bisecting cause commit starting from 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 building syzkaller on be531bb42381b245eed805e49fd889d1c2118c76 testing commit 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: df469117eeb74b119d544ba150623473aa49587defcd82a2ffc17c7c3bb722a6 run #0: crashed: KASAN: use-after-free Read in unmap_page_range run #1: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #2: crashed: KASAN: out-of-bounds Read in unmap_page_range run #3: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #4: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #5: crashed: KASAN: use-after-free Read in unmap_page_range run #6: crashed: KASAN: use-after-free Read in unmap_page_range run #7: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #8: crashed: KASAN: out-of-bounds Read in unmap_page_range run #9: crashed: KASAN: use-after-free Read in unmap_page_range run #10: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #11: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #12: crashed: KASAN: use-after-free Read in unmap_page_range run #13: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #14: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #15: crashed: KASAN: use-after-free Read in unmap_page_range run #16: crashed: KASAN: use-after-free Read in unmap_page_range run #17: crashed: KASAN: use-after-free Read in unmap_page_range run #18: crashed: KASAN: use-after-free Read in __oom_reap_task_mm run #19: crashed: KASAN: use-after-free Read in __oom_reap_task_mm testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 836d1ba0693bb05668a15eadc4e121d3411fd2de1d5a1d53ebf89379cea0ad68 all runs: OK # git bisect start 1fc596a56b334f4d593a2b49e5ff55af6aaa0816 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 6493 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 529d30f87c112a34881139f7d5e4883f81489db7af92568fe10b0bdd968cf6ad run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: crashed: KASAN: use-after-free Read in __d_alloc run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: crashed: KASAN: use-after-free Read in __d_alloc run #7: crashed: KASAN: use-after-free Read in __d_alloc run #8: OK run #9: OK # git bisect bad 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 3024 revisions left to test after this (roughly 12 steps) [9e9fb7655ed585da8f468e29221f0ba194a5f613] Merge tag 'net-next-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 9e9fb7655ed585da8f468e29221f0ba194a5f613 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 9e9fb7655ed585da8f468e29221f0ba194a5f613 Bisecting: 3024 revisions left to test after this (roughly 12 steps) [7a47c52142c18a9239c5afea2c9656c68d3f22e7] s390/ccwgroup: Drop if with an always false condition testing commit 7a47c52142c18a9239c5afea2c9656c68d3f22e7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c3211fcb5a23eb66943bc1b9e0d3d117f2dcac880bd2a4cf6e864f322421801d all runs: OK # git bisect good 7a47c52142c18a9239c5afea2c9656c68d3f22e7 Bisecting: 3021 revisions left to test after this (roughly 12 steps) [05e45887382c4c0f9522515759b34991aa17e69d] rtw88: wow: build wow function only if CONFIG_PM is on testing commit 05e45887382c4c0f9522515759b34991aa17e69d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9a7d2d260d86ac20df4f748194f58254842a35bb9400531e06a9ec634f7d42eb all runs: OK # git bisect good 05e45887382c4c0f9522515759b34991aa17e69d Bisecting: 3021 revisions left to test after this (roughly 12 steps) [f462a446384d0c00c6e457f7e8eb2053b095a2f1] mptcp: build ADD_ADDR/echo-ADD_ADDR option according pm.add_signal testing commit f462a446384d0c00c6e457f7e8eb2053b095a2f1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2f8f9f4b8767f92d549bc5b3a010b3016d48f653667dcb6b5bba43ea193d6e43 all runs: OK # git bisect good f462a446384d0c00c6e457f7e8eb2053b095a2f1 Bisecting: 2808 revisions left to test after this (roughly 11 steps) [c6c3c5704ba70820f6b632982abde06661b7222a] Merge tag 'driver-core-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit c6c3c5704ba70820f6b632982abde06661b7222a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip c6c3c5704ba70820f6b632982abde06661b7222a Bisecting: 2808 revisions left to test after this (roughly 11 steps) [97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1] drm: xlnx: zynqmp_dpsub: Update dependencies for ZynqMP DP testing commit 97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1b4f61e82b95d13286165af4d9a179853deb6e7b6e301cd090762168aba71a6e all runs: OK # git bisect good 97271c7ee1cfb2c3fcc951e4031ffabb7c33f5b1 Bisecting: 2356 revisions left to test after this (roughly 11 steps) [6c4e675ad3594526d6604a7d30f1defdd08a42e4] cifsd: fix list_add double add BUG_ON trap in setup_async_work() testing commit 6c4e675ad3594526d6604a7d30f1defdd08a42e4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 299905a020d1c6e25bd6d41f584386e5945c19a648800c427d303c91e5bfff56 all runs: OK # git bisect good 6c4e675ad3594526d6604a7d30f1defdd08a42e4 Bisecting: 2356 revisions left to test after this (roughly 11 steps) [933864af118166655ec5d1075f2bee0bb3bea95c] drm/i915/guc: Enable the timer expired interrupt for GuC testing commit 933864af118166655ec5d1075f2bee0bb3bea95c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bd9ee9d016fab5e23773658c91754b5c91ad162a5c3ea38ed2c8f13af9ebf912 run #0: crashed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 933864af118166655ec5d1075f2bee0bb3bea95c Bisecting: 104 revisions left to test after this (roughly 7 steps) [1ccf7294b76d28d5151f024351c747ccf101d66e] drm/i915/guc: Relax CTB response timeout testing commit 1ccf7294b76d28d5151f024351c747ccf101d66e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bd9ee9d016fab5e23773658c91754b5c91ad162a5c3ea38ed2c8f13af9ebf912 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: crashed: BUG: sleeping function called from invalid context in stack_depot_save run #2: crashed: possible deadlock in fs_reclaim_acquire run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 1ccf7294b76d28d5151f024351c747ccf101d66e Bisecting: 52 revisions left to test after this (roughly 6 steps) [53fe9cf2dafe2b0382a4e682e4eebe0a442dcb5a] drm/i915/selftest: Extend ctx_timestamp ICL workaround to GEN11 testing commit 53fe9cf2dafe2b0382a4e682e4eebe0a442dcb5a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good 53fe9cf2dafe2b0382a4e682e4eebe0a442dcb5a Bisecting: 25 revisions left to test after this (roughly 5 steps) [5ac545b8b0145cfa8123f8e9ddc066da49eec261] drm/i915/request: Remove the hook from await_execution testing commit 5ac545b8b0145cfa8123f8e9ddc066da49eec261 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good 5ac545b8b0145cfa8123f8e9ddc066da49eec261 Bisecting: 12 revisions left to test after this (roughly 4 steps) [a4c1cdd34e2cda620c9749ae6adec49b4b011d47] drm/i915/gem: Delay context creation (v3) testing commit a4c1cdd34e2cda620c9749ae6adec49b4b011d47 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good a4c1cdd34e2cda620c9749ae6adec49b4b011d47 Bisecting: 5 revisions left to test after this (roughly 3 steps) [b3f450d9e1f386cda3e15f76efcb1b763d9a2856] drm/i915: use consistent CPU mappings for pin_map users testing commit b3f450d9e1f386cda3e15f76efcb1b763d9a2856 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good b3f450d9e1f386cda3e15f76efcb1b763d9a2856 Bisecting: 2 revisions left to test after this (roughly 2 steps) [28ec02c9cbebf3feeaf21a59df9dfbc02bda3362] drm/i915: Implement Wa_1508744258 testing commit 28ec02c9cbebf3feeaf21a59df9dfbc02bda3362 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good 28ec02c9cbebf3feeaf21a59df9dfbc02bda3362 Bisecting: 1 revision left to test after this (roughly 1 step) [5d4ed4f8b5efd347d761ee98c3a6e4e42e23f67e] drm/i915/adl_s: Extend Wa_1406941453 testing commit 5d4ed4f8b5efd347d761ee98c3a6e4e42e23f67e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d7706f9515fac18e419517ecd15b339e533c8fc08c93464c90658441ea337cfe all runs: OK # git bisect good 5d4ed4f8b5efd347d761ee98c3a6e4e42e23f67e Bisecting: 0 revisions left to test after this (roughly 0 steps) [611ac726f9ebbb12f2113e5345ef109660954eeb] Merge drm/drm-next into drm-intel-gt-next testing commit 611ac726f9ebbb12f2113e5345ef109660954eeb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bd9ee9d016fab5e23773658c91754b5c91ad162a5c3ea38ed2c8f13af9ebf912 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 611ac726f9ebbb12f2113e5345ef109660954eeb 1ccf7294b76d28d5151f024351c747ccf101d66e is the first bad commit commit 1ccf7294b76d28d5151f024351c747ccf101d66e Author: Matthew Brost Date: Thu Jul 8 09:20:49 2021 -0700 drm/i915/guc: Relax CTB response timeout In upcoming patch we will allow more CTB requests to be sent in parallel to the GuC for processing, so we shouldn't assume any more that GuC will always reply without 10ms. Use bigger value hardcoded value of 1s instead. v2: Add CONFIG_DRM_I915_GUC_CTB_TIMEOUT config option v3: (Daniel Vetter) - Use hardcoded value of 1s rather than config option v4: (Michal) - Use defines for timeout values Signed-off-by: Matthew Brost Cc: Michal Wajdeczko Reviewed-by: Michal Wajdeczko Signed-off-by: John Harrison Link: https://patchwork.freedesktop.org/patch/msgid/20210708162055.129996-2-matthew.brost@intel.com drivers/gpu/drm/i915/gt/uc/intel_guc_ct.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) culprit signature: bd9ee9d016fab5e23773658c91754b5c91ad162a5c3ea38ed2c8f13af9ebf912 parent signature: bd9ee9d016fab5e23773658c91754b5c91ad162a5c3ea38ed2c8f13af9ebf912 Reproducer flagged being flaky revisions tested: 17, total time: 5h12m51.891317586s (build: 1h59m14.718203169s, test: 3h11m34.259124883s) first bad commit: 1ccf7294b76d28d5151f024351c747ccf101d66e drm/i915/guc: Relax CTB response timeout recipients (to): ["john.c.harrison@intel.com" "matthew.brost@intel.com" "michal.wajdeczko@intel.com"] recipients (cc): [] crash: possible deadlock in fs_reclaim_acquire ====================================================== WARNING: possible circular locking dependency detected 5.14.0-rc1-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.2/10173 is trying to acquire lock: ffffffff8ac8e380 (fs_reclaim){+.+.}-{0:0}, at: fs_reclaim_acquire+0xf7/0x160 mm/page_alloc.c:4574 but task is already holding lock: ffff8880b9e4d620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 mm/page_alloc.c:5279 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (lock#2){-.-.}-{2:2}: local_lock_acquire include/linux/local_lock_internal.h:42 [inline] free_unref_page+0x1bf/0x690 mm/page_alloc.c:3427 mm_free_pgd kernel/fork.c:636 [inline] __mmdrop+0xb9/0x350 kernel/fork.c:687 mmdrop include/linux/sched/mm.h:49 [inline] finish_task_switch.isra.0+0x792/0xb40 kernel/sched/core.c:4582 context_switch kernel/sched/core.c:4686 [inline] __schedule+0xb07/0x5910 kernel/sched/core.c:5940 preempt_schedule_irq+0x4e/0x90 kernel/sched/core.c:6328 irqentry_exit+0x31/0x80 kernel/entry/common.c:427 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 lock_acquire+0x1ef/0x510 kernel/locking/lockdep.c:5593 fs_reclaim_acquire mm/page_alloc.c:4569 [inline] fs_reclaim_acquire+0xd2/0x160 mm/page_alloc.c:4560 prepare_alloc_pages+0x15c/0x580 mm/page_alloc.c:5164 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 pagecache_get_page+0x247/0xfe0 mm/filemap.c:1885 grab_cache_page_write_begin+0x44/0x80 mm/filemap.c:3610 ext4_da_write_begin+0x2b3/0xd90 fs/ext4/inode.c:2984 generic_perform_write+0x1c6/0x430 mm/filemap.c:3656 ext4_buffered_write_iter+0x1ea/0x440 fs/ext4/file.c:269 ext4_file_write_iter+0x383/0x1160 fs/ext4/file.c:680 call_write_iter include/linux/fs.h:2114 [inline] new_sync_write+0x35d/0x5f0 fs/read_write.c:518 vfs_write+0x5b1/0x880 fs/read_write.c:605 ksys_write+0xf4/0x1d0 fs/read_write.c:658 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> #1 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}: fs_reclaim_acquire mm/page_alloc.c:4569 [inline] fs_reclaim_acquire+0xd2/0x160 mm/page_alloc.c:4560 might_alloc include/linux/sched/mm.h:198 [inline] slab_pre_alloc_hook mm/slab.h:485 [inline] slab_alloc_node mm/slub.c:2902 [inline] slab_alloc mm/slub.c:2989 [inline] kmem_cache_alloc_trace+0x3b/0x3c0 mm/slub.c:3006 kmalloc include/linux/slab.h:591 [inline] kzalloc include/linux/slab.h:721 [inline] alloc_workqueue_attrs+0x33/0x70 kernel/workqueue.c:3365 wq_numa_init kernel/workqueue.c:5899 [inline] workqueue_init+0x67/0x7d6 kernel/workqueue.c:6031 kernel_init_freeable+0x337/0x60c init/main.c:1577 kernel_init+0x14/0x120 init/main.c:1485 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 -> #0 (fs_reclaim){+.+.}-{0:0}: check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add kernel/locking/lockdep.c:3174 [inline] validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5015 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __fs_reclaim_acquire mm/page_alloc.c:4552 [inline] fs_reclaim_acquire+0x117/0x160 mm/page_alloc.c:4566 prepare_alloc_pages+0x15c/0x580 mm/page_alloc.c:5164 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 alloc_thread_stack_node kernel/fork.c:245 [inline] dup_task_struct kernel/fork.c:875 [inline] copy_process+0x6fc/0x6960 kernel/fork.c:1952 kernel_clone+0xb8/0x7f0 kernel/fork.c:2509 __do_sys_fork+0x83/0xc0 kernel/fork.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae other info that might help us debug this: Chain exists of: fs_reclaim --> mmu_notifier_invalidate_range_start --> lock#2 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(lock#2); lock(mmu_notifier_invalidate_range_start); lock(lock#2); lock(fs_reclaim); *** DEADLOCK *** 1 lock held by syz-executor.2/10173: #0: ffff8880b9e4d620 (lock#2){-.-.}-{2:2}, at: __alloc_pages_bulk+0x4ad/0x1870 mm/page_alloc.c:5279 stack backtrace: CPU: 0 PID: 10173 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2131 check_prev_add kernel/locking/lockdep.c:3051 [inline] check_prevs_add kernel/locking/lockdep.c:3174 [inline] validate_chain kernel/locking/lockdep.c:3789 [inline] __lock_acquire+0x2985/0x5410 kernel/locking/lockdep.c:5015 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __fs_reclaim_acquire mm/page_alloc.c:4552 [inline] fs_reclaim_acquire+0x117/0x160 mm/page_alloc.c:4566 prepare_alloc_pages+0x15c/0x580 mm/page_alloc.c:5164 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 alloc_thread_stack_node kernel/fork.c:245 [inline] dup_task_struct kernel/fork.c:875 [inline] copy_process+0x6fc/0x6960 kernel/fork.c:1952 kernel_clone+0xb8/0x7f0 kernel/fork.c:2509 __do_sys_fork+0x83/0xc0 kernel/fork.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc77b496a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc77ac0c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 00007fc77b5a9f60 RCX: 00007fc77b496a39 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc77b4f0e8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcac3f532f R14: 00007fc77ac0c300 R15: 0000000000022000 BUG: sleeping function called from invalid context at mm/page_alloc.c:5167 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 10173, name: syz-executor.2 INFO: lockdep is turned off. irq event stamp: 52 hardirqs last enabled at (51): [] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] hardirqs last enabled at (51): [] _raw_spin_unlock_irqrestore+0x50/0x70 kernel/locking/spinlock.c:191 hardirqs last disabled at (52): [] __alloc_pages_bulk+0x1017/0x1870 mm/page_alloc.c:5279 softirqs last enabled at (0): [] copy_process+0x1abd/0x6960 kernel/fork.c:2065 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 0 PID: 10173 Comm: syz-executor.2 Not tainted 5.14.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:9154 prepare_alloc_pages+0x3da/0x580 mm/page_alloc.c:5167 __alloc_pages+0x12f/0x500 mm/page_alloc.c:5363 stack_depot_save+0x39d/0x4e0 lib/stackdepot.c:303 save_stack+0x131/0x1a0 mm/page_owner.c:120 __set_page_owner+0x2e/0x250 mm/page_owner.c:181 prep_new_page mm/page_alloc.c:2433 [inline] __alloc_pages_bulk+0x8b9/0x1870 mm/page_alloc.c:5301 alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline] vm_area_alloc_pages mm/vmalloc.c:2793 [inline] __vmalloc_area_node mm/vmalloc.c:2863 [inline] __vmalloc_node_range+0x2f6/0x7e0 mm/vmalloc.c:2966 alloc_thread_stack_node kernel/fork.c:245 [inline] dup_task_struct kernel/fork.c:875 [inline] copy_process+0x6fc/0x6960 kernel/fork.c:1952 kernel_clone+0xb8/0x7f0 kernel/fork.c:2509 __do_sys_fork+0x83/0xc0 kernel/fork.c:2572 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fc77b496a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc77ac0c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000039 RAX: ffffffffffffffda RBX: 00007fc77b5a9f60 RCX: 00007fc77b496a39 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00007fc77b4f0e8f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcac3f532f R14: 00007fc77ac0c300 R15: 0000000000022000