lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANp29Y65AipY2cNPV3opLjUdPxJ8tWGesBm6mkkN4HZ2K+gcxQ@mail.gmail.com>
Date: Fri, 29 Nov 2024 23:02:16 +0100
From: Aleksandr Nogikh <nogikh@...gle.com>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: syzbot <syzbot+78f4eb354f5ca6c1e6eb@...kaller.appspotmail.com>, 
	linux-bcachefs@...r.kernel.org, linux-kernel@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bcachefs?] possible deadlock in trans_set_locked

Hi Kent,

For reopened bugs, syzbot appends (2), (3), etc. at the end of the
title. In this case, there are no numbers, so it has never reported
anything with such a title before.

But it can well be the case that the underlying problem here is the
same as in some other syzbot report (you could then "#syz dup" the new
to the older one). If you happen to see patterns in such duplicate
reports, please let us know and we'll try to improve the crash report
parsing logic.

-- 
Aleksandr

On Fri, Nov 29, 2024 at 9:25 PM Kent Overstreet
<kent.overstreet@...ux.dev> wrote:
>
> On Fri, Nov 29, 2024 at 09:09:32AM -0800, syzbot wrote:
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:    7b1d1d4cfac0 Merge remote-tracking branch 'iommu/arm/smmu'..
> > git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=17d6af78580000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=9bc44a6de1ceb5d6
> > dashboard link: https://syzkaller.appspot.com/bug?extid=78f4eb354f5ca6c1e6eb
> > compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> > userspace arch: arm64
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=107bdf5f980000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13ae49e8580000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/4d4a0162c7c3/disk-7b1d1d4c.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/a8c47a4be472/vmlinux-7b1d1d4c.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/0e173b91f83e/Image-7b1d1d4c.gz.xz
> > mounted in repro #1: https://storage.googleapis.com/syzbot-assets/5ab7b24d2900/mount_0.gz
> > mounted in repro #2: https://storage.googleapis.com/syzbot-assets/fbfbb60588c1/mount_2.gz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+78f4eb354f5ca6c1e6eb@...kaller.appspotmail.com
> >
> > ======================================================
> > WARNING: possible circular locking dependency detected
> > 6.12.0-syzkaller-g7b1d1d4cfac0 #0 Not tainted
> > ------------------------------------------------------
> > syz-executor203/6432 is trying to acquire lock:
> > ffff0000da100128 (bcachefs_btree){+.+.}-{0:0}, at: trans_set_locked+0x5c/0x21c fs/bcachefs/btree_locking.h:193
> >
> > but task is already holding lock:
> > ffff0000dc661548 (&c->fsck_error_msgs_lock){+.+.}-{3:3}, at: __bch2_fsck_err+0x344/0x2544 fs/bcachefs/error.c:282
> >
> > which lock already depends on the new lock.
> >
> >
> > the existing dependency chain (in reverse order) is:
> >
> > -> #1 (&c->fsck_error_msgs_lock){+.+.}-{3:3}:
> >        __mutex_lock_common+0x190/0x21a0 kernel/locking/mutex.c:608
> >        __mutex_lock kernel/locking/mutex.c:752 [inline]
> >        mutex_lock_nested+0x2c/0x38 kernel/locking/mutex.c:804
> >        __bch2_fsck_err+0x344/0x2544 fs/bcachefs/error.c:282
> >        bch2_check_alloc_hole_freespace+0x5fc/0xd74 fs/bcachefs/alloc_background.c:1278
> >        bch2_check_alloc_info+0x1174/0x26f8 fs/bcachefs/alloc_background.c:1547
> >        bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:191
> >        bch2_run_online_recovery_passes+0xa4/0x174 fs/bcachefs/recovery_passes.c:212
> >        bch2_fsck_online_thread_fn+0x150/0x3e8 fs/bcachefs/chardev.c:799
> >        thread_with_stdio_fn+0x64/0x134 fs/bcachefs/thread_with_file.c:298
> >        kthread+0x288/0x310 kernel/kthread.c:389
> >        ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
> >
> > -> #0 (bcachefs_btree){+.+.}-{0:0}:
> >        check_prev_add kernel/locking/lockdep.c:3161 [inline]
> >        check_prevs_add kernel/locking/lockdep.c:3280 [inline]
> >        validate_chain kernel/locking/lockdep.c:3904 [inline]
> >        __lock_acquire+0x33f8/0x77c8 kernel/locking/lockdep.c:5202
> >        lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5825
> >        trans_set_locked+0x88/0x21c fs/bcachefs/btree_locking.h:194
> >        __bch2_trans_relock+0x2a0/0x394 fs/bcachefs/btree_locking.c:785
> >        bch2_trans_relock+0x24/0x34 fs/bcachefs/btree_locking.c:793
> >        __bch2_fsck_err+0x1664/0x2544 fs/bcachefs/error.c:363
> >        bch2_check_alloc_hole_freespace+0x5fc/0xd74 fs/bcachefs/alloc_background.c:1278
> >        bch2_check_alloc_info+0x1174/0x26f8 fs/bcachefs/alloc_background.c:1547
> >        bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:191
> >        bch2_run_online_recovery_passes+0xa4/0x174 fs/bcachefs/recovery_passes.c:212
> >        bch2_fsck_online_thread_fn+0x150/0x3e8 fs/bcachefs/chardev.c:799
> >        thread_with_stdio_fn+0x64/0x134 fs/bcachefs/thread_with_file.c:298
> >        kthread+0x288/0x310 kernel/kthread.c:389
> >        ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
> >
> > other info that might help us debug this:
> >
> >  Possible unsafe locking scenario:
> >
> >        CPU0                    CPU1
> >        ----                    ----
> >   lock(&c->fsck_error_msgs_lock);
> >                                lock(bcachefs_btree);
> >                                lock(&c->fsck_error_msgs_lock);
> >   lock(bcachefs_btree);
> >
> >  *** DEADLOCK ***
> >
> > 3 locks held by syz-executor203/6432:
> >  #0: ffff0000dc600278 (&c->state_lock){++++}-{3:3}, at: bch2_run_online_recovery_passes+0x3c/0x174 fs/bcachefs/recovery_passes.c:204
> >  #1: ffff0000dc604398 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire+0x18/0x54 include/linux/srcu.h:150
> >  #2: ffff0000dc661548 (&c->fsck_error_msgs_lock){+.+.}-{3:3}, at: __bch2_fsck_err+0x344/0x2544 fs/bcachefs/error.c:282
> >
> > stack backtrace:
> > CPU: 1 UID: 0 PID: 6432 Comm: syz-executor203 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> > Call trace:
> >  show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:484 (C)
> >  __dump_stack lib/dump_stack.c:94 [inline]
> >  dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120
> >  dump_stack+0x1c/0x28 lib/dump_stack.c:129
> >  print_circular_bug+0x154/0x1c0 kernel/locking/lockdep.c:2074
> >  check_noncircular+0x310/0x404 kernel/locking/lockdep.c:2206
> >  check_prev_add kernel/locking/lockdep.c:3161 [inline]
> >  check_prevs_add kernel/locking/lockdep.c:3280 [inline]
> >  validate_chain kernel/locking/lockdep.c:3904 [inline]
> >  __lock_acquire+0x33f8/0x77c8 kernel/locking/lockdep.c:5202
> >  lock_acquire+0x240/0x728 kernel/locking/lockdep.c:5825
> >  trans_set_locked+0x88/0x21c fs/bcachefs/btree_locking.h:194
> >  __bch2_trans_relock+0x2a0/0x394 fs/bcachefs/btree_locking.c:785
> >  bch2_trans_relock+0x24/0x34 fs/bcachefs/btree_locking.c:793
> >  __bch2_fsck_err+0x1664/0x2544 fs/bcachefs/error.c:363
> >  bch2_check_alloc_hole_freespace+0x5fc/0xd74 fs/bcachefs/alloc_background.c:1278
> >  bch2_check_alloc_info+0x1174/0x26f8 fs/bcachefs/alloc_background.c:1547
> >  bch2_run_recovery_pass+0xe4/0x1d4 fs/bcachefs/recovery_passes.c:191
> >  bch2_run_online_recovery_passes+0xa4/0x174 fs/bcachefs/recovery_passes.c:212
> >  bch2_fsck_online_thread_fn+0x150/0x3e8 fs/bcachefs/chardev.c:799
> >  thread_with_stdio_fn+0x64/0x134 fs/bcachefs/thread_with_file.c:298
> >  kthread+0x288/0x310 kernel/kthread.c:389
> >  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
> >
> >
> > ---
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkaller@...glegroups.com.
> >
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> >
> > If the report is already addressed, let syzbot know by replying with:
> > #syz fix: exact-commit-title
> >
> > If you want syzbot to run the reproducer, reply with:
> > #syz test: git://repo/address.git branch-or-commit-hash
> > If you attach or paste a git patch, syzbot will apply it before testing.
> >
> > If you want to overwrite report's subsystems, reply with:
> > #syz set subsystems: new-subsystem
> > (See the list of subsystem names on the web dashboard)
> >
> > If the report is a duplicate of another one, reply with:
> > #syz dup: exact-subject-of-another-report
> >
> > If you want to undo deduplication, reply with:
> > #syz undup
>
> syzbot seems to now be re-opening bugs just because the patch hasn't
> been merged into the branch it's testing?
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-bugs/vkwc4py3f5crc5byn4h24u3bcbsyke2hzeuzd752ncra7iptdz%405hibgcwmd3go.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ