====================================================== WARNING: possible circular locking dependency detected 4.13.0-rc6-next-20170823+ #7 Not tainted ------------------------------------------------------ udevd/1525 is trying to acquire lock: ((complete)wq_barr::done#2/1){+.+.}, at: [] flush_work+0x621/0x930 kernel/workqueue.c:2868 but task is already holding lock: (&ei->i_mmap_sem){++++}, at: [] ext4_filemap_fault+0x7d/0xb0 fs/ext4/inode.c:6116 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #8 (&ei->i_mmap_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 down_read+0x96/0x150 kernel/locking/rwsem.c:23 ext4_filemap_fault+0x7d/0xb0 fs/ext4/inode.c:6116 __do_fault+0xeb/0x30f mm/memory.c:3170 do_cow_fault mm/memory.c:3609 [inline] do_fault mm/memory.c:3682 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x162c/0x39e0 mm/memory.c:4035 handle_mm_fault+0x3bb/0x860 mm/memory.c:4072 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 __clear_user+0x42/0x70 arch/x86/lib/usercopy_64.c:23 clear_user+0x79/0xa0 arch/x86/lib/usercopy_64.c:53 padzero fs/binfmt_elf.c:129 [inline] load_elf_binary+0x28d5/0x4c10 fs/binfmt_elf.c:1057 search_binary_handler+0x142/0x6b0 fs/exec.c:1652 exec_binprm fs/exec.c:1694 [inline] do_execveat_common.isra.33+0x1746/0x22e0 fs/exec.c:1816 do_execve+0x31/0x40 fs/exec.c:1860 run_init_process+0x32/0x40 init/main.c:942 try_to_run_init_process+0x17/0x50 init/main.c:951 kernel_init+0xf3/0x172 init/main.c:1024 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #7 (&mm->mmap_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __might_fault+0x13a/0x1d0 mm/memory.c:4487 _copy_to_user+0x2c/0xc0 lib/usercopy.c:24 copy_to_user include/linux/uaccess.h:154 [inline] filldir+0x1a7/0x320 fs/readdir.c:196 dir_emit_dot include/linux/fs.h:3311 [inline] dir_emit_dots include/linux/fs.h:3322 [inline] dcache_readdir+0x12d/0x5e0 fs/libfs.c:193 iterate_dir+0x4b2/0x5d0 fs/readdir.c:51 SYSC_getdents fs/readdir.c:231 [inline] SyS_getdents+0x225/0x450 fs/readdir.c:212 entry_SYSCALL_64_fastpath+0x1f/0xbe -> #6 (&sb->s_type->i_mutex_key#5){++++}: down_write+0x87/0x120 kernel/locking/rwsem.c:53 inode_lock include/linux/fs.h:711 [inline] handle_create+0x30c/0x760 drivers/base/devtmpfs.c:218 handle drivers/base/devtmpfs.c:372 [inline] devtmpfsd+0x3eb/0x520 drivers/base/devtmpfs.c:398 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #5 ((complete)&req.done){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 devtmpfs_create_node+0x32b/0x4a0 drivers/base/devtmpfs.c:114 device_add+0x120f/0x1640 drivers/base/core.c:1824 device_create_groups_vargs+0x1f3/0x250 drivers/base/core.c:2430 device_create_vargs drivers/base/core.c:2470 [inline] device_create+0xda/0x110 drivers/base/core.c:2506 msr_device_create+0x26/0x40 arch/x86/kernel/msr.c:188 cpuhp_invoke_callback+0x256/0x14d0 kernel/cpu.c:145 cpuhp_thread_fun+0x265/0x520 kernel/cpu.c:434 smpboot_thread_fn+0x489/0x850 kernel/smpboot.c:164 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #4 (cpuhp_state){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 cpuhp_invoke_ap_callback kernel/cpu.c:467 [inline] cpuhp_issue_call+0x1a2/0x3e0 kernel/cpu.c:1308 __cpuhp_setup_state_cpuslocked+0x2e7/0x610 kernel/cpu.c:1455 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1484 cpuhp_setup_state include/linux/cpuhotplug.h:177 [inline] page_writeback_init+0x4d/0x71 mm/page-writeback.c:2082 pagecache_init+0x48/0x4f mm/filemap.c:871 start_kernel+0x715/0x7a8 init/main.c:689 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:381 x86_64_start_kernel+0x13c/0x149 arch/x86/kernel/head64.c:362 verify_cpu+0x0/0xfb -> #3 (cpuhp_state_mutex){+.+.}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1870 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 __cpuhp_setup_state_cpuslocked+0x5b/0x610 kernel/cpu.c:1430 __cpuhp_setup_state+0xb0/0x140 kernel/cpu.c:1484 cpuhp_setup_state_nocalls include/linux/cpuhotplug.h:205 [inline] kvm_guest_init+0x1f3/0x20f arch/x86/kernel/kvm.c:488 setup_arch+0x1899/0x1ab3 arch/x86/kernel/setup.c:1294 start_kernel+0xa5/0x7a8 init/main.c:530 x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:381 x86_64_start_kernel+0x13c/0x149 arch/x86/kernel/head64.c:362 verify_cpu+0x0/0xfb -> #2 (cpu_hotplug_lock.rw_sem){++++}: check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:35 [inline] percpu_down_read include/linux/percpu-rwsem.h:58 [inline] cpus_read_lock+0x42/0x90 kernel/cpu.c:218 get_online_cpus include/linux/cpu.h:126 [inline] vmstat_shepherd+0x3d/0x1b0 mm/vmstat.c:1707 process_one_work+0xbfd/0x1be0 kernel/workqueue.c:2098 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -> #1 ((shepherd).work){+.+.}: process_one_work+0xba5/0x1be0 kernel/workqueue.c:2095 worker_thread+0x223/0x1860 kernel/workqueue.c:2233 kthread+0x39c/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 0xffffffffffffffff -> #0 ((complete)wq_barr::done#2/1){+.+.}: check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 flush_work+0x621/0x930 kernel/workqueue.c:2868 drain_all_pages+0x490/0x750 mm/page_alloc.c:2532 __alloc_pages_direct_reclaim mm/page_alloc.c:3603 [inline] __alloc_pages_slowpath+0xd2e/0x2ee0 mm/page_alloc.c:3998 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4197 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035 alloc_pages include/linux/gfp.h:505 [inline] __page_cache_alloc+0x358/0x4d0 mm/filemap.c:840 __do_page_cache_readahead+0x2ec/0xc00 mm/readahead.c:183 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2293 [inline] filemap_fault+0xb1a/0x1d30 mm/filemap.c:2369 ext4_filemap_fault+0x85/0xb0 fs/ext4/inode.c:6117 __do_fault+0xeb/0x30f mm/memory.c:3170 do_read_fault mm/memory.c:3580 [inline] do_fault mm/memory.c:3680 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1b98/0x39e0 mm/memory.c:4035 handle_mm_fault+0x3bb/0x860 mm/memory.c:4072 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 other info that might help us debug this: Chain exists of: (complete)wq_barr::done#2/1 --> &mm->mmap_sem --> &ei->i_mmap_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ei->i_mmap_sem); lock(&mm->mmap_sem); lock(&ei->i_mmap_sem); lock((complete)wq_barr::done#2/1); *** DEADLOCK *** 3 locks held by udevd/1525: #0: (&mm->mmap_sem){++++}, at: [] __do_page_fault+0x2b8/0xb60 arch/x86/mm/fault.c:1384 #1: (&ei->i_mmap_sem){++++}, at: [] ext4_filemap_fault+0x7d/0xb0 fs/ext4/inode.c:6116 #2: (pcpu_drain_mutex){+.+.}, at: [] drain_all_pages+0x104/0x750 mm/page_alloc.c:2489 stack backtrace: CPU: 2 PID: 1525 Comm: udevd Not tainted 4.13.0-rc6-next-20170823+ #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 print_circular_bug+0x503/0x710 kernel/locking/lockdep.c:1259 check_prev_add+0x865/0x1520 kernel/locking/lockdep.c:1894 check_prevs_add kernel/locking/lockdep.c:2020 [inline] validate_chain kernel/locking/lockdep.c:2469 [inline] __lock_acquire+0x3286/0x4620 kernel/locking/lockdep.c:3498 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:4002 complete_acquire include/linux/completion.h:39 [inline] __wait_for_common kernel/sched/completion.c:108 [inline] wait_for_common kernel/sched/completion.c:122 [inline] wait_for_completion+0xc8/0x770 kernel/sched/completion.c:143 flush_work+0x621/0x930 kernel/workqueue.c:2868 drain_all_pages+0x490/0x750 mm/page_alloc.c:2532 __alloc_pages_direct_reclaim mm/page_alloc.c:3603 [inline] __alloc_pages_slowpath+0xd2e/0x2ee0 mm/page_alloc.c:3998 __alloc_pages_nodemask+0x9f7/0xd80 mm/page_alloc.c:4197 alloc_pages_current+0xb6/0x1e0 mm/mempolicy.c:2035 alloc_pages include/linux/gfp.h:505 [inline] __page_cache_alloc+0x358/0x4d0 mm/filemap.c:840 __do_page_cache_readahead+0x2ec/0xc00 mm/readahead.c:183 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2293 [inline] filemap_fault+0xb1a/0x1d30 mm/filemap.c:2369 ext4_filemap_fault+0x85/0xb0 fs/ext4/inode.c:6117 __do_fault+0xeb/0x30f mm/memory.c:3170 do_read_fault mm/memory.c:3580 [inline] do_fault mm/memory.c:3680 [inline] handle_pte_fault mm/memory.c:3910 [inline] __handle_mm_fault+0x1b98/0x39e0 mm/memory.c:4035 handle_mm_fault+0x3bb/0x860 mm/memory.c:4072 __do_page_fault+0x4f6/0xb60 arch/x86/mm/fault.c:1445 trace_do_page_fault+0x141/0x730 arch/x86/mm/fault.c:1538 do_async_page_fault+0x72/0xc0 arch/x86/kernel/kvm.c:266 async_page_fault+0x22/0x30 arch/x86/entry/entry_64.S:1093 RIP: 0033:0x7f2275a44b10 RSP: 002b:00007ffdf1ea48b8 EFLAGS: 00010202 RAX: 0000000000000008 RBX: 00000000019e0350 RCX: 0000000000000010 RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000009 RBP: 0000000000000009 R08: 0000000001bd35a0 R09: 0000000000000000 R10: 00000000019e0030 R11: 00007f2275aa8c81 R12: 00000000019e0370 R13: 00000000019e0350 R14: ffffffffffffffff R15: 00000000019e0030 syzkaller620903: page allocation failure: order:5, mode:0x16040c0(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK), nodemask=(null) syzkaller620903 cpuset=/ mems_allowed=0-1 CPU: 0 PID: 3092 Comm: syzkaller620903 Not tainted 4.13.0-rc6-next-20170823+ #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:52 warn_alloc+0x1c2/0x2f0 mm/page_alloc.c:3238 __alloc_pages_slowpath+0x26ce/0x2ee0 mm/page_alloc.c:4104