Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1292727rwb;
        Thu, 10 Nov 2022 14:06:23 -0800 (PST)
X-Google-Smtp-Source: AMsMyM7SW9lm4sYCvR0ZUxuh+EL6yXVBvLqLgq4Y3QLdPmBVvse/Raa4DZqmenAueoqWiAyiIB3Q
X-Received: by 2002:a17:906:5ac3:b0:7a3:9fca:785d with SMTP id x3-20020a1709065ac300b007a39fca785dmr3977422ejs.303.1668117982774;
        Thu, 10 Nov 2022 14:06:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668117982; cv=none;
        d=google.com; s=arc-20160816;
        b=YBh2iFANYLOY8HshpwGqBn8cFgrQumSxjUwpygf80Xe/bly/jdv61/tXwDLoivYn0T
         BHnRdZ5Cr5NhX3Eizua1sFQ4tgCGImbG7cKFlViL1jUEZJLz26HT6ipF02xMeVgqf7V1
         t0G8MQYfBMRkMrczfC6qMYw0Sg555ShxNSct9KZBUQzrYIJEEgDHSqYVFqaXMuaedbuz
         m/2GgS3mEQgx9T/daZk0qMqtPaoW+fcz4khDeFZcp0af87FpoJr/Q15LeV8IJqWvowy9
         SIbwS9/uJoJPFojkB1/Q5QxvhzOzOs+nM9P6Y+eKtXsrKUoMdwjjYf9mHtOwI6m3vTfB
         X6Dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:reply-to:message-id:subject:cc:to:from:date
         :dkim-signature:dkim-signature;
        bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=;
        b=bK7VVqJuPCdyfhNGfiRAKgFSoGgfNImIuCav6AL386rCTuA6nqbNGkiuLJs4WQoo1H
         61LwF4OLy/qRKx2TMmyaplNa9afD+oiKd/31m64ipWXjKIUEqZoyztcjPOz5wmCAoiJn
         1G6mzXbjAht/YtpBm19T1x9cpz1eBH0hfcxdImMqutyCsYI0frmCdszn/PStCUAzmVN8
         jeDsonPGVj0Nw1qp7sMgLg7lnhEU6+cJZzICY5/bqfuic7tFKcg8uSdJKnVEBxCaCp/E
         RdAF43mJ4/CxJKj59Y4q/l1xiG8kMo1b+I7sQrJ8N6omfH6m0xPjZKDaP/K8o6JsGS8R
         YRtw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YEX4NQNt;
       dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h16-20020a05640250d000b0046013b7e7efsi740968edb.631.2022.11.10.14.05.59;
        Thu, 10 Nov 2022 14:06:22 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YEX4NQNt;
       dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230117AbiKJUzE (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 92 others); Thu, 10 Nov 2022 15:55:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52842 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231426AbiKJUzC (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Nov 2022 15:55:02 -0500
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A272424BF6;
        Thu, 10 Nov 2022 12:55:01 -0800 (PST)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 42D7F20136;
        Thu, 10 Nov 2022 20:55:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
        t=1668113700;
        h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to:
         cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=;
        b=YEX4NQNtefIWGG6qovrbgjZGy7NEVntfw+YwnYbKxLY+jzvQ00MYRba8hwTwoTqLVlYPst
        QYHxFSukuRiZHNTwDwn+SipsiVXIx3NORob70maWzoOG3XTlOlGtq6A0EfmiWfUMmEEoSD
        51pC+NBZUD2irDrWfWx4Y30qNYO2x8k=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
        s=susede2_ed25519; t=1668113700;
        h=from:from:reply-to:reply-to:date:date:message-id:message-id:to:to:
         cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=qVn09/fMcbu7gKxOIOXHM9CyA+qxoMo1sg5FRs3O4Ps=;
        b=2E+9AEeYdCzoyprvx+8No5KjD2zXwT/gWZpPPZNWaN/Al8RerTurINu908YndX+kZQJacF
        tMMltjyVEcdIQ5Ag==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F17B01332F;
        Thu, 10 Nov 2022 20:54:59 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id X7vlOSNlbWNncwAAMHmgww
        (envelope-from <dsterba@suse.cz>); Thu, 10 Nov 2022 20:54:59 +0000
Date:   Thu, 10 Nov 2022 21:54:36 +0100
From:   David Sterba <dsterba@suse.cz>
To:     ChenXiaoSong <chenxiaosong2@huawei.com>
Cc:     clm@fb.com, josef@toxicpanda.com, dsterba@suse.com,
        linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
        yi.zhang@huawei.com, zhangxiaoxu5@huawei.com
Subject: Re: [PATCH] btrfs: qgroup: fix sleep from invalid context bug in
 update_qgroup_limit_item()
Message-ID: <20221110205436.GJ5824@twin.jikos.cz>
Reply-To: dsterba@suse.cz
References: <20221110141342.2129475-1-chenxiaosong2@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20221110141342.2129475-1-chenxiaosong2@huawei.com>
User-Agent: Mutt/1.5.23.1-rc1 (2014-03-12)
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 10, 2022 at 10:13:42PM +0800, ChenXiaoSong wrote:
> Syzkaller reported BUG as follows:
> 
>   BUG: sleeping function called from invalid context at
>        include/linux/sched/mm.h:274
>   Call Trace:
>    <TASK>
>    dump_stack_lvl+0xcd/0x134
>    __might_resched.cold+0x222/0x26b
>    kmem_cache_alloc+0x2e7/0x3c0
>    update_qgroup_limit_item+0xe1/0x390
>    btrfs_qgroup_inherit+0x147b/0x1ee0
>    create_subvol+0x4eb/0x1710
>    btrfs_mksubvol+0xfe5/0x13f0
>    __btrfs_ioctl_snap_create+0x2b0/0x430
>    btrfs_ioctl_snap_create_v2+0x25a/0x520
>    btrfs_ioctl+0x2a1c/0x5ce0
>    __x64_sys_ioctl+0x193/0x200
>    do_syscall_64+0x35/0x80
> 
> Fix this by introducing __update_qgroup_limit_item() helper, allocate
> memory outside of the spin lock.
> 
> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>

Added to misc-next, thanks.

> +	path = btrfs_alloc_path();

btrfs_alloc_path uses fixed GFP_NOFS flags for kmem_cache_alloc but that
does not try to detect if it could sleep or not.