================================ WARNING: inconsistent lock state 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. kworker/u4:0/8 [HC0[0]:SC1[1]:HE1:SE0] takes: ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: might_alloc include/linux/sched/mm.h:271 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: slab_pre_alloc_hook mm/slab.h:700 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: slab_alloc mm/slab.c:3278 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: __kmem_cache_alloc_lru mm/slab.c:3471 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 {SOFTIRQ-ON-W} state was registered at: lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] kmem_cache_alloc_trace+0x38/0x460 mm/slab.c:3557 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] alloc_workqueue_attrs+0x39/0xc0 kernel/workqueue.c:3394 wq_numa_init kernel/workqueue.c:5964 [inline] workqueue_init+0x12f/0x8ae kernel/workqueue.c:6091 kernel_init_freeable+0x3fb/0x73a init/main.c:1607 kernel_init+0x1a/0x1d0 init/main.c:1512 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 irq event stamp: 10229410 hardirqs last enabled at (10229410): [] kfree+0x25b/0x390 mm/slab.c:3787 hardirqs last disabled at (10229409): [] kfree+0x251/0x390 mm/slab.c:3776 softirqs last enabled at (10229404): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (10229404): [] batadv_purge_orig_ref+0xeb7/0x1550 net/batman-adv/originator.c:1259 softirqs last disabled at (10229407): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last disabled at (10229407): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** 3 locks held by kworker/u4:0/8: #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888027f60938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260 #1: ffffc900002efda8 ((work_completion)(&(&bat_priv->orig_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264 #2: ffffffff91227508 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2f4/0x1680 fs/notify/fsnotify.c:544 stack backtrace: CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: bat_events batadv_purge_orig Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire mm/page_alloc.c:4674 [inline] fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4688 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:__local_bh_enable_ip+0xa8/0x120 kernel/softirq.c:403 Code: 1d 0d 2c ba 7e 65 8b 05 06 2c ba 7e a9 00 ff ff 00 74 45 bf 01 00 00 00 e8 65 9f 09 00 e8 30 6c 39 00 fb 65 8b 05 e8 2b ba 7e <85> c0 74 58 5b 5d c3 65 8b 05 d6 32 ba 7e 85 c0 75 a2 0f 0b eb 9e RSP: 0018:ffffc900002efbd8 EFLAGS: 00000202 RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 1ffffffff21275a6 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff891a8927 R08: 0000000000000001 R09: ffffffff908e1a2f R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 R13: ffffc900002efda8 R14: ffff8880121b2800 R15: 000000000000012e spin_unlock_bh include/linux/spinlock.h:394 [inline] batadv_purge_orig_ref+0xeb7/0x1550 net/batman-adv/originator.c:1259 batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1272 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8, name: kworker/u4:0 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] softirq_handle_begin kernel/softirq.c:409 [inline] [] __do_softirq+0xe1/0x9c6 kernel/softirq.c:547 CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: bat_events batadv_purge_orig Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:__local_bh_enable_ip+0xa8/0x120 kernel/softirq.c:403 Code: 1d 0d 2c ba 7e 65 8b 05 06 2c ba 7e a9 00 ff ff 00 74 45 bf 01 00 00 00 e8 65 9f 09 00 e8 30 6c 39 00 fb 65 8b 05 e8 2b ba 7e <85> c0 74 58 5b 5d c3 65 8b 05 d6 32 ba 7e 85 c0 75 a2 0f 0b eb 9e RSP: 0018:ffffc900002efbd8 EFLAGS: 00000202 RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 1ffffffff21275a6 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff891a8927 R08: 0000000000000001 R09: ffffffff908e1a2f R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000 R13: ffffc900002efda8 R14: ffff8880121b2800 R15: 000000000000012e spin_unlock_bh include/linux/spinlock.h:394 [inline] batadv_purge_orig_ref+0xeb7/0x1550 net/batman-adv/originator.c:1259 batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1272 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 25956, name: syz-executor.0 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [] schedule+0xd3/0x1b0 kernel/sched/core.c:6569 CPU: 1 PID: 25956 Comm: syz-executor.0 Tainted: G W 6.0.0-rc6-syzkaller-00321-g105a36f3694e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:finish_task_switch.isra.0+0x2bf/0xc70 kernel/sched/core.c:5062 Code: 8b 3a 4c 89 e7 48 c7 02 00 00 00 00 ff d1 4d 85 ff 75 bf 4c 89 e7 e8 60 f8 ff ff e8 bb 49 2f 00 fb 65 48 8b 1c 25 80 6f 02 00 <48> 8d bb 98 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 RSP: 0018:ffffc90001cbfd70 EFLAGS: 00000246 RAX: 0000000000000007 RBX: ffff888042e140c0 RCX: 1ffffffff1bbcead RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff815265c5 RBP: ffffc90001cbfdb8 R08: 0000000000000000 R09: 0000000000000000 R10: ffffed1017367400 R11: 0000000000000001 R12: ffff8880b9b3a000 R13: ffff8880759f4140 R14: 0000000000000000 R15: ffff8880b9b3aa38 context_switch kernel/sched/core.c:5185 [inline] __schedule+0xae7/0x52b0 kernel/sched/core.c:6494 schedule+0xda/0x1b0 kernel/sched/core.c:6570 exit_to_user_mode_loop kernel/entry/common.c:157 [inline] exit_to_user_mode_prepare+0x142/0x250 kernel/entry/common.c:201 irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:307 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0033:0x7f8214a37994 Code: 00 0f 86 14 01 00 00 4c 8d ab 80 00 00 00 48 89 df 4c 89 ee e8 4d fa ff ff 4d 39 ec 74 40 0f 1f 84 00 00 00 00 00 49 8b 4d 00 <49> 8b 55 f8 49 8d 45 f8 48 39 d1 0f 83 f0 00 00 00 0f 1f 00 48 89 RSP: 002b:00007ffe0a549c30 EFLAGS: 00000216 RAX: 00007f82148e1fb8 RBX: 00007f8214800008 RCX: ffffffff81dd03b7 RDX: ffffffff81dd03ad RSI: 00007f82148e1fc0 RDI: 00007f8214800008 RBP: 000000000003ffff R08: 00007f82148000a8 R09: 000000009081ee3c R10: 0000000000000000 R11: 0000000000000000 R12: 00007f8214a00000 R13: 00007f82148e1fd8 R14: 00007f8214bac018 R15: ffffffff83fb5682 ---------------- Code disassembly (best guess): 0: 1d 0d 2c ba 7e sbb $0x7eba2c0d,%eax 5: 65 8b 05 06 2c ba 7e mov %gs:0x7eba2c06(%rip),%eax # 0x7eba2c12 c: a9 00 ff ff 00 test $0xffff00,%eax 11: 74 45 je 0x58 13: bf 01 00 00 00 mov $0x1,%edi 18: e8 65 9f 09 00 callq 0x99f82 1d: e8 30 6c 39 00 callq 0x396c52 22: fb sti 23: 65 8b 05 e8 2b ba 7e mov %gs:0x7eba2be8(%rip),%eax # 0x7eba2c12 * 2a: 85 c0 test %eax,%eax <-- trapping instruction 2c: 74 58 je 0x86 2e: 5b pop %rbx 2f: 5d pop %rbp 30: c3 retq 31: 65 8b 05 d6 32 ba 7e mov %gs:0x7eba32d6(%rip),%eax # 0x7eba330e 38: 85 c0 test %eax,%eax 3a: 75 a2 jne 0xffffffde 3c: 0f 0b ud2 3e: eb 9e jmp 0xffffffde