[syzbot] [ext4?] INFO: task hung in ext4_quota_write
10 views
Skip to first unread message
syzbot
Jan 1, 2024, 7:06:22āÆAMJan 1
to adilger...@dilger.ca, linux...@vger.kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot found the following issue on:
HEAD commit: f5837722ffec Merge tag 'mm-hotfixes-stable-2023-12-27-15-0..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=126518f9e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f8e72bae38c079e4
dashboard link: https://syzkaller.appspot.com/bug?extid=a43d4f48b8397d0e41a9
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ca19a1e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13177855e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/82ead61bb986/disk-f5837722.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3f5c4dfe98d4/vmlinux-f5837722.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0522c559ed12/bzImage-f5837722.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/dae235506b29/mount_1.gz
Bisection is inconclusive: the issue happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12ed91c9e80000
final oops: https://syzkaller.appspot.com/x/report.txt?x=11ed91c9e80000
console output: https://syzkaller.appspot.com/x/log.txt?x=16ed91c9e80000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a43d4f...@syzkaller.appspotmail.com
INFO: task syz-executor323:5064 blocked for more than 143 seconds.
Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor323 state:D stack:19696 pid:5064 tgid:5064 ppid:5062 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5376 [inline]
__schedule+0x1961/0x4ab0 kernel/sched/core.c:6688
__schedule_loop kernel/sched/core.c:6763 [inline]
schedule+0x149/0x260 kernel/sched/core.c:6778
io_schedule+0x8c/0x100 kernel/sched/core.c:8998
bit_wait_io+0x12/0xc0 kernel/sched/wait_bit.c:209
__wait_on_bit_lock+0xd1/0x530 kernel/sched/wait_bit.c:90
out_of_line_wait_on_bit_lock+0x1d4/0x250 kernel/sched/wait_bit.c:117
lock_buffer include/linux/buffer_head.h:404 [inline]
ext4_quota_write+0x37c/0x580 fs/ext4/super.c:7251
qtree_write_dquot+0x243/0x530 fs/quota/quota_tree.c:431
v2_write_dquot+0x120/0x190 fs/quota/quota_v2.c:358
dquot_commit+0x3c4/0x520 fs/quota/dquot.c:512
ext4_write_dquot+0x1f2/0x2c0 fs/ext4/super.c:6877
mark_dquot_dirty fs/quota/dquot.c:372 [inline]
mark_all_dquot_dirty fs/quota/dquot.c:410 [inline]
dquot_alloc_inode+0x69f/0xb70 fs/quota/dquot.c:1780
ext4_xattr_inode_alloc_quota fs/ext4/xattr.c:932 [inline]
ext4_xattr_set_entry+0xaf3/0x3fc0 fs/ext4/xattr.c:1715
ext4_xattr_block_set+0x6a2/0x35e0 fs/ext4/xattr.c:1970
ext4_xattr_set_handle+0xcdf/0x1570 fs/ext4/xattr.c:2456
ext4_xattr_set+0x241/0x3d0 fs/ext4/xattr.c:2558
__vfs_setxattr+0x460/0x4a0 fs/xattr.c:201
__vfs_setxattr_noperm+0x12e/0x5e0 fs/xattr.c:235
vfs_setxattr+0x221/0x420 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x25d/0x2f0 fs/xattr.c:653
path_setxattr+0x1c0/0x2a0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xbb/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7faba3ffbd99
RSP: 002b:00007ffea2f3e548 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007faba3ffbd99
RDX: 0000000020000380 RSI: 0000000020000340 RDI: 00000000200002c0
RBP: 00007faba40705f0 R08: 0000000000000000 R09: 00005555570644c0
R10: 000000000000ffed R11: 0000000000000246 R12: 00007ffea2f3e570
R13: 00007ffea2f3e798 R14: 431bde82d7b634db R15: 00007faba404503b
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:301 [inline]
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/4822:
#0: ffff88814b3dc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 drivers/tty/n_tty.c:2201
6 locks held by syz-executor323/5064:
#0: ffff88801da0e418 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:404
#1: ffff888078454000 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff888078454000 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: vfs_setxattr+0x1e1/0x420 fs/xattr.c:321
#2: ffff888078453cc8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff888078453cc8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x277/0x1570 fs/ext4/xattr.c:2371
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: dquot_alloc_inode+0x1ab/0xb70 fs/quota/dquot.c:1758
#4: ffff88807879c0a8 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x5b/0x520 fs/quota/dquot.c:505
#5: ffff88801da0e210 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_write_dquot+0x90/0x190 fs/quota/quota_v2.c:356
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
nmi_cpu_backtrace+0x498/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x310 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xfaf/0xff0 kernel/hung_task.c:379
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:67 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:103 [inline]
RIP: 0010:lock_acquire+0x176/0x530 kernel/locking/lockdep.c:5750
Code: 8d bc 24 80 00 00 00 4c 89 fb 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 ff e8 c7 59 7d 00 48 c7 84 24 80 00 00 00 00 00 00 00 9c <8f> 84 24 80 00 00 00 42 80 3c 2b 00 74 08 4c 89 ff e8 04 59 7d 00
RSP: 0018:ffffc90000b8f798 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff92000171f04 RCX: ffffffff816d25b4
RDX: 0000000000000000 RSI: ffffffff8bbde140 RDI: ffffffff8bbde100
RBP: ffffc90000b8f8e8 R08: ffffffff8f00c16f R09: 1ffffffff1e0182d
R10: dffffc0000000000 R11: fffffbfff1e0182e R12: 1ffff92000171efc
R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc90000b8f820
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f3ecba5680 CR3: 000000000d731000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
arch_jump_label_transform_queue+0x59/0xf0 arch/x86/kernel/jump_label.c:136
__jump_label_update+0x177/0x3a0 kernel/jump_label.c:475
static_key_disable_cpuslocked+0xce/0x1b0 kernel/jump_label.c:235
static_key_disable+0x1a/0x20 kernel/jump_label.c:243
toggle_allocation_gate+0x1b8/0x250 mm/kfence/core.c:835
process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x90f/0x1420 kernel/workqueue.c:2700
worker_thread+0xa5f/0x1000 kernel/workqueue.c:2781
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.110 msecs
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f5837722ffec Merge tag 'mm-hotfixes-stable-2023-12-27-15-0..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=126518f9e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f8e72bae38c079e4
dashboard link: https://syzkaller.appspot.com/bug?extid=a43d4f48b8397d0e41a9
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15ca19a1e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13177855e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/82ead61bb986/disk-f5837722.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3f5c4dfe98d4/vmlinux-f5837722.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0522c559ed12/bzImage-f5837722.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/dae235506b29/mount_1.gz
Bisection is inconclusive: the issue happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12ed91c9e80000
final oops: https://syzkaller.appspot.com/x/report.txt?x=11ed91c9e80000
console output: https://syzkaller.appspot.com/x/log.txt?x=16ed91c9e80000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a43d4f...@syzkaller.appspotmail.com
INFO: task syz-executor323:5064 blocked for more than 143 seconds.
Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor323 state:D stack:19696 pid:5064 tgid:5064 ppid:5062 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5376 [inline]
__schedule+0x1961/0x4ab0 kernel/sched/core.c:6688
__schedule_loop kernel/sched/core.c:6763 [inline]
schedule+0x149/0x260 kernel/sched/core.c:6778
io_schedule+0x8c/0x100 kernel/sched/core.c:8998
bit_wait_io+0x12/0xc0 kernel/sched/wait_bit.c:209
__wait_on_bit_lock+0xd1/0x530 kernel/sched/wait_bit.c:90
out_of_line_wait_on_bit_lock+0x1d4/0x250 kernel/sched/wait_bit.c:117
lock_buffer include/linux/buffer_head.h:404 [inline]
ext4_quota_write+0x37c/0x580 fs/ext4/super.c:7251
qtree_write_dquot+0x243/0x530 fs/quota/quota_tree.c:431
v2_write_dquot+0x120/0x190 fs/quota/quota_v2.c:358
dquot_commit+0x3c4/0x520 fs/quota/dquot.c:512
ext4_write_dquot+0x1f2/0x2c0 fs/ext4/super.c:6877
mark_dquot_dirty fs/quota/dquot.c:372 [inline]
mark_all_dquot_dirty fs/quota/dquot.c:410 [inline]
dquot_alloc_inode+0x69f/0xb70 fs/quota/dquot.c:1780
ext4_xattr_inode_alloc_quota fs/ext4/xattr.c:932 [inline]
ext4_xattr_set_entry+0xaf3/0x3fc0 fs/ext4/xattr.c:1715
ext4_xattr_block_set+0x6a2/0x35e0 fs/ext4/xattr.c:1970
ext4_xattr_set_handle+0xcdf/0x1570 fs/ext4/xattr.c:2456
ext4_xattr_set+0x241/0x3d0 fs/ext4/xattr.c:2558
__vfs_setxattr+0x460/0x4a0 fs/xattr.c:201
__vfs_setxattr_noperm+0x12e/0x5e0 fs/xattr.c:235
vfs_setxattr+0x221/0x420 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x25d/0x2f0 fs/xattr.c:653
path_setxattr+0x1c0/0x2a0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xbb/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7faba3ffbd99
RSP: 002b:00007ffea2f3e548 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007faba3ffbd99
RDX: 0000000020000380 RSI: 0000000020000340 RDI: 00000000200002c0
RBP: 00007faba40705f0 R08: 0000000000000000 R09: 00005555570644c0
R10: 000000000000ffed R11: 0000000000000246 R12: 00007ffea2f3e570
R13: 00007ffea2f3e798 R14: 431bde82d7b634db R15: 00007faba404503b
</TASK>
Showing all locks held in the system:
1 lock held by khungtaskd/29:
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:301 [inline]
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
#0: ffffffff8d92dae0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 kernel/locking/lockdep.c:6614
2 locks held by getty/4822:
#0: ffff88814b3dc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
#1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 drivers/tty/n_tty.c:2201
6 locks held by syz-executor323/5064:
#0: ffff88801da0e418 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:404
#1: ffff888078454000 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
#1: ffff888078454000 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: vfs_setxattr+0x1e1/0x420 fs/xattr.c:321
#2: ffff888078453cc8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_write_lock_xattr fs/ext4/xattr.h:155 [inline]
#2: ffff888078453cc8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_xattr_set_handle+0x277/0x1570 fs/ext4/xattr.c:2371
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:116 [inline]
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:215 [inline]
#3: ffffffff8da82710 (dquot_srcu){.+.+}-{0:0}, at: dquot_alloc_inode+0x1ab/0xb70 fs/quota/dquot.c:1758
#4: ffff88807879c0a8 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x5b/0x520 fs/quota/dquot.c:505
#5: ffff88801da0e210 (&s->s_dquot.dqio_sem){++++}-{3:3}, at: v2_write_dquot+0x90/0x190 fs/quota/quota_v2.c:356
=============================================
NMI backtrace for cpu 0
CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
nmi_cpu_backtrace+0x498/0x4d0 lib/nmi_backtrace.c:113
nmi_trigger_cpumask_backtrace+0x198/0x310 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:222 [inline]
watchdog+0xfaf/0xff0 kernel/hung_task.c:379
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 48 Comm: kworker/u4:3 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:67 [inline]
RIP: 0010:arch_local_irq_save arch/x86/include/asm/irqflags.h:103 [inline]
RIP: 0010:lock_acquire+0x176/0x530 kernel/locking/lockdep.c:5750
Code: 8d bc 24 80 00 00 00 4c 89 fb 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 ff e8 c7 59 7d 00 48 c7 84 24 80 00 00 00 00 00 00 00 9c <8f> 84 24 80 00 00 00 42 80 3c 2b 00 74 08 4c 89 ff e8 04 59 7d 00
RSP: 0018:ffffc90000b8f798 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 1ffff92000171f04 RCX: ffffffff816d25b4
RDX: 0000000000000000 RSI: ffffffff8bbde140 RDI: ffffffff8bbde100
RBP: ffffc90000b8f8e8 R08: ffffffff8f00c16f R09: 1ffffffff1e0182d
R10: dffffc0000000000 R11: fffffbfff1e0182e R12: 1ffff92000171efc
R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc90000b8f820
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f3ecba5680 CR3: 000000000d731000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
arch_jump_label_transform_queue+0x59/0xf0 arch/x86/kernel/jump_label.c:136
__jump_label_update+0x177/0x3a0 kernel/jump_label.c:475
static_key_disable_cpuslocked+0xce/0x1b0 kernel/jump_label.c:235
static_key_disable+0x1a/0x20 kernel/jump_label.c:243
toggle_allocation_gate+0x1b8/0x250 mm/kfence/core.c:835
process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x90f/0x1420 kernel/workqueue.c:2700
worker_thread+0xa5f/0x1000 kernel/workqueue.c:2781
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.110 msecs
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Edward Adam Davis
Jan 5, 2024, 9:29:24āÆAMJan 5
to syzbot+a43d4f...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
please test task hung in ext4_quota_write
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git f5837722ffec
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c5fcf377ab1f..cd9531db8472 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -7248,6 +7248,10 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
brelse(bh);
return err;
}
+ if (test_bit(BH_Lock, &bh->b_state)) {
+ brelse(bh);
+ return -EIO;
+ }
lock_buffer(bh);
memcpy(bh->b_data+offset, data, len);
flush_dcache_page(bh->b_page);
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git f5837722ffec
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index c5fcf377ab1f..cd9531db8472 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -7248,6 +7248,10 @@ static ssize_t ext4_quota_write(struct super_block *sb, int type,
brelse(bh);
return err;
}
+ if (test_bit(BH_Lock, &bh->b_state)) {
+ brelse(bh);
+ return -EIO;
+ }
lock_buffer(bh);
memcpy(bh->b_data+offset, data, len);
flush_dcache_page(bh->b_page);
syzbot
Jan 5, 2024, 9:57:04āÆAMJan 5
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+a43d4f...@syzkaller.appspotmail.com
Tested on:
commit: f5837722 Merge tag 'mm-hotfixes-stable-2023-12-27-15-0..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16076105e80000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+a43d4f...@syzkaller.appspotmail.com
Tested on:
commit: f5837722 Merge tag 'mm-hotfixes-stable-2023-12-27-15-0..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16076105e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f8e72bae38c079e4
dashboard link: https://syzkaller.appspot.com/bug?extid=a43d4f48b8397d0e41a9
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16723a4de80000
dashboard link: https://syzkaller.appspot.com/bug?extid=a43d4f48b8397d0e41a9
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Hillf Danton
Jan 5, 2024, 9:48:28āÆPMJan 5
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Mon, 01 Jan 2024 04:06:21 -0800
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
--- x/include/linux/sched.h
+++ y/include/linux/sched.h
@@ -1544,6 +1544,7 @@ struct task_struct {
struct user_event_mm *user_event_mm;
#endif
+ unsigned long bfl;
/*
* New fields for task_struct should be added above here, so that
* they are included in the randomized portion of task_struct.
--- x/include/linux/buffer_head.h
+++ y/include/linux/buffer_head.h
@@ -78,6 +78,7 @@ struct buffer_head {
spinlock_t b_uptodate_lock; /* Used by the first bh in a page, to
* serialise IO completion of other
* buffers in the page */
+ struct task_struct *lko;
};
/*
@@ -402,6 +403,9 @@ static inline void lock_buffer(struct bu
might_sleep();
if (!trylock_buffer(bh))
__lock_buffer(bh);
+ bh->lko = current;
+ get_task_struct(bh->lko);
+ bh->lko->bfl = (unsigned long) bh;
}
static inline void bh_readahead(struct buffer_head *bh, blk_opf_t op_flags)
--- x/fs/ext4/super.c
+++ y/fs/ext4/super.c
@@ -7248,6 +7248,7 @@ static ssize_t ext4_quota_write(struct s
brelse(bh);
return err;
}
+ BUG_ON(current->bfl == (unsigned long) bh);
+++ y/fs/buffer.c
@@ -77,6 +77,11 @@ void unlock_buffer(struct buffer_head *b
clear_bit_unlock(BH_Lock, &bh->b_state);
smp_mb__after_atomic();
wake_up_bit(&bh->b_state, BH_Lock);
+ if (!bh->lko)
+ return;
+ bh->lko->bfl = 0;
+ put_task_struct(bh->lko);
+ bh->lko = NULL;
}
EXPORT_SYMBOL(unlock_buffer);
--
> HEAD commit: f5837722ffec Merge tag 'mm-hotfixes-stable-2023-12-27-15-0..
> git tree: upstream
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13177855e80000
> git tree: upstream
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
--- x/include/linux/sched.h
+++ y/include/linux/sched.h
@@ -1544,6 +1544,7 @@ struct task_struct {
struct user_event_mm *user_event_mm;
#endif
+ unsigned long bfl;
/*
* New fields for task_struct should be added above here, so that
* they are included in the randomized portion of task_struct.
--- x/include/linux/buffer_head.h
+++ y/include/linux/buffer_head.h
@@ -78,6 +78,7 @@ struct buffer_head {
spinlock_t b_uptodate_lock; /* Used by the first bh in a page, to
* serialise IO completion of other
* buffers in the page */
+ struct task_struct *lko;
};
/*
@@ -402,6 +403,9 @@ static inline void lock_buffer(struct bu
might_sleep();
if (!trylock_buffer(bh))
__lock_buffer(bh);
+ bh->lko = current;
+ get_task_struct(bh->lko);
+ bh->lko->bfl = (unsigned long) bh;
}
static inline void bh_readahead(struct buffer_head *bh, blk_opf_t op_flags)
--- x/fs/ext4/super.c
+++ y/fs/ext4/super.c
@@ -7248,6 +7248,7 @@ static ssize_t ext4_quota_write(struct s
brelse(bh);
return err;
}
+ BUG_ON(current->bfl == (unsigned long) bh);
lock_buffer(bh);
memcpy(bh->b_data+offset, data, len);
flush_dcache_page(bh->b_page);
--- x/fs/buffer.c
memcpy(bh->b_data+offset, data, len);
flush_dcache_page(bh->b_page);
+++ y/fs/buffer.c
@@ -77,6 +77,11 @@ void unlock_buffer(struct buffer_head *b
clear_bit_unlock(BH_Lock, &bh->b_state);
smp_mb__after_atomic();
wake_up_bit(&bh->b_state, BH_Lock);
+ if (!bh->lko)
+ return;
+ bh->lko->bfl = 0;
+ put_task_struct(bh->lko);
+ bh->lko = NULL;
}
EXPORT_SYMBOL(unlock_buffer);
--
syzbot
Jan 9, 2024, 1:17:08āÆPMJan 9
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_quota_write
EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
------------[ cut here ]------------
kernel BUG at fs/ext4/super.c:7251!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5480 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00159-ga4ab2706bb12-dirty #0
Code: f9 ff ff e8 8d 37 39 ff 48 c7 c7 00 16 af 8d 4c 89 e6 48 89 da e8 7b 2e 68 02 e9 38 fa ff ff e8 21 27 c3 08 e8 6c 37 39 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 53 37
RSP: 0018:ffffc9000547ee00 EFLAGS: 00010293
RAX: ffffffff82554284 RBX: ffff8880739ac690 RCX: ffff88801bfd0000
RDX: 0000000000000000 RSI: ffff8880739ac690 RDI: ffff8880739ac690
RBP: ffffc9000547eef0 R08: ffffffff82553f4d R09: 0000000000000001
R10: dffffc0000000000 R11: ffffed100e7358d3 R12: ffff8880739ac690
R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880739ac690
FS: 00007f079ddca6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f079ddca0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f079d19bf80 RCX: 00007f079d07cce9
R10: 000000000000ffed R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f079d19bf80 R15: 00007fff6aba59d8
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_quota_write+0x6e5/0x6f0 fs/ext4/super.c:7251
Code: f9 ff ff e8 8d 37 39 ff 48 c7 c7 00 16 af 8d 4c 89 e6 48 89 da e8 7b 2e 68 02 e9 38 fa ff ff e8 21 27 c3 08 e8 6c 37 39 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 53 37
RSP: 0018:ffffc9000547ee00 EFLAGS: 00010293
RAX: ffffffff82554284 RBX: ffff8880739ac690 RCX: ffff88801bfd0000
RDX: 0000000000000000 RSI: ffff8880739ac690 RDI: ffff8880739ac690
RBP: ffffc9000547eef0 R08: ffffffff82553f4d R09: 0000000000000001
R10: dffffc0000000000 R11: ffffed100e7358d3 R12: ffff8880739ac690
R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880739ac690
FS: 00007f079ddca6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
commit: a4ab2706 Merge tag 'firewire-fixes-6.7-final' of git:/..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=15f50a09e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=655f8abe9fe69b3b
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_quota_write
EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
EXT4-fs (loop0): 1 truncate cleaned up
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
------------[ cut here ]------------
kernel BUG at fs/ext4/super.c:7251!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5480 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00159-ga4ab2706bb12-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:ext4_quota_write+0x6e5/0x6f0 fs/ext4/super.c:7251
Code: f9 ff ff e8 8d 37 39 ff 48 c7 c7 00 16 af 8d 4c 89 e6 48 89 da e8 7b 2e 68 02 e9 38 fa ff ff e8 21 27 c3 08 e8 6c 37 39 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 53 37
RSP: 0018:ffffc9000547ee00 EFLAGS: 00010293
RAX: ffffffff82554284 RBX: ffff8880739ac690 RCX: ffff88801bfd0000
RDX: 0000000000000000 RSI: ffff8880739ac690 RDI: ffff8880739ac690
RBP: ffffc9000547eef0 R08: ffffffff82553f4d R09: 0000000000000001
R10: dffffc0000000000 R11: ffffed100e7358d3 R12: ffff8880739ac690
R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880739ac690
FS: 00007f079ddca6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055636d85ffc8 CR3: 0000000028711000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qtree_write_dquot+0x243/0x530 fs/quota/quota_tree.c:431
v2_write_dquot+0x120/0x190 fs/quota/quota_v2.c:358
dquot_commit+0x3c4/0x520 fs/quota/dquot.c:512
ext4_write_dquot+0x1f2/0x2c0 fs/ext4/super.c:6877
mark_dquot_dirty fs/quota/dquot.c:372 [inline]
mark_all_dquot_dirty fs/quota/dquot.c:410 [inline]
dquot_alloc_inode+0x69f/0xb70 fs/quota/dquot.c:1780
ext4_xattr_inode_alloc_quota fs/ext4/xattr.c:932 [inline]
ext4_xattr_set_entry+0xaf3/0x3fc0 fs/ext4/xattr.c:1715
ext4_xattr_block_set+0x73f/0x3680 fs/ext4/xattr.c:1970
v2_write_dquot+0x120/0x190 fs/quota/quota_v2.c:358
dquot_commit+0x3c4/0x520 fs/quota/dquot.c:512
ext4_write_dquot+0x1f2/0x2c0 fs/ext4/super.c:6877
mark_dquot_dirty fs/quota/dquot.c:372 [inline]
mark_all_dquot_dirty fs/quota/dquot.c:410 [inline]
dquot_alloc_inode+0x69f/0xb70 fs/quota/dquot.c:1780
ext4_xattr_inode_alloc_quota fs/ext4/xattr.c:932 [inline]
ext4_xattr_set_entry+0xaf3/0x3fc0 fs/ext4/xattr.c:1715
ext4_xattr_set_handle+0xcdf/0x1570 fs/ext4/xattr.c:2456
ext4_xattr_set+0x241/0x3d0 fs/ext4/xattr.c:2558
__vfs_setxattr+0x460/0x4a0 fs/xattr.c:201
__vfs_setxattr_noperm+0x12e/0x5e0 fs/xattr.c:235
vfs_setxattr+0x221/0x420 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x25d/0x2f0 fs/xattr.c:653
path_setxattr+0x1c0/0x2a0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xbb/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f079d07cce9
ext4_xattr_set+0x241/0x3d0 fs/ext4/xattr.c:2558
__vfs_setxattr+0x460/0x4a0 fs/xattr.c:201
__vfs_setxattr_noperm+0x12e/0x5e0 fs/xattr.c:235
vfs_setxattr+0x221/0x420 fs/xattr.c:322
do_setxattr fs/xattr.c:630 [inline]
setxattr+0x25d/0x2f0 fs/xattr.c:653
path_setxattr+0x1c0/0x2a0 fs/xattr.c:672
__do_sys_setxattr fs/xattr.c:688 [inline]
__se_sys_setxattr fs/xattr.c:684 [inline]
__x64_sys_setxattr+0xbb/0xd0 fs/xattr.c:684
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f079ddca0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
RAX: ffffffffffffffda RBX: 00007f079d19bf80 RCX: 00007f079d07cce9
RDX: 0000000020000380 RSI: 0000000020000340 RDI: 00000000200002c0
RBP: 00007f079d0c947a R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000ffed R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f079d19bf80 R15: 00007fff6aba59d8
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_quota_write+0x6e5/0x6f0 fs/ext4/super.c:7251
Code: f9 ff ff e8 8d 37 39 ff 48 c7 c7 00 16 af 8d 4c 89 e6 48 89 da e8 7b 2e 68 02 e9 38 fa ff ff e8 21 27 c3 08 e8 6c 37 39 ff 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 53 48 89 fb e8 53 37
RSP: 0018:ffffc9000547ee00 EFLAGS: 00010293
RAX: ffffffff82554284 RBX: ffff8880739ac690 RCX: ffff88801bfd0000
RDX: 0000000000000000 RSI: ffff8880739ac690 RDI: ffff8880739ac690
RBP: ffffc9000547eef0 R08: ffffffff82553f4d R09: 0000000000000001
R10: dffffc0000000000 R11: ffffed100e7358d3 R12: ffff8880739ac690
R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880739ac690
FS: 00007f079ddca6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055636d85ffc8 CR3: 0000000028711000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
commit: a4ab2706 Merge tag 'firewire-fixes-6.7-final' of git:/..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=15f50a09e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=655f8abe9fe69b3b
dashboard link: https://syzkaller.appspot.com/bug?extid=a43d4f48b8397d0e41a9
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15123275e80000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Hillf Danton
Jan 10, 2024, 6:13:19āÆAMJan 10
to syzbot, Theodore Tso, Jan Kara, Matthew Wilcox, Tetsuo Handa, Linus Torvalds, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Tue, 09 Jan 2024 10:17:07 -0800
behind the trigger instead of IO in flight? Or is it due to corrupted
filesystem at the first place?
[...]
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> kernel BUG in ext4_quota_write
>
> EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
> EXT4-fs (loop0): 1 truncate cleaned up
> EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
> ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
> ------------[ cut here ]------------
> kernel BUG at fs/ext4/super.c:7251!
Given the BUG_ON in the debug patch tested, could deadlock be the reason
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> kernel BUG in ext4_quota_write
>
> EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
> EXT4-fs (loop0): 1 truncate cleaned up
> EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
> ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
> ------------[ cut here ]------------
> kernel BUG at fs/ext4/super.c:7251!
behind the trigger instead of IO in flight? Or is it due to corrupted
filesystem at the first place?
Jan Kara
Jan 10, 2024, 6:40:09āÆAMJan 10
to Hillf Danton, syzbot, Theodore Tso, Jan Kara, Matthew Wilcox, Tetsuo Handa, Linus Torvalds, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Wed 10-01-24 19:12:59, Hillf Danton wrote:
> On Tue, 09 Jan 2024 10:17:07 -0800
> > Hello,
> >
> > syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> > kernel BUG in ext4_quota_write
> >
> > EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
> > EXT4-fs (loop0): 1 truncate cleaned up
> > EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
> > ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
> > ------------[ cut here ]------------
> > kernel BUG at fs/ext4/super.c:7251!
>
> Given the BUG_ON in the debug patch tested, could deadlock be the reason
> behind the trigger instead of IO in flight? Or is it due to corrupted
> filesystem at the first place?
Thanks for the investigation! Based on your test results as well as on
> On Tue, 09 Jan 2024 10:17:07 -0800
> > Hello,
> >
> > syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> > kernel BUG in ext4_quota_write
> >
> > EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
> > EXT4-fs (loop0): 1 truncate cleaned up
> > EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
> > ext4 filesystem being mounted at /root/syzkaller-testdir1916097639/syzkaller.TbSsym/0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
> > ------------[ cut here ]------------
> > kernel BUG at fs/ext4/super.c:7251!
>
> Given the BUG_ON in the debug patch tested, could deadlock be the reason
> behind the trigger instead of IO in flight? Or is it due to corrupted
> filesystem at the first place?
results by Edward Adam Davis <ead...@qq.com> I'd say syzbot has created a
cycle in the quota tree or something like that. Sadly the fs image provided
by syzbot is corrupted to the extent that e2fsprogs refuse to touch it so
I'll have to check manually why the kernel is mounting this image or what's
going on with the reproducer...
Honza
--
Jan Kara <ja...@suse.com>
SUSE Labs, CR
Reply all
Reply to author
Forward
0 new messages