================================ WARNING: inconsistent lock state 6.0.0-rc6-syzkaller-00321-g105a36f3694e-dirty #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. kworker/1:0/22 [HC0[0]:SC1[1]:HE0:SE0] takes: ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: might_alloc include/linux/sched/mm.h:271 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: slab_pre_alloc_hook mm/slab.h:700 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: slab_alloc mm/slab.c:3278 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: __kmem_cache_alloc_lru mm/slab.c:3471 [inline] ffffffff8c0be7e0 (fs_reclaim){+.?.}-{0:0}, at: kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 {SOFTIRQ-ON-W} state was registered at: __trace_hardirqs_on_caller kernel/locking/lockdep.c:4260 [inline] lockdep_hardirqs_on_prepare kernel/locking/lockdep.c:4319 [inline] lockdep_hardirqs_on_prepare+0x28b/0x400 kernel/locking/lockdep.c:4271 trace_hardirqs_on+0x2d/0x120 kernel/trace/trace_preemptirq.c:49 __fs_reclaim_acquire+0x65/0x70 mm/page_alloc.c:4677 fs_reclaim_acquire+0x100/0x150 mm/page_alloc.c:4691 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] kmem_cache_alloc_trace+0x38/0x460 mm/slab.c:3557 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] alloc_workqueue_attrs+0x39/0xc0 kernel/workqueue.c:3394 wq_numa_init kernel/workqueue.c:5964 [inline] workqueue_init+0x12f/0x8ae kernel/workqueue.c:6091 kernel_init_freeable+0x3fb/0x73a init/main.c:1607 kernel_init+0x1a/0x1d0 init/main.c:1512 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 irq event stamp: 475627 hardirqs last enabled at (475626): [] kfree+0x25b/0x390 mm/slab.c:3787 hardirqs last disabled at (475627): [] __fs_reclaim_acquire+0x44/0x70 mm/page_alloc.c:4675 softirqs last enabled at (475612): [] spin_unlock_bh include/linux/spinlock.h:394 [inline] softirqs last enabled at (475612): [] nsim_dev_trap_report drivers/net/netdevsim/dev.c:814 [inline] softirqs last enabled at (475612): [] nsim_dev_trap_report_work+0x869/0xc50 drivers/net/netdevsim/dev.c:844 softirqs last disabled at (475623): [] invoke_softirq kernel/softirq.c:445 [inline] softirqs last disabled at (475623): [] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(fs_reclaim); lock(fs_reclaim); *** DEADLOCK *** 5 locks held by kworker/1:0/22: #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260 #1: ffffc900003dfda8 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264 #2: ffff88807e2f62f8 (&devlink->lock_key){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x54/0xc50 drivers/net/netdevsim/dev.c:835 #3: ffff888022b554e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #3: ffff888022b554e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: nsim_dev_trap_report drivers/net/netdevsim/dev.c:785 [inline] #3: ffff888022b554e0 (&nsim_trap_data->trap_lock){+.+.}-{2:2}, at: nsim_dev_trap_report_work+0x1c8/0xc50 drivers/net/netdevsim/dev.c:844 #4: ffffffff91227508 (&fsnotify_mark_srcu){....}-{0:0}, at: fsnotify+0x2f4/0x1680 fs/notify/fsnotify.c:544 stack backtrace: CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: events nsim_dev_trap_report_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_usage_bug kernel/locking/lockdep.c:3961 [inline] valid_state kernel/locking/lockdep.c:3973 [inline] mark_lock_irq kernel/locking/lockdep.c:4176 [inline] mark_lock.part.0.cold+0x18/0xd8 kernel/locking/lockdep.c:4632 mark_lock kernel/locking/lockdep.c:4596 [inline] mark_usage kernel/locking/lockdep.c:4527 [inline] __lock_acquire+0x11d9/0x56d0 kernel/locking/lockdep.c:5007 lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 __fs_reclaim_acquire+0x60/0x70 mm/page_alloc.c:4676 fs_reclaim_acquire+0x100/0x150 mm/page_alloc.c:4691 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x39/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:memory_is_nonzero mm/kasan/generic.c:114 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xa0/0x180 mm/kasan/generic.c:189 Code: 0f 49 da 49 c1 fb 03 45 85 db 0f 84 cb 00 00 00 45 89 db 4a 8d 14 d8 eb 0d 48 83 c0 08 48 39 d0 0f 84 af 00 00 00 48 83 38 00 <74> ed 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 RSP: 0018:ffffc900003dfbd8 EFLAGS: 00000246 RAX: ffffed10043547d0 RBX: ffffed10043547e9 RCX: ffffffff874f0e44 RDX: ffffed10043547e8 RSI: 00000000000000c8 RDI: ffff888021aa3e80 RBP: ffffed10043547d0 R08: 0000000000000001 R09: ffff888021aa3f47 R10: ffffed10043547e8 R11: 0000000000000003 R12: 00000000000000c8 R13: 0000000000000000 R14: 0000000000000a20 R15: 0000000000001000 memset+0x20/0x40 mm/kasan/shadow.c:44 __alloc_skb+0x114/0x2f0 net/core/skbuff.c:450 alloc_skb include/linux/skbuff.h:1257 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:742 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:799 [inline] nsim_dev_trap_report_work+0x2ad/0xc50 drivers/net/netdevsim/dev.c:844 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 22, name: kworker/1:0 preempt_count: 101, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [<0000000000000000>] 0x0 CPU: 1 PID: 22 Comm: kworker/1:0 Not tainted 6.0.0-rc6-syzkaller-00321-g105a36f3694e-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Workqueue: events nsim_dev_trap_report_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9892 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc mm/slab.c:3278 [inline] __kmem_cache_alloc_lru mm/slab.c:3471 [inline] kmem_cache_alloc+0x381/0x520 mm/slab.c:3491 fanotify_alloc_fid_event fs/notify/fanotify/fanotify.c:580 [inline] fanotify_alloc_event fs/notify/fanotify/fanotify.c:813 [inline] fanotify_handle_event+0x1130/0x3f40 fs/notify/fanotify/fanotify.c:948 send_to_group fs/notify/fsnotify.c:360 [inline] fsnotify+0xafb/0x1680 fs/notify/fsnotify.c:570 __fsnotify_parent+0x62f/0xa60 fs/notify/fsnotify.c:230 fsnotify_parent include/linux/fsnotify.h:77 [inline] fsnotify_file include/linux/fsnotify.h:99 [inline] fsnotify_access include/linux/fsnotify.h:309 [inline] __io_complete_rw_common+0x485/0x720 io_uring/rw.c:195 io_complete_rw+0x1a/0x1f0 io_uring/rw.c:228 iomap_dio_complete_work fs/iomap/direct-io.c:144 [inline] iomap_dio_bio_end_io+0x438/0x5e0 fs/iomap/direct-io.c:178 bio_endio+0x5f9/0x780 block/bio.c:1564 req_bio_endio block/blk-mq.c:695 [inline] blk_update_request+0x3fc/0x1300 block/blk-mq.c:825 scsi_end_request+0x7a/0x9a0 drivers/scsi/scsi_lib.c:541 scsi_io_completion+0x173/0x1f70 drivers/scsi/scsi_lib.c:971 scsi_complete+0x122/0x3b0 drivers/scsi/scsi_lib.c:1438 blk_complete_reqs+0xad/0xe0 block/blk-mq.c:1022 __do_softirq+0x1d3/0x9c6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 common_interrupt+0xa9/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:640 RIP: 0010:memory_is_nonzero mm/kasan/generic.c:114 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xa0/0x180 mm/kasan/generic.c:189 Code: 0f 49 da 49 c1 fb 03 45 85 db 0f 84 cb 00 00 00 45 89 db 4a 8d 14 d8 eb 0d 48 83 c0 08 48 39 d0 0f 84 af 00 00 00 48 83 38 00 <74> ed 48 8d 50 08 eb 09 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 RSP: 0018:ffffc900003dfbd8 EFLAGS: 00000246 RAX: ffffed10043547d0 RBX: ffffed10043547e9 RCX: ffffffff874f0e44 RDX: ffffed10043547e8 RSI: 00000000000000c8 RDI: ffff888021aa3e80 RBP: ffffed10043547d0 R08: 0000000000000001 R09: ffff888021aa3f47 R10: ffffed10043547e8 R11: 0000000000000003 R12: 00000000000000c8 R13: 0000000000000000 R14: 0000000000000a20 R15: 0000000000001000 memset+0x20/0x40 mm/kasan/shadow.c:44 __alloc_skb+0x114/0x2f0 net/core/skbuff.c:450 alloc_skb include/linux/skbuff.h:1257 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:742 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:799 [inline] nsim_dev_trap_report_work+0x2ad/0xc50 drivers/net/netdevsim/dev.c:844 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 ---------------- Code disassembly (best guess): 0: 0f 49 da cmovns %edx,%ebx 3: 49 c1 fb 03 sar $0x3,%r11 7: 45 85 db test %r11d,%r11d a: 0f 84 cb 00 00 00 je 0xdb 10: 45 89 db mov %r11d,%r11d 13: 4a 8d 14 d8 lea (%rax,%r11,8),%rdx 17: eb 0d jmp 0x26 19: 48 83 c0 08 add $0x8,%rax 1d: 48 39 d0 cmp %rdx,%rax 20: 0f 84 af 00 00 00 je 0xd5 26: 48 83 38 00 cmpq $0x0,(%rax) * 2a: 74 ed je 0x19 <-- trapping instruction 2c: 48 8d 50 08 lea 0x8(%rax),%rdx 30: eb 09 jmp 0x3b 32: 48 83 c0 01 add $0x1,%rax 36: 48 39 d0 cmp %rdx,%rax 39: 74 7a je 0xb5 3b: 80 38 00 cmpb $0x0,(%rax) 3e: 74 f2 je 0x32