======================================================
WARNING: possible circular locking dependency detected
4.13.0-rc6-next-20170825+ #9 Not tainted
------------------------------------------------------
kworker/0:1/23 is trying to acquire lock:
(rcu_sched_state.barrier_mutex){+.+.}, at: [<ffffffff815be7ff>] _rcu_barrier+0x13f/0x7a0 kernel/rcu/tree.c:3502
but task is already holding lock:
((&map->work)){+.+.}, at: [<ffffffff8146858c>] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 ((&map->work)){+.+.}:
process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095
worker_thread+0x223/0x1860 kernel/workqueue.c:2233
kthread+0x39c/0x470 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
0xffffffffffffffff
-> #2 ((complete)&rcu.completion){+.+.}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
complete_acquire include/linux/completion.h:39 [inline]
__wait_for_common kernel/sched/completion.c:108 [inline]
wait_for_common kernel/sched/completion.c:122 [inline]
wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143
__synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898
synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline]
synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974
quarantine_remove_cache+0xd7/0xf0 mm/kasan/quarantine.c:327
kasan_cache_shrink+0x9/0x10 mm/kasan/kasan.c:380
kmem_cache_shrink+0x15/0x30 mm/slab_common.c:857
acpi_os_purge_cache+0x15/0x20 drivers/acpi/osl.c:1560
acpi_purge_cached_objects+0x38/0xc9 drivers/acpi/acpica/utxface.c:271
acpi_initialize_objects+0xc5/0x112 drivers/acpi/acpica/utxfinit.c:302
acpi_bus_init drivers/acpi/bus.c:1131 [inline]
acpi_init+0x23c/0x8e6 drivers/acpi/bus.c:1220
do_one_initcall+0x9e/0x330 init/main.c:826
do_initcall_level init/main.c:892 [inline]
do_initcalls init/main.c:900 [inline]
do_basic_setup init/main.c:918 [inline]
kernel_init_freeable+0x469/0x521 init/main.c:1066
kernel_init+0x13/0x172 init/main.c:993
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-> #1 (cpu_hotplug_lock.rw_sem){++++}:
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline]
percpu_down_read include/linux/percpu-rwsem.h:58 [inline]
cpus_read_lock+0x42/0x90 kernel/cpu.c:218
get_online_cpus include/linux/cpu.h:126 [inline]
_rcu_barrier+0x33d/0x7a0 kernel/rcu/tree.c:3525
rcu_barrier_sched kernel/rcu/tree.c:3591 [inline]
rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:891
netdev_run_todo+0x28f/0xca0 net/core/dev.c:7824
rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:106
tun_detach drivers/net/tun.c:588 [inline]
tun_chr_close+0x49/0x60 drivers/net/tun.c:2595
__fput+0x333/0x7f0 fs/file_table.c:210
____fput+0x15/0x20 fs/file_table.c:246
task_work_run+0x199/0x270 kernel/task_work.c:112
exit_task_work include/linux/task_work.h:21 [inline]
do_exit+0xa52/0x1b40 kernel/exit.c:865
do_group_exit+0x149/0x400 kernel/exit.c:968
get_signal+0x7e8/0x17e0 kernel/signal.c:2334
do_signal+0x94/0x1ee0 arch/x86/kernel/signal.c:808
exit_to_usermode_loop+0x224/0x300 arch/x86/entry/common.c:158
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath+0x42f/0x500 arch/x86/entry/common.c:266
entry_SYSCALL_64_fastpath+0xbc/0xbe
-> #0 (rcu_sched_state.barrier_mutex){+.+.}:
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
_rcu_barrier+0x13f/0x7a0 kernel/rcu/tree.c:3502
rcu_barrier_sched kernel/rcu/tree.c:3591 [inline]
rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:891
htab_map_free+0x9d/0x640 kernel/bpf/hashtab.c:1112
bpf_map_free_deferred+0xac/0xd0 kernel/bpf/syscall.c:209
process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098
worker_thread+0x223/0x1860 kernel/workqueue.c:2233
kthread+0x39c/0x470 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
other info that might help us debug this:
Chain exists of:
rcu_sched_state.barrier_mutex --> (complete)&rcu.completion --> (&map->work)
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock((&map->work));
lock((complete)&rcu.completion);
lock((&map->work));
lock(rcu_sched_state.barrier_mutex);
*** DEADLOCK ***
2 locks held by kworker/0:1/23:
#0: ("events"){.+.+}, at: [<ffffffff81468534>] __write_once_size include/linux/compiler.h:305 [inline]
#0: ("events"){.+.+}, at: [<ffffffff81468534>] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline]
#0: ("events"){.+.+}, at: [<ffffffff81468534>] atomic_long_set include/asm-generic/atomic-long.h:56 [inline]
#0: ("events"){.+.+}, at: [<ffffffff81468534>] set_work_data kernel/workqueue.c:617 [inline]
#0: ("events"){.+.+}, at: [<ffffffff81468534>] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: ("events"){.+.+}, at: [<ffffffff81468534>] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090
#1: ((&map->work)){+.+.}, at: [<ffffffff8146858c>] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094
stack backtrace:
CPU: 0 PID: 23 Comm: kworker/0:1 Not tainted 4.13.0-rc6-next-20170825+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events bpf_map_free_deferred
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:52
print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259
check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894
check_prevs_add kernel/locking/lockdep.c:2020 [inline]
validate_chain kernel/locking/lockdep.c:2469 [inline]
__lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
_rcu_barrier+0x13f/0x7a0 kernel/rcu/tree.c:3502
rcu_barrier_sched kernel/rcu/tree.c:3591 [inline]
rcu_barrier+0x10/0x20 kernel/rcu/tree_plugin.h:891
htab_map_free+0x9d/0x640 kernel/bpf/hashtab.c:1112
bpf_map_free_deferred+0xac/0xd0 kernel/bpf/syscall.c:209
process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098
worker_thread+0x223/0x1860 kernel/workqueue.c:2233
kthread+0x39c/0x470 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
sctp: [Deprecated]: syz-executor4 (pid 3477) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
kvm [3455]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x7ff
kvm [3455]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x7ff
capability: warning: `syz-executor1' uses deprecated v2 capabilities in a way that may be insecure
sctp: [Deprecated]: syz-executor4 (pid 3460) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
mmap: syz-executor3 (3603) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
capability: warning: `syz-executor5' uses 32-bit capabilities (legacy support in use)
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
TCP: request_sock_TCP: Possible SYN flooding on port 20020. Sending cookies. Check SNMP counters.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
device lo entered promiscuous mode
netlink: 3 bytes leftover after parsing attributes in process `syz-executor7'.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20021. Sending cookies. Check SNMP counters.
sctp: [Deprecated]: syz-executor0 (pid 3832) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
sctp: [Deprecated]: syz-executor0 (pid 3832) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
audit: type=1326 audit(1503863915.315:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=3849 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0
audit: type=1326 audit(1503863915.432:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=3849 comm="syz-executor6" exe="/root/syz-executor6" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0
SELinux: unknown mount option
9pnet_virtio: no channels available for device ./file0
9pnet_virtio: no channels available for device ./file0
device lo entered promiscuous mode
device lo entered promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20021. Sending cookies. Check SNMP counters.
sg_write: data in/out 448664864/4048 bytes for SCSI command 0xaa-- guessing data in;
program syz-executor7 not setting count and/or reply_len properly
audit: type=1326 audit(1503863916.901:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=4263 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000
audit: type=1326 audit(1503863916.949:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=4263 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000
sg_write: data in/out 448664864/4048 bytes for SCSI command 0xaa-- guessing data in;
program syz-executor7 not setting count and/or reply_len properly
netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'.
sctp: [Deprecated]: syz-executor4 (pid 4301) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
netlink: 1 bytes leftover after parsing attributes in process `syz-executor3'.
sctp: [Deprecated]: syz-executor4 (pid 4301) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
device lo entered promiscuous mode
device lo left promiscuous mode
netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'.
QAT: Invalid ioctl
netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'.
QAT: Invalid ioctl
netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor7'.
QAT: Invalid ioctl
sctp: [Deprecated]: syz-executor2 (pid 4496) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
QAT: Invalid ioctl
sctp: [Deprecated]: syz-executor2 (pid 4496) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'.
netlink: 13 bytes leftover after parsing attributes in process `syz-executor0'.
audit: type=1326 audit(1503863918.219:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=4592 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000
sctp: [Deprecated]: syz-executor0 (pid 4644) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
device lo entered promiscuous mode
sctp: [Deprecated]: syz-executor0 (pid 4663) Use of int in maxseg socket option.
Use struct sctp_assoc_value instead
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4700 comm=syz-executor3
device lo left promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4707 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4700 comm=syz-executor3
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=4729 comm=syz-executor3
irq bypass consumer (token ffff8801cd22d180) registration fails: -16
irq bypass consumer (token ffff8801ce5659c0) registration fails: -16
DRBG: could not allocate digest TFM handle: hmac(sha256)
TCP: request_sock_TCPv6: Possible SYN flooding on port 20009. Sending cookies. Check SNMP counters.
device lo left promiscuous mode
TCP: request_sock_TCPv6: Possible SYN flooding on port 20009. Sending cookies. Check SNMP counters.