MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
a5a51bf4e9
linux-yocto/fs/btrfs
History
Filipe Manana a5a51bf4e9 btrfs: do not assert we found block group item when creating free space tree 
Currently, when building a free space tree at populate_free_space_tree(),
if we are not using the block group tree feature, we always expect to find
block group items (either extent items or a block group item with key type
BTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with
btrfs_search_slot_for_read(), so we assert that we found an item. However
this expectation is wrong since we can have a new block group created in
the current transaction which is still empty and for which we still have
not added the block group's item to the extent tree, in which case we do
not have any items in the extent tree associated to the block group.

The insertion of a new block group's block group item in the extent tree
happens at btrfs_create_pending_block_groups() when it calls the helper
insert_block_group_item(). This typically is done when a transaction
handle is released, committed or when running delayed refs (either as
part of a transaction commit or when serving tickets for space reservation
if we are low on free space).

So remove the assertion at populate_free_space_tree() even when the block
group tree feature is not enabled and update the comment to mention this
case.

Syzbot reported this with the following stack trace:

  BTRFS info (device loop3 state M): rebuilding free space tree
  assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115
  ------------[ cut here ]------------
  kernel BUG at fs/btrfs/free-space-tree.c:1115!
  Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
  CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)
  Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
  RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115
  Code: ff ff e8 d3 (...)
  RSP: 0018:ffffc9000430f780 EFLAGS: 00010246
  RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000
  RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
  RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94
  R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001
  R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000
  FS:  00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0
  Call Trace:
   <TASK>
   btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364
   btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062
   btrfs_remount_rw fs/btrfs/super.c:1334 [inline]
   btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559
   reconfigure_super+0x227/0x890 fs/super.c:1076
   do_remount fs/namespace.c:3279 [inline]
   path_mount+0xd1a/0xfe0 fs/namespace.c:4027
   do_mount fs/namespace.c:4048 [inline]
   __do_sys_mount fs/namespace.c:4236 [inline]
   __se_sys_mount+0x313/0x410 fs/namespace.c:4213
   do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
   do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
   entry_SYSCALL_64_after_hwframe+0x77/0x7f
   RIP: 0033:0x7f424e39066a
  Code: d8 64 89 02 (...)
  RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
  RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a
  RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000
  RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020
  R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380
  R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0
   </TASK>
  Modules linked in:
  ---[ end trace 0000000000000000 ]---

Reported-by: syzbot+884dc4621377ba579a6f@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/68dc3dab.a00a0220.102ee.004e.GAE@google.com/
Fixes: a5ed918285 ("Btrfs: implement the free space B-tree")
CC: <stable@vger.kernel.org> # 6.1.x: 1961d20f6fa8: btrfs: fix assertion when building free space tree
CC: <stable@vger.kernel.org> # 6.1.x
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
2025-10-13 22:33:22 +02:00
..
tests btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
accessors.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
accessors.h btrfs: accessors: delete token versions of set/get helpers 2025-07-22 00:05:00 +02:00
acl.c
acl.h
async-thread.c btrfs: use list_first_entry() everywhere 2025-05-15 14:30:47 +02:00
async-thread.h
backref.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
backref.h btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
bio.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
bio.h btrfs: try to search for data csums in commit root 2025-09-22 10:54:31 +02:00
block-group.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
block-group.h btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
block-rsv.c btrfs: add block reserve for treelog 2025-05-15 14:30:53 +02:00
block-rsv.h btrfs: add block reserve for treelog 2025-05-15 14:30:53 +02:00
btrfs_inode.h btrfs: cache max and min order inside btrfs_fs_info 2025-09-23 08:49:17 +02:00
compression.c btrfs: prepare compression folio alloc/free for bs > ps cases 2025-09-23 08:49:24 +02:00
compression.h btrfs: prepare compression folio alloc/free for bs > ps cases 2025-09-23 08:49:24 +02:00
ctree.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
ctree.h btrfs: split btrfs_is_fstree() into multiple if statements for readability 2025-07-21 23:58:04 +02:00
defrag.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
defrag.h
delalloc-space.c btrfs: add block reserve for treelog 2025-05-15 14:30:53 +02:00
delalloc-space.h btrfs: pass struct btrfs_inode to btrfs_free_reserved_data_space_noquota() 2025-05-15 14:30:52 +02:00
delayed-inode.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
delayed-inode.h btrfs: add mount option for ref_tracker 2025-09-22 10:54:32 +02:00
delayed-ref.c btrfs: annotate btrfs_is_testing() as unlikely and make it return bool 2025-09-23 08:49:24 +02:00
delayed-ref.h btrfs: move ref-verify under CONFIG_BTRFS_DEBUG 2025-09-22 10:54:32 +02:00
dev-replace.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
dev-replace.h btrfs: trivial conversion to return bool instead of int 2025-05-15 14:30:49 +02:00
dir-item.c btrfs: rename inode number parameter passed to btrfs_check_dir_item_collision() 2025-07-22 00:05:00 +02:00
dir-item.h btrfs: rename inode number parameter passed to btrfs_check_dir_item_collision() 2025-07-22 00:05:00 +02:00
direct-io.c btrfs: enable experimental bs > ps support 2025-09-23 08:49:25 +02:00
direct-io.h
discard.c btrfs: use verbose assert at peek_discard_list() 2025-05-15 14:30:55 +02:00
discard.h
disk-io.c btrfs: fix PAGE_SIZE format specifier in open_ctree() 2025-10-01 16:27:28 +02:00
disk-io.h btrfs: convert several int parameters to bool 2025-09-22 10:54:32 +02:00
export.c btrfs: avoid potential out-of-bounds in btrfs_encode_fh() 2025-09-26 08:48:30 +02:00
export.h
extent_io.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
extent_io.h btrfs: prepare compression folio alloc/free for bs > ps cases 2025-09-23 08:49:24 +02:00
extent_map.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
extent_map.h btrfs: rename remaining exported extent map functions 2025-05-15 14:30:45 +02:00
extent-io-tree.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
extent-io-tree.h btrfs: convert several int parameters to bool 2025-09-22 10:54:32 +02:00
extent-tree.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
extent-tree.h btrfs: convert several int parameters to bool 2025-09-22 10:54:32 +02:00
fiemap.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
fiemap.h
file-item.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
file-item.h btrfs: change return type of btrfs_alloc_dummy_sum() to int 2025-05-15 14:30:49 +02:00
file.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
file.h
free-space-cache.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
free-space-cache.h
free-space-tree.c btrfs: do not assert we found block group item when creating free space tree 2025-10-13 22:33:22 +02:00
free-space-tree.h btrfs: add btrfs prefix to free space tree exported functions 2025-07-21 23:58:02 +02:00
fs.c btrfs: enable experimental bs > ps support 2025-09-23 08:49:25 +02:00
fs.h btrfs: prepare compression folio alloc/free for bs > ps cases 2025-09-23 08:49:24 +02:00
inode-item.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
inode-item.h btrfs: remove unused parameters from btrfs_lookup_inode_extref() 2025-07-21 23:58:03 +02:00
inode.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
ioctl.c btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl 2025-10-13 22:29:27 +02:00
ioctl.h tree-wide: s/struct fileattr/struct file_kattr/g 2025-07-04 16:14:39 +02:00
Kconfig btrfs: implement ref_tracker for delayed_nodes 2025-09-22 10:54:32 +02:00
locking.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
locking.h btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
lru_cache.c
lru_cache.h
lzo.c btrfs: add unlikely annotations to branches leading to EUCLEAN 2025-09-23 08:49:26 +02:00
Makefile btrfs: move ref-verify under CONFIG_BTRFS_DEBUG 2025-09-22 10:54:32 +02:00
messages.c btrfs: dump detailed info and specific messages on log replay failures 2025-09-23 08:49:21 +02:00
messages.h btrfs: remove duplicate inclusion of linux/types.h 2025-09-22 10:54:31 +02:00
misc.h btrfs: introduce btrfs_bio_for_each_block_all() helper 2025-09-23 08:49:17 +02:00
ordered-data.c btrfs: use folio_end() where appropriate 2025-07-21 23:58:01 +02:00
ordered-data.h
orphan.c
orphan.h
print-tree.c btrfs: print-tree: print key types as human readable strings 2025-09-23 08:49:23 +02:00
print-tree.h
props.c
props.h
qgroup.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
qgroup.h
raid-stripe-tree.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
raid-stripe-tree.h
raid56.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
raid56.h btrfs: prepare scrub to support bs > ps cases 2025-09-23 08:49:25 +02:00
ref-verify.c btrfs: more trivial BTRFS_PATH_AUTO_FREE conversions 2025-09-23 08:49:26 +02:00
ref-verify.h btrfs: move ref-verify under CONFIG_BTRFS_DEBUG 2025-09-22 10:54:32 +02:00
reflink.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
reflink.h
relocation.c btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running 2025-10-13 22:29:03 +02:00
relocation.h btrfs: don't print relocation messages from auto reclaim 2025-07-22 00:09:22 +02:00
root-tree.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
root-tree.h
scrub.c btrfs: do not use folio_test_partial_kmap() in ASSERT()s 2025-10-13 22:31:36 +02:00
scrub.h btrfs: convert several int parameters to bool 2025-09-22 10:54:32 +02:00
send.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
send.h
space-info.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
space-info.h btrfs: change dump_block_groups() in btrfs_dump_space_info() from int to bool 2025-07-21 23:58:05 +02:00
subpage.c btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
subpage.h btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
super.c btrfs: only set the device specific options after devices are opened 2025-10-13 22:29:53 +02:00
super.h
sysfs.c btrfs: simplify support block size check 2025-09-22 10:54:31 +02:00
sysfs.h
transaction.c btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() 2025-09-23 09:02:17 +02:00
transaction.h
tree-checker.c btrfs: tree-checker: add inode extref checks 2025-09-23 08:49:21 +02:00
tree-checker.h
tree-log.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
tree-log.h
tree-mod-log.c btrfs: reduce size of struct tree_mod_elem 2025-07-22 00:09:20 +02:00
tree-mod-log.h
ulist.c btrfs: use rb_find_add() in ulist_rbtree_insert() 2025-07-21 23:53:25 +02:00
ulist.h
uuid-tree.c
uuid-tree.h
verity.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
verity.h
volumes.c btrfs: add unlikely annotations to branches leading to transaction abort 2025-09-23 08:49:26 +02:00
volumes.h btrfs: fix typos in comments and strings 2025-09-23 08:49:16 +02:00
xattr.c btrfs: replace strcpy() with strscpy() 2025-07-22 00:05:00 +02:00
xattr.h
zlib.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
zoned.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00
zoned.h btrfs: zoned: return error from btrfs_zone_finish_endio() 2025-09-22 10:54:30 +02:00
zstd.c btrfs: add unlikely annotations to branches leading to EIO 2025-09-23 08:49:26 +02:00