syzbot


possible deadlock in do_io_accounting

Status: public: reported C repro on 2019/04/12 00:00
Reported-by: syzbot+6239eb16338efe02b7eb@syzkaller.appspotmail.com
First crash: 2310d, last: 1576d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 possible deadlock in do_io_accounting C 28 1578d 1813d 0/2 public: reported C repro on 2019/04/11 08:44
linux-4.19 possible deadlock in do_io_accounting C done 4 1641d 1752d 1/1 fixed on 2019/12/10 20:49
upstream possible deadlock in do_io_accounting (3) fs C inconclusive done 39 1463d 1553d 15/26 fixed on 2020/08/18 22:40
linux-4.19 possible deadlock in do_io_accounting (2) syz error 26 1293d 1556d 0/1 upstream: reported syz repro on 2019/12/24 07:12
upstream possible deadlock in do_io_accounting fs syz 1003 1827d 2305d 0/26 closed as dup on 2017/12/12 21:27
upstream possible deadlock in do_io_accounting (2) fs 1 1801d 1798d 0/26 auto-closed as invalid on 2019/10/20 09:03
android-414 possible deadlock in do_io_accounting syz 70 1829d 1812d 0/1 public: reported syz repro on 2019/04/12 00:01
linux-4.14 possible deadlock in do_io_accounting C error 56 790d 1739d 0/1 upstream: reported C repro on 2019/06/24 03:04

Sample crash report:
======================================================
[ INFO: possible circular locking dependency detected ]
4.9.128+ #45 Not tainted
-------------------------------------------------------
syz-executor888/5205 is trying to acquire lock:
 (&sig->cred_guard_mutex){+.+.+.}, at: [<ffffffff816384db>] do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2676
but task is already holding lock:
 (&p->lock){+.+.+.}, at: [<ffffffff8155eafd>] seq_read+0xdd/0x12d0 fs/seq_file.c:178
which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xc0/0x870 kernel/locking/mutex.c:621
       seq_read+0xdd/0x12d0 fs/seq_file.c:178
       proc_reg_read+0xfd/0x180 fs/proc/inode.c:203
       do_loop_readv_writev.part.1+0xd5/0x280 fs/read_write.c:718
       do_loop_readv_writev fs/read_write.c:707 [inline]
       do_readv_writev+0x56e/0x7b0 fs/read_write.c:873
       vfs_readv+0x84/0xc0 fs/read_write.c:897
       kernel_readv fs/splice.c:363 [inline]
       default_file_splice_read+0x44b/0x7e0 fs/splice.c:435
       do_splice_to+0x10c/0x170 fs/splice.c:899
       do_splice fs/splice.c:1192 [inline]
       SYSC_splice fs/splice.c:1416 [inline]
       SyS_splice+0x10d2/0x14d0 fs/splice.c:1399
       do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline]
       do_fast_syscall_32+0x2f1/0x860 arch/x86/entry/common.c:387
       entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_nested+0xc0/0x870 kernel/locking/mutex.c:621
       __pipe_lock fs/pipe.c:87 [inline]
       fifo_open+0x15c/0x9e0 fs/pipe.c:921
       do_dentry_open+0x3ef/0xc90 fs/open.c:766
       vfs_open+0x11c/0x210 fs/open.c:879
       do_last fs/namei.c:3410 [inline]
       path_openat+0x542/0x2790 fs/namei.c:3534
       do_filp_open+0x197/0x270 fs/namei.c:3568
       do_open_execat+0x10f/0x640 fs/exec.c:844
       do_execveat_common.isra.15+0x687/0x1f80 fs/exec.c:1723
       compat_do_execve fs/exec.c:1856 [inline]
       C_SYSC_execve fs/exec.c:1931 [inline]
       compat_SyS_execve+0x48/0x60 fs/exec.c:1927
       do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline]
       do_fast_syscall_32+0x2f1/0x860 arch/x86/entry/common.c:387
       entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

       check_prev_add kernel/locking/lockdep.c:1828 [inline]
       check_prevs_add kernel/locking/lockdep.c:1938 [inline]
       validate_chain kernel/locking/lockdep.c:2265 [inline]
       __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
       lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
       __mutex_lock_common kernel/locking/mutex.c:521 [inline]
       mutex_lock_killable_nested+0xcc/0x960 kernel/locking/mutex.c:641
       do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2676
       proc_tgid_io_accounting+0x22/0x30 fs/proc/base.c:2725
       proc_single_show+0xfd/0x170 fs/proc/base.c:771
       traverse+0x363/0x920 fs/seq_file.c:124
       seq_read+0xd1b/0x12d0 fs/seq_file.c:195
       __vfs_read+0x115/0x560 fs/read_write.c:449
       vfs_read+0x124/0x390 fs/read_write.c:472
       SYSC_pread64 fs/read_write.c:626 [inline]
       SyS_pread64+0x145/0x170 fs/read_write.c:613
       sys32_pread+0x39/0x50 arch/x86/ia32/sys_ia32.c:179
       do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline]
       do_fast_syscall_32+0x2f1/0x860 arch/x86/entry/common.c:387
       entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

other info that might help us debug this:

Chain exists of:
 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&p->lock);
                               lock(&pipe->mutex/1);
                               lock(&p->lock);
  lock(&sig->cred_guard_mutex);

 *** DEADLOCK ***

1 lock held by syz-executor888/5205:
 #0:  (&p->lock){+.+.+.}, at: [<ffffffff8155eafd>] seq_read+0xdd/0x12d0 fs/seq_file.c:178

stack backtrace:
CPU: 0 PID: 5205 Comm: syz-executor888 Not tainted 4.9.128+ #45
 ffff8801d3e5f518 ffffffff81af2469 ffffffff83aa8440 ffffffff83aa2ad0
 ffffffff83aa1180 ffff8801d3e2b850 ffff8801d3e2af80 ffff8801d3e5f560
 ffffffff813e79ed 0000000000000001 00000000d3e2b830 0000000000000001
Call Trace:
 [<ffffffff81af2469>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81af2469>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff813e79ed>] print_circular_bug.cold.36+0x2f7/0x432 kernel/locking/lockdep.c:1202
 [<ffffffff81202779>] check_prev_add kernel/locking/lockdep.c:1828 [inline]
 [<ffffffff81202779>] check_prevs_add kernel/locking/lockdep.c:1938 [inline]
 [<ffffffff81202779>] validate_chain kernel/locking/lockdep.c:2265 [inline]
 [<ffffffff81202779>] __lock_acquire+0x3189/0x4a10 kernel/locking/lockdep.c:3345
 [<ffffffff81204b10>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff827837bc>] __mutex_lock_common kernel/locking/mutex.c:521 [inline]
 [<ffffffff827837bc>] mutex_lock_killable_nested+0xcc/0x960 kernel/locking/mutex.c:641
 [<ffffffff816384db>] do_io_accounting+0x1fb/0x7e0 fs/proc/base.c:2676
 [<ffffffff81638ae2>] proc_tgid_io_accounting+0x22/0x30 fs/proc/base.c:2725
 [<ffffffff8163683d>] proc_single_show+0xfd/0x170 fs/proc/base.c:771
 [<ffffffff8155e0a3>] traverse+0x363/0x920 fs/seq_file.c:124
 [<ffffffff8155f73b>] seq_read+0xd1b/0x12d0 fs/seq_file.c:195
 [<ffffffff814e8535>] __vfs_read+0x115/0x560 fs/read_write.c:449
 [<ffffffff814eb1b4>] vfs_read+0x124/0x390 fs/read_write.c:472
 [<ffffffff814ef605>] SYSC_pread64 fs/read_write.c:626 [inline]
 [<ffffffff814ef605>] SyS_pread64+0x145/0x170 fs/read_write.c:613
 [<ffffffff810c4299>] sys32_pread+0x39/0x50 arch/x86/ia32/sys_ia32.c:179
 [<ffffffff81005fd1>] do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline]
 [<ffffffff81005fd1>] do_fast_syscall_32+0x2f1/0x860 arch/x86/entry/common.c:387
 [<ffffffff8278f460>] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137

Crashes (4521):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/09/22 18:26 https://android.googlesource.com/kernel/common android-4.9 1c57ba4f543b 37079712 .config console log report syz C ci-android-49-kasan-gce-386
2018/09/22 00:01 https://android.googlesource.com/kernel/common android-4.9 1c57ba4f543b 37079712 .config console log report syz C ci-android-49-kasan-gce-386
2018/09/22 18:53 https://android.googlesource.com/kernel/common android-4.9 1c57ba4f543b 37079712 .config console log report syz ci-android-49-kasan-gce-root
2018/09/22 18:28 https://android.googlesource.com/kernel/common android-4.9 1c57ba4f543b 37079712 .config console log report syz ci-android-49-kasan-gce
2018/09/21 23:57 https://android.googlesource.com/kernel/common android-4.9 1c57ba4f543b 37079712 .config console log report syz ci-android-49-kasan-gce
2019/12/03 22:20 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 ae13a849 .config console log report ci-android-49-kasan-gce
2019/12/02 18:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 f879db37 .config console log report ci-android-49-kasan-gce
2019/11/30 09:23 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3a75be00 .config console log report ci-android-49-kasan-gce
2019/11/27 05:21 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 1048481f .config console log report ci-android-49-kasan-gce
2019/11/26 00:32 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 f746151a .config console log report ci-android-49-kasan-gce
2019/11/25 21:48 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 371caf77 .config console log report ci-android-49-kasan-gce
2019/11/25 19:34 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 371caf77 .config console log report ci-android-49-kasan-gce
2019/11/23 16:21 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 598ca6c8 .config console log report ci-android-49-kasan-gce
2019/11/23 07:50 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 598ca6c8 .config console log report ci-android-49-kasan-gce
2019/11/23 06:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 598ca6c8 .config console log report ci-android-49-kasan-gce
2019/11/22 10:09 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8098ea0f .config console log report ci-android-49-kasan-gce
2019/11/21 17:40 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8098ea0f .config console log report ci-android-49-kasan-gce
2019/11/21 16:40 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8098ea0f .config console log report ci-android-49-kasan-gce
2019/11/21 06:16 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8098ea0f .config console log report ci-android-49-kasan-gce
2019/11/21 02:56 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8098ea0f .config console log report ci-android-49-kasan-gce
2019/11/20 00:00 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 5bc70212 .config console log report ci-android-49-kasan-gce
2019/11/18 20:31 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 1daed50a .config console log report ci-android-49-kasan-gce
2019/11/18 04:36 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce
2019/11/17 17:42 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce
2019/11/17 09:43 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce
2019/11/17 01:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce
2019/11/16 14:03 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce
2019/11/16 10:40 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cdac920b .config console log report ci-android-49-kasan-gce
2019/11/15 03:19 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a24fe792 .config console log report ci-android-49-kasan-gce
2019/11/14 14:34 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 5d15a967 .config console log report ci-android-49-kasan-gce
2019/11/14 04:29 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/14 00:01 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/13 14:54 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/13 09:27 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/13 00:10 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/12 20:26 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/12 19:12 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/12 17:16 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/12 02:41 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce
2019/11/11 09:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 dc438b91 .config console log report ci-android-49-kasan-gce
2019/11/11 07:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 dc438b91 .config console log report ci-android-49-kasan-gce
2019/11/11 06:05 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 dc438b91 .config console log report ci-android-49-kasan-gce
2019/11/11 04:59 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 dc438b91 .config console log report ci-android-49-kasan-gce
2019/03/10 15:18 https://android.googlesource.com/kernel/common android-4.9 1597fdfe52ba 12365b99 .config console log report ci-android-49-kasan-gce-root
2019/11/24 22:35 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 598ca6c8 .config console log report ci-android-49-kasan-gce-386
2019/11/18 08:10 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce-386
2019/11/18 02:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d5696d51 .config console log report ci-android-49-kasan-gce-386
2019/11/11 00:14 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 dc438b91 .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.