lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <s5hbqhaytph.wl%tiwai@suse.de>
Date:	Fri, 27 Apr 2007 12:53:14 +0200
From:	Takashi Iwai <tiwai@...e.de>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	David Brownell <david-b@...bell.net>,
	Linux Kernel list <linux-kernel@...r.kernel.org>,
	reiserfs-dev@...esys.com, Jeff Mahoney <jeffm@...e.com>
Subject: Re: 2.6.21 reiserfs -- cicular locking?

At Fri, 27 Apr 2007 12:09:03 +0200,
I wrote:
> 
> I got a similar bug right now at the fresh boot of 2.6.21.
> 
> 
> ReiserFS: sda2: found reiserfs format "3.6" with standard journal
> ReiserFS: sda2: using ordered data mode
> ReiserFS: sda2: journal params: device sda2, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
> ReiserFS: sda2: checking transaction log (sda2)
> ReiserFS: sda2: Using r5 hash to sort names
> ReiserFS: sda2: Removing [3613 1354701 0x0 SD]..done
> ReiserFS: sda2: There were 1 uncompleted unlinks/truncates. Completed
> 
> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.21-work #1
> -------------------------------------------------------
> mktemp/1459 is trying to acquire lock:
>  (&REISERFS_I(inode)->xattr_sem){..--}, at: [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
> 
> but task is already holding lock:
>  (&inode->i_mutex){--..}, at: [<c016d7dc>] open_namei+0xe2/0x5a2
> 
> which lock already depends on the new lock.
> 
> 
> the existing dependency chain (in reverse order) is:
> 
> -> #2 (&inode->i_mutex){--..}:
>        [<c0134d2e>] __lock_acquire+0xa27/0xbbb
>        [<e08a2e9a>] get_xa_root+0x42/0xfc [reiserfs]
>        [<c0134f29>] lock_acquire+0x67/0x81
>        [<e08a2e9a>] get_xa_root+0x42/0xfc [reiserfs]
>        [<c028b69d>] __mutex_lock_slowpath+0xe3/0x241
>        [<e08a2e9a>] get_xa_root+0x42/0xfc [reiserfs]
>        [<e08a2e9a>] get_xa_root+0x42/0xfc [reiserfs]
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<e08a2f83>] open_xa_dir+0x16/0xd9 [reiserfs]
>        [<e08a3feb>] reiserfs_delete_xattrs+0x4b/0x15b [reiserfs]
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<c012e0d6>] down_read+0x3d/0x4e
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<e08a3ff7>] reiserfs_delete_xattrs+0x57/0x15b [reiserfs]
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<e088b171>] reiserfs_delete_inode+0x35/0xa1 [reiserfs]
>        [<c01c0fce>] _atomic_dec_and_lock+0x2a/0x48
>        [<e088b13c>] reiserfs_delete_inode+0x0/0xa1 [reiserfs]
>        [<c017507f>] generic_delete_inode+0x75/0xdd
>        [<c01747c4>] iput+0x60/0x62
>        [<e0892878>] finish_unfinished+0x2ee/0x350 [reiserfs]
>        [<c016bc00>] lookup_one_len+0x21/0x59
>        [<e08a3d45>] reiserfs_xattr_init+0x8f/0x1f6 [reiserfs]
>        [<e0893cd4>] reiserfs_fill_super+0x95e/0xab6 [reiserfs]
>        [<c0129520>] rcu_barrier+0x5a/0x6a
>        [<c0105cd0>] dump_trace+0x89/0x93
>        [<c010a075>] save_stack_trace+0x1c/0x37
>        [<c01327a5>] save_trace+0x40/0x92
>        [<c0165c02>] sget+0x1f/0x33b
>        [<c0134e2e>] __lock_acquire+0xb27/0xbbb
>        [<c0165c02>] sget+0x1f/0x33b
>        [<c01c483e>] vsnprintf+0x450/0x48c
>        [<c01c494c>] snprintf+0x1f/0x22
>        [<c0194687>] disk_name+0x7e/0x88
>        [<c016677f>] get_sb_bdev+0xe6/0x130
>        [<e0891ccc>] get_super_block+0x20/0x25 [reiserfs]
>        [<e0893376>] reiserfs_fill_super+0x0/0xab6 [reiserfs]
>        [<c016633b>] vfs_kern_mount+0x83/0xf6
>        [<c01663f0>] do_kern_mount+0x2d/0x3e
>        [<c0177ee4>] do_mount+0x612/0x685
>        [<c01543e9>] __handle_mm_fault+0x50c/0x902
>        [<c01543b2>] __handle_mm_fault+0x4d5/0x902
>        [<c028c912>] _spin_unlock+0x14/0x1c
>        [<c01547a8>] __handle_mm_fault+0x8cb/0x902
>        [<c014d104>] get_page_from_freelist+0x1fd/0x31d
>        [<c0133eeb>] trace_hardirqs_on+0x126/0x150
>        [<c012e14d>] up_read+0x14/0x27
>        [<c014d28c>] __alloc_pages+0x68/0x2aa
>        [<c0176899>] copy_mount_options+0x26/0x109
>        [<c0177fce>] sys_mount+0x77/0xae
>        [<c0104d74>] syscall_call+0x7/0xb
>        [<ffffffff>] 0xffffffff
> 
> -> #1 (&REISERFS_SB(s)->xattr_dir_sem){..--}:
>        [<c0134d2e>] __lock_acquire+0xa27/0xbbb
>        [<e08a3bf2>] reiserfs_listxattr+0x5a/0x11e [reiserfs]
>        [<c0134f29>] lock_acquire+0x67/0x81
>        [<e08a3bf2>] reiserfs_listxattr+0x5a/0x11e [reiserfs]
>        [<c012e0d6>] down_read+0x3d/0x4e
>        [<e08a3bf2>] reiserfs_listxattr+0x5a/0x11e [reiserfs]
>        [<e08a3bf2>] reiserfs_listxattr+0x5a/0x11e [reiserfs]
>        [<c0133eeb>] trace_hardirqs_on+0x126/0x150
>        [<e08a3b98>] reiserfs_listxattr+0x0/0x11e [reiserfs]
>        [<c017ab4f>] vfs_listxattr+0x46/0x7c
>        [<c017abc9>] listxattr+0x44/0x87
>        [<c017ac73>] sys_llistxattr+0x33/0x44
>        [<c012e14d>] up_read+0x14/0x27
>        [<c0104dbc>] restore_nocheck+0x12/0x15
>        [<c0104d74>] syscall_call+0x7/0xb
>        [<ffffffff>] 0xffffffff
> 
> -> #0 (&REISERFS_I(inode)->xattr_sem){..--}:
>        [<c012e6d2>] print_stack_trace+0x4e/0x5c
>        [<c0134c1a>] __lock_acquire+0x913/0xbbb
>        [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>        [<c017570b>] new_inode+0x24/0x8a
>        [<c0134f29>] lock_acquire+0x67/0x81
>        [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>        [<c012e0d6>] down_read+0x3d/0x4e
>        [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>        [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>        [<e08873b5>] reiserfs_create+0x3d/0x1bc [reiserfs]
>        [<e08a2e37>] reiserfs_permission+0x0/0x21 [reiserfs]
>        [<c016abf2>] permission+0xc8/0xdb
>        [<c016b11f>] vfs_create+0x9c/0x106
>        [<c016d871>] open_namei+0x177/0x5a2
>        [<c016348d>] do_filp_open+0x25/0x39
>        [<c028c912>] _spin_unlock+0x14/0x1c
>        [<c016325b>] get_unused_fd+0xb3/0xbd
>        [<c01634e3>] do_sys_open+0x42/0xbe
>        [<c0163598>] sys_open+0x1c/0x1e
>        [<c0104d74>] syscall_call+0x7/0xb
>        [<ffffffff>] 0xffffffff
> 
> other info that might help us debug this:
> 
> 1 lock held by mktemp/1459:
>  #0:  (&inode->i_mutex){--..}, at: [<c016d7dc>] open_namei+0xe2/0x5a2
> 
> stack backtrace:
>  [<c013343e>] print_circular_bug_tail+0x5f/0x67
>  [<c0134c1a>] __lock_acquire+0x913/0xbbb
>  [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>  [<c017570b>] new_inode+0x24/0x8a
>  [<c0134f29>] lock_acquire+0x67/0x81
>  [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>  [<c012e0d6>] down_read+0x3d/0x4e
>  [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>  [<e08a5236>] reiserfs_cache_default_acl+0x2a/0x9c [reiserfs]
>  [<e08873b5>] reiserfs_create+0x3d/0x1bc [reiserfs]
>  [<e08a2e37>] reiserfs_permission+0x0/0x21 [reiserfs]
>  [<c016abf2>] permission+0xc8/0xdb
>  [<c016b11f>] vfs_create+0x9c/0x106
>  [<c016d871>] open_namei+0x177/0x5a2
>  [<c016348d>] do_filp_open+0x25/0x39
>  [<c028c912>] _spin_unlock+0x14/0x1c
>  [<c016325b>] get_unused_fd+0xb3/0xbd
>  [<c01634e3>] do_sys_open+0x42/0xbe
>  [<c0163598>] sys_open+0x1c/0x1e
>  [<c0104d74>] syscall_call+0x7/0xb
>  =======================

The message disappears when I revert the patch:

commit 9b7f375505f5611efb562065b57814b28a81abc3
Author: Jeff Mahoney <jeffm@...e.com>
Date:   Mon Apr 23 14:41:17 2007 -0700

    reiserfs: fix xattr root locking/refcount bug
    

So, likely a newly introduced bug after rc7...


Takashi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ