| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <476pyowwvydb3vewhc666g7wdz4hleq74f3ht7vzodgysbfjh6@tv4xnbr5hgao>
Date: Wed, 30 Apr 2025 12:29:27 +0200
From: Jan Kara <jack@...e.cz>
To: 胡焜 <huk23@...udan.edu.cn>
Cc: Theodore Ts'o <tytso@....edu>, Jan Kara <jack@...e.com>,
linux-ext4 <linux-ext4@...r.kernel.org>, linux-kernel <linux-kernel@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>, 覃佳基 <jjtan24@...udan.edu.cn>,
baishuoran <baishuoran@...eu.edu.cn>
Subject: Re: INFO_ task hung in jbd2_complete_transaction
Hello!
On Wed 30-04-25 16:51:17, 胡焜 wrote:
> When using our customized Syzkaller to fuzz the latest Linux kernel, the
> following crash (49th)was triggered.
>
> HEAD commit: 6537cfb395f352782918d8ee7b7f10ba2cc3cbf2
> git tree: upstream
> Output:https://github.com/pghk13/Kernel-Bug/blob/main/0115rc7/49-INFO_%20task%20hung%20in%20jbd2_complete_transaction/report0
> Kernel config:https://github.com/pghk13/Kernel-Bug/blob/main/0115rc7/config.txt
> C reproducer:https://github.com/pghk13/Kernel-Bug/blob/main/0115rc7/49-INFO_%20task%20hung%20in%20jbd2_complete_transaction/4repro.c
> Syzlang reproducer: https://github.com/pghk13/Kernel-Bug/blob/main/0115rc7/49-INFO_%20task%20hung%20in%20jbd2_complete_transaction/4_repro.txt
So the reproducer does nothing with ext4 filesystem which is suspicious and
suggests that there are likely other factors on your system causing the
lockup.
> Multiple processes are in an uninterruptible sleep state (D) for more
> than 143 seconds, causing the system to hang. The core problem may be in
> jbd2_log_wait_commit function. Log commits are blocked because another
> process holds a read/write lock (s_writepages_rwsem) on the file system,
> and the process holding that lock may be waiting for the lock held by the
> current process, creating a ring dependency deadlock We have reproduced
> this issue several times on 6.13-rc7 again, but we don't have too much
> knowledge about this area, could we trouble you to check the root cause.
So this certainly isn't the full story. In particular I don't see how a
transaction commit can block on s_writepages_rwsem because it should not
acquire it at all.
The stack traces below don't show any deadlock loop either. When you
reproduce this again, can you do "echo w >/proc/sysrq-trigger" in the hung
VM (or perhaps add this your automation when lockup is detected) so that we
capture stack traces of all blocked tasks? Thanks!
Honza
> ==================================================================
> INFO: task syz.8.17184:127686 blocked for more than 143 seconds.
> Not tainted 6.13.0-rc7 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.8.17184 state:D stack:27568 pid:127686 tgid:127684 ppid:125724 flags:0x00004004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5369 [inline]
> __schedule+0xe60/0x4120 kernel/sched/core.c:6756
> __schedule_loop kernel/sched/core.c:6833 [inline]
> schedule+0xd4/0x210 kernel/sched/core.c:6848
> jbd2_log_wait_commit+0x2cc/0x430 fs/jbd2/journal.c:673
> jbd2_complete_transaction+0x188/0x1f0 fs/jbd2/journal.c:799
> ext4_fc_commit+0x984/0x1840 fs/ext4/fast_commit.c:1236
> ext4_fallocate+0x540/0x3810 fs/ext4/extents.c:4827
> vfs_fallocate+0x49d/0xeb0 fs/open.c:327
> ksys_fallocate+0x55/0xa0 fs/open.c:351
> __do_sys_fallocate fs/open.c:356 [inline]
> __se_sys_fallocate fs/open.c:354 [inline]
> __x64_sys_fallocate+0x97/0x100 fs/open.c:354
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xc3/0x1d0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f0e50ae071d
> RSP: 002b:00007f0e4f733ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
> RAX: ffffffffffffffda RBX: 00007f0e50ca2f80 RCX: 00007f0e50ae071d
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
> RBP: 00007f0e50b55425 R08: 0000000000000000 R09: 0000000000000000
> R10: 00000000001000f8 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f0e50ca2f8c R14: 00007f0e50ca3018 R15: 00007f0e4f733d40
> </TASK>
> INFO: task syz.8.17184:127690 blocked for more than 143 seconds.
> Not tainted 6.13.0-rc7 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.8.17184 state:D stack:28376 pid:127690 tgid:127684 ppid:125724 flags:0x00000004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5369 [inline]
> __schedule+0xe60/0x4120 kernel/sched/core.c:6756
> __schedule_loop kernel/sched/core.c:6833 [inline]
> schedule+0xd4/0x210 kernel/sched/core.c:6848
> schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6905
> rwsem_down_read_slowpath+0x78f/0xf10 kernel/locking/rwsem.c:1084
> __down_read_common kernel/locking/rwsem.c:1248 [inline]
> __down_read kernel/locking/rwsem.c:1261 [inline]
> down_read+0xf0/0x480 kernel/locking/rwsem.c:1526
> inode_lock_shared include/linux/fs.h:828 [inline]
> ext4_dio_read_iter fs/ext4/file.c:78 [inline]
> ext4_file_read_iter fs/ext4/file.c:145 [inline]
> ext4_file_read_iter+0x211/0x410 fs/ext4/file.c:130
> copy_splice_read+0x5d5/0xb90 fs/splice.c:365
> do_splice_read.part.0+0x1c1/0x230 fs/splice.c:984
> do_splice_read fs/splice.c:967 [inline]
> splice_direct_to_actor+0x2c4/0xa10 fs/splice.c:1089
> do_splice_direct_actor+0x181/0x250 fs/splice.c:1207
> do_splice_direct+0x41/0x60 fs/splice.c:1233
> do_sendfile+0xac1/0xde0 fs/read_write.c:1363
> __do_sys_sendfile64 fs/read_write.c:1424 [inline]
> __se_sys_sendfile64 fs/read_write.c:1410 [inline]
> __x64_sys_sendfile64+0x1d5/0x210 fs/read_write.c:1410
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xc3/0x1d0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f0e50ae071d
> RSP: 002b:00007f0e4f712ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
> RAX: ffffffffffffffda RBX: 00007f0e50ca3058 RCX: 00007f0e50ae071d
> RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
> RBP: 00007f0e50b55425 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000100000008 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f0e50ca3064 R14: 00007f0e50ca30f0 R15: 00007f0e4f712d40
> </TASK>
> INFO: task syz.4.17192:127724 blocked for more than 143 seconds.
> Not tainted 6.13.0-rc7 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.4.17192 state:D stack:30144 pid:127724 tgid:127723 ppid:125700 flags:0x00000004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5369 [inline]
> __schedule+0xe60/0x4120 kernel/sched/core.c:6756
> __schedule_loop kernel/sched/core.c:6833 [inline]
> schedule+0xd4/0x210 kernel/sched/core.c:6848
> jbd2_log_wait_commit+0x2cc/0x430 fs/jbd2/journal.c:673
> ext4_sync_fs+0x6f6/0x880 fs/ext4/super.c:6373
> dquot_quota_sync+0xeb/0x3a0 fs/quota/dquot.c:755
> quota_sync_one+0x14d/0x1a0 fs/quota/quota.c:60
> iterate_supers+0xff/0x230 fs/super.c:934
> quota_sync_all+0xca/0xe0 fs/quota/quota.c:69
> __do_sys_quotactl fs/quota/quota.c:938 [inline]
> __se_sys_quotactl fs/quota/quota.c:917 [inline]
> __x64_sys_quotactl+0x255/0x3b0 fs/quota/quota.c:917
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xc3/0x1d0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f23f835971d
> RSP: 002b:00007f23f6facba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
> RAX: ffffffffffffffda RBX: 00007f23f851bf80 RCX: 00007f23f835971d
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000102
> RBP: 00007f23f83ce425 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f23f851bf8c R14: 00007f23f851c018 R15: 00007f23f6facd40
> </TASK>
> INFO: task syz.4.17192:127725 blocked for more than 143 seconds.
> Not tainted 6.13.0-rc7 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.4.17192 state:D stack:28320 pid:127725 tgid:127723 ppid:125700 flags:0x00000004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5369 [inline]
> __schedule+0xe60/0x4120 kernel/sched/core.c:6756
> __schedule_loop kernel/sched/core.c:6833 [inline]
> schedule+0xd4/0x210 kernel/sched/core.c:6848
> jbd2_log_wait_commit+0x2cc/0x430 fs/jbd2/journal.c:673
> ext4_sync_fs+0x6f6/0x880 fs/ext4/super.c:6373
> dquot_quota_sync+0xeb/0x3a0 fs/quota/dquot.c:755
> quota_sync_one+0x14d/0x1a0 fs/quota/quota.c:60
> iterate_supers+0xff/0x230 fs/super.c:934
> quota_sync_all+0xca/0xe0 fs/quota/quota.c:69
> __do_sys_quotactl fs/quota/quota.c:938 [inline]
> __se_sys_quotactl fs/quota/quota.c:917 [inline]
> __x64_sys_quotactl+0x255/0x3b0 fs/quota/quota.c:917
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xc3/0x1d0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f23f835971d
> RSP: 002b:00007f23f6f8bba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
> RAX: ffffffffffffffda RBX: 00007f23f851c058 RCX: 00007f23f835971d
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000101
> RBP: 00007f23f83ce425 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f23f851c064 R14: 00007f23f851c0f0 R15: 00007f23f6f8bd40
> </TASK>
> INFO: task syz.4.17192:127726 blocked for more than 143 seconds.
> Not tainted 6.13.0-rc7 #1
> "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
> task:syz.4.17192 state:D stack:28320 pid:127726 tgid:127723 ppid:125700 flags:0x00000004
> Call Trace:
> <TASK>
> context_switch kernel/sched/core.c:5369 [inline]
> __schedule+0xe60/0x4120 kernel/sched/core.c:6756
> __schedule_loop kernel/sched/core.c:6833 [inline]
> schedule+0xd4/0x210 kernel/sched/core.c:6848
> jbd2_log_wait_commit+0x2cc/0x430 fs/jbd2/journal.c:673
> ext4_sync_fs+0x6f6/0x880 fs/ext4/super.c:6373
> dquot_quota_sync+0xeb/0x3a0 fs/quota/dquot.c:755
> quota_sync_one+0x14d/0x1a0 fs/quota/quota.c:60
> iterate_supers+0xff/0x230 fs/super.c:934
> quota_sync_all+0xca/0xe0 fs/quota/quota.c:69
> __do_sys_quotactl fs/quota/quota.c:938 [inline]
> __se_sys_quotactl fs/quota/quota.c:917 [inline]
> __x64_sys_quotactl+0x255/0x3b0 fs/quota/quota.c:917
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xc3/0x1d0 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f23f835971d
> RSP: 002b:00007f23f6f6aba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
> RAX: ffffffffffffffda RBX: 00007f23f851c130 RCX: 00007f23f835971d
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff80000101
> RBP: 00007f23f83ce425 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007f23f851c13c R14: 00007f23f851c1c8 R15: 00007f23f6f6ad40
> </TASK>
>
>
> Showing all locks held in the system:
> 1 lock held by systemd/1:
> #0: ff110000082a2cc8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000082a2cc8 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by khungtaskd/45:
> #0: ffffffffab51aea0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
> #0: ffffffffab51aea0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
> #0: ffffffffab51aea0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x75/0x340 kernel/locking/lockdep.c:6744
> 1 lock held by kswapd0/83:
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: balance_pgdat+0xfb/0xe80 mm/vmscan.c:6871
> 1 lock held by systemd-journal/222:
> #0: ff11000055863698 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff11000055863698 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by cron/288:
> #0: ff1100000db1f9b8 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:828 [inline]
> #0: ff1100000db1f9b8 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: lookup_slow fs/namei.c:1807 [inline]
> #0: ff1100000db1f9b8 (&type->i_mutex_dir_key#3){++++}-{4:4}, at: walk_component+0x338/0x5b0 fs/namei.c:2112
> 2 locks held by in:imklog/328:
> #0: ff110000082dacc8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000082dacc8 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0x17c1/0x2ec0 mm/filemap.c:3342
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 1 lock held by sshd/402:
> #0: ff110000080cd408 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000080cd408 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by syz-executor/408:
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 4 locks held by kworker/u18:5/740:
> #0: ff11000002250948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000002250948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa000001420fd98 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa000001420fd98 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_trylock_shared+0x21/0x100 fs/super.c:562
> #3: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 3 locks held by kworker/2:4/90257:
> #0: ff11000001071948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001071948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa00000047b7d98 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa00000047b7d98 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x8c/0x1050 net/wireless/reg.c:2480
> 4 locks held by kworker/3:5/107489:
> 3 locks held by kworker/u20:3/114127:
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000003cd7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000003cd7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 3 locks held by kworker/u16:1/117711:
> #0: ff1100000a902148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff1100000a902148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000004147d98 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000004147d98 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0xb2/0x12c0 net/ipv6/addrconf.c:4215
> 3 locks held by kworker/u17:7/125828:
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000003e57d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000003e57d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 3 locks held by kworker/u17:11/125830:
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000003da7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000003da7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 3 locks held by kworker/u17:20/125839:
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000003eb7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000003eb7d98 ((work_completion)(&(&krcp->page_cache_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 2 locks held by kworker/u17:21/125840:
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
> #0: ff11000001079148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x1175/0x1ba0 kernel/workqueue.c:3317
> #1: ffa0000003ec7d98 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
> #1: ffa0000003ec7d98 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x52f/0x1ba0 kernel/workqueue.c:3317
> 3 locks held by syz.1.17173/127617:
> 2 locks held by syz.8.17184/127686:
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: ksys_fallocate+0x55/0xa0 fs/open.c:351
> #1: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
> #1: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_fallocate+0x2dc/0x3810 fs/ext4/extents.c:4796
> 1 lock held by syz.8.17184/127690:
> #0: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:828 [inline]
> #0: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_dio_read_iter fs/ext4/file.c:78 [inline]
> #0: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_file_read_iter fs/ext4/file.c:145 [inline]
> #0: ff1100000dbde618 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_file_read_iter+0x211/0x410 fs/ext4/file.c:130
> 1 lock held by syz.4.17192/127724:
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x17a/0x3e0 fs/super.c:120
> 1 lock held by syz.4.17192/127725:
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x17a/0x3e0 fs/super.c:120
> 1 lock held by syz.4.17192/127726:
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: __super_lock fs/super.c:58 [inline]
> #0: ff1100000acf20e0 (&type->s_umount_key#52){++++}-{4:4}, at: super_lock+0x17a/0x3e0 fs/super.c:120
> 1 lock held by syz.9.17206/128665:
> #0: ff1100003388f3e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
> #0: ff1100003388f3e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise mm/madvise.c:1671 [inline]
> #0: ff1100003388f3e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise+0x3dd/0x9c0 mm/madvise.c:1635
> 1 lock held by syz.5.17137/128685:
> #0: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 1 lock held by syz.2.17205/128709:
> #0: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 2 locks held by syz.7.17241/128994:
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: do_pwritev+0x1b1/0x270 fs/read_write.c:1146
> #1: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 1 lock held by syz.1.17261/129124:
> #0: ff1100003c6f3ae0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
> #0: ff1100003c6f3ae0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise mm/madvise.c:1671 [inline]
> #0: ff1100003c6f3ae0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise+0x3dd/0x9c0 mm/madvise.c:1635
> 2 locks held by syz.0.17260/129092:
> #0: ff1100000ecf9ec8 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
> #0: ff1100000ecf9ec8 (&sb->s_type->i_mutex_key#12){+.+.}-{4:4}, at: __sock_release+0x86/0x270 net/socket.c:639
> #1: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: ip_mc_drop_socket+0x92/0x290 net/ipv4/igmp.c:2718
> 3 locks held by syz.5.17276/129138:
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: ioctl_setflags fs/ioctl.c:725 [inline]
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: do_vfs_ioctl+0x1df/0x1850 fs/ioctl.c:869
> #1: ff1100000ef06fe8 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
> #1: ff1100000ef06fe8 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: vfs_fileattr_set+0x14c/0xa00 fs/ioctl.c:681
> #2: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages_down_write fs/ext4/ext4.h:1788 [inline]
> #2: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_ind_migrate+0x23c/0xa10 fs/ext4/migrate.c:626
> 1 lock held by syz.2.17290/129203:
> #0: ff1100003d0794e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
> #0: ff1100003d0794e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise mm/madvise.c:1671 [inline]
> #0: ff1100003d0794e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise+0x3dd/0x9c0 mm/madvise.c:1635
> 1 lock held by syz.0.17293/129212:
> #0: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 1 lock held by syz.0.17293/129213:
> #0: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 1 lock held by syz.0.17293/129215:
> #0: ff1100000acf4b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x19d/0x7d0 mm/page-writeback.c:2702
> 1 lock held by syz.6.17302/129248:
> #0: ff1100000af273e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock include/linux/mmap_lock.h:144 [inline]
> #0: ff1100000af273e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise mm/madvise.c:1671 [inline]
> #0: ff1100000af273e0 (&mm->mmap_lock){++++}-{4:4}, at: do_madvise+0x3dd/0x9c0 mm/madvise.c:1635
> 2 locks held by syz.3.17305/129251:
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: ksys_fallocate+0x55/0xa0 fs/open.c:351
> #1: ff1100000db83508 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
> #1: ff1100000db83508 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_zero_range fs/ext4/extents.c:4607 [inline]
> #1: ff1100000db83508 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_fallocate+0xc98/0x3810 fs/ext4/extents.c:4787
> 2 locks held by syz.0.17314/129284:
> #0: ff1100000acf2420 (sb_writers#3){.+.+}-{0:0}, at: ksys_fallocate+0x55/0xa0 fs/open.c:351
> #1: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]
> #1: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_fallocate+0x2dc/0x3810 fs/ext4/extents.c:4796
> 1 lock held by syz.0.17314/129285:
> #0: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: inode_lock_shared include/linux/fs.h:828 [inline]
> #0: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_dio_read_iter fs/ext4/file.c:78 [inline]
> #0: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_file_read_iter fs/ext4/file.c:145 [inline]
> #0: ff1100000fcd5c48 (&sb->s_type->i_mutex_key#7){++++}-{4:4}, at: ext4_file_read_iter+0x211/0x410 fs/ext4/file.c:130
> 3 locks held by syz-executor/129398:
> #0: ffffffffac415aa0 (&ops->srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:158 [inline]
> #0: ffffffffac415aa0 (&ops->srcu){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:249 [inline]
> #0: ffffffffac415aa0 (&ops->srcu){.+.+}-{0:0}, at: rtnl_link_ops_get+0x116/0x2c0 net/core/rtnetlink.c:559
> #1: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
> #1: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:326 [inline]
> #1: ffffffffacfb2208 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x77c/0x1cb0 net/core/rtnetlink.c:4011
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #2: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 1 lock held by syz-executor/129430:
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #0: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 2 locks held by modprobe/129433:
> #0: ff1100003d0781e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:122 [inline]
> #0: ff1100003d0781e0 (&mm->mmap_lock){++++}-{4:4}, at: setup_arg_pages+0x2a8/0xce0 fs/exec.c:770
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __perform_reclaim mm/page_alloc.c:3926 [inline]
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3951 [inline]
> #1: ffffffffab647720 (fs_reclaim){+.+.}-{0:0}, at: __alloc_pages_slowpath.constprop.0+0x50c/0x2170 mm/page_alloc.c:4382
> 1 lock held by syz-executor/129434:
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by syz-executor/129435:
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by syz-executor/129436:
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_unbounded+0x159/0x690 mm/readahead.c:226
> 1 lock held by syz-executor/129437:
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0xe80/0x2ec0 mm/filemap.c:3323
> 1 lock held by syz-executor/129438:
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:873 [inline]
> #0: ff110000102f0f58 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0xe80/0x2ec0 mm/filemap.c:3323
>
>
> =============================================
>
>
>
>
>
>
> ------------------------------
> thanks,
> Kun Hu
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists