syzbot


possible deadlock in seq_read

Status: upstream: reported C repro on 2019/08/05 16:40
Reported-by: syzbot+f54e3f04854769438c51@syzkaller.appspotmail.com
First crash: 1957d, last: 687d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in seq_read (2) 1 954d 954d 0/1 auto-obsoleted due to no activity on 2022/09/01 16:45
linux-4.14 possible deadlock in seq_read 144 1320d 1995d 0/1 auto-closed as invalid on 2021/08/31 02:48
android-44 possible deadlock in seq_read C 632 1837d 2073d 0/2 public: reported C repro on 2019/04/11 08:44
android-49 possible deadlock in seq_read C 56124 1836d 2073d 1/3 public: reported C repro on 2019/04/12 00:00
upstream possible deadlock in seq_read (2) overlayfs C done error 95 1534d 2070d 0/28 auto-obsoleted due to no activity on 2022/09/24 20:28
upstream possible deadlock in seq_read fs C 19074 2079d 2569d 12/28 fixed on 2019/04/12 08:05
android-414 possible deadlock in seq_read C 1737 1927d 2074d 0/1 public: reported C repro on 2019/04/11 00:00
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2021/11/25 10:35 11m bisect fix linux-4.19.y error job log
2020/05/11 22:29 40m bisect fix linux-4.19.y OK (0) job log log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
4.19.204-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor210/11499 is trying to acquire lock:
000000000a71b458 (&p->lock){+.+.}, at: seq_read+0x6b/0x11c0 fs/seq_file.c:164

but task is already holding lock:
000000006c872fb1 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline]
000000006c872fb1 (sb_writers#3){.+.+}, at: do_sendfile+0x97d/0xc30 fs/read_write.c:1446

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (sb_writers#3){.+.+}:
       sb_start_write include/linux/fs.h:1579 [inline]
       mnt_want_write+0x3a/0xb0 fs/namespace.c:360
       ovl_create_object+0x96/0x290 fs/overlayfs/dir.c:600
       lookup_open+0x893/0x1a20 fs/namei.c:3235
       do_last fs/namei.c:3327 [inline]
       path_openat+0x1094/0x2df0 fs/namei.c:3537
       do_filp_open+0x18c/0x3f0 fs/namei.c:3567
       do_sys_open+0x3b3/0x520 fs/open.c:1085
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #2 (&ovl_i_mutex_dir_key[depth]){++++}:
       inode_lock_shared include/linux/fs.h:758 [inline]
       do_last fs/namei.c:3326 [inline]
       path_openat+0x17ec/0x2df0 fs/namei.c:3537
       do_filp_open+0x18c/0x3f0 fs/namei.c:3567
       do_open_execat+0x11d/0x5b0 fs/exec.c:853
       __do_execve_file+0x1a8b/0x2360 fs/exec.c:1770
       do_execveat_common fs/exec.c:1879 [inline]
       do_execve+0x35/0x50 fs/exec.c:1896
       __do_sys_execve fs/exec.c:1977 [inline]
       __se_sys_execve fs/exec.c:1972 [inline]
       __x64_sys_execve+0x7c/0xa0 fs/exec.c:1972
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (&sig->cred_guard_mutex){+.+.}:
       lock_trace fs/proc/base.c:402 [inline]
       proc_pid_stack+0x160/0x350 fs/proc/base.c:452
       proc_single_show+0xeb/0x170 fs/proc/base.c:755
       seq_read+0x4e0/0x11c0 fs/seq_file.c:232
       do_loop_readv_writev fs/read_write.c:701 [inline]
       do_loop_readv_writev fs/read_write.c:688 [inline]
       do_iter_read+0x471/0x630 fs/read_write.c:925
       vfs_readv+0xe5/0x150 fs/read_write.c:987
       do_preadv fs/read_write.c:1071 [inline]
       __do_sys_preadv fs/read_write.c:1121 [inline]
       __se_sys_preadv fs/read_write.c:1116 [inline]
       __x64_sys_preadv+0x22b/0x310 fs/read_write.c:1116
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&p->lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:938 [inline]
       __mutex_lock+0xd7/0x1200 kernel/locking/mutex.c:1083
       seq_read+0x6b/0x11c0 fs/seq_file.c:164
       proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231
       do_loop_readv_writev fs/read_write.c:701 [inline]
       do_loop_readv_writev fs/read_write.c:688 [inline]
       do_iter_read+0x471/0x630 fs/read_write.c:925
       vfs_readv+0xe5/0x150 fs/read_write.c:987
       kernel_readv fs/splice.c:362 [inline]
       default_file_splice_read+0x457/0xa00 fs/splice.c:417
       do_splice_to+0x10e/0x160 fs/splice.c:881
       splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959
       do_splice_direct+0x1a7/0x270 fs/splice.c:1068
       do_sendfile+0x550/0xc30 fs/read_write.c:1447
       __do_sys_sendfile64 fs/read_write.c:1508 [inline]
       __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  &p->lock --> &ovl_i_mutex_dir_key[depth] --> sb_writers#3

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sb_writers#3);
                               lock(&ovl_i_mutex_dir_key[depth]);
                               lock(sb_writers#3);
  lock(&p->lock);

 *** DEADLOCK ***

1 lock held by syz-executor210/11499:
 #0: 000000006c872fb1 (sb_writers#3){.+.+}, at: file_start_write include/linux/fs.h:2779 [inline]
 #0: 000000006c872fb1 (sb_writers#3){.+.+}, at: do_sendfile+0x97d/0xc30 fs/read_write.c:1446

stack backtrace:
CPU: 0 PID: 11499 Comm: syz-executor210 Not tainted 4.19.204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __mutex_lock_common kernel/locking/mutex.c:938 [inline]
 __mutex_lock+0xd7/0x1200 kernel/locking/mutex.c:1083
 seq_read+0x6b/0x11c0 fs/seq_file.c:164
 proc_reg_read+0x1bd/0x2d0 fs/proc/inode.c:231
 do_loop_readv_writev fs/read_write.c:701 [inline]
 do_loop_readv_writev fs/read_write.c:688 [inline]
 do_iter_read+0x471/0x630 fs/read_write.c:925
 vfs_readv+0xe5/0x150 fs/read_write.c:987
 kernel_readv fs/splice.c:362 [inline]
 default_file_splice_read+0x457/0xa00 fs/splice.c:417
 do_splice_to+0x10e/0x160 fs/splice.c:881
 splice_direct_to_actor+0x2b9/0x8d0 fs/splice.c:959
 do_splice_direct+0x1a7/0x270 fs/splice.c:1068
 do_sendfile+0x550/0xc30 fs/read_write.c:1447
 __do_sys_sendfile64 fs/read_write.c:1508 [inline]
 __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44e369
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5e7fc50178 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00000000004cc4c8 RCX: 000000000044e369
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 00000000004cc4c0 R08: 0000000000000000 R09: 0000000000000000
R10: 4000000000010046 R11: 0000000000000246 R12: 00000000004cc4cc
R13: 00007ffd453d3eef R14: 00007f5e7fc50300 R15: 0000000000022000

Crashes (290):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/08/25 13:34 linux-4.19.y 59456c9cc40c b599f2fc .config console log report syz C ci2-linux-4-19 possible deadlock in seq_read
2021/08/03 13:23 linux-4.19.y 53bd76690e27 6c236867 .config console log report syz C ci2-linux-4-19 possible deadlock in seq_read
2021/07/18 17:43 linux-4.19.y fcfbdfe9626e f115ae98 .config console log report syz C ci2-linux-4-19 possible deadlock in seq_read
2021/05/01 07:07 linux-4.19.y 97a8651cadce 77e2b668 .config console log report syz C ci2-linux-4-19 possible deadlock in seq_read
2021/04/03 05:29 linux-4.19.y 2034d6f0838e 6a81331a .config console log report syz C ci2-linux-4-19 possible deadlock in seq_read
2021/07/25 06:03 linux-4.19.y 4938296e03bd 4d1b57d4 .config console log report syz ci2-linux-4-19 possible deadlock in seq_read
2020/08/21 03:53 linux-4.19.y a834132bd465 70160577 .config console log report syz ci2-linux-4-19
2020/08/10 03:19 linux-4.19.y 961f830af065 70301872 .config console log report syz ci2-linux-4-19
2020/04/11 22:29 linux-4.19.y dda0e2920330 a8c6a3f8 .config console log report syz ci2-linux-4-19
2020/03/25 11:29 linux-4.19.y 54b4fa6d3955 41f049cc .config console log report syz ci2-linux-4-19
2020/03/11 17:59 linux-4.19.y 569209711609 e103bc9e .config console log report syz ci2-linux-4-19
2023/01/26 20:25 linux-4.19.y 3f8a27f9e27b 9dfcf09c .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2023/01/19 09:50 linux-4.19.y 3f8a27f9e27b 66fca3ae .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2023/01/17 02:30 linux-4.19.y 3f8a27f9e27b a63719e7 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2023/01/15 23:12 linux-4.19.y 3f8a27f9e27b a63719e7 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/12/24 17:44 linux-4.19.y 3f8a27f9e27b 9da18ae8 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/11/19 13:57 linux-4.19.y 3f8a27f9e27b 5bb70014 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/23 10:48 linux-4.19.y 3f8a27f9e27b c0b80a55 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/19 08:23 linux-4.19.y 3f8a27f9e27b b31320fc .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/17 10:17 linux-4.19.y 3f8a27f9e27b 67cb024c .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/10 10:30 linux-4.19.y 3f8a27f9e27b aea5da89 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/06 12:24 linux-4.19.y 3f8a27f9e27b 2c6543ad .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/03 13:23 linux-4.19.y 3f8a27f9e27b feb56351 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/10/03 00:28 linux-4.19.y 3f8a27f9e27b feb56351 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/09/30 11:57 linux-4.19.y 3f8a27f9e27b 45fd7169 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/09/27 16:17 linux-4.19.y 3f8a27f9e27b 10323ddf .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/09/17 20:31 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in seq_read
2022/09/12 06:15 linux-4.19.y 3f8a27f9e27b 356d8217 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/28 00:14 linux-4.19.y 3f8a27f9e27b 07177916 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/27 23:09 linux-4.19.y 3f8a27f9e27b 07177916 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/24 04:30 linux-4.19.y 3f8a27f9e27b cea8b0f7 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/21 08:57 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/20 21:24 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/20 08:22 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/19 02:39 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/18 16:39 linux-4.19.y 3f8a27f9e27b d58e263f .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/08 08:28 linux-4.19.y 3f8a27f9e27b 88e3a122 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/01 12:23 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/01 05:53 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/08/01 02:39 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/30 13:40 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/29 04:28 linux-4.19.y 3f8a27f9e27b fb95c74d .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/26 17:18 linux-4.19.y 3f8a27f9e27b 279b89c2 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/25 19:07 linux-4.19.y 3f8a27f9e27b 664c519c .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/25 04:12 linux-4.19.y 3f8a27f9e27b 22343af4 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/24 19:01 linux-4.19.y 3f8a27f9e27b 22343af4 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/20 00:58 linux-4.19.y 3f8a27f9e27b 775344bc .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/14 12:26 linux-4.19.y 3f8a27f9e27b 5d921b08 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/10 08:43 linux-4.19.y 3f8a27f9e27b b5765a15 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/10 05:34 linux-4.19.y 3f8a27f9e27b b5765a15 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/09 15:40 linux-4.19.y 3f8a27f9e27b b5765a15 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/07 09:38 linux-4.19.y 3f8a27f9e27b bff65f44 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/07 07:06 linux-4.19.y 3f8a27f9e27b bff65f44 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/03 18:46 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/03 15:50 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/03 14:40 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/03 11:45 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/01 16:06 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/01 14:06 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/01 11:15 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/07/01 06:06 linux-4.19.y 3f8a27f9e27b 1434eec0 .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2022/06/26 06:12 linux-4.19.y 3f8a27f9e27b a371c43c .config console log report info ci2-linux-4-19 possible deadlock in seq_read
2021/01/17 09:48 linux-4.19.y 675cc038067f 65a7a854 .config console log report info ci2-linux-4-19
2019/08/05 15:39 linux-4.19.y b3060a1a313f 6affd8e8 .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.