[syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+843981bb836d699c07d1@syzkaller.appspotmail.com>
To: kent.overstreet@linux.dev, linux-bcachefs@vger.kernel.org,
	 linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key
Date: Wed, 09 Apr 2025 23:58:25 -0700	[thread overview]
Message-ID: <67f76c11.050a0220.258fea.0029.GAE@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    56f944529ec2 Merge tag 'input-for-v6.15-rc0' of git://git...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16391fb0580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f2054704dd53fb80
dashboard link: https://syzkaller.appspot.com/bug?extid=843981bb836d699c07d1
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-56f94452.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c6da83e5191b/vmlinux-56f94452.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5c060438ea13/bzImage-56f94452.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+843981bb836d699c07d1@syzkaller.appspotmail.com

    bi_dir=4096
    bi_dir_offset=5682031293254759865
    bi_subvol=0
    bi_parent_subvol=0
    bi_nocow=0
    bi_depth=0
    bi_inodes_32bit=0, fixing
bcachefs (loop0): inode points to missing dirent
  inum: 4099:4294967295 
    mode=100755
    flags=(15300000)
    journal_seq=5
    hash_seed=ab878b4c5ab7c89e
    hash_type=siphash
    bi_size=1050
    bi_sectors=8
    bi_version=0
    bi_atime=1997793410
    bi_ctime=1997793410
    bi_mtime=1997793410
    bi_otime=1997793410
    bi_uid=0
    bi_gid=0
    bi_nlink=0
    bi_generation=0
    bi_dev=0
    bi_data_checksum=0
    bi_compression=0
    bi_project=0
    bi_background_compression=0
    bi_data_replicas=0
    bi_promote_target=0
    bi_foreground_target=0
    bi_background_target=0
    bi_erasure_code=0
    bi_fields_set=0
    bi_dir=4098
    bi_dir_offset=2566586984702133180
    bi_subvol=0
    bi_parent_subvol=0
    bi_nocow=0
    bi_depth=0
    bi_inodes_32bit=0, fixing
 done
bcachefs (loop0): check_dirents...
bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 6229884513039707068, hashed to 5410109479790105297
  u64s 7 type dirent 4096:6229884513039707068:U32_MAX len 0 ver 0: �˨� -> 2166030336 -> 1073741825 type subvol, fixing
bcachefs (loop0): hash table key at wrong offset: btree dirents inode 4096 offset 6229884513039707068, hashed to 5410109479790105297
  u64s 7 type dirent 4096:6229884513039707068:U32_MAX len 0 ver 0: �˨� -> 2166030336 -> 1073741825 type subvol, fixing
------------[ cut here ]------------
kernel BUG at fs/bcachefs/fsck.c:954!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-13443-g56f944529ec2 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:bch2_fsck_update_backpointers+0x4ed/0x4f0 fs/bcachefs/fsck.c:954
Code: e9 2b fc ff ff 89 d9 80 e1 07 38 c1 0f 8c 62 fc ff ff 48 89 df e8 63 77 b7 fd e9 55 fc ff ff e8 39 78 ba 07 e8 74 4e 4d fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
RSP: 0018:ffffc9000d4ce460 EFLAGS: 00010246
RAX: ffffffff847608cc RBX: 0000000000000010 RCX: 0000000000100000
RDX: ffffc9000e50a000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc9000d4ce600 R08: ffffffff84760529 R09: 0000000000000000
R10: ffffc9000d4ce530 R11: fffff52001a99caf R12: ffffc9000d4cf290
R13: dffffc0000000000 R14: ffff888052bda000 R15: ffff888052900000
FS:  00007f5be4f2b6c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b32eddc088 CR3: 0000000044eda000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __bch2_str_hash_check_key+0x202c/0x3b50 fs/bcachefs/str_hash.c:257
 bch2_str_hash_check_key fs/bcachefs/str_hash.h:415 [inline]
 check_dirent fs/bcachefs/fsck.c:2135 [inline]
 bch2_check_dirents+0x2d45/0x3b90 fs/bcachefs/fsck.c:2230
 bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
 bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:285
 bch2_fs_recovery+0x292a/0x3e20 fs/bcachefs/recovery.c:936
 bch2_fs_start+0x310/0x620 fs/bcachefs/super.c:1069
 bch2_fs_get_tree+0x113e/0x18f0 fs/bcachefs/fs.c:2253
 vfs_get_tree+0x90/0x2b0 fs/super.c:1759
 do_new_mount+0x2cf/0xb70 fs/namespace.c:3879
 do_mount fs/namespace.c:4219 [inline]
 __do_sys_mount fs/namespace.c:4430 [inline]
 __se_sys_mount+0x38c/0x400 fs/namespace.c:4407
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5be418e90a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5be4f2ae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f5be4f2aef0 RCX: 00007f5be418e90a
RDX: 000020000000f640 RSI: 0000200000000140 RDI: 00007f5be4f2aeb0
RBP: 000020000000f640 R08: 00007f5be4f2aef0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000140
R13: 00007f5be4f2aeb0 R14: 000000000000f61b R15: 0000200000000340
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bch2_fsck_update_backpointers+0x4ed/0x4f0 fs/bcachefs/fsck.c:954
Code: e9 2b fc ff ff 89 d9 80 e1 07 38 c1 0f 8c 62 fc ff ff 48 89 df e8 63 77 b7 fd e9 55 fc ff ff e8 39 78 ba 07 e8 74 4e 4d fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e
RSP: 0018:ffffc9000d4ce460 EFLAGS: 00010246
RAX: ffffffff847608cc RBX: 0000000000000010 RCX: 0000000000100000
RDX: ffffc9000e50a000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc9000d4ce600 R08: ffffffff84760529 R09: 0000000000000000
R10: ffffc9000d4ce530 R11: fffff52001a99caf R12: ffffc9000d4cf290
R13: dffffc0000000000 R14: ffff888052bda000 R15: ffff888052900000
FS:  00007f5be4f2b6c0(0000) GS:ffff88808c596000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b32eddc088 CR3: 0000000044eda000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2025-04-10  6:58 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-10  6:58 syzbot [this message]
2025-04-21 23:44 ` [syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key syzbot
2025-04-23 15:45   ` Sub volumes handling in bch2_fsck_update_backpointers Arnaud Lecomte
2025-04-23 16:47     ` Kent Overstreet
2025-04-23 17:18       ` Arnaud Lecomte
2025-04-23 17:46         ` Kent Overstreet
2025-04-23 20:24           ` Arnaud Lecomte
2025-04-24  6:27 ` [syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key syzbot
2025-04-28 16:09 ` syztest Arnaud Lecomte
2025-04-28 16:26   ` syztest Kent Overstreet
2025-04-28 16:35   ` [syzbot] [bcachefs?] kernel BUG in __bch2_str_hash_check_key syzbot
2025-07-07 20:29 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67f76c11.050a0220.258fea.0029.GAE@google.com \
    --to=syzbot+843981bb836d699c07d1@syzkaller.appspotmail.com \
    --cc=kent.overstreet@linux.dev \
    --cc=linux-bcachefs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.