possible deadlock in __ntfs_clear_inode
6 views
Skip to first unread message
syzbot
Dec 10, 2022, 5:52:40 PM12/10/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10c32c3f880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=349e304626b5aace69af
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+349e30...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/10594 is trying to acquire lock:
00000000b4a6876a (&rl->lock){++++}, at: __ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
but task is already holding lock:
00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (fs_reclaim){+.+.}:
prepare_alloc_pages mm/page_alloc.c:4341 [inline]
__alloc_pages_nodemask+0x1b7/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__page_cache_alloc mm/filemap.c:969 [inline]
do_read_cache_page+0xa36/0x1170 mm/filemap.c:2815
read_mapping_page include/linux/pagemap.h:402 [inline]
ntfs_map_page fs/ntfs/aops.h:89 [inline]
map_mft_record_page fs/ntfs/mft.c:87 [inline]
map_mft_record+0x1fe/0xc70 fs/ntfs/mft.c:170
ntfs_read_locked_inode+0x19c/0x56e0 fs/ntfs/inode.c:575
ntfs_iget+0x12d/0x180 fs/ntfs/inode.c:190
ntfs_lookup+0x2f2/0xbf0 fs/ntfs/namei.c:131
lookup_open+0x698/0x1a20 fs/namei.c:3214
do_last fs/namei.c:3327 [inline]
path_openat+0x1094/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (&ni->mrec_lock){+.+.}:
map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168
ntfs_truncate+0x202/0x2820 fs/ntfs/inode.c:2395
ntfs_truncate_vfs fs/ntfs/inode.c:2875 [inline]
ntfs_setattr+0x1b6/0x620 fs/ntfs/inode.c:2925
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
handle_truncate fs/namei.c:3009 [inline]
do_last fs/namei.c:3427 [inline]
path_openat+0x2308/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&rl->lock){++++}:
down_write+0x34/0x90 kernel/locking/rwsem.c:70
__ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
ntfs_evict_big_inode+0x179/0x470 fs/ntfs/inode.c:2292
evict+0x2ed/0x760 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
prune_icache_sb+0xe7/0x140 fs/inode.c:789
super_cache_scan+0x390/0x590 fs/super.c:104
do_shrink_slab+0x397/0xa40 mm/vmscan.c:537
shrink_slab+0x16f/0x550 mm/vmscan.c:693
shrink_node.isra.0+0x2d3/0x1300 mm/vmscan.c:2748
shrink_zones mm/vmscan.c:2977 [inline]
do_try_to_free_pages+0x38e/0xfe0 mm/vmscan.c:3035
try_to_free_pages+0x27f/0x7c0 mm/vmscan.c:3251
__perform_reclaim mm/page_alloc.c:3800 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
__alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
__alloc_pages_nodemask+0xcc8/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_pages_node include/linux/gfp.h:523 [inline]
alloc_new_node_page+0x305/0x400 mm/mempolicy.c:995
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&rl->lock --> &ni->mrec_lock --> fs_reclaim
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(&ni->mrec_lock);
lock(fs_reclaim);
lock(&rl->lock);
*** DEADLOCK ***
3 locks held by syz-executor.5/10594:
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419
#1: 000000009898dd94 (shrinker_rwsem){++++}, at: shrink_slab+0xc7/0x550 mm/vmscan.c:683
#2: 000000002825908a (&type->s_umount_key#67){++++}, at: trylock_super fs/super.c:412 [inline]
#2: 000000002825908a (&type->s_umount_key#67){++++}, at: super_cache_scan+0x6c/0x590 fs/super.c:77
stack backtrace:
CPU: 1 PID: 10594 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
down_write+0x34/0x90 kernel/locking/rwsem.c:70
__ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
ntfs_evict_big_inode+0x179/0x470 fs/ntfs/inode.c:2292
evict+0x2ed/0x760 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
prune_icache_sb+0xe7/0x140 fs/inode.c:789
super_cache_scan+0x390/0x590 fs/super.c:104
do_shrink_slab+0x397/0xa40 mm/vmscan.c:537
shrink_slab+0x16f/0x550 mm/vmscan.c:693
shrink_node.isra.0+0x2d3/0x1300 mm/vmscan.c:2748
shrink_zones mm/vmscan.c:2977 [inline]
do_try_to_free_pages+0x38e/0xfe0 mm/vmscan.c:3035
try_to_free_pages+0x27f/0x7c0 mm/vmscan.c:3251
__perform_reclaim mm/page_alloc.c:3800 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
__alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
__alloc_pages_nodemask+0xcc8/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_pages_node include/linux/gfp.h:523 [inline]
alloc_new_node_page+0x305/0x400 mm/mempolicy.c:995
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fafa68170d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fafa4d89168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007fafa6936f80 RCX: 00007fafa68170d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007fafa6872ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc1186b15f R14: 00007fafa4d89300 R15: 0000000000022000
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
syz-executor.5: page allocation failure: order:0, mode:0x6600ca(GFP_HIGHUSER_MOVABLE|__GFP_THISNODE), nodemask=(null)
syz-executor.3: page allocation failure: order:0, mode:0x6600ca(GFP_HIGHUSER_MOVABLE|__GFP_THISNODE), nodemask=(null)
syz-executor.5 cpuset=/ mems_allowed=0-1
syz-executor.3 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 11374 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457
__alloc_pages_slowpath mm/page_alloc.c:4317 [inline]
__alloc_pages_nodemask+0x232f/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_new_node_page+0x2b6/0x400 mm/mempolicy.c:1003
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f9b8d0890d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9b8b5fb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007f9b8d1a8f80 RCX: 00007f9b8d0890d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007f9b8d0e4ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd78d35b3f R14: 00007f9b8b5fb300 R15: 0000000000022000
CPU: 0 PID: 11365 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457
Mem-Info:
__alloc_pages_slowpath mm/page_alloc.c:4317 [inline]
__alloc_pages_nodemask+0x232f/0x2890 mm/page_alloc.c:4419
active_anon:686181 inactive_anon:42868 isolated_anon:386
active_file:4010 inactive_file:2784 isolated_file:0
unevictable:0 dirty:8 writeback:0 unstable:0
slab_reclaimable:18918 slab_unreclaimable:155565
mapped:26875 shmem:51449 pagetables:28492 bounce:0
free:693552 free_pcp:1009 free_cma:0
Node 0 active_anon:1841180kB inactive_anon:25836kB active_file:32kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:94452kB dirty:4kB writeback:0kB shmem:50352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1632256kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_new_node_page+0x2b6/0x400 mm/mempolicy.c:1003
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
Node 1 active_anon:903544kB inactive_anon:145636kB active_file:16008kB inactive_file:11132kB unevictable:0kB isolated(anon):1544kB isolated(file):0kB mapped:13048kB dirty:28kB writeback:0kB shmem:155444kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fafa68170d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fafa4d89168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007fafa6936f80 RCX: 00007fafa68170d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007fafa6872ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc1186b15f R14: 00007fafa4d89300 R15: 0000000000022000
Node 0 DMA free:10992kB min:204kB low:252kB high:300kB active_anon:1824kB inactive_anon:72kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:344kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2693 2695 2695 2695
Node 0 DMA32 free:40012kB min:35996kB low:44992kB high:53988kB active_anon:1838588kB inactive_anon:25764kB active_file:16kB inactive_file:8kB unevictable:0kB writepending:4kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:12640kB pagetables:14972kB bounce:0kB free_pcp:2428kB local_pcp:1028kB free_cma:0kB
lowmem_reserve[]: 0 0 1 1 1
Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:2722980kB min:53876kB low:67344kB high:80812kB active_anon:901544kB inactive_anon:145636kB active_file:16012kB inactive_file:11292kB unevictable:0kB writepending:52kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:53184kB pagetables:98768kB bounce:0kB free_pcp:2640kB local_pcp:1300kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 22*4kB (UM) 5*8kB (UME) 11*16kB (UME) 22*32kB (UM) 12*64kB (U) 2*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 3*2048kB (ME) 0*4096kB = 10992kB
Node 0 DMA32: 2348*4kB (UME) 758*8kB (UMEH) 258*16kB (UMEH) 171*32kB (UMEH) 73*64kB (UMEH) 33*128kB (UMEH) 20*256kB (UMH) 3*512kB (UM) 1*1024kB (H) 0*2048kB 0*4096kB = 41632kB
Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
Node 1 Normal: 71*4kB (M) 1737*8kB (UME) 1656*16kB (UME) 877*32kB (UME) 352*64kB (UME) 142*128kB (UME) 58*256kB (UME) 29*512kB (UM) 13*1024kB (UM) 4*2048kB (UM) 627*4096kB (UM) = 2728836kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
58157 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
2097051 pages RAM
0 pages HighMem/MovableOnly
369649 pages reserved
0 pages cma reserved
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10c32c3f880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=349e304626b5aace69af
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+349e30...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.5/10594 is trying to acquire lock:
00000000b4a6876a (&rl->lock){++++}, at: __ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
but task is already holding lock:
00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (fs_reclaim){+.+.}:
prepare_alloc_pages mm/page_alloc.c:4341 [inline]
__alloc_pages_nodemask+0x1b7/0x2890 mm/page_alloc.c:4393
alloc_pages_current+0x193/0x2a0 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__page_cache_alloc mm/filemap.c:969 [inline]
do_read_cache_page+0xa36/0x1170 mm/filemap.c:2815
read_mapping_page include/linux/pagemap.h:402 [inline]
ntfs_map_page fs/ntfs/aops.h:89 [inline]
map_mft_record_page fs/ntfs/mft.c:87 [inline]
map_mft_record+0x1fe/0xc70 fs/ntfs/mft.c:170
ntfs_read_locked_inode+0x19c/0x56e0 fs/ntfs/inode.c:575
ntfs_iget+0x12d/0x180 fs/ntfs/inode.c:190
ntfs_lookup+0x2f2/0xbf0 fs/ntfs/namei.c:131
lookup_open+0x698/0x1a20 fs/namei.c:3214
do_last fs/namei.c:3327 [inline]
path_openat+0x1094/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (&ni->mrec_lock){+.+.}:
map_mft_record+0x3c/0xc70 fs/ntfs/mft.c:168
ntfs_truncate+0x202/0x2820 fs/ntfs/inode.c:2395
ntfs_truncate_vfs fs/ntfs/inode.c:2875 [inline]
ntfs_setattr+0x1b6/0x620 fs/ntfs/inode.c:2925
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
handle_truncate fs/namei.c:3009 [inline]
do_last fs/namei.c:3427 [inline]
path_openat+0x2308/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&rl->lock){++++}:
down_write+0x34/0x90 kernel/locking/rwsem.c:70
__ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
ntfs_evict_big_inode+0x179/0x470 fs/ntfs/inode.c:2292
evict+0x2ed/0x760 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
prune_icache_sb+0xe7/0x140 fs/inode.c:789
super_cache_scan+0x390/0x590 fs/super.c:104
do_shrink_slab+0x397/0xa40 mm/vmscan.c:537
shrink_slab+0x16f/0x550 mm/vmscan.c:693
shrink_node.isra.0+0x2d3/0x1300 mm/vmscan.c:2748
shrink_zones mm/vmscan.c:2977 [inline]
do_try_to_free_pages+0x38e/0xfe0 mm/vmscan.c:3035
try_to_free_pages+0x27f/0x7c0 mm/vmscan.c:3251
__perform_reclaim mm/page_alloc.c:3800 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
__alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
__alloc_pages_nodemask+0xcc8/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_pages_node include/linux/gfp.h:523 [inline]
alloc_new_node_page+0x305/0x400 mm/mempolicy.c:995
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&rl->lock --> &ni->mrec_lock --> fs_reclaim
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(fs_reclaim);
lock(&ni->mrec_lock);
lock(fs_reclaim);
lock(&rl->lock);
*** DEADLOCK ***
3 locks held by syz-executor.5/10594:
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3778 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: fs_reclaim_release mm/page_alloc.c:3774 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __perform_reclaim mm/page_alloc.c:3805 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
#0: 00000000dad60976 (fs_reclaim){+.+.}, at: __alloc_pages_nodemask+0x191e/0x2890 mm/page_alloc.c:4419
#1: 000000009898dd94 (shrinker_rwsem){++++}, at: shrink_slab+0xc7/0x550 mm/vmscan.c:683
#2: 000000002825908a (&type->s_umount_key#67){++++}, at: trylock_super fs/super.c:412 [inline]
#2: 000000002825908a (&type->s_umount_key#67){++++}, at: super_cache_scan+0x6c/0x590 fs/super.c:77
stack backtrace:
CPU: 1 PID: 10594 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
down_write+0x34/0x90 kernel/locking/rwsem.c:70
__ntfs_clear_inode+0x24/0x260 fs/ntfs/inode.c:2203
ntfs_evict_big_inode+0x179/0x470 fs/ntfs/inode.c:2292
evict+0x2ed/0x760 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
prune_icache_sb+0xe7/0x140 fs/inode.c:789
super_cache_scan+0x390/0x590 fs/super.c:104
do_shrink_slab+0x397/0xa40 mm/vmscan.c:537
shrink_slab+0x16f/0x550 mm/vmscan.c:693
shrink_node.isra.0+0x2d3/0x1300 mm/vmscan.c:2748
shrink_zones mm/vmscan.c:2977 [inline]
do_try_to_free_pages+0x38e/0xfe0 mm/vmscan.c:3035
try_to_free_pages+0x27f/0x7c0 mm/vmscan.c:3251
__perform_reclaim mm/page_alloc.c:3800 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3821 [inline]
__alloc_pages_slowpath mm/page_alloc.c:4211 [inline]
__alloc_pages_nodemask+0xcc8/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_pages_node include/linux/gfp.h:523 [inline]
alloc_new_node_page+0x305/0x400 mm/mempolicy.c:995
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fafa68170d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fafa4d89168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007fafa6936f80 RCX: 00007fafa68170d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007fafa6872ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc1186b15f R14: 00007fafa4d89300 R15: 0000000000022000
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
syz-executor.5: page allocation failure: order:0, mode:0x6600ca(GFP_HIGHUSER_MOVABLE|__GFP_THISNODE), nodemask=(null)
syz-executor.3: page allocation failure: order:0, mode:0x6600ca(GFP_HIGHUSER_MOVABLE|__GFP_THISNODE), nodemask=(null)
syz-executor.5 cpuset=/ mems_allowed=0-1
syz-executor.3 cpuset=/ mems_allowed=0-1
CPU: 1 PID: 11374 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457
__alloc_pages_slowpath mm/page_alloc.c:4317 [inline]
__alloc_pages_nodemask+0x232f/0x2890 mm/page_alloc.c:4419
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_new_node_page+0x2b6/0x400 mm/mempolicy.c:1003
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f9b8d0890d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9b8b5fb168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007f9b8d1a8f80 RCX: 00007f9b8d0890d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007f9b8d0e4ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd78d35b3f R14: 00007f9b8b5fb300 R15: 0000000000022000
CPU: 0 PID: 11365 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
warn_alloc.cold+0x7b/0x18f mm/page_alloc.c:3457
Mem-Info:
__alloc_pages_slowpath mm/page_alloc.c:4317 [inline]
__alloc_pages_nodemask+0x232f/0x2890 mm/page_alloc.c:4419
active_anon:686181 inactive_anon:42868 isolated_anon:386
active_file:4010 inactive_file:2784 isolated_file:0
unevictable:0 dirty:8 writeback:0 unstable:0
slab_reclaimable:18918 slab_unreclaimable:155565
mapped:26875 shmem:51449 pagetables:28492 bounce:0
free:693552 free_pcp:1009 free_cma:0
Node 0 active_anon:1841180kB inactive_anon:25836kB active_file:32kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:94452kB dirty:4kB writeback:0kB shmem:50352kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1632256kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
__alloc_pages include/linux/gfp.h:496 [inline]
__alloc_pages_node include/linux/gfp.h:509 [inline]
alloc_new_node_page+0x2b6/0x400 mm/mempolicy.c:1003
unmap_and_move mm/migrate.c:1168 [inline]
migrate_pages+0x528/0x2fe0 mm/migrate.c:1419
do_move_pages_to_node mm/migrate.c:1501 [inline]
do_move_pages_to_node mm/migrate.c:1493 [inline]
do_pages_move mm/migrate.c:1686 [inline]
kernel_move_pages+0x506/0x1820 mm/migrate.c:1827
Node 1 active_anon:903544kB inactive_anon:145636kB active_file:16008kB inactive_file:11132kB unevictable:0kB isolated(anon):1544kB isolated(file):0kB mapped:13048kB dirty:28kB writeback:0kB shmem:155444kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
__do_sys_move_pages mm/migrate.c:1845 [inline]
__se_sys_move_pages mm/migrate.c:1840 [inline]
__x64_sys_move_pages+0xdd/0x1b0 mm/migrate.c:1840
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fafa68170d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fafa4d89168 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
RAX: ffffffffffffffda RBX: 00007fafa6936f80 RCX: 00007fafa68170d9
RDX: 0000000020000200 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007fafa6872ae9 R08: 0000000020000140 R09: 0000000000000000
R10: 000000002026bfec R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc1186b15f R14: 00007fafa4d89300 R15: 0000000000022000
Node 0 DMA free:10992kB min:204kB low:252kB high:300kB active_anon:1824kB inactive_anon:72kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:344kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 2693 2695 2695 2695
Node 0 DMA32 free:40012kB min:35996kB low:44992kB high:53988kB active_anon:1838588kB inactive_anon:25764kB active_file:16kB inactive_file:8kB unevictable:0kB writepending:4kB present:3129332kB managed:2763452kB mlocked:0kB kernel_stack:12640kB pagetables:14972kB bounce:0kB free_pcp:2428kB local_pcp:1028kB free_cma:0kB
lowmem_reserve[]: 0 0 1 1 1
Node 0 Normal free:8kB min:24kB low:28kB high:32kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:2000kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 1 Normal free:2722980kB min:53876kB low:67344kB high:80812kB active_anon:901544kB inactive_anon:145636kB active_file:16012kB inactive_file:11292kB unevictable:0kB writepending:52kB present:4194304kB managed:4128248kB mlocked:0kB kernel_stack:53184kB pagetables:98768kB bounce:0kB free_pcp:2640kB local_pcp:1300kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0 0
Node 0 DMA: 22*4kB (UM) 5*8kB (UME) 11*16kB (UME) 22*32kB (UM) 12*64kB (U) 2*128kB (UE) 1*256kB (E) 1*512kB (E) 2*1024kB (UE) 3*2048kB (ME) 0*4096kB = 10992kB
Node 0 DMA32: 2348*4kB (UME) 758*8kB (UMEH) 258*16kB (UMEH) 171*32kB (UMEH) 73*64kB (UMEH) 33*128kB (UMEH) 20*256kB (UMH) 3*512kB (UM) 1*1024kB (H) 0*2048kB 0*4096kB = 41632kB
Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
Node 1 Normal: 71*4kB (M) 1737*8kB (UME) 1656*16kB (UME) 877*32kB (UME) 352*64kB (UME) 142*128kB (UME) 58*256kB (UME) 29*512kB (UM) 13*1024kB (UM) 4*2048kB (UM) 627*4096kB (UM) = 2728836kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
58157 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
2097051 pages RAM
0 pages HighMem/MovableOnly
369649 pages reserved
0 pages cma reserved
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Reply all
Reply to author
Forward
0 new messages