============================================ WARNING: possible recursive locking detected 4.15.0-rc8+ #269 Not tainted -------------------------------------------- syz-executor6/31021 is trying to acquire lock: (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 but task is already holding lock: (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&vq->mutex); lock(&vq->mutex); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by syz-executor6/31021: #0: (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] #0: (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] #0: (&vq->mutex){+.+.}, at: [<000000004cc93aff>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 stack backtrace: CPU: 0 PID: 31021 Comm: syz-executor6 Not tainted 4.15.0-rc8+ #269 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_deadlock_bug kernel/locking/lockdep.c:1756 [inline] check_deadlock kernel/locking/lockdep.c:1800 [inline] validate_chain kernel/locking/lockdep.c:2396 [inline] __lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 vhost_net_chr_write_iter+0x59/0x70 drivers/vhost/net.c:1353 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007f063c21bc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 0000000000000068 RSI: 00000000201c4000 RDI: 0000000000000015 RBP: 0000000000000624 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8400 R13: 00000000ffffffff R14: 00007f063c21c6d4 R15: 0000000000000000 do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 8 callbacks suppressed audit: type=1400 audit(1516425716.382:3217): avc: denied { bind } for pid=31066 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app binder: 31189:31191 ioctl c0306201 204edfd0 returned -11 binder: BINDER_SET_CONTEXT_MGR already set binder: 31189:31202 ioctl 40046207 0 returned -16 QAT: Invalid ioctl QAT: Invalid ioctl binder: 31271:31277 transaction failed 29189/-22, size 40-16 line 2788 QAT: Invalid ioctl binder: 31271:31287 transaction failed 29189/-22, size 40-16 line 2788 QAT: Invalid ioctl FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 31279 Comm: syz-executor5 Not tainted 4.15.0-rc8+ #269 QAT: Invalid ioctl QAT: Invalid ioctl Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3127 [inline] handle_pte_fault mm/memory.c:3941 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4067 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801c7387928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82587fc1 RDX: 00000000000000c3 RSI: ffffc90003973000 RDI: ffff8801c7387d28 RBP: ffff8801c7387a08 R08: 1ffff100380f44ca R09: 1ffff10038e70f22 R10: ffff8801c7387858 R11: ffffffff87f08fc8 R12: 1ffff10038e70f28 R13: ffff8801c73879e0 R14: 0000000000000000 R15: ffff8801c7387d20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x790 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007f939bbcdc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000014 RBP: 0000000000000069 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006efa78 R13: 00000000ffffffff R14: 00007f939bbce6d4 R15: 0000000000000000 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 31279 Comm: syz-executor5 Not tainted 4.15.0-rc8+ #269 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3127 [inline] handle_pte_fault mm/memory.c:3941 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4067 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801c7387928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82587fc1 RDX: 00000000000000ba RSI: ffffc90003973000 RDI: ffff8801c7387d28 RBP: ffff8801c7387a08 R08: 0000000000000000 R09: 1ffff10038e70ee7 R10: ffff8801c7387a50 R11: ffff8801d1cdac00 R12: 1ffff10038e70f28 R13: ffff8801c73879e0 R14: 0000000000000000 R15: ffff8801c7387d20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x790 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007f939bbcdc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000016 RBP: 0000000000000657 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f88c8 R13: 00000000ffffffff R14: 00007f939bbce6d4 R15: 0000000000000000 sit: non-ECT from 172.20.3.0 with TOS=0x3 audit: type=1326 audit(1516425718.377:3218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425718.377:3219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 sit: non-ECT from 172.20.3.0 with TOS=0x3 audit: type=1326 audit(1516425718.377:3220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=61 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425718.377:3221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425718.377:3222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425718.377:3223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=16 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425718.377:3224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=31388 comm="syz-executor5" exe="/root/syz-executor5" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl sctp: [Deprecated]: syz-executor5 (pid 31449) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead QAT: Invalid ioctl QAT: Invalid ioctl CUSE: info not properly terminated binder: BINDER_SET_CONTEXT_MGR already set binder: 31796:31801 ioctl 40046207 0 returned -16 binder: undelivered death notification, 0000000000000000 QAT: failed to copy from user cfg_data. QAT: failed to copy from user cfg_data. binder: 31939 RLIMIT_NICE not set binder: 31939 RLIMIT_NICE not set binder: undelivered death notification, 0000000000000000 binder: undelivered death notification, 0000000000000000 sit: non-ECT from 172.20.0.0 with TOS=0x3 sit: non-ECT from 172.20.0.0 with TOS=0x3 ion_mmap: failure mapping buffer to userspace ion_mmap: failure mapping buffer to userspace QAT: Invalid ioctl QAT: Invalid ioctl binder: 32160:32164 got reply transaction with no transaction stack binder: 32160:32164 transaction failed 29201/-71, size 0-0 line 2703 QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 21 callbacks suppressed audit: type=1400 audit(1516425721.488:3244): avc: denied { read } for pid=32231 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 0 PID: 32256 Comm: syz-executor5 Not tainted 4.15.0-rc8+ #269 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3127 [inline] handle_pte_fault mm/memory.c:3941 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4067 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0010:copy_user_generic_unrolled+0x86/0xc0 arch/x86/lib/copy_user_64.S:65 RSP: 0018:ffff8801c3f8fe38 EFLAGS: 00010206 RAX: ffffed00387f1fd7 RBX: 0000000020012000 RCX: 0000000000000003 RDX: 0000000000000000 RSI: 0000000020012000 RDI: ffff8801c3f8fea0 RBP: ffff8801c3f8fe68 R08: ffffed00387f1fd7 R09: ffffed00387f1fd7 R10: 0000000000000003 R11: ffffed00387f1fd6 R12: 0000000000000018 R13: ffff8801c3f8fea0 R14: 00007ffffffff000 R15: 0000000020012018 copy_from_user include/linux/uaccess.h:147 [inline] SYSC_sigaltstack kernel/signal.c:3232 [inline] SyS_sigaltstack+0xa1/0x280 kernel/signal.c:3228 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007f939bbcdc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000083 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 0000000000000000 RSI: 0000000020011000 RDI: 0000000020012000 RBP: 000000000000031e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3b70 R13: 00000000ffffffff R14: 00007f939bbce6d4 R15: 0000000000000000 FAULT_FLAG_ALLOW_RETRY missing 30 CPU: 1 PID: 32237 Comm: syz-executor0 Not tainted 4.15.0-rc8+ #269 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 handle_userfault+0x12fa/0x24c0 fs/userfaultfd.c:427 do_anonymous_page mm/memory.c:3127 [inline] handle_pte_fault mm/memory.c:3941 [inline] __handle_mm_fault+0x32a3/0x3ce0 mm/memory.c:4067 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x2c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0010:fault_in_pages_readable include/linux/pagemap.h:601 [inline] RIP: 0010:iov_iter_fault_in_readable+0x1a7/0x410 lib/iov_iter.c:421 RSP: 0018:ffff8801be43f928 EFLAGS: 00010246 RAX: 0000000000010000 RBX: 0000000020011fd2 RCX: ffffffff82587fc1 RDX: 00000000000000ff RSI: ffffc900024ca000 RDI: ffff8801be43fd28 RBP: ffff8801be43fa08 R08: ffff8801c1fddc00 R09: 1ffff10037c87ee7 R10: ffff8801be43f858 R11: ffff8801c1fddc00 R12: 1ffff10037c87f28 R13: ffff8801be43f9e0 R14: 0000000000000000 R15: ffff8801be43fd20 generic_perform_write+0x200/0x600 mm/filemap.c:3129 __generic_file_write_iter+0x366/0x5b0 mm/filemap.c:3264 generic_file_write_iter+0x399/0x790 mm/filemap.c:3292 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007ff89058dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 0000000000000030 RSI: 0000000020011fd2 RDI: 0000000000000017 RBP: 0000000000000626 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f8430 R13: 00000000ffffffff R14: 00007ff89058e6d4 R15: 0000000000000000 audit: type=1400 audit(1516425722.789:3245): avc: denied { create } for pid=32360 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 audit: type=1326 audit(1516425722.814:3246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425722.814:3247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425722.814:3248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=302 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425722.814:3249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425722.814:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=319 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516425722.814:3251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=32361 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 PPPIOCDETACH file->f_count=2 PPPIOCDETACH file->f_count=2 netlink: 'syz-executor0': attribute type 1 has an invalid length. netlink: 'syz-executor0': attribute type 1 has an invalid length. encrypted_key: insufficient parameters specified encrypted_key: insufficient parameters specified dccp_v4_rcv: dropped packet with invalid checksum dccp_v4_rcv: dropped packet with invalid checksum autofs4:pid:613:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.553648128), cmd(0x0000937e) autofs4:pid:613:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e) autofs4:pid:618:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.553648128), cmd(0x0000937e) autofs4:pid:618:validate_dev_ioctl: invalid device control module version supplied for cmd(0x0000937e)