Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1413973rwb;
        Thu, 10 Nov 2022 16:06:51 -0800 (PST)
X-Google-Smtp-Source: AMsMyM7rCKi417KWnorxMKvxiL16UXx3bF1PKYDZ5Dqk6SmP26B/k8HrXEEFqrYA1/MtyHgl+l0y
X-Received: by 2002:a50:ab1b:0:b0:461:9955:b54a with SMTP id s27-20020a50ab1b000000b004619955b54amr3876583edc.159.1668125211401;
        Thu, 10 Nov 2022 16:06:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668125211; cv=none;
        d=google.com; s=arc-20160816;
        b=R/9UsCpRJMeYpOHBVz9fbdKAQIsu72hy2uveDjoy/LdUV5SelL2p1WKenLd8n6MMKV
         EoFuD1o4cG1YxUbGItkg6XVCrtgTvhz29vOeuiNfBC2Ige77/homtdEWpQAiNcx3p5EO
         mgZKaKeZewhzwT6tHuDo5LorBbxk44R0wkan9hmDkbgitHs8M4c8WmO3Xmam5Z5CqNfa
         iw6CFOsYviqCeFGrt35CqjfVWVbi1RwrQ1iE/5zvzrLqmc+Zu/arAQNGRUkeUcgrO89F
         por6HOau3Ku8M6AC3+WA1IeOL/f8dqWnu95/KT05ygX6xwFXz+MqwiCayKsYaFXqDuf5
         H+Uw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:ui-outboundreport:content-transfer-encoding
         :in-reply-to:from:references:cc:to:content-language:subject
         :user-agent:mime-version:date:message-id;
        bh=34TaXRqQSZrKSbOOy9APjvvYmKtfE/nHM6FzkI/lZcs=;
        b=inaKJdDEP1NQuFvifgnC3MXlReTk4oQ7MCXz2BtmJJdSZk0/hJKVo7PNbT10zRb8c6
         63+dNLPJ0CUY+7cw3PjrkyDyd0+cYh0ATmhOttvsa4eN24W4PsqgL5ycnGybaGe3q8Cj
         /ngc61/+1ijK2Q8WQKq63lqCbambM7hIRznZx8oR5ccEZwFhVyxFRWH3+v2e4ngP8cpj
         vIxDK5sByCj9ru0KmXvlq0TOd1ZO/OxDds9koM2KKr4vBgHw86GuNsvmiJMpUz8H6PIH
         C9s7ErkVNEtqJSY7a7OXctLDq4G3/Laxy2wIZqRpupIMGnTS541WnNQJpQce5y5OyYxS
         JGOg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ga23-20020a1709070c1700b0078dd12d0a9bsi666066ejc.875.2022.11.10.16.06.29;
        Thu, 10 Nov 2022 16:06:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmx.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231455AbiKJXcA (ORCPT <rfc822;recursive.nomad@gmail.com>
        + 92 others); Thu, 10 Nov 2022 18:32:00 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35470 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229559AbiKJXb5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 10 Nov 2022 18:31:57 -0500
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71DD549B68;
        Thu, 10 Nov 2022 15:31:56 -0800 (PST)
Received: from [0.0.0.0] ([149.28.201.231]) by mail.gmx.net (mrgmx104
 [212.227.17.174]) with ESMTPSA (Nemesis) id 1N8XU1-1p6B8a0nHF-014VMQ; Fri, 11
 Nov 2022 00:31:30 +0100
Message-ID: <48ac1a74-6349-ccf5-92ef-2189037122b8@gmx.com>
Date:   Fri, 11 Nov 2022 07:31:22 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.4.0
Subject: Re: [PATCH] btrfs: qgroup: fix sleep from invalid context bug in
 update_qgroup_limit_item()
Content-Language: en-US
To:     dsterba@suse.cz, ChenXiaoSong <chenxiaosong2@huawei.com>
Cc:     clm@fb.com, josef@toxicpanda.com, dsterba@suse.com,
        linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
        yi.zhang@huawei.com, zhangxiaoxu5@huawei.com
References: <20221110141342.2129475-1-chenxiaosong2@huawei.com>
 <20221110205436.GJ5824@twin.jikos.cz>
From:   Qu Wenruo <quwenruo.btrfs@gmx.com>
In-Reply-To: <20221110205436.GJ5824@twin.jikos.cz>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:4oCQ3HhMBayFOLppa1woHkyiYxsDNghBUDJexb3pxECSW3EXyva
 gVka90317DNKpFBd+JXF4CiSdJ+rEYNLr6riZ208vsPAcYAzfm4C75CSVF4n/Z0lvcaEqCh
 TXGU3Tlo8VpbtLfeYETjU45RCKqr41mpl1U8+lRvXjxdIspz/bf5S43d4a+qy3ByfDAr//0
 Y/0y/zv3rXQm3xLntpkZQ==
UI-OutboundReport: notjunk:1;M01:P0:NuTL+cAbFYU=;hJgHW4JcOvLOG7wP133Ss71eP1k
 KgMDOWrv1/n4Zdfg5TkuDrzskod08rizKgti47UdtKVHanjI77qhYokUcEfifl2UGeji3wJbH
 ZLD3SukPODEWNmQYpLYz9C4uwQ16M6QMCulVKvXoBlXi6IkkdRPuVIa/4OCDWTVKFxRmnvd1i
 5/Kdf2OkUuxvniWxdJoSIhA+DtVJYxRQtTrMuBuqk5ClggUzcz81im0KQKzVKlDj8D3zHG/S2
 jF74ZZ1JUpoonyplus7CpJtySO7w7AjZ/XF9L1tBaVPkW6uWjxuo85L5qIaE6AnjzNfKgWiUA
 cSjMT67NqpaRlGu4pw4JuOrkGLLkdizsUZhUojUbZEHCzjM4OFRQctwS7o/b7A7lx7yf52jGK
 A8kOAmO764qgtuRACqGMfg2YsWA7N65RG5mza80sqtKaUXh+eqx0qaqmpNL0vyyo8OjN2RSZf
 u/B36cJGqVTzd9B+Rkqf4aFDwBg4LUm5RMBh5ky/L6famRUu/8GPXB+2dX2WdVrpTlBrXBqKS
 9PNj/e3qp7pV6UhMO+SxFGBnhrZPk2Lm7aeCEyIkFjyRAsKv1wv4xYttvsaUfy0WhzVdl0Ptn
 I9q+oNW2QXrzgkqc6ihfB6+XKYIXi+Ned2gxJJ7uFpZEXDbBe30zn6TSR/CGPKuYe42w5ddf7
 GC+XTP0ZKlxP5uIJuiUzCulQFSdNh+JKUj8PX8uyqJJLoUU5BomIt+BHqXH0Wddkh4dxLqXIh
 xcQtjTPb0uFYgplgcs5+YceGYDeY84S+XzESL3nJXvR5i/y3+yWi0UXaCZx5q11ih2hl+Qt6h
 LYb46WPAqKFTJsrRemcnNkvlxDhsovBINJWZhP49Bteq54bpqTziDrUeJdTi8jVB9zI97C1OX
 hDDmanqxnx4bONN1mwTmbu+TVFQYO+28w96NUfpEX4PYDpW8DZzY2bODldwBhOVF20CeIOgv4
 KIgWRRsjzbsDJxE8xa7i32LsNf8=
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
        NICE_REPLY_A,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 2022/11/11 04:54, David Sterba wrote:
> On Thu, Nov 10, 2022 at 10:13:42PM +0800, ChenXiaoSong wrote:
>> Syzkaller reported BUG as follows:
>>
>>    BUG: sleeping function called from invalid context at
>>         include/linux/sched/mm.h:274
>>    Call Trace:
>>     <TASK>
>>     dump_stack_lvl+0xcd/0x134
>>     __might_resched.cold+0x222/0x26b
>>     kmem_cache_alloc+0x2e7/0x3c0
>>     update_qgroup_limit_item+0xe1/0x390
>>     btrfs_qgroup_inherit+0x147b/0x1ee0
>>     create_subvol+0x4eb/0x1710
>>     btrfs_mksubvol+0xfe5/0x13f0
>>     __btrfs_ioctl_snap_create+0x2b0/0x430
>>     btrfs_ioctl_snap_create_v2+0x25a/0x520
>>     btrfs_ioctl+0x2a1c/0x5ce0
>>     __x64_sys_ioctl+0x193/0x200
>>     do_syscall_64+0x35/0x80
>>
>> Fix this by introducing __update_qgroup_limit_item() helper, allocate
>> memory outside of the spin lock.
>>
>> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
> 
> Added to misc-next, thanks.

Please remove it for now, the patch only addressed what MM layer 
reports, it doesn't really solve the root cause, we're doing a tree 
modification (btrfs_search_slot()), under a spinlock.

I'm pretty sure there will be a v2 version to properly fix it.

Thanks,
Qu
> 
>> +	path = btrfs_alloc_path();
> 
> btrfs_alloc_path uses fixed GFP_NOFS flags for kmem_cache_alloc but that
> does not try to detect if it could sleep or not.