Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp525878imm;
        Wed, 23 May 2018 00:49:26 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpeScQX6yvIKiMC5yW77UmZOeamkZ43kGHj5eoTq0TG/gUHsyT0rZAbkXqsC0TdGvgAty9n
X-Received: by 2002:a65:5946:: with SMTP id g6-v6mr1427119pgu.391.1527061766869;
        Wed, 23 May 2018 00:49:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527061766; cv=none;
        d=google.com; s=arc-20160816;
        b=rG625lJqzq1V0CBOPY7j+nUnBeM9ZY6gGgF+2MPT3tTyZ/clWsCd1rlvlslkLYNPYc
         vTjp2/wDGku1PMzryBkjmkak0mZl7t0i7W+aGkZcDH/tU0qSofs42eUaQvS/KI6DKS0b
         TtPZGgQ80zEw6B15ONgGhypdaU43FbveLKJCaOwoZ0Zw+pwgQnTpIzZfOn4zT7Q+iSco
         H+sZegPw6hzUyI1lLrxz/BFrb95CJf5U3pLTDX/udHjmCGQlbvUpenjOfABjPCEmq5DU
         qffmIoZLIZ+66f44CrVfjyRSkUNJ20c+8uZm2vbC+AmZPza7gvIl/kt32JN5FpGpTQH9
         XhRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=uqpTDTWAa2dC9sqaAeoPJ+Pg1jjzunY1e2mgQdgu+X8=;
        b=kNPakEVsDugFRrLYypptpTu2+RrvaJ12Y9/qKHhBC/YkWyUcC3GjRPllVdanQIXu7K
         LnZGs8T0dYiYWfzKnzsiBqiFEVAK9Bfidzi9SHFuU7oxgqTjAsOuDOE7B5MxhFhOf6iL
         AYOi+tDkKSZzmI8i9v5bSdv3drpATV7MlYueZR0LbX3SSglKNzEBsk4YKNaLnXvAYFxK
         hluSc4ZivsN9I7Gsn+iBLNn9gxmIHlY8cNtybAKeJ2OBfvoZfXBfqfgs65zjSYG7KJSi
         MKPejuV/LoAzhMopeKTLFLoh5wz+QIoJy+ETa9nbYPeIOPGju7skriaDut142j//hTtJ
         ebwA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=eZ+Cjfnx;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o78-v6si18436569pfa.54.2018.05.23.00.48.39;
        Wed, 23 May 2018 00:49:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=eZ+Cjfnx;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754354AbeEWHox (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Wed, 23 May 2018 03:44:53 -0400
Received: from userp2120.oracle.com ([156.151.31.85]:51260 "EHLO
        userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754208AbeEWHot (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 May 2018 03:44:49 -0400
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1])
        by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4N7egSM145682;
        Wed, 23 May 2018 07:44:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc
 : subject : message-id : references : mime-version : content-type :
 in-reply-to; s=corp-2017-10-26;
 bh=uqpTDTWAa2dC9sqaAeoPJ+Pg1jjzunY1e2mgQdgu+X8=;
 b=eZ+CjfnxQ5MNKDc4aYwE2jQ1WIqQ48C54mM9NbKQuHpu98nYXtoYyCiJ8tZiq0Cxr4T3
 V3SCQD1XSjG8ILsyZK0+J2JI1tJGdumXCa/vGGujxUQqqwfa/3vSltf0hPC60rLCulRL
 6d5QYlDGMr810qsbvcg2P8elaI3ljsKZVKDg7s//D4Mt729KaQPLs3a7NR3f4Mujze5t
 04dxHvJ+9+y/6iN5eHdSpURZLP/Ogh4F3nSvhk/QzBt1DSnHaxSTJ2ZpMDlVsW/T4Ebg
 q/INWjdjTYgOGjrevs39S+rBoNqMWdUp9fd6EaHfW/jSrlCeqS6xg228nbmHVza84tkp 5w== 
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
        by userp2120.oracle.com with ESMTP id 2j4nh7jqgb-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 23 May 2018 07:44:29 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75])
        by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w4N7iRrF008809
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Wed, 23 May 2018 07:44:28 GMT
Received: from abhmp0011.oracle.com (abhmp0011.oracle.com [141.146.116.17])
        by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w4N7iQWe019802;
        Wed, 23 May 2018 07:44:26 GMT
Received: from localhost (/67.161.8.12)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Wed, 23 May 2018 00:44:26 -0700
Date:   Wed, 23 May 2018 00:44:25 -0700
From:   "Darrick J. Wong" <darrick.wong@oracle.com>
To:     Eric Biggers <ebiggers3@gmail.com>
Cc:     Dave Chinner <david@fromorbit.com>,
        Brian Foster <bfoster@redhat.com>,
        syzbot <syzbot+568245b88fbaedcb1959@syzkaller.appspotmail.com>,
        linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org,
        syzkaller-bugs@googlegroups.com
Subject: Re: INFO: task hung in xlog_grant_head_check
Message-ID: <20180523074425.GM14384@magnolia>
References: <000000000000457b2d056cbb0044@google.com>
 <20180522123107.GC3751@bfoster.bfoster>
 <20180522222620.GW23861@dastard>
 <20180522225208.GB658@sol.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180522225208.GB658@sol.localdomain>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8901 signatures=668700
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=40 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=979
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1805230075
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 22, 2018 at 03:52:08PM -0700, Eric Biggers wrote:
> On Wed, May 23, 2018 at 08:26:20AM +1000, Dave Chinner wrote:
> > On Tue, May 22, 2018 at 08:31:08AM -0400, Brian Foster wrote:
> > > On Mon, May 21, 2018 at 10:55:02AM -0700, syzbot wrote:
> > > > Hello,
> > > > 
> > > > syzbot found the following crash on:
> > > > 
> > > > HEAD commit:    203ec2fed17a Merge tag 'armsoc-fixes' of git://git.kernel...
> > > > git tree:       upstream
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=11c1ad77800000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=f3b4e30da84ec1ed
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=568245b88fbaedcb1959
> > > > compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
> > > > syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=122c7427800000
> > > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10387057800000
> > > > 
> > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > Reported-by: syzbot+568245b88fbaedcb1959@syzkaller.appspotmail.com
> > > > 
> > > >         (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > > > ................
> > > >         (ptrval): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> > > > ................
> > > > XFS (loop0): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x2 len
> > > > 1 error 117
> > > > XFS (loop0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -117,
> > > > agno 0
> > > > XFS (loop0): failed to read root inode
> > > 
> > > FWIW, the initial console output is actually:
> > > 
> > > [  448.028253] XFS (loop0): Mounting V4 Filesystem
> > > [  448.033540] XFS (loop0): Log size 9371840 blocks too large, maximum size is 1048576 blocks
> > > [  448.042287] XFS (loop0): Log size out of supported range.
> > > [  448.047841] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report.
> > > [  448.060712] XFS (loop0): totally zeroed log
> > > 
> > > ... which warns about an oversized log and resulting log hangs. Not
> > > having dug into the details of why this occurs so quickly in this mount
> > > failure path,
> > 
> > I suspect that it is a head and/or log tail pointer overflow, so when it
> > tries to do the first trans reserve of the mount - to write the
> > unmount record - it says "no log space available, please wait".
> > 
> > > it does look like we'd never have got past this point on a
> > > v5 fs (i.e., the above warning would become an error and we'd not enter
> > > the xfs_log_mount_cancel() path).
> > 
> > And this comes back to my repeated comments about fuzzers needing
> > to fuzz properly made V5 filesystems as we catch and error out on
> > things like this. Fuzzing random collections of v4 filesystem
> > fragments will continue to trip over problems we've avoided with v5
> > filesystems, and this is further evidence to point to that.
> >
> > 
> > I'd suggest that at this point, syzbot XFS reports should be
> > redirected to /dev/null. It's not worth our time to triage
> > unreviewed bot generated bug reports until the syzbot developers
> > start listening and acting on what we have been telling them
> > about fuzzing filesystems and reproducing bugs that are meaningful
> > and useful to us.
> 
> The whole point of fuzzing is to provide improper inputs.  A kernel
> bug is a kernel bug, even if it's in deprecated/unmaintained code, or
> involves userspace doing something unexpected.  If you have known
> buggy code in XFS that you refuse to fix,

Ok, that's it.

I disagree with Google's syzbot strategy, and I dissent most vehemently!

The whole point of constructing free software in public is that we
people communally build things that anyone can use for any purpose and
that anyone can modify.  That privilege comes with a societal
expectation that the people using this commons will contribute to the
upkeep of that commons or it rots.  For end users that means helping us
to find the gaps, but for software developers at large multinational
companies that means (to a first approximation) pitching in to write the
code, write the documentation, and to fix the problems.

Yes, there are many places where fs metadata validation is insufficient
to avoid misbehavior.  Google's strategy of dumping vulnerability
disclosures on public mailing lists every week, demanding that other
people regularly reallocate their time to fix these problems, and not
helping to fix anything breaks our free software societal norms.  Again,
the whole point of free software is to share the responsibility, share
the work, and share the gains.  That is how collaboration works.

Help us to improve the software so that we all will be better off.

Figure out how to strengthen the validation, figure out how to balance
the risk of exposure against the risk of nonfunctionality, and figure
out how to discuss with this community.  That is how the game works.

Google has enough money and smart people that you have (collectively)
learned how to spoof humans, so you can well afford to spend a small
fraction of that hiring some developers and writers and putting them to
work with us.

If you refuse to do this, you already /have/ a config option to turn off
the 'known buggy/unmaintained code in [your] kernel'; use it.  I will
not repeat this message again[1].

--D

[1] https://marc.info/?l=linux-xfs&m=152303106427867&w=2

> then please provide a kernel config option so that users can disable
> the unmaintained XFS formats/features, leaving the maintained ones.
> As-is, you seem to be forcing everyone who enables CONFIG_XFS_FS to
> build known buggy/unmaintained code into their kernel.
> 
> - Eric
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html