syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

possible deadlock in lookup_slow (3)

Status: upstream: reported on 2023/07/19 13:17
Subsystems: kernfs
[Documentation on labels]
Reported-by: syzbot+65459fd3b61877d717a3@syzkaller.appspotmail.com
First crash: 286d, last: 11d
Discussions (6)
Title Replies (including bot) Last reply
[syzbot] Monthly kernfs report (Apr 2024) 0 (1) 2024/04/08 08:30
[syzbot] Monthly kernfs report (Jan 2024) 0 (1) 2024/01/02 13:36
[syzbot] Monthly kernfs report (Nov 2023) 0 (1) 2023/11/29 13:03
[syzbot] Monthly kernfs report (Oct 2023) 0 (1) 2023/10/30 09:14
[syzbot] Monthly kernfs report (Sep 2023) 0 (1) 2023/09/28 14:01
[syzbot] [kernfs?] possible deadlock in lookup_slow (3) 0 (1) 2023/07/19 13:17
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in lookup_slow 11 237d 409d 0/3 auto-obsoleted due to no activity on 2023/12/11 13:10
linux-4.19 possible deadlock in lookup_slow 22 1412d 1838d 0/1 auto-closed as invalid on 2020/10/12 22:59
upstream possible deadlock in lookup_slow fs 139 1798d 2040d 0/26 auto-closed as invalid on 2019/10/25 08:42
linux-5.15 possible deadlock in lookup_slow (2) origin:upstream C 13 6d07h 135d 0/3 upstream: reported C repro on 2023/12/13 22:35
linux-4.14 possible deadlock in lookup_slow C 2027 417d 1708d 0/1 upstream: reported C repro on 2019/08/24 01:53
upstream possible deadlock in lookup_slow (2) fs 7 1567d 1611d 0/26 auto-closed as invalid on 2020/05/11 09:17

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted
------------------------------------------------------
syz-executor.1/18841 is trying to acquire lock:
ffff88805c6535c0 (&ovl_i_mutex_dir_key[depth]){++++}-{3:3}, at: inode_lock_shared include/linux/fs.h:803 [inline]
ffff88805c6535c0 (&ovl_i_mutex_dir_key[depth]){++++}-{3:3}, at: lookup_slow+0x45/0x70 fs/namei.c:1708

but task is already holding lock:
ffff88802d558088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&of->mutex){+.+.}-{3:3}:
       lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       kernfs_fop_llseek+0x7e/0x2a0 fs/kernfs/file.c:867
       ovl_llseek+0x314/0x470 fs/overlayfs/file.c:218
       vfs_llseek fs/read_write.c:289 [inline]
       ksys_lseek fs/read_write.c:302 [inline]
       __do_sys_lseek fs/read_write.c:313 [inline]
       __se_sys_lseek fs/read_write.c:311 [inline]
       __x64_sys_lseek+0x153/0x1e0 fs/read_write.c:311
       do_syscall_64+0xfb/0x240
       entry_SYSCALL_64_after_hwframe+0x6d/0x75

-> #1 (&ovl_i_lock_key[depth]){+.+.}-{3:3}:
       lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       ovl_inode_lock_interruptible fs/overlayfs/overlayfs.h:654 [inline]
       ovl_nlink_start+0xdc/0x390 fs/overlayfs/util.c:1162
       ovl_do_remove+0x1fa/0xd90 fs/overlayfs/dir.c:893
       vfs_rmdir+0x367/0x4c0 fs/namei.c:4209
       do_rmdir+0x3b5/0x580 fs/namei.c:4268
       __do_sys_unlinkat fs/namei.c:4444 [inline]
       __se_sys_unlinkat fs/namei.c:4438 [inline]
       __x64_sys_unlinkat+0xe0/0xf0 fs/namei.c:4438
       do_syscall_64+0xfb/0x240
       entry_SYSCALL_64_after_hwframe+0x6d/0x75

-> #0 (&ovl_i_mutex_dir_key[depth]){++++}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
       down_read+0xb1/0xa40 kernel/locking/rwsem.c:1526
       inode_lock_shared include/linux/fs.h:803 [inline]
       lookup_slow+0x45/0x70 fs/namei.c:1708
       walk_component+0x2e1/0x410 fs/namei.c:2004
       lookup_last fs/namei.c:2461 [inline]
       path_lookupat+0x16f/0x450 fs/namei.c:2485
       filename_lookup+0x256/0x610 fs/namei.c:2514
       kern_path+0x35/0x50 fs/namei.c:2622
       lookup_bdev+0xc5/0x290 block/bdev.c:1072
       resume_store+0x1a0/0x710 kernel/power/hibernate.c:1235
       kernfs_fop_write_iter+0x3a4/0x500 fs/kernfs/file.c:334
       call_write_iter include/linux/fs.h:2108 [inline]
       new_sync_write fs/read_write.c:497 [inline]
       vfs_write+0xa84/0xcb0 fs/read_write.c:590
       ksys_write+0x1a0/0x2c0 fs/read_write.c:643
       do_syscall_64+0xfb/0x240
       entry_SYSCALL_64_after_hwframe+0x6d/0x75

other info that might help us debug this:

Chain exists of:
  &ovl_i_mutex_dir_key[depth] --> &ovl_i_lock_key[depth] --> &of->mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&of->mutex);
                               lock(&ovl_i_lock_key[depth]);
                               lock(&of->mutex);
  rlock(&ovl_i_mutex_dir_key[depth]);

 *** DEADLOCK ***

4 locks held by syz-executor.1/18841:
 #0: ffff8880586d3248 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x259/0x320 fs/file.c:1191
 #1: ffff88801d908420 (sb_writers#8){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2853 [inline]
 #1: ffff88801d908420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x233/0xcb0 fs/read_write.c:586
 #2: ffff88802d558088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 fs/kernfs/file.c:325
 #3: ffff8880182db3a8 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 fs/kernfs/file.c:326

stack backtrace:
CPU: 1 PID: 18841 Comm: syz-executor.1 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
 down_read+0xb1/0xa40 kernel/locking/rwsem.c:1526
 inode_lock_shared include/linux/fs.h:803 [inline]
 lookup_slow+0x45/0x70 fs/namei.c:1708
 walk_component+0x2e1/0x410 fs/namei.c:2004
 lookup_last fs/namei.c:2461 [inline]
 path_lookupat+0x16f/0x450 fs/namei.c:2485
 filename_lookup+0x256/0x610 fs/namei.c:2514
 kern_path+0x35/0x50 fs/namei.c:2622
 lookup_bdev+0xc5/0x290 block/bdev.c:1072
 resume_store+0x1a0/0x710 kernel/power/hibernate.c:1235
 kernfs_fop_write_iter+0x3a4/0x500 fs/kernfs/file.c:334
 call_write_iter include/linux/fs.h:2108 [inline]
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0xa84/0xcb0 fs/read_write.c:590
 ksys_write+0x1a0/0x2c0 fs/read_write.c:643
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7fc65da7de69
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc65e7cc0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fc65dbac050 RCX: 00007fc65da7de69
RDX: 0000000000000018 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 00007fc65daca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007fc65dbac050 R15: 00007ffff1d46748
 </TASK>

Crashes (278):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/15 11:38 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/15 08:49 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/15 07:33 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/15 05:24 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/15 00:25 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 22:00 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 20:54 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 19:35 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 18:22 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 16:18 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 15:08 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 13:51 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 11:10 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 06:44 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 04:08 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/14 02:48 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 23:11 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 21:14 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 19:38 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 18:22 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 17:20 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 16:16 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 14:15 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 14:14 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 12:57 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 11:22 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 09:51 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 08:37 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 07:00 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 05:35 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 04:02 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/13 00:48 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 23:55 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 22:33 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 19:36 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 18:28 upstream fe46a7dd189e c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 14:06 upstream fe46a7dd189e 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 10:07 upstream fe46a7dd189e 27de0a5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/12 01:27 upstream fe46a7dd189e 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/11 20:18 upstream fe46a7dd189e 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/11 17:04 upstream fe46a7dd189e 95ed9ece .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/11 12:24 upstream fe46a7dd189e 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/11 08:51 upstream fe46a7dd189e 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/11 02:58 upstream fe46a7dd189e 33b9e058 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2024/04/10 22:10 upstream fe46a7dd189e 4320ec32 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2023/07/19 08:57 upstream ccff6d117d8d 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
2023/07/17 12:15 upstream fdf0eaf11452 e5f10889 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in lookup_slow
2023/07/15 13:10 upstream b6e6cc1f78c7 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lookup_slow
* Struck through repros no longer work on HEAD.