[syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
瀏覽次數:24 次
跳到第一則未讀訊息
syzbot
2024年5月27日 上午9:22:305月27日
收件者:bfo...@redhat.com、kent.ov...@linux.dev、linux-b...@vger.kernel.org、linux-...@vger.kernel.org、syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9b62e02e6336 Merge tag 'mm-hotfixes-stable-2024-05-25-09-1..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e3fb34980000
kernel config: https://syzkaller.appspot.com/x/.config?x=3e73beba72b96506
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61b507f6e56c/disk-9b62e02e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6991f1313243/vmlinux-9b62e02e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65f88b96d046/bzImage-9b62e02e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
bcachefs (loop4): alloc_read... done
bcachefs (loop4): stripes_read... done
bcachefs (loop4): snapshots_read... done
bcachefs (loop4): check_allocations...
======================================================
WARNING: possible circular locking dependency detected
6.9.0-syzkaller-12393-g9b62e02e6336 #0 Not tainted
------------------------------------------------------
syz-executor.4/6744 is trying to acquire lock:
ffff888025c00988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
but task is already holding lock:
ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_btree_roots_to_journal_entries+0x93/0x570 fs/bcachefs/btree_update_interior.c:2633
bch2_fs_mark_clean+0x31b/0x470 fs/bcachefs/sb-clean.c:376
bch2_fs_read_only+0x88a/0xf10 fs/bcachefs/super.c:381
__bch2_fs_stop+0xfc/0x540 fs/bcachefs/super.c:613
generic_shutdown_super+0x159/0x3d0 fs/super.c:642
bch2_kill_sb+0x3b/0x50 fs/bcachefs/fs.c:2026
deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
deactivate_super+0xde/0x100 fs/super.c:506
cleanup_mnt+0x222/0x450 fs/namespace.c:1267
task_work_run+0x14e/0x250 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&c->sb_lock){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
legacy_get_tree+0x109/0x220 fs/fs_context.c:662
vfs_get_tree+0x8f/0x380 fs/super.c:1780
do_new_mount fs/namespace.c:3352 [inline]
path_mount+0x14e6/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount fs/namespace.c:3875 [inline]
__x64_sys_mount+0x297/0x320 fs/namespace.c:3875
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&c->btree_root_lock);
lock(&c->sb_lock);
lock(&c->btree_root_lock);
lock(&c->sb_lock);
*** DEADLOCK ***
4 locks held by syz-executor.4/6744:
#0: ffff888025c00278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x3e/0x600 fs/bcachefs/super.c:1001
#1: ffff888025c268d8 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0xf1/0x2670 fs/bcachefs/btree_gc.c:1202
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x656/0xf20 fs/bcachefs/btree_iter.c:3204
#3: ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643
stack backtrace:
CPU: 0 PID: 6744 Comm: syz-executor.4 Not tainted 6.9.0-syzkaller-12393-g9b62e02e6336 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
legacy_get_tree+0x109/0x220 fs/fs_context.c:662
vfs_get_tree+0x8f/0x380 fs/super.c:1780
do_new_mount fs/namespace.c:3352 [inline]
path_mount+0x14e6/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount fs/namespace.c:3875 [inline]
__x64_sys_mount+0x297/0x320 fs/namespace.c:3875
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f743727e5ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7437fb6ef8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f7437fb6f80 RCX: 00007f743727e5ea
RDX: 0000000020005b00 RSI: 0000000020000000 RDI: 00007f7437fb6f40
RBP: 0000000020005b00 R08: 00007f7437fb6f80 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
R13: 00007f7437fb6f40 R14: 0000000000005b46 R15: 00000000200000c0
</TASK>
bucket 0:26 gen 0 data type btree has wrong cached_sectors: got 458752, should be 0, shutting down
bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8
bcachefs (loop4): bch2_gc_alloc_done(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop4): shutting down
bcachefs (loop4): shutdown complete
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 9b62e02e6336 Merge tag 'mm-hotfixes-stable-2024-05-25-09-1..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e3fb34980000
kernel config: https://syzkaller.appspot.com/x/.config?x=3e73beba72b96506
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61b507f6e56c/disk-9b62e02e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6991f1313243/vmlinux-9b62e02e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65f88b96d046/bzImage-9b62e02e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
bcachefs (loop4): alloc_read... done
bcachefs (loop4): stripes_read... done
bcachefs (loop4): snapshots_read... done
bcachefs (loop4): check_allocations...
======================================================
WARNING: possible circular locking dependency detected
6.9.0-syzkaller-12393-g9b62e02e6336 #0 Not tainted
------------------------------------------------------
syz-executor.4/6744 is trying to acquire lock:
ffff888025c00988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
but task is already holding lock:
ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_btree_roots_to_journal_entries+0x93/0x570 fs/bcachefs/btree_update_interior.c:2633
bch2_fs_mark_clean+0x31b/0x470 fs/bcachefs/sb-clean.c:376
bch2_fs_read_only+0x88a/0xf10 fs/bcachefs/super.c:381
__bch2_fs_stop+0xfc/0x540 fs/bcachefs/super.c:613
generic_shutdown_super+0x159/0x3d0 fs/super.c:642
bch2_kill_sb+0x3b/0x50 fs/bcachefs/fs.c:2026
deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
deactivate_super+0xde/0x100 fs/super.c:506
cleanup_mnt+0x222/0x450 fs/namespace.c:1267
task_work_run+0x14e/0x250 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&c->sb_lock){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
legacy_get_tree+0x109/0x220 fs/fs_context.c:662
vfs_get_tree+0x8f/0x380 fs/super.c:1780
do_new_mount fs/namespace.c:3352 [inline]
path_mount+0x14e6/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount fs/namespace.c:3875 [inline]
__x64_sys_mount+0x297/0x320 fs/namespace.c:3875
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&c->btree_root_lock);
lock(&c->sb_lock);
lock(&c->btree_root_lock);
lock(&c->sb_lock);
*** DEADLOCK ***
4 locks held by syz-executor.4/6744:
#0: ffff888025c00278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x3e/0x600 fs/bcachefs/super.c:1001
#1: ffff888025c268d8 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0xf1/0x2670 fs/bcachefs/btree_gc.c:1202
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x656/0xf20 fs/bcachefs/btree_iter.c:3204
#3: ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643
stack backtrace:
CPU: 0 PID: 6744 Comm: syz-executor.4 Not tainted 6.9.0-syzkaller-12393-g9b62e02e6336 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain kernel/locking/lockdep.c:3869 [inline]
__lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
lock_acquire kernel/locking/lockdep.c:5754 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
legacy_get_tree+0x109/0x220 fs/fs_context.c:662
vfs_get_tree+0x8f/0x380 fs/super.c:1780
do_new_mount fs/namespace.c:3352 [inline]
path_mount+0x14e6/0x1f20 fs/namespace.c:3679
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount fs/namespace.c:3875 [inline]
__x64_sys_mount+0x297/0x320 fs/namespace.c:3875
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f743727e5ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7437fb6ef8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f7437fb6f80 RCX: 00007f743727e5ea
RDX: 0000000020005b00 RSI: 0000000020000000 RDI: 00007f7437fb6f40
RBP: 0000000020005b00 R08: 00007f7437fb6f80 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
R13: 00007f7437fb6f40 R14: 0000000000005b46 R15: 00000000200000c0
</TASK>
bucket 0:26 gen 0 data type btree has wrong cached_sectors: got 458752, should be 0, shutting down
bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8
bcachefs (loop4): bch2_gc_alloc_done(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop4): shutting down
bcachefs (loop4): shutdown complete
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
2024年6月21日 凌晨1:31:21 (5 天前) 6月21日
收件者:bfo...@redhat.com、kent.ov...@linux.dev、linux-b...@vger.kernel.org、linux-...@vger.kernel.org、syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a1c341980000
kernel config: https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144f0a61980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5cd6a6f1e8a6/disk-50736169.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2fb1a68197bc/vmlinux-50736169.xz
kernel image: https://storage.googleapis.com/syzbot-assets/783059c8c714/bzImage-50736169.xz
mounted in repro #1: https://storage.googleapis.com/syzbot-assets/6448974d55b4/mount_0.gz
mounted in repro #2: https://storage.googleapis.com/syzbot-assets/3df6949f2444/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
bcachefs (loop0): alloc_read... done
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
bcachefs (loop0): check_allocations...
------------------------------------------------------
syz-executor238/5085 is trying to acquire lock:
ffff888069900988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
but task is already holding lock:
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree fs/bcachefs/btree_gc.c:644 [inline]
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_btree_roots_to_journal_entries+0xbb/0x980 fs/bcachefs/btree_update_interior.c:2633
bch2_fs_mark_clean+0x2cc/0x6d0 fs/bcachefs/sb-clean.c:376
bch2_fs_read_only+0x1101/0x1210 fs/bcachefs/super.c:381
__bch2_fs_stop+0x105/0x540 fs/bcachefs/super.c:615
generic_shutdown_super+0x136/0x2d0 fs/super.c:642
bch2_kill_sb+0x41/0x50 fs/bcachefs/fs.c:2037
deactivate_locked_super+0xc4/0x130 fs/super.c:473
cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1267
task_work_run+0x24f/0x310 kernel/task_work.c:180
ptrace_notify+0x2d2/0x380 kernel/signal.c:2402
ptrace_report_syscall include/linux/ptrace.h:415 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173
syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
syscall_exit_to_user_mode+0x273/0x370 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2a0 fs/super.c:1780
do_new_mount+0x2be/0xb40 fs/namespace.c:3352
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
#0: ffff888069900278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x45/0x5b0 fs/bcachefs/super.c:1005
#1: ffff8880699268d0 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0x258/0xcca0 fs/bcachefs/btree_gc.c:1209
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x9b0/0xdf0 fs/bcachefs/btree_iter.c:3199
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree fs/bcachefs/btree_gc.c:644 [inline]
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224
stack backtrace:
CPU: 1 PID: 5085 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2a0 fs/super.c:1780
do_new_mount+0x2be/0xb40 fs/namespace.c:3352
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc2a630571a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff54862518 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff54862570 RCX: 00007fc2a630571a
RDX: 0000000020000040 RSI: 0000000020000fc0 RDI: 00007fff54862570
RBP: 0000000020000fc0 R08: 00007fff548625b0 R09: 00000000000119f9
R10: 0000000000200001 R11: 0000000000000282 R12: 0000000020000040
R13: 00007fff548625b0 R14: 00000000000119fc R15: 00000000200001c0
</TASK>
done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay... done
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
got: u64s 5 type deleted 0:9961472:0 len 0 ver 0
want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10
bcachefs (loop0): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop0): shutting down
bcachefs (loop0): shutdown complete
syz-executor238 (5085) used greatest stack depth: 18096 bytes left
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a1c341980000
kernel config: https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144f0a61980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5cd6a6f1e8a6/disk-50736169.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2fb1a68197bc/vmlinux-50736169.xz
kernel image: https://storage.googleapis.com/syzbot-assets/783059c8c714/bzImage-50736169.xz
mounted in repro #1: https://storage.googleapis.com/syzbot-assets/6448974d55b4/mount_0.gz
mounted in repro #2: https://storage.googleapis.com/syzbot-assets/3df6949f2444/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
bcachefs (loop0): check_allocations...
======================================================
WARNING: possible circular locking dependency detected
6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 Not tainted
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor238/5085 is trying to acquire lock:
ffff888069900988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
but task is already holding lock:
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_btree_roots_to_journal_entries+0xbb/0x980 fs/bcachefs/btree_update_interior.c:2633
bch2_fs_mark_clean+0x2cc/0x6d0 fs/bcachefs/sb-clean.c:376
bch2_fs_read_only+0x1101/0x1210 fs/bcachefs/super.c:381
__bch2_fs_stop+0x105/0x540 fs/bcachefs/super.c:615
generic_shutdown_super+0x136/0x2d0 fs/super.c:642
bch2_kill_sb+0x41/0x50 fs/bcachefs/fs.c:2037
deactivate_locked_super+0xc4/0x130 fs/super.c:473
cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1267
task_work_run+0x24f/0x310 kernel/task_work.c:180
ptrace_notify+0x2d2/0x380 kernel/signal.c:2402
ptrace_report_syscall include/linux/ptrace.h:415 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173
syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
syscall_exit_to_user_mode+0x273/0x370 kernel/entry/common.c:218
do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&c->sb_lock){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
-> #0 (&c->sb_lock){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2a0 fs/super.c:1780
do_new_mount+0x2be/0xb40 fs/namespace.c:3352
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
__do_sys_mount fs/namespace.c:3898 [inline]
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&c->btree_root_lock);
lock(&c->sb_lock);
lock(&c->btree_root_lock);
lock(&c->sb_lock);
*** DEADLOCK ***
4 locks held by syz-executor238/5085:
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&c->btree_root_lock);
lock(&c->sb_lock);
lock(&c->btree_root_lock);
lock(&c->sb_lock);
*** DEADLOCK ***
#0: ffff888069900278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x45/0x5b0 fs/bcachefs/super.c:1005
#1: ffff8880699268d0 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0x258/0xcca0 fs/bcachefs/btree_gc.c:1209
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x9b0/0xdf0 fs/bcachefs/btree_iter.c:3199
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree fs/bcachefs/btree_gc.c:644 [inline]
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
#3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224
stack backtrace:
CPU: 1 PID: 5085 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__mutex_lock_common kernel/locking/mutex.c:608 [inline]
__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
legacy_get_tree+0xee/0x190 fs/fs_context.c:662
vfs_get_tree+0x90/0x2a0 fs/super.c:1780
do_new_mount+0x2be/0xb40 fs/namespace.c:3352
do_mount fs/namespace.c:3692 [inline]
__do_sys_mount fs/namespace.c:3898 [inline]
__se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
__do_sys_mount fs/namespace.c:3898 [inline]
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc2a630571a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff54862518 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff54862570 RCX: 00007fc2a630571a
RDX: 0000000020000040 RSI: 0000000020000fc0 RDI: 00007fff54862570
RBP: 0000000020000fc0 R08: 00007fff548625b0 R09: 00000000000119f9
R10: 0000000000200001 R11: 0000000000000282 R12: 0000000020000040
R13: 00007fff548625b0 R14: 00000000000119fc R15: 00000000200001c0
</TASK>
done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay... done
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
got: u64s 5 type deleted 0:9961472:0 len 0 ver 0
want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10
bcachefs (loop0): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop0): shutting down
bcachefs (loop0): shutdown complete
syz-executor238 (5085) used greatest stack depth: 18096 bytes left
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Lizhi Xu
2024年6月21日 凌晨4:58:18 (5 天前) 6月21日
收件者:syzbot+050e79...@syzkaller.appspotmail.com、syzkall...@googlegroups.com
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 50736169ecc8
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
entry = sb_clean->start;
bch2_journal_super_entries_add_common(c, &entry, 0);
+ mutex_unlock(&c->sb_lock);
entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
* this should be in the write path, and we should be validating every
* superblock section:
*/
+ mutex_lock(&c->sb_lock);
ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
if (ret) {
bch_err(c, "error writing marking filesystem clean: validate error");
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
entry = sb_clean->start;
bch2_journal_super_entries_add_common(c, &entry, 0);
+ mutex_unlock(&c->sb_lock);
entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
* this should be in the write path, and we should be validating every
* superblock section:
*/
+ mutex_lock(&c->sb_lock);
ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
if (ret) {
bch_err(c, "error writing marking filesystem clean: validate error");
syzbot
2024年6月21日 清晨5:28:06 (5 天前) 6月21日
收件者:linux-...@vger.kernel.org、lizh...@windriver.com、syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+050e79...@syzkaller.appspotmail.com
Tested on:
commit: 50736169 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10f1c341980000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+050e79...@syzkaller.appspotmail.com
Tested on:
commit: 50736169 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10f1c341980000
kernel config: https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1001c201980000
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Lizhi Xu
2024年6月21日 清晨5:34:29 (5 天前) 6月21日
收件者:syzbot+050e79...@syzkaller.appspotmail.com、bfo...@redhat.com、kent.ov...@linux.dev、linux-b...@vger.kernel.org、linux-...@vger.kernel.org、syzkall...@googlegroups.com
[Syz reported]
[Analysis]
bch2_btree_roots_to_journal_entries() does not need to hold sb_lock, so
we can remove sb_lock to avoid deadlock.
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
Signed-off-by: Lizhi Xu <lizh...@windriver.com>
---
fs/bcachefs/sb-clean.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
entry = sb_clean->start;
bch2_journal_super_entries_add_common(c, &entry, 0);
+ mutex_unlock(&c->sb_lock);
entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
* this should be in the write path, and we should be validating every
* superblock section:
*/
+ mutex_lock(&c->sb_lock);
ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
if (ret) {
bch_err(c, "error writing marking filesystem clean: validate error");
--
2.43.0
bch2_btree_roots_to_journal_entries() does not need to hold sb_lock, so
we can remove sb_lock to avoid deadlock.
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
Signed-off-by: Lizhi Xu <lizh...@windriver.com>
---
fs/bcachefs/sb-clean.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
entry = sb_clean->start;
bch2_journal_super_entries_add_common(c, &entry, 0);
+ mutex_unlock(&c->sb_lock);
entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
* this should be in the write path, and we should be validating every
* superblock section:
*/
+ mutex_lock(&c->sb_lock);
ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
if (ret) {
bch_err(c, "error writing marking filesystem clean: validate error");
2.43.0
syzbot
2024年6月21日 下午6:17:04 (5 天前) 6月21日
收件者:bfo...@redhat.com、kent.ov...@linux.dev、linux-b...@vger.kernel.org、linux-...@vger.kernel.org、lizh...@windriver.com、syzkall...@googlegroups.com
syzbot has bisected this issue to:
commit 103304021e54bfb5cab9ba04cd5ef0dc2bf33888
Author: Kent Overstreet <kent.ov...@linux.dev>
Date: Sat Apr 20 02:44:12 2024 +0000
bcachefs: Move gc of bucket.oldest_gen to workqueue
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=162879ea980000
start commit: 50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=112879ea980000
Fixes: 103304021e54 ("bcachefs: Move gc of bucket.oldest_gen to workqueue")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 103304021e54bfb5cab9ba04cd5ef0dc2bf33888
Author: Kent Overstreet <kent.ov...@linux.dev>
Date: Sat Apr 20 02:44:12 2024 +0000
bcachefs: Move gc of bucket.oldest_gen to workqueue
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=162879ea980000
start commit: 50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=112879ea980000
kernel config: https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144f0a61980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000
Reported-by: syzbot+050e79...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000
Fixes: 103304021e54 ("bcachefs: Move gc of bucket.oldest_gen to workqueue")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Kent Overstreet
2024年6月22日 上午9:43:49 (4 天前) 6月22日
收件者:Lizhi Xu、syzbot+050e79...@syzkaller.appspotmail.com、bfo...@redhat.com、linux-b...@vger.kernel.org、linux-...@vger.kernel.org、syzkall...@googlegroups.com
locks like that
回覆所有人
回覆作者
轉寄
0 則新訊息