Re: [syzbot] [btrfs?] WARNING in btrfs_use_block_rsv

From: Aleksandr Nogikh
Date: Tue Nov 28 2023 - 13:09:21 EST

Next message: Daniel Thompson: "Re: [PATCH] backlight: mp3309c: fix uninitialized local variable"
Previous message: Gregory Price: "Re: [RFC PATCH 06/11] mm/mempolicy: modify do_mbind to operate on task argument instead of current"
In reply to: David Sterba: "Re: [syzbot] [btrfs?] WARNING in btrfs_use_block_rsv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 28, 2023 at 5:47 PM David Sterba <dsterba@xxxxxxx> wrote:
>
> On Sun, Nov 26, 2023 at 06:59:41AM +0800, Anand Jain wrote:
> >
> >
> > On 25/11/2023 10:08, syzbot wrote:
> > > syzbot has bisected this issue to:
> > >
> > > commit a5b8a5f9f8355d27a4f8d0afa93427f16d2f3c1e
> > > Author: Anand Jain <anand.jain@xxxxxxxxxx>
> > > Date: Thu Sep 28 01:09:47 2023 +0000
> > >
> > > btrfs: support cloned-device mount capability
> > >
> > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1446d344e80000
> > > start commit: d3fa86b1a7b4 Merge tag 'net-6.7-rc3' of git://git.kernel.o..
> > > git tree: upstream
> > > final oops: https://syzkaller.appspot.com/x/report.txt?x=1646d344e80000
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=1246d344e80000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=6ae1a4ee971a7305
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=10d5b62a8d7046b86d22
> > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1431040ce80000
> > >
> > > Reported-by: syzbot+10d5b62a8d7046b86d22@xxxxxxxxxxxxxxxxxxxxxxxxx
> > > Fixes: a5b8a5f9f835 ("btrfs: support cloned-device mount capability")
> > >
> > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> >
> >
> > It is completely strange that this issue bisects to the commit
> > a5b8a5f9f835 ('btrfs: support cloned-device mount capability').
> > I am unable to reproduce this as well.
>
> I think it's because of changed timing or it can be an inconclusive
> bisect. Things around space handling depend on timing, the test would
> need to be run a few times to be sure.
>
> The report provides an image so it may be good to analyze if it's scaled
> properly or if the reproducer does something strange.

Bisection log itself looks reasonable.

One other case to consider is that "btrfs: support cloned-device mount
capability" just helped surface the problem. Syzbot can only bisect
for the revision at which the reproducer started/stopped working and,
even though we try to minimize the reproducer (*), it may still rely
on some functionality that's not related to the actual bug. One of the
possibilities here is that the slightly changed validation rules in
btrfs_validate_super() allowed syzkaller to trigger a problem
somewhere else.

(*) We don't do it for filesystem images themselves as it does not
make very much sense -- in almost all cases by zeroing/dropping bytes
syzkaller just breaks the image and the reproducer stops working.
Without knowing the underlying fs image structure in detail it just
doesn't work as intended.

--
Aleksandr
>
> > -------------------
> > WARNING: CPU: 1 PID: 58 at fs/btrfs/block-rsv.c:523
> > btrfs_use_block_rsv+0x60d/0x860 fs/btrfs/block-rsv.c:523
> > <snap>
> > Call Trace:
> > <TASK>
> > btrfs_alloc_tree_block+0x1e0/0x12c0 fs/btrfs/extent-tree.c:5114
> > btrfs_force_cow_block+0x3e5/0x19e0 fs/btrfs/ctree.c:563
> > btrfs_cow_block+0x2b6/0xb30 fs/btrfs/ctree.c:741
> > push_leaf_left+0x315/0x4d0 fs/btrfs/ctree.c:3485
> > split_leaf+0x9c3/0x13b0 fs/btrfs/ctree.c:3681
> > search_leaf fs/btrfs/ctree.c:1944 [inline]
> > btrfs_search_slot+0x24ba/0x2fd0 fs/btrfs/ctree.c:2131
> > btrfs_insert_empty_items+0xb6/0x1b0 fs/btrfs/ctree.c:4285
> > btrfs_insert_empty_item fs/btrfs/ctree.h:657 [inline]
> > insert_reserved_file_extent+0x7aa/0x950 fs/btrfs/inode.c:2907
> > insert_ordered_extent_file_extent fs/btrfs/inode.c:3005 [inline]
> > btrfs_finish_one_ordered+0x12dc/0x20d0 fs/btrfs/inode.c:3113
> > btrfs_work_helper+0x210/0xbf0 fs/btrfs/async-thread.c:315
> > process_one_work+0x886/0x15d0 kernel/workqueue.c:2630
> > process_scheduled_works kernel/workqueue.c:2703 [inline]
> > worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
> > kthread+0x2c6/0x3a0 kernel/kthread.c:388
> > ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
> > ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
> > -----------------
> >
> > btrfs_use_block_rsv()
> > <snap>
> > /*
> > * The global reserve still exists to save us from ourselves,
> > so don't
> > * warn_on if we are short on our delayed refs reserve.
> > */
> > if (block_rsv->type != BTRFS_BLOCK_RSV_DELREFS &&
> > btrfs_test_opt(fs_info, ENOSPC_DEBUG)) {
> > static DEFINE_RATELIMIT_STATE(_rs,
> > DEFAULT_RATELIMIT_INTERVAL * 10,
> > /*DEFAULT_RATELIMIT_BURST*/ 1);
> > if (__ratelimit(&_rs))
> > WARN(1, KERN_DEBUG
> > "BTRFS: block rsv %d returned %d\n",
> > block_rsv->type, ret);
> > }
> > ----------
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxx.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20231128164010.GM18929%40twin.jikos.cz.

Next message: Daniel Thompson: "Re: [PATCH] backlight: mp3309c: fix uninitialized local variable"
Previous message: Gregory Price: "Re: [RFC PATCH 06/11] mm/mempolicy: modify do_mbind to operate on task argument instead of current"
In reply to: David Sterba: "Re: [syzbot] [btrfs?] WARNING in btrfs_use_block_rsv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]