www.infradead.org Git - nvme.git/commit

author	Filipe Manana <fdmanana@suse.com>
	Fri, 14 Jun 2024 13:50:47 +0000 (14:50 +0100)
committer	David Sterba <dsterba@suse.com>
	Thu, 11 Jul 2024 13:33:26 +0000 (15:33 +0200)
commit	bb3868033a4cccff7be57e9145f2117cbdc91c11
tree	ab2d9bc127c05365303ff5e955a7edfabd5b29ef	tree
parent	b7519157655bba3f885a856c1ec8b6560b51e214	commit \| diff

btrfs: do not BUG_ON() when freeing tree block after error

When freeing a tree block, at btrfs_free_tree_block(), if we fail to
create a delayed reference we don't deal with the error and just do a
BUG_ON(). The error most likely to happen is -ENOMEM, and we have a
comment mentioning that only -ENOMEM can happen, but that is not true,
because in case qgroups are enabled any error returned from
btrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned
from btrfs_search_slot() for example) can be propagated back to
btrfs_free_tree_block().

So stop doing a BUG_ON() and return the error to the callers and make
them abort the transaction to prevent leaking space. Syzbot was
triggering this, likely due to memory allocation failure injection.

Reported-by: syzbot+a306f914b4d01b3958fe@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/000000000000fcba1e05e998263c@google.com/
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

fs/btrfs/ctree.c		diff \| blob \| history
fs/btrfs/extent-tree.c		diff \| blob \| history
fs/btrfs/extent-tree.h		diff \| blob \| history
fs/btrfs/free-space-tree.c		diff \| blob \| history
fs/btrfs/ioctl.c		diff \| blob \| history
fs/btrfs/qgroup.c		diff \| blob \| history