================================ WARNING: inconsistent lock state 6.0.0-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. syz-executor.2/19713 [HC0[0]:SC1[1]:HE1:SE0] takes: ffffffff8c0beb20 (fs_reclaim){+.?.}-{0:0}, at: might_alloc include/linux/sched/mm.h:271 [inline] ffffffff8c0beb20 (fs_reclaim){+.?.}-{0:0}, at: slab_pre_alloc_hook mm/slab.h:700 [inline] ffffffff8c0beb20 (fs_reclaim){+.?.}-{0:0}, at: slab_alloc mm/slab.c:3278 [inline] ffffffff8c0beb20 (fs_reclaim){+.?.}-{0:0}, at: __kmem_cache_alloc_lru mm/slab.c:3471 [inline] ffffffff8c0beb20 (fs_reclaim){+.?.}-{0:0}, at: kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] kmem_cache_alloc_trace+0x38/0x460 mm/slab.c:3557 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] alloc_workqueue_attrs+0x39/0xc0 kernel/workqueue.c:3394 wq_numa_init kernel/workqueue.c:5964 [inline] workqueue_init+0x12f/0x8ae kernel/workqueue.c:6091 kernel_init_freeable+0x3fb/0x73a init/main.c:1607 kernel_init+0x1a/0x1d0 init/main.c:1512 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 irq event stamp: 1240 hardirqs last enabled at (1240): [] asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:657 hardirqs last disabled at (1239): [] sysvec_call_function_single+0xb/0xc0 arch/x86/kernel/smp.c:243 softirqs last enabled at (766): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last enabled at (766): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 softirqs last disabled at (1233): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last disabled at (1233): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** 2 locks held by syz-executor.2/19713: #0: ffff88802d4d20a8 (&ctx->uring_lock){+.+.}-{3:3}, at: __do_sys_io_uring_enter+0xb7a/0x1ea0 io_uring/io_uring.c:3056 #1: ffffffff91227508 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2f4/0x1680 fs/notify/fsnotify.c:544 stack backtrace: CPU: 1 PID: 19713 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 fanotify_alloc_path_event fs/notify/fanotify/fanotify.c:543 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:815 [inline] fanotify_handle_event+0x23e4/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:preempt_schedule_irq+0x49/0x90 kernel/sched/core.c:6806 Code: 55 53 65 48 8b 1c 25 80 6f 02 00 48 89 dd 48 c1 ed 03 48 01 c5 bf 01 00 00 00 e8 f2 15 d0 f7 e8 7d cd ff f7 fb bf 01 00 00 00 92 a0 ff ff 9c 58 fa f6 c4 02 75 27 bf 01 00 00 00 e8 90 00 d0 RSP: 0018:ffffc9000425f908 EFLAGS: 00000202 RAX: 00000000000004cd RBX: ffff8880176681c0 RCX: 1ffffffff2129616 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: ffffed1002ecd038 R08: 0000000000000001 R09: ffffffff908e1a5f R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 irqentry_exit+0x31/0x80 kernel/entry/common.c:428 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:prefetchw arch/x86/include/asm/processor.h:743 [inline] RIP: 0010:slab_alloc mm/slab.c:3290 [inline] RIP: 0010:__do_kmalloc mm/slab.c:3684 [inline] RIP: 0010:__kmalloc+0x1a1/0x4a0 mm/slab.c:3695 Code: 0f 84 ff 00 00 00 4d 85 f6 48 89 54 24 18 0f 85 dc 01 00 00 9c 58 f6 c4 02 0f 85 f7 01 00 00 4d 85 f6 74 01 fb 48 8b 74 24 18 <0f> 0d 0e 0f 1f 44 00 00 49 83 7c 24 50 00 0f 84 2d 01 00 00 23 1d RSP: 0018:ffffc9000425f9d0 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000cc0 RCX: 1ffffffff2129616 RDX: 0000000000000000 RSI: ffff888072a1a000 RDI: 0000000000000000 RBP: 0000000000000cc0 R08: 0000000000000001 R09: ffffffff908e1a5f R10: 0000000000000001 R11: 0000000000000000 R12: ffff888011840600 R13: 0000000000000108 R14: 0000000000000200 R15: 0000000000000000 kmalloc include/linux/slab.h:605 [inline] io_alloc_async_data+0xa5/0x160 io_uring/io_uring.c:1434 io_setup_async_rw+0x106/0x4f0 io_uring/rw.c:524 io_read+0x714/0x13a0 io_uring/rw.c:796 io_issue_sqe+0x15e/0xd20 io_uring/io_uring.c:1577 io_queue_sqe io_uring/io_uring.c:1755 [inline] io_submit_sqe io_uring/io_uring.c:2013 [inline] io_submit_sqes+0x94e/0x1d30 io_uring/io_uring.c:2124 __do_sys_io_uring_enter+0xb85/0x1ea0 io_uring/io_uring.c:3057 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f3f3ee8a5a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f3dddd168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 00007f3f3efac050 RCX: 00007f3f3ee8a5a9 RDX: 0000000000000000 RSI: 00000000000002ff RDI: 0000000000000004 RBP: 00007f3f3eee5580 R08: 0000000000000000 R09: 0000000000000071 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffce506c42f R14: 00007f3f3dddd300 R15: 0000000000022000 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 19713, name: syz-executor.2 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] preempt_schedule_irq+0x3e/0x90 kernel/sched/core.c:6804 CPU: 1 PID: 19713 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_path_event fs/notify/fanotify/fanotify.c:543 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:815 [inline] fanotify_handle_event+0x23e4/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:preempt_schedule_irq+0x49/0x90 kernel/sched/core.c:6806 Code: 55 53 65 48 8b 1c 25 80 6f 02 00 48 89 dd 48 c1 ed 03 48 01 c5 bf 01 00 00 00 e8 f2 15 d0 f7 e8 7d cd ff f7 fb bf 01 00 00 00 92 a0 ff ff 9c 58 fa f6 c4 02 75 27 bf 01 00 00 00 e8 90 00 d0 RSP: 0018:ffffc9000425f908 EFLAGS: 00000202 RAX: 00000000000004cd RBX: ffff8880176681c0 RCX: 1ffffffff2129616 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 RBP: ffffed1002ecd038 R08: 0000000000000001 R09: ffffffff908e1a5f R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 irqentry_exit+0x31/0x80 kernel/entry/common.c:428 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:prefetchw arch/x86/include/asm/processor.h:743 [inline] RIP: 0010:slab_alloc mm/slab.c:3290 [inline] RIP: 0010:__do_kmalloc mm/slab.c:3684 [inline] RIP: 0010:__kmalloc+0x1a1/0x4a0 mm/slab.c:3695 Code: 0f 84 ff 00 00 00 4d 85 f6 48 89 54 24 18 0f 85 dc 01 00 00 9c 58 f6 c4 02 0f 85 f7 01 00 00 4d 85 f6 74 01 fb 48 8b 74 24 18 <0f> 0d 0e 0f 1f 44 00 00 49 83 7c 24 50 00 0f 84 2d 01 00 00 23 1d RSP: 0018:ffffc9000425f9d0 EFLAGS: 00000206 RAX: 0000000000000002 RBX: 0000000000000cc0 RCX: 1ffffffff2129616 RDX: 0000000000000000 RSI: ffff888072a1a000 RDI: 0000000000000000 RBP: 0000000000000cc0 R08: 0000000000000001 R09: ffffffff908e1a5f R10: 0000000000000001 R11: 0000000000000000 R12: ffff888011840600 R13: 0000000000000108 R14: 0000000000000200 R15: 0000000000000000 kmalloc include/linux/slab.h:605 [inline] io_alloc_async_data+0xa5/0x160 io_uring/io_uring.c:1434 io_setup_async_rw+0x106/0x4f0 io_uring/rw.c:524 io_read+0x714/0x13a0 io_uring/rw.c:796 io_issue_sqe+0x15e/0xd20 io_uring/io_uring.c:1577 io_queue_sqe io_uring/io_uring.c:1755 [inline] io_submit_sqe io_uring/io_uring.c:2013 [inline] io_submit_sqes+0x94e/0x1d30 io_uring/io_uring.c:2124 __do_sys_io_uring_enter+0xb85/0x1ea0 io_uring/io_uring.c:3057 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f3f3ee8a5a9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3f3dddd168 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 00007f3f3efac050 RCX: 00007f3f3ee8a5a9 RDX: 0000000000000000 RSI: 00000000000002ff RDI: 0000000000000004 RBP: 00007f3f3eee5580 R08: 0000000000000000 R09: 0000000000000071 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffce506c42f R14: 00007f3f3dddd300 R15: 0000000000022000 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 21, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:409 [inline] [] __do_softirq+0xe1/0x9c6 kernel/softirq.c:547 CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G W 6.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_path_event fs/notify/fanotify/fanotify.c:543 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:815 [inline] fanotify_handle_event+0x23e4/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 run_ksoftirqd kernel/softirq.c:934 [inline] run_ksoftirqd+0x2d/0x60 kernel/softirq.c:926 smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 19761, name: syz-executor.1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:409 [inline] [] __do_softirq+0xe1/0x9c6 kernel/softirq.c:547 CPU: 1 PID: 19761 Comm: syz-executor.1 Tainted: G W 6.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_path_event fs/notify/fanotify/fanotify.c:543 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:815 [inline] fanotify_handle_event+0x23e4/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0033:0x7fc25a037602 Code: 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e 48 8b 3e 48 83 c3 08 48 83 c6 08 bc 48 39 d1 72 9e 48 39 d0 73 47 49 89 16 48 89 fa 49 89 78 f8 RSP: 002b:00007ffec8f69bd0 EFLAGS: 00000202 RAX: 00007fc259e141f8 RBX: 00007fc259e140f0 RCX: ffffffff8465133b RDX: ffffffff8465135c RSI: 00007fc259e140f8 RDI: ffffffff846518c1 RBP: 00007fc259e140d0 R08: 00007fc259e14220 R09: 00000000e14a5bab R10: 00007ffec8f69f60 R11: 0000000000000246 R12: 00007fc259e140c8 R13: 00007fc259e140e8 R14: 00007fc259e140c0 R15: 0000000000000012 ------------[ cut here ]------------ do not call blocking ops when !TASK_RUNNING; state=2 set at [] folio_wait_bit_common+0x2b6/0xa90 mm/filemap.c:1290 WARNING: CPU: 1 PID: 19775 at kernel/sched/core.c:9815 __might_sleep+0x105/0x150 kernel/sched/core.c:9815 Modules linked in: CPU: 1 PID: 19775 Comm: iou-wrk-19757 Tainted: G W 6.0.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 RIP: 0010:__might_sleep+0x105/0x150 kernel/sched/core.c:9815 Code: 6f 02 00 48 8d bb 08 17 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 75 34 48 8b 93 08 17 00 00 48 c7 c7 e0 1e ec 89 e8 7d d7 e8 07 <0f> 0b e9 75 ff ff ff e8 ff dc 74 00 e9 26 ff ff ff 89 34 24 e8 02 RSP: 0018:ffffc900003f8810 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888034504200 RCX: 0000000000000000 RDX: ffff888034504200 RSI: ffffffff81611ca8 RDI: fffff5200007f0f4 RBP: ffffffff8b840617 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000100 R11: 6320746f6e206f64 R12: 0000000000000112 R13: 0000000000404cc0 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f1515c92700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2e532000 CR3: 000000001dc91000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_path_event fs/notify/fanotify/fanotify.c:543 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:815 [inline] fanotify_handle_event+0x23e4/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:rol32 include/linux/bitops.h:126 [inline] RIP: 0010:jhash2 include/linux/jhash.h:139 [inline] RIP: 0010:hash_stack lib/stackdepot.c:265 [inline] RIP: 0010:__stack_depot_save+0x17c/0x500 lib/stackdepot.c:427 Code: 75 ec 48 8b 7c 24 28 48 85 ff 74 0a be 02 00 00 00 e8 18 7b 9c fd 8b 45 10 e9 d4 fe ff ff 03 59 08 03 41 04 03 39 89 c1 31 c3 c1 0e 29 cb 89 d9 31 df c1 c1 0b 29 cf 89 f9 31 f8 c1 c9 07 29 RSP: 0018:ffffc90004c67048 EFLAGS: 00000286 RAX: 0000000079a0be19 RBX: 00000000b820e99f RCX: 0000000079a0be19 RDX: 0000000000000015 RSI: 0000000000000003 RDI: 000000002a756237 RBP: 0000000000000001 R08: 00000000e2b1682c R09: ffffc90004c66fc4 R10: fffff5200098cdfd R11: 000000000008c07c R12: 0000000000000001 R13: 0000000000000800 R14: ffffc90004c670b8 R15: 0000000000000015 kasan_save_stack+0x2e/0x40 mm/kasan/common.c:39 __kasan_record_aux_stack+0x7e/0x90 mm/kasan/generic.c:348 task_work_add+0x3a/0x1f0 kernel/task_work.c:48 io_queue_worker_create+0x41d/0x650 io_uring/io-wq.c:373 io_wqe_dec_running+0x1e4/0x240 io_uring/io-wq.c:410 io_wq_worker_sleeping+0xa2/0xc0 io_uring/io-wq.c:698 sched_submit_work kernel/sched/core.c:6536 [inline] schedule+0x16a/0x1b0 kernel/sched/core.c:6567 io_schedule+0xba/0x130 kernel/sched/core.c:8714 folio_wait_bit_common+0x3dd/0xa90 mm/filemap.c:1298 folio_wait_writeback+0x37/0x300 mm/page-writeback.c:3035 __filemap_fdatawait_range+0x138/0x740 mm/filemap.c:524 filemap_write_and_wait_range+0xca/0x100 mm/filemap.c:682 __iomap_dio_rw+0x5ed/0x1c20 fs/iomap/direct-io.c:573 iomap_dio_rw+0x3c/0xa0 fs/iomap/direct-io.c:690 ext4_dio_read_iter fs/ext4/file.c:79 [inline] ext4_file_read_iter+0x434/0x600 fs/ext4/file.c:130 call_read_iter include/linux/fs.h:2181 [inline] io_iter_do_read io_uring/rw.c:643 [inline] io_read+0x31f/0x13a0 io_uring/rw.c:765 io_issue_sqe+0x15e/0xd20 io_uring/io_uring.c:1577 io_wq_submit_work+0x29f/0x8f0 io_uring/io_uring.c:1654 io_worker_handle_work+0x991/0x1820 io_uring/io-wq.c:587 io_wqe_worker+0x9f6/0xe30 io_uring/io-wq.c:632 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 ---------------- Code disassembly (best guess): 0: 55 push %rbp 1: 53 push %rbx 2: 65 48 8b 1c 25 80 6f mov %gs:0x26f80,%rbx 9: 02 00 b: 48 89 dd mov %rbx,%rbp e: 48 c1 ed 03 shr $0x3,%rbp 12: 48 01 c5 add %rax,%rbp 15: bf 01 00 00 00 mov $0x1,%edi 1a: e8 f2 15 d0 f7 callq 0xf7d01611 1f: e8 7d cd ff f7 callq 0xf7ffcda1 24: fb sti 25: bf 01 00 00 00 mov $0x1,%edi * 2a: e8 92 a0 ff ff callq 0xffffa0c1 <-- trapping instruction 2f: 9c pushfq 30: 58 pop %rax 31: fa cli 32: f6 c4 02 test $0x2,%ah 35: 75 27 jne 0x5e 37: bf 01 00 00 00 mov $0x1,%edi 3c: e8 .byte 0xe8 3d: 90 nop 3e: 00 d0 add %dl,%al