===================================== WARNING: bad unlock balance detected! 5.0.0-rc8+ #88 Not tainted ------------------------------------- syz-executor.3/10774 is trying to release lock (&file->mut) at: [] ucma_destroy_id+0x24c/0x4a0 drivers/infiniband/core/ucma.c:628 but there are no more locks to release! other info that might help us debug this: kobject: 'loop2' (0000000044ae2a06): kobject_uevent_env 1 lock held by syz-executor.3/10774: #0: 00000000d8a5b39b (&file->mut){+.+.}, at: ucma_destroy_id+0x1e9/0x4a0 drivers/infiniband/core/ucma.c:626 stack backtrace: CPU: 0 PID: 10774 Comm: syz-executor.3 Not tainted 5.0.0-rc8+ #88 kobject: 'loop2' (0000000044ae2a06): fill_kobj_path: path = '/devices/virtual/block/loop2' Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_unlock_imbalance_bug kernel/locking/lockdep.c:3391 [inline] print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3368 __lock_release kernel/locking/lockdep.c:3601 [inline] lock_release+0x67e/0xa00 kernel/locking/lockdep.c:3860 __mutex_unlock_slowpath+0x8e/0x6b0 kernel/locking/mutex.c:1197 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713 ucma_destroy_id+0x24c/0x4a0 drivers/infiniband/core/ucma.c:628 kobject: 'loop1' (0000000074d78af2): kobject_uevent_env ucma_write+0x2da/0x3c0 drivers/infiniband/core/ucma.c:1689 __vfs_write+0x116/0x8e0 fs/read_write.c:485 vfs_write+0x20c/0x580 fs/read_write.c:549 ksys_write+0xea/0x1f0 fs/read_write.c:598 __do_sys_write fs/read_write.c:610 [inline] __se_sys_write fs/read_write.c:607 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:607 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457e29 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f0c89ea9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 RDX: 0000000000000018 RSI: 0000000020000040 RDI: 0000000000000005 RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0c89eaa6d4 R13: 00000000004cd828 R14: 00000000004dcae8 R15: 00000000ffffffff kobject: 'loop1' (0000000074d78af2): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'vet' (000000006aa546e3): kobject_cleanup, parent (null) kobject: 'vet' (000000006aa546e3): calling ktype release kobject: 'vet': free name kobject: 'loop4' (0000000095a02cde): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop4' (0000000095a02cde): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'integrity' (00000000e106fa19): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'loop2' (0000000044ae2a06): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop2' (0000000044ae2a06): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'integrity' (00000000e106fa19): kobject_uevent_env: filter function caused the event to drop! kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'integrity' (00000000e106fa19): kobject_cleanup, parent (null) kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'integrity' (00000000e106fa19): does not have a release() function, it is broken and must be fixed. See Documentation/kobject.txt. kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'integrity': free name kobject: '7:0' (00000000150f93f2): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: '7:0' (00000000150f93f2): fill_kobj_path: path = '/devices/virtual/bdi/7:0' kobject: '7:0' (00000000150f93f2): kobject_cleanup, parent (null) kobject: '7:0' (00000000150f93f2): calling ktype release kobject: '7:0': free name kobject: 'mq' (000000006f90f575): kobject_uevent_env kobject: 'mq' (000000006f90f575): kobject_uevent_env: filter function caused the event to drop! kobject: 'queue' (000000007ae9286b): kobject_uevent_env kobject: 'queue' (000000007ae9286b): kobject_uevent_env: filter function caused the event to drop! kobject: 'iosched' (00000000bdf88e66): kobject_uevent_env kobject: 'iosched' (00000000bdf88e66): kobject_uevent_env: attempted to send uevent without kset! kobject: 'holders' (000000008760eb5b): kobject_cleanup, parent 0000000056dcc378 kobject: 'holders' (000000008760eb5b): auto cleanup kobject_del kobject: 'holders' (000000008760eb5b): calling ktype release kobject: (000000008760eb5b): dynamic_kobj_release kobject: 'holders': free name kobject: 'slaves' (00000000167560bd): kobject_cleanup, parent 0000000056dcc378 kobject: 'slaves' (00000000167560bd): auto cleanup kobject_del kobject: 'slaves' (00000000167560bd): calling ktype release kobject: (00000000167560bd): dynamic_kobj_release kobject: 'slaves': free name kobject: 'loop0' (0000000056dcc378): kobject_uevent_env kobject: 'loop0' (0000000056dcc378): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'iosched' (00000000bdf88e66): kobject_cleanup, parent (null) kobject: 'iosched' (00000000bdf88e66): calling ktype release kobject: 'iosched': free name kobject: 'loop0' (0000000056dcc378): kobject_cleanup, parent (null) kobject: 'loop0' (0000000056dcc378): calling ktype release kobject: 'queue' (000000007ae9286b): kobject_cleanup, parent (null) kobject: '7:0' (0000000046e45124): kobject_add_internal: parent: 'bdi', set: 'devices' kobject: 'queue' (000000007ae9286b): calling ktype release kobject: '7:0' (0000000046e45124): kobject_uevent_env kobject: 'queue': free name kobject: '7:0' (0000000046e45124): fill_kobj_path: path = '/devices/virtual/bdi/7:0' kobject: '0' (00000000b83374c3): kobject_cleanup, parent (null) kobject: '0' (00000000b83374c3): calling ktype release kobject: '0': free name kobject: 'cpu0' (000000000b3eef0e): kobject_cleanup, parent (null) kobject: 'cpu0' (000000000b3eef0e): calling ktype release kobject: 'cpu0': free name kobject: 'cpu1' (00000000313dcf31): kobject_cleanup, parent (null) kobject: 'cpu1' (00000000313dcf31): calling ktype release kobject: 'cpu1': free name kobject: 'mq' (000000006f90f575): kobject_cleanup, parent (null) kobject: 'mq' (000000006f90f575): calling ktype release kobject: 'mq': free name kobject: 'loop0': free name kobject: 'loop0' (00000000defd077b): kobject_add_internal: parent: 'block', set: 'devices' TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. kobject: 'loop0' (00000000defd077b): kobject_uevent_env kobject: 'loop0' (00000000defd077b): kobject_uevent_env: uevent_suppress caused the event to drop! kobject: 'holders' (00000000bddd4fd8): kobject_add_internal: parent: 'loop0', set: '' kobject: 'slaves' (00000000beea10ef): kobject_add_internal: parent: 'loop0', set: '' kobject: 'loop0' (00000000defd077b): kobject_uevent_env kobject: 'loop0' (00000000defd077b): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'queue' (00000000eff21988): kobject_add_internal: parent: 'loop0', set: '' kobject: 'mq' (00000000827f605e): kobject_add_internal: parent: 'loop0', set: '' kobject: 'mq' (00000000827f605e): kobject_uevent_env kobject: 'mq' (00000000827f605e): kobject_uevent_env: filter function caused the event to drop! kobject: '0' (00000000725b0b17): kobject_add_internal: parent: 'mq', set: '' kobject: 'cpu0' (000000000caca8c6): kobject_add_internal: parent: '0', set: '' kobject: 'cpu1' (00000000a54af55b): kobject_add_internal: parent: '0', set: '' kobject: 'queue' (00000000eff21988): kobject_uevent_env kobject: 'queue' (00000000eff21988): kobject_uevent_env: filter function caused the event to drop! kobject: 'iosched' (000000003f502d4f): kobject_add_internal: parent: 'queue', set: '' kobject: 'iosched' (000000003f502d4f): kobject_uevent_env kobject: 'iosched' (000000003f502d4f): kobject_uevent_env: filter function caused the event to drop! kobject: 'integrity' (000000003e5f5fa7): kobject_add_internal: parent: 'loop0', set: '' kobject: 'integrity' (000000003e5f5fa7): kobject_uevent_env kobject: 'integrity' (000000003e5f5fa7): kobject_uevent_env: filter function caused the event to drop! kobject: 'loop5' (0000000007b64f76): kobject_uevent_env kobject: 'loop5' (0000000007b64f76): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop1' (0000000074d78af2): kobject_uevent_env kobject: 'loop1' (0000000074d78af2): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'loop4' (0000000095a02cde): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'loop4' (0000000095a02cde): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop2' (0000000044ae2a06): kobject_uevent_env kobject: 'loop2' (0000000044ae2a06): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop0' (00000000defd077b): kobject_uevent_env kobject: 'loop0' (00000000defd077b): fill_kobj_path: path = '/devices/virtual/block/loop0' kobject: 'kvm' (00000000d96d494a): kobject_uevent_env kobject: 'kvm' (00000000d96d494a): fill_kobj_path: path = '/devices/virtual/misc/kvm' kobject: 'loop1' (0000000074d78af2): kobject_uevent_env kobject: 'loop1' (0000000074d78af2): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop5' (0000000007b64f76): kobject_uevent_env kobject: 'loop5' (0000000007b64f76): fill_kobj_path: path = '/devices/virtual/block/loop5'