Bug 1883932
Summary: | general protection fault in gfs2_withdraw (syzbot) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Andrew Price <anprice> | ||||||
Component: | kernel | Assignee: | Robert Peterson <rpeterso> | ||||||
Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | rawhide | CC: | acaringi, airlied, bskeggs, hdegoede, ichavero, itamar, jarodwilson, jeremy, jglisse, john.j5live, jonathan, josef, kernel-maint, lgoncalv, linville, masami256, mchehab, mjg59, rpeterso, steved | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | 5.12-rc3 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2021-03-13 13:16:01 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Andrew Price
2020-09-30 14:16:52 UTC
Created attachment 1717899 [details]
repro.c
Created attachment 1762823 [details]
Proposed patch to fix the problem
gfs2: bypass signal_our_withdraw if no journal
Before this patch, function signal_our_withdraw referenced the journal
inode immediately. But corrupt file systems may have some invalid
journals, in which case our attempt to read it in will withdraw and the
resulting signal_our_withdraw would dereference the NULL value.
This patch adds a check to signal_our_withdraw so that if the journal
has not yet been initialized, it simply returns and does the old-style
withdraw.
Hi Andy. I just attached a proposed patch to fix the problem. Can you check it please? It looks good - using the reproducer I get a harmless withdraw with the patch applied. [ 517.880553] loop0: detected capacity change from 0 to 33168 [ 517.889871] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 517.892273] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 517.895485] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 517.895485] bh = 2072 (magic number) [ 517.895485] function = gfs2_meta_indirect_buffer, file = fs/gfs2/meta_io.c, line = 488 [ 517.900035] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 517.902609] gfs2: fsid=syz:syz.0: File system withdrawn <snipped backtrace> Looking at the original report, the bot wants us to add Reported-by: syzbot+50a8a9cf8127f2c6f5df.com Fixes: 601ef0d52e96 ("gfs2: Force withdraw to replay journals and wait for it to finish") The fix is now upstream commit d5bf630f355d8c532bef2347cf90e8ae60a5f1bd Author: Bob Peterson <rpeterso> Date: Fri Mar 12 07:58:54 2021 -0500 gfs2: bypass signal_our_withdraw if no journal |