===================================== WARNING: bad unlock balance detected! 4.20.0-rc5+ #362 Not tainted ------------------------------------- kworker/u4:4/2479 is trying to release lock (&file->mut) at: [] ucma_event_handler+0x788/0x1000 drivers/infiniband/core/ucma.c:394 but there are no more locks to release! other info that might help us debug this: 4 locks held by kworker/u4:4/2479: #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: __write_once_size include/linux/compiler.h:209 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 000000001a415271 ((wq_completion)"ib_addr"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 kobject: 'loop1' (00000000ff94e101): kobject_uevent_env #1: 00000000af144f89 ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000172552f9 (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xed/0x420 drivers/infiniband/core/cma.c:2967 kobject: 'loop1' (00000000ff94e101): fill_kobj_path: path = '/devices/virtual/block/loop1' #3: 00000000938d3707 (&file->mut){+.+.}, at: ucma_event_handler+0x116/0x1000 drivers/infiniband/core/ucma.c:354 stack backtrace: CPU: 1 PID: 2479 Comm: kworker/u4:4 Not tainted 4.20.0-rc5+ #362 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ib_addr process_one_req Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 print_unlock_imbalance_bug.cold.48+0xcc/0xd8 kernel/locking/lockdep.c:3394 __lock_release kernel/locking/lockdep.c:3604 [inline] lock_release+0x720/0xa00 kernel/locking/lockdep.c:3863 netlink: 'syz-executor1': attribute type 1 has an invalid length. __mutex_unlock_slowpath+0x102/0x8c0 kernel/locking/mutex.c:1197 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713 ucma_event_handler+0x788/0x1000 drivers/infiniband/core/ucma.c:394 addr_handler+0x305/0x420 drivers/infiniband/core/cma.c:2991 process_one_req+0x1a9/0x920 drivers/infiniband/core/addr.c:643 process_one_work+0xc90/0x1c40 kernel/workqueue.c:2153 kobject: 'loop1' (00000000ff94e101): kobject_uevent_env kobject: 'loop1' (00000000ff94e101): fill_kobj_path: path = '/devices/virtual/block/loop1' worker_thread+0x17f/0x1390 kernel/workqueue.c:2296 netlink: 'syz-executor1': attribute type 1 has an invalid length. kthread+0x35a/0x440 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 kobject: 'rx-0' (0000000027507541): kobject_cleanup, parent 00000000b54ad773 kobject: 'rx-0' (0000000027507541): auto cleanup 'remove' event kobject: 'rx-0' (0000000027507541): kobject_uevent_env kobject: 'rx-0' (0000000027507541): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'rx-0' (0000000027507541): auto cleanup kobject_del kobject: 'rx-0' (0000000027507541): calling ktype release kobject: 'rx-0': free name kobject: 'tx-0' (000000006f9197d8): kobject_cleanup, parent 00000000b54ad773 kobject: 'tx-0' (000000006f9197d8): auto cleanup 'remove' event kobject: 'tx-0' (000000006f9197d8): kobject_uevent_env kobject: 'tx-0' (000000006f9197d8): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'loop1' (00000000ff94e101): kobject_uevent_env kobject: 'tx-0' (000000006f9197d8): auto cleanup kobject_del kobject: 'tx-0' (000000006f9197d8): calling ktype release kobject: 'loop1' (00000000ff94e101): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'tx-0': free name kobject: 'queues' (00000000b54ad773): kobject_cleanup, parent (null) netlink: 'syz-executor1': attribute type 1 has an invalid length. kobject: 'queues' (00000000b54ad773): calling ktype release kobject: 'queues' (00000000b54ad773): kset_release kobject: 'queues': free name kobject: 'tunl0' (00000000dc21b47f): kobject_uevent_env kobject: 'tunl0' (00000000dc21b47f): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'loop1' (00000000ff94e101): kobject_uevent_env kobject: 'loop1' (00000000ff94e101): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop0' (00000000dd5ff9da): kobject_uevent_env kobject: 'loop0' (00000000dd5ff9da): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'tunl0' (00000000dc21b47f): kobject_cleanup, parent (null) kobject: 'tunl0' (00000000dc21b47f): auto cleanup 'remove' event netlink: 'syz-executor1': attribute type 1 has an invalid length. kobject: 'tunl0' (00000000dc21b47f): kobject_uevent_env kobject: 'loop2' (000000005416ed10): kobject_uevent_env kobject: 'tunl0' (00000000dc21b47f): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'loop2' (000000005416ed10): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'tunl0' (00000000dc21b47f): calling ktype release kobject: 'tunl0': free name kobject: 'rx-0' (000000008f9f81ae): kobject_cleanup, parent 00000000a7225447 kobject: 'rx-0' (000000008f9f81ae): auto cleanup 'remove' event kobject: 'rx-0' (000000008f9f81ae): kobject_uevent_env kobject: 'loop1' (00000000ff94e101): kobject_uevent_env kobject: 'rx-0' (000000008f9f81ae): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'rx-0' (000000008f9f81ae): auto cleanup kobject_del kobject: 'loop1' (00000000ff94e101): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'rx-0' (000000008f9f81ae): calling ktype release kobject: 'loop3' (00000000ac55dbb9): kobject_uevent_env kobject: 'rx-0': free name kobject: 'tx-0' (00000000f3eef80f): kobject_cleanup, parent 00000000a7225447 kobject: 'loop3' (00000000ac55dbb9): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'tx-0' (00000000f3eef80f): auto cleanup 'remove' event kobject: 'loop5' (000000002e955915): kobject_uevent_env kobject: 'tx-0' (00000000f3eef80f): kobject_uevent_env kobject: 'loop5' (000000002e955915): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'tx-0' (00000000f3eef80f): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'tx-0' (00000000f3eef80f): auto cleanup kobject_del kobject: 'tx-0' (00000000f3eef80f): calling ktype release kobject: 'tx-0': free name kobject: 'queues' (00000000a7225447): kobject_cleanup, parent (null) kobject: 'queues' (00000000a7225447): calling ktype release kobject: 'queues' (00000000a7225447): kset_release kobject: 'queues': free name kobject: 'kvm' (00000000fa70798c): kobject_uevent_env kobject: 'lo' (00000000851dff2b): kobject_uevent_env kobject: 'kvm' (00000000fa70798c): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'lo' (00000000851dff2b): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'kvm' (00000000fa70798c): kobject_uevent_env kobject: 'kvm' (00000000fa70798c): kobject_uevent_env kobject: 'kvm' (00000000fa70798c): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'kvm' (00000000fa70798c): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'lo' (00000000851dff2b): kobject_cleanup, parent (null) kobject: 'lo' (00000000851dff2b): auto cleanup 'remove' event kobject: 'lo' (00000000851dff2b): kobject_uevent_env kobject: 'lo' (00000000851dff2b): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'kvm' (00000000fa70798c): kobject_uevent_env kobject: 'lo' (00000000851dff2b): calling ktype release kobject: 'lo': free name kobject: 'kvm' (00000000fa70798c): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop3' (00000000ac55dbb9): kobject_uevent_env kobject: 'loop3' (00000000ac55dbb9): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop0' (00000000dd5ff9da): kobject_uevent_env kobject: 'loop0' (00000000dd5ff9da): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'loop2' (000000005416ed10): kobject_uevent_env kobject: 'loop2' (000000005416ed10): fill_kobj_path: path = '/devices/virtual/block/loop2'