Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp724767rwd;
        Thu, 15 Jun 2023 00:50:23 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7H7PJceBP8dQLRdMaIbHC9bIfMgz3/kz40wNKVZ5iTQ6IwxCr+/xVlBnitaFwBMJkwGDfZ
X-Received: by 2002:a17:907:6d0d:b0:97a:13cc:558 with SMTP id sa13-20020a1709076d0d00b0097a13cc0558mr17956280ejc.56.1686815423042;
        Thu, 15 Jun 2023 00:50:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686815423; cv=none;
        d=google.com; s=arc-20160816;
        b=lwCO+xAGURwokEc7cmlKF0zfiKJooo26zoYqz0DTofEVe+7derQlOugSdY1kGUFgVn
         ATV3nQ4UGIJhMs3buQ89dKzuZKlxyQK74KTRTvseQCW4xIzkUBY5sv7s1zHdDJYTl2Y4
         DKCYuYlx/hEol5MKZyB4K6UqYlbJq20JWs4qEL/szHDt0gPYQxp9/VWz7dG57hMtDr9u
         k4zi/ThIkNQKBVUKKJdXxjx2PmAdLPsJcx7XUR7PLuG2Y4kQXhMuPj6JKAAlYAULHTp6
         H8RmA2Ri8I42zjCEkxR2UGpVYEC3Ppi8aMJpewE/0Y0/EcsuRbKnqgXH66pm75Zz+W0Z
         L+Qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=MnmSwoYifJPcQDBqiLLFdZccmtskHS5NVMFEKw/IWo0=;
        b=nk7xwx5lThQ8+sACfbcQEi8ZbESP4UYqZj15k/JemcK9DmFU6728hGU8N8+6+FGWWJ
         Zczhv3qJb8il5YCV+34+8Cf8UpuMidIvXZy46pRtNtKI/5gETNbohXFQRLjcf2BXj3Hp
         RevLx1PPSMiqMHcoG1m58aFwjjjpXBBONPPRf3HDQseI4mLMnZdEUwIFDCg0j6beILSf
         Dr2oeSR+BRpLlCbR9LJSY+U/t8zyyw+aAxZ3YF4z1i3gVILKFVWOrw48Eqp/p7mpwa9A
         nkIX696ucK7hsqsjSwuzm9IWZ4ZUp8L5MTbIRrVBkJCkqDLGRHEHtucv7kZLVIsHcbRx
         zF+Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b="i2Y9h/xw";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h2-20020a170906398200b0096f52f19ca8si8921023eje.904.2023.06.15.00.49.11;
        Thu, 15 Jun 2023 00:50:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b="i2Y9h/xw";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237511AbjFOHeQ (ORCPT <rfc822;afshin.nasser@gmail.com>
        + 99 others); Thu, 15 Jun 2023 03:34:16 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48728 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S244937AbjFOHeB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Jun 2023 03:34:01 -0400
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1636130D7
        for <linux-kernel@vger.kernel.org>; Thu, 15 Jun 2023 00:33:26 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b1b06af50eso22354681fa.1
        for <linux-kernel@vger.kernel.org>; Thu, 15 Jun 2023 00:33:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1686814405; x=1689406405;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MnmSwoYifJPcQDBqiLLFdZccmtskHS5NVMFEKw/IWo0=;
        b=i2Y9h/xwBSasa+hIBJZUVgljLZv+3PHOYHTVuQGEqWPqmEZLUGu8D5KVjhqkUyp5h+
         Gfa+42dFu2UUr6Dr5jnvhYEUrx+T0sL36Bhw2yNrO2GdeC7Oisf4FPHWwvN/Tq5OlUKH
         wz2/DAvidQSK5QcfHinNhJ9TLyVG5t5r+TEnb9+0sQ0qRFj5mSOLNy7HrQrfICzBmkck
         cKosEWmUqiML4AUHMeIxYZyoewhhu5A3/oEl8/B3YGF3aK0YMAA2J20Yaxcf8FfgSCFx
         nZkogijqYgZRATYNDQe/KZkCuGNGIvv1zYGuH+Gaegx1x9gueR7UB4J7lAPBrdr0nv9T
         b6Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1686814405; x=1689406405;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MnmSwoYifJPcQDBqiLLFdZccmtskHS5NVMFEKw/IWo0=;
        b=joU96tD+Z5yMEjL8TYuba4uKpuRDCvIQbIbo2h5Bp70thQaWqbK+V946e09vI9B80N
         NmNTBY9g/wYf4F68/BmYh+ZUnbcWTjNOBhFZDesJmK5Q1bQlA3r+z/HUlxnDoToSB8to
         YoSGlkUO/pf+3Mu3S/B82PexAdzgKU5c3+oB/yvrMnuHOryAWFMiqAhFUdiIWZP975HX
         M33/nUA4VWLXiE8NRkTauuGC5MHV1qqkAw7fWs4vWd8+iNmX4Nkt1r7W/GNlK3MPJPNU
         FBG4WFv5FB+5LsHuyMd3b9gI0xisXTjRACQwA+2QY1Xm+vOEHhUK/XdLzZ+mS4IZniUU
         G7IQ==
X-Gm-Message-State: AC+VfDyusML3LzrDC0jsyl6D2XWoCTNMPjIrYaiF989hawKUQEoeWlrj
        YyZeMp3JEdjS+Ls28n3BpunRcQedIrl/re5HYhQAmQ==
X-Received: by 2002:a2e:9dca:0:b0:2a8:a651:8098 with SMTP id
 x10-20020a2e9dca000000b002a8a6518098mr8150278ljj.38.1686814404866; Thu, 15
 Jun 2023 00:33:24 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000556d9605fe1e5c40@google.com> <1cb93e56-f3e3-c972-1232-bbb67ad4f672@huaweicloud.com>
In-Reply-To: <1cb93e56-f3e3-c972-1232-bbb67ad4f672@huaweicloud.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Thu, 15 Jun 2023 09:33:11 +0200
Message-ID: <CACT4Y+b3r+UeY6PDTBFYqqZ3pNuG9hbCvRa6BY-b2CHhC7A7OQ@mail.gmail.com>
Subject: Re: [syzbot] [reiserfs?] general protection fault in rcu_core (2)
To:     Yu Kuai <yukuai1@huaweicloud.com>
Cc:     syzbot <syzbot+b23c4c9d3d228ba328d7@syzkaller.appspotmail.com>,
        jack@suse.cz, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org, luto@kernel.org,
        peterz@infradead.org, reiserfs-devel@vger.kernel.org,
        syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
        "yukuai (C)" <yukuai3@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 15 Jun 2023 at 04:15, Yu Kuai <yukuai1@huaweicloud.com> wrote:
>
> Hi,
>
> =E5=9C=A8 2023/06/15 6:20, syzbot =E5=86=99=E9=81=93:
> > syzbot has bisected this issue to:
> >
> > commit 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78
> > Author: Yu Kuai <yukuai3@huawei.com>
> > Date:   Fri Jul 2 04:07:43 2021 +0000
> >
> >      reiserfs: add check for root_inode in reiserfs_fill_super
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=3D1715ffdd=
280000
>
> git log:
>
> 13d257503c09 reiserfs: check directory items on read from disk
> 2acf15b94d5b reiserfs: add check for root_inode in reiserfs_fill_super
>
> The bisect log shows that with commit 13d257503c09:
> testing commit 13d257503c0930010ef9eed78b689cec417ab741 gcc
> compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.3=
5.2
> kernel signature:
> fc456e669984fb9704d9e1d3cb7be68af3b83de4bb55124257ae28bb39a14dc7
> run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acqu=
ire
> run #1: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #2: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #3: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #4: crashed: KASAN: use-after-free Read in leaf_insert_into_buf
> run #5: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #6: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #7: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #8: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
> run #9: crashed: KASAN: out-of-bounds Read in leaf_paste_in_buffer
>
> and think this is bad, then bisect to the last commit:
> testing commit 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78 gcc
> compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.3=
5.2
> kernel signature:
> 6d0d5f26a4c0e15188c923383ecfb873ae57ca6a79f592493d6e9ca507949985
> run #0: crashed: possible deadlock in fs_reclaim_acquire
> run #1: OK
> run #2: OK
> run #3: OK
> run #4: OK
> run #5: OK
> run #6: OK
> run #7: OK
> run #8: OK
> run #9: OK
> reproducer seems to be flaky
> # git bisect bad 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78
>
> It seems to me the orignal crash general protection fault is not related
> to this commit. Please kindly correct me if I'm wrong.
>
> For the problem of lockdep warning, it first appeared in bisect log:
> testing commit 406254918b232db198ed60f5bf1f8b84d96bca00 gcc
> compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.3=
5.2
> kernel signature:
> 1c83f3c8b090a4702817c527e741a35506bc06911c71962d4c5fcef577de2fd3
> run #0: basic kernel testing failed: BUG: sleeping function called from
> invalid context in stack_depot_save
> run #1: basic kernel testing failed: possible deadlock in fs_reclaim_acqu=
ire
> run #2: OK
> run #3: OK
> run #4: OK
> run #5: OK
> run #6: OK
> run #7: OK
> run #8: OK
> run #9: OK
> # git bisect good 406254918b232db198ed60f5bf1f8b84d96bca00
>
> And I don't understand why syzbot thinks this is good, and later for the
> same result, syzbot thinks 2acf15b94d5b is bad.

I think the difference is "basic kernel testing failed", so that
happened even before the reproducer for the bug was executed.
So for all runs where the reproducer was executed, the result was "OK".



> Thanks,
> Kuai
> > start commit:   f8dba31b0a82 Merge tag 'asym-keys-fix-for-linus-v6.4-rc=
5' ..
> > git tree:       upstream
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=3D1495ffdd=
280000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1095ffdd280=
000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3D3c980bfe8b3=
99968
> > dashboard link: https://syzkaller.appspot.com/bug?extid=3Db23c4c9d3d228=
ba328d7
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=3D1680f7d12=
80000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=3D12fad50d280=
000
> >
> > Reported-by: syzbot+b23c4c9d3d228ba328d7@syzkaller.appspotmail.com
> > Fixes: 2acf15b94d5b ("reiserfs: add check for root_inode in reiserfs_fi=
ll_super")
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bise=
ction
> >
> > .
> >
>
> --
> You received this message because you are subscribed to the Google Groups=
 "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an=
 email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgi=
d/syzkaller-bugs/1cb93e56-f3e3-c972-1232-bbb67ad4f672%40huaweicloud.com.