On Tue, Nov 28, 2023 at 5:47 PM David Sterba <dsterba@xxxxxxx> wrote: > > On Sun, Nov 26, 2023 at 06:59:41AM +0800, Anand Jain wrote: > > > > > > On 25/11/2023 10:08, syzbot wrote: > > > syzbot has bisected this issue to: > > > > > > commit a5b8a5f9f8355d27a4f8d0afa93427f16d2f3c1e > > > Author: Anand Jain <anand.jain@xxxxxxxxxx> > > > Date: Thu Sep 28 01:09:47 2023 +0000 > > > > > > btrfs: support cloned-device mount capability > > > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1446d344e80000 > > > start commit: d3fa86b1a7b4 Merge tag 'net-6.7-rc3' of git://git.kernel.o.. > > > git tree: upstream > > > final oops: https://syzkaller.appspot.com/x/report.txt?x=1646d344e80000 > > > console output: https://syzkaller.appspot.com/x/log.txt?x=1246d344e80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=6ae1a4ee971a7305 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=10d5b62a8d7046b86d22 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1431040ce80000 > > > > > > Reported-by: syzbot+10d5b62a8d7046b86d22@xxxxxxxxxxxxxxxxxxxxxxxxx > > > Fixes: a5b8a5f9f835 ("btrfs: support cloned-device mount capability") > > > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > > > > > > It is completely strange that this issue bisects to the commit > > a5b8a5f9f835 ('btrfs: support cloned-device mount capability'). > > I am unable to reproduce this as well. > > I think it's because of changed timing or it can be an inconclusive > bisect. Things around space handling depend on timing, the test would > need to be run a few times to be sure. > > The report provides an image so it may be good to analyze if it's scaled > properly or if the reproducer does something strange. Bisection log itself looks reasonable. One other case to consider is that "btrfs: support cloned-device mount capability" just helped surface the problem. Syzbot can only bisect for the revision at which the reproducer started/stopped working and, even though we try to minimize the reproducer (*), it may still rely on some functionality that's not related to the actual bug. One of the possibilities here is that the slightly changed validation rules in btrfs_validate_super() allowed syzkaller to trigger a problem somewhere else. (*) We don't do it for filesystem images themselves as it does not make very much sense -- in almost all cases by zeroing/dropping bytes syzkaller just breaks the image and the reproducer stops working. Without knowing the underlying fs image structure in detail it just doesn't work as intended. -- Aleksandr > > > ------------------- > > WARNING: CPU: 1 PID: 58 at fs/btrfs/block-rsv.c:523 > > btrfs_use_block_rsv+0x60d/0x860 fs/btrfs/block-rsv.c:523 > > <snap> > > Call Trace: > > <TASK> > > btrfs_alloc_tree_block+0x1e0/0x12c0 fs/btrfs/extent-tree.c:5114 > > btrfs_force_cow_block+0x3e5/0x19e0 fs/btrfs/ctree.c:563 > > btrfs_cow_block+0x2b6/0xb30 fs/btrfs/ctree.c:741 > > push_leaf_left+0x315/0x4d0 fs/btrfs/ctree.c:3485 > > split_leaf+0x9c3/0x13b0 fs/btrfs/ctree.c:3681 > > search_leaf fs/btrfs/ctree.c:1944 [inline] > > btrfs_search_slot+0x24ba/0x2fd0 fs/btrfs/ctree.c:2131 > > btrfs_insert_empty_items+0xb6/0x1b0 fs/btrfs/ctree.c:4285 > > btrfs_insert_empty_item fs/btrfs/ctree.h:657 [inline] > > insert_reserved_file_extent+0x7aa/0x950 fs/btrfs/inode.c:2907 > > insert_ordered_extent_file_extent fs/btrfs/inode.c:3005 [inline] > > btrfs_finish_one_ordered+0x12dc/0x20d0 fs/btrfs/inode.c:3113 > > btrfs_work_helper+0x210/0xbf0 fs/btrfs/async-thread.c:315 > > process_one_work+0x886/0x15d0 kernel/workqueue.c:2630 > > process_scheduled_works kernel/workqueue.c:2703 [inline] > > worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784 > > kthread+0x2c6/0x3a0 kernel/kthread.c:388 > > ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 > > ----------------- > > > > btrfs_use_block_rsv() > > <snap> > > /* > > * The global reserve still exists to save us from ourselves, > > so don't > > * warn_on if we are short on our delayed refs reserve. > > */ > > if (block_rsv->type != BTRFS_BLOCK_RSV_DELREFS && > > btrfs_test_opt(fs_info, ENOSPC_DEBUG)) { > > static DEFINE_RATELIMIT_STATE(_rs, > > DEFAULT_RATELIMIT_INTERVAL * 10, > > /*DEFAULT_RATELIMIT_BURST*/ 1); > > if (__ratelimit(&_rs)) > > WARN(1, KERN_DEBUG > > "BTRFS: block rsv %d returned %d\n", > > block_rsv->type, ret); > > } > > ---------- > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20231128164010.GM18929%40twin.jikos.cz.
