Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1292727rwb; Thu, 10 Nov 2022 14:06:23 -0800 (PST) X-Google-Smtp-Source: AMsMyM7SW9lm4sYCvR0ZUxuh+EL6yXVBvLqLgq4Y3QLdPmBVvse/Raa4DZqmenAueoqWiAyiIB3Q X-Received: by 2002:a17:906:5ac3:b0:7a3:9fca:785d with SMTP id x3-20020a1709065ac300b007a39fca785dmr3977422ejs.303.1668117982774; Thu, 10 Nov 2022 14:06:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668117982; cv=none; d=google.com; s=arc-20160816; b=YBh2iFANYLOY8HshpwGqBn8cFgrQumSxjUwpygf80Xe/bly/jdv61/tXwDLoivYn0T BHnRdZ5Cr5NhX3Eizua1sFQ4tgCGImbG7cKFlViL1jUEZJLz26HT6ipF02xMeVgqf7V1 t0G8MQYfBMRkMrczfC6qMYw0Sg555ShxNSct9KZBUQzrYIJEEgDHSqYVFqaXMuaedbuz m/2GgS3mEQgx9T/daZk0qMqtPaoW+fcz4khDeFZcp0af87FpoJr/Q15LeV8IJqWvowy9 SIbwS9/uJoJPFojkB1/Q5QxvhzOzOs+nM9P6Y+eKtXsrKUoMdwjjYf9mHtOwI6m3vTfB X6Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:reply-to:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature; bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=; b=bK7VVqJuPCdyfhNGfiRAKgFSoGgfNImIuCav6AL386rCTuA6nqbNGkiuLJs4WQoo1H 61LwF4OLy/qRKx2TMmyaplNa9afD+oiKd/31m64ipWXjKIUEqZoyztcjPOz5wmCAoiJn 1G6mzXbjAht/YtpBm19T1x9cpz1eBH0hfcxdImMqutyCsYI0frmCdszn/PStCUAzmVN8 jeDsonPGVj0Nw1qp7sMgLg7lnhEU6+cJZzICY5/bqfuic7tFKcg8uSdJKnVEBxCaCp/E RdAF43mJ4/CxJKj59Y4q/l1xiG8kMo1b+I7sQrJ8N6omfH6m0xPjZKDaP/K8o6JsGS8R YRtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YEX4NQNt; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h16-20020a05640250d000b0046013b7e7efsi740968edb.631.2022.11.10.14.05.59; Thu, 10 Nov 2022 14:06:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YEX4NQNt; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230117AbiKJUzE (ORCPT + 92 others); Thu, 10 Nov 2022 15:55:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231426AbiKJUzC (ORCPT ); Thu, 10 Nov 2022 15:55:02 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A272424BF6; Thu, 10 Nov 2022 12:55:01 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 42D7F20136; Thu, 10 Nov 2022 20:55:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1668113700; h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to: cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=; b=YEX4NQNtefIWGG6qovrbgjZGy7NEVntfw+YwnYbKxLY+jzvQ00MYRba8hwTwoTqLVlYPst QYHxFSukuRiZHNTwDwn+SipsiVXIx3NORob70maWzoOG3XTlOlGtq6A0EfmiWfUMmEEoSD 51pC+NBZUD2irDrWfWx4Y30qNYO2x8k= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1668113700; h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to: cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=; b=2E+9AEeYdCzoyprvx+8No5KjD2zXwT/gWZpPPZNWaN/Al8RerTurINu908YndX+kZQJacF tMMltjyVEcdIQ5Ag== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F17B01332F; Thu, 10 Nov 2022 20:54:59 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id X7vlOSNlbWNncwAAMHmgww (envelope-from ); Thu, 10 Nov 2022 20:54:59 +0000 Date: Thu, 10 Nov 2022 21:54:36 +0100 From: David Sterba To: ChenXiaoSong Cc: clm@fb.com, josef@toxicpanda.com, dsterba@suse.com, linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org, yi.zhang@huawei.com, zhangxiaoxu5@huawei.com Subject: Re: [PATCH] btrfs: qgroup: fix sleep from invalid context bug in update_qgroup_limit_item() Message-ID: <20221110205436.GJ5824@twin.jikos.cz> Reply-To: dsterba@suse.cz References: <20221110141342.2129475-1-chenxiaosong2@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221110141342.2129475-1-chenxiaosong2@huawei.com> User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12) X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 10, 2022 at 10:13:42PM +0800, ChenXiaoSong wrote: > Syzkaller reported BUG as follows: > > BUG: sleeping function called from invalid context at > include/linux/sched/mm.h:274 > Call Trace: > > dump_stack_lvl+0xcd/0x134 > __might_resched.cold+0x222/0x26b > kmem_cache_alloc+0x2e7/0x3c0 > update_qgroup_limit_item+0xe1/0x390 > btrfs_qgroup_inherit+0x147b/0x1ee0 > create_subvol+0x4eb/0x1710 > btrfs_mksubvol+0xfe5/0x13f0 > __btrfs_ioctl_snap_create+0x2b0/0x430 > btrfs_ioctl_snap_create_v2+0x25a/0x520 > btrfs_ioctl+0x2a1c/0x5ce0 > __x64_sys_ioctl+0x193/0x200 > do_syscall_64+0x35/0x80 > > Fix this by introducing __update_qgroup_limit_item() helper, allocate > memory outside of the spin lock. > > Signed-off-by: ChenXiaoSong Added to misc-next, thanks. > + path = btrfs_alloc_path(); btrfs_alloc_path uses fixed GFP_NOFS flags for kmem_cache_alloc but that does not try to detect if it could sleep or not.