From: syzbot <syzbot+b392b861663de30af8e0@syzkaller.appspotmail.com>
To: chao@kernel.org, jaegeuk@kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [f2fs?] possible deadlock in f2fs_do_map_lock
Date: Sat, 24 Dec 2022 03:20:39 -0800 [thread overview]
Message-ID: <00000000000087698205f0911707@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10f880e8480000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=b392b861663de30af8e0
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b392b861663de30af8e0@syzkaller.appspotmail.com
F2FS-fs (loop5): invalid crc value
F2FS-fs (loop5): Found nat_bits in checkpoint
F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0 Not tainted
------------------------------------------------------
syz-executor.5/8612 is trying to acquire lock:
ffff00011158a4e0 (&sbi->node_change){++++}-{3:3}, at: f2fs_do_map_lock+0x5c/0x88
but task is already holding lock:
ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: f2fs_vm_page_mkwrite+0x18c/0x9a4 fs/f2fs/file.c:104
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (mapping.invalidate_lock#7){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
filemap_fault+0x104/0x7fc mm/filemap.c:3127
f2fs_filemap_fault+0x2c/0x54 fs/f2fs/file.c:44
__do_fault+0x60/0x358 mm/memory.c:4202
do_shared_fault mm/memory.c:4608 [inline]
do_fault+0x23c/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #3 (&mm->mmap_lock){++++}-{3:3}:
__might_fault+0x7c/0xb4 mm/memory.c:5645
_copy_to_user include/linux/uaccess.h:143 [inline]
copy_to_user include/linux/uaccess.h:169 [inline]
f2fs_ioc_get_encryption_pwsalt fs/f2fs/file.c:2349 [inline]
__f2fs_ioctl+0x3204/0x3318 fs/f2fs/file.c:4151
f2fs_ioctl+0x74/0xbc fs/f2fs/file.c:4224
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #2 (&sbi->sb_lock){++++}-{3:3}:
down_write+0x5c/0x88 kernel/locking/rwsem.c:1562
f2fs_down_write fs/f2fs/f2fs.h:2205 [inline]
f2fs_handle_error+0x9c/0x17c fs/f2fs/super.c:3898
f2fs_check_nid_range fs/f2fs/node.c:39 [inline]
add_free_nid+0x4d8/0x50c fs/f2fs/node.c:2282
scan_nat_page fs/f2fs/node.c:2384 [inline]
__f2fs_build_free_nids fs/f2fs/node.c:2490 [inline]
f2fs_build_free_nids+0x680/0x8f4 fs/f2fs/node.c:2528
f2fs_build_node_manager+0x624/0x64c fs/f2fs/node.c:3313
f2fs_fill_super+0x1470/0x1e90 fs/f2fs/super.c:4306
mount_bdev+0x1b8/0x210 fs/super.c:1401
f2fs_mount+0x44/0x58 fs/f2fs/super.c:4580
legacy_get_tree+0x30/0x74 fs/fs_context.c:610
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #1 (&nm_i->nat_tree_lock){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_down_read fs/f2fs/f2fs.h:2180 [inline]
f2fs_get_node_info+0x74/0x458 fs/f2fs/node.c:560
__write_node_page+0x244/0xfcc fs/f2fs/node.c:1613
f2fs_sync_node_pages+0x888/0xdb0 fs/f2fs/node.c:2017
block_operations+0x288/0x400 fs/f2fs/checkpoint.c:1270
f2fs_write_checkpoint+0x210/0x568 fs/f2fs/checkpoint.c:1650
kill_f2fs_super+0xec/0x194 fs/f2fs/super.c:4606
deactivate_locked_super+0x70/0xe8 fs/super.c:332
deactivate_super+0xd0/0xd4 fs/super.c:363
cleanup_mnt+0x184/0x1c0 fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x100/0x148 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #0 (&sbi->node_change){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_do_map_lock+0x5c/0x88
f2fs_vm_page_mkwrite+0x324/0x9a4 fs/f2fs/file.c:116
do_page_mkwrite+0x74/0x288 mm/memory.c:2977
do_shared_fault mm/memory.c:4618 [inline]
do_fault+0x274/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Chain exists of:
&sbi->node_change --> &mm->mmap_lock --> mapping.invalidate_lock#7
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(mapping.invalidate_lock#7);
lock(&mm->mmap_lock);
lock(mapping.invalidate_lock#7);
lock(&sbi->node_change);
*** DEADLOCK ***
3 locks held by syz-executor.5/8612:
#0: ffff00010fb7cbc8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff00010fb7cbc8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x3c8/0x79c arch/arm64/mm/fault.c:593
#1: ffff00011c1c9558 (sb_pagefaults#3){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:1930 [inline]
#1: ffff00011c1c9558 (sb_pagefaults#3){.+.+}-{0:0}, at: f2fs_vm_page_mkwrite+0x160/0x9a4 fs/f2fs/file.c:99
#2: ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
#2: ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: f2fs_vm_page_mkwrite+0x18c/0x9a4 fs/f2fs/file.c:104
stack backtrace:
CPU: 0 PID: 8612 Comm: syz-executor.5 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2055
check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2177
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_do_map_lock+0x5c/0x88
f2fs_vm_page_mkwrite+0x324/0x9a4 fs/f2fs/file.c:116
do_page_mkwrite+0x74/0x288 mm/memory.c:2977
do_shared_fault mm/memory.c:4618 [inline]
do_fault+0x274/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+b392b861663de30af8e0@syzkaller.appspotmail.com>
To: chao@kernel.org, jaegeuk@kernel.org,
linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [f2fs-dev] [syzbot] [f2fs?] possible deadlock in f2fs_do_map_lock
Date: Sat, 24 Dec 2022 03:20:39 -0800 [thread overview]
Message-ID: <00000000000087698205f0911707@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10f880e8480000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=b392b861663de30af8e0
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b392b861663de30af8e0@syzkaller.appspotmail.com
F2FS-fs (loop5): invalid crc value
F2FS-fs (loop5): Found nat_bits in checkpoint
F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
======================================================
WARNING: possible circular locking dependency detected
6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0 Not tainted
------------------------------------------------------
syz-executor.5/8612 is trying to acquire lock:
ffff00011158a4e0 (&sbi->node_change){++++}-{3:3}, at: f2fs_do_map_lock+0x5c/0x88
but task is already holding lock:
ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: f2fs_vm_page_mkwrite+0x18c/0x9a4 fs/f2fs/file.c:104
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (mapping.invalidate_lock#7){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
filemap_fault+0x104/0x7fc mm/filemap.c:3127
f2fs_filemap_fault+0x2c/0x54 fs/f2fs/file.c:44
__do_fault+0x60/0x358 mm/memory.c:4202
do_shared_fault mm/memory.c:4608 [inline]
do_fault+0x23c/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #3 (&mm->mmap_lock){++++}-{3:3}:
__might_fault+0x7c/0xb4 mm/memory.c:5645
_copy_to_user include/linux/uaccess.h:143 [inline]
copy_to_user include/linux/uaccess.h:169 [inline]
f2fs_ioc_get_encryption_pwsalt fs/f2fs/file.c:2349 [inline]
__f2fs_ioctl+0x3204/0x3318 fs/f2fs/file.c:4151
f2fs_ioctl+0x74/0xbc fs/f2fs/file.c:4224
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0xd0/0x140 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #2 (&sbi->sb_lock){++++}-{3:3}:
down_write+0x5c/0x88 kernel/locking/rwsem.c:1562
f2fs_down_write fs/f2fs/f2fs.h:2205 [inline]
f2fs_handle_error+0x9c/0x17c fs/f2fs/super.c:3898
f2fs_check_nid_range fs/f2fs/node.c:39 [inline]
add_free_nid+0x4d8/0x50c fs/f2fs/node.c:2282
scan_nat_page fs/f2fs/node.c:2384 [inline]
__f2fs_build_free_nids fs/f2fs/node.c:2490 [inline]
f2fs_build_free_nids+0x680/0x8f4 fs/f2fs/node.c:2528
f2fs_build_node_manager+0x624/0x64c fs/f2fs/node.c:3313
f2fs_fill_super+0x1470/0x1e90 fs/f2fs/super.c:4306
mount_bdev+0x1b8/0x210 fs/super.c:1401
f2fs_mount+0x44/0x58 fs/f2fs/super.c:4580
legacy_get_tree+0x30/0x74 fs/fs_context.c:610
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #1 (&nm_i->nat_tree_lock){++++}-{3:3}:
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_down_read fs/f2fs/f2fs.h:2180 [inline]
f2fs_get_node_info+0x74/0x458 fs/f2fs/node.c:560
__write_node_page+0x244/0xfcc fs/f2fs/node.c:1613
f2fs_sync_node_pages+0x888/0xdb0 fs/f2fs/node.c:2017
block_operations+0x288/0x400 fs/f2fs/checkpoint.c:1270
f2fs_write_checkpoint+0x210/0x568 fs/f2fs/checkpoint.c:1650
kill_f2fs_super+0xec/0x194 fs/f2fs/super.c:4606
deactivate_locked_super+0x70/0xe8 fs/super.c:332
deactivate_super+0xd0/0xd4 fs/super.c:363
cleanup_mnt+0x184/0x1c0 fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x100/0x148 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
-> #0 (&sbi->node_change){++++}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_do_map_lock+0x5c/0x88
f2fs_vm_page_mkwrite+0x324/0x9a4 fs/f2fs/file.c:116
do_page_mkwrite+0x74/0x288 mm/memory.c:2977
do_shared_fault mm/memory.c:4618 [inline]
do_fault+0x274/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
other info that might help us debug this:
Chain exists of:
&sbi->node_change --> &mm->mmap_lock --> mapping.invalidate_lock#7
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(mapping.invalidate_lock#7);
lock(&mm->mmap_lock);
lock(mapping.invalidate_lock#7);
lock(&sbi->node_change);
*** DEADLOCK ***
3 locks held by syz-executor.5/8612:
#0: ffff00010fb7cbc8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock include/linux/mmap_lock.h:117 [inline]
#0: ffff00010fb7cbc8 (&mm->mmap_lock){++++}-{3:3}, at: do_page_fault+0x3c8/0x79c arch/arm64/mm/fault.c:593
#1: ffff00011c1c9558 (sb_pagefaults#3){.+.+}-{0:0}, at: sb_start_pagefault include/linux/fs.h:1930 [inline]
#1: ffff00011c1c9558 (sb_pagefaults#3){.+.+}-{0:0}, at: f2fs_vm_page_mkwrite+0x160/0x9a4 fs/f2fs/file.c:99
#2: ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:811 [inline]
#2: ffff00010db4bd90 (mapping.invalidate_lock#7){++++}-{3:3}, at: f2fs_vm_page_mkwrite+0x18c/0x9a4 fs/f2fs/file.c:104
stack backtrace:
CPU: 0 PID: 8612 Comm: syz-executor.5 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_circular_bug+0x2c4/0x2c8 kernel/locking/lockdep.c:2055
check_noncircular+0x14c/0x154 kernel/locking/lockdep.c:2177
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x1530/0x3084 kernel/locking/lockdep.c:5055
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
down_read+0x5c/0x78 kernel/locking/rwsem.c:1509
f2fs_do_map_lock+0x5c/0x88
f2fs_vm_page_mkwrite+0x324/0x9a4 fs/f2fs/file.c:116
do_page_mkwrite+0x74/0x288 mm/memory.c:2977
do_shared_fault mm/memory.c:4618 [inline]
do_fault+0x274/0x550 mm/memory.c:4686
handle_pte_fault mm/memory.c:4954 [inline]
__handle_mm_fault mm/memory.c:5096 [inline]
handle_mm_fault+0x78c/0xa48 mm/memory.c:5217
__do_page_fault arch/arm64/mm/fault.c:508 [inline]
do_page_fault+0x428/0x79c arch/arm64/mm/fault.c:608
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
__arch_copy_to_user+0x104/0x234 arch/arm64/lib/copy_template.S:135
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2022-12-24 11:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-24 11:20 syzbot [this message]
2022-12-24 11:20 ` [f2fs-dev] [syzbot] [f2fs?] possible deadlock in f2fs_do_map_lock syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000087698205f0911707@google.com \
--to=syzbot+b392b861663de30af8e0@syzkaller.appspotmail.com \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.