====================================================== WARNING: possible circular locking dependency detected 5.14.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.1/18883 is trying to acquire lock: ffffffff8c7d6b20 (fs_reclaim){+.+.}-{0:0}, at: __fs_reclaim_acquire+0x0/0x30 mm/page_alloc.c:4210 but task is already holding lock: ffff8880b9c4d0c8 (lock#2){..-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (lock#2){..-.}-{2:2}: lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625 local_lock_acquire+0x23/0x130 include/linux/local_lock_internal.h:42 free_unref_page+0x242/0x550 mm/page_alloc.c:3427 mm_free_pgd kernel/fork.c:636 [inline] __mmdrop+0xae/0x3f0 kernel/fork.c:687 mmdrop include/linux/sched/mm.h:49 [inline] finish_task_switch+0x221/0x630 kernel/sched/core.c:4582 context_switch kernel/sched/core.c:4686 [inline] __schedule+0xc0f/0x11f0 kernel/sched/core.c:5940 preempt_schedule_irq+0xe3/0x190 kernel/sched/core.c:6328 irqentry_exit+0x56/0x90 kernel/entry/common.c:427 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 lock_acquire+0x1e7/0x4a0 kernel/locking/lockdep.c:5629 __fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4552 fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4566 might_alloc include/linux/sched/mm.h:198 [inline] slab_pre_alloc_hook mm/slab.h:485 [inline] slab_alloc_node mm/slub.c:2902 [inline] slab_alloc mm/slub.c:2989 [inline] kmem_cache_alloc+0x3a/0x340 mm/slub.c:2994 inotify_new_watch fs/notify/inotify/inotify_user.c:576 [inline] inotify_update_watch fs/notify/inotify/inotify_user.c:623 [inline] __do_sys_inotify_add_watch fs/notify/inotify/inotify_user.c:761 [inline] __se_sys_inotify_add_watch+0x60e/0xb00 fs/notify/inotify/inotify_user.c:704 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174 validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015 lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625 __fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4552 fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4566 prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5164 __alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5363 stack_depot_save+0x361/0x490 lib/stackdepot.c:303 save_stack+0xf9/0x1f0 mm/page_owner.c:120 __set_page_owner+0x42/0x2f0 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2966 vmalloc_user+0x70/0x80 mm/vmalloc.c:3101 rxe_queue_init+0x28b/0x540 drivers/infiniband/sw/rxe/rxe_queue.c:89 rxe_cq_from_init+0xc1/0x390 drivers/infiniband/sw/rxe/rxe_cq.c:69 rxe_create_cq+0x1a1/0x2a0 drivers/infiniband/sw/rxe/rxe_verbs.c:801 __ib_alloc_cq+0x2c6/0xc30 drivers/infiniband/core/cq.c:241 ib_alloc_cq include/rdma/ib_verbs.h:3808 [inline] ib_mad_port_open drivers/infiniband/core/mad.c:2978 [inline] ib_mad_init_device+0xa00/0x2e00 drivers/infiniband/core/mad.c:3082 add_client_context+0x4f6/0x830 drivers/infiniband/core/device.c:718 enable_device_and_get+0x1ab/0x3e0 drivers/infiniband/core/device.c:1329 ib_register_device+0x113b/0x14e0 drivers/infiniband/core/device.c:1417 rxe_register_device+0x27c/0x390 drivers/infiniband/sw/rxe/rxe_verbs.c:1184 rxe_net_add+0x73/0xd0 drivers/infiniband/sw/rxe/rxe_net.c:499 rxe_newlink+0x65/0x100 drivers/infiniband/sw/rxe/rxe.c:270 nldev_newlink+0x532/0x5e0 drivers/infiniband/core/nldev.c:1708 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline] rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6f1/0xa30 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x7de/0x9b0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x9e7/0xe00 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:702 [inline] sock_sendmsg net/socket.c:722 [inline] ____sys_sendmsg+0x5a2/0x900 net/socket.c:2385 ___sys_sendmsg net/socket.c:2439 [inline] __sys_sendmsg+0x319/0x400 net/socket.c:2468 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(lock#2); lock(fs_reclaim); lock(lock#2); lock(fs_reclaim); *** DEADLOCK *** 6 locks held by syz-executor.1/18883: #0: ffffffff90b43e58 (&rdma_nl_types[idx].sem){.+.+}-{3:3}, at: rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:164 [inline] #0: ffffffff90b43e58 (&rdma_nl_types[idx].sem){.+.+}-{3:3}, at: rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] #0: ffffffff90b43e58 (&rdma_nl_types[idx].sem){.+.+}-{3:3}, at: rdma_nl_rcv+0x33a/0xa30 drivers/infiniband/core/netlink.c:259 #1: ffffffff8d54a650 (link_ops_rwsem){++++}-{3:3}, at: nldev_newlink+0x395/0x5e0 drivers/infiniband/core/nldev.c:1698 #2: ffffffff8d53d090 (devices_rwsem){++++}-{3:3}, at: enable_device_and_get+0xf2/0x3e0 drivers/infiniband/core/device.c:1319 #3: ffffffff8d53d390 (clients_rwsem){++++}-{3:3}, at: enable_device_and_get+0x152/0x3e0 drivers/infiniband/core/device.c:1327 #4: ffff8880219f45a8 (&device->client_data_rwsem){++++}-{3:3}, at: add_client_context+0x4ba/0x830 drivers/infiniband/core/device.c:716 #5: ffff8880b9c4d0c8 (lock#2){..-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41 stack backtrace: CPU: 0 PID: 18883 Comm: syz-executor.1 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105 print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2009 check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2131 check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174 validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015 lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625 __fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4552 fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4566 prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5164 __alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5363 stack_depot_save+0x361/0x490 lib/stackdepot.c:303 save_stack+0xf9/0x1f0 mm/page_owner.c:120 __set_page_owner+0x42/0x2f0 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2966 vmalloc_user+0x70/0x80 mm/vmalloc.c:3101 rxe_queue_init+0x28b/0x540 drivers/infiniband/sw/rxe/rxe_queue.c:89 rxe_cq_from_init+0xc1/0x390 drivers/infiniband/sw/rxe/rxe_cq.c:69 rxe_create_cq+0x1a1/0x2a0 drivers/infiniband/sw/rxe/rxe_verbs.c:801 __ib_alloc_cq+0x2c6/0xc30 drivers/infiniband/core/cq.c:241 ib_alloc_cq include/rdma/ib_verbs.h:3808 [inline] ib_mad_port_open drivers/infiniband/core/mad.c:2978 [inline] ib_mad_init_device+0xa00/0x2e00 drivers/infiniband/core/mad.c:3082 add_client_context+0x4f6/0x830 drivers/infiniband/core/device.c:718 enable_device_and_get+0x1ab/0x3e0 drivers/infiniband/core/device.c:1329 ib_register_device+0x113b/0x14e0 drivers/infiniband/core/device.c:1417 rxe_register_device+0x27c/0x390 drivers/infiniband/sw/rxe/rxe_verbs.c:1184 rxe_net_add+0x73/0xd0 drivers/infiniband/sw/rxe/rxe_net.c:499 rxe_newlink+0x65/0x100 drivers/infiniband/sw/rxe/rxe.c:270 nldev_newlink+0x532/0x5e0 drivers/infiniband/core/nldev.c:1708 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline] rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6f1/0xa30 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x7de/0x9b0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x9e7/0xe00 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:702 [inline] sock_sendmsg net/socket.c:722 [inline] ____sys_sendmsg+0x5a2/0x900 net/socket.c:2385 ___sys_sendmsg net/socket.c:2439 [inline] __sys_sendmsg+0x319/0x400 net/socket.c:2468 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f10fd0fb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000004 RSI: 00000000200002c0 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffcd8b778ff R14: 00007f10fd0fb300 R15: 0000000000022000 BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 18883, name: syz-executor.1 INFO: lockdep is turned off. irq event stamp: 4544 hardirqs last enabled at (4543): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (4543): [] _raw_spin_unlock_irqrestore+0x8b/0x120 kernel/locking/spinlock.c:191 hardirqs last disabled at (4544): [] __alloc_pages_bulk+0x801/0x1090 mm/page_alloc.c:5279 softirqs last enabled at (4496): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last enabled at (4496): [] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636 softirqs last disabled at (4371): [] invoke_softirq kernel/softirq.c:432 [inline] softirqs last disabled at (4371): [] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636 CPU: 0 PID: 18883 Comm: syz-executor.1 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105 ___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9154 prepare_alloc_pages+0x1c0/0x5a0 mm/page_alloc.c:5167 __alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5363 stack_depot_save+0x361/0x490 lib/stackdepot.c:303 save_stack+0xf9/0x1f0 mm/page_owner.c:120 __set_page_owner+0x42/0x2f0 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2966 vmalloc_user+0x70/0x80 mm/vmalloc.c:3101 rxe_queue_init+0x28b/0x540 drivers/infiniband/sw/rxe/rxe_queue.c:89 rxe_cq_from_init+0xc1/0x390 drivers/infiniband/sw/rxe/rxe_cq.c:69 rxe_create_cq+0x1a1/0x2a0 drivers/infiniband/sw/rxe/rxe_verbs.c:801 __ib_alloc_cq+0x2c6/0xc30 drivers/infiniband/core/cq.c:241 ib_alloc_cq include/rdma/ib_verbs.h:3808 [inline] ib_mad_port_open drivers/infiniband/core/mad.c:2978 [inline] ib_mad_init_device+0xa00/0x2e00 drivers/infiniband/core/mad.c:3082 add_client_context+0x4f6/0x830 drivers/infiniband/core/device.c:718 enable_device_and_get+0x1ab/0x3e0 drivers/infiniband/core/device.c:1329 ib_register_device+0x113b/0x14e0 drivers/infiniband/core/device.c:1417 rxe_register_device+0x27c/0x390 drivers/infiniband/sw/rxe/rxe_verbs.c:1184 rxe_net_add+0x73/0xd0 drivers/infiniband/sw/rxe/rxe_net.c:499 rxe_newlink+0x65/0x100 drivers/infiniband/sw/rxe/rxe.c:270 nldev_newlink+0x532/0x5e0 drivers/infiniband/core/nldev.c:1708 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline] rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6f1/0xa30 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x7de/0x9b0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x9e7/0xe00 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:702 [inline] sock_sendmsg net/socket.c:722 [inline] ____sys_sendmsg+0x5a2/0x900 net/socket.c:2385 ___sys_sendmsg net/socket.c:2439 [inline] __sys_sendmsg+0x319/0x400 net/socket.c:2468 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f10fd0fb188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9 RDX: 0000000000000004 RSI: 00000000200002c0 RDI: 0000000000000003 RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007ffcd8b778ff R14: 00007f10fd0fb300 R15: 0000000000022000 infiniband syƒ1: Couldn't open port 1 RDS/IB: syƒ1: added smc: adding ib device syƒ1 with port count 1 smc: ib device syƒ1 port 1 has pnetid vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000 vxcan1 speed is unknown, defaulting to 1000