[v5.15] possible deadlock in sys_quotactl_fd
0 views
Skip to first unread message
syzbot
Apr 4, 2023, 4:09:54 PM4/4/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=164943edc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=3deebe8fd7850b4fe0f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3deebe...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.105-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/5628 is trying to acquire lock:
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
but task is already holding lock:
ffff0000d4082460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sb_writers#3){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1742 [inline]
sb_start_write include/linux/fs.h:1812 [inline]
write_mmp_block+0x170/0xd18 fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
ext4_remount+0x1fc8/0x2710 fs/ext4/super.c:5951
legacy_reconfigure+0xfc/0x114 fs/fs_context.c:633
reconfigure_super+0x340/0x690 fs/super.c:916
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
-> #0 (&type->s_umount_key#30){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
1 lock held by syz-executor.5/5628:
#0: ffff0000d4082460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
stack backtrace:
CPU: 1 PID: 5628 Comm: syz-executor.5 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=164943edc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=3deebe8fd7850b4fe0f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3deebe...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.105-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/5628 is trying to acquire lock:
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
ffff0000d40820e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
but task is already holding lock:
ffff0000d4082460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sb_writers#3){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1742 [inline]
sb_start_write include/linux/fs.h:1812 [inline]
write_mmp_block+0x170/0xd18 fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
ext4_remount+0x1fc8/0x2710 fs/ext4/super.c:5951
legacy_reconfigure+0xfc/0x114 fs/fs_context.c:633
reconfigure_super+0x340/0x690 fs/super.c:916
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
-> #0 (&type->s_umount_key#30){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
1 lock held by syz-executor.5/5628:
#0: ffff0000d4082460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
stack backtrace:
CPU: 1 PID: 5628 Comm: syz-executor.5 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 4, 2023, 9:50:49 PM4/4/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=105f06d9c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=7b346521e7c230ec24e5
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor.3/13418 is trying to acquire lock:
ffff0000d60880e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:997 [inline]
ffff0000d60880e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
ffff0000d60880e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:972
but task is already holding lock:
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (sb_writers#3){.+.+}-{0:0}:
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
sb_start_write include/linux/fs.h:1907 [inline]
write_mmp_block+0x100/0xb8c fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
__ext4_remount fs/ext4/super.c:6530 [inline]
ext4_reconfigure+0x218c/0x2934 fs/ext4/super.c:6629
reconfigure_super+0x328/0x738 fs/super.c:957
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&type->s_umount_key#30){++++}-{3:3}:
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
__do_sys_quotactl_fd fs/quota/quota.c:997 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
#0: ffff0000d6088460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
stack backtrace:
CPU: 1 PID: 13418 Comm: syz-executor.3 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
__do_sys_quotactl_fd fs/quota/quota.c:997 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
syzbot
Apr 29, 2023, 8:04:44 AM4/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=141bdcf8280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f95cba4715d63af9
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1765cee8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b6b74e769ec1/disk-ca1c9012.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/31fce9ce6f18/vmlinux-ca1c9012.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cd73b5bb5ef4/Image-ca1c9012.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/530f45a0458b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7b3465...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
6.1.26-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor363/4245 is trying to acquire lock:
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
but task is already holding lock:
ffff0000d79c2460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
down_read+0x5c/0x78 kernel/locking/rwsem.c:1520
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
#0: ffff0000d79c2460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
stack backtrace:
CPU: 0 PID: 4245 Comm: syz-executor363 Not tainted 6.1.26-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ca1c9012c941 Linux 6.1.26
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=141bdcf8280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f95cba4715d63af9
dashboard link: https://syzkaller.appspot.com/bug?extid=7b346521e7c230ec24e5
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14aba908280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1765cee8280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b6b74e769ec1/disk-ca1c9012.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/31fce9ce6f18/vmlinux-ca1c9012.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cd73b5bb5ef4/Image-ca1c9012.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/530f45a0458b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7b3465...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor363/4245 is trying to acquire lock:
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
ffff0000d79c20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
but task is already holding lock:
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
1 lock held by syz-executor363/4245:
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
#0: ffff0000d79c2460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
stack backtrace:
CPU: 0 PID: 4245 Comm: syz-executor363 Not tainted 6.1.26-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_read+0x5c/0x78 kernel/locking/rwsem.c:1520
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
If you want syzbot to run the reproducer, reply with:
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 29, 2023, 2:45:50 PM4/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: f48aeeaaa64c Linux 5.15.109
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17e3b03c280000
kernel config: https://syzkaller.appspot.com/x/.config?x=bef326567911c94a
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11186f58280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df269bfa2931/disk-f48aeeaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e64d9fc93268/vmlinux-f48aeeaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93441fa4b823/Image-f48aeeaa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/241f3af75fb7/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3deebe...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.109-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor341/3990 is trying to acquire lock:
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
but task is already holding lock:
ffff0000d3d8a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
down_read+0xbc/0x11c kernel/locking/rwsem.c:1488
__do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
#0: ffff0000d3d8a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
stack backtrace:
CPU: 0 PID: 3990 Comm: syz-executor341 Not tainted 5.15.109-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
__do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
HEAD commit: f48aeeaaa64c Linux 5.15.109
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17e3b03c280000
kernel config: https://syzkaller.appspot.com/x/.config?x=bef326567911c94a
dashboard link: https://syzkaller.appspot.com/bug?extid=3deebe8fd7850b4fe0f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1564f09c280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11186f58280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/df269bfa2931/disk-f48aeeaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e64d9fc93268/vmlinux-f48aeeaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93441fa4b823/Image-f48aeeaa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/241f3af75fb7/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3deebe...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor341/3990 is trying to acquire lock:
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
ffff0000d3d8a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
but task is already holding lock:
__do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
1 lock held by syz-executor341/3990:
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
*** DEADLOCK ***
#0: ffff0000d3d8a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
stack backtrace:
CPU: 0 PID: 3990 Comm: syz-executor341 Not tainted 5.15.109-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_read+0xbc/0x11c kernel/locking/rwsem.c:1488
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
syzbot
Jun 24, 2023, 4:41:19 PM6/24/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 1de53f2223eb79454a1898f422a49ca1605a20e6
Author: Jan Kara <ja...@suse.cz>
Date: Tue Apr 11 12:10:19 2023 +0000
ext4: fix lockdep warning when enabling MMP
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10fa783b280000
start commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=a61e8195d8bdf36e
dashboard link: https://syzkaller.appspot.com/bug?extid=3deebe8fd7850b4fe0f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130ed10e280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17ee4b72280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: ext4: fix lockdep warning when enabling MMP
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 1de53f2223eb79454a1898f422a49ca1605a20e6
Author: Jan Kara <ja...@suse.cz>
Date: Tue Apr 11 12:10:19 2023 +0000
ext4: fix lockdep warning when enabling MMP
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10fa783b280000
start commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=a61e8195d8bdf36e
dashboard link: https://syzkaller.appspot.com/bug?extid=3deebe8fd7850b4fe0f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130ed10e280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17ee4b72280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: ext4: fix lockdep warning when enabling MMP
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages