Bug 718332 - ext4: WARNING: at fs/namei.c:1306 lookup_one_len during orphan inode recovery with quotas
Summary: ext4: WARNING: at fs/namei.c:1306 lookup_one_len during orphan inode recovery...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Eric Sandeen
QA Contact: Petr Beňas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-01 20:05 UTC by Eric Sandeen
Modified: 2015-01-04 23:01 UTC (History)
4 users (show)

Fixed In Version: kernel-2.6.32-175.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 13:46:58 UTC
Target Upstream Version:

Attachments (Terms of Use)
testcase (711 bytes, text/plain)
2011-07-01 20:05 UTC, Eric Sandeen 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1530 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update 2011-12-06 01:45:35 UTC

Description Eric Sandeen 2011-07-01 20:05:49 UTC 
Created attachment 510931 [details]
testcase

When readonly-mounting a filesystem which needs recovery, with journaled quotas, we get a WARN_ON_ONCE during the quota_on_mount path:

EXT4-fs (loop4): write access will be enabled during recovery
EXT4-fs (loop4): orphan cleanup on readonly fs
------------[ cut here ]------------
WARNING: at fs/namei.c:1306 lookup_one_len+0xf1/0x110() (Not tainted)
Hardware name: PowerEdge 860
Modules linked in: ext4 jbd2 xfs exportfs sunrpc cpufreq_ondemand acpi_cpufreq freq_table ip6table_filter ip6_tables ipv6 dm_mirror dm_region_hash dm_log kvm tg3 sg dcdbas serio_raw i2c_i801 iTCO_wdt iTCO_vendor_support i3000_edac edac_core shpchp ext3 jbd mbcache pata_sil680 sr_mod cdrom sd_mod crc_t10dif ata_generic pata_acpi ata_piix radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mod [last unloaded: microcode]
Pid: 2367, comm: mount Not tainted 2.6.32-143.el6.x86_64 #1
Call Trace:
 [<ffffffff810671e7>] ? warn_slowpath_common+0x87/0xc0
 [<ffffffff8106723a>] ? warn_slowpath_null+0x1a/0x20
 [<ffffffff811838a1>] ? lookup_one_len+0xf1/0x110
 [<ffffffffa050d172>] ? ext4_mb_init+0x3a2/0x420 [ext4]
 [<ffffffff811d0242>] ? vfs_quota_on_mount+0x42/0xb0
 [<ffffffffa0500dfe>] ? ext4_fill_super+0x239e/0x2770 [ext4]
 [<ffffffff81175bae>] ? get_sb_bdev+0x18e/0x1d0
 [<ffffffffa04fea60>] ? ext4_fill_super+0x0/0x2770 [ext4]
 [<ffffffff81210aea>] ? selinux_sb_copy_data+0x14a/0x1e0
 [<ffffffffa04fa528>] ? ext4_get_sb+0x18/0x20 [ext4]
 [<ffffffff8117563b>] ? vfs_kern_mount+0x7b/0x1b0
 [<ffffffff811757e2>] ? do_kern_mount+0x52/0x130
 [<ffffffff81193367>] ? do_mount+0x2e7/0x870
 [<ffffffff81193980>] ? sys_mount+0x90/0xe0
 [<ffffffff8100b172>] ? system_call_fastpath+0x16/0x1b
---[ end trace 2a7141fd9fcf8765 ]---
EXT4-fs (loop4): Cannot turn on journaled quota: error -2
EXT4-fs (loop4): ext4_orphan_cleanup: deleting unreferenced inode 13
EXT4-fs (loop4): 1 orphan inode deleted
EXT4-fs (loop4): recovery complete

Will attach script that replicates the problem.

Note that it's a WARN_ON_ONCE so we only see it once per boot.
Comment 2 Eric Sandeen 2011-07-01 22:36:41 UTC 
Ah here we go.

commit c56818d7dc976a7392be82e8e04fe26347d591f3
Author: Jan Kara <jack>
Date:   Thu Nov 12 15:42:08 2009 +0100

    quota: Fix WARN_ON in lookup_one_len
    
    We should hold i_mutex when looking up quota files for journaled quotas,
    otherwise a WARN_ON in lookup_one_len triggers. The fact that we didn't
    hold i_mutex previously probably could not lead to a real bug since the
    filesystem is just being mounted / remounted read-write and thus the
    root directory cannot change anyway but it's definitely cleaner with
    i_mutex.
    
    Reported-by: Bastien ROUCARIES <roucaries.bastien>
    Signed-off-by: Jan Kara <jack>

diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index eb5a755..cd6bb9a 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -2164,7 +2164,9 @@ int vfs_quota_on_mount(struct super_block *sb, char *qf_name,
        struct dentry *dentry;
        int error;
 
+       mutex_lock(&sb->s_root->d_inode->i_mutex);
        dentry = lookup_one_len(qf_name, sb->s_root, strlen(qf_name));
+       mutex_unlock(&sb->s_root->d_inode->i_mutex);
        if (IS_ERR(dentry))
                return PTR_ERR(dentry);
Comment 3 Eric Sandeen 2011-07-01 22:37:17 UTC 
The testcase is probably a little too involved, but it works...
Comment 4 RHEL Program Management 2011-07-01 22:39:54 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 6 Kyle McMartin 2011-08-01 15:16:53 UTC 
Patch(es) available on kernel-2.6.32-175.el6
Comment 17 Petr Beňas 2011-08-15 07:47:12 UTC 
Reproduced in 2.6.32-174.el6.x86_64 and verified in 2.6.32-175.el6.x86_64.
Comment 18 errata-xmlrpc 2011-12-06 13:46:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html
Note You need to log in before you can comment on or make changes to this bug.