syzbot


possible deadlock in filemap_fault

Status: upstream: reported C repro on 2022/11/03 22:14
Subsystems: fat (incorrect?)
Reported-by: syzbot+7736960b837908f3a81d@syzkaller.appspotmail.com
First crash: 149d, last: 6h12m
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in filemap_fault 5 8h58m 11d 0/3 upstream: reported on 2023/03/17 21:43
linux-6.1 possible deadlock in filemap_fault 7 11h44m 13d 0/3 upstream: reported on 2023/03/15 12:26

Sample crash report:
exfat: Deprecated parameter 'utf8'
exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x207d53fc, utbl_chksum : 0xe619d30d)
======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0 Not tainted
------------------------------------------------------
syz-executor581/3072 is trying to acquire lock:
ffff0000caee1060 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
ffff0000caee1060 (mapping.invalidate_lock#3){.+.+}-{3:3}, at: filemap_fault+0x104/0x7fc mm/filemap.c:3127

but task is already holding lock:
ffff0000c02520c8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
ffff0000c02520c8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:589

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (&mm->mmap_lock){++++}-{3:3}:
       __might_fault+0x7c/0xb4 mm/memory.c:5645
       filldir64+0x1e8/0x574 fs/readdir.c:335
       dir_emit_dot include/linux/fs.h:3569 [inline]
       dir_emit_dots include/linux/fs.h:3580 [inline]
       exfat_iterate+0xd4/0xcb4 fs/exfat/dir.c:231
       iterate_dir+0x114/0x28c
       __do_sys_getdents64 fs/readdir.c:369 [inline]
       __se_sys_getdents64 fs/readdir.c:354 [inline]
       __arm64_sys_getdents64+0x80/0x204 fs/readdir.c:354
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

-> #1 (&sbi->s_lock){+.+.}-{3:3}:
       __mutex_lock_common+0xd4/0xca8 kernel/locking/mutex.c:603
       __mutex_lock kernel/locking/mutex.c:747 [inline]
       mutex_lock_nested+0x38/0x44 kernel/locking/mutex.c:799
       exfat_get_block+0x6c/0x9ec fs/exfat/inode.c:282
       do_mpage_readpage+0x474/0xd38 fs/mpage.c:208
       mpage_readahead+0xf0/0x1b8 fs/mpage.c:361
       exfat_readahead+0x28/0x38 fs/exfat/inode.c:345
       read_pages+0x8c/0x4f0 mm/readahead.c:161
       page_cache_ra_unbounded+0x374/0x400 mm/readahead.c:270
       do_page_cache_ra mm/readahead.c:300 [inline]
       page_cache_ra_order+0x348/0x380 mm/readahead.c:560
       ondemand_readahead+0x340/0x720 mm/readahead.c:682
       page_cache_sync_ra+0xc4/0xdc mm/readahead.c:709
       page_cache_sync_readahead include/linux/pagemap.h:1213 [inline]
       filemap_get_pages+0x118/0x598 mm/filemap.c:2581
       filemap_read+0x14c/0x6f4 mm/filemap.c:2675
       generic_file_read_iter+0x6c/0x25c mm/filemap.c:2821
       call_read_iter include/linux/fs.h:2193 [inline]
       aio_read+0x170/0x254 fs/aio.c:1560
       __io_submit_one+0x218/0x5e4
       io_submit_one+0x2c4/0x4bc fs/aio.c:2019
       __do_sys_io_submit+0x16c/0x2ac fs/aio.c:2078
       __se_sys_io_submit fs/aio.c:2048 [inline]
       __arm64_sys_io_submit+0x24/0x34 fs/aio.c:2048
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

-> #0 (mapping.invalidate_lock#3){.+.+}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3097 [inline]
       check_prevs_add kernel/locking/lockdep.c:3216 [inline]
       validate_chain kernel/locking/lockdep.c:3831 [inline]
       __lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
       lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
       down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
       filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
       filemap_fault+0x104/0x7fc mm/filemap.c:3127
       __do_fault+0x60/0x358 mm/memory.c:4202
       do_read_fault mm/memory.c:4553 [inline]
       do_fault+0x338/0x550 mm/memory.c:4682
       handle_pte_fault mm/memory.c:4954 [inline]
       __handle_mm_fault mm/memory.c:5096 [inline]
       handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
       __do_page_fault arch/arm64/mm/fault.c:508 [inline]
       do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
       do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
       do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
       el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
       el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
       el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
       do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]
       strncpy_from_user+0x1a8/0x3d8 lib/strncpy_from_user.c:139
       getname_flags+0x84/0x278 fs/namei.c:150
       getname+0x28/0x38 fs/namei.c:218
       do_sys_openat2+0x78/0x22c fs/open.c:1304
       do_sys_open fs/open.c:1326 [inline]
       __do_sys_openat fs/open.c:1342 [inline]
       __se_sys_openat fs/open.c:1337 [inline]
       __arm64_sys_openat+0xb0/0xe0 fs/open.c:1337
       __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
       invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
       el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
       do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
       el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
       el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

other info that might help us debug this:

Chain exists of:
  mapping.invalidate_lock#3 --> &sbi->s_lock --> &mm->mmap_lock

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&mm->mmap_lock);
                               lock(&sbi->s_lock);
                               lock(&mm->mmap_lock);
  lock(mapping.invalidate_lock#3);

 *** DEADLOCK ***

1 lock held by syz-executor581/3072:
 #0: ffff0000c02520c8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline]
 #0: ffff0000c02520c8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:589

stack backtrace:
CPU: 0 PID: 3072 Comm: syz-executor581 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
 dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2055
 check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2177
 check_prev_add kernel/locking/lockdep.c:3097 [inline]
 check_prevs_add kernel/locking/lockdep.c:3216 [inline]
 validate_chain kernel/locking/lockdep.c:3831 [inline]
 __lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
 down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
 filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
 filemap_fault+0x104/0x7fc mm/filemap.c:3127
 __do_fault+0x60/0x358 mm/memory.c:4202
 do_read_fault mm/memory.c:4553 [inline]
 do_fault+0x338/0x550 mm/memory.c:4682
 handle_pte_fault mm/memory.c:4954 [inline]
 __handle_mm_fault mm/memory.c:5096 [inline]
 handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
 __do_page_fault arch/arm64/mm/fault.c:508 [inline]
 do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
 do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
 do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
 el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
 do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]
 strncpy_from_user+0x1a8/0x3d8 lib/strncpy_from_user.c:139
 getname_flags+0x84/0x278 fs/namei.c:150
 getname+0x28/0x38 fs/namei.c:218
 do_sys_openat2+0x78/0x22c fs/open.c:1304
 do_sys_open fs/open.c:1326 [inline]
 __do_sys_openat fs/open.c:1342 [inline]
 __se_sys_openat fs/open.c:1337 [inline]
 __arm64_sys_openat+0xb0/0xe0 fs/open.c:1337
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584

Crashes (182):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-gce-arm64 2022/12/06 18:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a5541c0811a0 d88f3abb .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/29 03:19 upstream fcd476ea6a88 fc067f05 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/28 16:01 upstream 3a93e40326c8 47f3aaf1 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/28 10:50 upstream 3a93e40326c8 47f3aaf1 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/27 23:49 upstream 3a93e40326c8 47f3aaf1 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/27 17:14 upstream 197b6b60ae7b f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-kasan-gce-root 2023/03/27 10:46 upstream 197b6b60ae7b f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/26 22:46 upstream 18940c888c85 fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/26 13:07 upstream da8e7da11e4b fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/26 11:35 upstream da8e7da11e4b fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/26 05:47 upstream da8e7da11e4b fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-kasan-gce-selinux-root 2023/03/25 08:10 upstream 65aca32efdcb fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/24 10:12 upstream 1e760fa3596e f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/24 05:16 upstream 9fd6ba5420ba f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/23 18:21 upstream fff5a5e7f528 f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/21 02:50 upstream 7d31677bb7b1 7939252e .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/20 13:31 upstream e8d018dd0257 7939252e .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-kasan-gce-smack-root 2023/03/20 04:24 upstream 5cdfdd6da323 7939252e .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-kasan-gce-smack-root 2023/03/17 13:01 upstream 38e04b3e4240 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/15 00:17 upstream 4979bf866825 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/14 02:39 upstream fc89d7fb499b 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/13 07:28 upstream eeac8ede1755 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/05 02:17 upstream b01fe98d34f3 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/05 00:03 upstream 0988a0ea7919 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/04 08:04 upstream 0a3f9a6b0265 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/03 08:56 upstream 04a357b1f6f0 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci2-upstream-fs 2023/03/02 12:08 upstream ee3f96b16468 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/27 22:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e8d018dd0257 47f3aaf1 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/23 01:27 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/22 22:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e f94b4a29 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/22 12:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e d846e076 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/21 09:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 03fb9538 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/19 00:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 7939252e .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/15 12:43 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/14 12:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/14 11:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/14 09:20 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 0d5c4377 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/14 00:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/13 16:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 026e2200 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/12 23:45 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/11 07:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/10 20:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/10 09:59 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/10 07:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 5205ef30 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/08 20:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e 4fc6d98d .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/07 13:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e ffaa5c55 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/04 15:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 596b6b709632 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2023/03/03 02:18 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 596b6b709632 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] possible deadlock in filemap_fault
ci-upstream-gce-arm64 2022/10/30 22:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 2a71366b .config console log report info [disk image] [vmlinux] possible deadlock in filemap_fault
* Struck through repros no longer work on HEAD.