Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7252552rwb; Tue, 6 Dec 2022 03:24:06 -0800 (PST) X-Google-Smtp-Source: AA0mqf51sL1PApHjYGxAisI3FNlKEKDZdPItU93Lnhj48fn7q1JiHr03dQJDgJK7UQDNpFz+Naqw X-Received: by 2002:a17:906:6153:b0:7ad:b51d:39d0 with SMTP id p19-20020a170906615300b007adb51d39d0mr70871484ejl.571.1670325845897; Tue, 06 Dec 2022 03:24:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670325845; cv=none; d=google.com; s=arc-20160816; b=PIj6Lz1sLdVNwa0rybSB+BlkjQdKRCXG8RcmdugwYQMDSgPCeoIBkGiONb+pwEEACY DZHo504+nvAAGmA0cC1Yx1IRO23KH0C+OpNknMVqWDHfISdeY8+Cul8KV1Jkj8vI9nEA yO8QsII312AJaFGzWw6YYjUD/t/YTuMsr98dF0H/NQRsxx1NGGPLou4fvFvSUM76zMYk Db8zDwZbjpY0Cuq6lTPj5ZP2RuzJFUaevn4eb20n979JClOgVWrjA0qIVpRF8Hydc5X6 pjtonx0OisfgodOOdZSDArxiQzPZjvCJfgV1fUJJehLPasqtSBn+05kbJZeWV3ayMBzr J7EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=P6J5/cA2heNXWUf0rHF45pgIEEYc2mRi3nWq/9vPqQM=; b=iQyvBk7Aohgp3FbaaOSX1BdlgRxt94l05p/STcIaNORQLOo6BIP/R76WusNgsYQXue upR+jHARCAitFn6UPUIxkUTWO2x+TFQPfRKaUzOtCkX4gADt+xHpHpEnvCgo0qKDsZWo TdYu1PT7XP/PSsKuTufvl2n0Xw5RtbRUI3srynWrrsPjprx8EUway7Y3cR1E9H/jwwNG WH6bZBbxYyKGWny9fkTO+bcE4rXmjF+frH1KKSBX1Fmx4bjb6ggccEtpJxBBQgpmxbff k3wxUarW0pTSDsNaii1/5DYQONm9TZ3C39Sb0rRiR4BgdQgUW6nxPsJCFZoeQuQ4RtTO KN1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="MuusQTa/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020a05640235c800b0046ccbb640a3si1991949edc.278.2022.12.06.03.23.46; Tue, 06 Dec 2022 03:24:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="MuusQTa/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231183AbiLFLGZ (ORCPT + 80 others); Tue, 6 Dec 2022 06:06:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230036AbiLFLGX (ORCPT ); Tue, 6 Dec 2022 06:06:23 -0500 Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BFE2C3 for ; Tue, 6 Dec 2022 03:06:22 -0800 (PST) Received: by mail-ot1-x335.google.com with SMTP id l8-20020a056830054800b006705fd35eceso48274otb.12 for ; Tue, 06 Dec 2022 03:06:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=P6J5/cA2heNXWUf0rHF45pgIEEYc2mRi3nWq/9vPqQM=; b=MuusQTa/qnNbDkJ/sjQ7f/u6J0NdkURpovK6EqeCU0Ck0WQA2QUp5cSCNrPXmTGNJK q5yimJwPYB7qbUVcC8L/sXz0qrInRz6Uecy+IqJgAuTkafpN+TMCo7gJsXZW9nk66s0f gFDwG+rgY/TQljRgOirRpj3zALG5Ut45hKwhFxApgu0EAnBz2oVkiNb+1TruraBAmgMD z3CrLDCpC1rPKDRnp2LLOyfLaD1ErxPYPlsskXbjGlWR+PykkIfJeY4MU4VdsUFXiLKD Ea/fhLtJyR3jaDX5Spqmto9lVs8qvS6OZWCSUvK/f0hhsA5pk3qeO8Lk7Z0ka9vb0Cgh kgXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P6J5/cA2heNXWUf0rHF45pgIEEYc2mRi3nWq/9vPqQM=; b=D6Jt3QpHDRTYy6+arK2IqNyPwdz1Q8G3ProjjND5MDYhqgFZ6dV9hGwzbbsKzP77+d OWX3hZPQiLu9BXxOSWtDNFn0eVbh5PmnW7MWaHjpUGg/WpPlCeC6i5lgNvNv28Wd/oQv xnJmtmb2oiY0+ecjedr1uZXGDXQK31ZJu26Ql86dgi6Wad/PnmiZmYk8UsfBUJL1D12m vY5fSvslgH9iBgwVd6aOHl+vNvaubksdqVyTTe6+/d33t3LkdHfVV7KxwSPxulxI9YrQ qGX3K3vYB5ZFJjCsgmJCLwCGIAZC9TtHgZTn8gvE8h5kWEbGdWxDvlK3k3bUsN0/x8EI 2JVA== X-Gm-Message-State: ANoB5pn1nFefMZrw9+0SXzfo+j3KeMwH3ysEq9x0kgxq+yyPn/+SEL/S GEisDxwSUANmRiilKhTJUeyb4uvaGlUUwICNrooySA== X-Received: by 2002:a9d:351:0:b0:66e:6cf5:770a with SMTP id 75-20020a9d0351000000b0066e6cf5770amr12829902otv.269.1670324781674; Tue, 06 Dec 2022 03:06:21 -0800 (PST) MIME-Version: 1.0 References: <000000000000bd587705ef202b08@google.com> <20221206033450.GS3600936@dread.disaster.area> In-Reply-To: <20221206033450.GS3600936@dread.disaster.area> From: Dmitry Vyukov Date: Tue, 6 Dec 2022 12:06:10 +0100 Message-ID: Subject: Re: [syzbot] KASAN: use-after-free Read in xfs_qm_dqfree_one To: Dave Chinner , "Paul E. McKenney" , frederic@kernel.org, quic_neeraju@quicinc.com, Josh Triplett , RCU Cc: syzbot , djwong@kernel.org, linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzkaller Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 6 Dec 2022 at 04:34, Dave Chinner wrote: > > On Mon, Dec 05, 2022 at 07:12:15PM -0800, syzbot wrote: > > Hello, > > > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > > INFO: rcu detected stall in corrupted > > > > rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P4122 } 2641 jiffies s: 2877 root: 0x0/T > > rcu: blocking rcu_node structures (internal RCU debug): > > I'm pretty sure this has nothing to do with the reproducer - the > console log here: > > > Tested on: > > > > commit: bce93322 proc: proc_skip_spaces() shouldn't think it i.. > > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > > console output: https://syzkaller.appspot.com/x/log.txt?x=1566216b880000 > > indicates that syzbot is screwing around with bluetooth, HCI, > netdevsim, bridging, bonding, etc. > > There's no evidence that it actually ran the reproducer for the bug > reported in this thread - there's no record of a single XFS > filesystem being mounted in the log.... > > It look slike someone else also tried a private patch to fix this > problem (which was obviously broken) and it failed with exactly the > same RCU warnings. That was run from the same commit id as the > original reproducer, so this looks like either syzbot is broken or > there's some other completely unrelated problem that syzbot is > tripping over here. > > Over to the syzbot people to debug the syzbot failure.... Hi Dave, It's not uncommon for a single program to trigger multiple bugs. That's what happens here. The rcu stall issue is reproducible with this test program. In such cases you can either submit more test requests, or test manually. I think there is an RCU expedited stall detection. For some reason CONFIG_RCU_EXP_CPU_STALL_TIMEOUT is limited to 21 seconds, and that's not enough for reliable flake-free stress testing. We bump other timeouts to 100+ seconds. +RCU maintainers, do you mind removing the overly restrictive limit on CONFIG_RCU_EXP_CPU_STALL_TIMEOUT? Or you think there is something to fix in the kernel to not stall? I see the test writes to /proc/sys/vm/drop_caches, maybe there is some issue in that code.