====================================================== WARNING: possible circular locking dependency detected 4.15.0-rc2+ #212 Not tainted ------------------------------------------------------ syz-executor5/14340 is trying to acquire lock: (cpu_hotplug_lock.rw_sem){++++}, at: [<000000002a4b53bc>] get_online_cpus include/linux/cpu.h:117 [inline] (cpu_hotplug_lock.rw_sem){++++}, at: [<000000002a4b53bc>] lru_add_drain_all+0xe/0x20 mm/swap.c:729 but task is already holding lock: (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000099b2763>] inode_lock include/linux/fs.h:713 [inline] (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000099b2763>] shmem_add_seals+0x197/0x1060 mm/shmem.c:2768 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #6 (&sb->s_type->i_mutex_key#10){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] generic_file_write_iter+0xdc/0x7a0 mm/filemap.c:3289 call_write_iter include/linux/fs.h:1772 [inline] do_iter_readv_writev+0x531/0x7f0 fs/read_write.c:653 do_iter_write+0x15a/0x540 fs/read_write.c:932 vfs_iter_write+0x77/0xb0 fs/read_write.c:945 iter_file_splice_write+0x7db/0xf30 fs/splice.c:749 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #5 (&pipe->mutex/1){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 pipe_lock_nested fs/pipe.c:67 [inline] pipe_lock+0x56/0x70 fs/pipe.c:75 iter_file_splice_write+0x264/0xf30 fs/splice.c:699 do_splice_from fs/splice.c:851 [inline] do_splice fs/splice.c:1147 [inline] SYSC_splice fs/splice.c:1402 [inline] SyS_splice+0x7d5/0x1630 fs/splice.c:1382 entry_SYSCALL_64_fastpath+0x1f/0x96 -> #4 (sb_writers){.+.+}: spin_lock include/linux/spinlock.h:315 [inline] fast_dput fs/dcache.c:687 [inline] dput.part.23+0x492/0x830 fs/dcache.c:794 dput+0x1f/0x30 fs/dcache.c:787 path_put fs/namei.c:500 [inline] filename_create+0x320/0x520 fs/namei.c:3658 kern_path_create+0x33/0x40 fs/namei.c:3666 handle_create+0xc0/0x760 drivers/base/devtmpfs.c:203 -> #3 ((completion)&req.done){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 complete_acquire include/linux/completion.h:40 [inline] __wait_for_common kernel/sched/completion.c:109 [inline] wait_for_common kernel/sched/completion.c:123 [inline] wait_for_completion+0xcb/0x7b0 kernel/sched/completion.c:144 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:115 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x2ea/0x1d20 kernel/cpu.c:182 cpuhp_thread_fun+0x48e/0x7e0 kernel/cpu.c:571 smpboot_thread_fn+0x450/0x7c0 kernel/smpboot.c:164 kthread+0x37a/0x440 kernel/kthread.c:238 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441 -> #2 (cpuhp_state-up){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 cpuhp_lock_acquire kernel/cpu.c:85 [inline] cpuhp_invoke_ap_callback kernel/cpu.c:605 [inline] cpuhp_issue_call+0x1e5/0x520 kernel/cpu.c:1495 __cpuhp_setup_state_cpuslocked+0x282/0x600 kernel/cpu.c:1642 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state include/linux/cpuhotplug.h:201 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2081 pagecache_init+0x48/0x4f mm/filemap.c:977 start_kernel+0x6bc/0x74f init/main.c:690 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #1 (cpuhp_state_mutex){+.+.}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x600 kernel/cpu.c:1617 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1671 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:229 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:528 setup_arch+0x17e8/0x1a02 arch/x86/kernel/setup.c:1266 start_kernel+0xa5/0x74f init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378 x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237 -> #0 (cpu_hotplug_lock.rw_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] lru_add_drain_all+0xe/0x20 mm/swap.c:729 shmem_wait_for_pins mm/shmem.c:2672 [inline] shmem_add_seals+0x3df/0x1060 mm/shmem.c:2780 shmem_fcntl+0xfe/0x130 mm/shmem.c:2815 do_fcntl+0x73e/0x1160 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xdc/0x120 fs/fcntl.c:448 entry_SYSCALL_64_fastpath+0x1f/0x96 other info that might help us debug this: Chain exists of: cpu_hotplug_lock.rw_sem --> &pipe->mutex/1 --> &sb->s_type->i_mutex_key#10 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&sb->s_type->i_mutex_key#10); lock(&pipe->mutex/1); lock(&sb->s_type->i_mutex_key#10); lock(cpu_hotplug_lock.rw_sem); *** DEADLOCK *** 1 lock held by syz-executor5/14340: #0: (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000099b2763>] inode_lock include/linux/fs.h:713 [inline] #0: (&sb->s_type->i_mutex_key#10){++++}, at: [<00000000099b2763>] shmem_add_seals+0x197/0x1060 mm/shmem.c:2768 stack backtrace: CPU: 0 PID: 14340 Comm: syz-executor5 Not tainted 4.15.0-rc2+ #212 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug+0x42d/0x610 kernel/locking/lockdep.c:1271 check_prev_add+0x666/0x15f0 kernel/locking/lockdep.c:1914 check_prevs_add kernel/locking/lockdep.c:2031 [inline] validate_chain kernel/locking/lockdep.c:2473 [inline] __lock_acquire+0x3498/0x47f0 kernel/locking/lockdep.c:3500 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4004 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline] percpu_down_read include/linux/percpu-rwsem.h:59 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:293 get_online_cpus include/linux/cpu.h:117 [inline] lru_add_drain_all+0xe/0x20 mm/swap.c:729 shmem_wait_for_pins mm/shmem.c:2672 [inline] shmem_add_seals+0x3df/0x1060 mm/shmem.c:2780 shmem_fcntl+0xfe/0x130 mm/shmem.c:2815 do_fcntl+0x73e/0x1160 fs/fcntl.c:421 SYSC_fcntl fs/fcntl.c:463 [inline] SyS_fcntl+0xdc/0x120 fs/fcntl.c:448 entry_SYSCALL_64_fastpath+0x1f/0x96 RIP: 0033:0x452a39 RSP: 002b:00007fb500d9cc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000048 RAX: ffffffffffffffda RBX: 00007fb500d9d700 RCX: 0000000000452a39 RDX: 000000000000000c RSI: 0000000000000409 RDI: 0000000000000015 RBP: 0000000000a6f880 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000 R13: 0000000000a6f7ff R14: 00007fb500d9d9c0 R15: 0000000000000002 device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14375) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor7 (pid 14375) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14423) Use of int in maxseg socket option. Use struct sctp_assoc_value instead binder: 14421:14424 ioctl 1 20000000 returned -22 sctp: [Deprecated]: syz-executor7 (pid 14423) Use of int in maxseg socket option. Use struct sctp_assoc_value instead binder_alloc: binder_alloc_mmap_handler: 14421 20000000-20002000 already mapped failed -16 kvm [14373]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [14373]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [14373]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 binder: BINDER_SET_CONTEXT_MGR already set binder: 14421:14444 ioctl 40046207 0 returned -16 binder_alloc: 14421: binder_alloc_buf, no vma binder: 14421:14444 transaction failed 29189/-3, size 0-0 line 2890 binder: 14421:14424 ioctl 1 20000000 returned -22 binder: undelivered TRANSACTION_ERROR: 29189 binder: send failed reply for transaction 133 to 14421:14424 binder: undelivered TRANSACTION_COMPLETE sctp: [Deprecated]: syz-executor7 (pid 14460) Use of int in maxseg socket option. Use struct sctp_assoc_value instead binder: undelivered TRANSACTION_ERROR: 29189 device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14460) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kvm [14451]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [14451]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [14451]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14519) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14519) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kvm [14508]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [14508]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [14508]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 sctp: [Deprecated]: syz-executor7 (pid 14579) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor7 (pid 14591) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kvm [14565]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [14565]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [14565]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 device gre0 entered promiscuous mode kvm [14619]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [14619]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [14619]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 kvm [14619]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode kvm [14673]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode kvm [14729]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode kvm [14787]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008f data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008e data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008d data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008c data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008b data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008a data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000089 data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000088 data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000087 data 0x0 kvm [14901]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000086 data 0x0 device gre0 entered promiscuous mode kvm [14959]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15315]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm_set_msr_common: 6 callbacks suppressed kvm [15328]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15388]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm_set_msr_common: 22 callbacks suppressed kvm [15388]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 device gre0 entered promiscuous mode kvm [15388]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15447]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15447]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [15447]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 kvm [15447]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15512]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15512]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [15512]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15585]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15576]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15585]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [15585]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 kvm [15576]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc2 data 0x0 kvm [15576]: vcpu0, guest rIP: 0x9115 disabled perfctr wrmsr: 0xc1 data 0x0 kvm [15576]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode kvm [15628]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 kvm [15685]: vcpu0, guest rIP: 0x9115 ignored wrmsr: 0x11e data 0x0 device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15699]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0 device gre0 entered promiscuous mode sctp_getsockopt_maxseg: 36 callbacks suppressed sctp: [Deprecated]: syz-executor3 (pid 15762) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 15762) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor3 (pid 15801) Use of int in maxseg socket option. Use struct sctp_assoc_value instead sctp: [Deprecated]: syz-executor3 (pid 15801) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode sctp: [Deprecated]: syz-executor3 (pid 15829) Use of int in maxseg socket option. Use struct sctp_assoc_value instead kvm [15813]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0 sctp: [Deprecated]: syz-executor3 (pid 15829) Use of int in maxseg socket option. Use struct sctp_assoc_value instead device gre0 entered promiscuous mode device gre0 entered promiscuous mode device gre0 entered promiscuous mode kvm [15870]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0 device gre0 entered promiscuous mode kvm_hv_set_msr: 910 callbacks suppressed kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008f data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008e data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008d data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008c data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008b data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008a data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000089 data 0x0 kvm [15942]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008f data 0x0 kvm [15942]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008e data 0x0 kvm [15942]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x4000008d data 0x0 kvm [15903]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0 kvm [15961]: vcpu0, guest rIP: 0x9115 Hyper-V uhandled wrmsr: 0x40000020 data 0x0