Re: [f2fs-dev] [syzbot] possible deadlock in f2fs_write_checkpoint

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+0b9cadf5fc45a98a5083@syzkaller.appspotmail.com>
To: chao@kernel.org, jaegeuk@kernel.org,
	 linux-f2fs-devel@lists.sourceforge.net,
	linux-kernel@vger.kernel.org,  syzkaller-bugs@googlegroups.com
Subject: Re: [f2fs-dev] [syzbot] possible deadlock in f2fs_write_checkpoint
Date: Wed, 02 Feb 2022 05:34:26 -0800	[thread overview]
Message-ID: <00000000000097bd8005d7091347@google.com> (raw)
In-Reply-To: <0000000000004cede805d58728c3@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    6abab1b81b65 Add linux-next specific files for 20220202
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=178ef35bb00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b8d8750556896349
dashboard link: https://syzkaller.appspot.com/bug?extid=0b9cadf5fc45a98a5083
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=150341d4700000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15649300700000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0b9cadf5fc45a98a5083@syzkaller.appspotmail.com

F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop0): invalid crc_offset: 0
F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (8221872453892455638, 0)
F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
F2FS-fs (loop0): Mounted with checkpoint version = 7ad43cd6
============================================
WARNING: possible recursive locking detected
5.17.0-rc2-next-20220202-syzkaller #0 Not tainted
--------------------------------------------
syz-executor316/3595 is trying to acquire lock:
ffff88801d514390 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
ffff88801d514390 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_write_checkpoint+0x535/0x5c90 fs/f2fs/checkpoint.c:1616

but task is already holding lock:
ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_issue_checkpoint+0x149/0x480 fs/f2fs/checkpoint.c:1835

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sem->internal_rwsem#2);
  lock(&sem->internal_rwsem#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz-executor316/3595:
 #0: ffff888074db00e0 (&type->s_umount_key#46){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:362
 #1: ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
 #1: ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_issue_checkpoint+0x149/0x480 fs/f2fs/checkpoint.c:1835

stack backtrace:
CPU: 0 PID: 3595 Comm: syz-executor316 Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]
 check_deadlock kernel/locking/lockdep.c:2999 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire.cold+0x149/0x3ab kernel/locking/lockdep.c:5027
 lock_acquire kernel/locking/lockdep.c:5639 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
 down_write+0x90/0x150 kernel/locking/rwsem.c:1514
 f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
 f2fs_write_checkpoint+0x535/0x5c90 fs/f2fs/checkpoint.c:1616
 __write_checkpoint_sync fs/f2fs/checkpoint.c:1746 [inline]
 f2fs_issue_checkpoint+0x156/0x480 fs/f2fs/checkpoint.c:1843
 f2fs_sync_fs+0x20f/0x420 fs/f2fs/super.c:1644
 sync_filesystem.part.0+0x13c/0x1d0 fs/sync.c:66
 sync_filesystem+0x8b/0xc0 fs/sync.c:43
 generic_shutdown_super+0x70/0x400 fs/super.c:445
 kill_block_super+0x97/0xf0 fs/super.c:1394
 kill_f2fs_super+0x2b3/0x3c0 fs/f2fs/super.c:4523
 deactivate_locked_super+0x94/0x160 fs/super.c:332
 deactivate_super+0xad/0xd0 fs/super.c:363
 cleanup_mnt+0x3a2/0x540 fs/namespace.c:1159
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xb29/0x2b10 kernel/exit.c:806
 do_group_exit+0xd2/0x2f0 kernel/exit.c:935
 __do_sys_exit_group kernel/exit.c:946 [inline]
 __se_sys_exit_group kernel/exit.c:944 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f93b7998639
Code: Unable to access opcode bytes at RIP 0x7f93b799860f.
RSP: 002b:00007fffe1dc7708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f93b7a0d3

_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

WARNING: multiple messages have this Message-ID (diff)

From: syzbot <syzbot+0b9cadf5fc45a98a5083@syzkaller.appspotmail.com>
To: chao@kernel.org, jaegeuk@kernel.org,
	linux-f2fs-devel@lists.sourceforge.net,
	linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] possible deadlock in f2fs_write_checkpoint
Date: Wed, 02 Feb 2022 05:34:26 -0800	[thread overview]
Message-ID: <00000000000097bd8005d7091347@google.com> (raw)
In-Reply-To: <0000000000004cede805d58728c3@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    6abab1b81b65 Add linux-next specific files for 20220202
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=178ef35bb00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b8d8750556896349
dashboard link: https://syzkaller.appspot.com/bug?extid=0b9cadf5fc45a98a5083
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=150341d4700000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15649300700000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0b9cadf5fc45a98a5083@syzkaller.appspotmail.com

F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop0): invalid crc_offset: 0
F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (8221872453892455638, 0)
F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
F2FS-fs (loop0): Mounted with checkpoint version = 7ad43cd6
============================================
WARNING: possible recursive locking detected
5.17.0-rc2-next-20220202-syzkaller #0 Not tainted
--------------------------------------------
syz-executor316/3595 is trying to acquire lock:
ffff88801d514390 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
ffff88801d514390 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_write_checkpoint+0x535/0x5c90 fs/f2fs/checkpoint.c:1616

but task is already holding lock:
ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_issue_checkpoint+0x149/0x480 fs/f2fs/checkpoint.c:1835

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sem->internal_rwsem#2);
  lock(&sem->internal_rwsem#2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz-executor316/3595:
 #0: ffff888074db00e0 (&type->s_umount_key#46){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:362
 #1: ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
 #1: ffff88801d515398 (&sem->internal_rwsem#2){++++}-{3:3}, at: f2fs_issue_checkpoint+0x149/0x480 fs/f2fs/checkpoint.c:1835

stack backtrace:
CPU: 0 PID: 3595 Comm: syz-executor316 Not tainted 5.17.0-rc2-next-20220202-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2956 [inline]
 check_deadlock kernel/locking/lockdep.c:2999 [inline]
 validate_chain kernel/locking/lockdep.c:3788 [inline]
 __lock_acquire.cold+0x149/0x3ab kernel/locking/lockdep.c:5027
 lock_acquire kernel/locking/lockdep.c:5639 [inline]
 lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
 down_write+0x90/0x150 kernel/locking/rwsem.c:1514
 f2fs_down_write fs/f2fs/f2fs.h:2156 [inline]
 f2fs_write_checkpoint+0x535/0x5c90 fs/f2fs/checkpoint.c:1616
 __write_checkpoint_sync fs/f2fs/checkpoint.c:1746 [inline]
 f2fs_issue_checkpoint+0x156/0x480 fs/f2fs/checkpoint.c:1843
 f2fs_sync_fs+0x20f/0x420 fs/f2fs/super.c:1644
 sync_filesystem.part.0+0x13c/0x1d0 fs/sync.c:66
 sync_filesystem+0x8b/0xc0 fs/sync.c:43
 generic_shutdown_super+0x70/0x400 fs/super.c:445
 kill_block_super+0x97/0xf0 fs/super.c:1394
 kill_f2fs_super+0x2b3/0x3c0 fs/f2fs/super.c:4523
 deactivate_locked_super+0x94/0x160 fs/super.c:332
 deactivate_super+0xad/0xd0 fs/super.c:363
 cleanup_mnt+0x3a2/0x540 fs/namespace.c:1159
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0xb29/0x2b10 kernel/exit.c:806
 do_group_exit+0xd2/0x2f0 kernel/exit.c:935
 __do_sys_exit_group kernel/exit.c:946 [inline]
 __se_sys_exit_group kernel/exit.c:944 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:944
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f93b7998639
Code: Unable to access opcode bytes at RIP 0x7f93b799860f.
RSP: 002b:00007fffe1dc7708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f93b7a0d3

next prev parent reply	other threads:[~2022-02-02 13:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-14  9:09 [f2fs-dev] [syzbot] possible deadlock in f2fs_write_checkpoint syzbot
2022-01-14  9:09 ` syzbot
2022-02-02 13:34 ` syzbot [this message]
2022-02-02 13:34   ` syzbot
2022-02-03  2:23 ` [f2fs-dev] " syzbot
2022-02-03  2:23   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=00000000000097bd8005d7091347@google.com \
    --to=syzbot+0b9cadf5fc45a98a5083@syzkaller.appspotmail.com \
    --cc=chao@kernel.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.