From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E1ADC4167B for ; Mon, 2 Jan 2023 08:24:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 243F48E0002; Mon, 2 Jan 2023 03:24:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1F4288E0001; Mon, 2 Jan 2023 03:24:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0BEC18E0002; Mon, 2 Jan 2023 03:24:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EE1528E0001 for ; Mon, 2 Jan 2023 03:24:42 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A5DE2805CE for ; Mon, 2 Jan 2023 08:24:42 +0000 (UTC) X-FDA: 80309172804.15.C83892A Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72]) by imf12.hostedemail.com (Postfix) with ESMTP id 4FE9240008 for ; Mon, 2 Jan 2023 08:24:39 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=none; dmarc=none; spf=none (imf12.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1672647881; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2VDT7FbEb8eT4ahnK/2Lkw5mxpi5qEhKjtFlqSs/FXM=; b=mg5xeo53JHg/N74GSI+ZqMJDeFhIpRpD852o78RL85249g6JVgNxVGCNDO+xr/hk0BALCm J4agRxsyGj5OulO/TLbm/VA+rMW6BkNVnQqm4o5xZIPuULKx6XmQ+xGHFPCA4E8zehZRSG lR+EEFzTFo5lBSGqMdCahSGPF8+rCrU= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=none; dmarc=none; spf=none (imf12.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1672647881; a=rsa-sha256; cv=none; b=fwC9UNiwxAixnj7f77n78Al1ruqrS00sdz5S7libjRAkeYxSzJBuzVEH23QSjn09LQFPQs Deg/tEro5gvEYklgfYORsSWzZUZHBXnLE76zYX1VNVOOY19QW4Ji8whgiyejy50lDG2rDr ivyK0YBevEJr6AdcflJJxz1DS7bVGQ4= Received: from fsav116.sakura.ne.jp (fsav116.sakura.ne.jp [27.133.134.243]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 3028OPsK023452; Mon, 2 Jan 2023 17:24:25 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav116.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav116.sakura.ne.jp); Mon, 02 Jan 2023 17:24:25 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav116.sakura.ne.jp) Received: from [192.168.1.20] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 3028OODh023449 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Mon, 2 Jan 2023 17:24:24 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Message-ID: <6383cde5-cf4b-facf-6e07-1378a485657d@I-love.SAKURA.ne.jp> Date: Mon, 2 Jan 2023 17:24:24 +0900 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [syzbot] [ntfs3?] INFO: task hung in do_user_addr_fault (3) Content-Language: en-US To: Linus Torvalds , Hillf Danton Cc: syzbot , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Waiman Long , Matthew Wilcox , syzkaller-bugs@googlegroups.com References: <00000000000060d41f05f139aa44@google.com> <20230102005409.3474-1-hdanton@sina.com> From: Tetsuo Handa In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4FE9240008 X-Stat-Signature: p7bprfagmz878i1g9ksknf9xpzwn63f5 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1672647879-138376 X-HE-Meta: U2FsdGVkX1+qwQZyUyPzIEO6Nu/wLuI0TVPxYbrH6EipW5xLxVl6FlDaEJxtN7mEdXcVgm9c9jrV/A9EZuXeQIx5SuyP+PIKRD/YcawgoBh0DXjYzOzCz6P3DtU+2YBGbqyvRb4hCZfXkxf+oDWRRQ4pZwqVRSSCtJEqgm63nobm1Yx1WRszb9oM7qIq6rf4+tF+z5GyChrBT7kv/JX9UHSsnujdIkQ/+xkKB8O9Stlckefp2sdtjvoKziccL5wyhztxtveV+SVRNRubrl9DvsrgzxClUJ5mDP87QSuYXTQr7YpvPwJPvT9FICg+PFdZYb4B1/0/nL1mp/8l5NK3OXttSL3DRWCkyTmBkptSGDaoVIwppC0wf2ftomEjNo6C11XTieyfmOBPNqCx2078IAU5gRy9Kg2QTaTpfoRG7f72ZC4t/H79OMUKqkzuo5pjpzl69cIC/oVKDOJy81u5jN9QvUcNCG8tExOfv8umkPE23z3jPWnGFnFoSU4a8h3EoKtFqMmcKO8kKOnse4tb4jpzJe0eDyEclH8PRgT0BNCYMphmt0ueYahY7EcDFws7e8aUOq+3LErNKPr7Ly755/K/83gOasf6ICM1TWcwgrQYxuiVsr6yPx28xPLPxnLiN2ZHbG7KbB2zNbh6CjxhJiiMclWR+mRmgkwtJop3uVmbrIvIblm07Uzc6PQF0eRKcluTzbSsTQkO1XZEzIDtDyW7eHV7dL0JPfdZJs3TKbWR6a6JJCmxcio1iIwnQXLujIeq8ZHug+F3qv0g09J/PgIn5t6taANFKOKZaAf+XinWbHusjTHfE3vOLUd9DcWgj+wO/MK32Kt8npg8S7IGC3mDn4LeNKoGqwHVtJt8XGmMzTyTQ1ppOXcEtQNmnSdO3zIBREXlD1LMe71r7JK4ci3oYQpT2owg7vaVvZMZP1OGC7W9sln6dMB3R9NwmZRtwuhTYfjwez7H35iPdDI owo8g2tF xprQLiBiGEPx/fiL4AbMA+6lsN79DxjirKsKj5G993K0IX6MCskIz213x9SkyBVjnkJQdGdWDYr+MjN8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2023/01/02 10:40, Linus Torvalds wrote: > So I think that we have: > > - ntfs_truncate() gets the ni_lock (fs/ntfs3/file.c:393) > > - it then - while holding that lock - calls (on line 395): > > truncate_setsize -> > truncate_pagecache -> > truncate_inode_pages -> > truncate_inode_pages_range -> > folio_lock > > but that deadlocks on another process that wants to read that page, > and that needs ni_lock to do so. > > So yes, it does look like a ntfs3 deadlock involving ni_lock. Yes, I think you are right. My patch confirmed that other threads are not holding ni_lock lock, which means that this is a deadlock between PG_locked bit and ni_lock lock. filemap_update_page() calls filemap_read_folio() after calling folio_trylock(). Since folio_trylock() sets PG_locked bit, mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799 ni_lock fs/ntfs3/ntfs_fs.h:1122 [inline] attr_data_get_block+0x4a6/0x2e40 fs/ntfs3/attrib.c:919 ntfs_get_block_vbo+0x374/0xd20 fs/ntfs3/inode.c:573 do_mpage_readpage+0x98b/0x1bb0 fs/mpage.c:208 mpage_read_folio+0x103/0x1d0 fs/mpage.c:379 filemap_read_folio+0x1ba/0x7f0 mm/filemap.c:2426 filemap_update_page+0x3ca/0x550 mm/filemap.c:2511 filemap_get_pages+0x8d8/0x1110 mm/filemap.c:2624 filemap_read+0x3e7/0xee0 mm/filemap.c:2694 is trying to take ni_lock after setting PG_locked bit. On the other hand, folio_lock() waits until PG_locked bit is cleared, but unfortunately ntfs3_setattr() already took ni_lock before calling folio_lock(). io_schedule+0x83/0x100 kernel/sched/core.c:8811 folio_wait_bit_common+0x8ca/0x1390 mm/filemap.c:1297 folio_lock include/linux/pagemap.h:938 [inline] truncate_inode_pages_range+0xc8d/0x1650 mm/truncate.c:421 truncate_inode_pages mm/truncate.c:448 [inline] truncate_pagecache mm/truncate.c:743 [inline] truncate_setsize+0xcb/0xf0 mm/truncate.c:768 ntfs_truncate fs/ntfs3/file.c:395 [inline] ntfs3_setattr+0x5a5/0xca0 fs/ntfs3/file.c:696 Since no lockdep annotation is used for e.g. PG_locked bit, this deadlock cannot be detected by lockdep...