All of lore.kernel.org
 help / color / mirror / Atom feed
* [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
@ 2024-05-27 13:22 syzbot
  2024-06-21  5:31 ` syzbot
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: syzbot @ 2024-05-27 13:22 UTC (permalink / raw)
  To: bfoster, kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    9b62e02e6336 Merge tag 'mm-hotfixes-stable-2024-05-25-09-1..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10e3fb34980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3e73beba72b96506
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/61b507f6e56c/disk-9b62e02e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6991f1313243/vmlinux-9b62e02e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/65f88b96d046/bzImage-9b62e02e.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com

bcachefs (loop4): alloc_read... done
bcachefs (loop4): stripes_read... done
bcachefs (loop4): snapshots_read... done
bcachefs (loop4): check_allocations...
======================================================
WARNING: possible circular locking dependency detected
6.9.0-syzkaller-12393-g9b62e02e6336 #0 Not tainted
------------------------------------------------------
syz-executor.4/6744 is trying to acquire lock:
ffff888025c00988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599

but task is already holding lock:
ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
       bch2_btree_roots_to_journal_entries+0x93/0x570 fs/bcachefs/btree_update_interior.c:2633
       bch2_fs_mark_clean+0x31b/0x470 fs/bcachefs/sb-clean.c:376
       bch2_fs_read_only+0x88a/0xf10 fs/bcachefs/super.c:381
       __bch2_fs_stop+0xfc/0x540 fs/bcachefs/super.c:613
       generic_shutdown_super+0x159/0x3d0 fs/super.c:642
       bch2_kill_sb+0x3b/0x50 fs/bcachefs/fs.c:2026
       deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
       deactivate_super+0xde/0x100 fs/super.c:506
       cleanup_mnt+0x222/0x450 fs/namespace.c:1267
       task_work_run+0x14e/0x250 kernel/task_work.c:180
       resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
       exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
       exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
       __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
       syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:218
       do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&c->sb_lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain kernel/locking/lockdep.c:3869 [inline]
       __lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
       lock_acquire kernel/locking/lockdep.c:5754 [inline]
       lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
       bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
       bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
       bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
       bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
       bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
       bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
       bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
       bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
       bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
       bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
       legacy_get_tree+0x109/0x220 fs/fs_context.c:662
       vfs_get_tree+0x8f/0x380 fs/super.c:1780
       do_new_mount fs/namespace.c:3352 [inline]
       path_mount+0x14e6/0x1f20 fs/namespace.c:3679
       do_mount fs/namespace.c:3692 [inline]
       __do_sys_mount fs/namespace.c:3898 [inline]
       __se_sys_mount fs/namespace.c:3875 [inline]
       __x64_sys_mount+0x297/0x320 fs/namespace.c:3875
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&c->btree_root_lock);
                               lock(&c->sb_lock);
                               lock(&c->btree_root_lock);
  lock(&c->sb_lock);

 *** DEADLOCK ***

4 locks held by syz-executor.4/6744:
 #0: ffff888025c00278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x3e/0x600 fs/bcachefs/super.c:1001
 #1: ffff888025c268d8 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0xf1/0x2670 fs/bcachefs/btree_gc.c:1202
 #2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #2: ffff888025c042d0 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x656/0xf20 fs/bcachefs/btree_iter.c:3204
 #3: ffff888025c01a50 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree.constprop.0+0x106/0x11e0 fs/bcachefs/btree_gc.c:643

stack backtrace:
CPU: 0 PID: 6744 Comm: syz-executor.4 Not tainted 6.9.0-syzkaller-12393-g9b62e02e6336 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain kernel/locking/lockdep.c:3869 [inline]
 __lock_acquire+0x2478/0x3b30 kernel/locking/lockdep.c:5137
 lock_acquire kernel/locking/lockdep.c:5754 [inline]
 lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5719
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x175/0x9c0 kernel/locking/mutex.c:752
 bch2_gc_mark_key+0x9f6/0xd90 fs/bcachefs/btree_gc.c:599
 bch2_gc_btree.constprop.0+0x394/0x11e0 fs/bcachefs/btree_gc.c:647
 bch2_gc_btrees+0x442/0x8c0 fs/bcachefs/btree_gc.c:697
 bch2_check_allocations+0x98f/0x2670 fs/bcachefs/btree_gc.c:1217
 bch2_run_recovery_pass+0x8e/0x1a0 fs/bcachefs/recovery_passes.c:182
 bch2_run_recovery_passes+0x33b/0x710 fs/bcachefs/recovery_passes.c:225
 bch2_fs_recovery+0x259f/0x3db0 fs/bcachefs/recovery.c:807
 bch2_fs_start+0x2e9/0x600 fs/bcachefs/super.c:1031
 bch2_fs_open+0xfa0/0x1110 fs/bcachefs/super.c:2123
 bch2_mount+0xdcc/0x1130 fs/bcachefs/fs.c:1917
 legacy_get_tree+0x109/0x220 fs/fs_context.c:662
 vfs_get_tree+0x8f/0x380 fs/super.c:1780
 do_new_mount fs/namespace.c:3352 [inline]
 path_mount+0x14e6/0x1f20 fs/namespace.c:3679
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount fs/namespace.c:3875 [inline]
 __x64_sys_mount+0x297/0x320 fs/namespace.c:3875
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f743727e5ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7437fb6ef8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f7437fb6f80 RCX: 00007f743727e5ea
RDX: 0000000020005b00 RSI: 0000000020000000 RDI: 00007f7437fb6f40
RBP: 0000000020005b00 R08: 00007f7437fb6f80 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
R13: 00007f7437fb6f40 R14: 0000000000005b46 R15: 00000000200000c0
 </TASK>
bucket 0:26 gen 0 data type btree has wrong cached_sectors: got 458752, should be 0, shutting down
bcachefs (loop4): inconsistency detected - emergency read only at journal seq 8
bcachefs (loop4): bch2_gc_alloc_done(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_check_allocations(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop4): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop4): shutting down
bcachefs (loop4): shutdown complete


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
  2024-05-27 13:22 [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key syzbot
@ 2024-06-21  5:31 ` syzbot
  2024-06-21  9:34   ` [PATCH] bcachefs: fix " Lizhi Xu
  2024-06-21  8:58 ` [syzbot] Re: [syzbot] [bcachefs?] possible " syzbot
  2024-06-21 22:17 ` syzbot
  2 siblings, 1 reply; 7+ messages in thread
From: syzbot @ 2024-06-21  5:31 UTC (permalink / raw)
  To: bfoster, kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs

syzbot has found a reproducer for the following issue on:

HEAD commit:    50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a1c341980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=144f0a61980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5cd6a6f1e8a6/disk-50736169.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2fb1a68197bc/vmlinux-50736169.xz
kernel image: https://storage.googleapis.com/syzbot-assets/783059c8c714/bzImage-50736169.xz
mounted in repro #1: https://storage.googleapis.com/syzbot-assets/6448974d55b4/mount_0.gz
mounted in repro #2: https://storage.googleapis.com/syzbot-assets/3df6949f2444/mount_1.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com

bcachefs (loop0): alloc_read... done
bcachefs (loop0): stripes_read... done
bcachefs (loop0): snapshots_read... done
bcachefs (loop0): check_allocations...
======================================================
WARNING: possible circular locking dependency detected
6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 Not tainted
------------------------------------------------------
syz-executor238/5085 is trying to acquire lock:
ffff888069900988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600

but task is already holding lock:
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree fs/bcachefs/btree_gc.c:644 [inline]
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       bch2_btree_roots_to_journal_entries+0xbb/0x980 fs/bcachefs/btree_update_interior.c:2633
       bch2_fs_mark_clean+0x2cc/0x6d0 fs/bcachefs/sb-clean.c:376
       bch2_fs_read_only+0x1101/0x1210 fs/bcachefs/super.c:381
       __bch2_fs_stop+0x105/0x540 fs/bcachefs/super.c:615
       generic_shutdown_super+0x136/0x2d0 fs/super.c:642
       bch2_kill_sb+0x41/0x50 fs/bcachefs/fs.c:2037
       deactivate_locked_super+0xc4/0x130 fs/super.c:473
       cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1267
       task_work_run+0x24f/0x310 kernel/task_work.c:180
       ptrace_notify+0x2d2/0x380 kernel/signal.c:2402
       ptrace_report_syscall include/linux/ptrace.h:415 [inline]
       ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
       syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173
       syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
       __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
       syscall_exit_to_user_mode+0x273/0x370 kernel/entry/common.c:218
       do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&c->sb_lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
       bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
       bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
       bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
       bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
       bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
       bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
       bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
       bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
       bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
       legacy_get_tree+0xee/0x190 fs/fs_context.c:662
       vfs_get_tree+0x90/0x2a0 fs/super.c:1780
       do_new_mount+0x2be/0xb40 fs/namespace.c:3352
       do_mount fs/namespace.c:3692 [inline]
       __do_sys_mount fs/namespace.c:3898 [inline]
       __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&c->btree_root_lock);
                               lock(&c->sb_lock);
                               lock(&c->btree_root_lock);
  lock(&c->sb_lock);

 *** DEADLOCK ***

4 locks held by syz-executor238/5085:
 #0: ffff888069900278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x45/0x5b0 fs/bcachefs/super.c:1005
 #1: ffff8880699268d0 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0x258/0xcca0 fs/bcachefs/btree_gc.c:1209
 #2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
 #2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
 #2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x9b0/0xdf0 fs/bcachefs/btree_iter.c:3199
 #3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btree fs/bcachefs/btree_gc.c:644 [inline]
 #3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
 #3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 fs/bcachefs/btree_gc.c:1224

stack backtrace:
CPU: 1 PID: 5085 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
 bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
 bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
 bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
 bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
 bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
 bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
 bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
 bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
 legacy_get_tree+0xee/0x190 fs/fs_context.c:662
 vfs_get_tree+0x90/0x2a0 fs/super.c:1780
 do_new_mount+0x2be/0xb40 fs/namespace.c:3352
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc2a630571a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff54862518 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff54862570 RCX: 00007fc2a630571a
RDX: 0000000020000040 RSI: 0000000020000fc0 RDI: 00007fff54862570
RBP: 0000000020000fc0 R08: 00007fff548625b0 R09: 00000000000119f9
R10: 0000000000200001 R11: 0000000000000282 R12: 0000000020000040
R13: 00007fff548625b0 R14: 00000000000119fc R15: 00000000200001c0
 </TASK>
 done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay... done
bcachefs (loop0): check_alloc_info... done
bcachefs (loop0): check_lrus... done
bcachefs (loop0): check_btree_backpointers... done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
  got:   u64s 5 type deleted 0:9961472:0 len 0 ver 0
  want:  u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down
bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10
bcachefs (loop0): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed
bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
bcachefs (loop0): shutting down
bcachefs (loop0): shutdown complete
syz-executor238 (5085) used greatest stack depth: 18096 bytes left


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [syzbot] Re: [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
  2024-05-27 13:22 [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key syzbot
  2024-06-21  5:31 ` syzbot
@ 2024-06-21  8:58 ` syzbot
  2024-06-21 22:17 ` syzbot
  2 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-06-21  8:58 UTC (permalink / raw)
  To: linux-kernel

For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.

***

Subject: Re: [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
Author: lizhi.xu@windriver.com

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 50736169ecc8

diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
 
 	entry = sb_clean->start;
 	bch2_journal_super_entries_add_common(c, &entry, 0);
+	mutex_unlock(&c->sb_lock);
 	entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
 	BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
 
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
 	 * this should be in the write path, and we should be validating every
 	 * superblock section:
 	 */
+	mutex_lock(&c->sb_lock);
 	ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
 	if (ret) {
 		bch_err(c, "error writing marking filesystem clean: validate error");

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [PATCH] bcachefs: fix deadlock in bch2_gc_mark_key
  2024-06-21  5:31 ` syzbot
@ 2024-06-21  9:34   ` Lizhi Xu
  2024-06-22 13:43     ` Kent Overstreet
  0 siblings, 1 reply; 7+ messages in thread
From: Lizhi Xu @ 2024-06-21  9:34 UTC (permalink / raw)
  To: syzbot+050e797ad21ccc3f5d1a
  Cc: bfoster, kent.overstreet, linux-bcachefs, linux-kernel, syzkaller-bugs

[Syz reported]
the existing dependency chain (in reverse order) is:

-> #1 (&c->btree_root_lock){+.+.}-{3:3}:
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       bch2_btree_roots_to_journal_entries+0xbb/0x980 fs/bcachefs/btree_update_interior.c:2633
       bch2_fs_mark_clean+0x2cc/0x6d0 fs/bcachefs/sb-clean.c:376
       bch2_fs_read_only+0x1101/0x1210 fs/bcachefs/super.c:381
       __bch2_fs_stop+0x105/0x540 fs/bcachefs/super.c:615
       generic_shutdown_super+0x136/0x2d0 fs/super.c:642
       bch2_kill_sb+0x41/0x50 fs/bcachefs/fs.c:2037
       deactivate_locked_super+0xc4/0x130 fs/super.c:473
       cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1267
       task_work_run+0x24f/0x310 kernel/task_work.c:180
       ptrace_notify+0x2d2/0x380 kernel/signal.c:2402
       ptrace_report_syscall include/linux/ptrace.h:415 [inline]
       ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
       syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173
       syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
       __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
       syscall_exit_to_user_mode+0x273/0x370 kernel/entry/common.c:218
       do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&c->sb_lock){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
       bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
       bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
       bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
       bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
       bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
       bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
       bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
       bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
       bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
       bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
       legacy_get_tree+0xee/0x190 fs/fs_context.c:662
       vfs_get_tree+0x90/0x2a0 fs/super.c:1780
       do_new_mount+0x2be/0xb40 fs/namespace.c:3352
       do_mount fs/namespace.c:3692 [inline]
       __do_sys_mount fs/namespace.c:3898 [inline]
       __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&c->btree_root_lock);
                               lock(&c->sb_lock);
                               lock(&c->btree_root_lock);
  lock(&c->sb_lock);

[Analysis]
bch2_btree_roots_to_journal_entries() does not need to hold sb_lock, so
we can remove sb_lock to avoid deadlock.

Reported-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
---
 fs/bcachefs/sb-clean.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
index 47f10ab57f40..7a75615ba745 100644
--- a/fs/bcachefs/sb-clean.c
+++ b/fs/bcachefs/sb-clean.c
@@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
 
 	entry = sb_clean->start;
 	bch2_journal_super_entries_add_common(c, &entry, 0);
+	mutex_unlock(&c->sb_lock);
 	entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
 	BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
 
@@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
 	 * this should be in the write path, and we should be validating every
 	 * superblock section:
 	 */
+	mutex_lock(&c->sb_lock);
 	ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
 	if (ret) {
 		bch_err(c, "error writing marking filesystem clean: validate error");
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
  2024-05-27 13:22 [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key syzbot
  2024-06-21  5:31 ` syzbot
  2024-06-21  8:58 ` [syzbot] Re: [syzbot] [bcachefs?] possible " syzbot
@ 2024-06-21 22:17 ` syzbot
  2 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-06-21 22:17 UTC (permalink / raw)
  To: bfoster, kent.overstreet, linux-bcachefs, linux-kernel, lizhi.xu,
	syzkaller-bugs

syzbot has bisected this issue to:

commit 103304021e54bfb5cab9ba04cd5ef0dc2bf33888
Author: Kent Overstreet <kent.overstreet@linux.dev>
Date:   Sat Apr 20 02:44:12 2024 +0000

    bcachefs: Move gc of bucket.oldest_gen to workqueue

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=162879ea980000
start commit:   50736169ecc8 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=112879ea980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=144f0a61980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17cab6a6980000

Reported-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com
Fixes: 103304021e54 ("bcachefs: Move gc of bucket.oldest_gen to workqueue")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] bcachefs: fix deadlock in bch2_gc_mark_key
  2024-06-21  9:34   ` [PATCH] bcachefs: fix " Lizhi Xu
@ 2024-06-22 13:43     ` Kent Overstreet
  0 siblings, 0 replies; 7+ messages in thread
From: Kent Overstreet @ 2024-06-22 13:43 UTC (permalink / raw)
  To: Lizhi Xu
  Cc: syzbot+050e797ad21ccc3f5d1a, bfoster, linux-bcachefs,
	linux-kernel, syzkaller-bugs

On Fri, Jun 21, 2024 at 05:34:23PM +0800, Lizhi Xu wrote:
> [Syz reported]
> the existing dependency chain (in reverse order) is:
> 
> -> #1 (&c->btree_root_lock){+.+.}-{3:3}:
>        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
>        __mutex_lock_common kernel/locking/mutex.c:608 [inline]
>        __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
>        bch2_btree_roots_to_journal_entries+0xbb/0x980 fs/bcachefs/btree_update_interior.c:2633
>        bch2_fs_mark_clean+0x2cc/0x6d0 fs/bcachefs/sb-clean.c:376
>        bch2_fs_read_only+0x1101/0x1210 fs/bcachefs/super.c:381
>        __bch2_fs_stop+0x105/0x540 fs/bcachefs/super.c:615
>        generic_shutdown_super+0x136/0x2d0 fs/super.c:642
>        bch2_kill_sb+0x41/0x50 fs/bcachefs/fs.c:2037
>        deactivate_locked_super+0xc4/0x130 fs/super.c:473
>        cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1267
>        task_work_run+0x24f/0x310 kernel/task_work.c:180
>        ptrace_notify+0x2d2/0x380 kernel/signal.c:2402
>        ptrace_report_syscall include/linux/ptrace.h:415 [inline]
>        ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
>        syscall_exit_work+0xc6/0x190 kernel/entry/common.c:173
>        syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
>        __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
>        syscall_exit_to_user_mode+0x273/0x370 kernel/entry/common.c:218
>        do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
>        entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> -> #0 (&c->sb_lock){+.+.}-{3:3}:
>        check_prev_add kernel/locking/lockdep.c:3134 [inline]
>        check_prevs_add kernel/locking/lockdep.c:3253 [inline]
>        validate_chain+0x18e0/0x5900 kernel/locking/lockdep.c:3869
>        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
>        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
>        __mutex_lock_common kernel/locking/mutex.c:608 [inline]
>        __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752
>        bch2_gc_mark_key+0xc66/0x1010 fs/bcachefs/btree_gc.c:600
>        bch2_gc_btree fs/bcachefs/btree_gc.c:648 [inline]
>        bch2_gc_btrees fs/bcachefs/btree_gc.c:697 [inline]
>        bch2_check_allocations+0x3e06/0xcca0 fs/bcachefs/btree_gc.c:1224
>        bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:182
>        bch2_run_recovery_passes+0x19e/0x820 fs/bcachefs/recovery_passes.c:225
>        bch2_fs_recovery+0x2370/0x3720 fs/bcachefs/recovery.c:807
>        bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1035
>        bch2_fs_open+0xa8d/0xdf0 fs/bcachefs/super.c:2127
>        bch2_mount+0x6b0/0x13a0 fs/bcachefs/fs.c:1919
>        legacy_get_tree+0xee/0x190 fs/fs_context.c:662
>        vfs_get_tree+0x90/0x2a0 fs/super.c:1780
>        do_new_mount+0x2be/0xb40 fs/namespace.c:3352
>        do_mount fs/namespace.c:3692 [inline]
>        __do_sys_mount fs/namespace.c:3898 [inline]
>        __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
>        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>        entry_SYSCALL_64_after_hwframe+0x77/0x7f
> 
> other info that might help us debug this:
> 
>  Possible unsafe locking scenario:
> 
>        CPU0                    CPU1
>        ----                    ----
>   lock(&c->btree_root_lock);
>                                lock(&c->sb_lock);
>                                lock(&c->btree_root_lock);
>   lock(&c->sb_lock);
> 
> [Analysis]
> bch2_btree_roots_to_journal_entries() does not need to hold sb_lock, so
> we can remove sb_lock to avoid deadlock.
> 
> Reported-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
> Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
> ---
>  fs/bcachefs/sb-clean.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/bcachefs/sb-clean.c b/fs/bcachefs/sb-clean.c
> index 47f10ab57f40..7a75615ba745 100644
> --- a/fs/bcachefs/sb-clean.c
> +++ b/fs/bcachefs/sb-clean.c
> @@ -373,6 +373,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
>  
>  	entry = sb_clean->start;
>  	bch2_journal_super_entries_add_common(c, &entry, 0);
> +	mutex_unlock(&c->sb_lock);
>  	entry = bch2_btree_roots_to_journal_entries(c, entry, 0);
>  	BUG_ON((void *) entry > vstruct_end(&sb_clean->field));
>  
> @@ -383,6 +384,7 @@ void bch2_fs_mark_clean(struct bch_fs *c)
>  	 * this should be in the write path, and we should be validating every
>  	 * superblock section:
>  	 */
> +	mutex_lock(&c->sb_lock);
>  	ret = bch2_sb_clean_validate_late(c, sb_clean, WRITE);
>  	if (ret) {
>  		bch_err(c, "error writing marking filesystem clean: validate error");

that's not the right fix, you can't just arbitrarily drop and retake
locks like that

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key
       [not found] <20240621085812.1588215-1-lizhi.xu@windriver.com>
@ 2024-06-21  9:28 ` syzbot
  0 siblings, 0 replies; 7+ messages in thread
From: syzbot @ 2024-06-21  9:28 UTC (permalink / raw)
  To: linux-kernel, lizhi.xu, syzkaller-bugs

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+050e797ad21ccc3f5d1a@syzkaller.appspotmail.com

Tested on:

commit:         50736169 Merge tag 'for-6.10-rc4-tag' of git://git.ker..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10f1c341980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=12f98862a3c0c799
dashboard link: https://syzkaller.appspot.com/bug?extid=050e797ad21ccc3f5d1a
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1001c201980000

Note: testing is done by a robot and is best-effort only.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2024-06-22 13:43 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-27 13:22 [syzbot] [bcachefs?] possible deadlock in bch2_gc_mark_key syzbot
2024-06-21  5:31 ` syzbot
2024-06-21  9:34   ` [PATCH] bcachefs: fix " Lizhi Xu
2024-06-22 13:43     ` Kent Overstreet
2024-06-21  8:58 ` [syzbot] Re: [syzbot] [bcachefs?] possible " syzbot
2024-06-21 22:17 ` syzbot
     [not found] <20240621085812.1588215-1-lizhi.xu@windriver.com>
2024-06-21  9:28 ` syzbot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.