Re: [syzbot] [ocfs2?] kernel BUG in __ocfs2_move_extent

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+727d161855d11d81e411@syzkaller.appspotmail.com>
To: dmantipov@yandex.ru, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ocfs2?] kernel BUG in __ocfs2_move_extent
Date: Fri, 24 Oct 2025 02:51:02 -0700	[thread overview]
Message-ID: <68fb4c06.050a0220.346f24.00ba.GAE@google.com> (raw)
In-Reply-To: <20251024071531.Cp40p%dmantipov@yandex.ru>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in __ocfs2_flush_truncate_log

======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz-executor/5793 is trying to acquire lock:
ffff88804461d100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:815 [inline]
ffff88804461d100 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}, at: __ocfs2_flush_truncate_log+0x33d/0x10f0 fs/ocfs2/alloc.c:6054

but task is already holding lock:
ffff888040ccb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:815 [inline]
ffff888040ccb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}, at: ocfs2_flush_truncate_log+0x47/0x70 fs/ocfs2/alloc.c:6083

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}:
       lock_acquire+0x1a1/0x430 kernel/locking/lockdep.c:5825
       down_write+0x97/0x1f0 kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:815 [inline]
       ocfs2_move_extent fs/ocfs2/move_extents.c:646 [inline]
       __ocfs2_move_extents_range+0x1a6a/0x3380 fs/ocfs2/move_extents.c:866
       ocfs2_move_extents+0x379/0x960 fs/ocfs2/move_extents.c:933
       ocfs2_ioctl_move_extents+0x569/0x740 fs/ocfs2/move_extents.c:1065
       ocfs2_ioctl+0x192/0x750 fs/ocfs2/ioctl.c:946
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:907 [inline]
       __se_sys_ioctl+0x100/0x170 fs/ioctl.c:893
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf6/0x210 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3161 [inline]
       check_prevs_add kernel/locking/lockdep.c:3280 [inline]
       validate_chain+0x188e/0x5720 kernel/locking/lockdep.c:3904
       __lock_acquire+0x138a/0x20c0 kernel/locking/lockdep.c:5202
       lock_acquire+0x1a1/0x430 kernel/locking/lockdep.c:5825
       down_write+0x97/0x1f0 kernel/locking/rwsem.c:1577
       inode_lock include/linux/fs.h:815 [inline]
       __ocfs2_flush_truncate_log+0x33d/0x10f0 fs/ocfs2/alloc.c:6054
       ocfs2_flush_truncate_log+0x4f/0x70 fs/ocfs2/alloc.c:6084
       ocfs2_sync_fs+0x117/0x320 fs/ocfs2/super.c:402
       sync_filesystem+0x1cf/0x230 fs/sync.c:66
       generic_shutdown_super+0x6f/0x2c0 fs/super.c:621
       kill_block_super+0x44/0x90 fs/super.c:1710
       deactivate_locked_super+0xb9/0x130 fs/super.c:473
       cleanup_mnt+0x425/0x4c0 fs/namespace.c:1378
       task_work_run+0x1d5/0x260 kernel/task_work.c:239
       resume_user_mode_work+0x5e/0x80 include/linux/resume_user_mode.h:50
       exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
       exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
       __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
       syscall_exit_to_user_mode+0x87/0x130 kernel/entry/common.c:218
       do_syscall_64+0x103/0x210 arch/x86/entry/common.c:89
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6);
                               lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5);
                               lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6);
  lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5);

 *** DEADLOCK ***

2 locks held by syz-executor/5793:
 #0: ffff88803ef880e0 (&type->s_umount_key#54){+.+.}-{4:4}, at: __super_lock fs/super.c:56 [inline]
 #0: ffff88803ef880e0 (&type->s_umount_key#54){+.+.}-{4:4}, at: __super_lock_excl fs/super.c:71 [inline]
 #0: ffff88803ef880e0 (&type->s_umount_key#54){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 fs/super.c:505
 #1: ffff888040ccb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:815 [inline]
 #1: ffff888040ccb480 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{4:4}, at: ocfs2_flush_truncate_log+0x47/0x70 fs/ocfs2/alloc.c:6083

stack backtrace:
CPU: 0 UID: 0 PID: 5793 Comm: syz-executor Not tainted syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x18a/0x250 lib/dump_stack.c:120
 print_circular_bug+0x13b/0x1b0 kernel/locking/lockdep.c:2074
 check_noncircular+0x2b5/0x3b0 kernel/locking/lockdep.c:2206
 check_prev_add kernel/locking/lockdep.c:3161 [inline]
 check_prevs_add kernel/locking/lockdep.c:3280 [inline]
 validate_chain+0x188e/0x5720 kernel/locking/lockdep.c:3904
 __lock_acquire+0x138a/0x20c0 kernel/locking/lockdep.c:5202
 lock_acquire+0x1a1/0x430 kernel/locking/lockdep.c:5825
 down_write+0x97/0x1f0 kernel/locking/rwsem.c:1577
 inode_lock include/linux/fs.h:815 [inline]
 __ocfs2_flush_truncate_log+0x33d/0x10f0 fs/ocfs2/alloc.c:6054
 ocfs2_flush_truncate_log+0x4f/0x70 fs/ocfs2/alloc.c:6084
 ocfs2_sync_fs+0x117/0x320 fs/ocfs2/super.c:402
 sync_filesystem+0x1cf/0x230 fs/sync.c:66
 generic_shutdown_super+0x6f/0x2c0 fs/super.c:621
 kill_block_super+0x44/0x90 fs/super.c:1710
 deactivate_locked_super+0xb9/0x130 fs/super.c:473
 cleanup_mnt+0x425/0x4c0 fs/namespace.c:1378
 task_work_run+0x1d5/0x260 kernel/task_work.c:239
 resume_user_mode_work+0x5e/0x80 include/linux/resume_user_mode.h:50
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x87/0x130 kernel/entry/common.c:218
 do_syscall_64+0x103/0x210 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd40db901f7
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd33164b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007fd40dc11d7d RCX: 00007fd40db901f7
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd33164bc0
RBP: 00007ffd33164bc0 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd33165c50
R13: 00007fd40dc11d7d R14: 000000000002060d R15: 00007ffd33165c90
 </TASK>
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)
(syz-executor,5793,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 72
ocfs2: Unmounting device (7,0) on (node local)


Tested on:

commit:         4fc43deb Linux 6.12.55
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-6.12.y
console output: https://syzkaller.appspot.com/x/log.txt?x=126ddb04580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=fe7b438dcda9b036
dashboard link: https://syzkaller.appspot.com/bug?extid=727d161855d11d81e411
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=177c7734580000

next      parent reply	other threads:[~2025-10-24  9:51 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20251024071531.Cp40p%dmantipov@yandex.ru>
2025-10-24  9:51 ` syzbot [this message]
     [not found] <20251029062741.TtsCS%dmantipov@yandex.ru>
2025-10-29  9:19 ` [syzbot] [ocfs2?] kernel BUG in __ocfs2_move_extent syzbot
     [not found] <20251029062547.rwhxA%dmantipov@yandex.ru>
2025-10-29  7:45 ` syzbot
     [not found] <20251029062152.SGmfc%dmantipov@yandex.ru>
2025-10-29  6:41 ` syzbot
     [not found] <20251028182251.0GoZ4%dmantipov@yandex.ru>
2025-10-28 19:51 ` syzbot
     [not found] <20251028182057.zO55R%dmantipov@yandex.ru>
2025-10-28 18:59 ` syzbot
     [not found] <20251028181934.eY2E6%dmantipov@yandex.ru>
2025-10-28 18:33 ` syzbot
     [not found] <20251028104158.MIVL6%dmantipov@yandex.ru>
2025-10-28 10:45 ` syzbot
     [not found] <20251028104119.GRrZG%dmantipov@yandex.ru>
2025-10-28 10:43 ` syzbot
     [not found] <20251028104005.KTUK2%dmantipov@yandex.ru>
2025-10-28 10:42 ` syzbot
     [not found] <20251024071520.3EwpH%dmantipov@yandex.ru>
2025-10-24  8:39 ` syzbot
     [not found] <20251024071152.RMTIq%dmantipov@yandex.ru>
2025-10-24  7:32 ` syzbot
     [not found] <20251022121135.b09g-%dmantipov@yandex.ru>
2025-10-22 12:35 ` syzbot
     [not found] <fbb0d602-f99c-44b8-a0a1-9d6ab5b3c107@yandex.ru>
2025-10-08 11:13 ` syzbot
2025-10-07  3:55 syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=68fb4c06.050a0220.346f24.00ba.GAE@google.com \
    --to=syzbot+727d161855d11d81e411@syzkaller.appspotmail.com \
    --cc=dmantipov@yandex.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.