lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <q4aiajowsv4ywecclvsxikiigjsztkio44samvgytwtmemskrl@pw4j7t5ixwhh>
Date: Thu, 30 Oct 2025 19:20:28 +0100
From: Jan Kara <jack@...e.cz>
To: Ye Bin <yebin@...weicloud.com>
Cc: tytso@....edu, adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org, 
	jack@...e.cz
Subject: Re: [PATCH] jbd2: avoid bug_on in jbd2_journal_get_create_access()
 when file system corrupted

On Sat 25-10-25 15:26:57, Ye Bin wrote:
> From: Ye Bin <yebin10@...wei.com>
> 
> There's issue when file system corrupted:
> ------------[ cut here ]------------
> kernel BUG at fs/jbd2/transaction.c:1289!
> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> CPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next
> RIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0
> RSP: 0018:ffff888117aafa30 EFLAGS: 00010202
> RAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534
> RDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010
> RBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028
> R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
> R13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  __ext4_journal_get_create_access+0x42/0x170
>  ext4_getblk+0x319/0x6f0
>  ext4_bread+0x11/0x100
>  ext4_append+0x1e6/0x4a0
>  ext4_init_new_dir+0x145/0x1d0
>  ext4_mkdir+0x326/0x920
>  vfs_mkdir+0x45c/0x740
>  do_mkdirat+0x234/0x2f0
>  __x64_sys_mkdir+0xd6/0x120
>  do_syscall_64+0x5f/0xfa0
>  entry_SYSCALL_64_after_hwframe+0x76/0x7e
> 
> The above issue occurs with us in errors=continue mode when accompanied by
> storage failures. There have been many inconsistencies in the file system
> data.
> In the case of file system data inconsistency, for example, if the block
> bitmap of a referenced block is not set, it can lead to the situation where
> a block being committed is allocated and used again. As a result, the
> following condition will not be satisfied then trigger BUG_ON. Of course,
> it is entirely possible to construct a problematic image that can trigger
> this BUG_ON through specific operations. In fact, I have constructed such
> an image and easily reproduced this issue.
> Therefore, J_ASSERT() holds true only under ideal conditions, but it may
> not necessarily be satisfied in exceptional scenarios. Using J_ASSERT()
> directly in abnormal situations would cause the system to crash, which is
> clearly not what we want. So here we directly trigger a JBD abort instead
> of immediately invoking BUG_ON.
> 
> Fixes: 470decc613ab ("[PATCH] jbd2: initial copy of files from jbd")
> Signed-off-by: Ye Bin <yebin10@...wei.com>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@...e.cz>

								Honza

> ---
>  fs/jbd2/transaction.c | 19 ++++++++++++++-----
>  1 file changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
> index 3e510564de6e..9ce626ac947e 100644
> --- a/fs/jbd2/transaction.c
> +++ b/fs/jbd2/transaction.c
> @@ -1284,14 +1284,23 @@ int jbd2_journal_get_create_access(handle_t *handle, struct buffer_head *bh)
>  	 * committing transaction's lists, but it HAS to be in Forget state in
>  	 * that case: the transaction must have deleted the buffer for it to be
>  	 * reused here.
> +	 * In the case of file system data inconsistency, for example, if the
> +	 * block bitmap of a referenced block is not set, it can lead to the
> +	 * situation where a block being committed is allocated and used again.
> +	 * As a result, the following condition will not be satisfied, so here
> +	 * we directly trigger a JBD abort instead of immediately invoking
> +	 * bugon.
>  	 */
>  	spin_lock(&jh->b_state_lock);
> -	J_ASSERT_JH(jh, (jh->b_transaction == transaction ||
> -		jh->b_transaction == NULL ||
> -		(jh->b_transaction == journal->j_committing_transaction &&
> -			  jh->b_jlist == BJ_Forget)));
> +	if (!(jh->b_transaction == transaction || jh->b_transaction == NULL ||
> +	      (jh->b_transaction == journal->j_committing_transaction &&
> +	       jh->b_jlist == BJ_Forget)) || jh->b_next_transaction != NULL) {
> +		err = -EROFS;
> +		spin_unlock(&jh->b_state_lock);
> +		jbd2_journal_abort(journal, err);
> +		goto out;
> +	}
>  
> -	J_ASSERT_JH(jh, jh->b_next_transaction == NULL);
>  	J_ASSERT_JH(jh, buffer_locked(jh2bh(jh)));
>  
>  	if (jh->b_transaction == NULL) {
> -- 
> 2.34.1
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ