[v5.15] possible deadlock in ext4_xattr_set_handle
0 views
Skip to first unread message
syzbot
Mar 7, 2023, 12:51:41 PM3/7/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=130fb732c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=d3ecdc484479fe6658f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d3ecdc...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.98-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/29481 is trying to acquire lock:
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
but task is already holding lock:
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
inode_lock include/linux/fs.h:787 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1457 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1540 [inline]
ext4_xattr_set_entry+0x2344/0x2be8 fs/ext4/xattr.c:1668
ext4_xattr_block_set+0x8f0/0x2d7c fs/ext4/xattr.c:1974
ext4_xattr_set_handle+0xb04/0x12d8 fs/ext4/xattr.c:2389
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
2 locks held by syz-executor.1/29481:
#0: ffff0000d855a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
stack backtrace:
CPU: 0 PID: 29481 Comm: syz-executor.1 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=130fb732c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=d3ecdc484479fe6658f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d3ecdc...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.15.98-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/29481 is trying to acquire lock:
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff00011a8ebc98 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
but task is already holding lock:
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
inode_lock include/linux/fs.h:787 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1457 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1540 [inline]
ext4_xattr_set_entry+0x2344/0x2be8 fs/ext4/xattr.c:1668
ext4_xattr_block_set+0x8f0/0x2d7c fs/ext4/xattr.c:1974
ext4_xattr_set_handle+0xb04/0x12d8 fs/ext4/xattr.c:2389
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
2 locks held by syz-executor.1/29481:
#0: ffff0000d855a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
#1: ffff00011a8ebfc0 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
stack backtrace:
CPU: 0 PID: 29481 Comm: syz-executor.1 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x2b8/0x894 kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1533
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2304
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2490
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_lsetxattr fs/xattr.c:653 [inline]
__se_sys_lsetxattr fs/xattr.c:649 [inline]
__arm64_sys_lsetxattr+0xbc/0xd8 fs/xattr.c:649
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 11, 2023, 10:51:45 PM3/11/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 1cc3fcf63192 Linux 6.1.18
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15fb19b2c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=157296d36f92ea19
dashboard link: https://syzkaller.appspot.com/bug?extid=dafdb578b33989ec0674
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0e4c0d43698b/disk-1cc3fcf6.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/a4de39d735de/vmlinux-1cc3fcf6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/82bab928f6e3/Image-1cc3fcf6.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor.3/8739 is trying to acquire lock:
ffff0000cef1b2f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000cef1b2f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2311
but task is already holding lock:
ffff0000cef1b628 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
inode_lock include/linux/fs.h:756 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1464 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1547 [inline]
ext4_xattr_set_entry+0x2394/0x2bfc fs/ext4/xattr.c:1675
ext4_xattr_block_set+0x8e0/0x2cc4 fs/ext4/xattr.c:1981
ext4_xattr_set_handle+0xae8/0x1294 fs/ext4/xattr.c:2396
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2498
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x300/0x8e4 kernel/locking/lockdep.c:5669
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2311
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2498
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
#0: ffff00011159a460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000cef1b628 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
#1: ffff0000cef1b628 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
stack backtrace:
CPU: 0 PID: 8739 Comm: syz-executor.3 Not tainted 6.1.18-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x300/0x8e4 kernel/locking/lockdep.c:5669
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2311
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2498
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
syzbot
May 7, 2023, 2:03:48 AM5/7/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=120fe5f4280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13761ad4280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/bb71a051eaba/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafdb5...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
------------------------------------------------------
syz-executor166/4218 is trying to acquire lock:
ffff0000e24a00c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000e24a00c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2322
but task is already holding lock:
ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
inode_lock include/linux/fs.h:756 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1475 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1558 [inline]
ext4_xattr_set_entry+0x2394/0x2bfc fs/ext4/xattr.c:1686
ext4_xattr_block_set+0x8e0/0x2cc4 fs/ext4/xattr.c:1992
ext4_xattr_set_handle+0xae8/0x1294 fs/ext4/xattr.c:2407
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
2 locks held by syz-executor166/4218:
#0: ffff0000d7d42460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
#1: ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
stack backtrace:
CPU: 0 PID: 4218 Comm: syz-executor166 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=120fe5f4280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
dashboard link: https://syzkaller.appspot.com/bug?extid=dafdb578b33989ec0674
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10038b5a280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13761ad4280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/bb71a051eaba/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dafdb5...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
6.1.27-syzkaller #0 Not tainted
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor166/4218 is trying to acquire lock:
ffff0000e24a00c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000e24a00c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2322
but task is already holding lock:
ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
inode_lock include/linux/fs.h:756 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1558 [inline]
ext4_xattr_set_entry+0x2394/0x2bfc fs/ext4/xattr.c:1686
ext4_xattr_block_set+0x8e0/0x2cc4 fs/ext4/xattr.c:1992
ext4_xattr_set_handle+0xae8/0x1294 fs/ext4/xattr.c:2407
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2322
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
#0: ffff0000d7d42460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:393
#1: ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:756 [inline]
#1: ffff0000e24a0400 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:308
stack backtrace:
CPU: 0 PID: 4218 Comm: syz-executor166 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x1294 fs/ext4/xattr.c:2322
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2509
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
If you want syzbot to run the reproducer, reply with:
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 9, 2023, 11:09:01 PM5/9/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12865434280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7e93d602da27af41
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b93642280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16bea75b636d/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b169e33dcf2/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/190d08a00950/Image-8a7f2a5c.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/e4f64c0079c8/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d3ecdc...@syzkaller.appspotmail.com
------------------------------------------------------
syz-executor904/3967 is trying to acquire lock:
ffff0000df840ac0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000df840ac0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
but task is already holding lock:
ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
inode_lock include/linux/fs.h:787 [inline]
ext4_xattr_block_set+0x8f0/0x2d7c fs/ext4/xattr.c:1992
ext4_xattr_set_handle+0xb04/0x12d8 fs/ext4/xattr.c:2407
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
2 locks held by syz-executor904/3967:
#0: ffff0000c9cb2460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
#1: ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
#1: ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
stack backtrace:
CPU: 1 PID: 3967 Comm: syz-executor904 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12865434280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7e93d602da27af41
dashboard link: https://syzkaller.appspot.com/bug?extid=d3ecdc484479fe6658f9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10979142280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13b93642280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16bea75b636d/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b169e33dcf2/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/190d08a00950/Image-8a7f2a5c.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/e4f64c0079c8/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d3ecdc...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,nodelalloc,errors=remount-ro,grpid,. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
5.15.110-syzkaller #0 Not tainted
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor904/3967 is trying to acquire lock:
ffff0000df840ac0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000df840ac0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
but task is already holding lock:
ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}:
inode_lock include/linux/fs.h:787 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1475 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1558 [inline]
ext4_xattr_set_entry+0x23a8/0x2c38 fs/ext4/xattr.c:1686
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1558 [inline]
ext4_xattr_block_set+0x8f0/0x2d7c fs/ext4/xattr.c:1992
ext4_xattr_set_handle+0xb04/0x12d8 fs/ext4/xattr.c:2407
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#9/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
#0: ffff0000c9cb2460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:377
#1: ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
#1: ffff0000df840de8 (&ea_inode->i_rwsem#9/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:302
stack backtrace:
CPU: 1 PID: 3967 Comm: syz-executor904 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2322
ext4_xattr_set+0x1dc/0x350 fs/ext4/xattr.c:2508
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
do_setxattr fs/xattr.c:588 [inline]
setxattr+0x250/0x2b4 fs/xattr.c:611
path_setxattr+0x17c/0x258 fs/xattr.c:630
__do_sys_setxattr fs/xattr.c:646 [inline]
__se_sys_setxattr fs/xattr.c:642 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
syzbot
Jul 15, 2023, 11:48:23 AM7/15/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit b112babc565ea92d54045fe70bd931b546c5dc4e
Author: Theodore Ts'o <ty...@mit.edu>
Date: Wed May 24 03:49:48 2023 +0000
ext4: add EA_INODE checking to ext4_iget()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13c685e4a80000
start commit: d2869ace6eeb Linux 6.1.31
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=11263f470b7a4c92
dashboard link: https://syzkaller.appspot.com/bug?extid=dafdb578b33989ec0674
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10676aa5280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17fc12a5280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: ext4: add EA_INODE checking to ext4_iget()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit b112babc565ea92d54045fe70bd931b546c5dc4e
Author: Theodore Ts'o <ty...@mit.edu>
Date: Wed May 24 03:49:48 2023 +0000
ext4: add EA_INODE checking to ext4_iget()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13c685e4a80000
start commit: d2869ace6eeb Linux 6.1.31
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=11263f470b7a4c92
dashboard link: https://syzkaller.appspot.com/bug?extid=dafdb578b33989ec0674
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10676aa5280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17fc12a5280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: ext4: add EA_INODE checking to ext4_iget()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Jul 16, 2023, 2:32:18 AM7/16/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit bdbfbb7d5057c738b152772f4c7697cee06eaf50
Author: Theodore Ts'o <ty...@mit.edu>
Date: Wed May 24 03:49:48 2023 +0000
ext4: add EA_INODE checking to ext4_iget()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11c45c34a80000
Date: Wed May 24 03:49:48 2023 +0000
ext4: add EA_INODE checking to ext4_iget()
start commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=ab36330fd14820aa
dashboard link: https://syzkaller.appspot.com/bug?extid=d3ecdc484479fe6658f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130d53bd280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=160a293e280000
Reply all
Reply to author
Forward
0 new messages