From: syzbot <syzbot+e5b81eaab292e00e7d98@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [f2fs?] possible deadlock in f2fs_release_file
Date: Sat, 17 Jun 2023 08:48:22 -0700 [thread overview]
Message-ID: <00000000000032996005fe553bc1@google.com> (raw)
In-Reply-To: <20230617134704.1211-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in user_get_super
INFO: task syz-executor272:7088 blocked for more than 143 seconds.
Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor272 state:D stack:29016 pid:7088 ppid:7046 flags:0x00000004
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5343 [inline]
__schedule+0xc9a/0x5880 kernel/sched/core.c:6669
schedule+0xde/0x1a0 kernel/sched/core.c:6745
schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6804
rwsem_down_write_slowpath+0x3e2/0x1220 kernel/locking/rwsem.c:1178
__down_write_common kernel/locking/rwsem.c:1306 [inline]
__down_write kernel/locking/rwsem.c:1315 [inline]
down_write+0x1d2/0x200 kernel/locking/rwsem.c:1574
user_get_super+0x230/0x310 fs/super.c:875
quotactl_block+0x26d/0x410 fs/quota/quota.c:890
__do_sys_quotactl fs/quota/quota.c:954 [inline]
__se_sys_quotactl fs/quota/quota.c:916 [inline]
__x64_sys_quotactl+0x32b/0x410 fs/quota/quota.c:916
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb71dc27649
RSP: 002b:00007fb717697318 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
RAX: ffffffffffffffda RBX: 00007fb71dcb47b8 RCX: 00007fb71dc27649
RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffffffff80000202
RBP: 00007fb71dcb47b0 R08: 00007fb717697700 R09: 0000000000000000
R10: 0000000020008040 R11: 0000000000000246 R12: 6f6f6c2f7665642f
R13: 00007ffe21a598bf R14: 00007fb717697400 R15: 0000000000022000
</TASK>
Showing all locks held in the system:
4 locks held by kworker/u4:0/10:
#0: ffff8880b993c5d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 kernel/sched/core.c:558
#1: ffff8880b9928848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2de/0x950 kernel/sched/psi.c:996
#2: ffff888029ae4d40 (&wdev->mtx){+.+.}-{3:3}, at: sdata_lock net/mac80211/ieee80211_i.h:1129 [inline]
#2: ffff888029ae4d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x94/0x14a0 net/mac80211/ibss.c:1680
#3: ffffffff8c7990c0 (rcu_read_lock){....}-{1:2}, at: sdata_assert_lock net/mac80211/ieee80211_i.h:1146 [inline]
#3: ffffffff8c7990c0 (rcu_read_lock){....}-{1:2}, at: ieee80211_sta_active_ibss+0x86/0x390 net/mac80211/ibss.c:652
1 lock held by rcu_tasks_kthre/13:
#0: ffffffff8c7984b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
1 lock held by rcu_tasks_trace/14:
#0: ffffffff8c7981b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 kernel/rcu/tasks.h:518
1 lock held by khungtaskd/27:
#0: ffffffff8c7990c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 kernel/locking/lockdep.c:6559
5 locks held by kworker/u4:2/40:
2 locks held by kworker/u4:5/2832:
#0: ffff8880b993c5d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 kernel/sched/core.c:558
#1: ffff8880b9928848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2de/0x950 kernel/sched/psi.c:996
2 locks held by getty/4753:
#0: ffff88802ce02098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 drivers/tty/tty_ldisc.c:243
#1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 drivers/tty/n_tty.c:2176
4 locks held by syz-executor.3/5377:
#0: ffff88807dae80e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
#1: ffff888023ae4318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#1: ffff888023ae4318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_write_checkpoint+0x4a6/0x4b40 fs/f2fs/checkpoint.c:1638
#2: ffff888023ae43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#2: ffff888023ae43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_lock_all fs/f2fs/f2fs.h:2147 [inline]
#2: ffff888023ae43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: block_operations+0x10d/0xe80 fs/f2fs/checkpoint.c:1219
#3: ffff888023ae4448 (&sbi->node_write){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#3: ffff888023ae4448 (&sbi->node_write){++++}-{3:3}, at: block_operations+0x8fe/0xe80 fs/f2fs/checkpoint.c:1267
4 locks held by syz-executor272/7043:
#0: ffff888065c100e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
#1: ffff888049488318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#1: ffff888049488318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_write_checkpoint+0x4a6/0x4b40 fs/f2fs/checkpoint.c:1638
#2: ffff8880494883b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#2: ffff8880494883b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_lock_all fs/f2fs/f2fs.h:2147 [inline]
#2: ffff8880494883b0 (&sbi->cp_rwsem){++++}-{3:3}, at: block_operations+0x10d/0xe80 fs/f2fs/checkpoint.c:1219
#3: ffff888049488448 (&sbi->node_write){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#3: ffff888049488448 (&sbi->node_write){++++}-{3:3}, at: block_operations+0x8fe/0xe80 fs/f2fs/checkpoint.c:1267
4 locks held by syz-executor272/7044:
#0: ffff888032a700e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
#1: ffff888017ad4318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#1: ffff888017ad4318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_write_checkpoint+0x4a6/0x4b40 fs/f2fs/checkpoint.c:1638
#2: ffff888017ad43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#2: ffff888017ad43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_lock_all fs/f2fs/f2fs.h:2147 [inline]
#2: ffff888017ad43b0 (&sbi->cp_rwsem){++++}-{3:3}, at: block_operations+0x10d/0xe80 fs/f2fs/checkpoint.c:1219
#3: ffff888017ad4448 (&sbi->node_write){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#3: ffff888017ad4448 (&sbi->node_write){++++}-{3:3}, at: block_operations+0x8fe/0xe80 fs/f2fs/checkpoint.c:1267
4 locks held by syz-executor272/7045:
#0: ffff88806a81e0e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
#1: ffff8880762a8318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#1: ffff8880762a8318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_write_checkpoint+0x4a6/0x4b40 fs/f2fs/checkpoint.c:1638
#2: ffff8880762a83b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#2: ffff8880762a83b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_lock_all fs/f2fs/f2fs.h:2147 [inline]
#2: ffff8880762a83b0 (&sbi->cp_rwsem){++++}-{3:3}, at: block_operations+0x10d/0xe80 fs/f2fs/checkpoint.c:1219
#3: ffff8880762a8448 (&sbi->node_write){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#3: ffff8880762a8448 (&sbi->node_write){++++}-{3:3}, at: block_operations+0x8fe/0xe80 fs/f2fs/checkpoint.c:1267
4 locks held by syz-executor272/7047:
#0: ffff88807d2ec0e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
#1: ffff88807fa84318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#1: ffff88807fa84318 (&sbi->cp_global_sem){+.+.}-{3:3}, at: f2fs_write_checkpoint+0x4a6/0x4b40 fs/f2fs/checkpoint.c:1638
#2: ffff88807fa843b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#2: ffff88807fa843b0 (&sbi->cp_rwsem){++++}-{3:3}, at: f2fs_lock_all fs/f2fs/f2fs.h:2147 [inline]
#2: ffff88807fa843b0 (&sbi->cp_rwsem){++++}-{3:3}, at: block_operations+0x10d/0xe80 fs/f2fs/checkpoint.c:1219
#3: ffff88807fa84448 (&sbi->node_write){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2112 [inline]
#3: ffff88807fa84448 (&sbi->node_write){++++}-{3:3}, at: block_operations+0x8fe/0xe80 fs/f2fs/checkpoint.c:1267
1 lock held by syz-executor272/7048:
#0: ffff8880763cc0e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0 fs/super.c:361
1 lock held by syz-executor272/7088:
#0: ffff88807dae80e0 (&type->s_umount_key#50){+.+.}-{3:3}, at: user_get_super+0x230/0x310 fs/super.c:875
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
nmi_cpu_backtrace+0x29c/0x350 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x2a4/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xe16/0x1090 kernel/hung_task.c:379
kthread+0x344/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 2832 Comm: kworker/u4:5 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Workqueue: bat_events batadv_nc_worker
RIP: 0010:preempt_count_sub+0x2b/0x150 kernel/sched/core.c:5839
Code: 0f 1e fa 48 c7 c0 00 84 df 91 53 89 fb 48 ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 <7c> 08 84 d2 0f 85 e4 00 00 00 8b 0d 55 57 87 10 85 c9 75 1b 65 8b
RSP: 0018:ffffc9000b01fbf8 EFLAGS: 00000097
RAX: 0000000000000003 RBX: 0000000000000001 RCX: 1ffffffff23bf080
RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffffff89db728c R08: 0000000000000000 R09: ffffffff8e7a8957
R10: fffffbfff1cf512a R11: 0000000000000000 R12: ffff8880223017a8
R13: ffff888022300c80 R14: dffffc0000000000 R15: ffffffff89db7480
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:00000000000000
Tested on:
commit: b6dad517 Merge tag 'nios2_fix_v6.4' of git://git.kerne..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=14ef9b7f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac246111fb601aec
dashboard link: https://syzkaller.appspot.com/bug?extid=e5b81eaab292e00e7d98
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1339a97f280000
next parent reply other threads:[~2023-06-17 15:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230617134704.1211-1-hdanton@sina.com>
2023-06-17 15:48 ` syzbot [this message]
2023-05-01 17:06 [syzbot] [f2fs?] possible deadlock in f2fs_release_file syzbot
2023-06-15 8:39 ` syzbot
2023-09-30 2:42 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000032996005fe553bc1@google.com \
--to=syzbot+e5b81eaab292e00e7d98@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.