syzbot


possible deadlock in perf_trace_destroy (2)

Status: auto-closed as invalid on 2019/10/05 09:33
Reported-by: syzbot+2d2973d863a2455155ed@syzkaller.appspotmail.com
First crash: 1894d, last: 1894d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in perf_trace_destroy (3) trace 12 2007d 2136d 0/27 auto-closed as invalid on 2019/06/14 09:18
upstream possible deadlock in perf_trace_destroy (2) trace C 2006 2325d 2411d 5/27 fixed on 2018/04/24 21:47
android-414 possible deadlock in perf_trace_destroy 1 2104d 2104d 0/1 auto-closed as invalid on 2019/03/09 03:11
upstream possible deadlock in perf_trace_destroy trace C 525 2433d 2417d 0/27 closed as invalid on 2017/11/01 19:39
linux-4.14 possible deadlock in perf_trace_destroy C inconclusive 829 1476d 1887d 0/1 upstream: reported C repro on 2019/04/15 13:38

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
4.14.111+ #50 Not tainted
------------------------------------------------------
syz-executor.4/15346 is trying to acquire lock:
 (event_mutex){+.+.}, at: [<00000000c5396a4c>] perf_trace_destroy+0x23/0x100 kernel/trace/trace_event_perf.c:234

but task is already holding lock:
 (&event->child_mutex){+.+.}, at: [<00000000c4d81918>] perf_event_release_kernel+0x1fc/0x870 kernel/events/core.c:4402

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #8 (&event->child_mutex){+.+.}:

-> #7 (&cpuctx_mutex){+.+.}:

-> #6 (pmus_lock){+.+.}:

-> #5 (cpu_hotplug_lock.rw_sem){++++}:

-> #4 (&sb->s_type->i_mutex_key#10){+.+.}:

-> #3 (ashmem_mutex){+.+.}:

-> #2 (&mm->mmap_sem){++++}:

-> #1 (&sb->s_type->i_mutex_key#5){++++}:

-> #0 (event_mutex){+.+.}:

other info that might help us debug this:

Chain exists of:
  event_mutex --> &cpuctx_mutex --> &event->child_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&event->child_mutex);
                               lock(&cpuctx_mutex);
                               lock(&event->child_mutex);
  lock(event_mutex);

 *** DEADLOCK ***

2 locks held by syz-executor.4/15346:
 #0:  (&ctx->mutex){+.+.}, at: [<00000000c300d21e>] perf_event_release_kernel+0x1f2/0x870 kernel/events/core.c:4401
 #1:  (&event->child_mutex){+.+.}, at: [<00000000c4d81918>] perf_event_release_kernel+0x1fc/0x870 kernel/events/core.c:4402

stack backtrace:
CPU: 1 PID: 15346 Comm: syz-executor.4 Not tainted 4.14.111+ #50
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xb9/0x10e lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/08 09:32 android-4.14 171fc237b3cb c34fde03 .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.