[v5.15] possible deadlock in flush_workqueue (3)
0 views
Skip to first unread message
syzbot
Nov 29, 2024, 6:46:32 AMNov 29
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0a51d2d4527b Linux 5.15.173
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=171ddf5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=69147a3052c29ea2
dashboard link: https://syzkaller.appspot.com/bug?extid=9412cc722abc337b4880
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cbeb11c653b7/disk-0a51d2d4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b646052737b/vmlinux-0a51d2d4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0f7e7bafd5b2/Image-0a51d2d4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9412cc...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: about to withdraw this file system
============================================
WARNING: possible recursive locking detected
5.15.173-syzkaller #0 Not tainted
--------------------------------------------
kworker/0:10/4271 is trying to acquire lock:
ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: flush_workqueue+0x120/0x11c4 kernel/workqueue.c:2830
but task is already holding lock:
ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock((wq_completion)delete_workqueue);
lock((wq_completion)delete_workqueue);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by kworker/0:10/4271:
#0: ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
#1: ffff8000209f7c00 ((work_completion)(&(&gl->gl_delete)->work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2285
stack backtrace:
CPU: 0 PID: 4271 Comm: kworker/0:10 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: delete_workqueue delete_work_func
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x62bc/0x7638 kernel/locking/lockdep.c:5012
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
flush_workqueue+0x14c/0x11c4 kernel/workqueue.c:2830
gfs2_flush_delete_work+0x34/0x44 fs/gfs2/glock.c:2108
gfs2_make_fs_ro+0xb4/0x554 fs/gfs2/super.c:529
signal_our_withdraw fs/gfs2/util.c:166 [inline]
gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
gfs2_meta_check_ii+0x80/0x9c fs/gfs2/util.c:498
gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
gfs2_meta_buffer+0x2c8/0x394 fs/gfs2/meta_io.c:493
gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
gfs2_inode_refresh+0xc4/0xdf4 fs/gfs2/glops.c:481
gfs2_inode_lookup+0x7a8/0xbd8 fs/gfs2/inode.c:199
gfs2_lookup_by_inum+0x60/0xf8 fs/gfs2/inode.c:250
delete_work_func+0x148/0x58c fs/gfs2/glock.c:1004
process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
worker_thread+0x910/0x1034 kernel/workqueue.c:2457
kthread+0x37c/0x45c kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 0a51d2d4527b Linux 5.15.173
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=171ddf5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=69147a3052c29ea2
dashboard link: https://syzkaller.appspot.com/bug?extid=9412cc722abc337b4880
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cbeb11c653b7/disk-0a51d2d4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b646052737b/vmlinux-0a51d2d4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0f7e7bafd5b2/Image-0a51d2d4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9412cc...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: about to withdraw this file system
============================================
WARNING: possible recursive locking detected
5.15.173-syzkaller #0 Not tainted
--------------------------------------------
kworker/0:10/4271 is trying to acquire lock:
ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: flush_workqueue+0x120/0x11c4 kernel/workqueue.c:2830
but task is already holding lock:
ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock((wq_completion)delete_workqueue);
lock((wq_completion)delete_workqueue);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by kworker/0:10/4271:
#0: ffff0000c693dd38 ((wq_completion)delete_workqueue){+.+.}-{0:0}, at: process_one_work+0x66c/0x11b8 kernel/workqueue.c:2283
#1: ffff8000209f7c00 ((work_completion)(&(&gl->gl_delete)->work)){+.+.}-{0:0}, at: process_one_work+0x6ac/0x11b8 kernel/workqueue.c:2285
stack backtrace:
CPU: 0 PID: 4271 Comm: kworker/0:10 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: delete_workqueue delete_work_func
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x62bc/0x7638 kernel/locking/lockdep.c:5012
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
flush_workqueue+0x14c/0x11c4 kernel/workqueue.c:2830
gfs2_flush_delete_work+0x34/0x44 fs/gfs2/glock.c:2108
gfs2_make_fs_ro+0xb4/0x554 fs/gfs2/super.c:529
signal_our_withdraw fs/gfs2/util.c:166 [inline]
gfs2_withdraw+0x4ec/0x12a4 fs/gfs2/util.c:343
gfs2_meta_check_ii+0x80/0x9c fs/gfs2/util.c:498
gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
gfs2_meta_buffer+0x2c8/0x394 fs/gfs2/meta_io.c:493
gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
gfs2_inode_refresh+0xc4/0xdf4 fs/gfs2/glops.c:481
gfs2_inode_lookup+0x7a8/0xbd8 fs/gfs2/inode.c:199
gfs2_lookup_by_inum+0x60/0xf8 fs/gfs2/inode.c:250
delete_work_func+0x148/0x58c fs/gfs2/glock.c:1004
process_one_work+0x790/0x11b8 kernel/workqueue.c:2310
worker_thread+0x910/0x1034 kernel/workqueue.c:2457
kthread+0x37c/0x45c kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages