From: syzbot <syzbot+1a748d0007eeac3ab079@syzkaller.appspotmail.com>
To: ebiggers@kernel.org, jaegeuk@kernel.org,
linux-fscrypt@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, tytso@mit.edu
Subject: [syzbot] possible deadlock in fscrypt_initialize
Date: Wed, 20 Apr 2022 18:05:24 -0700 [thread overview]
Message-ID: <00000000000070395e05dd1fb4d7@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 90ea17a9e27b Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16bf09d0f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ac042ae170e2c50f
dashboard link: https://syzkaller.appspot.com/bug?extid=1a748d0007eeac3ab079
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1a748d0007eeac3ab079@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.18.0-rc2-syzkaller-00291-g90ea17a9e27b #0 Not tainted
------------------------------------------------------
syz-executor.0/3694 is trying to acquire lock:
ffffffff8bf36428 (fscrypt_init_mutex){+.+.}-{3:3}, at: fscrypt_initialize+0x3c/0xa0 fs/crypto/crypto.c:324
but task is already holding lock:
ffff8880430c8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfb4/0x14a0 fs/jbd2/transaction.c:461
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (jbd2_handle){++++}-{0:0}:
start_this_handle+0xfe7/0x14a0 fs/jbd2/transaction.c:463
jbd2__journal_start+0x399/0x930 fs/jbd2/transaction.c:520
__ext4_journal_start_sb+0x3a8/0x4a0 fs/ext4/ext4_jbd2.c:105
__ext4_journal_start fs/ext4/ext4_jbd2.h:326 [inline]
ext4_dirty_inode+0x9d/0x110 fs/ext4/inode.c:5932
__mark_inode_dirty+0x45b/0xfe0 fs/fs-writeback.c:2367
mark_inode_dirty_sync include/linux/fs.h:2329 [inline]
iput.part.0+0x57/0x820 fs/inode.c:1767
iput+0x58/0x70 fs/inode.c:1760
dentry_unlink_inode+0x2b1/0x460 fs/dcache.c:401
__dentry_kill+0x3c0/0x640 fs/dcache.c:607
shrink_dentry_list+0x23c/0x800 fs/dcache.c:1201
prune_dcache_sb+0xe7/0x140 fs/dcache.c:1282
super_cache_scan+0x336/0x590 fs/super.c:104
do_shrink_slab+0x42d/0xbd0 mm/vmscan.c:774
shrink_slab+0x17c/0x6f0 mm/vmscan.c:934
shrink_node_memcgs mm/vmscan.c:3100 [inline]
shrink_node+0x8b3/0x1df0 mm/vmscan.c:3221
shrink_zones mm/vmscan.c:3458 [inline]
do_try_to_free_pages+0x3b5/0x1700 mm/vmscan.c:3516
try_to_free_pages+0x2ac/0x840 mm/vmscan.c:3751
__perform_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4646 [inline]
__alloc_pages_slowpath.constprop.0+0xac7/0x20e0 mm/page_alloc.c:5046
__alloc_pages+0x412/0x500 mm/page_alloc.c:5421
__alloc_pages_node include/linux/gfp.h:587 [inline]
khugepaged_alloc_page+0xa0/0x170 mm/khugepaged.c:868
collapse_huge_page mm/khugepaged.c:1071 [inline]
khugepaged_scan_pmd mm/khugepaged.c:1357 [inline]
khugepaged_scan_mm_slot mm/khugepaged.c:2167 [inline]
khugepaged_do_scan mm/khugepaged.c:2248 [inline]
khugepaged+0x3474/0x66e0 mm/khugepaged.c:2293
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
-> #1 (fs_reclaim){+.+.}-{0:0}:
__fs_reclaim_acquire mm/page_alloc.c:4572 [inline]
fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4586
might_alloc include/linux/sched/mm.h:254 [inline]
slab_pre_alloc_hook mm/slab.h:722 [inline]
slab_alloc_node mm/slab.c:3214 [inline]
kmem_cache_alloc_node_trace+0x48/0x5b0 mm/slab.c:3625
kmalloc_node include/linux/slab.h:599 [inline]
kzalloc_node include/linux/slab.h:725 [inline]
mempool_create_node mm/mempool.c:266 [inline]
mempool_create+0x4e/0xc0 mm/mempool.c:255
mempool_create_page_pool include/linux/mempool.h:107 [inline]
fscrypt_initialize+0x86/0xa0 fs/crypto/crypto.c:330
fscrypt_setup_encryption_info+0xef/0xf00 fs/crypto/keysetup.c:545
fscrypt_get_encryption_info+0x34a/0x3f0 fs/crypto/keysetup.c:654
fscrypt_setup_filename+0x238/0xec0 fs/crypto/fname.c:426
__fscrypt_prepare_lookup+0x28/0xf0 fs/crypto/hooks.c:102
fscrypt_prepare_lookup include/linux/fscrypt.h:898 [inline]
ext4_fname_prepare_lookup+0x2b1/0x330 fs/ext4/ext4.h:2770
ext4_lookup_entry fs/ext4/namei.c:1694 [inline]
ext4_lookup fs/ext4/namei.c:1769 [inline]
ext4_lookup+0x12d/0x730 fs/ext4/namei.c:1760
lookup_open.isra.0+0x9aa/0x1690 fs/namei.c:3308
open_last_lookups fs/namei.c:3400 [inline]
path_openat+0x9a2/0x2910 fs/namei.c:3606
do_filp_open+0x1aa/0x400 fs/namei.c:3636
do_sys_openat2+0x16d/0x4c0 fs/open.c:1213
do_sys_open fs/open.c:1229 [inline]
__do_sys_openat fs/open.c:1245 [inline]
__se_sys_openat fs/open.c:1240 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1240
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (fscrypt_init_mutex){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3065 [inline]
check_prevs_add kernel/locking/lockdep.c:3188 [inline]
validate_chain kernel/locking/lockdep.c:3803 [inline]
__lock_acquire+0x2ac6/0x56c0 kernel/locking/lockdep.c:5029
lock_acquire kernel/locking/lockdep.c:5641 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x12f/0x12f0 kernel/locking/mutex.c:733
fscrypt_initialize+0x3c/0xa0 fs/crypto/crypto.c:324
fscrypt_setup_encryption_info+0xef/0xf00 fs/crypto/keysetup.c:545
fscrypt_get_encryption_info+0x34a/0x3f0 fs/crypto/keysetup.c:654
fscrypt_setup_filename+0x238/0xec0 fs/crypto/fname.c:426
ext4_fname_setup_filename+0x8d/0x240 fs/ext4/ext4.h:2751
ext4_find_entry+0x8c/0x170 fs/ext4/namei.c:1674
__ext4_unlink+0x92/0x920 fs/ext4/namei.c:3155
ext4_unlink+0x346/0x9e0 fs/ext4/namei.c:3231
vfs_unlink+0x351/0x920 fs/namei.c:4148
do_unlinkat+0x3c9/0x650 fs/namei.c:4216
__do_sys_unlink fs/namei.c:4264 [inline]
__se_sys_unlink fs/namei.c:4262 [inline]
__x64_sys_unlink+0xc6/0x110 fs/namei.c:4262
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Chain exists of:
fscrypt_init_mutex --> fs_reclaim --> jbd2_handle
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(jbd2_handle);
lock(fs_reclaim);
lock(jbd2_handle);
lock(fscrypt_init_mutex);
*** DEADLOCK ***
4 locks held by syz-executor.0/3694:
#0: ffff8880434f6460 (sb_writers#5){.+.+}-{0:0}, at: do_unlinkat+0x17f/0x650 fs/namei.c:4195
#1: ffff8880784f46c0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:783 [inline]
#1: ffff8880784f46c0 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: do_unlinkat+0x269/0x650 fs/namei.c:4199
#2: ffff88801b236440 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: inode_lock include/linux/fs.h:748 [inline]
#2: ffff88801b236440 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: vfs_unlink+0xd5/0x920 fs/namei.c:4137
#3: ffff8880430c8990 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfb4/0x14a0 fs/jbd2/transaction.c:461
stack backtrace:
CPU: 0 PID: 3694 Comm: syz-executor.0 Not tainted 5.18.0-rc2-syzkaller-00291-g90ea17a9e27b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
check_noncircular+0x25f/0x2e0 kernel/locking/lockdep.c:2145
check_prev_add kernel/locking/lockdep.c:3065 [inline]
check_prevs_add kernel/locking/lockdep.c:3188 [inline]
validate_chain kernel/locking/lockdep.c:3803 [inline]
__lock_acquire+0x2ac6/0x56c0 kernel/locking/lockdep.c:5029
lock_acquire kernel/locking/lockdep.c:5641 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606
__mutex_lock_common kernel/locking/mutex.c:600 [inline]
__mutex_lock+0x12f/0x12f0 kernel/locking/mutex.c:733
fscrypt_initialize+0x3c/0xa0 fs/crypto/crypto.c:324
fscrypt_setup_encryption_info+0xef/0xf00 fs/crypto/keysetup.c:545
fscrypt_get_encryption_info+0x34a/0x3f0 fs/crypto/keysetup.c:654
fscrypt_setup_filename+0x238/0xec0 fs/crypto/fname.c:426
ext4_fname_setup_filename+0x8d/0x240 fs/ext4/ext4.h:2751
ext4_find_entry+0x8c/0x170 fs/ext4/namei.c:1674
__ext4_unlink+0x92/0x920 fs/ext4/namei.c:3155
ext4_unlink+0x346/0x9e0 fs/ext4/namei.c:3231
vfs_unlink+0x351/0x920 fs/namei.c:4148
do_unlinkat+0x3c9/0x650 fs/namei.c:4216
__do_sys_unlink fs/namei.c:4264 [inline]
__se_sys_unlink fs/namei.c:4262 [inline]
__x64_sys_unlink+0xc6/0x110 fs/namei.c:4262
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f7581288a27
Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd33ea0ca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7581288a27
RDX: 00007ffd33ea0ce0 RSI: 00007ffd33ea0ce0 RDI: 00007ffd33ea0d70
RBP: 00007ffd33ea0d70 R08: 0000000000000001 R09: 00007ffd33ea0b40
R10: 0000555556665893 R11: 0000000000000206 R12: 00007f75812e21f8
R13: 00007ffd33ea1e70 R14: 0000555556665850 R15: 00007ffd33ea2f70
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2022-04-21 1:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-21 1:05 syzbot [this message]
2022-04-21 1:42 ` [syzbot] possible deadlock in fscrypt_initialize Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000070395e05dd1fb4d7@google.com \
--to=syzbot+1a748d0007eeac3ab079@syzkaller.appspotmail.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.