Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2516384imm; Thu, 7 Jun 2018 12:00:24 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLQgK/mhLRxBRlI513mkvs9bD3f9iGZjeJuP0/OiRwiJeSM/6HzUStzExw0XhUXFmsi6tXs X-Received: by 2002:a62:f551:: with SMTP id n78-v6mr2884344pfh.200.1528398024487; Thu, 07 Jun 2018 12:00:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528398024; cv=none; d=google.com; s=arc-20160816; b=wNjOtiYS/Sjv1Xn6nxA636lD6lPLRnlQuNT/ujRFOdl0UgwfVBwjOH2pSXhACyl+Sh o3Dv9dLE4CD7LHLD1LfP1bPGeWzzFQrqrFbgnYfcB5aJouXM7uN71e1NYC2cuuaKKhjT hrkgrSPeCUt16xoDNCwKgorvVX3svqAvDGhSjIoahzErAkY6fia3YWTdeDUhfA2m+HxS JtxBSk6KXRsDA5NBmRUEpgUDozFByfGWxrMMsA8X6OPotLxEoPQ1Ix5WJdlhSNC+wKl0 FkCuLFvHj8cQRdpWD0SgPEpgDaZOfdAOXNO5tewtTx9EpyM0dPhNBwvmFWN3RY8oHIsQ dZBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=Bix4pk4nM4frknzm5oL/wBUaoXyVZw50N9nXaUuhfSw=; b=H/xIneiKFUyxHj06bCBLSdyaTqzf/yZOloNY02PnTa4QzF9DVXY+DJyhltbN195+sS 1bDR9pxX9c1V0M5VqYAE3UYJ+FSCYrkKyuJQlVHW4qsBB+cImNKBhYmIaEyrXfX7gV4M m6f2qJPsEGC3EuRUfUn+SBVwaU0tQzlk0LrqScy9/UBQFpZQnfwPdETN3m2Ou9ZnzP6E tmRq2q/nvOGx68SagKJWzKaMbCraF7zlyuR2ODNGnNQ2ZW6P1Wu77DTBTF8heH6yOhWK 4PAMqZ3aEnKyTIy0AYdu0EThToKZ0TTxmDqFjsopfJNxvJ3eM40MNvMR8D1E6D6tmeIs ax5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pKfTlVWD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o33-v6si7607984plb.432.2018.06.07.12.00.10; Thu, 07 Jun 2018 12:00:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pKfTlVWD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932394AbeFGQ2b (ORCPT + 99 others); Thu, 7 Jun 2018 12:28:31 -0400 Received: from mail-pl0-f68.google.com ([209.85.160.68]:36450 "EHLO mail-pl0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932160AbeFGQ2X (ORCPT ); Thu, 7 Jun 2018 12:28:23 -0400 Received: by mail-pl0-f68.google.com with SMTP id a7-v6so3965796plp.3 for ; Thu, 07 Jun 2018 09:28:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Bix4pk4nM4frknzm5oL/wBUaoXyVZw50N9nXaUuhfSw=; b=pKfTlVWDb/PMlmjzRALWDzpmeFEMcKOIEaEq6X5m5bl2FdbHReGLYhG5kAHV2SJNnZ kSbcrOIhJxcGKQ/O3gWanS9KLY2f0VDgTOtkUAYC4H3ZQbde1BtZGg+TAHtzRrsfekV4 3b1lCdpTymELm69gvndBPv0MYFKd+WSpxHPjPqtCm8dPsTLzJaojbV1GyX5/l6O+he2G LP5ZlmpqhPJZmZO5Km5zd4azAK0DAah2gAWX2QBfQy0MrLW0mA0cqoTXa/r2JgXdLgro y67+yNXgufpbyx8P9vKSVmW97dnVNuNG9ewHn9LchAZnMoXOQgcpL48GmTKa/j0xGegH FTnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Bix4pk4nM4frknzm5oL/wBUaoXyVZw50N9nXaUuhfSw=; b=nnHpA15rexf7aX32iLLYOQmLMLRvcBN7EP433PFu1IA9S3RJo1g6ZajJ6GB4q8ZRFi i3QKvdiT1FNSd3OZ0eZ+j8P/1ATd+aJUcKdxoro7qI2XFj1LVo1qiCsthNbWgssTygoP nYD4cRDBUH2XxMjjbyajzXR8XZl/lfLJ1xwFAGSAJHndEVWt3jQHopZfD0iyMRqNuh2h cVe8NUPgb/ij9FpDd46zMCTH23e5c/uvnlJTh6F6ixQh0WaWEV+LJhFicL6jX2ckaiKH f57kSKVuoKG2c+69t6Ndjvh0Qn+0bOekcEAUbDjondY17LPKO45TJSi6KF7Y4BBu5zYc Uscg== X-Gm-Message-State: APt69E0Um2llVx/2ZBEJ5rqACatphSl3cgU0tHySCmy9bx3xw/EMPwgx DUuwJqmB253SNAKeESowgHRmJSWGkCcJB89xvKOc/g== X-Received: by 2002:a17:902:7d09:: with SMTP id z9-v6mr2706918pll.233.1528388902549; Thu, 07 Jun 2018 09:28:22 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:d42:0:0:0:0 with HTTP; Thu, 7 Jun 2018 09:28:02 -0700 (PDT) In-Reply-To: <20180607153450.GF3215@twin.jikos.cz> References: <00000000000096009b056df92dc1@google.com> <70a3c2d1-3f53-d4c0-13b3-29f836ec46d9@oracle.com> <20180607153450.GF3215@twin.jikos.cz> From: Dmitry Vyukov Date: Thu, 7 Jun 2018 18:28:02 +0200 Message-ID: Subject: Re: kernel BUG at fs/btrfs/volumes.c:LINE! To: dsterba@suse.cz, Anand Jain , syzbot , clm@fb.com, dsterba@suse.com, Josef Bacik , linux-btrfs@vger.kernel.org, LKML , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 7, 2018 at 5:34 PM, David Sterba wrote: > On Thu, Jun 07, 2018 at 12:15:04AM +0800, Anand Jain wrote: >> >> >> On 06/06/2018 09:31 PM, syzbot wrote: >> > Hello, >> > >> > syzbot found the following crash on: >> > >> > HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of >> > git://git.kernel.o.. >> > git tree: upstream >> > console output: https://syzkaller.appspot.com/x/log.txt?x=15f700af800000 >> > kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680 >> > dashboard link: >> > https://syzkaller.appspot.com/bug?extid=5b658d997a83984507a6 >> > compiler: gcc (GCC) 8.0.1 20180413 (experimental) >> > >> > Unfortunately, I don't have any reproducer for this crash yet. >> > >> > IMPORTANT: if you fix the bug, please add the following tag to the commit: >> > Reported-by: syzbot+5b658d997a83984507a6@syzkaller.appspotmail.com >> > >> > RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f787067fbf0 >> > RBP: 0000000000000001 R08: 00000000200000c0 R09: 0000000020000080 >> > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000014 >> > R13: 0000000000000001 R14: 0000000000700008 R15: 0000000000000043 >> > ------------[ cut here ]------------ >> > kernel BUG at fs/btrfs/volumes.c:1032! >> > invalid opcode: 0000 [#1] SMP KASAN >> > CPU: 1 PID: 22303 Comm: syz-executor1 Not tainted 4.17.0+ #86 >> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> > Google 01/01/2011 >> > RIP: 0010:btrfs_prepare_close_one_device fs/btrfs/volumes.c:1032 [inline] >> >> btrfs_prepare_close_one_device() >> :: >> 1031 name = rcu_string_strdup(device->name->str, GFP_NOFS); >> 1032 BUG_ON(!name); /* -ENOMEM */ >> >> The way we close our devices needs new memory allocations >> at the time of device close. By doing this apart from the BUG_ON >> reported here, there _were_ other complications like managing the sysfs >> links and moving them to the newly allocated btrfs_fs_devices. >> So sometime back I attempted to correct this approach to a simple >> device close without fresh allocation, however it wasn't successful. >> I am going to try that again, but its not p1. > > Yeah, getting rid of the allocations while freeing device would be great > but unfortunatelly is not simple. > > Normally the GFP_NOFS allocations do not fail so I think the fuzzer > environment is tuned to allow that, which is fine for coverage but does > not happen in practice. This will be fixed eventually. Isn't GFP_NOFS more restricted than normal allocations? Are these allocations accounted against memcg? It's easy to fail any allocation within a memory container.