====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170825+ #9 Not tainted ------------------------------------------------------ kworker/0:0/3 is trying to acquire lock: (&kvm->irqfds.resampler_lock){+.+.}, at: [] irqfd_resampler_shutdown+0xe3/0x6b0 arch/x86/kvm/../../../virt/kvm/eventfd.c:98 but task is already holding lock: ((&irqfd->shutdown)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((&irqfd->shutdown)){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff -> #1 ((complete)&rcu.completion){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline] synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974 kvm_irqfd_assign arch/x86/kvm/../../../virt/kvm/eventfd.c:364 [inline] kvm_irqfd+0x994/0x1d50 arch/x86/kvm/../../../virt/kvm/eventfd.c:572 kvm_vm_ioctl+0x1079/0x1c40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3032 vfs_ioctl fs/ioctl.c:45 [inline] do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:685 SYSC_ioctl fs/ioctl.c:700 [inline] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691 entry_SYSCALL_64_fastpath+0x1f/0xbe -> #0 (&kvm->irqfds.resampler_lock){+.+.}: check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 irqfd_resampler_shutdown+0xe3/0x6b0 arch/x86/kvm/../../../virt/kvm/eventfd.c:98 irqfd_shutdown+0xd8/0x1a0 arch/x86/kvm/../../../virt/kvm/eventfd.c:137 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 other info that might help us debug this: Chain exists of: &kvm->irqfds.resampler_lock --> (complete)&rcu.completion --> (&irqfd->shutdown) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&irqfd->shutdown)); lock((complete)&rcu.completion); lock((&irqfd->shutdown)); lock(&kvm->irqfds.resampler_lock); *** DEADLOCK *** 2 locks held by kworker/0:0/3: #0: ("kvm-irqfd-cleanup"){++++}, at: [] __write_once_size include/linux/compiler.h:305 [inline] #0: ("kvm-irqfd-cleanup"){++++}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("kvm-irqfd-cleanup"){++++}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("kvm-irqfd-cleanup"){++++}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("kvm-irqfd-cleanup"){++++}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("kvm-irqfd-cleanup"){++++}, at: [] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090 #1: ((&irqfd->shutdown)){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 stack backtrace: CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.13.0-rc6-next-20170825+ #9 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: kvm-irqfd-cleanup irqfd_shutdown Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 irqfd_resampler_shutdown+0xe3/0x6b0 arch/x86/kvm/../../../virt/kvm/eventfd.c:98 irqfd_shutdown+0xd8/0x1a0 arch/x86/kvm/../../../virt/kvm/eventfd.c:137 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. sctp: [Deprecated]: syz-executor2 (pid 4274) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor2 (pid 4298) Use of int in maxseg socket option. Use struct sctp_assoc_value instead pit: kvm: requested 2514 ns i8254 timer period limited to 500000 ns netlink: 4 bytes leftover after parsing attributes in process `syz-executor3'. pit: kvm: requested 2514 ns i8254 timer period limited to 500000 ns netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. sctp: [Deprecated]: syz-executor3 (pid 4385) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead IPv6: Can't replace route, no match found sctp: [Deprecated]: syz-executor3 (pid 4408) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 1 bytes leftover after parsing attributes in process `syz-executor1'. IPv6: Can't replace route, no match found netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. IPv6: Can't replace route, no match found device syz3 entered promiscuous mode IPv6: Can't replace route, no match found device syz3 left promiscuous mode device syz3 entered promiscuous mode device syz3 left promiscuous mode device syz3 entered promiscuous mode device syz3 left promiscuous mode device syz3 entered promiscuous mode sctp: [Deprecated]: syz-executor3 (pid 4563) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead audit: type=1326 audit(1503675954.592:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=4572 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0 sctp: [Deprecated]: syz-executor3 (pid 4598) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead audit: type=1326 audit(1503675954.716:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=4572 comm="syz-executor5" exe="/root/syz-executor5" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0 Assertion failed! net/irda/ircomm/ircomm_core.c:ircomm_flow_request:475 self != NULL Assertion failed! net/irda/ircomm/ircomm_core.c:ircomm_flow_request:475 self != NULL nla_parse: 10 callbacks suppressed netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. QAT: Invalid ioctl netlink: 3 bytes leftover after parsing attributes in process `syz-executor2'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl raw_sendmsg: syz-executor6 forgot to set AF_INET. Fix it! capability: warning: `syz-executor1' uses 32-bit capabilities (legacy support in use) sctp: [Deprecated]: syz-executor0 (pid 5186) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor3 (pid 5197) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 5204) Use of int in max_burst socket option deprecated. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor0 (pid 5211) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead device syz0 entered promiscuous mode device syz0 left promiscuous mode device syz0 entered promiscuous mode capability: warning: `syz-executor2' uses deprecated v2 capabilities in a way that may be insecure netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 13 bytes leftover after parsing attributes in process `syz-executor2'. PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. netlink: 17 bytes leftover after parsing attributes in process `syz-executor0'. PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: RTM_NEWNEIGH with invalid ifindex PF_BRIDGE: br_mdb_parse() with unknown ifindex SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=5569 comm=syz-executor0 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl TCP: request_sock_TCPv6: Possible SYN flooding on port 20025. Sending cookies. Check SNMP counters. 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 TCP: request_sock_TCP: Possible SYN flooding on port 20020. Sending cookies. Check SNMP counters. 9pnet_virtio: no channels available for device ./file0 9pnet_virtio: no channels available for device ./file0 nla_parse: 4 callbacks suppressed netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 1 bytes leftover after parsing attributes in process `syz-executor2'.