possible deadlock in SyS_perf_event_open
4 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:59 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: cfbe30be sched/fair: fix energy compute when a cluster is ..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=15eb896d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=7c4afffbfde4647e
dashboard link: https://syzkaller.appspot.com/bug?extid=56d28bcdcfeaf61df557
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1315b1b3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128f8bef200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+56d28b...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1553261604.682:7): avc: denied { map } for
pid=1779 comm="syz-executor600" path="/root/syz-executor600393421"
dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.107+ #33 Not tainted
------------------------------------------------------
syz-executor600/1779 is trying to acquire lock:
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] mutex_lock_double
kernel/events/core.c:9907 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>]
SyS_perf_event_open+0x11f1/0x2520 kernel/events/core.c:9986
but task is already holding lock:
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double
kernel/events/core.c:9906 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&cpuctx_mutex){+.+.}:
-> #1 (pmus_lock){+.+.}:
-> #0 (&cpuctx_mutex/1){+.+.}:
other info that might help us debug this:
Chain exists of:
&cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&cpuctx_mutex);
lock(pmus_lock);
lock(&cpuctx_mutex);
lock(&cpuctx_mutex/1);
*** DEADLOCK ***
1 lock held by syz-executor600/1779:
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double
kernel/events/core.c:9906 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986
stack backtrace:
CPU: 0 PID: 1779 Comm: syz-executor600 Not tainted 4.14.107+ #33
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
? SyS_perf_event_open+
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: cfbe30be sched/fair: fix energy compute when a cluster is ..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=15eb896d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=7c4afffbfde4647e
dashboard link: https://syzkaller.appspot.com/bug?extid=56d28bcdcfeaf61df557
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1315b1b3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128f8bef200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+56d28b...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1553261604.682:7): avc: denied { map } for
pid=1779 comm="syz-executor600" path="/root/syz-executor600393421"
dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.107+ #33 Not tainted
------------------------------------------------------
syz-executor600/1779 is trying to acquire lock:
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] mutex_lock_double
kernel/events/core.c:9907 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffffb98085c1>]
SyS_perf_event_open+0x11f1/0x2520 kernel/events/core.c:9986
but task is already holding lock:
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double
kernel/events/core.c:9906 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&cpuctx_mutex){+.+.}:
-> #1 (pmus_lock){+.+.}:
-> #0 (&cpuctx_mutex/1){+.+.}:
other info that might help us debug this:
Chain exists of:
&cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&cpuctx_mutex);
lock(pmus_lock);
lock(&cpuctx_mutex);
lock(&cpuctx_mutex/1);
*** DEADLOCK ***
1 lock held by syz-executor600/1779:
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] mutex_lock_double
kernel/events/core.c:9906 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
__perf_event_ctx_lock_double kernel/events/core.c:9966 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>] SYSC_perf_event_open
kernel/events/core.c:10231 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffffb98085b4>]
SyS_perf_event_open+0x11e4/0x2520 kernel/events/core.c:9986
stack backtrace:
CPU: 0 PID: 1779 Comm: syz-executor600 Not tainted 4.14.107+ #33
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x2dc/0x425 kernel/locking/lockdep.c:1258
? SyS_perf_event_open+
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages