syzbot

 sign-in | mailing list | source | docs
🐞 Open [706]
🐞 Fixed [58]
🐞 Invalid [596]
Missing Backports [56]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in hugetlbfs_file_mmap

Status: fixed on 2023/09/28 15:44
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+f24addf1a98b7164ce1c@syzkaller.appspotmail.com
Fix commit: d0eb4917f4d3 sched/cpuset: Bring back cpuset_mutex
First crash: 622d, last: 483d
Fix bisection: fixed by (bisect log) :
commit d0eb4917f4d36f106e2c5daa9598f6f8bd08a734
Author: Juri Lelli <juri.lelli@redhat.com>
Date: Sun Aug 20 15:22:54 2023 +0000

  sched/cpuset: Bring back cpuset_mutex

  
Bug presence (2)
Date Name Commit Repro Result
2023/05/06 linux-5.15.y (ToT) 8a7f2a5c5aa1 C [report] possible deadlock in hugetlbfs_file_mmap
2023/05/06 upstream (ToT) 418d5c98319f C Didn't crash

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
5.15.102-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor404/4054 is trying to acquire lock:
ffff0000c2d59c78 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
ffff0000c2d59c78 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}, at: hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175

but task is already holding lock:
ffff0000d5961258 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
ffff0000d5961258 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:549

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&mm->mmap_lock){++++}-{3:3}:
       down_write+0x110/0x260 kernel/locking/rwsem.c:1541
       mmap_write_lock include/linux/mmap_lock.h:71 [inline]
       mpol_rebind_mm+0x40/0x298 mm/mempolicy.c:381
       cpuset_attach+0x370/0x4c8 kernel/cgroup/cpuset.c:2285
       cgroup_migrate_execute+0x6f8/0xda8 kernel/cgroup/cgroup.c:2559
       cgroup_migrate+0x1c8/0x1e0 kernel/cgroup/cgroup.c:2821
       cgroup_attach_task+0x540/0xac4 kernel/cgroup/cgroup.c:2854
       __cgroup1_procs_write+0x308/0x41c kernel/cgroup/cgroup-v1.c:528
       cgroup1_procs_write+0x38/0x4c kernel/cgroup/cgroup-v1.c:541
       cgroup_file_write+0x258/0x5ac kernel/cgroup/cgroup.c:3932
       kernfs_fop_write_iter+0x334/0x48c fs/kernfs/file.c:296
       call_write_iter include/linux/fs.h:2101 [inline]
       new_sync_write fs/read_write.c:507 [inline]
       vfs_write+0x87c/0xb3c fs/read_write.c:594
       ksys_write+0x15c/0x26c fs/read_write.c:647
       __do_sys_write fs/read_write.c:659 [inline]
       __se_sys_write fs/read_write.c:656 [inline]
       __arm64_sys_write+0x7c/0x90 fs/read_write.c:656
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
       el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
       el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
       el0t_64_sync+0x1a0/0x1a4 <unknown>:584

-> #2 (&cpuset_rwsem){++++}-{0:0}:
       percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
       cpuset_read_lock+0xe4/0x368 kernel/cgroup/cpuset.c:356
       __sched_setscheduler+0x4b8/0x1680 kernel/sched/core.c:7406
       _sched_setscheduler kernel/sched/core.c:7583 [inline]
       sched_setscheduler_nocheck+0x14c/0x258 kernel/sched/core.c:7630
       __kthread_create_on_node+0x2f8/0x3d0 kernel/kthread.c:413
       kthread_create_on_node+0xf0/0x140 kernel/kthread.c:453
       cryptomgr_schedule_test crypto/algboss.c:219 [inline]
       cryptomgr_notify+0x110/0xb48 crypto/algboss.c:240
       notifier_call_chain kernel/notifier.c:83 [inline]
       blocking_notifier_call_chain+0xf0/0x198 kernel/notifier.c:318
       crypto_probing_notify+0x34/0x94 crypto/api.c:251
       crypto_wait_for_test crypto/algapi.c:396 [inline]
       crypto_register_alg+0x24c/0x3a8 crypto/algapi.c:429
       crypto_register_kpp+0x70/0xa8 crypto/kpp.c:104
       dh_init+0x1c/0x28 crypto/dh.c:265
       do_one_initcall+0x2e4/0xc68 init/main.c:1306
       do_initcall_level+0x154/0x214 init/main.c:1379
       do_initcalls+0x58/0xac init/main.c:1395
       do_basic_setup+0x8c/0xa0 init/main.c:1414
       kernel_init_freeable+0x470/0x650 init/main.c:1619
       kernel_init+0x24/0x294 init/main.c:1510
       ret_from_fork+0x10/0x20 <unknown>:870

-> #1 ((crypto_chain).rwsem){++++}-{3:3}:
       down_read+0xbc/0x11c kernel/locking/rwsem.c:1488
       blocking_notifier_call_chain+0x60/0x198 kernel/notifier.c:317
       crypto_probing_notify crypto/api.c:251 [inline]
       crypto_alg_mod_lookup+0x290/0x63c crypto/api.c:281
       crypto_has_alg+0x38/0x168 crypto/api.c:581
       validate_hash_algo security/integrity/ima/ima_appraise.c:623 [inline]
       ima_inode_setxattr+0x60c/0x798 security/integrity/ima/ima_appraise.c:655
       security_inode_setxattr+0x188/0x200 security/security.c:1370
       __vfs_setxattr_locked+0xb4/0x218 fs/xattr.c:268
       vfs_setxattr+0x1a8/0x344 fs/xattr.c:303
       do_setxattr fs/xattr.c:588 [inline]
       setxattr+0x250/0x2b4 fs/xattr.c:611
       __do_sys_fsetxattr fs/xattr.c:667 [inline]
       __se_sys_fsetxattr fs/xattr.c:656 [inline]
       __arm64_sys_fsetxattr+0x1a8/0x224 fs/xattr.c:656
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
       el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
       el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
       el0t_64_sync+0x1a0/0x1a4 <unknown>:584

-> #0 (&sb->s_type->i_mutex_key#19){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3053 [inline]
       check_prevs_add kernel/locking/lockdep.c:3172 [inline]
       validate_chain kernel/locking/lockdep.c:3787 [inline]
       __lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
       lock_acquire+0x2c0/0x89c kernel/locking/lockdep.c:5622
       down_write+0x110/0x260 kernel/locking/rwsem.c:1541
       inode_lock include/linux/fs.h:787 [inline]
       hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175
       call_mmap include/linux/fs.h:2106 [inline]
       mmap_region+0xcb4/0x12f0 mm/mmap.c:1791
       do_mmap+0x6c0/0xcec mm/mmap.c:1575
       vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:551
       ksys_mmap_pgoff+0x4c8/0x668 mm/mmap.c:1624
       __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
       __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
       __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
       el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
       el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
       el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
       el0t_64_sync+0x1a0/0x1a4 <unknown>:584

other info that might help us debug this:

Chain exists of:
  &sb->s_type->i_mutex_key#19 --> &cpuset_rwsem --> &mm->mmap_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_lock);
                               lock(&cpuset_rwsem);
                               lock(&mm->mmap_lock);
  lock(&sb->s_type->i_mutex_key#19);

 *** DEADLOCK ***

1 lock held by syz-executor404/4054:
 #0: ffff0000d5961258 (&mm->mmap_lock){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
 #0: ffff0000d5961258 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x15c/0x2b4 mm/util.c:549

stack backtrace:
CPU: 1 PID: 4054 Comm: syz-executor404 Not tainted 5.15.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2011
 check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2133
 check_prev_add kernel/locking/lockdep.c:3053 [inline]
 check_prevs_add kernel/locking/lockdep.c:3172 [inline]
 validate_chain kernel/locking/lockdep.c:3787 [inline]
 __lock_acquire+0x32cc/0x7620 kernel/locking/lockdep.c:5011
 lock_acquire+0x2c0/0x89c kernel/locking/lockdep.c:5622
 down_write+0x110/0x260 kernel/locking/rwsem.c:1541
 inode_lock include/linux/fs.h:787 [inline]
 hugetlbfs_file_mmap+0x298/0x4c0 fs/hugetlbfs/inode.c:175
 call_mmap include/linux/fs.h:2106 [inline]
 mmap_region+0xcb4/0x12f0 mm/mmap.c:1791
 do_mmap+0x6c0/0xcec mm/mmap.c:1575
 vm_mmap_pgoff+0x1a4/0x2b4 mm/util.c:551
 ksys_mmap_pgoff+0x4c8/0x668 mm/mmap.c:1624
 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline]
 __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline]
 __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 <unknown>:584

Crashes (242):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/03/14 21:51 linux-5.15.y 2ddbd0f967b3 0d5c4377 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/04/01 06:11 linux-5.15.y c957cbb87315 f325deb0 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in hugetlbfs_file_mmap
2023/07/27 00:16 linux-5.15.y 5c6a716301d9 41fe1bae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in hugetlbfs_file_mmap
2023/04/11 17:07 linux-5.15.y d86dfc4d95cd 49faf98d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in hugetlbfs_file_mmap
2023/03/10 08:10 linux-5.15.y d9b4a0c83a2d 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan possible deadlock in hugetlbfs_file_mmap
2023/07/24 09:41 linux-5.15.y cdd3cdb682f4 b03242d7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/22 11:09 linux-5.15.y d54cfc420586 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/21 20:17 linux-5.15.y d54cfc420586 abdf9bae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/21 17:23 linux-5.15.y d54cfc420586 abdf9bae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/21 09:02 linux-5.15.y d54cfc420586 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/21 06:34 linux-5.15.y d54cfc420586 28847498 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/20 00:54 linux-5.15.y d54cfc420586 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/18 16:19 linux-5.15.y d54cfc420586 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/14 23:56 linux-5.15.y d54cfc420586 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/14 07:23 linux-5.15.y d54cfc420586 d624500f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/07/13 23:03 linux-5.15.y d54cfc420586 55eda22f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/06/14 02:14 linux-5.15.y 7349e40704a0 d2ee9228 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/06/09 10:05 linux-5.15.y 7349e40704a0 058b3a5a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/06/02 02:56 linux-5.15.y 0ab06468cbd1 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/31 07:48 linux-5.15.y 0ab06468cbd1 09898419 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/31 01:30 linux-5.15.y 0ab06468cbd1 df37c7f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/30 20:57 linux-5.15.y 0ab06468cbd1 df37c7f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/26 06:53 linux-5.15.y 1fe619a7d252 b40ef614 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/19 21:42 linux-5.15.y 9d6bde853685 96689200 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/18 03:49 linux-5.15.y 9d6bde853685 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/17 11:46 linux-5.15.y 9d6bde853685 eaac4681 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/16 23:12 linux-5.15.y b0ece631f84a 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/16 19:44 linux-5.15.y b0ece631f84a 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/16 16:18 linux-5.15.y b0ece631f84a 11c89444 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/15 16:36 linux-5.15.y b0ece631f84a c4d362e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/15 14:33 linux-5.15.y b0ece631f84a c4d362e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/13 14:50 linux-5.15.y b0ece631f84a 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/13 09:15 linux-5.15.y b0ece631f84a 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/12 20:27 linux-5.15.y b0ece631f84a ecca8a24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/12 16:12 linux-5.15.y b0ece631f84a ecca8a24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/12 04:13 linux-5.15.y b0ece631f84a adb9a3cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/11 20:41 linux-5.15.y b0ece631f84a adb9a3cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/11 06:03 linux-5.15.y 8a7f2a5c5aa1 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/10 17:39 linux-5.15.y 8a7f2a5c5aa1 14b12a99 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/10 11:27 linux-5.15.y 8a7f2a5c5aa1 14b12a99 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/08 23:58 linux-5.15.y 8a7f2a5c5aa1 c7a5e2a0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/06 20:10 linux-5.15.y 8a7f2a5c5aa1 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/06 16:16 linux-5.15.y 8a7f2a5c5aa1 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/05 23:15 linux-5.15.y 8a7f2a5c5aa1 de870ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/04 16:41 linux-5.15.y 8a7f2a5c5aa1 518a39a6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/03 17:32 linux-5.15.y 8a7f2a5c5aa1 b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
2023/05/03 08:13 linux-5.15.y 8a7f2a5c5aa1 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 possible deadlock in hugetlbfs_file_mmap
* Struck through repros no longer work on HEAD.