This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns
as following:
<4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318)
<4>[ 14.345378] make_kuid (kernel/user_namespace.c:415)
<4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174)
<4>[ 14.346696] alloc_inode (fs/inode.c:268)
<4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007)
<4>[ 14.348016] new_inode (fs/inode.c:1033)
<4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719)
<4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57
fs/ext4/mballoc-test.c:314)
<4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443)
<4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30)
<4>[ 14.351530] kthread (kernel/kthread.c:388)
<4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861)
<0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1)

Alloc test super block from sget to properly initialize test super block
to fix the issue.

Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Reported-by: Guenter Roeck <linux@roeck-us.net>
---
 fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 15 deletions(-)

diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c
index 12d0b22cabe1..1da52bbf4599 100644
--- a/fs/ext4/mballoc-test.c
+++ b/fs/ext4/mballoc-test.c
@@ -21,16 +21,27 @@ struct mbt_ctx {
 };
 
 struct mbt_ext4_super_block {
-	struct super_block sb;
+	struct ext4_super_block es;
+	struct ext4_sb_info sbi;
 	struct mbt_ctx mbt_ctx;
 };
 
-#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx))
+#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi))
+#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx)
 #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group])
 
 static const struct super_operations mbt_sops = {
 };
 
+static void mbt_kill_sb(struct super_block *sb)
+{
+}
+
+static struct file_system_type mbt_fs_type = {
+	.name			= "mballoc test",
+	.kill_sb		= mbt_kill_sb,
+};
+
 static int mbt_mb_init(struct super_block *sb)
 {
 	int ret;
@@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb)
 	kfree(sb->s_bdev);
 }
 
+static int mbt_set(struct super_block *sb, void *data)
+{
+	return 0;
+}
+
 static struct super_block *mbt_ext4_alloc_super_block(void)
 {
-	struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL);
-	struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
 	struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL);
+	struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL);
+	struct ext4_sb_info *sbi;
 
-	if (fsb == NULL || sbi == NULL || es == NULL)
+	if (fsb == NULL || sb == NULL)
 		goto out;
 
+	sbi = &fsb->sbi;
+
 	sbi->s_blockgroup_lock =
 		kzalloc(sizeof(struct blockgroup_lock), GFP_KERNEL);
 	if (!sbi->s_blockgroup_lock)
-		goto out;
+		goto out_deactivate;
 
 	bgl_lock_init(sbi->s_blockgroup_lock);
 
-	sbi->s_es = es;
-	fsb->sb.s_fs_info = sbi;
+	sbi->s_es = &fsb->es;
+	sb->s_fs_info = sbi;
 
-	return &fsb->sb;
+	return sb;
 
+out_deactivate:
+	deactivate_locked_super(sb);
 out:
 	kfree(fsb);
-	kfree(sbi);
-	kfree(es);
 	return NULL;
 }
 
 static void mbt_ext4_free_super_block(struct super_block *sb)
 {
-	struct mbt_ext4_super_block *fsb =
-		container_of(sb, struct mbt_ext4_super_block, sb);
+	struct mbt_ext4_super_block *fsb = MBT_SB(sb);
 	struct ext4_sb_info *sbi = EXT4_SB(sb);
 
 	kfree(sbi->s_blockgroup_lock);
-	kfree(sbi->s_es);
-	kfree(sbi);
+	deactivate_locked_super(sb);
 	kfree(fsb);
 }
 
-- 
2.30.0

On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote:
> This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns
> as following:
> <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318)
> <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415)
> <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174)
> <4>[ 14.346696] alloc_inode (fs/inode.c:268)
> <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007)
> <4>[ 14.348016] new_inode (fs/inode.c:1033)
> <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719)
> <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57
> fs/ext4/mballoc-test.c:314)
> <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443)
> <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30)
> <4>[ 14.351530] kthread (kernel/kthread.c:388)
> <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861)
> <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1)
> 
> Alloc test super block from sget to properly initialize test super block
> to fix the issue.
> 
> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> Reported-by: Guenter Roeck <linux@roeck-us.net>
> ---
>  fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++--------------
>  1 file changed, 31 insertions(+), 15 deletions(-)
> 
> diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c
> index 12d0b22cabe1..1da52bbf4599 100644
> --- a/fs/ext4/mballoc-test.c
> +++ b/fs/ext4/mballoc-test.c
> @@ -21,16 +21,27 @@ struct mbt_ctx {
>  };
>  
>  struct mbt_ext4_super_block {
> -	struct super_block sb;
> +	struct ext4_super_block es;
> +	struct ext4_sb_info sbi;
>  	struct mbt_ctx mbt_ctx;
>  };
>  
> -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx))
> +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi))
> +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx)
>  #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group])
>  
>  static const struct super_operations mbt_sops = {
>  };
>  
> +static void mbt_kill_sb(struct super_block *sb)
> +{
> +}
> +
> +static struct file_system_type mbt_fs_type = {
> +	.name			= "mballoc test",
> +	.kill_sb		= mbt_kill_sb,
> +};
> +
>  static int mbt_mb_init(struct super_block *sb)
>  {
>  	int ret;
> @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb)
>  	kfree(sb->s_bdev);
>  }
>  
> +static int mbt_set(struct super_block *sb, void *data)
> +{
> +	return 0;
> +}
> +
>  static struct super_block *mbt_ext4_alloc_super_block(void)
>  {
> -	struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL);
> -	struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
>  	struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL);
> +	struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL);
> +	struct ext4_sb_info *sbi;
>  
> -	if (fsb == NULL || sbi == NULL || es == NULL)
> +	if (fsb == NULL || sb == NULL)

sget() returns error pointer on failure. So you should check for IS_ERR(sb).

on 3/1/2024 4:25 PM, Christian Brauner wrote:
> On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote:
>> This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns
>> as following:
>> <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318)
>> <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415)
>> <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174)
>> <4>[ 14.346696] alloc_inode (fs/inode.c:268)
>> <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007)
>> <4>[ 14.348016] new_inode (fs/inode.c:1033)
>> <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719)
>> <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57
>> fs/ext4/mballoc-test.c:314)
>> <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443)
>> <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30)
>> <4>[ 14.351530] kthread (kernel/kthread.c:388)
>> <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861)
>> <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1)
>>
>> Alloc test super block from sget to properly initialize test super block
>> to fix the issue.
>>
>> Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
>> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
>> Reported-by: Guenter Roeck <linux@roeck-us.net>
>> ---
>>  fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++--------------
>>  1 file changed, 31 insertions(+), 15 deletions(-)
>>
>> diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c
>> index 12d0b22cabe1..1da52bbf4599 100644
>> --- a/fs/ext4/mballoc-test.c
>> +++ b/fs/ext4/mballoc-test.c
>> @@ -21,16 +21,27 @@ struct mbt_ctx {
>>  };
>>  
>>  struct mbt_ext4_super_block {
>> -	struct super_block sb;
>> +	struct ext4_super_block es;
>> +	struct ext4_sb_info sbi;
>>  	struct mbt_ctx mbt_ctx;
>>  };
>>  
>> -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx))
>> +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi))
>> +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx)
>>  #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group])
>>  
>>  static const struct super_operations mbt_sops = {
>>  };
>>  
>> +static void mbt_kill_sb(struct super_block *sb)
>> +{
>> +}
>> +
>> +static struct file_system_type mbt_fs_type = {
>> +	.name			= "mballoc test",
>> +	.kill_sb		= mbt_kill_sb,
>> +};
>> +
>>  static int mbt_mb_init(struct super_block *sb)
>>  {
>>  	int ret;
>> @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb)
>>  	kfree(sb->s_bdev);
>>  }
>>  
>> +static int mbt_set(struct super_block *sb, void *data)
>> +{
>> +	return 0;
>> +}
>> +
>>  static struct super_block *mbt_ext4_alloc_super_block(void)
>>  {
>> -	struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL);
>> -	struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
>>  	struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL);
>> +	struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL);
>> +	struct ext4_sb_info *sbi;
>>  
>> -	if (fsb == NULL || sbi == NULL || es == NULL)
>> +	if (fsb == NULL || sb == NULL)
> 
> sget() returns error pointer on failure. So you should check for IS_ERR(sb).
> 
Thanks a lot for review. I will fix it in next version.

On Fri, Mar 01, 2024 at 09:25:59AM +0100, Christian Brauner wrote:
> On Fri, Mar 01, 2024 at 08:08:15PM +0800, Kemeng Shi wrote:
> > This fix the oops in ext4 unit test which is cuased by NULL sb.s_user_ns
> > as following:
> > <4>[ 14.344565] map_id_range_down (kernel/user_namespace.c:318)
> > <4>[ 14.345378] make_kuid (kernel/user_namespace.c:415)
> > <4>[ 14.345998] inode_init_always (include/linux/fs.h:1375 fs/inode.c:174)
> > <4>[ 14.346696] alloc_inode (fs/inode.c:268)
> > <4>[ 14.347353] new_inode_pseudo (fs/inode.c:1007)
> > <4>[ 14.348016] new_inode (fs/inode.c:1033)
> > <4>[ 14.348644] ext4_mb_init (fs/ext4/mballoc.c:3404 fs/ext4/mballoc.c:3719)
> > <4>[ 14.349312] mbt_kunit_init (fs/ext4/mballoc-test.c:57
> > fs/ext4/mballoc-test.c:314)
> > <4>[ 14.349983] kunit_try_run_case (lib/kunit/test.c:388 lib/kunit/test.c:443)
> > <4>[ 14.350696] kunit_generic_run_threadfn_adapter (lib/kunit/try-catch.c:30)
> > <4>[ 14.351530] kthread (kernel/kthread.c:388)
> > <4>[ 14.352168] ret_from_fork (arch/arm64/kernel/entry.S:861)
> > <0>[ 14.353385] Code: 52808004 b8236ae7 72be5e44 b90004c4 (38e368a1)
> > 
> > Alloc test super block from sget to properly initialize test super block
> > to fix the issue.
> > 
> > Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> > Reported-by: Guenter Roeck <linux@roeck-us.net>
> > ---
> >  fs/ext4/mballoc-test.c | 46 ++++++++++++++++++++++++++++--------------
> >  1 file changed, 31 insertions(+), 15 deletions(-)
> > 
> > diff --git a/fs/ext4/mballoc-test.c b/fs/ext4/mballoc-test.c
> > index 12d0b22cabe1..1da52bbf4599 100644
> > --- a/fs/ext4/mballoc-test.c
> > +++ b/fs/ext4/mballoc-test.c
> > @@ -21,16 +21,27 @@ struct mbt_ctx {
> >  };
> >  
> >  struct mbt_ext4_super_block {
> > -	struct super_block sb;
> > +	struct ext4_super_block es;
> > +	struct ext4_sb_info sbi;
> >  	struct mbt_ctx mbt_ctx;
> >  };
> >  
> > -#define MBT_CTX(_sb) (&(container_of((_sb), struct mbt_ext4_super_block, sb)->mbt_ctx))
> > +#define MBT_SB(_sb) (container_of((_sb)->s_fs_info, struct mbt_ext4_super_block, sbi))
> > +#define MBT_CTX(_sb) (&MBT_SB(_sb)->mbt_ctx)
> >  #define MBT_GRP_CTX(_sb, _group) (&MBT_CTX(_sb)->grp_ctx[_group])
> >  
> >  static const struct super_operations mbt_sops = {
> >  };
> >  
> > +static void mbt_kill_sb(struct super_block *sb)
> > +{
> > +}
> > +
> > +static struct file_system_type mbt_fs_type = {
> > +	.name			= "mballoc test",
> > +	.kill_sb		= mbt_kill_sb,
> > +};
> > +
> >  static int mbt_mb_init(struct super_block *sb)
> >  {
> >  	int ret;
> > @@ -72,43 +83,48 @@ static void mbt_mb_release(struct super_block *sb)
> >  	kfree(sb->s_bdev);
> >  }
> >  
> > +static int mbt_set(struct super_block *sb, void *data)
> > +{
> > +	return 0;
> > +}
> > +
> >  static struct super_block *mbt_ext4_alloc_super_block(void)
> >  {
> > -	struct ext4_super_block *es = kzalloc(sizeof(*es), GFP_KERNEL);
> > -	struct ext4_sb_info *sbi = kzalloc(sizeof(*sbi), GFP_KERNEL);
> >  	struct mbt_ext4_super_block *fsb = kzalloc(sizeof(*fsb), GFP_KERNEL);
> > +	struct super_block *sb = sget(&mbt_fs_type, NULL, mbt_set, 0, NULL);
> > +	struct ext4_sb_info *sbi;
> >  
> > -	if (fsb == NULL || sbi == NULL || es == NULL)
> > +	if (fsb == NULL || sb == NULL)
> 
> sget() returns error pointer on failure. So you should check for IS_ERR(sb).

You also want to unlock that superblock up_write(sb->s_umount) if it
succeeded and then call deactivate_super() when you are done with it in
mbt_kunit_exit().