syzbot


possible deadlock in mnt_want_write (2)

Status: fixed on 2023/12/21 01:43
Subsystems: integrity overlayfs
[Documentation on labels]
Reported-by: syzbot+b42fe626038981fb7bfa@syzkaller.appspotmail.com
Fix commit: e044374a8a0a ima: annotate iint mutex to avoid lockdep false positive warnings
First crash: 1072d, last: 200d
Cause bisection: introduced by (bisect log) :
commit 708fa01597fa002599756bf56a96d0de1677375c
Author: Miklos Szeredi <mszeredi@redhat.com>
Date: Mon Apr 12 10:00:37 2021 +0000

  ovl: allow upperdir inside lowerdir

Crash: possible deadlock in ovl_maybe_copy_up (log)
Repro: C syz .config
  
Duplicate bugs (3)
duplicates (3):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
possible deadlock in ovl_copy_up_start (2) overlayfs 1 237d 233d 0/26 closed as dup on 2023/10/04 08:46
possible deadlock in ovl_maybe_copy_up overlayfs C unreliable 1018 202d 1272d 0/26 closed as dup on 2023/06/06 09:30
possible deadlock in process_measurement (3) overlayfs C error 223 198d 1104d 0/26 closed as dup on 2023/06/06 09:59
Discussions (8)
Title Replies (including bot) Last reply
Re: [syzbot] [integrity] [overlayfs] possible deadlock in mnt_want_write (2) 2 (2) 2023/10/05 13:35
[syzbot] possible deadlock in mnt_want_write (2) 9 (14) 2023/10/05 13:22
[PATCH] ima: annotate iint mutex to avoid lockdep false positive warnings 1 (1) 2023/10/05 11:15
[syzbot] Monthly overlayfs report (Oct 2023) 0 (1) 2023/10/04 07:30
[syzbot] Monthly overlayfs report (Aug 2023) 0 (1) 2023/08/24 07:15
[syzbot] Monthly overlayfs report (Jul 2023) 0 (1) 2023/07/24 08:31
[syzbot] Monthly overlayfs report (May 2023) 0 (1) 2023/05/06 08:19
[syzbot] Monthly overlayfs report 0 (1) 2023/04/05 08:55
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in mnt_want_write origin:upstream missing-backport C done 117 172d 424d 0/3 upstream: reported C repro on 2023/03/21 10:01
upstream possible deadlock in mnt_want_write fs C done done 662 1319d 2126d 15/26 fixed on 2020/11/16 12:12
linux-6.1 possible deadlock in mnt_want_write origin:upstream missing-backport C done 56 173d 417d 0/3 upstream: reported C repro on 2023/03/28 13:05
linux-4.19 possible deadlock in mnt_want_write romfs C 730 439d 1856d 0/1 upstream: reported C repro on 2019/04/19 16:54
android-49 possible deadlock in mnt_want_write 1 2109d 2109d 0/3 auto-closed as invalid on 2019/02/22 14:57
upstream possible deadlock in mnt_want_write (3) kernfs 9 35d 139d 0/26 upstream: reported on 2024/01/01 07:31
linux-4.14 possible deadlock in mnt_want_write ubifs C 10467 439d 1851d 0/1 upstream: reported C repro on 2019/04/25 05:09
Last patch testing requests (8)
Created Duration User Patch Repo Result
2023/10/05 10:26 18m amir73il@gmail.com https://github.com/amir73il/linux ima-ovl-fix OK log
2023/10/05 09:36 22m amir73il@gmail.com https://github.com/amir73il/linux ima-ovl-fix error OK
2023/09/15 05:25 22m retest repro upstream OK log
2023/09/14 02:31 15m retest repro upstream OK log
2023/09/14 02:31 15m retest repro upstream OK log
2023/09/14 02:31 18m retest repro upstream OK log
2022/07/03 07:07 19m hdanton@sina.com patch http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428 OK log
2022/07/03 01:34 17m hdanton@sina.com patch http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428 error OK
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2023/10/04 10:56 5h47m bisect upstream job log (1) log
2022/07/02 23:13 6h05m bisect upstream job log (1) log
marked invalid by nogikh@google.com

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0 Not tainted
------------------------------------------------------
syz-executor296/5031 is trying to acquire lock:
ffff88807fcf6410 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:403

but task is already holding lock:
ffff8880293ed620 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c9/0x1cf0 security/integrity/ima/ima_main.c:266

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&iint->mutex){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
       process_measurement+0x7c9/0x1cf0 security/integrity/ima/ima_main.c:266
       ima_file_check+0xf1/0x170 security/integrity/ima/ima_main.c:543
       do_open fs/namei.c:3641 [inline]
       path_openat+0x2812/0x3180 fs/namei.c:3796
       do_filp_open+0x234/0x490 fs/namei.c:3823
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1422
       do_sys_open fs/open.c:1437 [inline]
       __do_sys_openat fs/open.c:1453 [inline]
       __se_sys_openat fs/open.c:1448 [inline]
       __x64_sys_openat+0x247/0x290 fs/open.c:1448
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (sb_writers#4){.+.+}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3868 [inline]
       __lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5136
       lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5753
       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
       __sb_start_write include/linux/fs.h:1571 [inline]
       sb_start_write+0x4d/0x1c0 include/linux/fs.h:1646
       mnt_want_write+0x3f/0x90 fs/namespace.c:403
       ovl_maybe_copy_up+0x115/0x180 fs/overlayfs/copy_up.c:1176
       ovl_open+0x12b/0x310 fs/overlayfs/file.c:166
       do_dentry_open+0x80f/0x1430 fs/open.c:929
       vfs_open fs/open.c:1063 [inline]
       dentry_open+0xcb/0x120 fs/open.c:1079
       ima_calc_file_hash+0x166/0x1d20 security/integrity/ima/ima_crypto.c:558
       ima_collect_measurement+0x4a5/0x890 security/integrity/ima/ima_api.c:289
       process_measurement+0xfea/0x1cf0 security/integrity/ima/ima_main.c:345
       ima_file_check+0xf1/0x170 security/integrity/ima/ima_main.c:543
       do_open fs/namei.c:3641 [inline]
       path_openat+0x2812/0x3180 fs/namei.c:3796
       do_filp_open+0x234/0x490 fs/namei.c:3823
       do_sys_openat2+0x13e/0x1d0 fs/open.c:1422
       do_sys_open fs/open.c:1437 [inline]
       __do_sys_open fs/open.c:1445 [inline]
       __se_sys_open fs/open.c:1441 [inline]
       __x64_sys_open+0x225/0x270 fs/open.c:1441
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&iint->mutex);
                               lock(sb_writers#4);
                               lock(&iint->mutex);
  rlock(sb_writers#4);

 *** DEADLOCK ***

1 lock held by syz-executor296/5031:
 #0: ffff8880293ed620 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7c9/0x1cf0 security/integrity/ima/ima_main.c:266

stack backtrace:
CPU: 1 PID: 5031 Comm: syz-executor296 Not tainted 6.6.0-rc2-syzkaller-00386-g3aba70aed91f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x375/0x4a0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3868 [inline]
 __lock_acquire+0x39ff/0x7f70 kernel/locking/lockdep.c:5136
 lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5753
 percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
 __sb_start_write include/linux/fs.h:1571 [inline]
 sb_start_write+0x4d/0x1c0 include/linux/fs.h:1646
 mnt_want_write+0x3f/0x90 fs/namespace.c:403
 ovl_maybe_copy_up+0x115/0x180 fs/overlayfs/copy_up.c:1176
 ovl_open+0x12b/0x310 fs/overlayfs/file.c:166
 do_dentry_open+0x80f/0x1430 fs/open.c:929
 vfs_open fs/open.c:1063 [inline]
 dentry_open+0xcb/0x120 fs/open.c:1079
 ima_calc_file_hash+0x166/0x1d20 security/integrity/ima/ima_crypto.c:558
 ima_collect_measurement+0x4a5/0x890 security/integrity/ima/ima_api.c:289
 process_measurement+0xfea/0x1cf0 security/integrity/ima/ima_main.c:345
 ima_file_check+0xf1/0x170 security/integrity/ima/ima_main.c:543
 do_open fs/namei.c:3641 [inline]
 path_openat+0x2812/0x3180 fs/namei.c:3796
 do_filp_open+0x234/0x490 fs/namei.c:3823
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1422
 do_sys_open fs/open.c:1437 [inline]
 __do_sys_open fs/open.c:1445 [inline]
 __se_sys_open fs/open.c:1441 [inline]
 __x64_sys_open+0x225/0x270 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f329dd253e9
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe4a747858 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0073646165725f67 RCX: 00007f329dd253e9
RDX: 0000000000000000 RSI: 0000000000101003 RDI: 0000000020000000

Crashes (867):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/24 11:02 upstream 3aba70aed91f 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/08/07 04:06 upstream f0ab9f34e59e 4ffcc9ef .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/03/21 14:52 upstream 17214b70a159 7939252e .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2022/11/03 23:00 upstream f2f32f8af2b0 6d752409 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2022/07/02 17:27 upstream 089866061428 1434eec0 .config console log report syz C ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
2023/10/31 20:44 upstream 5a6a09e97199 58499c95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/31 08:31 upstream 14ab6d425e80 b5729d82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/29 08:08 upstream 2af9b20dbb39 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/29 06:59 upstream 2af9b20dbb39 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/29 01:31 upstream 2af9b20dbb39 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/28 03:33 upstream 750b95887e56 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/27 19:20 upstream 750b95887e56 bf285f0c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
2023/10/27 18:39 upstream 750b95887e56 3c418d72 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/24 16:35 upstream d88520ad73b7 af8d2e46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/22 07:37 upstream d537ae43f8a1 361b23dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/21 18:08 upstream 9c5d00cb7b6b 361b23dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/20 15:38 upstream ce55c22ec8b2 a42250d2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
2023/10/19 04:13 upstream dd72f9c7e512 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/18 15:41 upstream 06dc10eae55b 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/17 22:49 upstream 213f891525c2 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/17 16:22 upstream 213f891525c2 342b9c55 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/16 00:59 upstream fbe1bf1e5ff1 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/15 04:22 upstream 70f8c6f8f880 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/14 17:03 upstream 8cb1f10d8c4b f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/12 10:54 upstream 401644852d0b 1b231e3c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/11 11:11 upstream 1c8b86a3799f 83165b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/10 18:14 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/10 12:26 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/10 07:17 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/09 05:13 upstream 37faf07bf90a 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/08 15:21 upstream b9ddbb0cde2a 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/08 10:24 upstream b9ddbb0cde2a 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/08 01:42 upstream b9ddbb0cde2a 5e837c76 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/05 23:58 upstream 3006adf3be79 db17ad9f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/05 04:38 upstream ba7d997a2a29 b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/04 18:11 upstream cbf3a2cb156a b7d7ff54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/03 22:59 upstream 5e62ed3b1c8a 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/03 08:19 upstream ce36c8b14987 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/03 02:58 upstream 8f1b4600373f 50b20e75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
2023/10/02 05:40 upstream e81a2dabc3f3 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/10/01 12:28 upstream e402b08634b3 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/30 16:07 upstream 9f3ebbef746f 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/29 10:16 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/29 09:09 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/29 06:42 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/29 03:34 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/29 02:12 upstream 9ed22ae6be81 d265efd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/28 15:01 upstream 633b47cb009d c2ab1e5d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/27 15:06 upstream 0e945134b680 2895a507 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/27 03:16 upstream 50768a425b46 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/25 10:49 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/25 07:59 upstream 6465e260f487 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2023/09/24 19:04 upstream 3aba70aed91f 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
2023/09/24 10:19 upstream 3aba70aed91f 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in mnt_want_write
2021/06/11 16:55 upstream 06af8679449d 1ba81399 .config console log report info ci-upstream-kasan-gce-smack-root possible deadlock in mnt_want_write
* Struck through repros no longer work on HEAD.