syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

inconsistent lock state in shmem_fallocate

Status: public: reported C repro on 2019/04/14 00:00
Reported-by: syzbot+6e5f7ecd43ca27145f88@syzkaller.appspotmail.com
First crash: 1937d, last: 1608d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 inconsistent lock state in shmem_fallocate C 13 1618d 1841d 0/2 public: reported C repro on 2019/04/13 00:00

Sample crash report:
=================================
[ INFO: inconsistent lock state ]
4.9.141+ #1 Not tainted
---------------------------------
inconsistent {RECLAIM_FS-ON-W} -> {IN-RECLAIM_FS-W} usage.
kswapd0/33 [HC0[0]:SC0[0]:HE1:SE1] takes:
 (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [<ffffffff81464edc>] inode_lock include/linux/fs.h:766 [inline]
 (&sb->s_type->i_mutex_key#10){+.+.?.}, at: [<ffffffff81464edc>] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676
  mark_held_locks+0xc7/0x130 kernel/locking/lockdep.c:2660
  __lockdep_trace_alloc kernel/locking/lockdep.c:2882 [inline]
  lockdep_trace_alloc+0x18e/0x2a0 kernel/locking/lockdep.c:2897
  __alloc_pages_nodemask+0x14a/0x1bd0 mm/page_alloc.c:3804
  __alloc_pages include/linux/gfp.h:433 [inline]
  __alloc_pages_node include/linux/gfp.h:446 [inline]
  alloc_pages_node include/linux/gfp.h:460 [inline]
  shmem_alloc_page mm/shmem.c:1420 [inline]
  shmem_alloc_and_acct_page mm/shmem.c:1450 [inline]
  shmem_getpage_gfp+0xc7c/0x18f0 mm/shmem.c:1724
  shmem_getpage mm/shmem.c:123 [inline]
  shmem_write_begin+0xf4/0x1a0 mm/shmem.c:2205
  generic_perform_write+0x28a/0x500 mm/filemap.c:2753
  __generic_file_write_iter+0x352/0x540 mm/filemap.c:2878
  generic_file_write_iter+0x37a/0x620 mm/filemap.c:2906
  new_sync_write fs/read_write.c:496 [inline]
  __vfs_write+0x3d7/0x580 fs/read_write.c:509
  vfs_write+0x187/0x520 fs/read_write.c:557
  SYSC_write fs/read_write.c:604 [inline]
  SyS_write+0xd9/0x1c0 fs/read_write.c:596
  do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
irq event stamp: 1055
hardirqs last  enabled at (1055): [<ffffffff8280b008>] __mutex_trylock_slowpath kernel/locking/mutex.c:885 [inline]
hardirqs last  enabled at (1055): [<ffffffff8280b008>] mutex_trylock+0x258/0x3e0 kernel/locking/mutex.c:908
hardirqs last disabled at (1054): [<ffffffff8280ae5f>] __mutex_trylock_slowpath kernel/locking/mutex.c:873 [inline]
hardirqs last disabled at (1054): [<ffffffff8280ae5f>] mutex_trylock+0xaf/0x3e0 kernel/locking/mutex.c:908
softirqs last  enabled at (1012): [<ffffffff8281cdfd>] __do_softirq+0x46d/0x964 kernel/softirq.c:314
softirqs last disabled at (1001): [<ffffffff810efdbc>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (1001): [<ffffffff810efdbc>] irq_exit+0x11c/0x150 kernel/softirq.c:409

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&sb->s_type->i_mutex_key#10);
  <Interrupt>
    lock(&sb->s_type->i_mutex_key#10);

 *** DEADLOCK ***

2 locks held by kswapd0/33:
 #0:  (shrinker_rwsem){++++..}, at: [<ffffffff814499b2>] shrink_slab.part.8+0xb2/0xa00 mm/vmscan.c:471
 #1:  (ashmem_mutex){+.+.+.}, at: [<ffffffff821ed9f5>] ashmem_shrink_scan+0x55/0x4c0 drivers/staging/android/ashmem.c:455

stack backtrace:
CPU: 0 PID: 33 Comm: kswapd0 Not tainted 4.9.141+ #1
 ffff8801d8417380 ffffffff81b42e79 ffff8801d8408000 ffffffff83cac960
 ffff8801d8408900 ffff8801d8408920 ffffffff84244d40 ffff8801d84173f8
 ffffffff81400780 0000000000000000 ffffffff00000001 0000000000000001
Call Trace:
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81400780>] print_usage_bug.cold.40+0x44e/0x57e kernel/locking/lockdep.c:2387
 [<ffffffff81205d42>] valid_state kernel/locking/lockdep.c:2400 [inline]
 [<ffffffff81205d42>] mark_lock_irq kernel/locking/lockdep.c:2602 [inline]
 [<ffffffff81205d42>] mark_lock+0x2f2/0x1290 kernel/locking/lockdep.c:3065
 [<ffffffff812079e2>] mark_irqflags kernel/locking/lockdep.c:2958 [inline]
 [<ffffffff812079e2>] __lock_acquire+0x632/0x4a10 kernel/locking/lockdep.c:3302
 [<ffffffff8120c8d0>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff828116f1>] down_write+0x41/0xa0 kernel/locking/rwsem.c:52
 [<ffffffff81464edc>] inode_lock include/linux/fs.h:766 [inline]
 [<ffffffff81464edc>] shmem_fallocate+0x13c/0xb10 mm/shmem.c:2676
 [<ffffffff821edb59>] ashmem_shrink_scan+0x1b9/0x4c0 drivers/staging/android/ashmem.c:462
 [<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
 [<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
 [<ffffffff814570b9>] kswapd_shrink_node mm/vmscan.c:3202 [inline]
 [<ffffffff814570b9>] balance_pgdat mm/vmscan.c:3319 [inline]
 [<ffffffff814570b9>] kswapd+0x7e9/0x13b0 mm/vmscan.c:3512
 [<ffffffff81142c3d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373

Crashes (28):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/06 03:37 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53be0a37 .config console log report syz C ci-android-49-kasan-gce
2019/01/06 03:35 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53be0a37 .config console log report syz ci-android-49-kasan-gce-386
2019/09/29 16:48 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 c1ad5441 .config console log report ci-android-49-kasan-gce
2019/09/18 14:04 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 c2dcd700 .config console log report ci-android-49-kasan-gce
2019/09/09 23:13 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a60cb4cd .config console log report ci-android-49-kasan-gce
2019/09/06 12:59 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 040fda58 .config console log report ci-android-49-kasan-gce
2019/03/16 07:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 bab43553 .config console log report ci-android-49-kasan-gce
2019/01/26 13:54 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 c73f090a .config console log report ci-android-49-kasan-gce
2019/01/20 05:55 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 353f32ea .config console log report ci-android-49-kasan-gce
2019/12/01 12:18 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a76bf83f .config console log report ci-android-49-kasan-gce-386
2019/11/18 15:43 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 1daed50a .config console log report ci-android-49-kasan-gce-386
2019/11/15 20:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cdac920b .config console log report ci-android-49-kasan-gce-386
2019/11/15 20:36 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cdac920b .config console log report ci-android-49-kasan-gce-386
2019/11/15 15:41 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cdac920b .config console log report ci-android-49-kasan-gce-386
2019/11/14 05:44 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce-386
2019/11/13 18:27 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce-386
2019/11/12 13:33 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 048f2d49 .config console log report ci-android-49-kasan-gce-386
2019/11/04 23:58 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 76630fc9 .config console log report ci-android-49-kasan-gce-386
2019/10/25 20:06 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 c2e837da .config console log report ci-android-49-kasan-gce-386
2019/10/22 23:32 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 5681358a .config console log report ci-android-49-kasan-gce-386
2019/10/22 07:03 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 c59a7cd8 .config console log report ci-android-49-kasan-gce-386
2019/10/20 20:17 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 8c88c9c1 .config console log report ci-android-49-kasan-gce-386
2019/09/27 20:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d8074e0b .config console log report ci-android-49-kasan-gce-386
2019/09/25 09:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e38a6630 .config console log report ci-android-49-kasan-gce-386
2019/09/14 10:17 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 32d59357 .config console log report ci-android-49-kasan-gce-386
2019/09/07 01:38 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a60cb4cd .config console log report ci-android-49-kasan-gce-386
2019/09/01 08:47 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 bad3cce2 .config console log report ci-android-49-kasan-gce-386
2019/01/15 21:55 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 79cb1a7c .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.