possible deadlock in start_this

Title	Replies (including bot)	Last reply
possible deadlock in start_this_handle	1 (2)	2018/09/07 09:38

Title

Replies (including bot)

Last reply

1 (2)

2018/09/07 09:38

Kernel	Title	Count	Last	Reported	Patched	Status
upstream	possible deadlock in start_this_handle (3) ext4	8	455d	643d	22/26	fixed on 2023/02/24 13:50
upstream	possible deadlock in start_this_handle (2) ext4	8	1129d	1162d	0/26	auto-closed as invalid on 2021/07/13 16:11
upstream	possible deadlock in start_this_handle (4) fscrypt ext4	23	35d	414d	0/26	upstream: reported on 2023/03/01 00:02

XFS (loop1): unknown mount option [j›Гі&)nzџu"]. JFS: discard option not supported on device JFS: discard option not supported on device ====================================================== WARNING: possible circular locking dependency detected 4.19.0-rc8+ #61 Not tainted ------------------------------------------------------ syz-executor0/20241 is trying to acquire lock: 00000000d0fcd8ad (jbd2_handle){++++}, at: start_this_handle+0x581/0x1250 fs/jbd2/transaction.c:383 but task is already holding lock: 000000007681fdeb (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.97+0x0/0x30 mm/internal.h:79 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (fs_reclaim){+.+.}: __fs_reclaim_acquire mm/page_alloc.c:3728 [inline] fs_reclaim_acquire.part.97+0x24/0x30 mm/page_alloc.c:3739 fs_reclaim_acquire+0x14/0x20 mm/page_alloc.c:3740 slab_pre_alloc_hook mm/slab.h:418 [inline] slab_alloc mm/slab.c:3378 [inline] kmem_cache_alloc_trace+0x2d/0x750 mm/slab.c:3618 kmalloc include/linux/slab.h:513 [inline] kzalloc include/linux/slab.h:707 [inline] smk_fetch.part.24+0x5a/0xf0 security/smack/smack_lsm.c:273 smk_fetch security/smack/smack_lsm.c:3548 [inline] smack_d_instantiate+0x94e/0xea0 security/smack/smack_lsm.c:3502 security_d_instantiate+0x5c/0xf0 security/security.c:1287 d_instantiate+0x5e/0xa0 fs/dcache.c:1870 shmem_mknod+0x189/0x1f0 mm/shmem.c:2814 vfs_mknod+0x445/0x800 fs/namei.c:3719 handle_create+0x1ff/0x730 drivers/base/devtmpfs.c:211 handle drivers/base/devtmpfs.c:374 [inline] devtmpfsd+0x27f/0x4c0 drivers/base/devtmpfs.c:400 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 -> #1 (&isp->smk_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:925 [inline] __mutex_lock+0x166/0x1700 kernel/locking/mutex.c:1072 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087 smack_d_instantiate+0x136/0xea0 security/smack/smack_lsm.c:3369 security_d_instantiate+0x5c/0xf0 security/security.c:1287 d_instantiate_new+0x70/0x160 fs/dcache.c:1889 ext4_add_nondir+0x81/0x90 fs/ext4/namei.c:2415 ext4_symlink+0x752/0x1130 fs/ext4/namei.c:3162 vfs_symlink+0x37a/0x5d0 fs/namei.c:4127 do_symlinkat+0x242/0x2d0 fs/namei.c:4154 __do_sys_symlink fs/namei.c:4173 [inline] __se_sys_symlink fs/namei.c:4171 [inline] __x64_sys_symlink+0x59/0x80 fs/namei.c:4171 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (jbd2_handle){++++}: lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900 start_this_handle+0x5b8/0x1250 fs/jbd2/transaction.c:385 jbd2__journal_start+0x3c9/0xa90 fs/jbd2/transaction.c:439 __ext4_journal_start_sb+0x1a5/0x5f0 fs/ext4/ext4_jbd2.c:81 __ext4_journal_start fs/ext4/ext4_jbd2.h:311 [inline] ext4_dirty_inode+0x62/0xc0 fs/ext4/inode.c:6023 __mark_inode_dirty+0x7c3/0x1510 fs/fs-writeback.c:2129 mark_inode_dirty_sync include/linux/fs.h:2075 [inline] iput+0x131/0xa90 fs/inode.c:1570 dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374 __dentry_kill+0x44c/0x7a0 fs/dcache.c:566 shrink_dentry_list+0x32f/0x800 fs/dcache.c:1079 prune_dcache_sb+0x12f/0x1c0 fs/dcache.c:1171 super_cache_scan+0x270/0x480 fs/super.c:102 do_shrink_slab+0x4e7/0xd20 mm/vmscan.c:547 shrink_slab+0x389/0x8c0 mm/vmscan.c:696 shrink_node+0x431/0x16b0 mm/vmscan.c:2745 shrink_zones mm/vmscan.c:2974 [inline] do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036 try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251 __perform_reclaim mm/page_alloc.c:3769 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline] __alloc_pages_slowpath+0x993/0x2d80 mm/page_alloc.c:4191 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:509 [inline] __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946 __do_page_cache_readahead+0x383/0x980 mm/readahead.c:195 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2444 [inline] filemap_fault+0xf4d/0x25f0 mm/filemap.c:2520 __do_fault+0x100/0x6b0 mm/memory.c:3240 do_shared_fault mm/memory.c:3707 [inline] do_fault mm/memory.c:3756 [inline] handle_pte_fault mm/memory.c:3983 [inline] __handle_mm_fault+0x3515/0x53e0 mm/memory.c:4107 handle_mm_fault+0x54f/0xc70 mm/memory.c:4144 __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161 other info that might help us debug this: Chain exists of: jbd2_handle --> &isp->smk_lock --> fs_reclaim Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(fs_reclaim); lock(&isp->smk_lock); lock(fs_reclaim); lock(jbd2_handle); *** DEADLOCK *** 4 locks held by syz-executor0/20241: #0: 000000005fc9d4fb (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e3/0xed0 arch/x86/mm/fault.c:1324 #1: 000000007681fdeb (fs_reclaim){+.+.}, at: fs_reclaim_acquire.part.97+0x0/0x30 mm/internal.h:79 #2: 000000001bca7b75 (shrinker_rwsem){++++}, at: shrink_slab+0x207/0x8c0 mm/vmscan.c:686 #3: 00000000d0bec81b (&type->s_umount_key#29){++++}, at: trylock_super+0x22/0x110 fs/super.c:412 stack backtrace: CPU: 0 PID: 20241 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_circular_bug.isra.33.cold.54+0x1bd/0x27d kernel/locking/lockdep.c:1221 check_prev_add kernel/locking/lockdep.c:1861 [inline] check_prevs_add kernel/locking/lockdep.c:1974 [inline] validate_chain kernel/locking/lockdep.c:2415 [inline] __lock_acquire+0x33e4/0x4ec0 kernel/locking/lockdep.c:3411 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900 start_this_handle+0x5b8/0x1250 fs/jbd2/transaction.c:385 jbd2__journal_start+0x3c9/0xa90 fs/jbd2/transaction.c:439 __ext4_journal_start_sb+0x1a5/0x5f0 fs/ext4/ext4_jbd2.c:81 __ext4_journal_start fs/ext4/ext4_jbd2.h:311 [inline] ext4_dirty_inode+0x62/0xc0 fs/ext4/inode.c:6023 __mark_inode_dirty+0x7c3/0x1510 fs/fs-writeback.c:2129 mark_inode_dirty_sync include/linux/fs.h:2075 [inline] iput+0x131/0xa90 fs/inode.c:1570 dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374 __dentry_kill+0x44c/0x7a0 fs/dcache.c:566 shrink_dentry_list+0x32f/0x800 fs/dcache.c:1079 prune_dcache_sb+0x12f/0x1c0 fs/dcache.c:1171 super_cache_scan+0x270/0x480 fs/super.c:102 do_shrink_slab+0x4e7/0xd20 mm/vmscan.c:547 shrink_slab+0x389/0x8c0 mm/vmscan.c:696 shrink_node+0x431/0x16b0 mm/vmscan.c:2745 shrink_zones mm/vmscan.c:2974 [inline] do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3036 try_to_free_pages+0x4d0/0xb90 mm/vmscan.c:3251 __perform_reclaim mm/page_alloc.c:3769 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline] __alloc_pages_slowpath+0x993/0x2d80 mm/page_alloc.c:4191 __alloc_pages_nodemask+0xa80/0xde0 mm/page_alloc.c:4390 alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093 alloc_pages include/linux/gfp.h:509 [inline] __page_cache_alloc+0x38f/0x5b0 mm/filemap.c:946 __do_page_cache_readahead+0x383/0x980 mm/readahead.c:195 ra_submit mm/internal.h:66 [inline] do_sync_mmap_readahead mm/filemap.c:2444 [inline] filemap_fault+0xf4d/0x25f0 mm/filemap.c:2520 __do_fault+0x100/0x6b0 mm/memory.c:3240 do_shared_fault mm/memory.c:3707 [inline] do_fault mm/memory.c:3756 [inline] handle_pte_fault mm/memory.c:3983 [inline] __handle_mm_fault+0x3515/0x53e0 mm/memory.c:4107 handle_mm_fault+0x54f/0xc70 mm/memory.c:4144 __do_page_fault+0x67d/0xed0 arch/x86/mm/fault.c:1395 do_page_fault+0xf2/0x7e0 arch/x86/mm/fault.c:1470 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1161 RIP: 0033:0x400581 Code: 08 f7 d2 23 11 8a 4c 24 10 d3 e0 09 d0 89 06 e9 ab 00 00 00 48 8b 44 24 10 48 0b 44 24 28 75 12 48 8b 44 24 08 48 8b 54 24 20 <48> 89 10 e9 8d 00 00 00 8a 4c 24 28 b8 01 00 00 00 48 8b 7c 24 08 RSP: 002b:00007fffeda15470 EFLAGS: 00010246 RAX: 0000000020005ff0 RBX: 000000000072bfa0 RCX: 0000000000000000 RDX: 0000000020008000 RSI: 0000000000000000 RDI: 000000000104b848 RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 R10: 00007fffeda15560 R11: 0000000000000246 R12: 000000000072bfac R13: 000000000072bfac R14: 0000000000000005 R15: 0000000000000001 kobject: 'nullb0' (00000000c7bb5821): kobject_uevent_env kobject: 'nullb0' (00000000c7bb5821): fill_kobj_path: path = '/devices/virtual/block/nullb0' kobject: 'loop2' (00000000050795d0): kobject_uevent_env kobject: 'loop2' (00000000050795d0): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (00000000da384d9a): kobject_uevent_env kobject: 'loop5' (00000000da384d9a): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop1' (00000000e13e54bf): kobject_uevent_env kobject: 'loop1' (00000000e13e54bf): fill_kobj_path: path = '/devices/virtual/block/loop1' kobject: 'loop4' (00000000ad5884fc): kobject_uevent_env kobject: 'loop5' (00000000da384d9a): kobject_uevent_env kobject: 'loop5' (00000000da384d9a): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (00000000ad5884fc): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop3' (00000000800137de): kobject_uevent_env kobject: 'loop5' (00000000da384d9a): kobject_uevent_env kobject: 'loop3' (00000000800137de): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop3' (00000000800137de): kobject_uevent_env kobject: 'loop3' (00000000800137de): fill_kobj_path: path = '/devices/virtual/block/loop3' kobject: 'loop5' (00000000da384d9a): fill_kobj_path: path = '/devices/virtual/block/loop5' kobject: 'loop4' (00000000ad5884fc): kobject_uevent_env kobject: 'loop4' (00000000ad5884fc): fill_kobj_path: path = '/devices/virtual/block/loop4' kobject: 'loop2' (00000000050795d0): kobject_uevent_env kobject: 'loop2' (00000000050795d0): fill_kobj_path: path = '/devices/virtual/block/loop2' kobject: 'loop5' (00000000da384d9a): kobject_uevent_env kobject: 'loop5' (00000000da384d9a): fill_kobj_path: path = '/devices/virtual/block/loop5'

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2018/10/15 16:26	upstream	35a7f35ad1b1	caf12900	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/10/04 02:11	upstream	6bebe37927f3	8b311eaf	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/10/03 16:17	upstream	6bebe37927f3	8b311eaf	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/09/09 17:19	upstream	f8f65382c98a	6b5120a4	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/09/09 15:44	upstream	f8f65382c98a	6b5120a4	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/09/08 05:22	upstream	3d0e7a9e00fd	6b5120a4	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/09/07 22:44	upstream	a49a9dcce802	69cfeb80	.config	console log	report	ci-upstream-kasan-gce-smack-root
2018/09/07 06:25	upstream	ca16eb342ebe	e30d3b52	.config	console log	report	ci-upstream-kasan-gce-smack-root