| # Note: 191-194 have the same root cause. |
| TITLE: possible deadlock in perf_trace_init |
| |
| [ 49.707025] ====================================================== |
| [ 49.713322] WARNING: possible circular locking dependency detected |
| [ 49.719607] 4.15.0-rc2+ #122 Not tainted |
| [ 49.723630] ------------------------------------------------------ |
| [ 49.729910] syz-executor6/4896 is trying to acquire lock: |
| [ 49.735409] (event_mutex){+.+.}, at: [<000000009b3a8cd5>] perf_trace_init+0x58/0xab0 |
| [ 49.743358] |
| [ 49.743358] but task is already holding lock: |
| [ 49.749293] (&ctx->mutex){+.+.}, at: [<00000000935cf968>] perf_event_init_task+0x25b/0x890 |
| [ 49.757751] |
| [ 49.757751] which lock already depends on the new lock. |
| [ 49.757751] |
| [ 49.766030] |
| [ 49.766030] the existing dependency chain (in reverse order) is: |
| [ 49.773612] |
| [ 49.773612] -> #8 (&ctx->mutex){+.+.}: |
| [ 49.778947] lock_acquire+0x1d5/0x580 |
| [ 49.783234] __mutex_lock+0x16f/0x1a80 |
| [ 49.787609] mutex_lock_nested+0x16/0x20 |
| [ 49.792155] perf_event_ctx_lock_nested+0x21b/0x450 |
| [ 49.797654] perf_read+0xb9/0x970 |
| [ 49.801594] do_iter_read+0x3db/0x5b0 |
| [ 49.805878] vfs_readv+0x121/0x1c0 |
| [ 49.809903] default_file_splice_read+0x508/0xae0 |
| [ 49.815231] do_splice_to+0x110/0x170 |
| [ 49.819516] SyS_splice+0x11a8/0x1630 |
| [ 49.823803] do_fast_syscall_32+0x3ee/0xf9d |
| [ 49.828612] entry_SYSENTER_compat+0x51/0x60 |
| [ 49.833503] |
| [ 49.833503] -> #7 (&pipe->mutex/1){+.+.}: |
| [ 49.839105] lock_acquire+0x1d5/0x580 |
| [ 49.843391] __mutex_lock+0x16f/0x1a80 |
| [ 49.847763] mutex_lock_nested+0x16/0x20 |
| [ 49.852308] pipe_lock+0x56/0x70 |
| [ 49.856160] iter_file_splice_write+0x264/0xf30 |
| [ 49.861317] SyS_splice+0x7d5/0x1630 |
| [ 49.865516] do_fast_syscall_32+0x3ee/0xf9d |
| [ 49.870326] entry_SYSENTER_compat+0x51/0x60 |
| [ 49.875215] |
| [ 49.875215] -> #6 (sb_writers){.+.+}: |
| [ 49.880465] fs_reclaim_acquire+0x14/0x20 |
| [ 49.885100] kmem_cache_alloc+0x29/0x760 |
| [ 49.889648] __d_alloc+0xb3/0xbe0 |
| [ 49.893586] d_alloc+0x8e/0x340 |
| [ 49.897353] __lookup_hash+0x58/0x190 |
| [ 49.901635] |
| [ 49.901635] -> #5 ((completion)&req.done){+.+.}: |
| [ 49.907839] lock_acquire+0x1d5/0x580 |
| [ 49.912128] wait_for_completion+0xcb/0x7b0 |
| [ 49.916937] devtmpfs_create_node+0x32b/0x4a0 |
| [ 49.921916] device_add+0x120f/0x1640 |
| [ 49.926203] device_create_groups_vargs+0x1f3/0x250 |
| [ 49.931704] device_create+0xda/0x110 |
| [ 49.935991] msr_device_create+0x26/0x40 |
| [ 49.940540] cpuhp_invoke_callback+0x2ea/0x1d20 |
| [ 49.945693] cpuhp_thread_fun+0x48e/0x7e0 |
| [ 49.950330] smpboot_thread_fn+0x450/0x7c0 |
| [ 49.955048] kthread+0x37a/0x440 |
| [ 49.958898] ret_from_fork+0x24/0x30 |
| [ 49.963093] |
| [ 49.963093] -> #4 (cpuhp_state-up){+.+.}: |
| [ 49.968687] lock_acquire+0x1d5/0x580 |
| [ 49.972974] cpuhp_issue_call+0x1e5/0x520 |
| [ 49.977611] __cpuhp_setup_state_cpuslocked+0x282/0x600 |
| [ 49.983458] __cpuhp_setup_state+0xb0/0x140 |
| [ 49.988266] page_writeback_init+0x4d/0x71 |
| [ 49.992987] pagecache_init+0x48/0x4f |
| [ 49.997276] start_kernel+0x6bc/0x74f |
| [ 50.001564] x86_64_start_reservations+0x2a/0x2c |
| [ 50.006804] x86_64_start_kernel+0x77/0x7a |
| [ 50.011526] secondary_startup_64+0xa5/0xb0 |
| [ 50.016329] |
| [ 50.016329] -> #3 (cpuhp_state_mutex){+.+.}: |
| [ 50.022186] lock_acquire+0x1d5/0x580 |
| [ 50.026470] __mutex_lock+0x16f/0x1a80 |
| [ 50.030841] mutex_lock_nested+0x16/0x20 |
| [ 50.035386] __cpuhp_setup_state_cpuslocked+0x5b/0x600 |
| [ 50.041146] __cpuhp_setup_state+0xb0/0x140 |
| [ 50.045951] kvm_guest_init+0x1f3/0x20f |
| [ 50.050409] setup_arch+0x17e8/0x1a02 |
| [ 50.054695] start_kernel+0xa5/0x74f |
| [ 50.058896] x86_64_start_reservations+0x2a/0x2c |
| [ 50.064136] x86_64_start_kernel+0x77/0x7a |
| [ 50.068855] secondary_startup_64+0xa5/0xb0 |
| [ 50.073659] |
| [ 50.073659] -> #2 (cpu_hotplug_lock.rw_sem){++++}: |
| [ 50.080037] lock_acquire+0x1d5/0x580 |
| [ 50.084323] cpus_read_lock+0x42/0x90 |
| [ 50.088611] static_key_slow_inc+0x9d/0x3c0 |
| [ 50.093420] tracepoint_probe_register_prio+0x80d/0x9a0 |
| [ 50.099270] tracepoint_probe_register+0x2a/0x40 |
| [ 50.104511] trace_event_reg+0x167/0x320 |
| [ 50.109059] perf_trace_init+0x4ef/0xab0 |
| [ 50.113607] perf_tp_event_init+0x7d/0xf0 |
| [ 50.118241] perf_try_init_event+0xc9/0x1f0 |
| [ 50.123057] perf_event_alloc+0x1cc6/0x2b00 |
| [ 50.127868] SYSC_perf_event_open+0x842/0x2f10 |
| [ 50.132937] SyS_perf_event_open+0x39/0x50 |
| [ 50.137657] do_fast_syscall_32+0x3ee/0xf9d |
| [ 50.142464] entry_SYSENTER_compat+0x51/0x60 |
| [ 50.147353] |
| [ 50.147353] -> #1 (tracepoints_mutex){+.+.}: |
| [ 50.153211] lock_acquire+0x1d5/0x580 |
| [ 50.157495] __mutex_lock+0x16f/0x1a80 |
| [ 50.161869] mutex_lock_nested+0x16/0x20 |
| [ 50.166415] tracepoint_probe_register_prio+0xa0/0x9a0 |
| [ 50.172176] tracepoint_probe_register+0x2a/0x40 |
| [ 50.177415] trace_event_reg+0x167/0x320 |
| [ 50.181960] perf_trace_init+0x4ef/0xab0 |
| [ 50.186507] perf_tp_event_init+0x7d/0xf0 |
| [ 50.191139] perf_try_init_event+0xc9/0x1f0 |
| [ 50.195945] perf_event_alloc+0x1cc6/0x2b00 |
| [ 50.200752] SYSC_perf_event_open+0x842/0x2f10 |
| [ 50.205821] SyS_perf_event_open+0x39/0x50 |
| [ 50.210540] do_fast_syscall_32+0x3ee/0xf9d |
| [ 50.215349] entry_SYSENTER_compat+0x51/0x60 |
| [ 50.220237] |
| [ 50.220237] -> #0 (event_mutex){+.+.}: |
| [ 50.225571] __lock_acquire+0x3498/0x47f0 |
| [ 50.230203] lock_acquire+0x1d5/0x580 |
| [ 50.234488] __mutex_lock+0x16f/0x1a80 |
| [ 50.238862] mutex_lock_nested+0x16/0x20 |
| [ 50.243408] perf_trace_init+0x58/0xab0 |
| [ 50.247866] perf_tp_event_init+0x7d/0xf0 |
| [ 50.252498] perf_try_init_event+0xc9/0x1f0 |
| [ 50.257306] perf_event_alloc+0x1005/0x2b00 |
| [ 50.262112] inherit_event.isra.92+0x15b/0x920 |
| [ 50.267182] inherit_task_group.isra.94.part.95+0x73/0x240 |
| [ 50.273291] perf_event_init_task+0x348/0x890 |
| [ 50.278275] copy_process.part.36+0x173b/0x4ae0 |
| [ 50.283428] _do_fork+0x1ef/0xff0 |
| [ 50.287366] SyS_clone+0x37/0x50 |
| [ 50.291221] do_fast_syscall_32+0x3ee/0xf9d |
| [ 50.296028] entry_SYSENTER_compat+0x51/0x60 |
| [ 50.300916] |
| [ 50.300916] other info that might help us debug this: |
| [ 50.300916] |
| [ 50.309021] Chain exists of: |
| [ 50.309021] event_mutex --> &pipe->mutex/1 --> &ctx->mutex |
| [ 50.309021] |
| [ 50.319134] Possible unsafe locking scenario: |
| [ 50.319134] |
| [ 50.325156] CPU0 CPU1 |
| [ 50.329785] ---- ---- |
| [ 50.334413] lock(&ctx->mutex); |
| [ 50.337742] lock(&pipe->mutex/1); |
| [ 50.343853] lock(&ctx->mutex); |
| [ 50.349699] lock(event_mutex); |
| [ 50.353031] |
| [ 50.353031] *** DEADLOCK *** |
| [ 50.353031] |
| [ 50.359059] 2 locks held by syz-executor6/4896: |
| [ 50.363687] #0: (&ctx->mutex){+.+.}, at: [<00000000935cf968>] perf_event_init_task+0x25b/0x890 |
| [ 50.372583] #1: (&pmus_srcu){....}, at: [<00000000389c2fa4>] perf_event_alloc+0xf55/0x2b00 |
| [ 50.381128] |
| [ 50.381128] stack backtrace: |
| [ 50.385592] CPU: 0 PID: 4896 Comm: syz-executor6 Not tainted 4.15.0-rc2+ #122 |
| [ 50.392826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 |
| [ 50.402143] Call Trace: |
| [ 50.404698] dump_stack+0x194/0x257 |
| [ 50.408290] ? arch_local_irq_restore+0x53/0x53 |
| [ 50.412927] print_circular_bug+0x42d/0x610 |
| [ 50.417213] ? save_stack_trace+0x1a/0x20 |
| [ 50.421329] check_prev_add+0x666/0x15f0 |
| [ 50.425356] ? copy_trace+0x150/0x150 |
| [ 50.429123] ? check_usage+0xb60/0xb60 |
| [ 50.432981] __lock_acquire+0x3498/0x47f0 |
| [ 50.437094] ? __lock_acquire+0x3498/0x47f0 |
| [ 50.441383] ? perf_trace_run_bpf_submit+0x206/0x330 |
| [ 50.446457] ? debug_check_no_locks_freed+0x3d0/0x3d0 |
| [ 50.451621] ? perf_tp_event+0xae0/0xae0 |
| [ 50.455651] ? perf_tp_event+0x7f4/0xae0 |
| [ 50.459680] ? memset+0x31/0x40 |
| [ 50.462930] ? perf_trace_lock_acquire+0x532/0x980 |
| [ 50.467829] ? perf_trace_lock+0x900/0x900 |
| [ 50.472027] ? perf_tp_event+0xae0/0xae0 |
| [ 50.476061] ? perf_trace_lock+0x4d6/0x900 |
| [ 50.480268] lock_acquire+0x1d5/0x580 |
| [ 50.484034] ? perf_trace_init+0x58/0xab0 |
| [ 50.488150] ? lock_release+0xda0/0xda0 |
| [ 50.492094] ? rcu_note_context_switch+0x710/0x710 |
| [ 50.496990] ? __might_sleep+0x95/0x190 |
| [ 50.500931] ? perf_trace_init+0x58/0xab0 |
| [ 50.505051] __mutex_lock+0x16f/0x1a80 |
| [ 50.508902] ? perf_trace_init+0x58/0xab0 |
| [ 50.513018] ? __lock_acquire+0x6e9/0x47f0 |
| [ 50.517219] ? lock_downgrade+0x980/0x980 |
| [ 50.521332] ? perf_trace_init+0x58/0xab0 |
| [ 50.525447] ? mutex_lock_io_nested+0x1900/0x1900 |
| [ 50.530254] ? debug_check_no_locks_freed+0x3d0/0x3d0 |
| [ 50.535411] ? perf_tp_event+0xae0/0xae0 |
| [ 50.539437] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.544420] ? trace_hardirqs_on+0xd/0x10 |
| [ 50.548537] ? perf_trace_lock_acquire+0x532/0x980 |
| [ 50.553435] ? save_stack+0xa3/0xd0 |
| [ 50.557028] ? perf_trace_lock+0x900/0x900 |
| [ 50.561232] ? print_usage_bug+0x3f0/0x3f0 |
| [ 50.565430] ? find_held_lock+0x39/0x1d0 |
| [ 50.569458] ? print_usage_bug+0x3f0/0x3f0 |
| [ 50.573657] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.578637] ? __lockdep_init_map+0xe4/0x650 |
| [ 50.583015] ? lockdep_init_map+0x3d/0x70 |
| [ 50.587131] ? module_unload_free+0x5b0/0x5b0 |
| [ 50.591593] ? perf_event_alloc+0xf55/0x2b00 |
| [ 50.595968] mutex_lock_nested+0x16/0x20 |
| [ 50.599993] ? mutex_lock_nested+0x16/0x20 |
| [ 50.604197] perf_trace_init+0x58/0xab0 |
| [ 50.608137] ? refcount_inc_not_zero+0xfe/0x180 |
| [ 50.612770] ? refcount_add+0x60/0x60 |
| [ 50.616533] ? __lockdep_init_map+0xe4/0x650 |
| [ 50.620906] perf_tp_event_init+0x7d/0xf0 |
| [ 50.625023] perf_try_init_event+0xc9/0x1f0 |
| [ 50.629314] perf_event_alloc+0x1005/0x2b00 |
| [ 50.633598] ? find_held_lock+0x39/0x1d0 |
| [ 50.637626] ? __perf_install_in_context+0x2d0/0x2d0 |
| [ 50.642695] ? find_held_lock+0x39/0x1d0 |
| [ 50.646721] ? print_usage_bug+0x3f0/0x3f0 |
| [ 50.650923] ? print_usage_bug+0x3f0/0x3f0 |
| [ 50.655123] ? depot_save_stack+0x1c2/0x490 |
| [ 50.659411] ? lock_release+0xda0/0xda0 |
| [ 50.663351] ? mark_held_locks+0xb2/0x100 |
| [ 50.667467] ? mark_held_locks+0xb2/0x100 |
| [ 50.671579] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.676561] ? debug_mutex_init+0x1c/0x60 |
| [ 50.680673] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.685655] ? lockdep_init_map+0x3d/0x70 |
| [ 50.689769] ? debug_mutex_init+0x2d/0x60 |
| [ 50.693883] ? __mutex_init+0x1c7/0x2a0 |
| [ 50.697822] ? alloc_perf_context+0x4c/0xe0 |
| [ 50.702110] ? inherit_task_group.isra.94.part.95+0x1a2/0x240 |
| [ 50.707958] ? SyS_membarrier+0x600/0x600 |
| [ 50.712072] ? mark_held_locks+0xb2/0x100 |
| [ 50.716188] ? __raw_spin_lock_init+0x1c/0x100 |
| [ 50.720737] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.725718] ? __lockdep_init_map+0xe4/0x650 |
| [ 50.730094] ? lockdep_init_map+0x3d/0x70 |
| [ 50.734208] ? __perf_event_init_context+0xde/0x3b0 |
| [ 50.739190] ? perf_event_mux_interval_ms_store+0x4c0/0x4c0 |
| [ 50.744869] inherit_event.isra.92+0x15b/0x920 |
| [ 50.749418] ? perf_event_create_kernel_counter+0x290/0x290 |
| [ 50.755098] ? rcu_read_lock_sched_held+0x108/0x120 |
| [ 50.760083] ? kmem_cache_alloc_trace+0x459/0x750 |
| [ 50.764892] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.769874] ? trace_hardirqs_on+0xd/0x10 |
| [ 50.773990] inherit_task_group.isra.94.part.95+0x73/0x240 |
| [ 50.779585] perf_event_init_task+0x348/0x890 |
| [ 50.784046] ? sched_fork+0x45b/0xc00 |
| [ 50.787815] ? perf_event_attrs+0x40/0x40 |
| [ 50.791931] ? kmem_cache_alloc_trace+0x459/0x750 |
| [ 50.796739] ? trace_hardirqs_on_caller+0x421/0x5c0 |
| [ 50.801720] ? __lockdep_init_map+0xe4/0x650 |
| [ 50.806100] copy_process.part.36+0x173b/0x4ae0 |
| [ 50.810738] ? __cleanup_sighand+0x40/0x40 |
| [ 50.814938] ? __might_sleep+0x95/0x190 |
| [ 50.818879] ? _cond_resched+0x14/0x30 |
| [ 50.822746] ? futex_wait_queue_me+0x527/0x7e0 |
| [ 50.827295] ? refill_pi_state_cache.part.6+0x2f0/0x2f0 |
| [ 50.832627] ? print_usage_bug+0x3f0/0x3f0 |
| [ 50.836828] ? get_futex_value_locked+0xc3/0xf0 |
| [ 50.841465] ? futex_wait_setup+0x22e/0x3d0 |
| [ 50.845753] ? futex_wake+0x680/0x680 |
| [ 50.849526] ? drop_futex_key_refs.isra.13+0x63/0xb0 |
| [ 50.854595] ? futex_wait+0x69e/0x990 |
| [ 50.858360] ? memset+0x31/0x40 |
| [ 50.861606] ? perf_tp_event+0xae0/0xae0 |
| [ 50.865635] ? futex_wait_setup+0x3d0/0x3d0 |
| [ 50.869924] ? debug_check_no_locks_freed+0x3d0/0x3d0 |
| [ 50.875081] ? perf_tp_event+0xae0/0xae0 |
| [ 50.879106] ? hash_futex+0x15/0x210 |
| [ 50.882786] ? drop_futex_key_refs.isra.13+0x63/0xb0 |
| [ 50.887855] ? perf_trace_lock+0x4d6/0x900 |
| [ 50.892058] ? get_futex_key+0x1d50/0x1d50 |
| [ 50.896259] ? trace_event_raw_event_lock+0x340/0x340 |
| [ 50.901420] ? do_futex+0x85b/0x2280 |
| [ 50.905101] ? check_noncircular+0x20/0x20 |
| [ 50.909307] ? exit_robust_list+0x240/0x240 |
| [ 50.913596] ? lock_downgrade+0x980/0x980 |
| [ 50.917710] ? __fget+0xbb/0x580 |
| [ 50.921042] ? find_held_lock+0x39/0x1d0 |
| [ 50.925070] ? lock_release+0xda0/0xda0 |
| [ 50.929017] ? __lock_is_held+0xbc/0x140 |
| [ 50.933049] _do_fork+0x1ef/0xff0 |
| [ 50.936469] ? fork_idle+0x2d0/0x2d0 |
| [ 50.940160] ? iterate_fd+0x3f0/0x3f0 |
| [ 50.943926] ? rcu_pm_notify+0xc0/0xc0 |
| [ 50.947777] ? __fget_light+0x29d/0x390 |
| [ 50.951717] ? fget_raw+0x20/0x20 |
| [ 50.955136] ? rcu_read_lock_sched_held+0x108/0x120 |
| [ 50.960118] ? kmem_cache_free+0x249/0x280 |
| [ 50.964323] ? compat_SyS_futex+0x288/0x380 |
| [ 50.968610] ? compat_SyS_get_robust_list+0x300/0x300 |
| [ 50.973765] ? __fdget+0x18/0x20 |
| [ 50.977098] ? compat_SyS_ioctl+0x77/0x2a30 |
| [ 50.981385] SyS_clone+0x37/0x50 |
| [ 50.984721] ? entry_INT80_compat+0x40/0x40 |
| [ 50.989015] do_fast_syscall_32+0x3ee/0xf9d |
| [ 50.993305] ? do_int80_syscall_32+0x9d0/0x9d0 |
| [ 50.997853] ? lockdep_sys_exit+0x47/0xf0 |
| [ 51.001964] ? syscall_return_slowpath+0x2ad/0x550 |
| [ 51.006858] ? sysret32_from_system_call+0x5/0x3b |
| [ 51.011665] ? trace_hardirqs_off_thunk+0x1a/0x1c |
| [ 51.016473] entry_SYSENTER_compat+0x51/0x60 |
| [ 51.020846] RIP: 0023:0xf7fc8c79 |
| [ 51.024176] RSP: 002b:00000000f77c408c EFLAGS: 00000296 ORIG_RAX: 0000000000000078 |
| [ 51.031848] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020de9000 |
| [ 51.039085] RDX: 000000002019bffc RSI: 00000000208be000 RDI: 00000000208b4ffc |
| [ 51.046319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 |
| [ 51.053553] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 |
| [ 51.060790] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 |