syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

possible deadlock in __kernfs_remove (2)

Status: upstream: reported C repro on 2024/11/08 10:18
Subsystems: kernfs
[Documentation on labels]
Reported-by: syzbot+aa419d82b68e6a7e96c5@syzkaller.appspotmail.com
First crash: 16d, last: 17m
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly kernfs report (Nov 2024) 0 (1) 2024/11/15 11:25
[syzbot] [kernfs?] possible deadlock in __kernfs_remove (2) 0 (1) 2024/11/08 10:18
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in __kernfs_remove kernfs C 438 106d 149d 28/28 fixed on 2024/10/03 15:25

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc6-syzkaller-00192-gf1dce1f09380 #0 Not tainted
------------------------------------------------------
syz-executor336/6364 is trying to acquire lock:
ffff888025cc2e18 (kn->active#5){++++}-{0:0}, at: __kernfs_remove+0x281/0x670 fs/kernfs/dir.c:1486

but task is already holding lock:
ffff8880251264c8 (&disk->open_mutex){+.+.}-{3:3}, at: loop_reread_partitions+0x47/0x140 drivers/block/loop.c:533

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&disk->open_mutex){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
       bdev_open+0x41a/0xe20 block/bdev.c:904
       bdev_file_open_by_dev block/bdev.c:1018 [inline]
       bdev_file_open_by_dev+0x17d/0x210 block/bdev.c:993
       disk_scan_partitions+0x1ed/0x320 block/genhd.c:367
       device_add_disk+0xfbb/0x12d0 block/genhd.c:510
       pmem_attach_disk+0x9af/0x13f0 drivers/nvdimm/pmem.c:576
       nd_pmem_probe+0x1a9/0x1f0 drivers/nvdimm/pmem.c:649
       nvdimm_bus_probe+0x169/0x5d0 drivers/nvdimm/bus.c:94
       call_driver_probe drivers/base/dd.c:579 [inline]
       really_probe+0x23e/0xa90 drivers/base/dd.c:658
       __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
       driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
       __driver_attach+0x283/0x580 drivers/base/dd.c:1216
       bus_for_each_dev+0x13c/0x1d0 drivers/base/bus.c:370
       bus_add_driver+0x2e9/0x690 drivers/base/bus.c:675
       driver_register+0x15c/0x4b0 drivers/base/driver.c:246
       __nd_driver_register+0x103/0x1a0 drivers/nvdimm/bus.c:622
       do_one_initcall+0x128/0x700 init/main.c:1269
       do_initcall_level init/main.c:1331 [inline]
       do_initcalls init/main.c:1347 [inline]
       do_basic_setup init/main.c:1366 [inline]
       kernel_init_freeable+0x5c7/0x900 init/main.c:1580
       kernel_init+0x1c/0x2b0 init/main.c:1469
       ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

-> #1 (&nvdimm_namespace_key){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
       device_lock include/linux/device.h:1014 [inline]
       uevent_show+0x188/0x3b0 drivers/base/core.c:2736
       dev_attr_show+0x53/0xe0 drivers/base/core.c:2430
       sysfs_kf_seq_show+0x23e/0x410 fs/sysfs/file.c:59
       seq_read_iter+0x4f4/0x12b0 fs/seq_file.c:230
       kernfs_fop_read_iter+0x414/0x580 fs/kernfs/file.c:279
       new_sync_read fs/read_write.c:488 [inline]
       vfs_read+0x87f/0xbe0 fs/read_write.c:569
       ksys_read+0x12f/0x260 fs/read_write.c:712
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (kn->active#5){++++}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain kernel/locking/lockdep.c:3904 [inline]
       __lock_acquire+0x250b/0x3ce0 kernel/locking/lockdep.c:5202
       lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
       kernfs_drain+0x48f/0x590 fs/kernfs/dir.c:500
       __kernfs_remove+0x281/0x670 fs/kernfs/dir.c:1486
       kernfs_remove_by_name_ns+0xb2/0x130 fs/kernfs/dir.c:1694
       sysfs_remove_file include/linux/sysfs.h:773 [inline]
       device_remove_file drivers/base/core.c:3054 [inline]
       device_remove_file drivers/base/core.c:3050 [inline]
       device_del+0x381/0x9f0 drivers/base/core.c:3859
       drop_partition+0x109/0x1c0 block/partitions/core.c:273
       bdev_disk_changed+0x24d/0x1520 block/partitions/core.c:666
       loop_reread_partitions+0x70/0x140 drivers/block/loop.c:534
       loop_configure+0xef6/0x11f0 drivers/block/loop.c:1119
       lo_ioctl+0xa6b/0x18b0 drivers/block/loop.c:1533
       blkdev_ioctl+0x276/0x6d0 block/ioctl.c:693
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:907 [inline]
       __se_sys_ioctl fs/ioctl.c:893 [inline]
       __x64_sys_ioctl+0x18f/0x220 fs/ioctl.c:893
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

Chain exists of:
  kn->active#5 --> &nvdimm_namespace_key --> &disk->open_mutex

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&disk->open_mutex);
                               lock(&nvdimm_namespace_key);
                               lock(&disk->open_mutex);
  lock(kn->active#5);

 *** DEADLOCK ***

1 lock held by syz-executor336/6364:
 #0: ffff8880251264c8 (&disk->open_mutex){+.+.}-{3:3}, at: loop_reread_partitions+0x47/0x140 drivers/block/loop.c:533

stack backtrace:
CPU: 2 UID: 0 PID: 6364 Comm: syz-executor336 Not tainted 6.12.0-rc6-syzkaller-00192-gf1dce1f09380 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_circular_bug+0x41c/0x610 kernel/locking/lockdep.c:2074
 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206
 check_prev_add kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain kernel/locking/lockdep.c:3904 [inline]
 __lock_acquire+0x250b/0x3ce0 kernel/locking/lockdep.c:5202
 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5825
 kernfs_drain+0x48f/0x590 fs/kernfs/dir.c:500
 __kernfs_remove+0x281/0x670 fs/kernfs/dir.c:1486
 kernfs_remove_by_name_ns+0xb2/0x130 fs/kernfs/dir.c:1694
 sysfs_remove_file include/linux/sysfs.h:773 [inline]
 device_remove_file drivers/base/core.c:3054 [inline]
 device_remove_file drivers/base/core.c:3050 [inline]
 device_del+0x381/0x9f0 drivers/base/core.c:3859
 drop_partition+0x109/0x1c0 block/partitions/core.c:273
 bdev_disk_changed+0x24d/0x1520 block/partitions/core.c:666
 loop_reread_partitions+0x70/0x140 drivers/block/loop.c:534
 loop_configure+0xef6/0x11f0 drivers/block/loop.c:1119
 lo_ioctl+0xa6b/0x18b0 drivers/block/loop.c:1533
 blkdev_ioctl+0x276/0x6d0 block/ioctl.c:693
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl fs/ioctl.c:893 [inline]
 __x64_sys_ioctl+0x18f/0x220 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fced3ca73a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fced3c5f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fced3d2e328 RCX: 00007fced3ca73a9
RDX: 00000000200002c0 RSI: 0000000000004c0a RDI: 0000000000000003
RBP: 00007fced3d2e320 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fced3cfb074
R13: 307a797300010009 R14: 6f6f6c2f7665642f R15: 732e70756f726763
 </TASK>

Crashes (396):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/09 13:24 upstream f1dce1f09380 6b856513 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __kernfs_remove
2024/11/04 18:16 upstream 59b723cd2adb 0754ea12 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/21 06:30 upstream 8f7c8b88bda4 4b25d554 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/21 04:10 upstream 8f7c8b88bda4 4b25d554 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/21 02:50 upstream 8f7c8b88bda4 4b25d554 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 23:46 upstream 8f7c8b88bda4 4fca1650 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 21:42 upstream 8f7c8b88bda4 4fca1650 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 18:07 upstream bf9aa14fc523 4fca1650 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 13:53 upstream bf9aa14fc523 4fca1650 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 10:54 upstream bf9aa14fc523 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 09:24 upstream bf9aa14fc523 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 08:58 upstream bf9aa14fc523 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 07:04 upstream bf9aa14fc523 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 04:57 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 03:11 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/20 01:16 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 23:26 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 22:11 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 18:54 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 18:37 upstream 158f238aa69d 7d02db5a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 15:13 upstream 158f238aa69d 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 13:58 upstream 158f238aa69d 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 10:49 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 09:46 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 07:57 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 06:39 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 05:19 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 03:32 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 01:57 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/19 01:27 upstream 9fb2cfa4635a 571351cb .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 19:13 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 18:04 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 16:54 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 14:06 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 12:09 upstream adc218676eef e7bb5d6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 09:48 upstream adc218676eef cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 07:31 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 05:12 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/18 03:30 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 23:38 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 21:41 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 21:36 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 20:07 upstream f66d6acccbc0 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 18:02 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 17:02 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 15:23 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 13:44 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 11:11 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 10:10 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 07:07 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 03:05 upstream e8bdb3c8be08 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/17 02:03 upstream e8bdb3c8be08 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in __kernfs_remove
2024/11/12 13:45 upstream 2d5404caa8c7 c819f227 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __kernfs_remove
* Struck through repros no longer work on HEAD.