syzbot


possible deadlock in filemap_fault

Status: upstream: reported C repro on 2022/11/03 22:14
Subsystems: mm ntfs3
[Documentation on labels]
Reported-by: syzbot+7736960b837908f3a81d@syzkaller.appspotmail.com
First crash: 505d, last: 2d01h
Cause bisection: introduced by (bisect log) :
commit ad26a9c84510af7252e582e811de970433a9758f
Author: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Date: Fri Oct 7 17:08:06 2022 +0000

  fs/ntfs3: Fixing wrong logic in attr_set_size and ntfs_fallocate

Crash: possible deadlock in filemap_fault (log)
Repro: C syz .config
  
Discussions (12)
Title Replies (including bot) Last reply
[syzbot] Monthly mm report (Feb 2024) 0 (1) 2024/02/17 20:23
[syzbot] possible deadlock in filemap_fault 0 (3) 2024/01/04 02:02
[syzbot] Monthly ntfs3 report (Jan 2024) 0 (1) 2024/01/02 13:36
[syzbot] Monthly mm report (Dec 2023) 0 (1) 2023/12/18 10:47
[syzbot] Monthly ntfs3 report (Dec 2023) 0 (1) 2023/12/02 14:45
[syzbot] Monthly ntfs3 report (Oct 2023) 0 (1) 2023/11/01 10:13
[syzbot] Monthly ntfs3 report (Sep 2023) 0 (1) 2023/10/02 09:42
[syzbot] Monthly ntfs3 report (Aug 2023) 0 (1) 2023/08/30 12:45
[syzbot] Monthly fat report (Jul 2023) 3 (4) 2023/07/14 23:29
[syzbot] Monthly fat report (May 2023) 0 (1) 2023/05/31 12:40
[syzbot] Monthly fat report (Apr 2023) 0 (1) 2023/05/01 09:05
[syzbot] Monthly fat report 0 (1) 2023/03/30 10:28
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in filemap_fault 84 192d 367d 0/3 auto-obsoleted due to no activity on 2023/11/17 20:19
linux-6.1 possible deadlock in filemap_fault (2) 2 75d 87d 0/3 upstream: reported on 2023/12/22 21:26
linux-6.1 possible deadlock in filemap_fault 192 194d 369d 0/3 auto-obsoleted due to no activity on 2023/11/15 23:38
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/09/12 12:00 24m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2023/07/14 17:41 17m nogikh@google.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.7.0-rc8-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor220/5058 is trying to acquire lock:
ffff888079f273e0 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
ffff888079f273e0 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x646/0x1670 mm/filemap.c:3234

but task is already holding lock:
ffff8880275f9658 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:663 [inline]
ffff8880275f9658 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f6/0x6f0 mm/memory.c:5501

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #3 (&vma->vm_lock->lock){++++}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       down_write+0x3a/0x50 kernel/locking/rwsem.c:1579
       vma_start_write include/linux/mm.h:716 [inline]
       vma_link+0x2c9/0x540 mm/mmap.c:404
       insert_vm_struct+0x19f/0x260 mm/mmap.c:3378
       __bprm_mm_init fs/exec.c:281 [inline]
       bprm_mm_init fs/exec.c:383 [inline]
       alloc_bprm+0x4d5/0x900 fs/exec.c:1532
       kernel_execve+0x96/0xa20 fs/exec.c:1987
       call_usermodehelper_exec_async+0x233/0x370 kernel/umh.c:110
       ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
       ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242

-> #2 (&mm->mmap_lock){++++}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __might_fault+0xc1/0x120 mm/memory.c:5956
       _copy_to_user+0x2a/0xa0 lib/usercopy.c:36
       copy_to_user include/linux/uaccess.h:191 [inline]
       fiemap_fill_next_extent+0x235/0x410 fs/ioctl.c:145
       ni_fiemap+0xa5e/0x1230 fs/ntfs3/frecord.c:2065
       ntfs_fiemap+0x132/0x180 fs/ntfs3/file.c:1164
       ioctl_fiemap fs/ioctl.c:220 [inline]
       do_vfs_ioctl+0x19ea/0x2b40 fs/ioctl.c:811
       __do_sys_ioctl fs/ioctl.c:869 [inline]
       __se_sys_ioctl+0x81/0x170 fs/ioctl.c:857
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

-> #1 (&ni->file.run_lock#3){++++}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       down_read+0xb1/0xa40 kernel/locking/rwsem.c:1526
       attr_data_get_block+0x2e7/0x2da0 fs/ntfs3/attrib.c:902
       ntfs_get_block_vbo+0x36a/0xd00 fs/ntfs3/inode.c:589
       do_mpage_readpage+0x90c/0x1f60 fs/mpage.c:233
       mpage_read_folio+0x108/0x1d0 fs/mpage.c:399
       filemap_read_folio+0x19c/0x780 mm/filemap.c:2323
       filemap_fault+0xea8/0x1670 mm/filemap.c:3334
       __do_fault+0x133/0x4e0 mm/memory.c:4266
       do_shared_fault mm/memory.c:4693 [inline]
       do_fault mm/memory.c:4767 [inline]
       do_pte_missing mm/memory.c:3731 [inline]
       handle_pte_fault mm/memory.c:5039 [inline]
       __handle_mm_fault mm/memory.c:5180 [inline]
       handle_mm_fault+0x21e9/0x6680 mm/memory.c:5345
       do_user_addr_fault arch/x86/mm/fault.c:1364 [inline]
       handle_page_fault arch/x86/mm/fault.c:1505 [inline]
       exc_page_fault+0x456/0x870 arch/x86/mm/fault.c:1561
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570

-> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       down_read+0xb1/0xa40 kernel/locking/rwsem.c:1526
       filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
       filemap_fault+0x646/0x1670 mm/filemap.c:3234
       __do_fault+0x133/0x4e0 mm/memory.c:4266
       do_shared_fault mm/memory.c:4693 [inline]
       do_fault mm/memory.c:4767 [inline]
       do_pte_missing mm/memory.c:3731 [inline]
       handle_pte_fault mm/memory.c:5039 [inline]
       __handle_mm_fault mm/memory.c:5180 [inline]
       handle_mm_fault+0x21e9/0x6680 mm/memory.c:5345
       do_user_addr_fault arch/x86/mm/fault.c:1364 [inline]
       handle_page_fault arch/x86/mm/fault.c:1505 [inline]
       exc_page_fault+0x456/0x870 arch/x86/mm/fault.c:1561
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570

other info that might help us debug this:

Chain exists of:
  mapping.invalidate_lock#3 --> &mm->mmap_lock --> &vma->vm_lock->lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  rlock(&vma->vm_lock->lock);
                               lock(&mm->mmap_lock);
                               lock(&vma->vm_lock->lock);
  rlock(mapping.invalidate_lock#3);

 *** DEADLOCK ***

1 lock held by syz-executor220/5058:
 #0: ffff8880275f9658 (&vma->vm_lock->lock){++++}-{3:3}, at: vma_start_read include/linux/mm.h:663 [inline]
 #0: ffff8880275f9658 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f6/0x6f0 mm/memory.c:5501

stack backtrace:
CPU: 1 PID: 5058 Comm: syz-executor220 Not tainted 6.7.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x366/0x490 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
 down_read+0xb1/0xa40 kernel/locking/rwsem.c:1526
 filemap_invalidate_lock_shared include/linux/fs.h:857 [inline]
 filemap_fault+0x646/0x1670 mm/filemap.c:3234
 __do_fault+0x133/0x4e0 mm/memory.c:4266
 do_shared_fault mm/memory.c:4693 [inline]
 do_fault mm/memory.c:4767 [inline]
 do_pte_missing mm/memory.c:3731 [inline]
 handle_pte_fault mm/memory.c:5039 [inline]
 __handle_mm_fault mm/memory.c:5180 [inline]
 handle_mm_fault+0x21e9/0x6680 mm/memory.c:5345
 do_user_addr_fault arch/x86/mm/fault.c:1364 [inline]
 handle_page_fault arch/x86/mm/fault.c:1505 [inline]
 exc_page_fault+0x456/0x870 arch/x86/mm/fault.c:1561
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f704f02989f
Code: a7 c5 09 00 0f 11 04 25 89 00 00 20 48 8b 35 78 a8 0c 00 e8 53 42 03 00 b8 33 00 00 00 48 89 ee 31 d2 66 0f 6f 05 21 c5 09 00 <66> 89 04 25 44 f7 01 20 bf 10 10 00 20 48 b8 2e 2f 66 69 6c 65 32
RSP: 002b:00007fff6a612e00 EFLAGS: 00010246
RAX: 0000000000000033 RBX: 00007f704f0a6066 RCX: 00007f704f05daf9
RDX: 0000000000000000 RSI: 00007f704f0a604b RDI: 0000000000000004
RBP: 00007f704f0a604b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f704f0a6510
R13: 00007f704f0a6055 R14: 23f2bfc581b02e40 R15: ad9a13bd00000000
 </TASK>

Crashes (657):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/03 08:06 upstream 610a9b8f49fb fb427a07 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in filemap_fault
2022/12/06 18:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 d88f3abb .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 possible deadlock in filemap_fault
2024/03/11 06:08 upstream fa4b851b4ad6 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/10 13:13 upstream 005f6f34bd47 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/10 09:14 upstream 005f6f34bd47 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/09 19:37 upstream 09e5c48fea17 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/09 03:17 upstream 10d48d70e82d 8e75c913 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/08 03:46 upstream 3aaa8ce7a335 cf82cde1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/07 19:04 upstream 135288b73cef 2b789849 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/06 04:16 upstream 29cd507cbec2 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/06 01:42 upstream 29cd507cbec2 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/05 12:00 upstream 90d35da658da 5fc53669 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/03 05:42 upstream 04b8076df253 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/01 22:18 upstream 17ba56605bfd 83acf9e0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/01 13:46 upstream 87adedeba51a 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/03/01 00:53 upstream 805d849d7c3c 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/29 14:30 upstream 805d849d7c3c 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/29 00:24 upstream e326df53af00 352ab904 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/28 11:18 upstream cf1182944c7c d367cbe5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/26 18:57 upstream d206a76d7d27 da36a36b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/26 08:51 upstream 70ff1fe626a1 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/26 06:01 upstream 70ff1fe626a1 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/23 20:10 upstream ffd2cb6b718e 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/21 18:49 upstream 39133352cbed 345111b5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/21 11:43 upstream 9fc1ccccfd8d 3af7dd65 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/20 22:10 upstream fca7526b7d89 3af7dd65 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/20 08:11 upstream b401b621758e 3af7dd65 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/19 17:04 upstream b401b621758e 3af7dd65 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in filemap_fault
2024/02/17 05:42 upstream 0f1dd5e91e2b 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/16 04:44 upstream 4f5e5092fdbf 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/15 21:36 upstream 4f5e5092fdbf fd39cf6f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/15 16:26 upstream 8d3dea210042 fd39cf6f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/15 06:26 upstream 8d3dea210042 d9b1cdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/15 01:44 upstream 8d3dea210042 d9b1cdd5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/14 10:46 upstream 7e90b5c295ec d902085f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in filemap_fault
2024/02/12 17:14 upstream 841c35169323 77b23aa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/05 10:35 upstream 54be6c6c5ae8 e23e8c20 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/05 00:30 upstream 54be6c6c5ae8 a67b2c42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in filemap_fault
2024/02/03 06:03 upstream 56897d51886f 60bf9982 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/03 01:42 upstream 021533194476 60bf9982 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/02 16:34 upstream 021533194476 60bf9982 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/02 13:48 upstream 021533194476 d61103fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/02 12:02 upstream 5c24e4e9e708 d61103fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/01 20:37 upstream 6764c317b6bb 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in filemap_fault
2024/02/01 19:21 upstream 5c24e4e9e708 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/01 17:36 upstream 6764c317b6bb 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/01 11:36 upstream 6764c317b6bb 81024119 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/02/01 09:24 upstream 1bbb19b6eb1b 373b66cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in filemap_fault
2024/01/31 18:17 upstream 1bbb19b6eb1b 373b66cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/01/31 00:30 upstream 2a6526c4f389 7f400fcb .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2024/01/27 09:03 upstream 168174d78157 cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in filemap_fault
2023/10/12 15:49 upstream 401644852d0b 1b231e3c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in filemap_fault
2023/10/06 12:57 upstream b78b18fb8ee1 db17ad9f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64 possible deadlock in filemap_fault
2023/08/21 19:28 upstream f7757129e3de 6b415825 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in filemap_fault
2023/06/11 00:01 upstream 022ce8862dff 49519f06 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in filemap_fault
2024/01/21 05:02 linux-next ad5c60d66016 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in filemap_fault
2024/03/17 06:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 707081b61156 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in filemap_fault
2024/03/14 14:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 707081b61156 f919f202 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in filemap_fault
2023/11/09 19:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8de1e7afcc1c 56230772 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in filemap_fault
2022/10/30 22:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 2a71366b .config console log report info [disk image] [vmlinux] ci-upstream-gce-arm64 possible deadlock in filemap_fault
* Struck through repros no longer work on HEAD.