possible deadlock in diAllocAG
0 views
Skip to first unread message
sanan....@gmail.com
Jun 26, 2026, 5:29:10 PM (3 days ago) Jun 26
to sha...@kernel.org, ke...@kernel.org, jfs-dis...@lists.sourceforge.net, linux-...@vger.kernel.org, syzk...@googlegroups.com, con...@pgazz.com
Good day, dear maintainers,
We found a bug using a modified version of syzkaller.
Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1kXBeUeTSaKl6tRmHJYx88zaMkxZV_-X5>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!
Best regards,
Sanan Hasanov
loop6: detected capacity change from 0 to 32768
======================================================
WARNING: possible circular locking dependency detected
7.0.0-rc1 #1 Not tainted
------------------------------------------------------
syz.6.30795/143856 is trying to acquire lock:
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
but task is already holding lock:
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocAG+0xaa4/0x1d70 fs/jfs/jfs_imap.c:1669
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&jfs_ip->rdwrlock/1){++++}-{4:4}:
down_read_nested+0x49/0x2e0 kernel/locking/rwsem.c:1662
diAlloc+0x795/0x1680 fs/jfs/jfs_imap.c:1388
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_open fs/open.c:1380 [inline]
__se_sys_open fs/open.c:1376 [inline]
__x64_sys_open+0x11e/0x140 fs/open.c:1376
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #3 (&(imap->im_aglock[index])){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diFree+0x2b9/0x2c50 fs/jfs/jfs_imap.c:889
jfs_evict_inode+0x331/0x440 fs/jfs/inode.c:162
evict+0x5ed/0xad0 fs/inode.c:846
__dentry_kill+0x198/0x5d0 fs/dcache.c:670
shrink_kill+0xa9/0x2c0 fs/dcache.c:1147
shrink_dentry_list+0x2e0/0x5e0 fs/dcache.c:1174
prune_dcache_sb+0x10e/0x170 fs/dcache.c:1256
super_cache_scan+0x365/0x4a0 fs/super.c:223
do_shrink_slab+0x6d2/0x1160 mm/shrinker.c:437
shrink_slab_memcg mm/shrinker.c:550 [inline]
shrink_slab+0x7ef/0x10d0 mm/shrinker.c:628
shrink_one+0x2d9/0x720 mm/vmscan.c:4928
shrink_many mm/vmscan.c:4989 [inline]
lru_gen_shrink_node mm/vmscan.c:5067 [inline]
shrink_node+0x3134/0x3a20 mm/vmscan.c:6047
kswapd_shrink_node mm/vmscan.c:6894 [inline]
balance_pgdat mm/vmscan.c:7070 [inline]
kswapd+0x1688/0x2d50 mm/vmscan.c:7343
kthread+0x389/0x480 kernel/kthread.c:467
ret_from_fork+0x507/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
-> #2
(fs_reclaim){+.+.}-{0:0}:
__fs_reclaim_acquire mm/page_alloc.c:4348 [inline]
fs_reclaim_acquire+0x72/0x100 mm/page_alloc.c:4362
might_alloc include/linux/sched/mm.h:317 [inline]
prepare_alloc_pages+0x152/0x650 mm/page_alloc.c:5018
__alloc_frozen_pages_noprof+0x123/0x370 mm/page_alloc.c:5239
alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2484
___kmalloc_large_node+0x4e/0x150 mm/slub.c:5160
__kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:5191
__do_kmalloc_node mm/slub.c:5207 [inline]
__kmalloc_noprof+0x3ec/0x770 mm/slub.c:5231
kmalloc_noprof include/linux/slab.h:966 [inline]
ea_get+0x40f/0x1320 fs/jfs/xattr.c:489
__jfs_setxattr+0x57c/0x1110 fs/jfs/xattr.c:727
__jfs_xattr_set+0xda/0x170 fs/jfs/xattr.c:941
__vfs_setxattr+0x431/0x470 fs/xattr.c:200
__vfs_setxattr_noperm+0x12d/0x660 fs/xattr.c:234
vfs_setxattr+0x163/0x360 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x286/0x610 fs/xattr.c:664
path_setxattrat+0x356/0x3a0 fs/xattr.c:708
__do_sys_setxattr fs/xattr.c:742 [inline]
__se_sys_setxattr fs/xattr.c:738 [inline]
__x64_sys_setxattr+0xbc/0xd0 fs/xattr.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #1 (&jfs_ip->xattr_sem){++++}-{4:4}:
down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590
__jfs_setxattr+0xe1/0x1110 fs/jfs/xattr.c:678
__jfs_xattr_set+0xda/0x170 fs/jfs/xattr.c:941
__vfs_setxattr+0x431/0x470 fs/xattr.c:200
__vfs_setxattr_noperm+0x12d/0x660 fs/xattr.c:234
vfs_setxattr+0x163/0x360 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x286/0x610 fs/xattr.c:664
path_setxattrat+0x356/0x3a0 fs/xattr.c:708
__do_sys_setxattr fs/xattr.c:742 [inline]
__se_sys_setxattr fs/xattr.c:738 [inline]
__x64_sys_setxattr+0xbc/0xd0 fs/xattr.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #0 (&jfs_ip->commit_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x159d/0x2ce0 kernel/locking/lockdep.c:5237
lock_acquire+0xf1/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
diAlloc+0x1d5/0x1680 fs/jfs/jfs_imap.c:1590
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x160 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
other info that might help us debug this:
Chain exists of:
&jfs_ip->commit_mutex --> &(imap->im_aglock[index]) --> &jfs_ip->rdwrlock/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&jfs_ip->rdwrlock/1);
lock(&(imap->im_aglock[index]));
lock(&jfs_ip->rdwrlock/1);
lock(&jfs_ip->commit_mutex);
*** DEADLOCK ***
5 locks held by syz.6.30795/143856:
#0: ffff8880007ee420 (sb_writers#28){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: open_last_lookups fs/namei.c:4580 [inline]
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: path_openat+0xb53/0x3740 fs/namei.c:4827
#2: ffff888053f58920 (&(imap->im_aglock[index])){+.+.}-{4:4}, at: diAlloc+0x77a/0x1680 fs/jfs/jfs_imap.c:1385
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diAllocAG+0x70f/0x1d70 fs/jfs/jfs_imap.c:1669
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocAG+0xaa4/0x1d70 fs/jfs/jfs_imap.c:1669
stack backtrace:
CPU: 0 UID: 0 PID: 143856 Comm: syz.6.30795 Not tainted 7.0.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_circular_bug+0x2dd/0x2f0 kernel/locking/lockdep.c:2043
check_noncircular+0x129/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x159d/0x2ce0 kernel/locking/lockdep.c:5237
lock_acquire+0xf1/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
diAlloc+0x1d5/0x1680 fs/jfs/jfs_imap.c:1590
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x160 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7eff9f7a3b6d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007effa05a3018 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007eff9fa15fa0 RCX: 00007eff9f7a3b6d
RDX: 000000000000275a RSI: 0000200000000200 RDI: ffffffffffffff9c
RBP: 00007eff9f847c3e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007eff9fa16038 R14: 00007eff9fa15fa0 R15: 00007fff90bdb370
</TASK>
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
We found a bug using a modified version of syzkaller.
Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1kXBeUeTSaKl6tRmHJYx88zaMkxZV_-X5>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!
Best regards,
Sanan Hasanov
loop6: detected capacity change from 0 to 32768
======================================================
WARNING: possible circular locking dependency detected
7.0.0-rc1 #1 Not tainted
------------------------------------------------------
syz.6.30795/143856 is trying to acquire lock:
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
ffff88805621b8b8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
but task is already holding lock:
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocAG+0xaa4/0x1d70 fs/jfs/jfs_imap.c:1669
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&jfs_ip->rdwrlock/1){++++}-{4:4}:
down_read_nested+0x49/0x2e0 kernel/locking/rwsem.c:1662
diAlloc+0x795/0x1680 fs/jfs/jfs_imap.c:1388
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_open fs/open.c:1380 [inline]
__se_sys_open fs/open.c:1376 [inline]
__x64_sys_open+0x11e/0x140 fs/open.c:1376
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #3 (&(imap->im_aglock[index])){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diFree+0x2b9/0x2c50 fs/jfs/jfs_imap.c:889
jfs_evict_inode+0x331/0x440 fs/jfs/inode.c:162
evict+0x5ed/0xad0 fs/inode.c:846
__dentry_kill+0x198/0x5d0 fs/dcache.c:670
shrink_kill+0xa9/0x2c0 fs/dcache.c:1147
shrink_dentry_list+0x2e0/0x5e0 fs/dcache.c:1174
prune_dcache_sb+0x10e/0x170 fs/dcache.c:1256
super_cache_scan+0x365/0x4a0 fs/super.c:223
do_shrink_slab+0x6d2/0x1160 mm/shrinker.c:437
shrink_slab_memcg mm/shrinker.c:550 [inline]
shrink_slab+0x7ef/0x10d0 mm/shrinker.c:628
shrink_one+0x2d9/0x720 mm/vmscan.c:4928
shrink_many mm/vmscan.c:4989 [inline]
lru_gen_shrink_node mm/vmscan.c:5067 [inline]
shrink_node+0x3134/0x3a20 mm/vmscan.c:6047
kswapd_shrink_node mm/vmscan.c:6894 [inline]
balance_pgdat mm/vmscan.c:7070 [inline]
kswapd+0x1688/0x2d50 mm/vmscan.c:7343
kthread+0x389/0x480 kernel/kthread.c:467
ret_from_fork+0x507/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
-> #2
(fs_reclaim){+.+.}-{0:0}:
__fs_reclaim_acquire mm/page_alloc.c:4348 [inline]
fs_reclaim_acquire+0x72/0x100 mm/page_alloc.c:4362
might_alloc include/linux/sched/mm.h:317 [inline]
prepare_alloc_pages+0x152/0x650 mm/page_alloc.c:5018
__alloc_frozen_pages_noprof+0x123/0x370 mm/page_alloc.c:5239
alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2484
___kmalloc_large_node+0x4e/0x150 mm/slub.c:5160
__kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:5191
__do_kmalloc_node mm/slub.c:5207 [inline]
__kmalloc_noprof+0x3ec/0x770 mm/slub.c:5231
kmalloc_noprof include/linux/slab.h:966 [inline]
ea_get+0x40f/0x1320 fs/jfs/xattr.c:489
__jfs_setxattr+0x57c/0x1110 fs/jfs/xattr.c:727
__jfs_xattr_set+0xda/0x170 fs/jfs/xattr.c:941
__vfs_setxattr+0x431/0x470 fs/xattr.c:200
__vfs_setxattr_noperm+0x12d/0x660 fs/xattr.c:234
vfs_setxattr+0x163/0x360 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x286/0x610 fs/xattr.c:664
path_setxattrat+0x356/0x3a0 fs/xattr.c:708
__do_sys_setxattr fs/xattr.c:742 [inline]
__se_sys_setxattr fs/xattr.c:738 [inline]
__x64_sys_setxattr+0xbc/0xd0 fs/xattr.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #1 (&jfs_ip->xattr_sem){++++}-{4:4}:
down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590
__jfs_setxattr+0xe1/0x1110 fs/jfs/xattr.c:678
__jfs_xattr_set+0xda/0x170 fs/jfs/xattr.c:941
__vfs_setxattr+0x431/0x470 fs/xattr.c:200
__vfs_setxattr_noperm+0x12d/0x660 fs/xattr.c:234
vfs_setxattr+0x163/0x360 fs/xattr.c:321
do_setxattr fs/xattr.c:636 [inline]
filename_setxattr+0x286/0x610 fs/xattr.c:664
path_setxattrat+0x356/0x3a0 fs/xattr.c:708
__do_sys_setxattr fs/xattr.c:742 [inline]
__se_sys_setxattr fs/xattr.c:738 [inline]
__x64_sys_setxattr+0xbc/0xd0 fs/xattr.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
-> #0 (&jfs_ip->commit_mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x159d/0x2ce0 kernel/locking/lockdep.c:5237
lock_acquire+0xf1/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
diAlloc+0x1d5/0x1680 fs/jfs/jfs_imap.c:1590
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x160 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
other info that might help us debug this:
Chain exists of:
&jfs_ip->commit_mutex --> &(imap->im_aglock[index]) --> &jfs_ip->rdwrlock/1
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&jfs_ip->rdwrlock/1);
lock(&(imap->im_aglock[index]));
lock(&jfs_ip->rdwrlock/1);
lock(&jfs_ip->commit_mutex);
*** DEADLOCK ***
5 locks held by syz.6.30795/143856:
#0: ffff8880007ee420 (sb_writers#28){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:493
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: inode_lock include/linux/fs.h:1028 [inline]
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: open_last_lookups fs/namei.c:4580 [inline]
#1: ffff88805621b340 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: path_openat+0xb53/0x3740 fs/namei.c:4827
#2: ffff888053f58920 (&(imap->im_aglock[index])){+.+.}-{4:4}, at: diAlloc+0x77a/0x1680 fs/jfs/jfs_imap.c:1385
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
#3: ffff888053f58890 (&imap->im_freelock){+.+.}-{4:4}, at: diAllocAG+0x70f/0x1d70 fs/jfs/jfs_imap.c:1669
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
#4: ffff88805621b828 (&jfs_ip->rdwrlock/1){++++}-{4:4}, at: diAllocAG+0xaa4/0x1d70 fs/jfs/jfs_imap.c:1669
stack backtrace:
CPU: 0 UID: 0 PID: 143856 Comm: syz.6.30795 Not tainted 7.0.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
print_circular_bug+0x2dd/0x2f0 kernel/locking/lockdep.c:2043
check_noncircular+0x129/0x150 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3165 [inline]
check_prevs_add kernel/locking/lockdep.c:3284 [inline]
validate_chain kernel/locking/lockdep.c:3908 [inline]
__lock_acquire+0x159d/0x2ce0 kernel/locking/lockdep.c:5237
lock_acquire+0xf1/0x2e0 kernel/locking/lockdep.c:5868
__mutex_lock_common kernel/locking/mutex.c:614 [inline]
__mutex_lock+0x184/0x1300 kernel/locking/mutex.c:776
diNewIAG fs/jfs/jfs_imap.c:2522 [inline]
diAllocExt fs/jfs/jfs_imap.c:1905 [inline]
diAllocAG+0x1422/0x1d70 fs/jfs/jfs_imap.c:1669
diAlloc+0x1d5/0x1680 fs/jfs/jfs_imap.c:1590
ialloc+0x8c/0x8f0 fs/jfs/jfs_inode.c:56
jfs_create+0x18d/0xa80 fs/jfs/namei.c:93
lookup_open fs/namei.c:4483 [inline]
open_last_lookups fs/namei.c:4583 [inline]
path_openat+0x1388/0x3740 fs/namei.c:4827
do_file_open+0x203/0x440 fs/namei.c:4859
do_sys_openat2+0x105/0x1e0 fs/open.c:1366
do_sys_open fs/open.c:1372 [inline]
__do_sys_openat fs/open.c:1388 [inline]
__se_sys_openat fs/open.c:1383 [inline]
__x64_sys_openat+0x138/0x160 fs/open.c:1383
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x160/0xfc0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7eff9f7a3b6d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007effa05a3018 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007eff9fa15fa0 RCX: 00007eff9f7a3b6d
RDX: 000000000000275a RSI: 0000200000000200 RDI: ffffffffffffff9c
RBP: 00007eff9f847c3e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007eff9fa16038 R14: 00007eff9fa15fa0 R15: 00007fff90bdb370
</TASK>
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Reply all
Reply to author
Forward
0 new messages