write+0x219/0xd50 fs/pipe.c:433 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3d7/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb ------------[ cut here ]------------ kernel BUG at ./include/linux/pagemap.h:147! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 0 PID: 18146 Comm: syz-executor.2 Tainted: G W 4.9.141+ #1 task: ffff88017183af80 task.stack: ffff88008f5a8000 RIP: 0010:[] [] page_cache_get_speculative include/linux/pagemap.h:147 [inline] RIP: 0010:[] [] find_get_pages_range_tag+0x52b/0x8f0 mm/filemap.c:1546 RSP: 0018:ffff8801db607678 EFLAGS: 00010206 RAX: ffff88017183af80 RBX: ffffea0004914e40 RCX: 1ffff1003b6c0ee2 RDX: 0000000000000100 RSI: ffffffff8140dd8b RDI: ffffffff831f2500 RBP: ffff8801db607768 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88017183af80 R11: 0000000000000000 R12: ffffea0004914e20 R13: ffffea0004914e60 R14: ffffea0004914e40 R15: dffffc0000000000 FS: 00007f8abadbf700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020589000 CR3: 0000000127bb2000 CR4: 00000000001606b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Stack: ffffffff8140d906 ffffed0043fffa03 1ffff1003b6c0edc ffff8801db607700 0000000183080360 ffff880181e074c8 ffff8801db607848 ffff8801db6077f8 0000000000000fff 000000000000000e ffffffff810a6ab3 ffffed00270be68d Call Trace: [] pagevec_lookup_range_tag+0x40/0x80 mm/swap.c:961 [] __filemap_fdatawait_range+0x11a/0x270 mm/filemap.c:443 [] filemap_fdatawait_range+0x25/0x50 mm/filemap.c:481 [] filemap_fdatawait+0x68/0x90 mm/filemap.c:531 [] __writeback_single_inode+0x73e/0x1020 fs/fs-writeback.c:1330 [] writeback_single_inode+0x24f/0x440 fs/fs-writeback.c:1433 [] sync_inode fs/fs-writeback.c:2458 [inline] [] sync_inode_metadata+0xac/0xe0 fs/fs-writeback.c:2478 [] __generic_file_fsync+0x141/0x1a0 fs/libfs.c:985 [] ext4_sync_file+0x659/0x10a0 fs/ext4/fsync.c:116 [] vfs_fsync_range+0x10c/0x260 fs/sync.c:195 [] generic_write_sync include/linux/fs.h:2607 [inline] [] dio_complete+0x512/0x6c0 fs/direct-io.c:282 [] dio_bio_end_aio+0x11c/0x370 fs/direct-io.c:323 [] bio_endio+0x1a5/0x1f0 block/bio.c:1781 [] req_bio_endio block/blk-core.c:157 [inline] [] blk_update_request+0x248/0x9b0 block/blk-core.c:2628 [] scsi_end_request+0x9d/0x5c0 drivers/scsi/scsi_lib.c:606 [] scsi_io_completion+0x273/0x17a0 drivers/scsi/scsi_lib.c:829 [] scsi_finish_command+0x3ba/0x530 drivers/scsi/scsi.c:607 [] scsi_softirq_done+0x250/0x360 drivers/scsi/scsi_lib.c:1567 [] blk_done_softirq+0x27d/0x3e0 block/blk-softirq.c:35 [] __do_softirq+0x20e/0x964 kernel/softirq.c:288 [] invoke_softirq kernel/softirq.c:368 [inline] [] irq_exit+0x11c/0x150 kernel/softirq.c:409 [] exiting_irq arch/x86/include/asm/apic.h:669 [inline] [] do_IRQ+0x10d/0x1c0 arch/x86/kernel/irq.c:252 [] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461 [ 1912.795641] [] ? my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [ 1912.795641] [] ? do_anonymous_page mm/memory.c:2744 [inline] [ 1912.795641] [] ? handle_pte_fault mm/memory.c:3514 [inline] [ 1912.795641] [] ? __handle_mm_fault mm/memory.c:3603 [inline] [ 1912.795641] [] ? handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] my_zero_pfn include/asm-generic/pgtable.h:639 [inline] [] do_anonymous_page mm/memory.c:2744 [inline] [] handle_pte_fault mm/memory.c:3514 [inline] [] __handle_mm_fault mm/memory.c:3603 [inline] [] handle_mm_fault+0xad7/0x2350 mm/memory.c:3640 [] __do_page_fault+0x403/0xa60 arch/x86/mm/fault.c:1406 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469 [] page_fault+0x25/0x30 arch/x86/entry/entry_64.S:951 [] pipe_write+0x219/0xd50 fs/pipe.c:433 [] new_sync_write fs/read_write.c:496 [inline] [] __vfs_write+0x3d7/0x580 fs/read_write.c:509 [] vfs_write+0x187/0x520 fs/read_write.c:557 [] SYSC_write fs/read_write.c:604 [inline] [] SyS_write+0xd9/0x1c0 fs/read_write.c:596 [] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285 [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb Code: f0 ff 48 c7 c2 80 53 a9 82 be 6d 03 00 00 48 c7 c7 e0 53 a9 82 c6 05 41 d4 fc 01 01 e8 7f 67 df ff e9 bf fb ff ff e8 d5 dc f0 ff <0f> 0b e8 ce dc f0 ff 4d 8d 74 24 ff e9 d1 fc ff ff 48 89 9d 60 RIP [] page_cache_get_speculative include/linux/pagemap.h:147 [inline] RIP [] find_get_pages_range_tag+0x52b/0x8f0 mm/filemap.c:1546 RSP ---[ end trace 269f38d657af5211 ]---