====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170824+ #8 Not tainted ------------------------------------------------------ kworker/u4:5/3704 is trying to acquire lock: ((complete)&rcu.completion){+.+.}, at: [] __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 but task is already holding lock: (slab_mutex){+.+.}, at: [] kmem_cache_destroy+0x30/0x250 mm/slab_common.c:821 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (slab_mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 kmem_cache_create+0x39/0x2a0 mm/slab_common.c:435 ptlock_cache_init+0x24/0x2d mm/memory.c:4632 pgtable_init include/linux/mm.h:1756 [inline] mm_init init/main.c:504 [inline] start_kernel+0x3d4/0x7ad init/main.c:569 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:381 x86_64_start_kernel+0x13c/0x149 arch/x86/kernel/head64.c:362 verify_cpu+0x0/0xfb -> #2 (memcg_cache_ids_sem){.+.+}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 down_read+0x96/0x150 kernel/locking/rwsem.c:23 memcg_get_cache_ids+0x10/0x20 mm/memcontrol.c:274 list_lru_destroy+0x96/0x490 mm/list_lru.c:573 deactivate_locked_super+0x94/0xd0 fs/super.c:315 deactivate_super+0x141/0x1b0 fs/super.c:339 cleanup_mnt+0xb2/0x150 fs/namespace.c:1113 mntput_no_expire+0x6e0/0xa90 fs/namespace.c:1179 mntput fs/namespace.c:1189 [inline] kern_unmount+0x9c/0xd0 fs/namespace.c:2934 pid_ns_release_proc+0x37/0x50 fs/proc/root.c:231 proc_cleanup_work+0x19/0x20 kernel/pid_namespace.c:79 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #1 ((&ns->proc_work)){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff -> #0 ((complete)&rcu.completion){+.+.}: check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline] synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974 quarantine_remove_cache+0xd7/0xf0 mm/kasan/quarantine.c:327 kasan_cache_shutdown+0x9/0x10 mm/kasan/kasan.c:381 shutdown_cache+0x15/0x1b0 mm/slab_common.c:531 kmem_cache_destroy+0x236/0x250 mm/slab_common.c:829 tipc_server_stop+0x13f/0x190 net/tipc/server.c:636 tipc_topsrv_stop+0x1fe/0x350 net/tipc/subscr.c:390 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x5c7/0xb60 net/core/net_namespace.c:483 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 other info that might help us debug this: Chain exists of: (complete)&rcu.completion --> memcg_cache_ids_sem --> slab_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(slab_mutex); lock(memcg_cache_ids_sem); lock(slab_mutex); lock((complete)&rcu.completion); *** DEADLOCK *** 5 locks held by kworker/u4:5/3704: #0: ("%s""netns"){.+.+}, at: [] __write_once_size include/linux/compiler.h:305 [inline] #0: ("%s""netns"){.+.+}, at: [] atomic64_set arch/x86/include/asm/atomic64_64.h:33 [inline] #0: ("%s""netns"){.+.+}, at: [] atomic_long_set include/asm-generic/atomic-long.h:56 [inline] #0: ("%s""netns"){.+.+}, at: [] set_work_data kernel/workqueue.c:617 [inline] #0: ("%s""netns"){.+.+}, at: [] set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: ("%s""netns"){.+.+}, at: [] process_one_work+0xad4/0x1be0 kernel/workqueue.c:2090 #1: (net_cleanup_work){+.+.}, at: [] process_one_work+0xb2c/0x1be0 kernel/workqueue.c:2094 #2: (net_mutex){+.+.}, at: [] cleanup_net+0x247/0xb60 net/core/net_namespace.c:449 #3: (cpu_hotplug_lock.rw_sem){++++}, at: [] get_online_cpus include/linux/cpu.h:126 [inline] #3: (cpu_hotplug_lock.rw_sem){++++}, at: [] kmem_cache_destroy+0x22/0x250 mm/slab_common.c:818 #4: (slab_mutex){+.+.}, at: [] kmem_cache_destroy+0x30/0x250 mm/slab_common.c:821 stack backtrace: CPU: 0 PID: 3704 Comm: kworker/u4:5 Not tainted 4.13.0-rc6-next-20170824+ #8 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 __synchronize_srcu+0x1b5/0x250 kernel/rcu/srcutree.c:898 synchronize_srcu_expedited kernel/rcu/srcutree.c:923 [inline] synchronize_srcu+0x1a3/0x560 kernel/rcu/srcutree.c:974 quarantine_remove_cache+0xd7/0xf0 mm/kasan/quarantine.c:327 kasan_cache_shutdown+0x9/0x10 mm/kasan/kasan.c:381 shutdown_cache+0x15/0x1b0 mm/slab_common.c:531 kmem_cache_destroy+0x236/0x250 mm/slab_common.c:829 tipc_server_stop+0x13f/0x190 net/tipc/server.c:636 tipc_topsrv_stop+0x1fe/0x350 net/tipc/subscr.c:390 tipc_exit_net+0x15/0x40 net/tipc/core.c:96 ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:142 cleanup_net+0x5c7/0xb60 net/core/net_namespace.c:483 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 TCP: request_sock_TCPv6: Possible SYN flooding on port 20005. Sending cookies. Check SNMP counters. netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1326 audit(1503602574.749:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=6443 comm="syz-executor7" exe="/root/syz-executor7" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0 netlink: 1 bytes leftover after parsing attributes in process `syz-executor5'. audit: type=1326 audit(1503602574.827:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=6443 comm="syz-executor7" exe="/root/syz-executor7" sig=9 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0x0 device lo entered promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device lo entered promiscuous mode device lo left promiscuous mode device syz2 entered promiscuous mode audit: type=1326 audit(1503602577.445:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7202 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000 audit: type=1326 audit(1503602577.531:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7202 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000 netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl audit: type=1326 audit(1503602578.034:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7343 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000 audit: type=1326 audit(1503602578.171:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=7343 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4512e9 code=0xffff0000 netlink: 5 bytes leftover after parsing attributes in process `syz-executor6'. SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7484 comm=syz-executor5 pit: kvm: requested 2514 ns i8254 timer period limited to 500000 ns SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2466 sclass=netlink_route_socket pig=7488 comm=syz-executor2 SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2466 sclass=netlink_route_socket pig=7488 comm=syz-executor2 pit: kvm: requested 2514 ns i8254 timer period limited to 500000 ns