Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp7903714pxb; Fri, 19 Feb 2021 02:19:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJxwe2vkEy6oCnI6ACnuXA94/LfXskxCg9hEvfYoPVS/eCoTEvZ1NyRwVlletJ60iWUA0tpv X-Received: by 2002:a17:906:398c:: with SMTP id h12mr8215258eje.469.1613729970180; Fri, 19 Feb 2021 02:19:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613729970; cv=none; d=google.com; s=arc-20160816; b=kyna+XdpFyGtFdg1t72YfR7Vhhsae0ujMfjjFSLYWLoFkDxctJTWEVx8bOXqwYUZwa CodpfFiLRgo6yptDLexCcyU6U9dMWsaBXzgWExsryhkOmO5AHhGy0fd7I4njPGN+USzJ UhpjvH4pNF4XXn/e44PQqWsWqE4/7vZgrxzQU5CldEhwX42EbYMbTHihEy8AAgpI2GJe 0Wn/qdAkHv6TMvcMDp6sQ5Vi1C0U4k9QzEKK59P9XkP3FqviLeRA+NLcP2EJyXyOVScF u29Tpxc+Nh134a/LpyZYr8tPI61vtFcpEQwiFVxlMvnOhPNtx9Xzz22VCJ9kaX2b7dDv xOKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=lGPDDCxK8ja/71fs46ikL+ZVUhAbJjqQ+qEg0hezI7M=; b=Ng2oZHzdYr9p6z0nKNhrYmzllHJf5kKwNtN5XKbcWbgMgt8uyhMOZcy8OsPlr4XjSu +2lOMDp9fZo0EE+WVw3BAi1PBQjg/wFWAKWFVlvYmo2MVPv9drhz0rD7d8/TDnjRoi5d xg4yb2GpLYWRYE1KmHkptjHlgtCud+pqtW7s5C7vEXGGZg+tN3rwyrjdE2Qtelxo0tjU 9cMc4BEYGFo8mKl5wLo8DwaP8uxkVtct0fcVS9RDx/FG1FdHY9+DM/bPoMpb+r4LBnQl TsPzI8X1Syi8tOx/hdJg4Jq2UkE63LET67UkGPKDhbHZmAfdCZwHWHFBbTBC68+Yk7YU Poyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p7si5388782ejd.92.2021.02.19.02.19.06; Fri, 19 Feb 2021 02:19:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229952AbhBSKSB (ORCPT + 99 others); Fri, 19 Feb 2021 05:18:01 -0500 Received: from www262.sakura.ne.jp ([202.181.97.72]:57951 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230415AbhBSKQO (ORCPT ); Fri, 19 Feb 2021 05:16:14 -0500 Received: from fsav108.sakura.ne.jp (fsav108.sakura.ne.jp [27.133.134.235]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 11JAFWId022465; Fri, 19 Feb 2021 19:15:32 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav108.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav108.sakura.ne.jp); Fri, 19 Feb 2021 19:15:32 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav108.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 11JAFVNb022462 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Fri, 19 Feb 2021 19:15:31 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: possible deadlock in start_this_handle (2) To: Jan Kara Cc: jack@suse.com, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, tytso@mit.edu, mhocko@suse.cz, linux-mm@kvack.org, syzbot References: <000000000000563a0205bafb7970@google.com> <20210211104947.GL19070@quack2.suse.cz> <20210215124519.GA22417@quack2.suse.cz> <20210215142935.GB22417@quack2.suse.cz> From: Tetsuo Handa Message-ID: <34341830-f74f-57fa-2d21-c141f239b017@i-love.sakura.ne.jp> Date: Fri, 19 Feb 2021 19:15:33 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <20210215142935.GB22417@quack2.suse.cz> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021/02/15 23:29, Jan Kara wrote: > On Mon 15-02-21 23:06:15, Tetsuo Handa wrote: >> On 2021/02/15 21:45, Jan Kara wrote: >>> On Sat 13-02-21 23:26:37, Tetsuo Handa wrote: >>>> Excuse me, but it seems to me that nothing prevents >>>> ext4_xattr_set_handle() from reaching ext4_xattr_inode_lookup_create() >>>> without memalloc_nofs_save() when hitting ext4_get_nojournal() path. >>>> Will you explain when ext4_get_nojournal() path is executed? >>> >>> That's a good question but sadly I don't think that's it. >>> ext4_get_nojournal() is called when the filesystem is created without a >>> journal. In that case we also don't acquire jbd2_handle lockdep map. In the >>> syzbot report we can see: >> >> Since syzbot can test filesystem images, syzbot might have tested a filesystem >> image created both with and without journal within this boot. > > a) I think that syzbot reboots the VM between executing different tests to > get reproducible conditions. But in theory I agree the test may have > contained one image with and one image without a journal. syzkaller reboots the VM upon a crash. syzkaller can test multiple filesystem images within one boot. https://storage.googleapis.com/syzkaller/cover/ci-qemu-upstream-386.html (this statistic snapshot is volatile) reports that ext4_get_nojournal() is partially covered ( https://github.com/google/syzkaller/blob/master/docs/coverage.md ) by syzkaller. /* Just increment the non-pointer handle value */ static handle_t *ext4_get_nojournal(void) { 86 handle_t *handle = current->journal_info; unsigned long ref_cnt = (unsigned long)handle; BUG_ON(ref_cnt >= EXT4_NOJOURNAL_MAX_REF_COUNT); 86 ref_cnt++; handle = (handle_t *)ref_cnt; current->journal_info = handle; 2006 return handle; } /* Decrement the non-pointer handle value */ static void ext4_put_nojournal(handle_t *handle) { unsigned long ref_cnt = (unsigned long)handle; 85 BUG_ON(ref_cnt == 0); 85 ref_cnt--; handle = (handle_t *)ref_cnt; current->journal_info = handle; } handle_t *__ext4_journal_start_sb(struct super_block *sb, unsigned int line, int type, int blocks, int rsv_blocks, int revoke_creds) { journal_t *journal; int err; 2006 trace_ext4_journal_start(sb, blocks, rsv_blocks, revoke_creds, 2006 _RET_IP_); 2006 err = ext4_journal_check_start(sb); if (err < 0) return ERR_PTR(err); 2005 journal = EXT4_SB(sb)->s_journal; 1969 if (!journal || (EXT4_SB(sb)->s_mount_state & EXT4_FC_REPLAY)) 2006 return ext4_get_nojournal(); 1969 return jbd2__journal_start(journal, blocks, rsv_blocks, revoke_creds, GFP_NOFS, type, line); } > > *but* > > b) as I wrote in the email you are replying to, the jbd2_handle key is > private per filesystem. Thus for lockdep to complain about > jbd2_handle->fs_reclaim->jbd2_handle deadlock, those jbd2_handle lockdep > maps must come from the same filesystem. > > *and* > > c) filesystem without journal doesn't use jbd2_handle lockdep map at all so > for such filesystems lockdep creates no dependency for jbd2_handle map. > What about "EXT4_SB(sb)->s_mount_state & EXT4_FC_REPLAY)" case? Does this case happen on filesystem with journal, and can this case be executed by fuzzing a crafted (a sort of erroneous) filesystem with journal, and are the jbd2_handle for calling ext4_get_nojournal() case and the jbd2_handle for calling jbd2__journal_start() case the same? Also, I worry that jbd2__journal_restart() is problematic, for it calls stop_this_handle() (which calls memalloc_nofs_restore()) and then calls start_this_handle() (which fails to call memalloc_nofs_save() if an error occurs). An error from start_this_handle() from journal restart operation might need special handling (i.e. either remount-ro or panic) ?