syzbot


possible deadlock in __do_page_fault

Status: public: reported C repro on 2019/04/11 00:00
Reported-by: syzbot+1fcc2f925ec16114fcaa@syzkaller.appspotmail.com
First crash: 2224d, last: 1795d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 possible deadlock in __do_page_fault C 801 1794d 2031d 0/3 public: reported C repro on 2019/04/11 08:44
upstream possible deadlock in __do_page_fault fs mm C 820 2067d 2234d 11/28 fixed on 2019/03/28 12:00
upstream possible deadlock in __do_page_fault (2) ext4 C done 8 1977d 1981d 0/28 closed as invalid on 2019/06/23 22:18

Sample crash report:
audit: type=1400 audit(1550793851.548:8): avc:  denied  { map } for  pid=1785 comm="syz-executor232" path="/dev/ashmem" dev="devtmpfs" ino=5422 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
hrtimer: interrupt took 24651 ns
======================================================
WARNING: possible circular locking dependency detected
4.14.102+ #17 Not tainted
------------------------------------------------------
syz-executor232/1786 is trying to acquire lock:
 (&mm->mmap_sem){++++}, at: [<ffffffff9c4b4c71>] __do_page_fault+0x871/0xb80 arch/x86/mm/fault.c:1361

but task is already holding lock:
 (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff9c82aaf9>] inode_lock include/linux/fs.h:715 [inline]
 (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff9c82aaf9>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sb->s_type->i_mutex_key#10){+.+.}:

-> #1 (ashmem_mutex){+.+.}:

-> #0 (&mm->mmap_sem){++++}:

other info that might help us debug this:

Chain exists of:
  &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#10

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sb->s_type->i_mutex_key#10);
                               lock(ashmem_mutex);
                               lock(&sb->s_type->i_mutex_key#10);
  lock(&mm->mmap_sem);

 *** DEADLOCK ***

2 locks held by syz-executor232/1786:
 #0:  (sb_writers#6){.+.+}, at: [<ffffffff9c959828>] file_start_write include/linux/fs.h:2726 [inline]
 #0:  (sb_writers#6){.+.+}, at: [<ffffffff9c959828>] vfs_write+0x3d8/0x4d0 fs/read_write.c:545
 #1:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff9c82aaf9>] inode_lock include/linux/fs.h:715 [inline]
 #1:  (&sb->s_type->i_mutex_key#10){+.+.}, at: [<ffffffff9c82aaf9>] generic_file_write_iter+0x99/0x650 mm/filemap.c:3187

stack backtrace:
CPU: 0 PID: 1786 Comm: syz-executor232 Not tainted 4.14.102+ #17
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258

Crashes (3356):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/22 00:06 android-4.14 01709c953f89 7ff74a98 .config console log report syz C ci-android-414-kasan-gce-root
2019/02/03 18:04 android-4.14 80d7b06534fa c198d5dd .config console log report syz C ci-android-414-kasan-gce-root
2019/02/03 17:45 android-4.14 80d7b06534fa c198d5dd .config console log report syz C ci-android-414-kasan-gce-root
2019/02/01 13:09 android-4.14 63d1657d00e0 0c07abcf .config console log report syz C ci-android-414-kasan-gce-root
2019/01/06 03:17 android-4.14 3c207c880674 53be0a37 .config console log report syz C ci-android-414-kasan-gce-root
2019/01/03 13:19 android-4.14 3bdeffc4d1fe 66fcd29b .config console log report syz C ci-android-414-kasan-gce-root
2018/12/21 15:48 android-4.14 815e34f802d8 588075e6 .config console log report syz C ci-android-414-kasan-gce-root
2018/12/10 06:54 android-4.14 13b8d9fdf844 96cc4c50 .config console log report syz C ci-android-414-kasan-gce-root
2018/11/17 01:53 android-4.14 4e76528bd48d b08ee62a .config console log report syz C ci-android-414-kasan-gce-root
2018/10/01 06:03 android-4.14 84ae3e35e1ce 41e4b329 .config console log report syz C ci-android-414-kasan-gce-root
2019/12/03 17:57 android-4.14 e6b1fb0e83b2 ae13a849 .config console log report ci-android-414-kasan-gce-root
2019/12/03 13:27 android-4.14 e6b1fb0e83b2 ab342da3 .config console log report ci-android-414-kasan-gce-root
2019/12/03 09:44 android-4.14 e6b1fb0e83b2 ab342da3 .config console log report ci-android-414-kasan-gce-root
2019/12/02 22:18 android-4.14 e6b1fb0e83b2 ab342da3 .config console log report ci-android-414-kasan-gce-root
2019/12/01 15:52 android-4.14 13855a652bd5 a76bf83f .config console log report ci-android-414-kasan-gce-root
2019/11/29 14:38 android-4.14 714ada7cabc7 d29b9e84 .config console log report ci-android-414-kasan-gce-root
2019/11/26 00:08 android-4.14 f9b4ab5c8e99 f746151a .config console log report ci-android-414-kasan-gce-root
2019/11/25 20:06 android-4.14 f9b4ab5c8e99 371caf77 .config console log report ci-android-414-kasan-gce-root
2019/11/25 18:16 android-4.14 f9b4ab5c8e99 371caf77 .config console log report ci-android-414-kasan-gce-root
2019/11/25 09:17 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/25 00:08 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/24 23:02 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/24 16:17 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/24 08:26 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/23 15:52 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/23 13:20 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/21 16:15 android-4.14 7bc77fd33905 8098ea0f .config console log report ci-android-414-kasan-gce-root
2019/11/18 09:15 android-4.14 460dc7c31cef d5696d51 .config console log report ci-android-414-kasan-gce-root
2019/11/16 11:38 android-4.14 460dc7c31cef cdac920b .config console log report ci-android-414-kasan-gce-root
2019/11/13 19:11 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 17:57 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 13:20 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 11:32 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 10:16 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 08:24 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/13 01:33 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/12 14:34 android-4.14 10e570bfc15a 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/12 11:54 android-4.14 10e570bfc15a 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/10 17:20 android-4.14 81144e705f48 dc438b91 .config console log report ci-android-414-kasan-gce-root
2019/11/10 07:24 android-4.14 81144e705f48 dc438b91 .config console log report ci-android-414-kasan-gce-root
2019/11/08 17:42 android-4.14 f40abacc8ac0 1e35461e .config console log report ci-android-414-kasan-gce-root
2019/11/08 05:01 android-4.14 f40abacc8ac0 f39aff9e .config console log report ci-android-414-kasan-gce-root
2019/11/05 19:41 android-4.14 6409e7e01d11 0f3ec414 .config console log report ci-android-414-kasan-gce-root
2019/11/05 17:04 android-4.14 6409e7e01d11 0f3ec414 .config console log report ci-android-414-kasan-gce-root
2019/11/05 16:27 android-4.14 6409e7e01d11 0f3ec414 .config console log report ci-android-414-kasan-gce-root
2019/11/05 14:54 android-4.14 6409e7e01d11 0f3ec414 .config console log report ci-android-414-kasan-gce-root
2019/11/05 12:20 android-4.14 6409e7e01d11 0f3ec414 .config console log report ci-android-414-kasan-gce-root
2019/11/05 02:15 android-4.14 6409e7e01d11 76630fc9 .config console log report ci-android-414-kasan-gce-root
2019/11/04 07:41 android-4.14 6409e7e01d11 b35fad31 .config console log report ci-android-414-kasan-gce-root
2019/11/04 00:45 android-4.14 6409e7e01d11 b35fad31 .config console log report ci-android-414-kasan-gce-root
2019/11/03 19:09 android-4.14 6409e7e01d11 c9610487 .config console log report ci-android-414-kasan-gce-root
2019/11/03 11:07 android-4.14 6409e7e01d11 a41ca8fa .config console log report ci-android-414-kasan-gce-root
2019/11/03 08:02 android-4.14 6409e7e01d11 a41ca8fa .config console log report ci-android-414-kasan-gce-root
2019/11/03 03:23 android-4.14 6409e7e01d11 a41ca8fa .config console log report ci-android-414-kasan-gce-root
2019/11/02 21:38 android-4.14 6409e7e01d11 a41ca8fa .config console log report ci-android-414-kasan-gce-root
2019/11/01 14:47 android-4.14 6409e7e01d11 a41ca8fa .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.