When dereference ca->bucket_gens, we are expecting one of the three locks to be hold if ca->fs is not NULL.
This patch acquires mark_lock before entering __mark_pointer() Note: testing is done by a robot and is best-effort only. To: Kent Overstreet <[email protected]> To: Brian Foster <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=e74fea078710bbca6f4b Tested-by: [email protected] Signed-off-by: Pei Li <[email protected]> --- Syzbot reported the following warning: fs/bcachefs/buckets.h:107 suspicious rcu_dereference_check() usage! When dereference ca->bucket_gens, we are expecting one of the three locks to be hold if ca->fs is not NULL. This patch acquires mark_lock before entering __mark_pointer() Tested on: commit: 34afb82a Merge tag '6.10-rc6-smb3-server-fixes' of git.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1492e87e980000 kernel config: https://syzkaller.appspot.com/x/.config?x=42a432cfd0e579e0 dashboard link: https://syzkaller.appspot.com/bug?extid=e74fea078710bbca6f4b compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=15e2e87e980000 Note: testing is done by a robot and is best-effort only. --- fs/bcachefs/buckets.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/bcachefs/buckets.c b/fs/bcachefs/buckets.c index 743d57eba760..03147e46dc47 100644 --- a/fs/bcachefs/buckets.c +++ b/fs/bcachefs/buckets.c @@ -1033,8 +1033,14 @@ static int bch2_trigger_pointer(struct btree_trans *trans, if (flags & BTREE_TRIGGER_transactional) { struct bkey_i_alloc_v4 *a = bch2_trans_start_alloc_update(trans, bucket); + + percpu_down_read(&c->mark_lock); + ret = PTR_ERR_OR_ZERO(a) ?: __mark_pointer(trans, ca, k, &p.ptr, *sectors, bp.data_type, &a->v); + + percpu_up_read(&c->mark_lock); + if (ret) goto err; --- base-commit: 256abd8e550ce977b728be79a74e1729438b4948 change-id: 20240709-bug10-6b354d193f20 Best regards, -- Pei Li <[email protected]>
