Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
android-49 | possible deadlock in ashmem_llseek | 5 | 2404d | 2448d | 3/3 | fixed on 2019/04/09 03:09 |
syzbot |
sign-in | mailing list | source | docs |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
android-49 | possible deadlock in ashmem_llseek | 5 | 2404d | 2448d | 3/3 | fixed on 2019/04/09 03:09 |
====================================================== [ INFO: possible circular locking dependency detected ] 4.4.111-gc2f631b #27 Not tainted ------------------------------------------------------- syz-executor5/6114 is trying to acquire lock: (&sb->s_type->i_mutex_key#10){+.+.+.}, at: [ 42.960134] binder: 6084:6117 ioctl c0306201 20007000 returned -14 [<ffffffff814623f1>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816 but task is already holding lock: (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63fc6>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:330 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [<ffffffff8376c46b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621 [<ffffffff82c63413>] ashmem_mmap+0x53/0x400 drivers/staging/android/ashmem.c:366 [<ffffffff814aff5f>] mmap_region+0x94f/0x1250 mm/mmap.c:1664 [<ffffffff814b0d5d>] do_mmap+0x4fd/0x9d0 mm/mmap.c:1441 [<ffffffff8146f10e>] do_mmap_pgoff include/linux/mm.h:1915 [inline] [<ffffffff8146f10e>] vm_mmap_pgoff+0x16e/0x1c0 mm/util.c:272 [<ffffffff814aef2f>] SYSC_mmap_pgoff mm/mmap.c:1491 [inline] [<ffffffff814aef2f>] SyS_mmap_pgoff+0x33f/0x560 mm/mmap.c:1449 [<ffffffff8101beb6>] SYSC_mmap arch/x86/kernel/sys_x86_64.c:95 [inline] [<ffffffff8101beb6>] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:86 [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92 [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [<ffffffff8149472a>] __might_fault+0x14a/0x1d0 mm/memory.c:3810 [<ffffffff8155a222>] copy_to_user arch/x86/include/asm/uaccess.h:760 [inline] [<ffffffff8155a222>] filldir+0x162/0x2d0 fs/readdir.c:180 [<ffffffff815979ae>] dir_emit_dot include/linux/fs.h:3070 [inline] [<ffffffff815979ae>] dir_emit_dots include/linux/fs.h:3081 [inline] [<ffffffff815979ae>] dcache_readdir+0x11e/0x7b0 fs/libfs.c:150 [<ffffffff81559e68>] iterate_dir+0x1c8/0x420 fs/readdir.c:42 [<ffffffff8155ab5a>] SYSC_getdents fs/readdir.c:215 [inline] [<ffffffff8155ab5a>] SyS_getdents+0x14a/0x270 fs/readdir.c:196 [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92 [<ffffffff81239b4f>] check_prev_add kernel/locking/lockdep.c:1853 [inline] [<ffffffff81239b4f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [<ffffffff81239b4f>] validate_chain kernel/locking/lockdep.c:2144 [inline] [<ffffffff81239b4f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213 [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [<ffffffff8376c46b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621 [<ffffffff814623f1>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816 [<ffffffff8151bbb2>] vfs_llseek+0xa2/0xd0 fs/read_write.c:260 [<ffffffff82c64057>] ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:342 [<ffffffff8151d9bb>] vfs_llseek fs/read_write.c:260 [inline] [<ffffffff8151d9bb>] SYSC_lseek fs/read_write.c:285 [inline] [<ffffffff8151d9bb>] SyS_lseek+0xeb/0x170 fs/read_write.c:276 [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92 other info that might help us debug this: Chain exists of: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ashmem_mutex); lock(&mm->mmap_sem); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#10); *** DEADLOCK *** 1 lock held by syz-executor5/6114: #0: (ashmem_mutex){+.+.+.}, at: [<ffffffff82c63fc6>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:330 stack backtrace: CPU: 1 PID: 6114 Comm: syz-executor5 Not tainted 4.4.111-gc2f631b #27 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 2070ab71cf5bca2c ffff8801cde27ad8 ffffffff81d0513d ffffffff8519d370 ffffffff851a6d00 ffffffff851bbe80 ffff8801c6172058 ffff8801c61717c0 ffff8801cde27b20 ffffffff81232bc1 ffff8801c6172058 Call Trace: [<ffffffff81d0513d>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d0513d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [<ffffffff81232bc1>] print_circular_bug+0x271/0x310 kernel/locking/lockdep.c:1226 [<ffffffff81239b4f>] check_prev_add kernel/locking/lockdep.c:1853 [inline] [<ffffffff81239b4f>] check_prevs_add kernel/locking/lockdep.c:1958 [inline] [<ffffffff81239b4f>] validate_chain kernel/locking/lockdep.c:2144 [inline] [<ffffffff81239b4f>] __lock_acquire+0x371f/0x4b50 kernel/locking/lockdep.c:3213 [<ffffffff8123c7ee>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [<ffffffff8376c46b>] __mutex_lock_common kernel/locking/mutex.c:521 [inline] [<ffffffff8376c46b>] mutex_lock_nested+0xbb/0x850 kernel/locking/mutex.c:621 [<ffffffff814623f1>] shmem_file_llseek+0xf1/0x240 mm/shmem.c:1816 binder: release 6085:6093 transaction 13 out, still active binder: undelivered TRANSACTION_COMPLETE binder: undelivered TRANSACTION_ERROR: 29201 binder: send failed reply for transaction 13, target dead [<ffffffff8151bbb2>] vfs_llseek+0xa2/0xd0 fs/read_write.c:260 [<ffffffff82c64057>] ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:342 [<ffffffff8151d9bb>] vfs_llseek fs/read_write.c:260 [inline] [<ffffffff8151d9bb>] SYSC_lseek fs/read_write.c:285 [inline] [<ffffffff8151d9bb>] SyS_lseek+0xeb/0x170 fs/read_write.c:276 [<ffffffff83775919>] entry_SYSCALL_64_fastpath+0x16/0x92
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2018/01/17 05:42 | https://android.googlesource.com/kernel/common android-4.4 | c2f631bf4969 | a46e5318 | .config | console log | report | ci-android-44-kasan-gce | |||||
2018/03/20 21:44 | https://android.googlesource.com/kernel/common android-4.4 | d63fdf61a4dc | 72c33b66 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
2018/01/30 14:16 | https://android.googlesource.com/kernel/common android-4.4 | 962d1f3fe2f4 | a899be78 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
2018/01/20 11:29 | https://android.googlesource.com/kernel/common android-4.4 | 3fc4284df70b | fbbdcd92 | .config | console log | report | ci-android-44-kasan-gce-386 |