syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in ext4_xattr_get

Status: upstream: reported C repro on 2022/04/27 03:33
Reported-by: syzbot+2e53a78f1fc31fc9b316@syzkaller.appspotmail.com
First crash: 941d, last: 941d
Fix bisection the fix commit could be any of (bisect log):
  15a1c6b6f516 Linux 4.14.276
  501eec4f9e13 Linux 4.14.281
   
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in ext4_xattr_get ext4 C inconclusive 3 565d 838d 22/28 fixed on 2023/07/01 16:05
linux-4.19 possible deadlock in ext4_xattr_get C error 1 941d 941d 0/1 upstream: reported C repro on 2022/04/27 05:09
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/02/27 00:32 14m retest repro linux-4.14.y report log
2022/11/08 14:30 10m retest repro linux-4.14.y report log

Sample crash report:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
======================================================
WARNING: possible circular locking dependency detected
4.14.276-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor197/7982 is trying to acquire lock:
 (&ei->xattr_sem){++++}, at: [<ffffffff81c810e7>] ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647

but task is already holding lock:
 (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] inode_lock include/linux/fs.h:719 [inline]
 (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] chown_common+0x272/0x4b0 fs/open.c:628

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ea_inode->i_rwsem#10/1){+.+.}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:54
       inode_lock include/linux/fs.h:719 [inline]
       ext4_xattr_inode_create fs/ext4/xattr.c:1458 [inline]
       ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1541 [inline]
       ext4_xattr_set_entry+0x258a/0x3180 fs/ext4/xattr.c:1669
       ext4_xattr_ibody_set+0x73/0x280 fs/ext4/xattr.c:2245
       ext4_xattr_set_handle+0x518/0xda0 fs/ext4/xattr.c:2402
       ext4_xattr_set+0x118/0x230 fs/ext4/xattr.c:2514
       __vfs_setxattr+0xdc/0x130 fs/xattr.c:150
       __vfs_setxattr_noperm+0xfd/0x3d0 fs/xattr.c:181
       __vfs_setxattr_locked+0x14d/0x250 fs/xattr.c:239
       vfs_setxattr+0xcf/0x230 fs/xattr.c:256
       setxattr+0x1a9/0x300 fs/xattr.c:523
       path_setxattr+0x118/0x130 fs/xattr.c:542
       SYSC_setxattr fs/xattr.c:557 [inline]
       SyS_setxattr+0x36/0x50 fs/xattr.c:553
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

-> #0 (&ei->xattr_sem){++++}:
       lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
       down_read+0x36/0x80 kernel/locking/rwsem.c:24
       ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647
       __vfs_getxattr+0xb9/0x100 fs/xattr.c:349
       cap_inode_need_killpriv+0x3c/0x50 security/commoncap.c:307
       security_inode_need_killpriv+0x66/0xa0 security/security.c:791
       notify_change+0x7d7/0xd10 fs/attr.c:250
       chown_common+0x40b/0x4b0 fs/open.c:631
       SYSC_fchownat fs/open.c:661 [inline]
       SyS_fchownat+0xf6/0x190 fs/open.c:641
       do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x46/0xbb

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ea_inode->i_rwsem#10/1);
                               lock(&ei->xattr_sem);
                               lock(&ea_inode->i_rwsem#10/1);
  lock(&ei->xattr_sem);

 *** DEADLOCK ***

2 locks held by syz-executor197/7982:
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818df99a>] sb_start_write include/linux/fs.h:1551 [inline]
 #0:  (sb_writers#3){.+.+}, at: [<ffffffff818df99a>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
 #1:  (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] inode_lock include/linux/fs.h:719 [inline]
 #1:  (&ea_inode->i_rwsem#10/1){+.+.}, at: [<ffffffff81863712>] chown_common+0x272/0x4b0 fs/open.c:628

stack backtrace:
CPU: 1 PID: 7982 Comm: syz-executor197 Not tainted 4.14.276-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1905 [inline]
 check_prevs_add kernel/locking/lockdep.c:2022 [inline]
 validate_chain kernel/locking/lockdep.c:2464 [inline]
 __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 down_read+0x36/0x80 kernel/locking/rwsem.c:24
 ext4_xattr_get+0x107/0x8b0 fs/ext4/xattr.c:647
 __vfs_getxattr+0xb9/0x100 fs/xattr.c:349
 cap_inode_need_killpriv+0x3c/0x50 security/commoncap.c:307
 security_inode_need_killpriv+0x66/0xa0 security/security.c:791
 notify_change+0x7d7/0xd10 fs/attr.c:250
 chown_common+0x40b/0x4b0 fs/open.c:631
 SYSC_fchownat fs/open.c:661 [inline]
 SyS_fchownat+0xf6/0x190 fs/open.c:641
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f5d23e20109
RSP: 002b:00007fff191c3c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000104

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/04/27 03:33 linux-4.14.y 15a1c6b6f516 1fa34c1b .config console log report syz C ci2-linux-4-14 possible deadlock in ext4_xattr_get
* Struck through repros no longer work on HEAD.