| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250623023149.GA70156@system.software.com>
Date: Mon, 23 Jun 2025 11:31:49 +0900
From: Byungchul Park <byungchul@...com>
To: linux-kernel@...r.kernel.org, almaz.alexandrovich@...agon-software.com,
ntfs3@...ts.linux.dev
Cc: kernel_team@...ynix.com, torvalds@...ux-foundation.org,
akpm@...ux-foundation.org, yeoreum.yun@....com,
yunseong.kim@...csson.com, gwan-gyeong.mun@...el.com,
harry.yoo@...cle.com, ysk@...lloc.com
Subject: [RFC] DEPT report on around ntfs3 and filemap
Hi folks,
Thanks to Yunseong, we got a DEPT report in ntfs3. It doesn't mean it's
an obvious deadlock, but after digging into the report, I'm wondering if
it could happen by any chance. The scenario that I'm concerning is:
CONTEXT A CONTEXT B
ntfs_fill_super()
inode_read_data() // for sbi->def_table and sbi->upcase
... ntfs_lookup()
mutex_lock(&ni->ni_lock) // hold
dir_search_u()
...
btfs_bread()
folio_lock() // hold
filemap_read_folio() // with folio lock held
...
__find_get_block_slow()
folio_lock() // stuck
ntfs_read_folio()
mutex_lock(&ni->ni_lock) // stuck
Am I missing something? One thing possibily I'm missing is that the two
ni_locks never contend, but I'm not sure if it's true for the all
possible cases e.g. manipulating block dev directly.
FYI, the following is the DEPT report we got.
Byungchul
---
[ 2279.669417][T42160] ===================================================
[ 2279.669468][T42160] DEPT: Circular dependency has been detected.
[ 2279.669483][T42160] 6.15.0-rc6-00043-ga83a69ec7f9f #5 Not tainted
[ 2279.669499][T42160] ---------------------------------------------------
[ 2279.669511][T42160] summary
[ 2279.669522][T42160] ---------------------------------------------------
[ 2279.669534][T42160] *** DEADLOCK ***
[ 2279.669534][T42160]
[ 2279.669545][T42160] context A
[ 2279.669557][T42160] [S] (unknown)(pg_locked_map:0)
[ 2279.669572][T42160] [W] lock(&ni->ni_lock:0)
[ 2279.669587][T42160] [E] dept_page_clear_bit(pg_locked_map:0)
[ 2279.669601][T42160]
[ 2279.669611][T42160] context B
[ 2279.669622][T42160] [S] lock(&ni->ni_lock:0)
[ 2279.669635][T42160] [W] dept_page_wait_on_bit(pg_locked_map:0)
[ 2279.669650][T42160] [E] unlock(&ni->ni_lock:0)
[ 2279.669663][T42160]
[ 2279.669673][T42160] [S]: start of the event context
[ 2279.669683][T42160] [W]: the wait blocked
[ 2279.669693][T42160] [E]: the event not reachable
[ 2279.669704][T42160] ---------------------------------------------------
[ 2279.669714][T42160] context A's detail
[ 2279.669725][T42160] ---------------------------------------------------
[ 2279.669735][T42160] context A
[ 2279.669746][T42160] [S] (unknown)(pg_locked_map:0)
[ 2279.669759][T42160] [W] lock(&ni->ni_lock:0)
[ 2279.669772][T42160] [E] dept_page_clear_bit(pg_locked_map:0)
[ 2279.669786][T42160]
[ 2279.669796][T42160] [S] (unknown)(pg_locked_map:0):
[ 2279.669809][T42160] (N/A)
[ 2279.669818][T42160]
[ 2279.669828][T42160] [W] lock(&ni->ni_lock:0):
[ 2279.669841][T42160] [<ffff800081935bd4>] ntfs_read_folio+0x174/0x200
[ 2279.669875][T42160] stacktrace:
[ 2279.669901][T42160] __mutex_lock+0x730/0xa08
[ 2279.669932][T42160] mutex_lock_nested+0x24/0x38
[ 2279.669952][T42160] ntfs_read_folio+0x174/0x200
[ 2279.669970][T42160] filemap_read_folio+0xc8/0x280
[ 2279.669990][T42160] do_read_cache_folio+0x290/0x56c
[ 2279.670010][T42160] read_cache_page+0x64/0x150
[ 2279.670027][T42160] inode_read_data+0xa4/0x9c0
[ 2279.670046][T42160] ntfs_fill_super+0x1fec/0x3840
[ 2279.670072][T42160] get_tree_bdev_flags+0x330/0x528
[ 2279.670099][T42160] get_tree_bdev+0x2c/0x3c
[ 2279.670119][T42160] ntfs_fs_get_tree+0x28/0x38
[ 2279.670139][T42160] vfs_get_tree+0x7c/0x2c0
[ 2279.670158][T42160] path_mount+0x1380/0x1d20
[ 2279.670184][T42160] __arm64_sys_mount+0x438/0x530
[ 2279.670204][T42160] invoke_syscall+0x88/0x2e0
[ 2279.670234][T42160] el0_svc_common.constprop.0+0xe8/0x2e0
[ 2279.670256][T42160]
[ 2279.670265][T42160] [E] dept_page_clear_bit(pg_locked_map:0):
[ 2279.670279][T42160] [<ffff800081935c14>] ntfs_read_folio+0x1b4/0x200
[ 2279.670299][T42160] stacktrace:
[ 2279.670309][T42160] ntfs_read_folio+0x1b4/0x200
[ 2279.670327][T42160] filemap_read_folio+0xc8/0x280
[ 2279.670343][T42160] do_read_cache_folio+0x290/0x56c
[ 2279.670361][T42160] read_cache_page+0x64/0x150
[ 2279.670378][T42160] inode_read_data+0xa4/0x9c0
[ 2279.670396][T42160] ntfs_fill_super+0x1fec/0x3840
[ 2279.670418][T42160] get_tree_bdev_flags+0x330/0x528
[ 2279.670438][T42160] get_tree_bdev+0x2c/0x3c
[ 2279.670458][T42160] ntfs_fs_get_tree+0x28/0x38
[ 2279.670478][T42160] vfs_get_tree+0x7c/0x2c0
[ 2279.670497][T42160] path_mount+0x1380/0x1d20
[ 2279.670516][T42160] __arm64_sys_mount+0x438/0x530
[ 2279.670535][T42160] invoke_syscall+0x88/0x2e0
[ 2279.670555][T42160] el0_svc_common.constprop.0+0xe8/0x2e0
[ 2279.670577][T42160] do_el0_svc+0x44/0x60
[ 2279.670597][T42160] el0_svc+0x50/0x188
[ 2279.670626][T42160] ---------------------------------------------------
[ 2279.670637][T42160] context B's detail
[ 2279.670648][T42160] ---------------------------------------------------
[ 2279.670659][T42160] context B
[ 2279.670669][T42160] [S] lock(&ni->ni_lock:0)
[ 2279.670683][T42160] [W] dept_page_wait_on_bit(pg_locked_map:0)
[ 2279.670697][T42160] [E] unlock(&ni->ni_lock:0)
[ 2279.670710][T42160]
[ 2279.670719][T42160] [S] lock(&ni->ni_lock:0):
[ 2279.670732][T42160] [<ffff800081951e78>] ntfs_lookup+0x188/0x238
[ 2279.670755][T42160] stacktrace:
[ 2279.670764][T42160] __mutex_lock+0x74c/0xa08
[ 2279.670783][T42160] mutex_lock_nested+0x24/0x38
[ 2279.670803][T42160] ntfs_lookup+0x188/0x238
[ 2279.670822][T42160] lookup_open.isra.0+0x414/0x1310
[ 2279.670846][T42160] path_openat+0x1174/0x2740
[ 2279.670867][T42160] do_filp_open+0x198/0x3a0
[ 2279.670895][T42160] do_sys_openat2+0x11c/0x1e0
[ 2279.670912][T42160] __arm64_sys_openat+0x158/0x208
[ 2279.670929][T42160] invoke_syscall+0x88/0x2e0
[ 2279.670949][T42160] el0_svc_common.constprop.0+0xe8/0x2e0
[ 2279.670970][T42160] do_el0_svc+0x44/0x60
[ 2279.670990][T42160] el0_svc+0x50/0x188
[ 2279.671011][T42160] el0t_64_sync_handler+0x10c/0x140
[ 2279.671034][T42160] el0t_64_sync+0x198/0x19c
[ 2279.671053][T42160]
[ 2279.671062][T42160] [W] dept_page_wait_on_bit(pg_locked_map:0):
[ 2279.671075][T42160] [<ffff800080dfcae4>] bdev_getblk+0x174/0x218
[ 2279.671100][T42160] stacktrace:
[ 2279.671110][T42160] __find_get_block_slow+0x26c/0x684
[ 2279.671128][T42160] bdev_getblk+0x174/0x218
[ 2279.671145][T42160] __bread_gfp+0x8c/0x2b8
[ 2279.671162][T42160] ntfs_bread+0xb8/0x22c
[ 2279.671192][T42160] wnd_map+0x264/0x3a0
[ 2279.671212][T42160] wnd_is_used+0x338/0x520
[ 2279.671232][T42160] run_unpack_ex+0x454/0x62c
[ 2279.671252][T42160] ntfs_iget5+0x980/0x3048
[ 2279.671270][T42160] dir_search_u+0x140/0x348
[ 2279.671290][T42160] ntfs_lookup+0x198/0x238
[ 2279.671309][T42160] lookup_open.isra.0+0x414/0x1310
[ 2279.671328][T42160] path_openat+0x1174/0x2740
[ 2279.671348][T42160] do_filp_open+0x198/0x3a0
[ 2279.671367][T42160] do_sys_openat2+0x11c/0x1e0
[ 2279.671383][T42160] __arm64_sys_openat+0x158/0x208
[ 2279.671400][T42160] invoke_syscall+0x88/0x2e0
[ 2279.671420][T42160]
[ 2279.671430][T42160] [E] unlock(&ni->ni_lock:0):
[ 2279.671442][T42160] (N/A)
[ 2279.671452][T42160] ---------------------------------------------------
[ 2279.671463][T42160] information that might be helpful
[ 2279.671473][T42160] ---------------------------------------------------
[ 2279.671488][T42160] CPU: 2 UID: 0 PID: 42160 Comm: syz.0.6499 Not tainted 6.15.0-rc6-00043-ga83a69ec7f9f #5 PREEMPT
[ 2279.671502][T42160] Hardware name: QEMU KVM Virtual Machine, BIOS 2025.02-8 05/13/2025
[ 2279.671510][T42160] Call trace:
[ 2279.671515][T42160] show_stack+0x34/0x80 (C)
[ 2279.671542][T42160] dump_stack_lvl+0x104/0x180
[ 2279.671568][T42160] dump_stack+0x20/0x2c
[ 2279.671583][T42160] cb_check_dl+0x1080/0x10ec
[ 2279.671599][T42160] bfs+0x4d8/0x630
[ 2279.671610][T42160] add_dep+0x1cc/0x364
[ 2279.671623][T42160] __dept_event.part.0+0xde0/0x1240
[ 2279.671636][T42160] dept_event+0x208/0x29c
[ 2279.671649][T42160] folio_unlock+0x8c/0x160
[ 2279.671678][T42160] ntfs_read_folio+0x1b4/0x200
[ 2279.671691][T42160] filemap_read_folio+0xc8/0x280
[ 2279.671702][T42160] do_read_cache_folio+0x290/0x56c
[ 2279.671714][T42160] read_cache_page+0x64/0x150
[ 2279.671726][T42160] inode_read_data+0xa4/0x9c0
[ 2279.671740][T42160] ntfs_fill_super+0x1fec/0x3840
[ 2279.671756][T42160] get_tree_bdev_flags+0x330/0x528
[ 2279.671771][T42160] get_tree_bdev+0x2c/0x3c
[ 2279.671786][T42160] ntfs_fs_get_tree+0x28/0x38
[ 2279.671801][T42160] vfs_get_tree+0x7c/0x2c0
[ 2279.671815][T42160] path_mount+0x1380/0x1d20
[ 2279.671829][T42160] __arm64_sys_mount+0x438/0x530
[ 2279.671844][T42160] invoke_syscall+0x88/0x2e0
[ 2279.671859][T42160] el0_svc_common.constprop.0+0xe8/0x2e0
[ 2279.671875][T42160] do_el0_svc+0x44/0x60
[ 2279.671898][T42160] el0_svc+0x50/0x188
[ 2279.671915][T42160] el0t_64_sync_handler+0x10c/0x140
[ 2279.671932][T42160] el0t_64_sync+0x198/0x19c
Powered by blists - more mailing lists