[v6.1] possible deadlock in ext4_multi_mount_protect
1 view
Skip to first unread message
syzbot
Apr 4, 2023, 6:17:50 PM4/4/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16473145c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=87a27427c88da34e9fc7
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87a274...@syzkaller.appspotmail.com
EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=d054e01c, mo2=0002]
======================================================
WARNING: possible circular locking dependency detected
6.1.22-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/9742 is trying to acquire lock:
ffff0000d5138460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
but task is already holding lock:
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1520
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (sb_writers#3){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1832 [inline]
sb_start_write include/linux/fs.h:1907 [inline]
write_mmp_block+0x100/0xb8c fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
__ext4_remount fs/ext4/super.c:6530 [inline]
ext4_reconfigure+0x218c/0x2934 fs/ext4/super.c:6629
reconfigure_super+0x328/0x738 fs/super.c:957
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
*** DEADLOCK ***
2 locks held by syz-executor.0/9742:
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 0 PID: 9742 Comm: syz-executor.0 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1832 [inline]
sb_start_write include/linux/fs.h:1907 [inline]
write_mmp_block+0x100/0xb8c fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
__ext4_remount fs/ext4/super.c:6530 [inline]
ext4_reconfigure+0x218c/0x2934 fs/ext4/super.c:6629
reconfigure_super+0x328/0x738 fs/super.c:957
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
EXT4-fs warning (device loop0): ext4_enable_quotas:6988: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3b29299e5f60 Linux 6.1.22
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16473145c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=bbb9a1f6f7f5a1d9
dashboard link: https://syzkaller.appspot.com/bug?extid=87a27427c88da34e9fc7
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2affbd06cbfd/disk-3b29299e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8b22d1baf827/vmlinux-3b29299e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d5e3891c88bf/Image-3b29299e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87a274...@syzkaller.appspotmail.com
EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=d054e01c, mo2=0002]
======================================================
WARNING: possible circular locking dependency detected
6.1.22-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.0/9742 is trying to acquire lock:
ffff0000d5138460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
but task is already holding lock:
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1520
__do_sys_quotactl_fd fs/quota/quota.c:999 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:972
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (sb_writers#3){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1832 [inline]
sb_start_write include/linux/fs.h:1907 [inline]
write_mmp_block+0x100/0xb8c fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
__ext4_remount fs/ext4/super.c:6530 [inline]
ext4_reconfigure+0x218c/0x2934 fs/ext4/super.c:6629
reconfigure_super+0x328/0x738 fs/super.c:957
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
*** DEADLOCK ***
2 locks held by syz-executor.0/9742:
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff000103db3470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d51380e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 0 PID: 9742 Comm: syz-executor.0 Not tainted 6.1.22-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x5c lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1832 [inline]
sb_start_write include/linux/fs.h:1907 [inline]
write_mmp_block+0x100/0xb8c fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
__ext4_remount fs/ext4/super.c:6530 [inline]
ext4_reconfigure+0x218c/0x2934 fs/ext4/super.c:6629
reconfigure_super+0x328/0x738 fs/super.c:957
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
EXT4-fs warning (device loop0): ext4_enable_quotas:6988: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 4, 2023, 9:35:57 PM4/4/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1207c9c9c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=0c1724b48161889e177f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor.3/12257 is trying to acquire lock:
ffff0000cf8b2460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
but task is already holding lock:
ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
__do_sys_quotactl_fd fs/quota/quota.c:998 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x30c/0x4a4 fs/quota/quota.c:971
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
-> #0 (sb_writers#3){.+.+}-{0:0}:
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1742 [inline]
sb_start_write include/linux/fs.h:1812 [inline]
write_mmp_block+0x170/0xd18 fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
ext4_remount+0x1fc8/0x2710 fs/ext4/super.c:5951
legacy_reconfigure+0xfc/0x114 fs/fs_context.c:633
reconfigure_super+0x340/0x690 fs/super.c:916
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&type->s_umount_key#30);
lock(sb_writers#3);
lock(&type->s_umount_key#30);
lock(sb_writers#3);
*** DEADLOCK ***
#0: ffff0000c1132470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff0000c1132470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff0000c1132470 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000cf8b20e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 1 PID: 12257 Comm: syz-executor.3 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
check_prev_add kernel/locking/lockdep.c:3053 [inline]
check_prevs_add kernel/locking/lockdep.c:3172 [inline]
validate_chain kernel/locking/lockdep.c:3787 [inline]
__lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1742 [inline]
sb_start_write include/linux/fs.h:1812 [inline]
write_mmp_block+0x170/0xd18 fs/ext4/mmp.c:50
ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
ext4_remount+0x1fc8/0x2710 fs/ext4/super.c:5951
legacy_reconfigure+0xfc/0x114 fs/fs_context.c:633
reconfigure_super+0x340/0x690 fs/super.c:916
vfs_fsconfig_locked fs/fsopen.c:254 [inline]
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
__do_sys_fsconfig fs/fsopen.c:439 [inline]
__se_sys_fsconfig fs/fsopen.c:314 [inline]
__arm64_sys_fsconfig+0xa1c/0xd18 fs/fsopen.c:314
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
syzbot
May 8, 2023, 1:13:47 AM5/8/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13de25f2280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1279ce82280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f65924ded2fd/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87a274...@syzkaller.appspotmail.com
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
------------------------------------------------------
syz-executor110/4217 is trying to acquire lock:
ffff0000d516a460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
but task is already holding lock:
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
down_write+0x5c/0x88 kernel/locking/rwsem.c:1573
__do_sys_quotactl_fd fs/quota/quota.c:997 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:972
2 locks held by syz-executor110/4217:
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 1 PID: 4217 Comm: syz-executor110 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
EXT4-fs warning (device loop0): ext4_enable_quotas:6988: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13de25f2280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
dashboard link: https://syzkaller.appspot.com/bug?extid=87a27427c88da34e9fc7
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1094fb90280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1279ce82280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f65924ded2fd/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87a274...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
6.1.27-syzkaller #0 Not tainted
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor110/4217 is trying to acquire lock:
ffff0000d516a460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x8a4 fs/ext4/mmp.c:349
but task is already holding lock:
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
__do_sys_quotactl_fd fs/quota/quota.c:997 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:972 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:972
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff0000cf976870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d516a0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 1 PID: 4217 Comm: syz-executor110 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 14, 2023, 7:32:51 AM5/14/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=115e4b3a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=db3750b003ff805e
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f964e280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/75855ec1e027/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0c1724...@syzkaller.appspotmail.com
------------------------------------------------------
syz-executor920/3961 is trying to acquire lock:
ffff0000d3d8c460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
but task is already holding lock:
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
down_write+0x110/0x260 kernel/locking/rwsem.c:1541
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
2 locks held by syz-executor920/3961:
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 1 PID: 3961 Comm: syz-executor920 Not tainted 5.15.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
EXT4-fs warning (device loop0): ext4_enable_quotas:6397: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix.
HEAD commit: b0ece631f84a Linux 5.15.111
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=115e4b3a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=db3750b003ff805e
dashboard link: https://syzkaller.appspot.com/bug?extid=0c1724b48161889e177f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d0eac2280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f964e280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eded75b6c3f9/disk-b0ece631.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/20e5ae802010/vmlinux-b0ece631.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05d665c869f3/Image-b0ece631.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/75855ec1e027/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0c1724...@syzkaller.appspotmail.com
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
5.15.111-syzkaller #0 Not tainted
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor920/3961 is trying to acquire lock:
ffff0000d3d8c460 (sb_writers#3){.+.+}-{0:0}, at: ext4_multi_mount_protect+0x2e0/0x894 fs/ext4/mmp.c:351
but task is already holding lock:
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&type->s_umount_key#30){++++}-{3:3}:
__do_sys_quotactl_fd fs/quota/quota.c:996 [inline]
__se_sys_quotactl_fd fs/quota/quota.c:971 [inline]
__arm64_sys_quotactl_fd+0x2fc/0x4a4 fs/quota/quota.c:971
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:437 [inline]
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#0: ffff0000ccd96870 (&fc->uapi_mutex){+.+.}-{3:3}, at: __arm64_sys_fsconfig+0x720/0xd18 fs/fsopen.c:314
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: vfs_fsconfig_locked fs/fsopen.c:253 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __do_sys_fsconfig fs/fsopen.c:439 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __se_sys_fsconfig fs/fsopen.c:314 [inline]
#1: ffff0000d3d8c0e0 (&type->s_umount_key#30){++++}-{3:3}, at: __arm64_sys_fsconfig+0xa14/0xd18 fs/fsopen.c:314
stack backtrace:
CPU: 1 PID: 3961 Comm: syz-executor920 Not tainted 5.15.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
syzbot
Jun 16, 2023, 3:17:42 PM6/16/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 19fb73b8eaefccc48918c2f915d021bd4a5572a7
Author: Jan Kara <ja...@suse.cz>
Date: Tue Apr 11 12:10:19 2023 +0000
ext4: fix lockdep warning when enabling MMP
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158524d3280000
start commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
#syz fix: ext4: fix lockdep warning when enabling MMP
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 19fb73b8eaefccc48918c2f915d021bd4a5572a7
Author: Jan Kara <ja...@suse.cz>
Date: Tue Apr 11 12:10:19 2023 +0000
ext4: fix lockdep warning when enabling MMP
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158524d3280000
start commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
dashboard link: https://syzkaller.appspot.com/bug?extid=87a27427c88da34e9fc7
userspace arch: arm64
dashboard link: https://syzkaller.appspot.com/bug?extid=87a27427c88da34e9fc7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1094fb90280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1279ce82280000
If the result looks correct, please mark the issue as fixed by replying with:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1279ce82280000
#syz fix: ext4: fix lockdep warning when enabling MMP
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages