WARNING in arch_install_hw_breakpoint
9 views
Skip to first unread message
syzbot
Apr 12, 2019, 8:01:18 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 740617b2 ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1258bd93200000
kernel config: https://syzkaller.appspot.com/x/.config?x=e5b10334e557f439
dashboard link: https://syzkaller.appspot.com/bug?extid=2eca4218d91d1b3dc7ff
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f38e8b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2eca42...@syzkaller.appspotmail.com
random: cc1: uninitialized urandom read (8 bytes read)
audit: type=1400 audit(1553322826.509:9): avc: denied { map } for
pid=1802 comm="syz-execprog" path="/root/syzkaller-shm925405876" dev="sda1"
ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
Can't find any breakpoint slot
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2746 at arch/x86/kernel/hw_breakpoint.c:121
arch_install_hw_breakpoint.cold+0x13/0x1f
arch/x86/kernel/hw_breakpoint.c:121
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2746 Comm: syz-executor.2 Not tainted 4.14.107+ #34
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
panic+0x1d9/0x3c2 kernel/panic.c:182
__warn.cold+0x2f/0x3b kernel/panic.c:546
======================================================
WARNING: possible circular locking dependency detected
4.14.107+ #34 Not tainted
------------------------------------------------------
syz-executor.2/2746 is trying to acquire lock:
((console_sem).lock){-...}, at: [<ffffffffa8beff9e>] down_trylock+0xe/0x60
kernel/locking/semaphore.c:136
but task is already holding lock:
(&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_ctx_lock
kernel/events/core.c:157 [inline]
(&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_event_context_sched_in
kernel/events/core.c:3265 [inline]
(&ctx->lock){....}, at: [<ffffffffa8df85f5>]
__perf_event_task_sched_in+0x2a5/0x420 kernel/events/core.c:3323
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&ctx->lock){....}:
-> #2 (&rq->lock){-.-.}:
-> #1 (&p->pi_lock){-.-.}:
-> #0 ((console_sem).lock){-...}:
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &rq->lock --> &ctx->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ctx->lock);
lock(&rq->lock);
lock(&ctx->lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by syz-executor.2/2746:
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>] perf_ctx_lock
kernel/events/core.c:155 [inline]
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>]
perf_event_context_sched_in kernel/events/core.c:3265 [inline]
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>]
__perf_event_task_sched_in+0x294/0x420 kernel/events/core.c:3323
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_ctx_lock
kernel/events/core.c:157 [inline]
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>]
perf_event_context_sched_in kernel/events/core.c:3265 [inline]
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>]
__perf_event_task_sched_in+0x2a5/0x420 kernel/events/core.c:3323
stack backtrace:
CPU: 0 PID: 2746 Comm: syz-executor.2 Not tainted 4.14.107+ #34
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
Kernel Offset: 0x27a00000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 740617b2 ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1258bd93200000
kernel config: https://syzkaller.appspot.com/x/.config?x=e5b10334e557f439
dashboard link: https://syzkaller.appspot.com/bug?extid=2eca4218d91d1b3dc7ff
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f38e8b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2eca42...@syzkaller.appspotmail.com
random: cc1: uninitialized urandom read (8 bytes read)
audit: type=1400 audit(1553322826.509:9): avc: denied { map } for
pid=1802 comm="syz-execprog" path="/root/syzkaller-shm925405876" dev="sda1"
ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
Can't find any breakpoint slot
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2746 at arch/x86/kernel/hw_breakpoint.c:121
arch_install_hw_breakpoint.cold+0x13/0x1f
arch/x86/kernel/hw_breakpoint.c:121
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2746 Comm: syz-executor.2 Not tainted 4.14.107+ #34
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
panic+0x1d9/0x3c2 kernel/panic.c:182
__warn.cold+0x2f/0x3b kernel/panic.c:546
======================================================
WARNING: possible circular locking dependency detected
4.14.107+ #34 Not tainted
------------------------------------------------------
syz-executor.2/2746 is trying to acquire lock:
((console_sem).lock){-...}, at: [<ffffffffa8beff9e>] down_trylock+0xe/0x60
kernel/locking/semaphore.c:136
but task is already holding lock:
(&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_ctx_lock
kernel/events/core.c:157 [inline]
(&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_event_context_sched_in
kernel/events/core.c:3265 [inline]
(&ctx->lock){....}, at: [<ffffffffa8df85f5>]
__perf_event_task_sched_in+0x2a5/0x420 kernel/events/core.c:3323
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&ctx->lock){....}:
-> #2 (&rq->lock){-.-.}:
-> #1 (&p->pi_lock){-.-.}:
-> #0 ((console_sem).lock){-...}:
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &rq->lock --> &ctx->lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ctx->lock);
lock(&rq->lock);
lock(&ctx->lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by syz-executor.2/2746:
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>] perf_ctx_lock
kernel/events/core.c:155 [inline]
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>]
perf_event_context_sched_in kernel/events/core.c:3265 [inline]
#0: (&cpuctx_lock){....}, at: [<ffffffffa8df85e4>]
__perf_event_task_sched_in+0x294/0x420 kernel/events/core.c:3323
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>] perf_ctx_lock
kernel/events/core.c:157 [inline]
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>]
perf_event_context_sched_in kernel/events/core.c:3265 [inline]
#1: (&ctx->lock){....}, at: [<ffffffffa8df85f5>]
__perf_event_task_sched_in+0x2a5/0x420 kernel/events/core.c:3323
stack backtrace:
CPU: 0 PID: 2746 Comm: syz-executor.2 Not tainted 4.14.107+ #34
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
Kernel Offset: 0x27a00000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 14, 2019, 5:28:23 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 270fbfb5 ANDROID: ion_dummy_driver: Remove SYSTEM_CONTIG h..
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10eb813b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=7a514a584a105c07
dashboard link: https://syzkaller.appspot.com/bug?extid=acfd3de78bec50ddcbf9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11ee093b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
audit: type=1400 audit(1553340375.890:5): avc: denied { associate } for
pid=2112 comm="syz-executor.4" name="syz4"
scontext=unconfined_u:object_r:unlabeled_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3019 at arch/x86/kernel/hw_breakpoint.c:121
arch_install_hw_breakpoint+0xbe/0x300 arch/x86/kernel/hw_breakpoint.c:121
Can't find any breakpoint slot[ 188.151986] Kernel panic - not syncing:
panic_on_warn set ...
CPU: 0 PID: 3019 Comm: syz-executor.3 Not tainted 4.9.164+ #24
ffff8801cc1ef590 ffffffff81b484d1 ffff8801cc1ef600 ffffffff82a39c20
00000000ffffffff 0000000000000000 0000000000000009 ffff8801cc1ef670
ffffffff813f7eea 0000000041b58ab3 ffffffff82e2e282 ffffffff813f7d11
Call Trace:
[<ffffffff81b484d1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b484d1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813f7eea>] panic+0x1d9/0x3bd kernel/panic.c:180
[<ffffffff813f812b>] __warn.cold+0x2f/0x2f kernel/panic.c:546
[<ffffffff810dae12>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:569
[<ffffffff8106341e>] arch_install_hw_breakpoint+0xbe/0x300
arch/x86/kernel/hw_breakpoint.c:121
[<ffffffff813ee3c0>] hw_breakpoint_add+0x90/0x120
kernel/events/hw_breakpoint.c:574
[<ffffffff813d1de1>] event_sched_in.isra.0+0x291/0x920
kernel/events/core.c:2098
[<ffffffff813d2583>] group_sched_in+0x113/0x460 kernel/events/core.c:2138
[<ffffffff813d2e1d>] ctx_flexible_sched_in kernel/events/core.c:3079
[inline]
[<ffffffff813d2e1d>] ctx_sched_in.isra.0+0x54d/0xb20
kernel/events/core.c:3125
[<ffffffff813d344d>] perf_event_sched_in.isra.0+0x5d/0x90
kernel/events/core.c:2265
[<ffffffff813d4b31>] perf_event_context_sched_in kernel/events/core.c:3154
[inline]
[<ffffffff813d4b31>] __perf_event_task_sched_in+0x361/0x4a0
kernel/events/core.c:3191
[<ffffffff8116698c>] perf_event_task_sched_in
include/linux/perf_event.h:1086 [inline]
[<ffffffff8116698c>] finish_task_switch+0x21c/0x660
kernel/sched/core.c:2820
[<ffffffff827f7bee>] context_switch kernel/sched/core.c:2954 [inline]
[<ffffffff827f7bee>] __schedule+0x65e/0x1b50 kernel/sched/core.c:3498
[<ffffffff827f9172>] schedule+0x92/0x1c0 kernel/sched/core.c:3553
[<ffffffff811091a9>] freezable_schedule include/linux/freezer.h:171
[inline]
[<ffffffff811091a9>] ptrace_stop+0x419/0x970 kernel/signal.c:1914
[<ffffffff8110e9a7>] do_jobctl_trap kernel/signal.c:2133 [inline]
[<ffffffff8110e9a7>] get_signal+0x1247/0x1aa0 kernel/signal.c:2259
[<ffffffff8105250c>] do_signal+0x9c/0x1920 arch/x86/kernel/signal.c:807
[<ffffffff81003dcc>] exit_to_usermode_loop+0x11c/0x160
arch/x86/entry/common.c:158
[<ffffffff81005907>] prepare_exit_to_usermode arch/x86/entry/common.c:194
[inline]
[<ffffffff81005907>] syscall_return_slowpath arch/x86/entry/common.c:263
[inline]
[<ffffffff81005907>] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
[<ffffffff82807d13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Shutting down cpus with NMI
Kernel Offset: disabled
Reply all
Reply to author
Forward
0 new messages