syzbot


possible deadlock in path_openat

Status: upstream: reported C repro on 2019/06/15 07:08
Reported-by: syzbot+3e0f3da7c22a27616691@syzkaller.appspotmail.com
First crash: 1324d, last: 39d
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in path_openat C done unreliable 349 1032d 1586d 0/24 auto-obsoleted due to no activity on 2022/09/16 21:43
android-49 possible deadlock in path_openat 5 1161d 1176d 0/3 auto-closed as invalid on 2020/03/24 08:43
upstream possible deadlock in path_openat (2) reiserfs C error 31 12d 110d 0/24 upstream: reported C repro on 2022/10/11 06:35
linux-4.14 possible deadlock in path_openat C error 324 114d 1376d 0/1 upstream: reported C repro on 2019/04/24 01:40

Sample crash report:
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
REISERFS (device loop0): Using rupasov hash to sort names
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor354/8116 is trying to acquire lock:
000000007f2605d2 (&type->i_mutex_dir_key#7){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
000000007f2605d2 (&type->i_mutex_dir_key#7){+.+.}, at: do_last fs/namei.c:3324 [inline]
000000007f2605d2 (&type->i_mutex_dir_key#7){+.+.}, at: path_openat+0x1071/0x2df0 fs/namei.c:3537

but task is already holding lock:
0000000026aeeee5 (sb_writers#11){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
0000000026aeeee5 (sb_writers#11){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #2 (sb_writers#11){.+.+}:
       sb_start_write include/linux/fs.h:1579 [inline]
       mnt_want_write_file+0x63/0x1d0 fs/namespace.c:418
       reiserfs_ioctl+0x1a7/0x9a0 fs/reiserfs/ioctl.c:110
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:501 [inline]
       do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
       ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
       __do_sys_ioctl fs/ioctl.c:712 [inline]
       __se_sys_ioctl fs/ioctl.c:710 [inline]
       __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #1 (&sbi->lock){+.+.}:
       reiserfs_write_lock+0x75/0xf0 fs/reiserfs/lock.c:27
       reiserfs_lookup+0x171/0x490 fs/reiserfs/namei.c:363
       __lookup_slow+0x246/0x4a0 fs/namei.c:1672
       lookup_one_len+0x163/0x190 fs/namei.c:2544
       reiserfs_lookup_privroot+0x92/0x280 fs/reiserfs/xattr.c:970
       reiserfs_fill_super+0x1f12/0x2d80 fs/reiserfs/super.c:2187
       mount_bdev+0x2fc/0x3b0 fs/super.c:1158
       mount_fs+0xa3/0x310 fs/super.c:1261
       vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
       vfs_kern_mount fs/namespace.c:951 [inline]
       do_new_mount fs/namespace.c:2492 [inline]
       do_mount+0x115c/0x2f50 fs/namespace.c:2822
       ksys_mount+0xcf/0x130 fs/namespace.c:3038
       __do_sys_mount fs/namespace.c:3052 [inline]
       __se_sys_mount fs/namespace.c:3049 [inline]
       __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&type->i_mutex_dir_key#7){+.+.}:
       down_write+0x34/0x90 kernel/locking/rwsem.c:70
       inode_lock include/linux/fs.h:748 [inline]
       do_last fs/namei.c:3324 [inline]
       path_openat+0x1071/0x2df0 fs/namei.c:3537
       do_filp_open+0x18c/0x3f0 fs/namei.c:3567
       do_sys_open+0x3b3/0x520 fs/open.c:1085
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

Chain exists of:
  &type->i_mutex_dir_key#7 --> &sbi->lock --> sb_writers#11

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(sb_writers#11);
                               lock(&sbi->lock);
                               lock(sb_writers#11);
  lock(&type->i_mutex_dir_key#7);

 *** DEADLOCK ***

1 lock held by syz-executor354/8116:
 #0: 0000000026aeeee5 (sb_writers#11){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 0000000026aeeee5 (sb_writers#11){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360

stack backtrace:
CPU: 1 PID: 8116 Comm: syz-executor354 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 down_write+0x34/0x90 kernel/locking/rwsem.c:70
 inode_lock include/linux/fs.h:748 [inline]
 do_last fs/namei.c:3324 [inline]
 path_openat+0x1071/0x2df0 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fbd0927a8a9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc36923f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbd0927a8a9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 0000000000000000 R08: 00007fbd092e8ec0 R09: 00007fbd092e8ec0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc36923f60
R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-linux-4-19 2020/12/09 22:29 linux-4.19.y 4abf26854aad ff4a3345 .config console log report syz C
* Struck through repros no longer work on HEAD.
Crashes (856):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-linux-4-19 2022/10/05 16:20 linux-4.19.y 3f8a27f9e27b 267e3bb1 .config console log report syz C [disk image] [vmlinux] [mounted in repro] possible deadlock in path_openat
ci2-linux-4-19 2020/10/21 06:39 linux-4.19.y ad326970d25c ff4a3345 .config console log report syz C
ci2-linux-4-19 2022/03/12 08:11 linux-4.19.y 3f8a27f9e27b 9e8eaa75 .config console log report syz possible deadlock in path_openat
ci2-linux-4-19 2022/12/21 06:29 linux-4.19.y 3f8a27f9e27b d3e76707 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/12/20 09:43 linux-4.19.y 3f8a27f9e27b c52b2efb .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/12/10 03:31 linux-4.19.y 3f8a27f9e27b 67be1ae7 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/11/19 16:04 linux-4.19.y 3f8a27f9e27b 5bb70014 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/11/16 07:11 linux-4.19.y 3f8a27f9e27b 3a127a31 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/11/14 02:31 linux-4.19.y 3f8a27f9e27b 7ba4d859 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/11/12 12:38 linux-4.19.y 3f8a27f9e27b f42ee5d8 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/11/07 05:27 linux-4.19.y 3f8a27f9e27b 6d752409 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/10/26 00:48 linux-4.19.y 3f8a27f9e27b 2159e4d2 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/10/23 16:20 linux-4.19.y 3f8a27f9e27b 23bf86af .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/10/17 20:35 linux-4.19.y 3f8a27f9e27b 94744d21 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/10/07 08:09 linux-4.19.y 3f8a27f9e27b 80b58a42 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/10/03 19:57 linux-4.19.y 3f8a27f9e27b feb56351 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/26 13:27 linux-4.19.y 3f8a27f9e27b d59ba983 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/26 02:20 linux-4.19.y 3f8a27f9e27b 0042f2b4 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/23 10:02 linux-4.19.y 3f8a27f9e27b 0042f2b4 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/22 21:34 linux-4.19.y 3f8a27f9e27b 0042f2b4 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/22 08:23 linux-4.19.y 3f8a27f9e27b 60af5050 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/16 22:21 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/16 14:08 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/15 16:45 linux-4.19.y 3f8a27f9e27b dd9a85ff .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/09/14 02:37 linux-4.19.y 3f8a27f9e27b b884348d .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/12 12:37 linux-4.19.y 3f8a27f9e27b 356d8217 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/11 12:26 linux-4.19.y 3f8a27f9e27b 356d8217 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/08 21:43 linux-4.19.y 3f8a27f9e27b f3027468 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/08 15:22 linux-4.19.y 3f8a27f9e27b f3027468 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/09/01 22:10 linux-4.19.y 3f8a27f9e27b 86c46e46 .config console log report info [disk image] [vmlinux] possible deadlock in path_openat
ci2-linux-4-19 2022/08/23 23:19 linux-4.19.y 3f8a27f9e27b cea8b0f7 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/21 18:41 linux-4.19.y 3f8a27f9e27b 26a13b38 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/15 11:41 linux-4.19.y 3f8a27f9e27b 8dfcaa3d .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/15 07:49 linux-4.19.y 3f8a27f9e27b 8dfcaa3d .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/13 22:15 linux-4.19.y 3f8a27f9e27b 8dfcaa3d .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/11 18:45 linux-4.19.y 3f8a27f9e27b 787ed7e0 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/09 09:10 linux-4.19.y 3f8a27f9e27b da700653 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/07 13:46 linux-4.19.y 3f8a27f9e27b 88e3a122 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/07 09:50 linux-4.19.y 3f8a27f9e27b 88e3a122 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/05 15:25 linux-4.19.y 3f8a27f9e27b a65a7ce9 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/04 22:04 linux-4.19.y 3f8a27f9e27b 1c9013ac .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/03 15:28 linux-4.19.y 3f8a27f9e27b 1c9013ac .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/01 23:41 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/01 04:13 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/08/01 02:52 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/07/31 10:05 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/07/30 23:57 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/07/30 15:38 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/07/30 07:35 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2022/07/30 06:09 linux-4.19.y 3f8a27f9e27b fef302b1 .config console log report info possible deadlock in path_openat
ci2-linux-4-19 2021/01/16 05:26 linux-4.19.y 675cc038067f 65a7a854 .config console log report info
ci2-linux-4-19 2019/06/15 06:07 linux-4.19.y 768292d05361 442206d7 .config console log report
* Struck through repros no longer work on HEAD.