MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
a5a51bf4e9
linux-yocto/fs
History
Filipe Manana a5a51bf4e9 btrfs: do not assert we found block group item when creating free space tree 
Currently, when building a free space tree at populate_free_space_tree(),
if we are not using the block group tree feature, we always expect to find
block group items (either extent items or a block group item with key type
BTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with
btrfs_search_slot_for_read(), so we assert that we found an item. However
this expectation is wrong since we can have a new block group created in
the current transaction which is still empty and for which we still have
not added the block group's item to the extent tree, in which case we do
not have any items in the extent tree associated to the block group.

The insertion of a new block group's block group item in the extent tree
happens at btrfs_create_pending_block_groups() when it calls the helper
insert_block_group_item(). This typically is done when a transaction
handle is released, committed or when running delayed refs (either as
part of a transaction commit or when serving tickets for space reservation
if we are low on free space).

So remove the assertion at populate_free_space_tree() even when the block
group tree feature is not enabled and update the comment to mention this
case.

Syzbot reported this with the following stack trace:

  BTRFS info (device loop3 state M): rebuilding free space tree
  assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115
  ------------[ cut here ]------------
  kernel BUG at fs/btrfs/free-space-tree.c:1115!
  Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
  CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)
  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
  RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115
  Code: ff ff e8 d3 (...)
  RSP: 0018:ffffc9000430f780 EFLAGS: 00010246
  RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000
  RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
  RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94
  R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001
  R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000
  FS:  00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0
  Call Trace:
   <TASK>
   btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364
   btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062
   btrfs_remount_rw fs/btrfs/super.c:1334 [inline]
   btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559
   reconfigure_super+0x227/0x890 fs/super.c:1076
   do_remount fs/namespace.c:3279 [inline]
   path_mount+0xd1a/0xfe0 fs/namespace.c:4027
   do_mount fs/namespace.c:4048 [inline]
   __do_sys_mount fs/namespace.c:4236 [inline]
   __se_sys_mount+0x313/0x410 fs/namespace.c:4213
   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
   do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
   entry_SYSCALL_64_after_hwframe+0x77/0x7f
   RIP: 0033:0x7f424e39066a
  Code: d8 64 89 02 (...)
  RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
  RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a
  RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000
  RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020
  R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380
  R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0
   </TASK>
  Modules linked in:
  ---[ end trace 0000000000000000 ]---

Reported-by: syzbot+884dc4621377ba579a6f@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/68dc3dab.a00a0220.102ee.004e.GAE@google.com/
Fixes: a5ed918285 ("Btrfs: implement the free space B-tree")
CC: <stable@vger.kernel.org> # 6.1.x: 1961d20f6fa8: btrfs: fix assertion when building free space tree
CC: <stable@vger.kernel.org> # 6.1.x
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2025-10-13 22:33:22 +02:00
..
9p vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
adfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
affs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
afs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
autofs
bcachefs vfs-6.17-rc1.fileattr 2025-07-28 15:24:14 -07:00
befs
bfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
btrfs btrfs: do not assert we found block group item when creating free space tree 2025-10-13 22:33:22 +02:00
cachefiles vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
ceph ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error 2025-09-09 12:57:03 +02:00
coda vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
configfs
cramfs
crypto
debugfs debugfs: fix mount options not being applied 2025-08-17 12:22:25 +02:00
devpts
dlm
ecryptfs vfs-6.17-rc1.fileattr 2025-07-28 15:24:14 -07:00
efivarfs efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare 2025-08-28 08:39:49 +02:00
efs
erofs erofs: fix long xattr name prefix placement 2025-09-12 03:37:07 +08:00
exfat exfat: add cluster chain loop check for dir 2025-08-01 08:34:23 +09:00
exportfs
ext2 \n 2025-07-28 16:16:09 -07:00
ext4 Ext4 bug fixes and cleanups for 6.17-rc3, including most notably: 2025-08-18 09:01:00 -07:00
f2fs f2fs-for-6.17-rc1 2025-08-04 16:27:21 -07:00
fat Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
freevxfs
fuse fuse: virtio_fs: fix page fault for DAX page address 2025-09-05 15:56:30 +02:00
gfs2 vfs-6.17-rc1.iomap 2025-07-28 16:09:03 -07:00
hfs hfs/hfsplus updates for v6.17 2025-07-28 16:17:44 -07:00
hfsplus hfs/hfsplus updates for v6.17 2025-07-28 16:17:44 -07:00
hostfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
hpfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
hugetlbfs Summary of significant series in this pull request: 2025-07-31 14:57:54 -07:00
iomap iomap: Fix broken data integrity guarantees for O_SYNC writes 2025-08-11 14:51:49 +02:00
isofs Current exclusion rules for ->d_flags stores are rather unpleasant. 2025-07-28 09:17:57 -07:00
jbd2 jbd2: prevent softlockup in jbd2_log_do_checkpoint() 2025-08-13 14:24:14 -04:00
jffs2 vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
jfs Fixes and cleanups for JFS filesystem 2025-07-31 10:27:11 -07:00
kernfs kernfs: Fix UAF in polling when open file is released 2025-09-06 20:11:27 +02:00
lockd
minix vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
netfs netfs: Fix unbuffered write error handling 2025-08-15 15:56:49 +02:00
nfs NFSv4/flexfiles: Fix layout merge mirror check. 2025-09-08 14:37:55 -04:00
nfs_common NFS/localio: nfs_uuid_put() fix the wake up after unlinking the file 2025-08-05 16:45:40 -07:00
nfsd nfsd-6.17 fixes: 2025-08-11 07:38:55 -07:00
nilfs2 nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* 2025-09-13 13:05:38 -07:00
nls
notify \n 2025-07-31 10:31:00 -07:00
ntfs3 vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
ocfs2 ocfs2: fix recursive semaphore deadlock in fiemap call 2025-09-08 23:45:11 -07:00
omfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
openpromfs
orangefs orangefs: fixes for string handling in debugfs and sysfs 2025-07-31 10:22:48 -07:00
overlayfs ovl: fix possible double unlink 2025-08-18 13:16:49 +02:00
proc proc: fix type confusion in pde_set_flags() 2025-09-08 23:45:12 -07:00
pstore
qnx4
qnx6
quota
ramfs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
resctrl fs/resctrl: Eliminate false positive lockdep warning when reading SNC counters 2025-09-09 12:43:36 +02:00
romfs
smb six smb3.1.1 client fixes, all for stable 2025-09-19 16:11:30 -07:00
squashfs squashfs: fix memory leak in squashfs_fill_super 2025-08-19 16:35:53 -07:00
sysfs
tests
tracefs Massage rpc_pipefs to use saner primitives and clean up the 2025-07-28 09:56:09 -07:00
ubifs This pull request contains the following changes for UBI and UBIFS: 2025-07-31 10:08:44 -07:00
udf \n 2025-07-28 16:16:09 -07:00
ufs vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
unicode
vboxsf vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
verity
xfs xfs: do not propagate ENODATA disk errors into xattr code 2025-08-26 11:00:33 +02:00
zonefs zonefs changes for 6.17-rc1 2025-07-28 17:06:51 -07:00
aio.c
anon_inodes.c module: Rename EXPORT_SYMBOL_GPL_FOR_MODULES to EXPORT_SYMBOL_FOR_MODULES 2025-08-11 16:16:36 +02:00
attr.c
backing-file.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
bad_inode.c
binfmt_elf_fdpic.c execve updates for v6.17 2025-07-28 17:11:40 -07:00
binfmt_elf.c execve updates for v6.17 2025-07-28 17:11:40 -07:00
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
bpf_fs_kfuncs.c
buffer.c fs/buffer: fix use-after-free when call bh_read() helper 2025-08-19 13:51:28 +02:00
char_dev.c
compat_binfmt_elf.c
coredump.c coredump: don't pointlessly check and spew warnings 2025-08-21 13:54:40 +02:00
d_path.c
dax.c fs/dax: Reject IOCB_ATOMIC in dax_iomap_rw() 2025-08-11 14:03:38 +02:00
dcache.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
direct-io.c Summary of significant series in this pull request: 2025-07-31 14:57:54 -07:00
drop_caches.c
eventfd.c
eventpoll.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
exec.c coredump: don't pointlessly check and spew warnings 2025-08-21 13:54:40 +02:00
fcntl.c
fhandle.c fhandle: use more consistent rules for decoding file handle from userns 2025-08-29 09:48:31 +02:00
file_attr.c
file_table.c \n 2025-07-31 10:31:00 -07:00
file.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00
filesystems.c
fs_context.c
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c fs: writeback: fix use-after-free in __mark_inode_dirty() 2025-08-11 14:51:45 +02:00
fsopen.c
init.c
inode.c
internal.h vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
ioctl.c
Kconfig fs/Kconfig: enable HUGETLBFS only if ARCH_SUPPORTS_HUGETLBFS 2025-07-24 19:12:38 -07:00
Kconfig.binfmt
kernel_read_file.c
libfs.c vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
locks.c
Makefile
mbcache.c
mnt_idmapping.c
mount.h
mpage.c
namei.c vfs-6.17-rc1.pidfs 2025-07-28 14:10:15 -07:00
namespace.c fs: fix indentation style 2025-08-21 10:27:05 +02:00
nsfs.c
open.c \n 2025-07-31 10:31:00 -07:00
pidfs.c pidfs: Fix memory leak in pidfd_info() 2025-08-15 16:10:46 +02:00
pipe.c
pnode.c change_mnt_propagation(): calculate propagation source only if we'll need it 2025-08-19 12:05:59 -04:00
pnode.h
posix_acl.c
proc_namespace.c
read_write.c vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
readdir.c
remap_range.c
select.c
seq_file.c
signalfd.c
splice.c netfs: Fix unbuffered write error handling 2025-08-15 15:56:49 +02:00
stack.c
stat.c
statfs.c
super.c vfs-6.17-rc1.super 2025-07-28 15:50:15 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c mm/mremap: use an explicit uffd failure path for mremap 2025-07-24 19:12:29 -07:00
utimes.c
xattr.c vfs-6.17-rc1.misc 2025-07-28 11:22:56 -07:00