RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28ce5906d4 R13: 00000000004c3522 R14: 00000000004d5328 R15: 0000000000000004 ===================================== WARNING: bad unlock balance detected! 4.19.0+ #302 Not tainted ------------------------------------- kworker/u4:2/44 is trying to release lock (&file->mut) at: [] ucma_event_handler+0x788/0xff0 drivers/infiniband/core/ucma.c:394 but there are no more locks to release! other info that might help us debug this: 4 locks held by kworker/u4:2/44: #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: __write_once_size include/linux/compiler.h:206 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: atomic64_set include/asm-generic/atomic-instrumented.h:40 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: atomic_long_set include/asm-generic/atomic-long.h:59 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 0000000032e74109 ((wq_completion)"ib_addr"){+.+.}, at: process_one_work+0xb43/0x1c40 kernel/workqueue.c:2124 #1: 0000000031b46b4c ((work_completion)(&(&req->work)->work)){+.+.}, at: process_one_work+0xb9a/0x1c40 kernel/workqueue.c:2128 #2: 00000000571daeca (&id_priv->handler_mutex){+.+.}, at: addr_handler+0xed/0x430 drivers/infiniband/core/cma.c:2858 #3: 000000005f1b051a (&file->mut){+.+.}, at: ucma_event_handler+0x116/0xff0 drivers/infiniband/core/ucma.c:354 stack backtrace: CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 4.19.0+ #302 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: ib_addr process_one_req Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 print_unlock_imbalance_bug.cold.48+0xcc/0xd8 kernel/locking/lockdep.c:3394 __lock_release kernel/locking/lockdep.c:3604 [inline] lock_release+0x720/0xa00 kernel/locking/lockdep.c:3863 __mutex_unlock_slowpath+0x102/0x8c0 kernel/locking/mutex.c:1197 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713 ucma_event_handler+0x788/0xff0 drivers/infiniband/core/ucma.c:394 addr_handler+0x311/0x430 drivers/infiniband/core/cma.c:2882 process_one_req+0x1a6/0x940 drivers/infiniband/core/addr.c:570 process_one_work+0xc90/0x1c40 kernel/workqueue.c:2153 worker_thread+0x17f/0x1390 kernel/workqueue.c:2296 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:350 kobject: 'loop0' (0000000062838517): fill_kobj_path: path = '/devices/virtual/block/loop0' FAULT_INJECTION: forcing a failure. name failslab, interval 1, probability 0, space 0, times 0 kobject: 'loop5' (0000000050c3ea0c): kobject_uevent_env kobject: 'loop5' (0000000050c3ea0c): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop1' (00000000f10dac00): kobject_uevent_env kobject: 'loop1' (00000000f10dac00): fill_kobj_path: path = '/devices/virtual/block/loop1' rpcbind: RPC call returned error 22 rpcbind: RPC call returned error 22 kobject: 'loop0' (0000000062838517): kobject_uevent_env kobject: 'loop0' (0000000062838517): fill_kobj_path: path = '/devices/virtual/block/loop0' CPU: 1 PID: 8038 Comm: syz-executor5 Not tainted 4.19.0+ #302 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kobject: 'loop1' (00000000f10dac00): kobject_uevent_env Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x244/0x39d lib/dump_stack.c:113 kobject: 'loop1' (00000000f10dac00): fill_kobj_path: path = '/devices/virtual/block/loop1' fail_dump lib/fault-inject.c:51 [inline] should_fail.cold.4+0xa/0x17 lib/fault-inject.c:149 kobject: 'loop1' (00000000f10dac00): kobject_uevent_env kobject: 'loop1' (00000000f10dac00): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop1' (00000000f10dac00): kobject_uevent_env kobject: 'loop1' (00000000f10dac00): fill_kobj_path: path = '/devices/virtual/block/loop1' __should_failslab+0x124/0x180 mm/failslab.c:32 should_failslab+0x9/0x14 mm/slab_common.c:1557 slab_pre_alloc_hook mm/slab.h:423 [inline] slab_alloc mm/slab.c:3378 [inline] __do_kmalloc mm/slab.c:3716 [inline] __kmalloc_track_caller+0x5f/0x750 mm/slab.c:3733 __do_krealloc mm/slab_common.c:1468 [inline] __krealloc+0x6f/0xb0 mm/slab_common.c:1490 nf_ct_ext_add+0x369/0x7b0 net/netfilter/nf_conntrack_extend.c:76 kobject: 'loop1' (00000000f10dac00): kobject_uevent_env nf_ct_labels_ext_add include/net/netfilter/nf_conntrack_labels.h:34 [inline] init_conntrack.isra.47+0x730/0x13c0 net/netfilter/nf_conntrack_core.c:1379 kobject: 'loop1' (00000000f10dac00): fill_kobj_path: path = '/devices/virtual/block/loop1' resolve_normal_ct net/netfilter/nf_conntrack_core.c:1460 [inline] nf_conntrack_in+0xc7d/0x13b0 net/netfilter/nf_conntrack_core.c:1566 ipv6_conntrack_local+0x1d/0x30 net/netfilter/nf_conntrack_proto.c:441 nf_hook_entry_hookfn include/linux/netfilter.h:119 [inline] nf_hook_slow+0xc2/0x1c0 net/netfilter/core.c:511 nf_hook include/linux/netfilter.h:244 [inline] __ip6_local_out+0x5d1/0xbb0 net/ipv6/output_core.c:164 ip6_local_out+0x2d/0x1b0 net/ipv6/output_core.c:174 ip6_send_skb+0xbc/0x340 net/ipv6/ip6_output.c:1695 ip6_push_pending_frames+0xc5/0xf0 net/ipv6/ip6_output.c:1715 rawv6_push_pending_frames net/ipv6/raw.c:616 [inline] rawv6_sendmsg+0x3786/0x4850 net/ipv6/raw.c:944 inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:631 ___sys_sendmsg+0x7fd/0x930 net/socket.c:2116 __sys_sendmsg+0x11d/0x280 net/socket.c:2154 __do_sys_sendmsg net/socket.c:2163 [inline] __se_sys_sendmsg net/socket.c:2161 [inline] __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2161 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457569 Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f28ce58fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f28ce58fc90 RCX: 0000000000457569 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28ce5906d4 R13: 00000000004c3522 R14: 00000000004d5328 R15: 0000000000000004 kobject: 'loop4' (000000004416b037): kobject_uevent_env kobject: 'loop4' (000000004416b037): fill_kobj_path: path = '/devices/virtual/block/loop4' rpcbind: RPC call returned error 22 kobject: 'loop5' (0000000050c3ea0c): kobject_uevent_env kobject: 'loop5' (0000000050c3ea0c): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (000000004416b037): kobject_uevent_env kobject: 'loop4' (000000004416b037): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (000000008f176d28): kobject_uevent_env kobject: 'loop2' (000000008f176d28): fill_kobj_path: path = '/devices/virtual/block/loop2'