Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2489218pxj;
        Mon, 31 May 2021 03:34:33 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz3huUUMySpPYHKOiz4Pu9GPtKcBS85L0wA4FnP2F8Cr6LFf0/ppI0CZJBvGNDjxwXKT5Ln
X-Received: by 2002:a17:906:f111:: with SMTP id gv17mr5426526ejb.435.1622457272951;
        Mon, 31 May 2021 03:34:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622457272; cv=none;
        d=google.com; s=arc-20160816;
        b=ZHZxHhgob6zDs5gE8YYvDDP1lwApuaTJei82KuzosGbXBKGfAC5I19CjoRNVNLAfyq
         2XWZ8HLbDylNQLJdptzjR0hWcn42h2S9fsUPVl9KILEcycDrr3MTB8egHr0XCpuNGkHp
         SHD7TlMaFK4O5P8BPj4ThVfNZj6+IFmrelH01DBl9l4xrCtQZWpHLIlusGQhiKsTqqX4
         b/xe0QpSQ+R7ACHK/T1vu3GP9/MgNwvIE/XID2MauxgrE9gZMfDQgiQ5D2kN9MzJTOGF
         CzQFH2DeMaD19wY7KTll0XOneYvQZiVJHKRxaR8AJMz5bOnFJNI52S/GDB3JS9Gl+Cxs
         4EoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=zh9IO265bie667jVCIBNqCamDa33CHtZDFaDzM5abhY=;
        b=QGi/1/3G578t5QlKkQkfiNmc9fHYmK/UlNylIkfwOmMKoxaPpaJh7o6Sjn1N5gXAr2
         6nJuGk9hplWyDBtU0U4OqXM1SrSHste6Ur6gcHoNoxPOC0vo/BzfmAdn6cDR6vxpM7Mz
         znZO0CaH3M+YfShoDfCmDXYnl2lrkid8RJIVJy7/x84VmXmsbzIGlwKO/2iI/rhcF0ei
         raefVzGBNz7VdzwBfVCMRFJaTYdc8EwMTTzQPpeYjoe49jUM+kalezfq8MCJVUljDRBo
         T89uEGWBPpc521WigVLj/XiAT7lEaOln08YbUkcUEY5dc83htFxk/J4tzp283Ed9iif4
         UuXQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Jc8xXzVx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e12si12616489edl.62.2021.05.31.03.33.58;
        Mon, 31 May 2021 03:34:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Jc8xXzVx;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231162AbhEaKd5 (ORCPT <rfc822;luke.ovalle@gmail.com>
        + 99 others); Mon, 31 May 2021 06:33:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47216 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231182AbhEaKdv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 May 2021 06:33:51 -0400
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44A6DC061574
        for <linux-kernel@vger.kernel.org>; Mon, 31 May 2021 03:32:11 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id j184so10758988qkd.6
        for <linux-kernel@vger.kernel.org>; Mon, 31 May 2021 03:32:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=zh9IO265bie667jVCIBNqCamDa33CHtZDFaDzM5abhY=;
        b=Jc8xXzVxJE3s+/WbL+pQubUsDQ5TAkfs+6Ftd/5j6q/9ysHzjxe/hLn0IEf7gtd0pk
         kgOwgu5eyLgwTeE8tHa0ysLs4JhOh9IHOzTf2aZZDiyDp0UC5QikpSuxQ8I1wyh/fiz9
         osY3QyRQAwsLR9PbhcJ4BbnS1knej4yEjW3Kkox1BQkOcYRAjZ25BPUn2h/YZDdWUf/w
         7WRe5iB9vSVr/nTa4K/7mldSxgtswrb8EQU2opZ/N3Q4TEsixCc5FXJNLDWkGf8VbVx8
         lqUf9/liy4BPjn7XeRUWv+FbdgtAiyTsY0NAOhDH9TOth29Q5eCuTQb+0Lf1FrJLfdAk
         nVcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=zh9IO265bie667jVCIBNqCamDa33CHtZDFaDzM5abhY=;
        b=G1Ky6rb7LG01lEW/tB3zgcoMpmeOYKD18+CxF8XCKP3itYGXloVdMdWjCxC/bEZX5v
         FBDlIJc55NSv6pcR0VdlIhGp9eiN27V2jvfsKHmtS0iHl+t7eWpYdNvH86jOb7jzg1zf
         vO2nSkgwLwFN+GPXOD9G4pRR5h9WNxkgG5CFapTYqIpqsqtJln1IQR6CU+g85J6TGmlT
         +WOe/fi24E5F+czVu7mrxYccwx/cC+xqCjstlrU/zt0ANTiErq1OCJWzbP00TgDnHOKy
         ZvET4NNGXPNkbl52pPItK2wFrlBDAwS9m2W2TkMqRPmZSW22J+8XA9LiL53sY0gYiKef
         MCaw==
X-Gm-Message-State: AOAM531/OVMVZQyGRYvKxJ93RLVZZMMC5iZu4cC34Jp45FhvRm/9iU2S
        i2KHka7r4tAJ17JSXhb3zdVN70fBTtX3GptgC4c0gg==
X-Received: by 2002:a37:4694:: with SMTP id t142mr15978446qka.265.1622457130194;
 Mon, 31 May 2021 03:32:10 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000f9136f05c39b84e4@google.com> <21666193-5ad7-2656-c50f-33637fabb082@suse.com>
 <CACT4Y+bqevMT3cD5sXjSv9QYM_7CwjYmN_Ne5LSj=3-REZ+oTw@mail.gmail.com>
 <224f1e6a-76fa-6356-fe11-af480cee5cf2@suse.com> <CACT4Y+ZJ7Oi9ChXJNuF_+e4FRnN1rJBde4tsjiTtkOV+MM-hgA@mail.gmail.com>
 <fcf25b03-e48e-8cda-3c87-25c2c3332719@suse.com>
In-Reply-To: <fcf25b03-e48e-8cda-3c87-25c2c3332719@suse.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Mon, 31 May 2021 12:31:59 +0200
Message-ID: <CACT4Y+YrLLiaKnM3uVHZvRtj-UrDW-cwx4k6Lsh8no12nwvpNw@mail.gmail.com>
Subject: Re: [syzbot] kernel BUG in assertfail
To:     Nikolay Borisov <nborisov@suse.com>
Cc:     syzbot <syzbot+a6bf271c02e4fe66b4e4@syzkaller.appspotmail.com>,
        Chris Mason <clm@fb.com>, dsterba@suse.com,
        Josef Bacik <josef@toxicpanda.com>,
        linux-btrfs@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 31, 2021 at 11:27 AM Nikolay Borisov <nborisov@suse.com> wrote:
> >>>>>
> >>>>> syzbot found the following issue on:
> >>>>>
> >>>>> HEAD commit:    1434a312 Merge branch 'for-5.13-fixes' of git://git.kernel..
> >>>>> git tree:       upstream
> >>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=162843f3d00000
> >>>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=9f3da44a01882e99
> >>>>> dashboard link: https://syzkaller.appspot.com/bug?extid=a6bf271c02e4fe66b4e4
> >>>>>
> >>>>> Unfortunately, I don't have any reproducer for this issue yet.
> >>>>>
> >>>>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> >>>>> Reported-by: syzbot+a6bf271c02e4fe66b4e4@syzkaller.appspotmail.com
> >>>>>
> >>>>> assertion failed: !memcmp(fs_info->fs_devices->fsid, fs_info->super_copy->fsid, BTRFS_FSID_SIZE), in fs/btrfs/disk-io.c:3282
> >>>>
> >>>> This means a device contains a btrfs filesystem which has a different
> >>>> FSID in its superblock than the fsid which all devices part of the same
> >>>> fs_devices should have. This can happen in 2 ways - memory corruption
> >>>> where either of the ->fsid member are corrupted or if there was a crash
> >>>> while a filesystem's fsid was being changed. We need more context about
> >>>> what the test did?
> >>>
> >>> Hi Nikolay,
> >>>
> >>> From a semantic point of view we can consider that it just mounts /dev/random.
> >>> If syzbot comes up with a reproducer it will post it, but you seem to
> >>> already figure out what happened, so I assume you can write a unit
> >>> test for this.
> >>>
> >>
> >> Well no, under normal circumstances this shouldn't trigger. So if syzbot
> >> is doing something stupid as mounting /dev/random then I don't see a
> >> problem here. The assert is there to catch inconsistencies during normal
> >> operation which doesn't seem to be the case here.
> >
> >
> > Does this mean that CONFIG_BTRFS_ASSERT needs to be disabled in any testing?
> > What is it intended for? Or it can only be enabled when mounting known
> > good images? But then I assume even btrfs unit tests mount some
> > invalid images, so it would mean it can't be used even  during unit
> > testing?
> >
> > Looking at the output of "grep ASSERT fs/btrfs/*.c" it looks like most
> > of these actually check for something that "must never happen". E.g.
> > some lists/pointers are empty/non-empty in particular states. And
> > "must never happen" checks are for testing scenarios...
> >
> > Taking this particular FSID mismatch assert, should such corrupted
> > images be mounted for end users? Should users be notified? Currently
> > they are mounted and users are not notified, what is the purpose of
> > this assertion?
> >
> > Perhaps CONFIG_BTRFS_ASSERT needs to be split into "must never happen"
> > checks that are enabled during testing and normal if's with pr_err for
> > user notifications?
>
> After going through the code you've convinced me. I just sent a patch
> turning the 2 debugging asserts into full-fledged checks in
> validate_super. So now the correct behavior is to prevent mounting of
> such images.  How can I force syzbot to retest with the given patch applied?

syzbot can test patches for issues with reproducers:
http://bit.do/syzbot#testing-patches
but this issue doesn't have a reproducer unfortunately. But I hope
this change is going to be reasonably straightforward. And if/when
this issue happens again after this report is closed with a fix,
syzbot will notify us again. So an absence of any new reports from
syzbot will implicitly mean that everything is fine.