bisecting fixing commit since 360bd62dc4943a0754e6cb5637e01b5b43143cfc building syzkaller on a4718693a3d9fcabb02299b2ec07c19d8208c539 testing commit 360bd62dc4943a0754e6cb5637e01b5b43143cfc with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #1: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #2: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #3: crashed: WARNING: suspicious RCU usage run #4: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #5: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #6: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #7: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #8: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #9: crashed: WARNING: suspicious RCU usage in trace_call_bpf testing current HEAD a6831a89bcaf351cf41b3a5922640c89beaaf9eb testing commit a6831a89bcaf351cf41b3a5922640c89beaaf9eb with gcc (GCC) 8.1.0 all runs: OK # git bisect start a6831a89bcaf351cf41b3a5922640c89beaaf9eb 360bd62dc4943a0754e6cb5637e01b5b43143cfc Bisecting: 37145 revisions left to test after this (roughly 15 steps) [67e79a6dc2664a3ef85113440e60f7aaca3c7815] Merge tag 'tty-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 67e79a6dc2664a3ef85113440e60f7aaca3c7815 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 67e79a6dc2664a3ef85113440e60f7aaca3c7815 Bisecting: 18511 revisions left to test after this (roughly 14 steps) [aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c] linux/netlink.h: drop unnecessary extern prefix testing commit aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c with gcc (GCC) 8.1.0 all runs: OK # git bisect bad aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c Bisecting: 9358 revisions left to test after this (roughly 13 steps) [c7a2c49ea6c9eebbe44ff2c08b663b2905ee2c13] Merge tag 'nfs-for-4.20-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs testing commit c7a2c49ea6c9eebbe44ff2c08b663b2905ee2c13 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad c7a2c49ea6c9eebbe44ff2c08b663b2905ee2c13 Bisecting: 4947 revisions left to test after this (roughly 12 steps) [3f80e08f40cdb308589a49077c87632fa4508b21] tcp: add tcp_reset_xmit_timer() helper testing commit 3f80e08f40cdb308589a49077c87632fa4508b21 with gcc (GCC) 8.1.0 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: KASAN: use-after-free Read in dd_has_work # git bisect bad 3f80e08f40cdb308589a49077c87632fa4508b21 Bisecting: 2001 revisions left to test after this (roughly 11 steps) [d793fb46822ff7408a1767313ef6b12e811baa55] Merge tag 'wireless-drivers-next-for-davem-2018-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit d793fb46822ff7408a1767313ef6b12e811baa55 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad d793fb46822ff7408a1767313ef6b12e811baa55 Bisecting: 1131 revisions left to test after this (roughly 10 steps) [846e8dd47c264e0b359afed28ea88e0acdee6818] Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi testing commit 846e8dd47c264e0b359afed28ea88e0acdee6818 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 846e8dd47c264e0b359afed28ea88e0acdee6818 Bisecting: 529 revisions left to test after this (roughly 9 steps) [4d8d9f540b780f7a3688a72275aecd8fd99c99e5] Merge tag 'for-linus-20180913' of git://git.kernel.dk/linux-block testing commit 4d8d9f540b780f7a3688a72275aecd8fd99c99e5 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad 4d8d9f540b780f7a3688a72275aecd8fd99c99e5 Bisecting: 268 revisions left to test after this (roughly 8 steps) [d042a240a823d4c048c4b0a5c19c65ac75b7addb] Merge tag 'for_v4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs testing commit d042a240a823d4c048c4b0a5c19c65ac75b7addb with gcc (GCC) 8.1.0 all runs: OK # git bisect bad d042a240a823d4c048c4b0a5c19c65ac75b7addb Bisecting: 109 revisions left to test after this (roughly 7 steps) [28619527b8a712590c93d0a9e24b4425b9376a8c] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit 28619527b8a712590c93d0a9e24b4425b9376a8c with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #1: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #2: crashed: WARNING: suspicious RCU usage run #3: crashed: WARNING: suspicious RCU usage run #4: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #5: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #6: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #7: crashed: WARNING: suspicious RCU usage run #8: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #9: crashed: WARNING: suspicious RCU usage in trace_call_bpf # git bisect good 28619527b8a712590c93d0a9e24b4425b9376a8c Bisecting: 53 revisions left to test after this (roughly 6 steps) [b36fdc6853a38a6f8749897a33435635019e0647] Merge tag 'gpio-v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit b36fdc6853a38a6f8749897a33435635019e0647 with gcc (GCC) 8.1.0 run #0: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #1: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #2: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #3: crashed: WARNING: suspicious RCU usage run #4: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #5: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #6: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #7: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #8: crashed: WARNING: suspicious RCU usage in trace_call_bpf run #9: crashed: WARNING: suspicious RCU usage in trace_call_bpf # git bisect good b36fdc6853a38a6f8749897a33435635019e0647 Bisecting: 27 revisions left to test after this (roughly 5 steps) [c6ff25ce3564ac3a61f2f0a45d5d9c3af423359e] Merge tag '4.19-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 testing commit c6ff25ce3564ac3a61f2f0a45d5d9c3af423359e with gcc (GCC) 8.1.0 all runs: OK # git bisect bad c6ff25ce3564ac3a61f2f0a45d5d9c3af423359e Bisecting: 12 revisions left to test after this (roughly 4 steps) [db44bf4b4768a0664d3c9d9000ecb747de31ded8] Merge tag 'apparmor-pr-2018-09-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor testing commit db44bf4b4768a0664d3c9d9000ecb747de31ded8 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad db44bf4b4768a0664d3c9d9000ecb747de31ded8 Bisecting: 6 revisions left to test after this (roughly 3 steps) [b9b8a41adeff5666b402996020b698504c927353] btrfs: use after free in btrfs_quota_enable testing commit b9b8a41adeff5666b402996020b698504c927353 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad b9b8a41adeff5666b402996020b698504c927353 Bisecting: 2 revisions left to test after this (roughly 2 steps) [de02b9f6bb65a6a1848f346f7a3617b7a9b930c0] Btrfs: fix data corruption when deduplicating between different files testing commit de02b9f6bb65a6a1848f346f7a3617b7a9b930c0 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad de02b9f6bb65a6a1848f346f7a3617b7a9b930c0 Bisecting: 0 revisions left to test after this (roughly 1 step) [d4682ba03ef618b6ef4be7cedc7aacaf505d3a58] Btrfs: sync log after logging new name testing commit d4682ba03ef618b6ef4be7cedc7aacaf505d3a58 with gcc (GCC) 8.1.0 all runs: OK # git bisect bad d4682ba03ef618b6ef4be7cedc7aacaf505d3a58 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8ecebf4d767e2307a946c8905278d6358eda35c3] Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space testing commit 8ecebf4d767e2307a946c8905278d6358eda35c3 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor405677221" "root@10.128.0.238:./syz-executor405677221"]: exit status 1 ssh: connect to host 10.128.0.238 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad 8ecebf4d767e2307a946c8905278d6358eda35c3 8ecebf4d767e2307a946c8905278d6358eda35c3 is the first bad commit commit 8ecebf4d767e2307a946c8905278d6358eda35c3 Author: Robbie Ko Date: Mon Aug 6 10:30:30 2018 +0800 Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space Commit e9894fd3e3b3 ("Btrfs: fix snapshot vs nocow writting") forced nocow writes to fallback to COW, during writeback, when a snapshot is created. This resulted in writes made before creating the snapshot to unexpectedly fail with ENOSPC during writeback when success (0) was returned to user space through the write system call. The steps leading to this problem are: 1. When it's not possible to allocate data space for a write, the buffered write path checks if a NOCOW write is possible. If it is, it will not reserve space and success (0) is returned to user space. 2. Then when a snapshot is created, the root's will_be_snapshotted atomic is incremented and writeback is triggered for all inode's that belong to the root being snapshotted. Incrementing that atomic forces all previous writes to fallback to COW during writeback (running delalloc). 3. This results in the writeback for the inodes to fail and therefore setting the ENOSPC error in their mappings, so that a subsequent fsync on them will report the error to user space. So it's not a completely silent data loss (since fsync will report ENOSPC) but it's a very unexpected and undesirable behaviour, because if a clean shutdown/unmount of the filesystem happens without previous calls to fsync, it is expected to have the data present in the files after mounting the filesystem again. So fix this by adding a new atomic named snapshot_force_cow to the root structure which prevents this behaviour and works the following way: 1. It is incremented when we start to create a snapshot after triggering writeback and before waiting for writeback to finish. 2. This new atomic is now what is used by writeback (running delalloc) to decide whether we need to fallback to COW or not. Because we incremented this new atomic after triggering writeback in the snapshot creation ioctl, we ensure that all buffered writes that happened before snapshot creation will succeed and not fallback to COW (which would make them fail with ENOSPC). 3. The existing atomic, will_be_snapshotted, is kept because it is used to force new buffered writes, that start after we started snapshotting, to reserve data space even when NOCOW is possible. This makes these writes fail early with ENOSPC when there's no available space to allocate, preventing the unexpected behaviour of writeback later failing with ENOSPC due to a fallback to COW mode. Fixes: e9894fd3e3b3 ("Btrfs: fix snapshot vs nocow writting") Signed-off-by: Robbie Ko Reviewed-by: Filipe Manana Signed-off-by: David Sterba :040000 040000 5eb7b5114159d80e4d2fe0ddc488140630321bc0 63919bdec226d2b461c9f2bf8caf8359b02ba31e M fs revisions tested: 18, total time: 4h21m37.632704562s (build: 1h23m23.855609534s, test: 2h52m14.894879162s) first good commit: 8ecebf4d767e2307a946c8905278d6358eda35c3 Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space cc: ["clm@fb.com" "dsterba@suse.com" "fdmanana@suse.com" "josef@toxicpanda.com" "linux-btrfs@vger.kernel.org" "linux-kernel@vger.kernel.org" "robbieko@synology.com"]