[syzbot] WARNING in brelse

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+2a0fbd1cb355de983130@syzkaller.appspotmail.com>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: [syzbot] WARNING in brelse
Date: Tue, 27 Sep 2022 04:45:56 -0700	[thread overview]
Message-ID: <000000000000f1a26f05e9a72f57@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    f76349cf4145 Linux 6.0-rc7
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=135e956c880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ba0d23aa7e1ffaf5
dashboard link: https://syzkaller.appspot.com/bug?extid=2a0fbd1cb355de983130
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1702ee9c880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15ee7d40880000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a0fbd1cb355de983130@syzkaller.appspotmail.com

------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 1 PID: 3609 at fs/buffer.c:1145 __brelse fs/buffer.c:1145 [inline]
WARNING: CPU: 1 PID: 3609 at fs/buffer.c:1145 brelse+0x78/0xa0 include/linux/buffer_head.h:327
Modules linked in:
CPU: 1 PID: 3609 Comm: udevd Not tainted 6.0.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
RIP: 0010:__brelse fs/buffer.c:1145 [inline]
RIP: 0010:brelse+0x78/0xa0 include/linux/buffer_head.h:327
Code: df be 04 00 00 00 e8 b7 18 e1 ff f0 ff 0b eb 1c e8 8d 2a 8e ff eb 15 e8 86 2a 8e ff 48 c7 c7 a0 99 9d 8a 31 c0 e8 58 b7 56 ff <0f> 0b 5b 5d c3 89 d9 80 e1 07 80 c1 03 38 c1 7c af 48 89 df e8 bf
RSP: 0018:ffffc90003a5fac8 EFLAGS: 00010046
RAX: 78e8d475b9f8e400 RBX: ffff888073d6bee0 RCX: ffff88801c409d80
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff816bd40d R09: ffffed1017364f14
R10: ffffed1017364f14 R11: 1ffff11017364f13 R12: ffff8880b9b3acc0
R13: 0000000000000002 R14: ffff8880b9b35cf8 R15: dffffc0000000000
FS:  00007f6829c96840(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f23cc13e0a8 CR3: 000000001e07f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __invalidate_bh_lrus+0x37/0x3c0 fs/buffer.c:1391
 invalidate_bh_lru+0x66/0xb0 fs/buffer.c:1404
 smp_call_function_many_cond+0xe88/0x16a0 kernel/smp.c:979
 on_each_cpu_cond_mask+0x3b/0x80 kernel/smp.c:1154
 kill_bdev block/bdev.c:74 [inline]
 blkdev_flush_mapping+0x149/0x2c0 block/bdev.c:661
 blkdev_put_whole block/bdev.c:692 [inline]
 blkdev_put+0x4a5/0x730 block/bdev.c:952
 blkdev_close+0x55/0x80 block/fops.c:499
 __fput+0x3b9/0x820 fs/file_table.c:320
 task_work_run+0x146/0x1c0 kernel/task_work.c:177
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:169
 exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:294
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6829925fc3
Code: 48 ff ff ff b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
RSP: 002b:00007ffd3b4cbbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6829c966a8 RCX: 00007f6829925fc3
RDX: 000000000000001c RSI: 00007ffd3b4cb3d8 RDI: 0000000000000008
RBP: 000055da4dfde0b0 R08: 0000000000000007 R09: 000055da4dfefc00
R10: 00007f68299b4fc0 R11: 0000000000000246 R12: 0000000000000002
R13: 000055da4dfd8740 R14: 0000000000000008 R15: 000055da4dfb5910
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2022-09-27 11:46 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-27 11:45 syzbot [this message]
2023-08-05  0:09 ` [syzbot] [fs?] WARNING in brelse syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000f1a26f05e9a72f57@google.com \
    --to=syzbot+2a0fbd1cb355de983130@syzkaller.appspotmail.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.