[v5.15] WARNING: locking bug in ext4_ioctl
1 view
Skip to first unread message
syzbot
Jun 10, 2023, 2:48:53 AM6/10/23
Hello,
syzbot found the following issue on:
HEAD commit: 7349e40704a0 Linux 5.15.116
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a3c395280000
kernel config: https://syzkaller.appspot.com/x/.config?x=831c3122ac9c9145
dashboard link: https://syzkaller.appspot.com/bug?extid=78e78ea5632a74486fbb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c03c3ad4501/disk-7349e407.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/350c3d79bc87/vmlinux-7349e407.xz
kernel image: https://storage.googleapis.com/syzbot-assets/73a4ed3d5438/bzImage-7349e407.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value
fuse: Bad value for 'fd'
------------[ cut here ]------------
WARNING: CPU: 1 PID: 27803 at kernel/locking/lockdep.c:896 look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Modules linked in:
CPU: 1 PID: 27803 Comm: syz-executor.4 Not tainted 5.15.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Code: 00 48 85 db 74 4c 4c 39 7b 40 74 05 48 8b 1b eb eb 48 8b 83 b0 00 00 00 49 3b 46 18 74 36 48 c7 c0 00 b0 a8 8f 49 39 06 74 2a <0f> 0b eb 26 e8 e7 15 e8 f9 48 c7 c7 60 1d 8b 8a 89 de e8 a2 d5 fe
RSP: 0018:ffffc900043bf630 EFLAGS: 00010002
RAX: ffffffff8fa8b000 RBX: ffffffff8f959580 RCX: ffff888075c1bb80
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff88801bfd4840
RBP: ffffc900043bf730 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff92000877ed4 R14: ffff88801bfd4840 R15: ffffffff914eb081
FS: 00007f56560dd700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5657bfff70 CR3: 0000000031546000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
register_lock_class+0x100/0x9a0 kernel/locking/lockdep.c:1245
__lock_acquire+0xd7/0x1ff0 kernel/locking/lockdep.c:4890
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5622
down_write_nested+0xa0/0x180 kernel/locking/rwsem.c:1657
swap_inode_boot_loader fs/ext4/ioctl.c:176 [inline]
__ext4_ioctl fs/ext4/ioctl.c:1053 [inline]
ext4_ioctl+0x3dce/0x5b60 fs/ext4/ioctl.c:1273
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f5657bad169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f56560dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5657ccd120 RCX: 00007f5657bad169
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000008
RBP: 00007f5657c08ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc177cb67f R14: 00007f56560dd300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7349e40704a0 Linux 5.15.116
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a3c395280000
kernel config: https://syzkaller.appspot.com/x/.config?x=831c3122ac9c9145
dashboard link: https://syzkaller.appspot.com/bug?extid=78e78ea5632a74486fbb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c03c3ad4501/disk-7349e407.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/350c3d79bc87/vmlinux-7349e407.xz
kernel image: https://storage.googleapis.com/syzbot-assets/73a4ed3d5438/bzImage-7349e407.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value
fuse: Bad value for 'fd'
------------[ cut here ]------------
WARNING: CPU: 1 PID: 27803 at kernel/locking/lockdep.c:896 look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Modules linked in:
CPU: 1 PID: 27803 Comm: syz-executor.4 Not tainted 5.15.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Code: 00 48 85 db 74 4c 4c 39 7b 40 74 05 48 8b 1b eb eb 48 8b 83 b0 00 00 00 49 3b 46 18 74 36 48 c7 c0 00 b0 a8 8f 49 39 06 74 2a <0f> 0b eb 26 e8 e7 15 e8 f9 48 c7 c7 60 1d 8b 8a 89 de e8 a2 d5 fe
RSP: 0018:ffffc900043bf630 EFLAGS: 00010002
RAX: ffffffff8fa8b000 RBX: ffffffff8f959580 RCX: ffff888075c1bb80
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff88801bfd4840
RBP: ffffc900043bf730 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff92000877ed4 R14: ffff88801bfd4840 R15: ffffffff914eb081
FS: 00007f56560dd700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5657bfff70 CR3: 0000000031546000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
register_lock_class+0x100/0x9a0 kernel/locking/lockdep.c:1245
__lock_acquire+0xd7/0x1ff0 kernel/locking/lockdep.c:4890
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5622
down_write_nested+0xa0/0x180 kernel/locking/rwsem.c:1657
swap_inode_boot_loader fs/ext4/ioctl.c:176 [inline]
__ext4_ioctl fs/ext4/ioctl.c:1053 [inline]
ext4_ioctl+0x3dce/0x5b60 fs/ext4/ioctl.c:1273
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f5657bad169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f56560dd168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f5657ccd120 RCX: 00007f5657bad169
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000008
RBP: 00007f5657c08ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc177cb67f R14: 00007f56560dd300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 14, 2023, 12:15:54 AM6/14/23
Hello,
syzbot found the following issue on:
HEAD commit: 2f3918bc53fb Linux 6.1.33
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=124dff43280000
kernel config: https://syzkaller.appspot.com/x/.config?x=668ab7dd51e152ad
dashboard link: https://syzkaller.appspot.com/bug?extid=b45970e765c38b634d54
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/148750653b59/disk-2f3918bc.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/f86efd682b25/vmlinux-2f3918bc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/483386a4e270/bzImage-2f3918bc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.782, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 1 PID: 17652 at kernel/locking/lockdep.c:941 look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 1 PID: 17652 Comm: syz-executor.1 Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Code: 8b 16 48 c7 c0 20 a1 14 90 48 39 c2 74 46 f6 05 13 dc bb 03 01 75 3d c6 05 0a dc bb 03 01 48 c7 c7 40 f2 eb 8a e8 6e fe ce f6 <0f> 0b eb 26 e8 75 ba ad f9 48 c7 c7 80 f1 eb 8a 89 de e8 a0 f1 fd
RSP: 0018:ffffc9000b1ef5b0 EFLAGS: 00010046
RAX: 34f1fed9458ec100 RBX: ffffffff8ffe5a60 RCX: 0000000000040000
RDX: ffffc90005eb9000 RSI: 0000000000016f59 RDI: 0000000000016f5a
RBP: ffffc9000b1ef6b0 R08: ffffffff81524d5e R09: ffffed1017324f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff9200163dec4 R14: ffff88802b550c90 R15: ffffffff91c0f521
FS: 00007f7336dba700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020017000 CR3: 000000007ab46000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
register_lock_class+0x100/0x990 kernel/locking/lockdep.c:1290
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__lock_acquire+0xd3/0x1f80 kernel/locking/lockdep.c:4935
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5669
down_write_nested+0x39/0x60 kernel/locking/rwsem.c:1689
swap_inode_boot_loader fs/ext4/ioctl.c:426 [inline]
__ext4_ioctl fs/ext4/ioctl.c:1421 [inline]
ext4_ioctl+0x462a/0x5f70 fs/ext4/ioctl.c:1611
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
RIP: 0033:0x7f733608c199
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7336dba168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f73361ac120 RCX: 00007f733608c199
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004
RBP: 00007f73360e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff03d4840f R14: 00007f7336dba300 R15: 0000000000022000
syzbot
Jun 17, 2023, 7:52:47 PM6/17/23
syzbot has found a reproducer for the following issue on:
HEAD commit: 471e639e59d1 Linux 5.15.117
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1087c85b280000
kernel config: https://syzkaller.appspot.com/x/.config?x=eeb4064efec7aa39
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f9a97f280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=103eea40a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e7359ecba67/disk-471e639e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ef6d17e44bc3/vmlinux-471e639e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/99b68dbd7e00/Image-471e639e.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/048c60ff8a6d/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4324 at kernel/locking/lockdep.c:896 look_up_lock_class+0x134/0x13c
Modules linked in:
CPU: 0 PID: 4324 Comm: syz-executor356 Not tainted 5.15.117-syzkaller #0
pc : look_up_lock_class+0x134/0x13c
lr : look_up_lock_class+0x74/0x13c
sp : ffff80001d407260
x29: ffff80001d407260 x28: dfff800000000000 x27: 0000000000000001
x26: ffff8000183e0d20 x25: ffff8000183e0000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff80001850a661
x20: ffff0000df690c70 x19: ffff80001702e340 x18: 1ffff00003a80e9c
x17: ff80800008d99ebc x16: ffff8000082ea840 x15: ffff800008d99ebc
x14: 1ffff0000291e06a x13: ffff80001d407420 x12: dfff800000000000
x11: ffff8000082ede34 x10: ffff8000148f034c x9 : ffff8000171a7d00
x8 : ffff80001850a660 x7 : ffff800008dd4918 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000001
Call trace:
look_up_lock_class+0x134/0x13c
register_lock_class+0x90/0x6a4 kernel/locking/lockdep.c:1245
__lock_acquire+0x184/0x7620 kernel/locking/lockdep.c:4890
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write_nested+0x118/0x26c kernel/locking/rwsem.c:1657
ext4_double_down_write_data_sem+0x3c/0x4c
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 571
hardirqs last enabled at (571): [<ffff8000088c87b4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (570): [<ffff8000088c8774>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:204
softirqs last enabled at (436): [<ffff8000080300b4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (434): [<ffff800008030080>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 811391a9ef7d1700 ]---
loop0: detected capacity change from 0 to 512
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 471e639e59d1 Linux 5.15.117
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1087c85b280000
kernel config: https://syzkaller.appspot.com/x/.config?x=eeb4064efec7aa39
dashboard link: https://syzkaller.appspot.com/bug?extid=78e78ea5632a74486fbb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f9a97f280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=103eea40a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e7359ecba67/disk-471e639e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ef6d17e44bc3/vmlinux-471e639e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/99b68dbd7e00/Image-471e639e.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/048c60ff8a6d/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
WARNING: CPU: 0 PID: 4324 at kernel/locking/lockdep.c:896 look_up_lock_class+0x134/0x13c
Modules linked in:
CPU: 0 PID: 4324 Comm: syz-executor356 Not tainted 5.15.117-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : look_up_lock_class+0x134/0x13c
lr : look_up_lock_class+0x74/0x13c
sp : ffff80001d407260
x29: ffff80001d407260 x28: dfff800000000000 x27: 0000000000000001
x26: ffff8000183e0d20 x25: ffff8000183e0000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff80001850a661
x20: ffff0000df690c70 x19: ffff80001702e340 x18: 1ffff00003a80e9c
x17: ff80800008d99ebc x16: ffff8000082ea840 x15: ffff800008d99ebc
x14: 1ffff0000291e06a x13: ffff80001d407420 x12: dfff800000000000
x11: ffff8000082ede34 x10: ffff8000148f034c x9 : ffff8000171a7d00
x8 : ffff80001850a660 x7 : ffff800008dd4918 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000001
Call trace:
look_up_lock_class+0x134/0x13c
register_lock_class+0x90/0x6a4 kernel/locking/lockdep.c:1245
__lock_acquire+0x184/0x7620 kernel/locking/lockdep.c:4890
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write_nested+0x118/0x26c kernel/locking/rwsem.c:1657
ext4_double_down_write_data_sem+0x3c/0x4c
swap_inode_boot_loader fs/ext4/ioctl.c:176 [inline]
__ext4_ioctl fs/ext4/ioctl.c:1053 [inline]
ext4_ioctl+0x41f8/0x6190 fs/ext4/ioctl.c:1273
__ext4_ioctl fs/ext4/ioctl.c:1053 [inline]
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 571
hardirqs last enabled at (571): [<ffff8000088c87b4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (570): [<ffff8000088c8774>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:204
softirqs last enabled at (436): [<ffff8000080300b4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (434): [<ffff800008030080>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 811391a9ef7d1700 ]---
loop0: detected capacity change from 0 to 512
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jun 17, 2023, 10:11:00 PM6/17/23
syzbot has found a reproducer for the following issue on:
HEAD commit: ca87e77a2ef8 Linux 6.1.34
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1798ba5b280000
kernel config: https://syzkaller.appspot.com/x/.config?x=143044f84cdceac2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130f7f73280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11145497280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1141c37ce351/disk-ca87e77a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de1fca0d0bb4/vmlinux-ca87e77a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3417b70e0bf/Image-ca87e77a.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/bfc91ff6e0da/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.777, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 1 PID: 4469 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 1 PID: 4469 Comm: syz-executor242 Not tainted 6.1.34-syzkaller #0
pc : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
lr : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
sp : ffff80001df97200
x29: ffff80001df97200 x28: dfff800000000000 x27: ffff800008ea1048
x26: ffff8000195e37e0 x25: ffff8000195e3000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff800019778441
x20: ffff0000e2188c90 x19: ffff800018230d00 x18: 1ffff00003bf2e80
x17: 0000000000000000 x16: ffff8000121062b4 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081af018 x10: 0000000000000000 x9 : 11d9c5592620d600
x8 : 11d9c5592620d600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001df96af8 x4 : ffff8000156a2a40 x3 : ffff8000085879f4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
register_lock_class+0x90/0x6a8 kernel/locking/lockdep.c:1290
__lock_acquire+0x184/0x764c kernel/locking/lockdep.c:4935
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write_nested+0x64/0x94 kernel/locking/rwsem.c:1689
ext4_double_down_write_data_sem+0x3c/0x4c
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 629
hardirqs last enabled at (629): [<ffff80000896dd8c>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (628): [<ffff80000896dd4c>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:215
softirqs last enabled at (484): [<ffff800008032bc0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (482): [<ffff800008032b8c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
HEAD commit: ca87e77a2ef8 Linux 6.1.34
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1798ba5b280000
kernel config: https://syzkaller.appspot.com/x/.config?x=143044f84cdceac2
dashboard link: https://syzkaller.appspot.com/bug?extid=b45970e765c38b634d54
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=130f7f73280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11145497280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1141c37ce351/disk-ca87e77a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de1fca0d0bb4/vmlinux-ca87e77a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3417b70e0bf/Image-ca87e77a.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/bfc91ff6e0da/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4469 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 1 PID: 4469 Comm: syz-executor242 Not tainted 6.1.34-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
lr : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
sp : ffff80001df97200
x29: ffff80001df97200 x28: dfff800000000000 x27: ffff800008ea1048
x26: ffff8000195e37e0 x25: ffff8000195e3000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff800019778441
x20: ffff0000e2188c90 x19: ffff800018230d00 x18: 1ffff00003bf2e80
x17: 0000000000000000 x16: ffff8000121062b4 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081af018 x10: 0000000000000000 x9 : 11d9c5592620d600
x8 : 11d9c5592620d600 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001df96af8 x4 : ffff8000156a2a40 x3 : ffff8000085879f4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
register_lock_class+0x90/0x6a8 kernel/locking/lockdep.c:1290
__lock_acquire+0x184/0x764c kernel/locking/lockdep.c:4935
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write_nested+0x64/0x94 kernel/locking/rwsem.c:1689
ext4_double_down_write_data_sem+0x3c/0x4c
swap_inode_boot_loader fs/ext4/ioctl.c:426 [inline]
__ext4_ioctl fs/ext4/ioctl.c:1421 [inline]
ext4_ioctl+0x4e4c/0x6ad0 fs/ext4/ioctl.c:1611
__ext4_ioctl fs/ext4/ioctl.c:1421 [inline]
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 629
hardirqs last enabled at (629): [<ffff80000896dd8c>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (628): [<ffff80000896dd4c>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:215
softirqs last enabled at (484): [<ffff800008032bc0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (482): [<ffff800008032b8c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
syzbot
Jan 23, 2025, 12:37:05 AMJan 23
syzbot suspects this issue was fixed by commit:
commit 48c3352453718ed3ad671b0fdcc7e0bb5f8dad44
Author: Ahmed Ehab <[email protected]>
Date: Sat Aug 24 22:10:30 2024 +0000
locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1136b618580000
start commit: 09996673e313 Linux 5.15.123
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f9d4431ce682ac7e
dashboard link: https://syzkaller.appspot.com/bug?extid=78e78ea5632a74486fbb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13b2ea39a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1701d2a6a80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 48c3352453718ed3ad671b0fdcc7e0bb5f8dad44
Author: Ahmed Ehab <[email protected]>
Date: Sat Aug 24 22:10:30 2024 +0000
locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1136b618580000
start commit: 09996673e313 Linux 5.15.123
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f9d4431ce682ac7e
dashboard link: https://syzkaller.appspot.com/bug?extid=78e78ea5632a74486fbb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13b2ea39a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1701d2a6a80000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages