1. Patchew
  2. linux
  3. View series

Forwarded: [PATCH] btrfs: add debug printks to trace lookup vs rename collision mismatch

syzbot posted 1 patch 3 days, 19 hours ago 
fs/btrfs/inode.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
Forwarded: [PATCH] btrfs: add debug printks to trace lookup vs rename collision mismatch
Posted by syzbot 3 days, 19 hours ago 
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: [PATCH] btrfs: add debug printks to trace lookup vs rename collision mismatch
Author: kartikey406@gmail.com

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master


Add printk statements in btrfs_lookup_dentry(), btrfs_lookup(), and
btrfs_rename() to investigate why the WARN_ON(!new_inode) in
btrfs_rename() fires.

Hypothesis: the VFS dentry view (negative) disagrees with the on-disk
dir_item view (present) because btrfs_inode_by_name() finds the
dir_item but btrfs_iget() fails to load the target inode, causing
btrfs_lookup() to return a negative dentry while
btrfs_check_dir_item_collision() still sees the dir_item.

Not for upstream.

Reported-by: syzbot+8b14244ee8d43b313915@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=8b14244ee8d43b313915
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
 fs/btrfs/inode.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 75136a172710..c8dbfd6fe76d 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -6073,11 +6073,19 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry)
 		return ERR_PTR(-ENAMETOOLONG);
 
 	ret = btrfs_inode_by_name(BTRFS_I(dir), dentry, &location, &di_type);
+	printk(KERN_INFO "BTRFS_DBG lookup_dentry: name='%.*s' inode_by_name ret=%d loc.type=%u loc.objectid=%llu\n",
+		(int)dentry->d_name.len, dentry->d_name.name,
+		ret, location.type, location.objectid);
 	if (ret < 0)
 		return ERR_PTR(ret);
 
 	if (location.type == BTRFS_INODE_ITEM_KEY) {
+		printk(KERN_INFO "BTRFS_DBG lookup_dentry: calling iget objectid=%llu\n",
+			 location.objectid);
 		inode = btrfs_iget(location.objectid, root);
+		 printk(KERN_INFO "BTRFS_DBG lookup_dentry: iget returned %s (err=%ld)\n",
+			IS_ERR(inode) ? "ERR" : "OK",
+			IS_ERR(inode) ? PTR_ERR(inode) : 0);
 		if (IS_ERR(inode))
 			return ERR_CAST(inode);
 
@@ -6147,6 +6155,10 @@ static struct dentry *btrfs_lookup(struct inode *dir, struct dentry *dentry,
 {
 	struct inode *inode = btrfs_lookup_dentry(dir, dentry);
 
+	printk(KERN_INFO "BTRFS_DBG lookup: name='%.*s' lookup_dentry returned %s (err=%ld)\n",
+		(int)dentry->d_name.len, dentry->d_name.name,
+		IS_ERR(inode) ? "ERR" : (inode ? "INODE" : "NULL"),
+		IS_ERR(inode) ? PTR_ERR(inode) : 0);
 	if (inode == ERR_PTR(-ENOENT))
 		inode = NULL;
 	return d_splice_alias(inode, dentry);
@@ -8609,6 +8621,9 @@ static int btrfs_rename(struct mnt_idmap *idmap,
 
 	/* check for collisions, even if the  name isn't there */
 	ret = btrfs_check_dir_item_collision(dest, new_dir->i_ino, &new_fname.disk_name);
+	 printk(KERN_INFO "BTRFS_DBG btrfs_rename: collision check ret=%d new_inode=%p new_dentry='%.*s'\n",
+		 ret, new_inode,
+		(int)new_dentry->d_name.len, new_dentry->d_name.name);
 	if (ret) {
 		if (ret == -EEXIST) {
 			/* we shouldn't get
-- 
2.43.0

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.