Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2511190imm; Thu, 7 Jun 2018 11:54:12 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLapwLrBQDdNzoik5cxZYKJCYwSqlLyfhe+HDO48Swxr2Qg0LvwQgz4s6mLxbpBlC+wEACt X-Received: by 2002:a17:902:7009:: with SMTP id y9-v6mr3231008plk.217.1528397652262; Thu, 07 Jun 2018 11:54:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528397652; cv=none; d=google.com; s=arc-20160816; b=js6BeA0sy4UhuxOEFxsa+GWSTaZD+9/s7zXa69579Lq+7ds+Jj21eO0g8PhDEo4nJ3 faO3miH27Cy1Mzp0kkEnuMsEEoKv/0yVMeMSjgjcRUsOa+GPVHOWM0BkM5oSJASalF9m 2tMD3g8KmGzIFfM63nb0BSV0Re82Au8JDOk69yR5BE8HR2k+fjEhhXXz/HBhzmzKoyWt +Vyr7ueeeIvY6n+/673ff6vRojCQ3xn7kCLjZ2GXFA3+VYlIKEW6ENIkurDNPR/xgpah T/5wNvR7r1V115d+oB/ktlg9X0HA5jVyKwb5eaT4YGogaY7wNjDjhjm2LsCSjsByjLJf oZRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:mail-followup-to:reply-to:message-id:subject:cc:to:from :date:arc-authentication-results; bh=SbvB5Kpq99xM89cuRoXSISTbdw38k2THGWMG8wbJf8o=; b=Cgm59s4y/Ku8647IamxBh59gpbEaZxfmSK3rTsZONrvdEMb6hbectGjQYxEHfBd4RZ x/jPPPUCAiYxVA6exjr1IqwZGwbdP2jvvz5BdBieb6TuCvFvnFTC1UMWQ4hdqzq+FPkz SKqWMqbz5GYnaVvfeKpl2sVJ4yupeDua+xgy+qhw54b4q/WZiawZ5M9B3nqs2NGx2khC zTBwiv/1RdvdjYu2w+iGotUa8il1Uoi3c55YS7HNr6xD6BItT9Rq6JZywOOMeWPe/Jik 4eawqlOL44crRssefpAkju3NVuiwR+69PKObGSQl6JfzxrHHyshcSqI+/QZsHH9KqtCL xWgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c3-v6si53873690pld.593.2018.06.07.11.53.57; Thu, 07 Jun 2018 11:54:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935387AbeFGPhm (ORCPT + 99 others); Thu, 7 Jun 2018 11:37:42 -0400 Received: from mx2.suse.de ([195.135.220.15]:34375 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933708AbeFGPhh (ORCPT ); Thu, 7 Jun 2018 11:37:37 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id DEE21AD53; Thu, 7 Jun 2018 15:37:35 +0000 (UTC) Received: by ds.suse.cz (Postfix, from userid 10065) id 23174DAD20; Thu, 7 Jun 2018 17:34:50 +0200 (CEST) Date: Thu, 7 Jun 2018 17:34:50 +0200 From: David Sterba To: Anand Jain Cc: syzbot , clm@fb.com, dsterba@suse.com, jbacik@fb.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: kernel BUG at fs/btrfs/volumes.c:LINE! Message-ID: <20180607153450.GF3215@twin.jikos.cz> Reply-To: dsterba@suse.cz Mail-Followup-To: dsterba@suse.cz, Anand Jain , syzbot , clm@fb.com, dsterba@suse.com, jbacik@fb.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com References: <00000000000096009b056df92dc1@google.com> <70a3c2d1-3f53-d4c0-13b3-29f836ec46d9@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <70a3c2d1-3f53-d4c0-13b3-29f836ec46d9@oracle.com> User-Agent: Mutt/1.5.23.1 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 07, 2018 at 12:15:04AM +0800, Anand Jain wrote: > > > On 06/06/2018 09:31 PM, syzbot wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit:??? af6c5d5e01ad Merge branch 'for-4.18' of > > git://git.kernel.o.. > > git tree:?????? upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=15f700af800000 > > kernel config:? https://syzkaller.appspot.com/x/.config?x=12ff770540994680 > > dashboard link: > > https://syzkaller.appspot.com/bug?extid=5b658d997a83984507a6 > > compiler:?????? gcc (GCC) 8.0.1 20180413 (experimental) > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+5b658d997a83984507a6@syzkaller.appspotmail.com > > > > RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f787067fbf0 > > RBP: 0000000000000001 R08: 00000000200000c0 R09: 0000000020000080 > > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000014 > > R13: 0000000000000001 R14: 0000000000700008 R15: 0000000000000043 > > ------------[ cut here ]------------ > > kernel BUG at fs/btrfs/volumes.c:1032! > > invalid opcode: 0000 [#1] SMP KASAN > > CPU: 1 PID: 22303 Comm: syz-executor1 Not tainted 4.17.0+ #86 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > RIP: 0010:btrfs_prepare_close_one_device fs/btrfs/volumes.c:1032 [inline] > > btrfs_prepare_close_one_device() > :: > 1031 name = rcu_string_strdup(device->name->str, GFP_NOFS); > 1032 BUG_ON(!name); /* -ENOMEM */ > > The way we close our devices needs new memory allocations > at the time of device close. By doing this apart from the BUG_ON > reported here, there _were_ other complications like managing the sysfs > links and moving them to the newly allocated btrfs_fs_devices. > So sometime back I attempted to correct this approach to a simple > device close without fresh allocation, however it wasn't successful. > I am going to try that again, but its not p1. Yeah, getting rid of the allocations while freeing device would be great but unfortunatelly is not simple. Normally the GFP_NOFS allocations do not fail so I think the fuzzer environment is tuned to allow that, which is fine for coverage but does not happen in practice. This will be fixed eventually.