possible deadlock in vm_mmap

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	possible deadlock in vm_mmap_pgoff origin:upstream	C			30	10d	396d	0/3	upstream: reported C repro on 2023/03/20 04:41
linux-4.19	possible deadlock in vm_mmap_pgoff (2)	C		error	2	508d	511d	0/1	upstream: reported C repro on 2022/11/25 13:47
linux-5.15	possible deadlock in vm_mmap_pgoff origin:upstream	C		error	22	4d16h	397d	0/3	upstream: reported C repro on 2023/03/19 23:00
upstream	possible deadlock in vm_mmap_pgoff reiserfs	C	inconclusive	inconclusive	225	81d	1088d	0/26	upstream: reported C repro on 2021/04/27 15:18
linux-4.14	possible deadlock in vm_mmap_pgoff reiserfs	C			4	436d	503d	0/1	upstream: reported C repro on 2022/12/03 00:54

====================================================== WARNING: possible circular locking dependency detected 4.19.201-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.3/8263 is trying to acquire lock: 00000000d1035998 (event_mutex){+.+.}, at: perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:236 but task is already holding lock: 0000000095196201 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x152/0x200 mm/util.c:355 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (&mm->mmap_sem){++++}: dup_mmap kernel/fork.c:436 [inline] dup_mm kernel/fork.c:1284 [inline] copy_mm kernel/fork.c:1340 [inline] copy_process.part.0+0x2bcf/0x8260 kernel/fork.c:1912 copy_process kernel/fork.c:1709 [inline] _do_fork+0x22f/0xf30 kernel/fork.c:2218 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #2 (&dup_mmap_sem){++++}: percpu_down_write+0x62/0x3f0 kernel/locking/percpu-rwsem.c:145 register_for_each_vma+0x91/0xe40 kernel/events/uprobes.c:793 __uprobe_register kernel/events/uprobes.c:929 [inline] uprobe_register+0x3dc/0x730 kernel/events/uprobes.c:944 probe_event_enable+0x425/0xbb0 kernel/trace/trace_uprobe.c:915 trace_uprobe_register+0x2d8/0x790 kernel/trace/trace_uprobe.c:1200 perf_trace_event_reg kernel/trace/trace_event_perf.c:124 [inline] perf_trace_event_init+0x4c1/0x920 kernel/trace/trace_event_perf.c:199 perf_uprobe_init+0x165/0x200 kernel/trace/trace_event_perf.c:330 perf_uprobe_event_init+0xf8/0x190 kernel/events/core.c:8613 perf_try_init_event+0x124/0x2e0 kernel/events/core.c:9884 perf_init_event kernel/events/core.c:9915 [inline] perf_event_alloc.part.0+0x1b16/0x2eb0 kernel/events/core.c:10189 perf_event_alloc kernel/events/core.c:10559 [inline] __do_sys_perf_event_open kernel/events/core.c:10660 [inline] __se_sys_perf_event_open+0x550/0x2720 kernel/events/core.c:10549 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (&uprobe->register_rwsem){+.+.}: __uprobe_register kernel/events/uprobes.c:925 [inline] uprobe_register+0x34b/0x730 kernel/events/uprobes.c:944 probe_event_enable+0x425/0xbb0 kernel/trace/trace_uprobe.c:915 trace_uprobe_register+0x2d8/0x790 kernel/trace/trace_uprobe.c:1200 perf_trace_event_reg kernel/trace/trace_event_perf.c:124 [inline] perf_trace_event_init+0x4c1/0x920 kernel/trace/trace_event_perf.c:199 perf_uprobe_init+0x165/0x200 kernel/trace/trace_event_perf.c:330 perf_uprobe_event_init+0xf8/0x190 kernel/events/core.c:8613 perf_try_init_event+0x124/0x2e0 kernel/events/core.c:9884 perf_init_event kernel/events/core.c:9915 [inline] perf_event_alloc.part.0+0x1b16/0x2eb0 kernel/events/core.c:10189 perf_event_alloc kernel/events/core.c:10559 [inline] __do_sys_perf_event_open kernel/events/core.c:10660 [inline] __se_sys_perf_event_open+0x550/0x2720 kernel/events/core.c:10549 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (event_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:938 [inline] __mutex_lock+0xd7/0x1200 kernel/locking/mutex.c:1083 perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:236 _free_event+0x32c/0x1150 kernel/events/core.c:4484 put_event kernel/events/core.c:4578 [inline] perf_mmap_close+0x6f6/0xea0 kernel/events/core.c:5582 remove_vma+0xa9/0x170 mm/mmap.c:176 remove_vma_list mm/mmap.c:2550 [inline] do_munmap+0x6f9/0xde0 mm/mmap.c:2786 mmap_region+0x2a3/0x16b0 mm/mmap.c:1700 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 do_mmap_pgoff include/linux/mm.h:2329 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: event_mutex --> &dup_mmap_sem --> &mm->mmap_sem Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&mm->mmap_sem); lock(&dup_mmap_sem); lock(&mm->mmap_sem); lock(event_mutex); *** DEADLOCK *** 1 lock held by syz-executor.3/8263: #0: 0000000095196201 (&mm->mmap_sem){++++}, at: vm_mmap_pgoff+0x152/0x200 mm/util.c:355 stack backtrace: CPU: 1 PID: 8263 Comm: syz-executor.3 Not tainted 4.19.201-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:938 [inline] __mutex_lock+0xd7/0x1200 kernel/locking/mutex.c:1083 perf_trace_destroy+0x23/0xf0 kernel/trace/trace_event_perf.c:236 _free_event+0x32c/0x1150 kernel/events/core.c:4484 put_event kernel/events/core.c:4578 [inline] perf_mmap_close+0x6f6/0xea0 kernel/events/core.c:5582 remove_vma+0xa9/0x170 mm/mmap.c:176 remove_vma_list mm/mmap.c:2550 [inline] do_munmap+0x6f9/0xde0 mm/mmap.c:2786 mmap_region+0x2a3/0x16b0 mm/mmap.c:1700 do_mmap+0x8e8/0x1080 mm/mmap.c:1530 do_mmap_pgoff include/linux/mm.h:2329 [inline] vm_mmap_pgoff+0x197/0x200 mm/util.c:357 ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4665e9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9d4dc31188 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665e9 RDX: 0000000000000000 RSI: 0000000000003000 RDI: 0000000020ffc000 RBP: 00000000004bfcc4 R08: 0000000000000004 R09: 0000000000000000 R10: 0000000000000011 R11: 0000000000000246 R12: 000000000056c0f0 R13: 00007ffdc237f84f R14: 00007f9d4dc31300 R15: 0000000000022000

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2021/08/04 20:12	linux-4.19.y	6ca2f514c578	b97d64c9	.config	console log	report	info	ci2-linux-4-19	possible deadlock in vm_mmap_pgoff
2021/07/05 21:28	linux-4.19.y	9f84340f012e	55aa55c2	.config	console log	report	info	ci2-linux-4-19	possible deadlock in vm_mmap_pgoff
2021/05/13 08:48	linux-4.19.y	3c8c23092588	ed7d41c5	.config	console log	report	info	ci2-linux-4-19	possible deadlock in vm_mmap_pgoff
2021/04/04 18:31	linux-4.19.y	2034d6f0838e	6a81331a	.config	console log	report	info	ci2-linux-4-19	possible deadlock in vm_mmap_pgoff

Crashes (4):

Assets (help?)