============================= WARNING: suspicious RCU usage 4.15.0-rc8+ #271 Not tainted ----------------------------- ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 3 locks held by syz-executor4/5803: #0: (&mm->mmap_sem){++++}, at: [<00000000199a8c1e>] __do_page_fault+0x32d/0xc90 arch/x86/mm/fault.c:1359 #1: (&p->pi_lock){-.-.}, at: [<00000000d9f04898>] try_to_wake_up+0xbc/0x1600 kernel/sched/core.c:1988 #2: (rcu_read_lock){....}, at: [<000000000f3bd428>] select_task_rq_fair+0x37a/0x2770 kernel/sched/fair.c:6323 stack backtrace: CPU: 0 PID: 5803 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #271 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] ___might_sleep+0x385/0x470 kernel/sched/core.c:6025 clear_huge_page+0xa5/0x730 mm/memory.c:4577 __do_huge_pmd_anonymous_page mm/huge_memory.c:570 [inline] do_huge_pmd_anonymous_page+0x59c/0x1b00 mm/huge_memory.c:728 create_huge_pmd mm/memory.c:3834 [inline] __handle_mm_fault+0x1a0c/0x3ce0 mm/memory.c:4038 handle_mm_fault+0x334/0x8d0 mm/memory.c:4104 __do_page_fault+0x5c9/0xc90 arch/x86/mm/fault.c:1430 do_page_fault+0xee/0x720 arch/x86/mm/fault.c:1505 page_fault+0x4c/0x60 arch/x86/entry/entry_64.S:1260 RIP: 0033:0x405b1e RSP: 002b:0000000000a2f8f0 EFLAGS: 00010246 RAX: 0000000020451fc8 RBX: 000000000071bea0 RCX: 0000000000000000 RDX: 923c2b389dcc5a3e RSI: 0000000020130f80 RDI: 0000000001fab848 RBP: 0000000000000002 R08: 0000000000000000 R09: 00000000000002a8 R10: 0000000000a2f8f0 R11: 0000000000000206 R12: 0000000000000003 R13: fffffffffffffffe R14: 000000000071ca20 R15: 0000000000000000 ============================================ WARNING: possible recursive locking detected 4.15.0-rc8+ #271 Not tainted -------------------------------------------- syz-executor5/5813 is trying to acquire lock: (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 but task is already holding lock: (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&vq->mutex); lock(&vq->mutex); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by syz-executor5/5813: #0: (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] #0: (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] #0: (&vq->mutex){+.+.}, at: [<00000000f0fd28ab>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 stack backtrace: CPU: 1 PID: 5813 Comm: syz-executor5 Not tainted 4.15.0-rc8+ #271 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_deadlock_bug kernel/locking/lockdep.c:1756 [inline] check_deadlock kernel/locking/lockdep.c:1800 [inline] validate_chain kernel/locking/lockdep.c:2396 [inline] __lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3426 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046 vhost_net_chr_write_iter+0x59/0x70 drivers/vhost/net.c:1353 call_write_iter include/linux/fs.h:1772 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x684/0x970 fs/read_write.c:482 vfs_write+0x189/0x510 fs/read_write.c:544 SYSC_write fs/read_write.c:589 [inline] SyS_write+0xef/0x220 fs/read_write.c:581 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ee9 RSP: 002b:00007f51fddffc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ee9 RDX: 000000000000ffdc RSI: 00000000202ff000 RDI: 0000000000000013 RBP: 0000000000000543 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f6ee8 R13: 00000000ffffffff R14: 00007f51fde006d4 R15: 0000000000000000 SELinux: policydb version -1436613696 does not match my version range 15-31 SELinux: failed to load policy kvm [5861]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 SELinux: policydb version -1436613696 does not match my version range 15-31 SELinux: failed to load policy kvm [5861]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 netlink: 'syz-executor3': attribute type 3 has an invalid length. netlink: 'syz-executor3': attribute type 3 has an invalid length. PPPIOCDETACH file->f_count=2 kauditd_printk_skb: 121 callbacks suppressed audit: type=1400 audit(1516507880.124:158): avc: denied { set_context_mgr } for pid=6070 comm="syz-executor3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=binder permissive=1 audit: type=1400 audit(1516507880.192:159): avc: denied { net_admin } for pid=6070 comm="syz-executor3" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1400 audit(1516507880.229:160): avc: denied { ipc_owner } for pid=6070 comm="syz-executor3" capability=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 audit: type=1326 audit(1516507880.386:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.412:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=123 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.412:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.414:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.415:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.416:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=317 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507880.417:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=6148 comm="syz-executor7" exe="/root/syz-executor7" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 binder: 6239:6246 unknown command 0 binder: 6239:6246 ioctl c0306201 20008000 returned -22 binder: 6239:6246 unknown command 0 binder: 6239:6246 ioctl c0306201 20008000 returned -22 binder_alloc: binder_alloc_mmap_handler: 6293 20656000-20659000 already mapped failed -16 QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl QAT: Invalid ioctl SELinux: unknown mount option SELinux: unknown mount option binder: 6616:6622 transaction failed 29189/-22, size 40-8 line 2788 dccp_close: ABORT with 115 bytes unread binder: 6616:6622 ioctl 9 20e1e000 returned -22 binder: 6616:6640 transaction failed 29189/-22, size 40-8 line 2788 binder: 6616:6633 ioctl 9 20e1e000 returned -22 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 netlink: 'syz-executor3': attribute type 3 has an invalid length. netlink: 'syz-executor3': attribute type 3 has an invalid length. binder: 6753:6760 transaction failed 29189/-22, size 0-8 line 2788 binder: 6753:6768 transaction failed 29189/-22, size 0-8 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 kvm [6773]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 kvm [6773]: vcpu0, guest rIP: 0xfff0 ignored wrmsr: 0x11e data 0x0 rdma_op 0000000011023792 conn xmit_rdma (null) QAT: Invalid ioctl QAT: Invalid ioctl binder: 6961 RLIMIT_NICE not set binder: 6958:6978 transaction failed 29189/-22, size 0-0 line 2788 binder: 6961 RLIMIT_NICE not set binder: 6958:6978 transaction failed 29189/-22, size 0-0 line 2788 binder: undelivered TRANSACTION_ERROR: 29189 binder: undelivered TRANSACTION_ERROR: 29189 rfkill: input handler disabled rfkill: input handler enabled netlink: 'syz-executor2': attribute type 1 has an invalid length. netlink: 'syz-executor2': attribute type 1 has an invalid length. x86/PAT: syz-executor4:7208 map pfn RAM range req write-combining for [mem 0x1a44c0000-0x1a44c1fff], got write-back x86/PAT: syz-executor4:7208 map pfn RAM range req write-combining for [mem 0x1a4bf0000-0x1a4bf1fff], got write-back SELinux: truncated policydb string identifier SELinux: failed to load policy SELinux: truncated policydb string identifier SELinux: failed to load policy QAT: Invalid ioctl QAT: Invalid ioctl kauditd_printk_skb: 88 callbacks suppressed audit: type=1326 audit(1516507885.278:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.284:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=28 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.284:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.284:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.284:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=9 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.310:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.313:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=257 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.313:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.313:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=202 compat=0 ip=0x452ee9 code=0x7ffc0000 audit: type=1326 audit(1516507885.340:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7543 comm="syz-executor6" exe="/root/syz-executor6" sig=0 arch=c000003e syscall=317 compat=0 ip=0x452ee9 code=0x7ffc0000 sctp: [Deprecated]: syz-executor7 (pid 7838) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor7 (pid 7838) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead binder: 7930 RLIMIT_NICE not set binder: 7930 RLIMIT_NICE not set binder: 7928:7946 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7928:7930 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 binder: 7928:7946 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 binder: 7930 RLIMIT_NICE not set binder: 7930 RLIMIT_NICE not set binder: 7928:7958 BC_DEAD_BINDER_DONE 0000000000000003 not found binder: undelivered death notification, 0000000000000000 sctp: [Deprecated]: syz-executor2 (pid 7998) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor2 (pid 8004) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead netlink: 'syz-executor5': attribute type 2 has an invalid length. netlink: 'syz-executor5': attribute type 2 has an invalid length.