On 6/12/20 6:13 PM, Ido Schimmel wrote:
On Tue, Jun 02, 2020 at 06:11:29PM +0530, Ritesh Harjani wrote:
#syz test:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
0e21d4620dd047da7952f44a2e1ac777ded2d57e
>From cc1cf67d99d5fa61db0651c89c288df31bad6b8e Mon Sep 17 00:00:00 2001
From: Ritesh Harjani <riteshh@xxxxxxxxxxxxx>
Date: Tue, 2 Jun 2020 17:54:12 +0530
Subject: [PATCH 1/1] ext4: mballoc: Use raw_cpu_ptr in case if preemption is enabled
It doesn't matter really in ext4_mb_new_blocks() about whether the code
is rescheduled on any other cpu due to preemption. Because we care
about discard_pa_seq only when the block allocation fails and then too
we add the seq counter of all the cpus against the initial sampled one
to check if anyone has freed any blocks while we were doing allocation.
So just use raw_cpu_ptr to not trigger this BUG.
BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6927
caller is ext4_mb_new_blocks+0xa4d/0x3b70 fs/ext4/mballoc.c:4711
CPU: 1 PID: 6927 Comm: syz-fuzzer Not tainted 5.7.0-next-20200602-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
check_preemption_disabled+0x20d/0x220 lib/smp_processor_id.c:48
ext4_mb_new_blocks+0xa4d/0x3b70 fs/ext4/mballoc.c:4711
ext4_ext_map_blocks+0x201b/0x33e0 fs/ext4/extents.c:4244
ext4_map_blocks+0x4cb/0x1640 fs/ext4/inode.c:626
ext4_getblk+0xad/0x520 fs/ext4/inode.c:833
ext4_bread+0x7c/0x380 fs/ext4/inode.c:883
ext4_append+0x153/0x360 fs/ext4/namei.c:67
ext4_init_new_dir fs/ext4/namei.c:2757 [inline]
ext4_mkdir+0x5e0/0xdf0 fs/ext4/namei.c:2802
vfs_mkdir+0x419/0x690 fs/namei.c:3632
do_mkdirat+0x21e/0x280 fs/namei.c:3655
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Signed-off-by: Ritesh Harjani <riteshh@xxxxxxxxxxxxx>
Reported-by: syzbot+82f324bb69744c5f6969@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
Are you going to submit this patch formally? Without it I'm constantly
seeing the above splat.
I see Ted has already taken v2 of this patch in his dev repo.
Should be able to see in linux tree soon.
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?h=dev&id=811985365378df01386c3cfb7ff716e74ca376d5
-ritesh