From: Jan Kara <jack@suse.cz>
To: Hillf Danton <hdanton@sina.com>
Cc: Jan Kara <jack@suse.cz>,
syzbot <syzbot+3b6f9218b1301ddda3e2@syzkaller.appspotmail.com>,
dvyukov@google.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, syzkaller@googlegroups.com,
tytso@mit.edu
Subject: Re: [syzbot] possible deadlock in dquot_commit
Date: Thu, 12 Aug 2021 15:55:29 +0200 [thread overview]
Message-ID: <20210812135529.GD14675@quack2.suse.cz> (raw)
In-Reply-To: <20210811041232.2449-1-hdanton@sina.com>
On Wed 11-08-21 12:12:32, Hillf Danton wrote:
> On Tue, 10 Aug 2021 11:21:42 +0200 Jan Kara wrote:
> >
> >I'm not quite sure what you are asking about but yes, dquot_acquire() grabs
>
> It is hard to understand the rooms in mutex for two lock owners.
>
> >dquot->dq_lock, then e.g. v2_write_dquot() acquires dqio_sem, then
> >ext4_map_blocks() acquires i_data_sem/2 (special lock subclass for quota
> >files).
> >
> >What is unexpected is the #0 trace where i_data_sem/2 is acquired
> >by ext4_map_blocks() called from ext4_write_begin(). That shows that
> >normal write(2) call was able to operate on quota file which is certainly
> >wrong.
>
> The change below can test your theory.
> >
> >My patch closed one path how this could happen and I'm puzzled how
> >else this could happen. I'll try to reproduce the issue (I've already tried
> >but so far failed) as see if I can find out more.
>
> Actually there is one check for quota file near 100 lines of code lower,
> and copy it to just before taking i_data_sem to avoid writing the file of
> wrong type.
>
> Now only for thoughts.
>
> +++ x/fs/ext4/inode.c
> @@ -616,6 +616,8 @@ found:
> if (!(flags & EXT4_GET_BLOCKS_CONVERT_UNWRITTEN))
> return retval;
>
> + if (ext4_is_quota_file(inode))
> + return -EINVAL;
> /*
> * Here we clear m_flags because after allocating an new extent,
> * it will be set again.
This would be certainly wrong. ext4_map_blocks() is used for accessing and
allocating blocks for quota file. It is ext4_write_begin() that should not
be called for the quota file. I've run the reproducer here for couple of
hours but the problem didn't trigger for me. Strange.
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
prev parent reply other threads:[~2021-08-12 13:55 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 11:25 possible deadlock in dquot_commit syzbot
2021-02-11 11:37 ` Jan Kara
2021-02-11 11:47 ` Dmitry Vyukov
2021-02-11 15:47 ` Jan Kara
2021-02-11 21:46 ` Theodore Ts'o
2021-02-12 11:01 ` Dmitry Vyukov
2021-02-12 16:10 ` Theodore Ts'o
2021-02-15 12:50 ` Dmitry Vyukov
2021-08-09 12:54 ` [syzbot] " syzbot
2021-08-09 14:52 ` Jan Kara
2021-08-09 17:43 ` syzbot
2021-10-07 8:44 ` Jan Kara
2021-10-07 13:50 ` syzbot
[not found] ` <20210810041100.3271-1-hdanton@sina.com>
2021-08-10 9:21 ` Jan Kara
[not found] ` <20210811041232.2449-1-hdanton@sina.com>
2021-08-12 13:55 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210812135529.GD14675@quack2.suse.cz \
--to=jack@suse.cz \
--cc=dvyukov@google.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+3b6f9218b1301ddda3e2@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.