[syzbot] [btrfs?] BUG: unable to handle kernel paging request in btrfs_is_subpage

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+24c9c27b31ab0c22173b@syzkaller.appspotmail.com>
To: clm@fb.com, dsterba@suse.com, josef@toxicpanda.com,
	linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: [syzbot] [btrfs?] BUG: unable to handle kernel paging request in btrfs_is_subpage
Date: Fri, 23 Dec 2022 02:58:33 -0800	[thread overview]
Message-ID: <000000000000af090905f07caa86@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=166ff01b880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=24c9c27b31ab0c22173b
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+24c9c27b31ab0c22173b@syzkaller.appspotmail.com

Unable to handle kernel paging request at virtual address 0000000000002074
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000168eff000
[0000000000002074] pgd=0800000157b7a003, p4d=0800000157b7a003, pud=08000001576b7003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 23070 Comm: syz-executor.5 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : btrfs_is_subpage+0x20/0xb8 fs/btrfs/subpage.c:68
lr : btrfs_is_subpage+0x20/0xb8 fs/btrfs/subpage.c:67
sp : ffff800014153540
x29: ffff800014153540 x28: 0000000000000001 x27: dead000000000100
x26: fffffc0004d5c9c8 x25: ffff000118d6bda8 x24: ffff800014153a78
x23: 0000000000000001 x22: 05ffc00000002005 x21: 05ffc00000002005
x20: fffffc0004d5c9c0 x19: 0000000000000000 x18: 00000000000000c0
x17: ffff80000dda8198 x16: ffff80000dbe6158 x15: ffff00011bf91a40
x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000
x11: 000000000003ffff x10: ffff800013105000 x9 : ffff80000923be40
x8 : 0000000000040000 x7 : ffff8000095d6cf4 x6 : 0000000000000000
x5 : 0000000000000080 x4 : fffffbffeffe3910 x3 : 0000000000005651
x2 : ffff00011700cb00 x1 : fffffc0004d5c9c0 x0 : 0000000000000000
Call trace:
 btrfs_is_subpage+0x20/0xb8 fs/btrfs/subpage.c:67
 wait_subpage_spinlock+0x30/0xd4 fs/btrfs/inode.c:8152
 __btrfs_release_folio fs/btrfs/inode.c:8178 [inline]
 btrfs_release_folio+0xc8/0x228 fs/btrfs/inode.c:8188
 filemap_release_folio+0xc0/0x238 mm/filemap.c:3948
 shrink_folio_list+0xdbc/0x337c mm/vmscan.c:1982
 shrink_inactive_list+0x30c/0x54c mm/vmscan.c:2489
 shrink_list mm/vmscan.c:2728 [inline]
 shrink_lruvec+0x218/0x5b4 mm/vmscan.c:5923
 shrink_node_memcgs+0x13c/0x2c4 mm/vmscan.c:6110
 shrink_node+0xb4/0x600 mm/vmscan.c:6141
 shrink_zones+0x1bc/0x408 mm/vmscan.c:6379
 do_try_to_free_pages+0xd0/0x42c mm/vmscan.c:6441
 try_to_free_mem_cgroup_pages+0x174/0x244 mm/vmscan.c:6756
 try_charge_memcg+0x1a8/0x650 mm/memcontrol.c:2681
 try_charge mm/memcontrol.c:2823 [inline]
 mem_cgroup_charge_skmem+0x50/0x150 mm/memcontrol.c:7209
 sock_reserve_memory+0x88/0x144 net/core/sock.c:1018
 sk_setsockopt+0xb54/0x1694 net/core/sock.c:1518
 sock_setsockopt+0x48/0x60 net/core/sock.c:1542
 __sys_setsockopt+0x21c/0x31c net/socket.c:2248
 __do_sys_setsockopt net/socket.c:2263 [inline]
 __se_sys_setsockopt net/socket.c:2260 [inline]
 __arm64_sys_setsockopt+0x30/0x44 net/socket.c:2260
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: 910003fd aa0103f4 aa0003f3 97c1aafa (b9607675) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	910003fd 	mov	x29, sp
   4:	aa0103f4 	mov	x20, x1
   8:	aa0003f3 	mov	x19, x0
   c:	97c1aafa 	bl	0xffffffffff06abf4
* 10:	b9607675 	ldr	w21, [x19, #8308] <-- trapping instruction


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

                 reply	other threads:[~2022-12-23 10:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000af090905f07caa86@google.com \
    --to=syzbot+24c9c27b31ab0c22173b@syzkaller.appspotmail.com \
    --cc=clm@fb.com \
    --cc=dsterba@suse.com \
    --cc=josef@toxicpanda.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.