From: David Sterba <dsterba@suse.cz>
To: Anand Jain <anand.jain@oracle.com>
Cc: syzbot <syzbot+5b658d997a83984507a6@syzkaller.appspotmail.com>,
clm@fb.com, dsterba@suse.com, jbacik@fb.com,
linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: kernel BUG at fs/btrfs/volumes.c:LINE!
Date: Thu, 7 Jun 2018 17:34:50 +0200 [thread overview]
Message-ID: <20180607153450.GF3215@twin.jikos.cz> (raw)
In-Reply-To: <70a3c2d1-3f53-d4c0-13b3-29f836ec46d9@oracle.com>
On Thu, Jun 07, 2018 at 12:15:04AM +0800, Anand Jain wrote:
>
>
> On 06/06/2018 09:31 PM, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of
> > git://git.kernel.o..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=15f700af800000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> > dashboard link:
> > https://syzkaller.appspot.com/bug?extid=5b658d997a83984507a6
> > compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> >
> > Unfortunately, I don't have any reproducer for this crash yet.
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+5b658d997a83984507a6@syzkaller.appspotmail.com
> >
> > RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f787067fbf0
> > RBP: 0000000000000001 R08: 00000000200000c0 R09: 0000000020000080
> > R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000014
> > R13: 0000000000000001 R14: 0000000000700008 R15: 0000000000000043
> > ------------[ cut here ]------------
> > kernel BUG at fs/btrfs/volumes.c:1032!
> > invalid opcode: 0000 [#1] SMP KASAN
> > CPU: 1 PID: 22303 Comm: syz-executor1 Not tainted 4.17.0+ #86
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > RIP: 0010:btrfs_prepare_close_one_device fs/btrfs/volumes.c:1032 [inline]
>
> btrfs_prepare_close_one_device()
> ::
> 1031 name = rcu_string_strdup(device->name->str, GFP_NOFS);
> 1032 BUG_ON(!name); /* -ENOMEM */
>
> The way we close our devices needs new memory allocations
> at the time of device close. By doing this apart from the BUG_ON
> reported here, there _were_ other complications like managing the sysfs
> links and moving them to the newly allocated btrfs_fs_devices.
> So sometime back I attempted to correct this approach to a simple
> device close without fresh allocation, however it wasn't successful.
> I am going to try that again, but its not p1.
Yeah, getting rid of the allocations while freeing device would be great
but unfortunatelly is not simple.
Normally the GFP_NOFS allocations do not fail so I think the fuzzer
environment is tuned to allow that, which is fine for coverage but does
not happen in practice. This will be fixed eventually.
next prev parent reply other threads:[~2018-06-07 15:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-06 13:31 kernel BUG at fs/btrfs/volumes.c:LINE! syzbot
2018-06-06 16:15 ` Anand Jain
2018-06-07 15:34 ` David Sterba [this message]
2018-06-07 16:28 ` Dmitry Vyukov
2018-06-07 16:52 ` David Sterba
2019-06-10 23:14 ` Eric Biggers
2019-06-11 10:01 ` David Sterba
2019-12-04 14:59 ` Johannes Thumshirn
2019-12-05 10:00 ` Johannes Thumshirn
2019-12-05 10:07 ` Dmitry Vyukov
2019-12-05 10:07 ` syzbot
2019-12-05 11:38 ` Johannes Thumshirn
2019-12-05 11:50 ` David Sterba
2019-12-05 12:06 ` Dmitry Vyukov
2019-12-10 15:11 ` Dmitry Vyukov
2020-03-07 21:53 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180607153450.GF3215@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=anand.jain@oracle.com \
--cc=clm@fb.com \
--cc=dsterba@suse.com \
--cc=jbacik@fb.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+5b658d997a83984507a6@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).