$ git bisect bad
0a46ef234756dca04623b7591e8ebb3440622f0b is the first bad commit
commit 0a46ef234756dca04623b7591e8ebb3440622f0b (HEAD)
Author: Jan Kara <j...@suse.cz>
Date: Thu Mar 21 17:26:50 2024 +0100
ext4: do not create EA inode under buffer lock
ext4_xattr_set_entry() creates new EA inodes while holding buffer lock
on the external xattr block. This is problematic as it nests all the
allocation locking (which acquires locks on other buffers) under the
buffer lock. This can even deadlock when the filesystem is corrupted and
e.g. quota file is setup to contain xattr block as data block. Move the
allocation of EA inode out of ext4_xattr_set_entry() into the callers.
Reported-by: syzbot+a43d4f48b8397d0e4...@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <j...@suse.cz>
Link: https://lore.kernel.org/r/20240321162657.27420-2-j...@suse.cz
Signed-off-by: Theodore Ts'o <ty...@mit.edu>
fs/ext4/xattr.c | 113
++++++++++++++++++++++++++++++++++---------------------------------------
1 file changed, 53 insertions(+), 60 deletions(-)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2080853
Title:
oracular 6.11 kernel regression with ext4 and ea_inode mount flags and
exercising xattrs
Status in Linux:
Confirmed
Status in linux package in Ubuntu:
New
Status in linux source package in Oracular:
New
Bug description:
How to reproduce this issue:
Kernel: 6.11.0-7, AMD64 virtual machine, oracular, updated 16th Sept
2024 @ 14:15 UK TZ
8 thread virtual machine (important, must be multiple CPU threads to trigger
the regression)
20GB virtio drive on /dev/vdb, 1 partition /dev/vdb1
sudo mkfs.ext4 /dev/vdb1 -O ea_inode
sudo mount /dev/vdb1 /mnt
git clone https://github.com/ColinIanKing/stress-ng
cd stress-ng
make clean; make -j $(nproc)
..wait a couple of minutes, you will see that the number of running
processes is not 8 as expected (from the --vmstat output of stress-ng)
cannot stop stress-ng because of a kernel lockup; so use another tty
and check dmesg, I get the following:
[ 247.028846] INFO: task jbd2/vdb1-8:1548 blocked for more than 122 seconds.
[ 247.030830] Not tainted 6.11.0-7-generic #7-Ubuntu
[ 247.032667] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables
this message.
[ 247.034170] task:jbd2/vdb1-8 state:D stack:0 pid:1548 tgid:1548
ppid:2 flags:0x00004000
[ 247.034176] Call Trace:
[ 247.034178] <TASK>
[ 247.034182] __schedule+0x277/0x6c0
[ 247.034199] schedule+0x29/0xd0
[ 247.034203] jbd2_journal_wait_updates+0x77/0xf0
[ 247.034207] ? __pfx_autoremove_wake_function+0x10/0x10
[ 247.034213] jbd2_journal_commit_transaction+0x290/0x1a10
[ 247.034223] kjournald2+0xa8/0x250
[ 247.034228] ? __pfx_autoremove_wake_function+0x10/0x10
[ 247.034233] ? __pfx_kjournald2+0x10/0x10
[ 247.034236] kthread+0xe1/0x110
[ 247.034241] ? __pfx_kthread+0x10/0x10
[ 247.034244] ret_from_fork+0x44/0x70
[ 247.034247] ? __pfx_kthread+0x10/0x10
[ 247.034251] ret_from_fork_asm+0x1a/0x30
[ 247.034257] </TASK>
NOTE: this works fine for Limux 6.8.0-31, so this looks like a
regression for 6.11.0-7
Attached is the full kernel log.
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/2080853/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
