syzbot


possible deadlock in SyS_perf_event_open

Status: public: reported C repro on 2019/04/12 00:00
Reported-by: syzbot+56d28bcdcfeaf61df557@syzkaller.appspotmail.com
First crash: 2055d, last: 1776d

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1553261604.682:7): avc:  denied  { map } for  pid=1779 comm="syz-executor600" path="/root/syz-executor600393421" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.107+ #33 Not tainted
------------------------------------------------------
syz-executor600/1779 is trying to acquire lock:
 (&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] mutex_lock_double kernel/events/core.c:9907 [inline]
 (&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] __perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
 (&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] SYSC_perf_event_open kernel/events/core.c:10231 [inline]
 (&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] SyS_perf_event_open+0x11f1/0x2520 kernel/events/core.c:9986

but task is already holding lock:
 (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double kernel/events/core.c:9906 [inline]
 (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] __perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
 (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open kernel/events/core.c:10231 [inline]
 (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&cpuctx_mutex){+.+.}:

-> #1 (pmus_lock){+.+.}:

-> #0 (&cpuctx_mutex/1){+.+.}:

other info that might help us debug this:

Chain exists of:
  &cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&cpuctx_mutex);
                               lock(pmus_lock);
                               lock(&cpuctx_mutex);
  lock(&cpuctx_mutex/1);

 *** DEADLOCK ***

1 lock held by syz-executor600/1779:
 #0:  (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double kernel/events/core.c:9906 [inline]
 #0:  (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] __perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
 #0:  (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open kernel/events/core.c:10231 [inline]
 #0:  (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986

stack backtrace:
CPU: 0 PID: 1779 Comm: syz-executor600 Not tainted 4.14.107+ #33
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
 ? SyS_perf_event_open+

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/22 13:36 android-4.14 cfbe30be85c4 dce6e62f .config console log report syz C ci-android-414-kasan-gce-root
2019/03/19 12:48 android-4.14 ea583d160621 e4549234 .config console log report syz ci-android-414-kasan-gce-root
2019/11/23 14:02 android-4.14 437a2a739c5f 598ca6c8 .config console log report ci-android-414-kasan-gce-root
2019/09/06 06:08 android-4.14 38733badc0e6 040fda58 .config console log report ci-android-414-kasan-gce-root
2019/09/06 02:02 android-4.14 38733badc0e6 040fda58 .config console log report ci-android-414-kasan-gce-root
2019/08/29 05:27 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/28 07:13 android-4.14 987732fcbbe3 fd37b39e .config console log report ci-android-414-kasan-gce-root
2019/08/27 11:57 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/26 16:05 android-4.14 f5189d4af2b5 d21c5d9d .config console log report ci-android-414-kasan-gce-root
2019/08/16 22:11 android-4.14 6115e5154b7b 8fd428a1 .config console log report ci-android-414-kasan-gce-root
2019/08/05 01:42 android-4.14 20c71e6d5a16 6affd8e8 .config console log report ci-android-414-kasan-gce-root
2019/08/02 08:59 android-4.14 a5847ae74b42 835dffe7 .config console log report ci-android-414-kasan-gce-root
2019/07/29 16:17 android-4.14 54fa720a6f32 c85e1c5b .config console log report ci-android-414-kasan-gce-root
2019/07/24 22:16 android-4.14 fae940268dce 32329ceb .config console log report ci-android-414-kasan-gce-root
2019/06/07 07:13 android-4.14 2db1f1cda2c2 698773cb .config console log report ci-android-414-kasan-gce-root
2019/06/05 16:03 android-4.14 50f99a65439b bfb4a51e .config console log report ci-android-414-kasan-gce-root
2019/05/02 00:15 android-4.14 c680586c4fb7 7516d9fa .config console log report ci-android-414-kasan-gce-root
2019/04/16 00:53 android-4.14 efe836537cf2 505ab413 .config console log report ci-android-414-kasan-gce-root
2019/04/13 12:21 android-4.14 efe836537cf2 c402d8f1 .config console log report ci-android-414-kasan-gce-root
2019/04/13 10:47 android-4.14 efe836537cf2 c402d8f1 .config console log report ci-android-414-kasan-gce-root
2019/04/07 07:51 android-4.14 171fc237b3cb c34fde03 .config console log report ci-android-414-kasan-gce-root
2019/03/15 15:35 android-4.14 8ed9bc6e6401 bab43553 .config console log report ci-android-414-kasan-gce-root
2019/03/02 15:26 android-4.14 934272e9380b 1c0e457a .config console log report ci-android-414-kasan-gce-root
2019/02/28 05:17 android-4.14 0cc8f104f45a 34ec456b .config console log report ci-android-414-kasan-gce-root
2019/02/24 12:07 android-4.14 6bdf39bb26fd 7a06e792 .config console log report ci-android-414-kasan-gce-root
2019/02/22 02:01 android-4.14 01709c953f89 7ff74a98 .config console log report ci-android-414-kasan-gce-root
2019/02/17 06:19 android-4.14 4a739e3530cc f42dee6d .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.