Hello,
syzbot found the following issue on:
HEAD commit: 96afcb20 Linux 4.14.233
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=10b1decfd00000
kernel config:
https://syzkaller.appspot.com/x/.config?x=3c01be598d99fad6
dashboard link:
https://syzkaller.appspot.com/bug?extid=37763c1eb5316112abc7
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+37763c...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.233-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/9706 is trying to acquire lock:
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] mutex_lock_double kernel/events/core.c:9931 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
(&cpuctx_mutex/1){+.+.}, at: [<ffffffff81661b08>] SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
but task is already holding lock:
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] mutex_lock_double kernel/events/core.c:9930 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
(&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SyS_perf_event_open+0xd1b/0x24b0 kernel/events/core.c:10010
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&cpuctx_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
perf_event_init_cpu+0xb7/0x170 kernel/events/core.c:11250
perf_event_init+0x2cc/0x308 kernel/events/core.c:11297
start_kernel+0x46a/0x770 init/main.c:620
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
-> #1 (pmus_lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
swevent_hlist_get kernel/events/core.c:7923 [inline]
perf_swevent_init+0x11e/0x4b0 kernel/events/core.c:7983
perf_try_init_event+0xdf/0x1f0 kernel/events/core.c:9369
perf_init_event kernel/events/core.c:9407 [inline]
perf_event_alloc.part.0+0xe2d/0x2640 kernel/events/core.c:9667
perf_event_alloc kernel/events/core.c:10020 [inline]
SYSC_perf_event_open kernel/events/core.c:10124 [inline]
SyS_perf_event_open+0x67f/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
-> #0 (&cpuctx_mutex/1){+.+.}:
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
mutex_lock_double kernel/events/core.c:9931 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
SYSC_perf_event_open kernel/events/core.c:10252 [inline]
SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
other info that might help us debug this:
Chain exists of:
&cpuctx_mutex/1 --> pmus_lock --> &cpuctx_mutex
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&cpuctx_mutex);
lock(pmus_lock);
lock(&cpuctx_mutex);
lock(&cpuctx_mutex/1);
*** DEADLOCK ***
1 lock held by syz-executor.5/9706:
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] mutex_lock_double kernel/events/core.c:9930 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] __perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SYSC_perf_event_open kernel/events/core.c:10252 [inline]
#0: (&cpuctx_mutex){+.+.}, at: [<ffffffff81661afb>] SyS_perf_event_open+0xd1b/0x24b0 kernel/events/core.c:10010
stack backtrace:
CPU: 0 PID: 9706 Comm: syz-executor.5 Not tainted 4.14.233-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1905 [inline]
check_prevs_add kernel/locking/lockdep.c:2022 [inline]
validate_chain kernel/locking/lockdep.c:2464 [inline]
__lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
mutex_lock_double kernel/events/core.c:9931 [inline]
__perf_event_ctx_lock_double kernel/events/core.c:9990 [inline]
SYSC_perf_event_open kernel/events/core.c:10252 [inline]
SyS_perf_event_open+0xd28/0x24b0 kernel/events/core.c:10010
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x4665d9
RSP: 002b:00007f0927c4b188 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 00000000200000c0
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffffa6a2aff R14: 00007f0927c4b300 R15: 0000000000022000
raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it!
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
tmpfs: Bad value 'prefer=�elat_vex�:0-5:0/' for mount option 'mpol'
WARNING: can't dereference registers at 000000000000039a for ip entry_SYSCALL_64_after_hwframe+0x46/0xbb
audit: type=1800 audit(1621902547.720:2): pid=9873 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13919 res=0
audit: type=1800 audit(1621902547.810:3): pid=9885 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13942 res=0
audit: type=1800 audit(1621902547.900:4): pid=9913 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13942 res=0
audit: type=1800 audit(1621902548.120:5): pid=9967 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13946 res=0
audit: type=1800 audit(1621902548.930:6): pid=9991 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13939 res=0
audit: type=1800 audit(1621902548.940:7): pid=9990 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=13944 res=0
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
audit: type=1800 audit(1621902551.040:8): pid=10176 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13969 res=0
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'.
audit: type=1326 audit(1621902553.380:9): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10393 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4665d9 code=0xffff0000
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
audit: type=1800 audit(1621902554.190:10): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="loop4" ino=3 res=0
audit: type=1804 audit(1621902554.190:11): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.190:12): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.190:13): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
audit: type=1804 audit(1621902554.190:14): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:15): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:16): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:17): pid=10455 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
audit: type=1804 audit(1621902554.380:18): pid=10438 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir094321903/syzkaller.0zq05V/57/file0/file0" dev="loop4" ino=3 res=1
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
FAT-fs (loop4): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.