From: syzbot <syzbot+edce54daffee36421b4c@syzkaller.appspotmail.com>
To: adilger.kernel@dilger.ca, dvyukov@google.com, jack@suse.cz,
linux-ext4@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
tytso@mit.edu
Subject: Re: [syzbot] [ext4?] possible deadlock in ext4_xattr_set_handle (3)
Date: Fri, 05 May 2023 14:48:48 -0700 [thread overview]
Message-ID: <0000000000000c53dd05faf94183@google.com> (raw)
In-Reply-To: <000000000000f6540d05f30bb23f@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 14f8db1c0f9a Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1663f338280000
kernel config: https://syzkaller.appspot.com/x/.config?x=a837a8ba7e88bb45
dashboard link: https://syzkaller.appspot.com/bug?extid=edce54daffee36421b4c
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17595ed4280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e85322280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ad6ce516eed3/disk-14f8db1c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1f38c2cc7667/vmlinux-14f8db1c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d795115eee39/Image-14f8db1c.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/092c100a5922/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+edce54daffee36421b4c@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback.
======================================================
WARNING: possible circular locking dependency detected
6.3.0-rc7-syzkaller-g14f8db1c0f9a #0 Not tainted
------------------------------------------------------
syz-executor392/5925 is trying to acquire lock:
ffff0000e0dbb2f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ffff0000e0dbb2f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2373
but task is already holding lock:
ffff0000e0dbb628 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
ffff0000e0dbb628 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:323
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}:
down_write+0x50/0xc0 kernel/locking/rwsem.c:1573
inode_lock include/linux/fs.h:758 [inline]
ext4_xattr_inode_create fs/ext4/xattr.c:1525 [inline]
ext4_xattr_inode_lookup_create fs/ext4/xattr.c:1608 [inline]
ext4_xattr_set_entry+0x2394/0x2c3c fs/ext4/xattr.c:1737
ext4_xattr_block_set+0x8e0/0x2cc4 fs/ext4/xattr.c:2043
ext4_xattr_set_handle+0xb2c/0x12d8 fs/ext4/xattr.c:2458
ext4_xattr_set+0x1e0/0x354 fs/ext4/xattr.c:2560
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x3d8/0x400 fs/xattr.c:203
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:237
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:298
vfs_setxattr+0x1a8/0x344 fs/xattr.c:324
do_setxattr fs/xattr.c:609 [inline]
setxattr+0x208/0x29c fs/xattr.c:632
path_setxattr+0x17c/0x258 fs/xattr.c:651
__do_sys_setxattr fs/xattr.c:667 [inline]
__se_sys_setxattr fs/xattr.c:663 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:663
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
-> #0 (&ei->xattr_sem){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x238/0x718 kernel/locking/lockdep.c:5669
down_write+0x50/0xc0 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2373
ext4_xattr_set+0x1e0/0x354 fs/ext4/xattr.c:2560
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x3d8/0x400 fs/xattr.c:203
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:237
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:298
vfs_setxattr+0x1a8/0x344 fs/xattr.c:324
do_setxattr fs/xattr.c:609 [inline]
setxattr+0x208/0x29c fs/xattr.c:632
path_setxattr+0x17c/0x258 fs/xattr.c:651
__do_sys_setxattr fs/xattr.c:667 [inline]
__se_sys_setxattr fs/xattr.c:663 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:663
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&ea_inode->i_rwsem#8/1);
lock(&ei->xattr_sem);
lock(&ea_inode->i_rwsem#8/1);
lock(&ei->xattr_sem);
*** DEADLOCK ***
2 locks held by syz-executor392/5925:
#0: ffff0000d80e6460 (sb_writers#3){.+.+}-{0:0}, at: mnt_want_write+0x44/0x9c fs/namespace.c:394
#1: ffff0000e0dbb628 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:758 [inline]
#1: ffff0000e0dbb628 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: vfs_setxattr+0x17c/0x344 fs/xattr.c:323
stack backtrace:
CPU: 1 PID: 5925 Comm: syz-executor392 Not tainted 6.3.0-rc7-syzkaller-g14f8db1c0f9a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
Call trace:
dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
dump_stack+0x1c/0x28 lib/dump_stack.c:113
print_circular_bug+0x150/0x1b8 kernel/locking/lockdep.c:2056
check_noncircular+0x2cc/0x378 kernel/locking/lockdep.c:2178
check_prev_add kernel/locking/lockdep.c:3098 [inline]
check_prevs_add kernel/locking/lockdep.c:3217 [inline]
validate_chain kernel/locking/lockdep.c:3832 [inline]
__lock_acquire+0x3338/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x238/0x718 kernel/locking/lockdep.c:5669
down_write+0x50/0xc0 kernel/locking/rwsem.c:1573
ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
ext4_xattr_set_handle+0x1e0/0x12d8 fs/ext4/xattr.c:2373
ext4_xattr_set+0x1e0/0x354 fs/ext4/xattr.c:2560
ext4_xattr_trusted_set+0x4c/0x64 fs/ext4/xattr_trusted.c:38
__vfs_setxattr+0x3d8/0x400 fs/xattr.c:203
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:237
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:298
vfs_setxattr+0x1a8/0x344 fs/xattr.c:324
do_setxattr fs/xattr.c:609 [inline]
setxattr+0x208/0x29c fs/xattr.c:632
path_setxattr+0x17c/0x258 fs/xattr.c:651
__do_sys_setxattr fs/xattr.c:667 [inline]
__se_sys_setxattr fs/xattr.c:663 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:663
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
prev parent reply other threads:[~2023-05-05 21:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 0:27 [syzbot] [ext4?] possible deadlock in ext4_xattr_set_handle (3) syzbot
2023-01-26 12:19 ` Jan Kara
2023-01-27 7:13 ` Dmitry Vyukov
2023-05-05 21:48 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000000c53dd05faf94183@google.com \
--to=syzbot+edce54daffee36421b4c@syzkaller.appspotmail.com \
--cc=adilger.kernel@dilger.ca \
--cc=dvyukov@google.com \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.