[syzbot] [ext4?] WARNING in ext4_xattr_block_set (2)
8 views
Skip to first unread message
syzbot
Mar 8, 2023, 11:59:38 AM3/8/23
to adilger...@dilger.ca, linux...@vger.kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot found the following issue on:
HEAD commit: 0988a0ea7919 Merge tag 'for-v6.3-part2' of git://git.kerne..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17319698c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f763d89e26d3d4c4
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120ab7acc80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17459908c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e0aa29e9ae74/disk-0988a0ea.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6f64db0b58ef/vmlinux-0988a0ea.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db391408e15d/bzImage-0988a0ea.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/40fdb4293020/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6385d7...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 5338 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
Modules linked in:
CPU: 0 PID: 5338 Comm: syz-executor395 Not tainted 6.2.0-syzkaller-13467-g0988a0ea7919 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Code: b3 3d ff 48 8b 7c 24 50 4c 89 ee e8 88 2f c1 ff 45 31 ed e9 86 f4 ff ff e8 1b b3 3d ff 45 31 ed e9 79 f4 ff ff e8 0e b3 3d ff <0f> 0b e9 5d f2 ff ff e8 02 b3 3d ff 0f 0b 43 80 3c 26 00 0f 85 6f
RSP: 0018:ffffc90004a0f4a0 EFLAGS: 00010293
RAX: ffffffff824f0a52 RBX: 1ffff92000941f11 RCX: ffff888029c61d40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc90004a0f6d0 R08: ffffffff8213bec0 R09: ffffed100e12d2ae
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004a0f860
FS: 00007f3928dee700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3920a0d000 CR3: 000000001c94d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x347e/0x43d0 fs/ext4/ialloc.c:1324
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2992
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3928e426d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3928dee2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f3928ec77a0 RCX: 00007f3928e426d9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007f3928e94590 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3928e940c0
R13: 3d6469677365722c R14: 0030656c69662f2e R15: 00007f3928ec77a8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 0988a0ea7919 Merge tag 'for-v6.3-part2' of git://git.kerne..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17319698c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f763d89e26d3d4c4
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120ab7acc80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17459908c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e0aa29e9ae74/disk-0988a0ea.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6f64db0b58ef/vmlinux-0988a0ea.xz
kernel image: https://storage.googleapis.com/syzbot-assets/db391408e15d/bzImage-0988a0ea.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/40fdb4293020/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6385d7...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 5338 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
Modules linked in:
CPU: 0 PID: 5338 Comm: syz-executor395 Not tainted 6.2.0-syzkaller-13467-g0988a0ea7919 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Code: b3 3d ff 48 8b 7c 24 50 4c 89 ee e8 88 2f c1 ff 45 31 ed e9 86 f4 ff ff e8 1b b3 3d ff 45 31 ed e9 79 f4 ff ff e8 0e b3 3d ff <0f> 0b e9 5d f2 ff ff e8 02 b3 3d ff 0f 0b 43 80 3c 26 00 0f 85 6f
RSP: 0018:ffffc90004a0f4a0 EFLAGS: 00010293
RAX: ffffffff824f0a52 RBX: 1ffff92000941f11 RCX: ffff888029c61d40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc90004a0f6d0 R08: ffffffff8213bec0 R09: ffffed100e12d2ae
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004a0f860
FS: 00007f3928dee700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3920a0d000 CR3: 000000001c94d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x347e/0x43d0 fs/ext4/ialloc.c:1324
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2992
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3928e426d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3928dee2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f3928ec77a0 RCX: 00007f3928e426d9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007f3928e94590 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3928e940c0
R13: 3d6469677365722c R14: 0030656c69662f2e R15: 00007f3928ec77a8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Theodore Ts'o
May 3, 2023, 4:28:36 PM5/3/23
to syzbot, adilger...@dilger.ca, linux...@vger.kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..dab33412b858 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6638,6 +6638,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
return 0;
restore_opts:
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..dab33412b858 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6638,6 +6638,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
return 0;
restore_opts:
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
syzbot
May 3, 2023, 5:08:32 PM5/3/23
to adilger...@dilger.ca, linux...@vger.kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5863 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
Modules linked in:
CPU: 1 PID: 5863 Comm: syz-executor.1 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RSP: 0018:ffffc900062df4a0 EFLAGS: 00010293
RAX: ffffffff824a9302 RBX: 1ffff92000c5bf11 RCX: ffff888077008000
FS: 00007faf2d136700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf2d136168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007faf2c5abf80 RCX: 00007faf2c48c0f9
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76b57a0f R14: 00007faf2d136300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=16366e18280000
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5863 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
Modules linked in:
CPU: 1 PID: 5863 Comm: syz-executor.1 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Code: da 3f ff 48 8b 7c 24 50 4c 89 ee e8 98 36 c2 ff 45 31 ed e9 86 f4 ff ff e8 2b da 3f ff 45 31 ed e9 79 f4 ff ff e8 1e da 3f ff <0f> 0b e9 5d f2 ff ff e8 12 da 3f ff 0f 0b 43 80 3c 26 00 0f 85 6f
RSP: 0018:ffffc900062df4a0 EFLAGS: 00010293
RAX: ffffffff824a9302 RBX: 1ffff92000c5bf11 RCX: ffff888077008000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc900062df6d0 R08: ffffffff82103f70 R09: ffffed100d986aae
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900062df860
FS: 00007faf2d136700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1f5413f440 CR3: 000000006a2a8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7faf2c48c0f9
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf2d136168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007faf2c5abf80 RCX: 00007faf2c48c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007faf2c4e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd76b57a0f R14: 00007faf2d136300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=16366e18280000
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10c9cef2280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 3, 2023, 10:12:41 PM5/3/23
to syzbot, syzkall...@googlegroups.com
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..84f309907d58 100644
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6638,6 +6638,17 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
return 0;
restore_opts:
+ ext4_warning(sb, "remount failed! was %s attempted %s",
+ (old_sb_flags & SB_RDONLY) ? "ro" : "rw",
+ (sb->s_flags & SB_RDONLY) ? "ro" : "rw");
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
@@ -6678,8 +6689,8 @@ static int ext4_reconfigure(struct fs_context *fc)
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
if (ret < 0)
return ret;
- ext4_msg(sb, KERN_INFO, "re-mounted %pU. Quota mode: %s.",
- &sb->s_uuid, ext4_quota_mode(sb));
+ ext4_msg(sb, KERN_INFO, "re-mounted %pU %s. Quota mode: %s.",
+ &sb->s_uuid, sb_rdonly(sb) ? "ro" : "rw", ext4_quota_mode(sb));
return 0;
}
syzbot
May 4, 2023, 12:03:19 AM5/4/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5608 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 5608 Comm: syz-executor.3 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Code: d6 3f ff 48 8b 7c 24 50 4c 89 ee e8 28 33 c2 ff 45 31 ed e9 86 f4 ff ff e8 bb d6 3f ff 45 31 ed e9 79 f4 ff ff e8 ae d6 3f ff <0f> 0b e9 5d f2 ff ff e8 a2 d6 3f ff 0f 0b 43 80 3c 26 00 0f 85 6f
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
RSP: 0018:ffffc900063074a0 EFLAGS: 00010293
RAX: ffffffff824a9672 RBX: 1ffff92000c60f11 RCX: ffff88801f7ed7c0
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc900063076d0 R08: ffffffff82103f70 R09: ffffed100fa6f2ae
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90006307860
FS: 00007fb423d32700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562b4851f950 CR3: 0000000023075000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb42308c0f9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb423d32168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb4231abf80 RCX: 00007fb42308c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007fb4230e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffef032261f R14: 00007fb423d32300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=1231b538280000
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11cb6014280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 4, 2023, 9:13:40 PM5/4/23
to syzbot, syzkall...@googlegroups.com
More debugging to understand what might be going on....
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..97ac037d6889 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6487,12 +6487,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
}
if (fc->sb_flags & SB_RDONLY) {
+ ext4_warning(sb, "Remounting file system r/o");
err = sync_filesystem(sb);
if (err < 0)
goto restore_opts;
err = dquot_suspend(sb, -1);
if (err < 0)
goto restore_opts;
+ ext4_warning(sb, "Quota suspended");
/*
* First of all, the unconditional stuff we have to do
@@ -6620,12 +6622,20 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
for (i = 0; i < EXT4_MAXQUOTAS; i++)
kfree(old_opts.s_qf_names[i]);
if (enable_quota) {
- if (sb_any_quota_suspended(sb))
+ ext4_warning(sb, "trying to enable quota");
+ if (sb_any_quota_suspended(sb)) {
dquot_resume(sb, -1);
+ ext4_warning(sb, "resumed quota");
+ }
else if (ext4_has_feature_quota(sb)) {
err = ext4_enable_quotas(sb);
- if (err)
+ if (err) {
+ ext4_warning(sb, "failed to enable quota: %d",
+ err);
goto restore_opts;
+ }
+ ext4_warning(sb, "enabled quota");
+
}
}
#endif
@@ -6638,6 +6648,17 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6487,12 +6487,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
}
if (fc->sb_flags & SB_RDONLY) {
+ ext4_warning(sb, "Remounting file system r/o");
err = sync_filesystem(sb);
if (err < 0)
goto restore_opts;
err = dquot_suspend(sb, -1);
if (err < 0)
goto restore_opts;
+ ext4_warning(sb, "Quota suspended");
/*
* First of all, the unconditional stuff we have to do
@@ -6620,12 +6622,20 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
for (i = 0; i < EXT4_MAXQUOTAS; i++)
kfree(old_opts.s_qf_names[i]);
if (enable_quota) {
- if (sb_any_quota_suspended(sb))
+ ext4_warning(sb, "trying to enable quota");
+ if (sb_any_quota_suspended(sb)) {
dquot_resume(sb, -1);
+ ext4_warning(sb, "resumed quota");
+ }
else if (ext4_has_feature_quota(sb)) {
err = ext4_enable_quotas(sb);
- if (err)
+ if (err) {
+ ext4_warning(sb, "failed to enable quota: %d",
+ err);
goto restore_opts;
+ }
+ ext4_warning(sb, "enabled quota");
+
}
}
#endif
@@ -6638,6 +6648,17 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
return 0;
restore_opts:
+ ext4_warning(sb, "remount failed! was %s attempted %s",
+ (old_sb_flags & SB_RDONLY) ? "ro" : "rw",
+ (sb->s_flags & SB_RDONLY) ? "ro" : "rw");
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
@@ -6678,8 +6699,8 @@ static int ext4_reconfigure(struct fs_context *fc)
restore_opts:
+ ext4_warning(sb, "remount failed! was %s attempted %s",
+ (old_sb_flags & SB_RDONLY) ? "ro" : "rw",
+ (sb->s_flags & SB_RDONLY) ? "ro" : "rw");
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
syzbot
May 4, 2023, 10:10:33 PM5/4/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7179 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 7179 Comm: syz-executor.3 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
Code: d6 3f ff 48 8b 7c 24 50 4c 89 ee e8 68 32 c2 ff 45 31 ed e9 86 f4 ff ff e8 fb d5 3f ff 45 31 ed e9 79 f4 ff ff e8 ee d5 3f ff <0f> 0b e9 5d f2 ff ff e8 e2 d5 3f ff 0f 0b 43 80 3c 26 00 0f 85 6f
RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 fs/ext4/xattr.c:2141
RSP: 0018:ffffc900056974a0 EFLAGS: 00010293
RAX: ffffffff824a9732 RBX: 1ffff92000ad2f11 RCX: ffff88807a75ba80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc900056976d0 R08: ffffffff82103f70 R09: ffffed100d2cc2ae
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90005697860
FS: 00007fb2fb670700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8835f84998 CR3: 0000000069059000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb2fa88c0f9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2458
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb2fb670168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb2fa9abf80 RCX: 00007fb2fa88c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007fb2fa8e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd47eb73df R14: 00007fb2fb670300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=161ea482280000
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=160a6a12280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 5, 2023, 12:34:58 AM5/5/23
to syzbot, syzkall...@googlegroups.com
Yet more printk debugging...
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 767454d74cd6..1037ed9e350f 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2138,6 +2138,8 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
/* We need to allocate a new block */
ext4_fsblk_t goal, block;
+ if (dquot_initialize_needed(inode))
+ ext4_warning(sb, "dquot initialize needed");
WARN_ON_ONCE(dquot_initialize_needed(inode));
goal = ext4_group_first_block_no(sb,
index 767454d74cd6..1037ed9e350f 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2138,6 +2138,8 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
/* We need to allocate a new block */
ext4_fsblk_t goal, block;
+ if (dquot_initialize_needed(inode))
+ ext4_warning(sb, "dquot initialize needed");
WARN_ON_ONCE(dquot_initialize_needed(inode));
goal = ext4_group_first_block_no(sb,
syzbot
May 5, 2023, 1:35:30 AM5/5/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5979 at fs/ext4/xattr.c:2143 ext4_xattr_block_set+0x2f29/0x36b0
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 5979 Comm: syz-executor.0 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2f29/0x36b0 fs/ext4/xattr.c:2143
Code: d5 3f ff 48 8b 7c 24 50 4c 89 ee e8 31 32 c2 ff 45 31 ed e9 86 f4 ff ff e8 c4 d5 3f ff 45 31 ed e9 79 f4 ff ff e8 b7 d5 3f ff <0f> 0b e9 5d f2 ff ff e8 ab d5 3f ff 0f 0b 43 80 3c 26 00 0f 85 38
RSP: 0018:ffffc900076a74a0 EFLAGS: 00010293
RAX: ffffffff824a9769 RBX: 1ffff92000ed4f11 RCX: ffff888024e39d40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc900076a76d0 R08: ffffffff82103f70 R09: fffff52000ed4e25
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc900076a7860
FS: 00007fb727737700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5618378718 CR3: 0000000024d30000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2460
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb726a8c0f9
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x341c/0x42e0 fs/ext4/ialloc.c:1322
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb727737168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007fb726babf80 RCX: 00007fb726a8c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007fb726ae7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff84bda26f R14: 00007fb727737300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=1279bbd2280000
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1378dc4c280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 5, 2023, 12:04:03 PM5/5/23
to syzbot, syzkall...@googlegroups.com
OK, I think I see the race; the problem is that remounting read-only
is not something which is atomic, and it's possible that quotas get
suspended while the mkdir operation is still happening.
I'm not sure how much we care; it's not clear remounting read-only
needs to be an atomic operation, and so doing a full file system
freeze just to remount only might be overkill. We could just check to
see if the superblock has gone read-only earlier and just return
-EROFS earlier, before we would hit the WARN_ON_ONCE().
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 787ab89c2c26..4d818a9249bc 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -950,6 +950,11 @@ struct inode *__ext4_new_inode(struct mnt_idmap *idmap,
sb = dir->i_sb;
sbi = EXT4_SB(sb);
+ if (unlikely(sb_rdonly(sb))) {
+ ext4_warning(sb, "sb read-only");
+ // return ERR_PTR(-EROFS);
+ }
+
if (unlikely(ext4_forced_shutdown(sbi)))
return ERR_PTR(-EIO);
is not something which is atomic, and it's possible that quotas get
suspended while the mkdir operation is still happening.
I'm not sure how much we care; it's not clear remounting read-only
needs to be an atomic operation, and so doing a full file system
freeze just to remount only might be overkill. We could just check to
see if the superblock has gone read-only earlier and just return
-EROFS earlier, before we would hit the WARN_ON_ONCE().
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 787ab89c2c26..4d818a9249bc 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -950,6 +950,11 @@ struct inode *__ext4_new_inode(struct mnt_idmap *idmap,
sb = dir->i_sb;
sbi = EXT4_SB(sb);
+ if (unlikely(sb_rdonly(sb))) {
+ ext4_warning(sb, "sb read-only");
+ // return ERR_PTR(-EROFS);
+ }
+
if (unlikely(ext4_forced_shutdown(sbi)))
return ERR_PTR(-EIO);
syzbot
May 5, 2023, 1:27:23 PM5/5/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7140 at fs/ext4/xattr.c:2143 ext4_xattr_block_set+0x2f29/0x36b0
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 7140 Comm: syz-executor.3 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2f29/0x36b0 fs/ext4/xattr.c:2143
Code: d5 3f ff 48 8b 7c 24 50 4c 89 ee e8 e1 31 c2 ff 45 31 ed e9 86 f4 ff ff e8 74 d5 3f ff 45 31 ed e9 79 f4 ff ff e8 67 d5 3f ff <0f> 0b e9 5d f2 ff ff e8 5b d5 3f ff 0f 0b 43 80 3c 26 00 0f 85 38
RIP: 0010:ext4_xattr_block_set+0x2f29/0x36b0 fs/ext4/xattr.c:2143
RSP: 0018:ffffc900049574a0 EFLAGS: 00010293
RAX: ffffffff824a97b9 RBX: 1ffff9200092af11 RCX: ffff88801ff357c0
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc900049576d0 R08: ffffffff82103f70 R09: ffffed101730515b
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004957860
FS: 00007f0f72a14700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0f729f3718 CR3: 0000000070fd0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2460
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x3461/0x4330 fs/ext4/ialloc.c:1327
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2460
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0f71c8c0f9
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f0f72a14168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f0f71dabf80 RCX: 00007f0f71c8c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007f0f71ce7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd79d44ccf R14: 00007f0f72a14300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=134d76f2280000
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=113f7b6a280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 5, 2023, 2:02:27 PM5/5/23
to syzbot, syzkall...@googlegroups.com
The logs seem to be showing a different race this time. Could it be
that the VFS is creating two different struct super's for the same
block device?!? It looks like there are two separate loop3 mounts
from two different racing threads from the syzbot reproducer.
Adding yet more debugging messages...
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 787ab89c2c26..4d818a9249bc 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -950,6 +950,11 @@ struct inode *__ext4_new_inode(struct mnt_idmap *idmap,
sb = dir->i_sb;
sbi = EXT4_SB(sb);
+ if (unlikely(sb_rdonly(sb))) {
+ ext4_warning(sb, "sb read-only");
+ // return ERR_PTR(-EROFS);
+ }
+
if (unlikely(ext4_forced_shutdown(sbi)))
return ERR_PTR(-EIO);
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..883ce83968e9 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -767,8 +767,8 @@ void __ext4_error(struct super_block *sb, const char *function,
vaf.fmt = fmt;
vaf.va = &args;
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: comm %s: %pV\n",
- sb->s_id, function, line, current->comm, &vaf);
+ "EXT4-fs error (device %s ptr %px): %s:%d: comm %s: %pV\n",
+ sb->s_id, sb, function, line, current->comm, &vaf);
va_end(args);
}
fsnotify_sb_error(sb, NULL, error ? error : EFSCORRUPTED);
@@ -792,14 +792,14 @@ void __ext4_error_inode(struct inode *inode, const char *function,
vaf.fmt = fmt;
vaf.va = &args;
if (block)
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: "
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: "
"inode #%lu: block %llu: comm %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
block, current->comm, &vaf);
else
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: "
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: "
"inode #%lu: comm %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
current->comm, &vaf);
va_end(args);
}
@@ -831,15 +831,15 @@ void __ext4_error_file(struct file *file, const char *function,
vaf.va = &args;
if (block)
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: inode #%lu: "
+ "EXT4-fs error (device %s ptr %px): %s:%d: inode #%lu: "
"block %llu: comm %s: path %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
block, current->comm, path, &vaf);
else
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: inode #%lu: "
+ "EXT4-fs error (device %s ptr %px): %s:%d: inode #%lu: "
"comm %s: path %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
current->comm, path, &vaf);
va_end(args);
}
@@ -909,8 +909,8 @@ void __ext4_std_error(struct super_block *sb, const char *function,
if (ext4_error_ratelimit(sb)) {
errstr = ext4_decode_error(sb, errno, nbuf);
- printk(KERN_CRIT "EXT4-fs error (device %s) in %s:%d: %s\n",
- sb->s_id, function, line, errstr);
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px) in %s:%d: %s\n",
+ sb->s_id, sb, function, line, errstr);
}
fsnotify_sb_error(sb, NULL, errno ? errno : EFSCORRUPTED);
@@ -959,8 +959,8 @@ void __ext4_warning(struct super_block *sb, const char *function,
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
- printk(KERN_WARNING "EXT4-fs warning (device %s): %s:%d: %pV\n",
- sb->s_id, function, line, &vaf);
+ printk(KERN_WARNING "EXT4-fs warning (device %s ptr %px): %s:%d: %pV\n",
+ sb->s_id, sb, function, line, &vaf);
va_end(args);
}
@@ -1000,8 +1000,8 @@ __acquires(bitlock)
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: group %u, ",
- sb->s_id, function, line, grp);
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: group %u, ",
+ sb->s_id, sb, function, line, grp);
if (ino)
printk(KERN_CONT "inode %lu: ", ino);
if (block)
index 767454d74cd6..fe47fc8e1b02 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2138,6 +2138,9 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
+ sb_rdonly(sb) ? "ro" : "rw");
WARN_ON_ONCE(dquot_initialize_needed(inode));
goal = ext4_group_first_block_no(sb,
that the VFS is creating two different struct super's for the same
block device?!? It looks like there are two separate loop3 mounts
from two different racing threads from the syzbot reproducer.
Adding yet more debugging messages...
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
index 787ab89c2c26..4d818a9249bc 100644
--- a/fs/ext4/ialloc.c
+++ b/fs/ext4/ialloc.c
@@ -950,6 +950,11 @@ struct inode *__ext4_new_inode(struct mnt_idmap *idmap,
sb = dir->i_sb;
sbi = EXT4_SB(sb);
+ if (unlikely(sb_rdonly(sb))) {
+ ext4_warning(sb, "sb read-only");
+ // return ERR_PTR(-EROFS);
+ }
+
if (unlikely(ext4_forced_shutdown(sbi)))
return ERR_PTR(-EIO);
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -767,8 +767,8 @@ void __ext4_error(struct super_block *sb, const char *function,
vaf.fmt = fmt;
vaf.va = &args;
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: comm %s: %pV\n",
- sb->s_id, function, line, current->comm, &vaf);
+ "EXT4-fs error (device %s ptr %px): %s:%d: comm %s: %pV\n",
+ sb->s_id, sb, function, line, current->comm, &vaf);
va_end(args);
}
fsnotify_sb_error(sb, NULL, error ? error : EFSCORRUPTED);
@@ -792,14 +792,14 @@ void __ext4_error_inode(struct inode *inode, const char *function,
vaf.fmt = fmt;
vaf.va = &args;
if (block)
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: "
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: "
"inode #%lu: block %llu: comm %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
block, current->comm, &vaf);
else
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: "
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: "
"inode #%lu: comm %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
current->comm, &vaf);
va_end(args);
}
@@ -831,15 +831,15 @@ void __ext4_error_file(struct file *file, const char *function,
vaf.va = &args;
if (block)
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: inode #%lu: "
+ "EXT4-fs error (device %s ptr %px): %s:%d: inode #%lu: "
"block %llu: comm %s: path %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
block, current->comm, path, &vaf);
else
printk(KERN_CRIT
- "EXT4-fs error (device %s): %s:%d: inode #%lu: "
+ "EXT4-fs error (device %s ptr %px): %s:%d: inode #%lu: "
"comm %s: path %s: %pV\n",
- inode->i_sb->s_id, function, line, inode->i_ino,
+ inode->i_sb->s_id, inode->i_sb, function, line, inode->i_ino,
current->comm, path, &vaf);
va_end(args);
}
@@ -909,8 +909,8 @@ void __ext4_std_error(struct super_block *sb, const char *function,
if (ext4_error_ratelimit(sb)) {
errstr = ext4_decode_error(sb, errno, nbuf);
- printk(KERN_CRIT "EXT4-fs error (device %s) in %s:%d: %s\n",
- sb->s_id, function, line, errstr);
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px) in %s:%d: %s\n",
+ sb->s_id, sb, function, line, errstr);
}
fsnotify_sb_error(sb, NULL, errno ? errno : EFSCORRUPTED);
@@ -959,8 +959,8 @@ void __ext4_warning(struct super_block *sb, const char *function,
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
- printk(KERN_WARNING "EXT4-fs warning (device %s): %s:%d: %pV\n",
- sb->s_id, function, line, &vaf);
+ printk(KERN_WARNING "EXT4-fs warning (device %s ptr %px): %s:%d: %pV\n",
+ sb->s_id, sb, function, line, &vaf);
va_end(args);
}
@@ -1000,8 +1000,8 @@ __acquires(bitlock)
va_start(args, fmt);
vaf.fmt = fmt;
vaf.va = &args;
- printk(KERN_CRIT "EXT4-fs error (device %s): %s:%d: group %u, ",
- sb->s_id, function, line, grp);
+ printk(KERN_CRIT "EXT4-fs error (device %s ptr %px): %s:%d: group %u, ",
+ sb->s_id, sb, function, line, grp);
if (ino)
printk(KERN_CONT "inode %lu: ", ino);
if (block)
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -2138,6 +2138,9 @@ ext4_xattr_block_set(handle_t *handle, struct inode *inode,
/* We need to allocate a new block */
ext4_fsblk_t goal, block;
+ if (dquot_initialize_needed(inode))
+ ext4_warning(sb, "dquot initialize needed %s",
ext4_fsblk_t goal, block;
+ if (dquot_initialize_needed(inode))
+ sb_rdonly(sb) ? "ro" : "rw");
WARN_ON_ONCE(dquot_initialize_needed(inode));
goal = ext4_group_first_block_no(sb,
syzbot
May 5, 2023, 2:29:22 PM5/5/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
EXT4-fs warning (device loop5 ptr ffff888022a2a000): ext4_xattr_block_set:2143: dquot initialize needed rw
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in ext4_xattr_block_set
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7075 at fs/ext4/xattr.c:2144 ext4_xattr_block_set+0x2f6c/0x3700
Modules linked in:
CPU: 0 PID: 7075 Comm: syz-executor.5 Not tainted 6.3.0-rc3-syzkaller-00111-gd4fab7b28e2f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:ext4_xattr_block_set+0x2f6c/0x3700 fs/ext4/xattr.c:2144
Code: d5 3f ff 48 8b 7c 24 50 4c 89 ee e8 7e 31 c2 ff 45 31 ed e9 86 f4 ff ff e8 11 d5 3f ff 45 31 ed e9 79 f4 ff ff e8 04 d5 3f ff <0f> 0b e9 5d f2 ff ff e8 f8 d4 3f ff 0f 0b 43 80 3c 26 00 0f 85 f5
RSP: 0018:ffffc9000483f4a0 EFLAGS: 00010293
RAX: ffffffff824a981c RBX: ffffffff8afdab80 RCX: ffff88806c7c9d40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc9000483f6d0 R08: ffffffff82103f70 R09: fffffbfff205c04c
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff888022a2a000 R15: ffffc9000483f860
FS: 00007f59ae02c700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0012a7000 CR3: 000000006a81c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_xattr_set_handle+0xcd4/0x15c0 fs/ext4/xattr.c:2461
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_initxattrs+0xa3/0x110 fs/ext4/xattr_security.c:44
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x3461/0x4330 fs/ext4/ialloc.c:1327
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f59ad28c0f9
security_inode_init_security+0x2df/0x3f0 security/security.c:1147
__ext4_new_inode+0x3461/0x4330 fs/ext4/ialloc.c:1327
ext4_mkdir+0x425/0xce0 fs/ext4/namei.c:2991
vfs_mkdir+0x29d/0x450 fs/namei.c:4038
do_mkdirat+0x264/0x520 fs/namei.c:4061
__do_sys_mkdirat fs/namei.c:4076 [inline]
__se_sys_mkdirat fs/namei.c:4074 [inline]
__x64_sys_mkdirat+0x89/0xa0 fs/namei.c:4074
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f59ae02c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f59ad3ac050 RCX: 00007f59ad28c0f9
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007f59ad2e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc0ef26e1f R14: 00007f59ae02c300 R15: 0000000000022000
</TASK>
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=167a5cca280000
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=16c8ee22280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
May 5, 2023, 3:59:50 PM5/5/23
to syzbot, syzkall...@googlegroups.com
Once more unto the breach, dear friends, once more...
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..5c79ed46e2cf 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6387,6 +6387,7 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
struct ext4_mount_options old_opts;
ext4_group_t g;
int err = 0;
+ int enable_rw = 0;
#ifdef CONFIG_QUOTA
int enable_quota = 0;
int i, j;
@@ -6487,12 +6488,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
if (err)
goto restore_opts;
- sb->s_flags &= ~SB_RDONLY;
if (ext4_has_feature_mmp(sb)) {
err = ext4_multi_mount_protect(sb,
le64_to_cpu(es->s_mmp_block));
if (err)
goto restore_opts;
}
+ enable_rw = 1;
#ifdef CONFIG_QUOTA
enable_quota = 1;
#endif
@@ -6620,24 +6623,46 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
ext4_release_system_zone(sb);
+ if (enable_rw)
+ sb->s_flags &= ~SB_RDONLY;
+
if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb))
ext4_stop_mmpd(sbi);
return 0;
restore_opts:
+ ext4_warning(sb, "remount failed! was %s attempted %s",
+ (old_sb_flags & SB_RDONLY) ? "ro" : "rw",
+ (sb->s_flags & SB_RDONLY) ? "ro" : "rw");
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
@@ -6678,8 +6703,8 @@ static int ext4_reconfigure(struct fs_context *fc)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 39f00f05f981..5c79ed46e2cf 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6387,6 +6387,7 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
struct ext4_mount_options old_opts;
ext4_group_t g;
int err = 0;
+ int enable_rw = 0;
#ifdef CONFIG_QUOTA
int enable_quota = 0;
int i, j;
@@ -6487,12 +6488,14 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
}
if (fc->sb_flags & SB_RDONLY) {
+ ext4_warning(sb, "Remounting file system r/o");
err = sync_filesystem(sb);
if (err < 0)
goto restore_opts;
err = dquot_suspend(sb, -1);
if (err < 0)
goto restore_opts;
+ ext4_warning(sb, "Quota suspended");
/*
* First of all, the unconditional stuff we have to do
@@ -6573,13 +6576,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
if (fc->sb_flags & SB_RDONLY) {
+ ext4_warning(sb, "Remounting file system r/o");
err = sync_filesystem(sb);
if (err < 0)
goto restore_opts;
err = dquot_suspend(sb, -1);
if (err < 0)
goto restore_opts;
+ ext4_warning(sb, "Quota suspended");
/*
* First of all, the unconditional stuff we have to do
if (err)
goto restore_opts;
- sb->s_flags &= ~SB_RDONLY;
if (ext4_has_feature_mmp(sb)) {
err = ext4_multi_mount_protect(sb,
le64_to_cpu(es->s_mmp_block));
if (err)
goto restore_opts;
}
+ enable_rw = 1;
#ifdef CONFIG_QUOTA
enable_quota = 1;
#endif
@@ -6620,24 +6623,46 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
for (i = 0; i < EXT4_MAXQUOTAS; i++)
kfree(old_opts.s_qf_names[i]);
if (enable_quota) {
- if (sb_any_quota_suspended(sb))
+ ext4_warning(sb, "trying to enable quota");
+ if (sb_any_quota_suspended(sb)) {
dquot_resume(sb, -1);
+ ext4_warning(sb, "resumed quota");
+ }
else if (ext4_has_feature_quota(sb)) {
err = ext4_enable_quotas(sb);
- if (err)
+ if (err) {
+ ext4_warning(sb, "failed to enable quota: %d",
+ err);
goto restore_opts;
+ }
+ ext4_warning(sb, "enabled quota");
+
}
}
#endif
if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks)
kfree(old_opts.s_qf_names[i]);
if (enable_quota) {
- if (sb_any_quota_suspended(sb))
+ ext4_warning(sb, "trying to enable quota");
+ if (sb_any_quota_suspended(sb)) {
dquot_resume(sb, -1);
+ ext4_warning(sb, "resumed quota");
+ }
else if (ext4_has_feature_quota(sb)) {
err = ext4_enable_quotas(sb);
- if (err)
+ if (err) {
+ ext4_warning(sb, "failed to enable quota: %d",
+ err);
goto restore_opts;
+ }
+ ext4_warning(sb, "enabled quota");
+
}
}
#endif
ext4_release_system_zone(sb);
+ if (enable_rw)
+ sb->s_flags &= ~SB_RDONLY;
+
if (!ext4_has_feature_mmp(sb) || sb_rdonly(sb))
ext4_stop_mmpd(sbi);
return 0;
restore_opts:
+ ext4_warning(sb, "remount failed! was %s attempted %s",
+ (old_sb_flags & SB_RDONLY) ? "ro" : "rw",
+ (sb->s_flags & SB_RDONLY) ? "ro" : "rw");
+ if ((sb->s_flags & SB_RDONLY) &&
+ !(old_sb_flags & SB_RDONLY)) {
+ ext4_warning(sb, "failing rw->ro transition");
+ if (sb_any_quota_suspended(sb)) {
+ ext4_warning(sb, "would resume quotas");
+// dquot_resume(sb, -1);
+ }
+ }
sb->s_flags = old_sb_flags;
sbi->s_mount_opt = old_opts.s_mount_opt;
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
syzbot
May 5, 2023, 5:00:31 PM5/5/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+6385d7...@syzkaller.appspotmail.com
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=12019bc4280000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+6385d7...@syzkaller.appspotmail.com
Tested on:
commit: d4fab7b2 ext4: clean up error handling in __ext4_fill_..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=15685322280000
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Theodore Ts'o
May 5, 2023, 11:25:49 PM5/5/23
to syzbot, syzkall...@googlegroups.com
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git tt/next
syzbot
May 6, 2023, 12:02:41 AM5/6/23
to syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+6385d7...@syzkaller.appspotmail.com
Tested on:
commit: 0a81bb2f ext4: improve error recovery code paths in __..
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+6385d7...@syzkaller.appspotmail.com
Tested on:
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git tt/next
console output: https://syzkaller.appspot.com/x/log.txt?x=1796b97a280000
kernel config: https://syzkaller.appspot.com/x/.config?x=acdb62bf488a8fe5
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
dashboard link: https://syzkaller.appspot.com/bug?extid=6385d7d3065524c5ca6d
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Reply all
Reply to author
Forward
0 new messages