syzbot


possible deadlock in fifo_open

Status: closed as dup on 2017/12/12 21:25
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+e6aa4df2569624fc2b37ff61b464f38c3440bb04@syzkaller.appspotmail.com
First crash: 2282d, last: 1798d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
possible deadlock in seq_read fs C 19074 1788d 2278d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 possible deadlock in fifo_open C 696 1545d 1781d 0/2 public: reported C repro on 2019/04/12 00:00
android-414 possible deadlock in fifo_open C 586 1791d 1782d 0/1 public: reported C repro on 2019/04/11 00:00

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
5.1.0-rc1+ #33 Not tainted
------------------------------------------------------
syz-executor850/7765 is trying to acquire lock:
00000000d6dfb9eb (&pipe->mutex/1){+.+.}, at: __pipe_lock fs/pipe.c:83 [inline]
00000000d6dfb9eb (&pipe->mutex/1){+.+.}, at: fifo_open+0x159/0xb00 fs/pipe.c:930

but task is already holding lock:
00000000f27e5005 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1407 [inline]
00000000f27e5005 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 fs/exec.c:1750

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&sig->cred_guard_mutex){+.+.}:
       lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:4211
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0xf7/0x1310 kernel/locking/mutex.c:1072
       mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:1109
       proc_pid_attr_write+0x200/0x580 fs/proc/base.c:2558
       __vfs_write+0x8d/0x110 fs/read_write.c:485
       __kernel_write+0x110/0x3b0 fs/read_write.c:506
       write_pipe_buf+0x15d/0x1f0 fs/splice.c:793
       splice_from_pipe_feed fs/splice.c:499 [inline]
       __splice_from_pipe+0x395/0x7d0 fs/splice.c:623
       splice_from_pipe+0x108/0x170 fs/splice.c:658
       default_file_splice_write+0x3c/0x90 fs/splice.c:805
       do_splice_from fs/splice.c:847 [inline]
       do_splice+0x70a/0x13c0 fs/splice.c:1154
       __do_sys_splice fs/splice.c:1424 [inline]
       __se_sys_splice fs/splice.c:1404 [inline]
       __x64_sys_splice+0x2c6/0x330 fs/splice.c:1404
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&pipe->mutex/1){+.+.}:
       check_prevs_add kernel/locking/lockdep.c:2333 [inline]
       validate_chain kernel/locking/lockdep.c:2714 [inline]
       __lock_acquire+0x239c/0x3fb0 kernel/locking/lockdep.c:3701
       lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:4211
       __mutex_lock_common kernel/locking/mutex.c:925 [inline]
       __mutex_lock+0xf7/0x1310 kernel/locking/mutex.c:1072
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
       __pipe_lock fs/pipe.c:83 [inline]
       fifo_open+0x159/0xb00 fs/pipe.c:930
       do_dentry_open+0x488/0x1160 fs/open.c:771
       vfs_open+0xa0/0xd0 fs/open.c:880
       do_last fs/namei.c:3416 [inline]
       path_openat+0x10e9/0x46e0 fs/namei.c:3533
       do_filp_open+0x1a1/0x280 fs/namei.c:3563
       do_open_execat+0x137/0x690 fs/exec.c:856
       __do_execve_file.isra.0+0x178d/0x23f0 fs/exec.c:1758
       do_execveat_common fs/exec.c:1865 [inline]
       do_execve fs/exec.c:1882 [inline]
       __do_sys_execve fs/exec.c:1958 [inline]
       __se_sys_execve fs/exec.c:1953 [inline]
       __x64_sys_execve+0x8f/0xc0 fs/exec.c:1953
       do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&sig->cred_guard_mutex);
                               lock(&pipe->mutex/1);
                               lock(&sig->cred_guard_mutex);
  lock(&pipe->mutex/1);

 *** DEADLOCK ***

1 lock held by syz-executor850/7765:
 #0: 00000000f27e5005 (&sig->cred_guard_mutex){+.+.}, at: prepare_bprm_creds fs/exec.c:1407 [inline]
 #0: 00000000f27e5005 (&sig->cred_guard_mutex){+.+.}, at: __do_execve_file.isra.0+0x376/0x23f0 fs/exec.c:1750

stack backtrace:
CPU: 1 PID: 7765 Comm: syz-executor850 Not tainted 5.1.0-rc1+ #33
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1571
 check_prev_add.constprop.0+0xf11/0x23c0 kernel/locking/lockdep.c:2220
 check_prevs_add kernel/locking/lockdep.c:2333 [inline]
 validate_chain kernel/locking/lockdep.c:2714 [inline]
 __lock_acquire+0x239c/0x3fb0 kernel/locking/lockdep.c:3701
 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:4211
 __mutex_lock_common kernel/locking/mutex.c:925 [inline]
 __mutex_lock+0xf7/0x1310 kernel/locking/mutex.c:1072
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
 __pipe_lock fs/pipe.c:83 [inline]
 fifo_open+0x159/0xb00 fs/pipe.c:930
 do_dentry_open+0x488/0x1160 fs/open.c:771
 vfs_open+0xa0/0xd0 fs/open.c:880
 do_last fs/namei.c:3416 [inline]
 path_openat+0x10e9/0x46e0 fs/namei.c:3533
 do_filp_open+0x1a1/0x280 fs/namei.c:3563
 do_open_execat+0x137/0x690 fs/exec.c:856
 __do_execve_file.isra.0+0x178d/0x23f0 fs/exec.c:1758
 do_execveat_common fs/exec.c:1865 [inline]
 do_execve fs/exec.c:1882 [inline]
 __do_sys_execve fs/exec.c:1958 [inline]
 __se_sys_execve fs/exec.c:1953 [inline]
 __x64_sys_execve+0x8f/0xc0 fs/exec.c:1953
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4402a9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff212954a8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000480
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b30
R13: 0000000000401bc0 R14: 0000000000000000 R15: 0000000000000000

Crashes (2097):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/23 01:37 upstream fd1f297b794c 3361bde5 .config console log report syz C ci-upstream-kasan-gce
2019/03/23 01:37 upstream fd1f297b794c 3361bde5 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/03/23 01:36 upstream fd1f297b794c 3361bde5 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/03/23 01:35 upstream fd1f297b794c 3361bde5 .config console log report syz C ci-upstream-kasan-gce-root
2019/03/16 17:15 upstream 9c7dc824d9a4 bab43553 .config console log report syz C ci-upstream-kasan-gce
2019/03/16 16:59 upstream 9c7dc824d9a4 bab43553 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/03/16 16:58 upstream 9c7dc824d9a4 bab43553 .config console log report syz C ci-upstream-kasan-gce-root
2019/03/16 16:57 upstream 9c7dc824d9a4 bab43553 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/14 12:59 upstream 1c7fc5cbc339 95485883 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/14 12:24 upstream 1c7fc5cbc339 95485883 .config console log report syz C ci-upstream-kasan-gce-root
2019/01/14 12:04 upstream 1c7fc5cbc339 95485883 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/14 11:49 upstream 1c7fc5cbc339 95485883 .config console log report syz C ci-upstream-kasan-gce
2019/01/11 21:05 upstream de6629eb262e c3f3344c .config console log report syz C ci-upstream-kasan-gce-root
2019/01/11 10:03 upstream 1bdbe2274920 80dde172 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/11 10:02 upstream 1bdbe2274920 80dde172 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/11 10:01 upstream 1bdbe2274920 80dde172 .config console log report syz C ci-upstream-kasan-gce
2019/01/08 15:53 upstream 3bd6e94bec12 37dd2683 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/08 11:51 upstream 3bd6e94bec12 37dd2683 .config console log report syz C ci-upstream-kasan-gce
2019/01/08 11:51 upstream 3bd6e94bec12 37dd2683 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/08 11:51 upstream 3bd6e94bec12 37dd2683 .config console log report syz C ci-upstream-kasan-gce-root
2019/01/08 00:40 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-root
2019/01/08 00:39 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/08 00:39 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/08 00:39 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce
2019/01/02 07:33 upstream 28e8c4bc8eb4 3d85f48c .config console log report syz C ci-upstream-kasan-gce-root
2019/01/02 06:05 upstream 28e8c4bc8eb4 3d85f48c .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/02 03:26 upstream 28e8c4bc8eb4 3d85f48c .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/01/02 02:41 upstream 28e8c4bc8eb4 3d85f48c .config console log report syz C ci-upstream-kasan-gce
2019/01/01 23:59 upstream e1ef035d272e 3d85f48c .config console log report syz C ci-upstream-kasan-gce-root
2019/01/01 23:47 upstream e1ef035d272e 3d85f48c .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/01/01 22:01 upstream e1ef035d272e 3d85f48c .config console log report syz C ci-upstream-kasan-gce
2018/12/31 17:12 upstream 195303136f19 2b42fdc8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2018/12/31 17:03 upstream 195303136f19 2b42fdc8 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/03/23 01:37 upstream fd1f297b794c 3361bde5 .config console log report syz C ci-upstream-kasan-gce-386
2019/03/16 17:49 upstream 9c7dc824d9a4 bab43553 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/14 13:25 upstream 1c7fc5cbc339 95485883 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/11 10:50 upstream 1bdbe2274920 80dde172 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/08 11:51 upstream 3bd6e94bec12 37dd2683 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/08 00:40 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/01 21:18 upstream e1ef035d272e 3d85f48c .config console log report syz C ci-upstream-kasan-gce-386
2018/12/31 17:08 upstream 195303136f19 2b42fdc8 .config console log report syz C ci-upstream-kasan-gce-386
2019/03/23 01:35 linux-next e382d91f5f80 3361bde5 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/03/16 19:40 linux-next cf08baa29613 bab43553 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/14 11:49 linux-next 8ce4d582f564 95485883 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/11 11:22 linux-next b808822a75a3 80dde172 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/09 00:38 linux-next 139287cc2cc0 010ed08b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/08 00:39 linux-next a85b6b4f6416 69d69aa9 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/02 13:29 linux-next 4cd1b60def51 f0491811 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/01/02 09:32 linux-next 4cd1b60def51 3d85f48c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2018/12/31 17:02 linux-next 6a1d293238c1 2b42fdc8 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/03/26 15:32 upstream a3ac7917b730 55684ce1 .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/26 03:00 upstream 8c2ffd917477 55684ce1 .config console log report ci-upstream-kasan-gce
2019/03/24 10:33 upstream 1bdd3dbfff7a acbc5b7d .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/23 02:42 upstream fd1f297b794c 3361bde5 .config console log report ci-upstream-kasan-gce-root
2019/03/19 13:48 upstream 9e98c678c2d6 e4549234 .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/19 02:08 upstream 9e98c678c2d6 46264c32 .config console log report ci-upstream-kasan-gce-root
2019/03/18 19:37 upstream 9e98c678c2d6 4656beca .config console log report ci-upstream-kasan-gce-smack-root
2019/03/13 23:27 upstream ebc551f2b8f9 2881fc25 .config console log report ci-upstream-kasan-gce
2019/03/12 20:08 upstream ea295481b6e3 a71bfb62 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/11 07:06 upstream 065b6c4c913d 12365b99 .config console log report ci-upstream-kasan-gce
2019/03/11 05:45 upstream 065b6c4c913d 12365b99 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/08 16:16 upstream 610cd4eadec4 12365b99 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/07 19:18 upstream f90d64483ebd 8c085c5e .config console log report ci-upstream-kasan-gce-root
2019/03/07 08:04 upstream afe6fe7036c6 18215b8d .config console log report ci-upstream-kasan-gce-smack-root
2019/03/06 03:50 upstream 63bdf4284c38 16559f86 .config console log report ci-upstream-kasan-gce-root
2019/03/04 00:11 upstream c027c7cf1577 1c0e457a .config console log report ci-upstream-kasan-gce-root
2019/03/03 06:01 upstream c93d9218ea56 1c0e457a .config console log report ci-upstream-kasan-gce
2019/03/02 18:49 upstream a215ce8f0e00 1c0e457a .config console log report ci-upstream-kasan-gce-root
2019/03/01 04:48 upstream 7d762d69145a 09aeeba4 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/24 22:18 upstream c3619a482e15 7a06e792 .config console log report ci-upstream-kasan-gce
2019/02/24 00:55 upstream e60b5f79bd75 7a06e792 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/22 11:05 upstream 8a61716ff2ab 7ff74a98 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/22 06:50 upstream 8a61716ff2ab 7ff74a98 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/21 23:56 upstream 8a61716ff2ab 7ff74a98 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/21 05:42 upstream 2137397c92ae c95f0707 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/20 22:16 upstream 2137397c92ae c95f0707 .config console log report ci-upstream-kasan-gce
2019/02/18 08:24 upstream 2fee036af043 59f36113 .config console log report ci-upstream-kasan-gce
2019/02/16 17:46 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce
2019/02/15 19:35 upstream cb5b020a8d38 f6f233c0 .config console log report ci-upstream-kasan-gce-root
2019/02/13 21:33 upstream 1f947a7a011f 0a49c954 .config console log report ci-upstream-kasan-gce
2019/02/13 01:49 upstream 57902dc0670c 1eedba36 .config console log report ci-upstream-kasan-gce-root
2019/02/12 01:10 upstream aa0c38cf39de 65a0d619 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/09 02:05 upstream 74e96711e337 fa6c7b70 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/22 04:01 upstream 0939221e6468 dce6e62f .config console log report ci-upstream-kasan-gce-386
2019/03/01 10:37 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce-386
2019/02/28 12:51 upstream 7d762d69145a 09aeeba4 .config console log report ci-upstream-kasan-gce-386
2019/02/11 13:48 upstream d13937116f1e 73f5f452 .config console log report ci-upstream-kasan-gce-386
2019/03/26 07:16 linux-next 9e864317704b 55684ce1 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/03/21 07:04 linux-next 32a217bae32c 427ea487 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/03/16 09:21 linux-next cf08baa29613 bab43553 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/03/12 17:36 linux-next cf08baa29613 a71bfb62 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/03/09 11:12 linux-next cf08baa29613 12365b99 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/03/04 13:17 linux-next 5d57915a1c8b 7c693b52 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/28 11:48 linux-next 42fd8df9d1d9 09aeeba4 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 15:28 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 01:12 linux-next 2b46440ea715 8022bafd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 07:56 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 06:14 linux-next 43dc36c945ef 4df543c9 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/16 23:57 linux-next 7a92eb7cc1dc f42dee6d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/15 20:40 linux-next 7a92eb7cc1dc f6f233c0 .config console log report ci-upstream-linux-next-kasan-gce-root
2017/12/27 19:40 mmots 37759fa6d0fa 09c8f4c0 .config console log report ci-upstream-mmots-kasan-gce
2017/12/22 21:17 linux-next 0e08c463db38 8e409090 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.