possible deadlock in shmem_file

duplicates (1):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
possible deadlock (4)	C			19	2275d	2293d	0/26	closed as dup on 2018/01/15 08:48

duplicates (1):

2275d

2293d

0/26

closed as dup on 2018/01/15 08:48

Title	Replies (including bot)	Last reply
[PATCH 3.16 000/410] 3.16.57-rc1 review	426 (426)	2018/11/12 17:42
[PATCH 4.4 00/63] 4.4.122-stable review	79 (79)	2018/04/06 07:51
[PATCH 4.14 000/109] 4.14.28-stable review	141 (141)	2018/03/27 10:23
[PATCH 4.9 00/86] 4.9.88-stable review	97 (97)	2018/03/22 17:47
[PATCH 4.15 000/128] 4.15.11-stable review	141 (141)	2018/03/19 08:29
[PATCH 3.18 00/25] 3.18.100-stable review	30 (30)	2018/03/18 10:14
[PATCH v2] staging: android: ashmem: Fix lockdep issue during llseek	6 (6)	2018/02/27 18:16
[PATCH] staging: ashmem: Fix lockdep issue during llseek	3 (3)	2018/02/16 17:37
[PATCH] staging: ashmem: Fix lockdep issue during llseek	1 (1)	2018/02/06 00:49
Re: possible deadlock in shmem_file_llseek	1 (2)	2018/01/31 17:42
possible deadlock in shmem_file_llseek	6 (9)	2018/01/30 03:05
[PATCH] staging: ashmem: Fix lockdep issue during llseek	6 (6)	2018/01/26 20:45

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-44	possible deadlock in shmem_file_llseek	C			1487	2224d	2298d	2/2	fixed on 2018/11/07 15:43

android-44

possible deadlock in shmem_file_llseek

1487

2224d

2298d

2/2

fixed on 2018/11/07 15:43

audit: type=1400 audit(1518851495.611:8): avc: denied { map } for pid=4070 comm="syzkaller192186" path="/dev/ashmem" dev="devtmpfs" ino=161 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 ====================================================== WARNING: possible circular locking dependency detected 4.16.0-rc1+ #316 Not tainted ------------------------------------------------------ syzkaller192186/4070 is trying to acquire lock: (&sb->s_type->i_mutex_key#11){++++}, at: [<00000000afc83883>] inode_lock include/linux/fs.h:713 [inline] (&sb->s_type->i_mutex_key#11){++++}, at: [<00000000afc83883>] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 but task is already holding lock: (ashmem_mutex){+.+.}, at: [<000000009c52fe84>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:326 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (ashmem_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908 ashmem_mmap+0x53/0x410 drivers/staging/android/ashmem.c:362 call_mmap include/linux/fs.h:1786 [inline] mmap_region+0xa99/0x15a0 mm/mmap.c:1705 do_mmap+0x6c0/0xe00 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2223 [inline] vm_mmap_pgoff+0x1de/0x280 mm/util.c:355 SYSC_mmap_pgoff mm/mmap.c:1533 [inline] SyS_mmap_pgoff+0x462/0x5f0 mm/mmap.c:1491 SYSC_mmap arch/x86/kernel/sys_x86_64.c:100 [inline] SyS_mmap+0x16/0x20 arch/x86/kernel/sys_x86_64.c:91 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #1 (&mm->mmap_sem){++++}: __might_fault+0x13a/0x1d0 mm/memory.c:4571 _copy_to_user+0x2c/0xc0 lib/usercopy.c:25 copy_to_user include/linux/uaccess.h:155 [inline] filldir+0x1a7/0x320 fs/readdir.c:196 dir_emit_dot include/linux/fs.h:3370 [inline] dir_emit_dots include/linux/fs.h:3381 [inline] dcache_readdir+0x12d/0x5e0 fs/libfs.c:192 iterate_dir+0x1ca/0x530 fs/readdir.c:51 SYSC_getdents fs/readdir.c:231 [inline] SyS_getdents+0x225/0x450 fs/readdir.c:212 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 -> #0 (&sb->s_type->i_mutex_key#11){++++}: lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 vfs_llseek+0xa2/0xd0 fs/read_write.c:300 ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:338 vfs_llseek fs/read_write.c:300 [inline] SYSC_lseek fs/read_write.c:313 [inline] SyS_lseek+0xeb/0x170 fs/read_write.c:304 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#11 --> &mm->mmap_sem --> ashmem_mutex Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ashmem_mutex); lock(&mm->mmap_sem); lock(ashmem_mutex); lock(&sb->s_type->i_mutex_key#11); *** DEADLOCK *** 1 lock held by syzkaller192186/4070: #0: (ashmem_mutex){+.+.}, at: [<000000009c52fe84>] ashmem_llseek+0x56/0x1f0 drivers/staging/android/ashmem.c:326 stack backtrace: CPU: 1 PID: 4070 Comm: syzkaller192186 Not tainted 4.16.0-rc1+ #316 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223 check_prev_add kernel/locking/lockdep.c:1863 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920 down_write+0x87/0x120 kernel/locking/rwsem.c:70 inode_lock include/linux/fs.h:713 [inline] shmem_file_llseek+0xef/0x240 mm/shmem.c:2579 vfs_llseek+0xa2/0xd0 fs/read_write.c:300 ashmem_llseek+0xe7/0x1f0 drivers/staging/android/ashmem.c:338 vfs_llseek fs/read_write.c:300 [inline] SYSC_lseek fs/read_write.c:313 [inline] SyS_lseek+0xeb/0x170 fs/read_write.c:304 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwfram

Crashes (4432):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/02/17 07:14	upstream	1e3510b2b053	c8b3f7c1	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/02/15 10:19	upstream	e525de3ab046	77ed06bf	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/02/05 06:56	upstream	35277995e179	a1bc9d40	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/02/02 20:46	upstream	03f51d4efa22	632a8c2c	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/01/10 05:50	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/01/10 05:25	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/01/10 05:13	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/01/09 21:58	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/01/09 21:44	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce
2018/02/17 07:28	upstream	1e3510b2b053	c8b3f7c1	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/02/15 10:19	upstream	e525de3ab046	77ed06bf	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/02/05 06:51	upstream	35277995e179	a1bc9d40	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/02/02 20:46	upstream	03f51d4efa22	632a8c2c	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/31 15:58	upstream	3da90b159b14	02553e22	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/16 11:31	upstream	a8750ddca918	4198e588	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/14 18:07	upstream	2c1cfa499018	66d492a6	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/10 06:11	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/10 05:49	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/10 05:24	upstream	d476c5334f1d	1f60c828	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2018/01/21 20:01	linux-next	761914dd2975	fbbdcd92	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/21 19:55	mmots	2734fabdcba4	fbbdcd92	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/18 04:09	linux-next	1fec57a31e56	b8970f31	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/17 08:40	linux-next	1fec57a31e56	a46e5318	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/16 10:50	linux-next	fdddade65d7b	4198e588	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/10 06:21	linux-next	b4464bcab38d	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/10 06:08	mmots	69eed2290e1d	1f60c828	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/10 05:56	linux-next	b4464bcab38d	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/10 05:46	mmots	69eed2290e1d	1f60c828	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/10 05:23	linux-next	06d41862286a	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/10 05:22	mmots	69eed2290e1d	1f60c828	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/10 05:12	linux-next	06d41862286a	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/10 05:10	mmots	69eed2290e1d	1f60c828	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/09 21:58	linux-next	06d41862286a	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/01/09 21:54	mmots	69eed2290e1d	1f60c828	.config	console log	report	syz	C	ci-upstream-mmots-kasan-gce
2018/01/09 20:48	linux-next	06d41862286a	1f60c828	.config	console log	report	syz	C	ci-upstream-next-kasan-gce
2018/03/05 19:38	upstream	661e50bc8532	bbd5104f	.config	console log	report	syz		ci-upstream-kasan-gce-386
2018/03/14 14:15	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/14 07:21	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/14 05:57	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/14 04:44	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/14 03:13	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 19:54	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 18:29	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 16:35	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 14:04	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 10:04	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 08:19	upstream	fc6eabbbf8ef	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 05:31	upstream	fc6eabbbf8ef	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 02:21	upstream	fc6eabbbf8ef	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/13 00:38	upstream	fc6eabbbf8ef	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 20:22	upstream	0c8efd610b58	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 18:58	upstream	0c8efd610b58	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 16:12	upstream	0c8efd610b58	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 14:11	upstream	0c8efd610b58	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 11:54	upstream	0c8efd610b58	f505ca4b	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 06:56	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/12 03:09	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/11 22:00	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/11 13:26	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/11 12:17	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/11 09:08	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/11 05:08	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 23:56	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 22:08	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 20:17	upstream	cdb06e9d8f52	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 17:45	upstream	cdb06e9d8f52	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 13:42	upstream	cdb06e9d8f52	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 09:19	upstream	cdb06e9d8f52	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 06:52	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 03:49	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/10 02:39	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/09 23:33	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/09 21:47	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce
2018/03/14 08:53	upstream	fc6eabbbf8ef	08dacaa0	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/12 08:32	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/12 05:52	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/12 02:07	upstream	abeb75218aeb	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/11 18:57	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/11 16:09	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/11 03:18	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/11 01:19	upstream	3266b5bd97ea	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/10 11:30	upstream	cdb06e9d8f52	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386
2018/03/10 05:03	upstream	719ea86151f3	36d1c454	.config	console log	report			ci-upstream-kasan-gce-386

Crashes (4432):

Assets (help?)

2018/02/17 07:14

upstream