| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <671073db.050a0220.d9b66.0177.GAE@google.com>
Date: Wed, 16 Oct 2024 19:18:03 -0700
From: syzbot <syzbot+ca440b457d21568f8021@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, lizhi.xu@...driver.com,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [ocfs2?] possible deadlock in ocfs2_fiemap
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in ocfs2_fiemap
option from the mount to silence this warning.
=======================================================
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
======================================================
WARNING: possible circular locking dependency detected
6.12.0-rc3-syzkaller-00087-gc964ced77262-dirty #0 Not tainted
------------------------------------------------------
syz.0.15/6035 is trying to acquire lock:
ffff88807a5ee098 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0xaa/0x120 mm/memory.c:6700
but task is already holding lock:
ffff888071633f60 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_fiemap+0x377/0xf80 fs/ocfs2/extent_map.c:755
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&oi->ip_alloc_sem){++++}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
down_write+0x99/0x220 kernel/locking/rwsem.c:1577
ocfs2_page_mkwrite+0x1e9/0xed0 fs/ocfs2/mmap.c:139
do_page_mkwrite+0x198/0x480 mm/memory.c:3162
do_shared_fault mm/memory.c:5358 [inline]
do_fault mm/memory.c:5420 [inline]
do_pte_missing mm/memory.c:3965 [inline]
handle_pte_fault+0x11fa/0x6800 mm/memory.c:5751
__handle_mm_fault mm/memory.c:5894 [inline]
handle_mm_fault+0x1053/0x1ad0 mm/memory.c:6062
do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
handle_page_fault arch/x86/mm/fault.c:1481 [inline]
exc_page_fault+0x2b9/0x8c0 arch/x86/mm/fault.c:1539
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
-> #0 (&mm->mmap_lock){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__might_fault+0xc6/0x120 mm/memory.c:6700
_inline_copy_to_user include/linux/uaccess.h:183 [inline]
_copy_to_user+0x2a/0xb0 lib/usercopy.c:26
copy_to_user include/linux/uaccess.h:216 [inline]
fiemap_fill_next_extent+0x235/0x410 fs/ioctl.c:145
ocfs2_fiemap+0x9f1/0xf80 fs/ocfs2/extent_map.c:796
ioctl_fiemap fs/ioctl.c:220 [inline]
do_vfs_ioctl+0x1bf8/0x2e40 fs/ioctl.c:841
__do_sys_ioctl fs/ioctl.c:905 [inline]
__se_sys_ioctl+0x81/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
rlock(&oi->ip_alloc_sem);
lock(&mm->mmap_lock);
lock(&oi->ip_alloc_sem);
rlock(&mm->mmap_lock);
*** DEADLOCK ***
1 lock held by syz.0.15/6035:
#0: ffff888071633f60 (&oi->ip_alloc_sem){++++}-{3:3}, at: ocfs2_fiemap+0x377/0xf80 fs/ocfs2/extent_map.c:755
stack backtrace:
CPU: 1 UID: 0 PID: 6035 Comm: syz.0.15 Not tainted 6.12.0-rc3-syzkaller-00087-gc964ced77262-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904
__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825
__might_fault+0xc6/0x120 mm/memory.c:6700
_inline_copy_to_user include/linux/uaccess.h:183 [inline]
_copy_to_user+0x2a/0xb0 lib/usercopy.c:26
copy_to_user include/linux/uaccess.h:216 [inline]
fiemap_fill_next_extent+0x235/0x410 fs/ioctl.c:145
ocfs2_fiemap+0x9f1/0xf80 fs/ocfs2/extent_map.c:796
ioctl_fiemap fs/ioctl.c:220 [inline]
do_vfs_ioctl+0x1bf8/0x2e40 fs/ioctl.c:841
__do_sys_ioctl fs/ioctl.c:905 [inline]
__se_sys_ioctl+0x81/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f351397dff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f35147e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f3513b35f80 RCX: 00007f351397dff9
RDX: 00000000200001c0 RSI: 00000000c020660b RDI: 0000000000000005
RBP: 00007f35139f0296 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f3513b35f80 R15: 00007ffef5debf08
</TASK>
Tested on:
commit: c964ced7 Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14483030580000
kernel config: https://syzkaller.appspot.com/x/.config?x=164d2822debd8b0d
dashboard link: https://syzkaller.appspot.com/bug?extid=ca440b457d21568f8021
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=12bdf727980000
Powered by blists - more mailing lists