Re: [syzbot] kernel BUG in set_state_bits

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+b9d2e54d2301324657ed@syzkaller.appspotmail.com>
To: clm@fb.com, dsterba@suse.com, josef@toxicpanda.com,
	linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] kernel BUG in set_state_bits
Date: Sat, 10 Dec 2022 21:17:39 -0800	[thread overview]
Message-ID: <0000000000006f049f05ef868103@google.com> (raw)
In-Reply-To: <0000000000000e082305eec34072@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    296a7b7eb792 Merge tag 'for-linus' of git://git.armlinux.o..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a12ddb880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4edf421741552bc3
dashboard link: https://syzkaller.appspot.com/bug?extid=b9d2e54d2301324657ed
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12ec2ab7880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14dc4613880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c19ef17ae288/disk-296a7b7e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/68d26e4d2868/vmlinux-296a7b7e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/06aad301e7dd/bzImage-296a7b7e.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5660348a6b33/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b9d2e54d2301324657ed@syzkaller.appspotmail.com

RBP: 00007ffe8b0af640 R08: 0000000000000001 R09: 00007f4094fa0034
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent-io-tree.c:381!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3627 Comm: syz-executor376 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0 fs/btrfs/extent-io-tree.c:381
Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 0e cd fb fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 f5 cc fb fd <0f> 0b 4c 89 ef e8 fb a6 48 fe e9 e6 fe ff ff 4c 89 ef e8 ee a6 48
RSP: 0018:ffffc90003baf860 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880790a2840 RCX: 0000000000000000
RDX: ffff888022638000 RSI: ffffffff8384510b RDI: 0000000000000005
RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000fffffff4 R11: 0000000000000000 R12: 0000000000001000
R13: ffff8880790a28bc R14: 0000000000000fff R15: 0000000000000000
FS:  0000555555779300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff787f16e8 CR3: 0000000072e1e000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 insert_state_fast fs/btrfs/extent-io-tree.c:439 [inline]
 __set_extent_bit+0xd09/0x1430 fs/btrfs/extent-io-tree.c:997
 set_record_extent_bits+0x5e/0x70 fs/btrfs/extent-io-tree.c:1601
 qgroup_reserve_data+0x239/0xbc0 fs/btrfs/qgroup.c:3739
 btrfs_qgroup_reserve_data+0x2f/0xd0 fs/btrfs/qgroup.c:3782
 btrfs_check_data_free_space+0x111/0x280 fs/btrfs/delalloc-space.c:152
 btrfs_buffered_write+0x4f1/0x1330 fs/btrfs/file.c:1559
 btrfs_direct_write fs/btrfs/file.c:1899 [inline]
 btrfs_do_write_iter+0xece/0x1450 fs/btrfs/file.c:1980
 call_write_iter include/linux/fs.h:2199 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x9ed/0xdd0 fs/read_write.c:584
 ksys_write+0x12b/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f4094fe1cf9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe8b0af638 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4094fe1cf9
RDX: 0000000000000049 RSI: 0000000020000180 RDI: 0000000000000005
RBP: 00007ffe8b0af640 R08: 0000000000000001 R09: 00007f4094fa0034
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:set_state_bits.isra.0+0x17b/0x1c0 fs/btrfs/extent-io-tree.c:381
Code: 38 d0 7c 04 84 d2 75 31 44 8b 73 7c e8 0e cd fb fd 44 89 e0 44 09 f0 89 43 7c 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 f5 cc fb fd <0f> 0b 4c 89 ef e8 fb a6 48 fe e9 e6 fe ff ff 4c 89 ef e8 ee a6 48
RSP: 0018:ffffc90003baf860 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880790a2840 RCX: 0000000000000000
RDX: ffff888022638000 RSI: ffffffff8384510b RDI: 0000000000000005
RBP: 00000000fffffff4 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000fffffff4 R11: 0000000000000000 R12: 0000000000001000
R13: ffff8880790a28bc R14: 0000000000000fff R15: 0000000000000000
FS:  0000555555779300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff787f16e8 CR3: 0000000072e1e000 CR4: 0000000000350ee0

next prev parent reply	other threads:[~2022-12-11  5:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-01 12:20 [syzbot] kernel BUG in set_state_bits syzbot
2022-12-11  5:17 ` syzbot [this message]
2023-01-21 14:15 ` [syzbot] [btrfs?] " syzbot
2024-08-06 19:25 ` syzbot
2024-08-06 22:18   ` Darrick J. Wong
2024-08-06 22:18     ` syzbot
2024-08-07 11:33     ` David Sterba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000006f049f05ef868103@google.com \
    --to=syzbot+b9d2e54d2301324657ed@syzkaller.appspotmail.com \
    --cc=clm@fb.com \
    --cc=dsterba@suse.com \
    --cc=josef@toxicpanda.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.