syzbot


possible deadlock in perf_swevent_init

Status: public: reported C repro on 2019/04/10 16:04
Reported-by: syzbot+2c32a3f0943cce092de8@syzkaller.appspotmail.com
First crash: 1925d, last: 1636d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in perf_swevent_init C error 18 861d 1806d 0/1 upstream: reported C repro on 2019/06/16 12:54

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1550407535.411:7): avc:  denied  { map } for  pid=1784 comm="syz-executor813" path="/root/syz-executor813874553" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
audit: type=1400 audit(1550407535.461:8): avc:  denied  { create } for  pid=1784 comm="syz-executor813" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_iscsi_socket permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.101+ #14 Not tainted
------------------------------------------------------
syz-executor813/1784 is trying to acquire lock:
 (pmus_lock){+.+.}, at: [<ffffffff9e9e5793>] swevent_hlist_get kernel/events/core.c:7886 [inline]
 (pmus_lock){+.+.}, at: [<ffffffff9e9e5793>] perf_swevent_init+0x123/0x4e0 kernel/events/core.c:7946

but task is already holding lock:
 (&cpuctx_mutex/1){+.+.}, at: [<ffffffff9e9e8b2d>] perf_event_ctx_lock_nested+0x14d/0x2c0 kernel/events/core.c:1240

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&cpuctx_mutex/1){+.+.}:

-> #1 (&cpuctx_mutex){+.+.}:

-> #0 (pmus_lock){+.+.}:

other info that might help us debug this:

Chain exists of:
  pmus_lock --> &cpuctx_mutex --> &cpuctx_mutex/1

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&cpuctx_mutex/1);
                               lock(&cpuctx_mutex);
                               lock(&cpuctx_mutex/1);
  lock(pmus_lock);

 *** DEADLOCK ***

2 locks held by syz-executor813/1784:
 #0:  (&pmus_srcu){....}, at: [<ffffffff9e9f123d>] perf_event_alloc.part.0+0xadd/0x1e70 kernel/events/core.c:9621
 #1:  (&cpuctx_mutex/1){+.+.}, at: [<ffffffff9e9e8b2d>] perf_event_ctx_lock_nested+0x14d/0x2c0 kernel/events/core.c:1240

stack backtrace:
CPU: 0 PID: 1784 Comm: syz-executor813 Not tainted 4.14.101+ #14
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258

Crashes (107):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/17 12:48 android-4.14 4a739e3530cc f42dee6d .config console log report syz C ci-android-414-kasan-gce-root
2019/03/02 16:15 android-4.14 934272e9380b 1c0e457a .config console log report syz ci-android-414-kasan-gce-root
2019/12/02 19:00 android-4.14 13855a652bd5 f879db37 .config console log report ci-android-414-kasan-gce-root
2019/12/02 09:27 android-4.14 13855a652bd5 f879db37 .config console log report ci-android-414-kasan-gce-root
2019/11/30 10:19 android-4.14 714ada7cabc7 3a75be00 .config console log report ci-android-414-kasan-gce-root
2019/11/28 21:40 android-4.14 714ada7cabc7 46869e3e .config console log report ci-android-414-kasan-gce-root
2019/11/23 08:28 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/23 01:21 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/22 18:25 android-4.14 7bc77fd33905 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/11/20 13:29 android-4.14 460dc7c31cef f4b7ed07 .config console log report ci-android-414-kasan-gce-root
2019/11/13 04:24 android-4.14 0ac69147fd8c 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/11 22:24 android-4.14 10e570bfc15a 048f2d49 .config console log report ci-android-414-kasan-gce-root
2019/11/06 07:39 android-4.14 2b2bb0cce0a5 bc2c6e45 .config console log report ci-android-414-kasan-gce-root
2019/11/04 12:12 android-4.14 6409e7e01d11 b35fad31 .config console log report ci-android-414-kasan-gce-root
2019/10/30 15:02 android-4.14 2bb70f40b08b 5ea87a66 .config console log report ci-android-414-kasan-gce-root
2019/10/28 19:21 android-4.14 0b383e2946f5 439d7b14 .config console log report ci-android-414-kasan-gce-root
2019/10/28 08:20 android-4.14 0b383e2946f5 25bb509e .config console log report ci-android-414-kasan-gce-root
2019/10/27 23:30 android-4.14 0b383e2946f5 25bb509e .config console log report ci-android-414-kasan-gce-root
2019/10/26 22:59 android-4.14 2d0e4c21fcee 25bb509e .config console log report ci-android-414-kasan-gce-root
2019/10/22 00:22 android-4.14 7d642373db4c b24d2b8a .config console log report ci-android-414-kasan-gce-root
2019/10/16 23:35 android-4.14 248a268ad139 8c88c9c1 .config console log report ci-android-414-kasan-gce-root
2019/10/13 16:19 android-4.14 1d75f58e4e19 2f661ec4 .config console log report ci-android-414-kasan-gce-root
2019/10/12 19:46 android-4.14 1d75f58e4e19 426631dd .config console log report ci-android-414-kasan-gce-root
2019/10/06 17:50 android-4.14 9674240fb29c f3f7d9c8 .config console log report ci-android-414-kasan-gce-root
2019/09/28 08:55 android-4.14 d649ef04c3ed d8074e0b .config console log report ci-android-414-kasan-gce-root
2019/09/27 04:22 android-4.14 d649ef04c3ed 2f1548bc .config console log report ci-android-414-kasan-gce-root
2019/09/26 01:27 android-4.14 d649ef04c3ed a3355dba .config console log report ci-android-414-kasan-gce-root
2019/09/23 15:20 android-4.14 8ae37de3fa03 1e9788a0 .config console log report ci-android-414-kasan-gce-root
2019/09/21 08:17 android-4.14 a9e9acce73d4 d96e88f3 .config console log report ci-android-414-kasan-gce-root
2019/09/20 18:25 android-4.14 61a760424681 d96e88f3 .config console log report ci-android-414-kasan-gce-root
2019/09/10 07:57 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/10 00:10 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/08 04:49 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/07 23:18 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/07 17:29 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/07 13:51 android-4.14 4eccd8013349 a60cb4cd .config console log report ci-android-414-kasan-gce-root
2019/09/05 14:08 android-4.14 38733badc0e6 040fda58 .config console log report ci-android-414-kasan-gce-root
2019/09/04 06:33 android-4.14 38733badc0e6 12381952 .config console log report ci-android-414-kasan-gce-root
2019/09/02 08:02 android-4.14 a9d0871a562e db7c31ca .config console log report ci-android-414-kasan-gce-root
2019/08/30 04:41 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/30 01:03 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/29 07:01 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/27 05:05 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/27 01:30 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/26 02:43 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/25 22:40 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/25 08:56 android-4.14 a48da8903efa d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/23 19:23 android-4.14 a48da8903efa 78ded196 .config console log report ci-android-414-kasan-gce-root
2019/08/22 23:50 android-4.14 e204fa49a029 d003d6d0 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.