syzbot


possible deadlock in mnt_want_write_file

Status: upstream: reported C repro on 2022/10/07 22:29
Subsystems: reiserfs
[Documentation on labels]
Reported-by: syzbot+06a02ff61d40cdf900b1@syzkaller.appspotmail.com
First crash: 623d, last: 478d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in mnt_want_write_file origin:upstream C 523 12d 469d 0/3 upstream: reported C repro on 2023/03/10 19:40
linux-4.19 possible deadlock in mnt_want_write_file reiserfs C 81 474d 607d 0/1 upstream: reported C repro on 2022/10/23 23:32
upstream possible deadlock in mnt_want_write_file reiserfs C error done 1675 143d 596d 0/27 auto-obsoleted due to no activity on 2024/04/09 17:30
linux-6.1 possible deadlock in mnt_want_write_file origin:upstream C 497 36d 465d 0/3 upstream: reported C repro on 2023/03/14 17:49
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2022/11/07 10:05 26m bisect fix linux-4.14.y job log (0) log

Sample crash report:
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
======================================================
WARNING: possible circular locking dependency detected
4.14.302-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor890/7971 is trying to acquire lock:
 (sb_writers#10){.+.+}, at: [<ffffffff818e216d>] sb_start_write include/linux/fs.h:1551 [inline]
 (sb_writers#10){.+.+}, at: [<ffffffff818e216d>] mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497

but task is already holding lock:
 (&sbi->lock){+.+.}, at: [<ffffffff81b3fca5>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&sbi->lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
       reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
       reiserfs_lookup+0x130/0x400 fs/reiserfs/namei.c:363
       lookup_real fs/namei.c:1555 [inline]
       __lookup_hash fs/namei.c:1575 [inline]
       __lookup_hash+0x1bb/0x270 fs/namei.c:1563
       lookup_one_len+0x279/0x3a0 fs/namei.c:2539
       reiserfs_lookup_privroot+0x92/0x270 fs/reiserfs/xattr.c:970
       reiserfs_fill_super+0x1d12/0x2990 fs/reiserfs/super.c:2187
       mount_bdev+0x2b3/0x360 fs/super.c:1134
       mount_fs+0x92/0x2a0 fs/super.c:1237
       vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046
       vfs_kern_mount fs/namespace.c:1036 [inline]
       do_new_mount fs/namespace.c:2572 [inline]
       do_mount+0xe65/0x2a30 fs/namespace.c:2905
       SYSC_mount fs/namespace.c:3121 [inline]
       SyS_mount+0xa8/0x120 fs/namespace.c:3098
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #1 (&type->i_mutex_dir_key#7){+.+.}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:719 [inline]
       do_last fs/namei.c:3331 [inline]
       path_openat+0xde2/0x2970 fs/namei.c:3571
       do_filp_open+0x179/0x3c0 fs/namei.c:3605
       do_sys_open+0x296/0x410 fs/open.c:1081
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

-> #0 (sb_writers#10){.+.+}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
       percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
       __sb_start_write+0x64/0x260 fs/super.c:1342
       sb_start_write include/linux/fs.h:1551 [inline]
       mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497
       reiserfs_ioctl+0x18e/0x8b0 fs/reiserfs/ioctl.c:110
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x5e/0xd3

other info that might help us debug this:

Chain exists of:
  sb_writers#10 --> &type->i_mutex_dir_key#7 --> &sbi->lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sbi->lock);
                               lock(&type->i_mutex_dir_key#7);
                               lock(&sbi->lock);
  lock(sb_writers#10);

 *** DEADLOCK ***

1 lock held by syz-executor890/7971:
 #0:  (&sbi->lock){+.+.}, at: [<ffffffff81b3fca5>] reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27

stack backtrace:
CPU: 0 PID: 7971 Comm: syz-executor890 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 percpu_down_read_preempt_disable include/linux/percpu-rwsem.h:36 [inline]
 percpu_down_read include/linux/percpu-rwsem.h:59 [inline]
 __sb_start_write+0x64/0x260 fs/super.c:1342
 sb_start_write include/linux/fs.h:1551 [inline]
 mnt_want_write_file+0xfd/0x3b0 fs/namespace.c:497
 reiserfs_ioctl+0x18e/0x8b0 fs/reiserfs/ioctl.c:110
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f032cc19219
RSP: 002b:00007ffc00c16fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f032cc19219
RDX: 0000000000000000 RSI: 0000000040087602 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00007f032cc87ec0 R09: 00007f032cc87ec0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc00c17000
R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000

Crashes (41):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/07 21:17 linux-4.14.y c4215ee4771b 1dac8c7a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/03 06:35 linux-4.14.y 179ef7fe8677 e080de16 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/10/07 22:29 linux-4.14.y 9d5c0b3a8e1a 79a59635 .config console log report syz C [disk image] [vmlinux] [mounted in repro] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/03/01 12:36 linux-4.14.y 7878a41b6cc1 ef65e6cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/02/28 13:41 linux-4.14.y 7878a41b6cc1 95aee97a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/02/18 10:36 linux-4.14.y a8ad60f2af58 d02e9a70 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/02/16 13:09 linux-4.14.y a8ad60f2af58 38b317a7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/02/13 21:41 linux-4.14.y a8ad60f2af58 957959cb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/24 10:40 linux-4.14.y 3949d1610004 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/23 20:41 linux-4.14.y 97205fccccdc 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/23 15:57 linux-4.14.y 97205fccccdc 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/21 07:57 linux-4.14.y 97205fccccdc cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/20 00:11 linux-4.14.y 97205fccccdc 71197f3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/19 23:25 linux-4.14.y 97205fccccdc 71197f3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/19 22:11 linux-4.14.y 97205fccccdc 71197f3a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/19 12:08 linux-4.14.y 97205fccccdc 66fca3ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/19 09:24 linux-4.14.y 97205fccccdc 66fca3ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/18 18:54 linux-4.14.y 97205fccccdc 4620c2d9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/18 12:49 linux-4.14.y 97205fccccdc 4620c2d9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/17 19:54 linux-4.14.y c4215ee4771b 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/14 22:50 linux-4.14.y c4215ee4771b a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/13 15:16 linux-4.14.y c4215ee4771b 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/10 13:13 linux-4.14.y c4215ee4771b 48bc529a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2023/01/10 03:19 linux-4.14.y c4215ee4771b 48bc529a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/23 06:17 linux-4.14.y c4215ee4771b 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/22 17:05 linux-4.14.y c4215ee4771b 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/22 12:34 linux-4.14.y c4215ee4771b 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/22 04:16 linux-4.14.y c4215ee4771b 4067838e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/22 00:13 linux-4.14.y c4215ee4771b 4067838e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/21 18:31 linux-4.14.y c4215ee4771b 4067838e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/20 22:46 linux-4.14.y c4215ee4771b d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/20 21:28 linux-4.14.y c4215ee4771b d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/20 21:07 linux-4.14.y c4215ee4771b d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/20 04:48 linux-4.14.y c4215ee4771b c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/20 00:15 linux-4.14.y c4215ee4771b c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/19 20:34 linux-4.14.y c4215ee4771b c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/18 16:55 linux-4.14.y c4215ee4771b 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/14 21:48 linux-4.14.y c4215ee4771b b18f0a64 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/14 01:56 linux-4.14.y 65afe34ac33d f6511626 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/13 18:45 linux-4.14.y 65afe34ac33d f6511626 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
2022/12/11 23:57 linux-4.14.y 65afe34ac33d 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 possible deadlock in mnt_want_write_file
* Struck through repros no longer work on HEAD.