From: syzbot <syzbot+210dfbddd64294066983@syzkaller.appspotmail.com>
To: kent.overstreet@linux.dev, linux-bcachefs@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bcachefs?] kernel BUG in bch2_trans_update_by_path
Date: Sun, 06 Jul 2025 15:48:28 -0700 [thread overview]
Message-ID: <686afd3c.a00a0220.c7b3.0067.GAE@google.com> (raw)
In-Reply-To: <6853f202.a00a0220.137b3.0005.GAE@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 7482bb149b9f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1675e582580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3c06e3e2454512b3
dashboard link: https://syzkaller.appspot.com/bug?extid=210dfbddd64294066983
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1412628c580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13d5ef70580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f623d741d651/disk-7482bb14.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/483e23ae71b1/vmlinux-7482bb14.xz
kernel image: https://storage.googleapis.com/syzbot-assets/79b5baaa1b50/Image-7482bb14.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/da659f915c60/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+210dfbddd64294066983@syzkaller.appspotmail.com
bcachefs (loop0): bucket 0:34 gen 0 data type need_discard has wrong dirty_sectors: got 16, should be 0, fixing
done
bcachefs (loop0): going read-write
bcachefs (loop0): journal_replay...
------------[ cut here ]------------
kernel BUG at fs/bcachefs/btree_update.c:375!
Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
Modules linked in:
CPU: 0 UID: 0 PID: 6741 Comm: syz.0.16 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bch2_trans_update_by_path+0x17bc/0x17f0 fs/bcachefs/btree_update.c:375
lr : bch2_trans_update_by_path+0x17bc/0x17f0 fs/bcachefs/btree_update.c:375
sp : ffff80009e1165c0
x29: ffff80009e116780 x28: 0000000000008540 x27: ffff0000c34aca80
x26: ffff0000ec7e0000 x25: ffff700013c22ce0 x24: 1fffe0001d8fc002
x23: ffff0000ec7e0010 x22: ffff0000ec7e02f0 x21: 1fffe0001d8fc05e
x20: dfff800000000000 x19: ffff0000eb400000 x18: 00000000ffffffff
x17: ffff800093363000 x16: ffff80008aefca08 x15: 0000000000000003
x14: 0000000000000000 x13: 0000000000000003 x12: 0000000000ff0100
x11: ffff0000c8ae3d00 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c8ae3d00 x7 : ffffffffffffffff x6 : ffffffffffffffff
x5 : ffff0000ec7e02f0 x4 : ffff800082a4ca28 x3 : 0000000000180000
x2 : ffff0000c34aca80 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
bch2_trans_update_by_path+0x17bc/0x17f0 fs/bcachefs/btree_update.c:375 (P)
bch2_trans_update_ip+0x7bc/0x17ec fs/bcachefs/btree_update.c:531
bch2_trans_update+0x4c/0x60 fs/bcachefs/btree_update.h:123
bch2_journal_replay_key+0x348/0x68c fs/bcachefs/recovery.c:311
bch2_journal_replay+0xfdc/0x1c44 fs/bcachefs/recovery.c:396
bch2_run_recovery_pass fs/bcachefs/recovery_passes.c:484 [inline]
__bch2_run_recovery_passes+0x29c/0xd18 fs/bcachefs/recovery_passes.c:539
bch2_run_recovery_passes+0x174/0x1f4 fs/bcachefs/recovery_passes.c:610
bch2_fs_recovery+0x1c34/0x2fb4 fs/bcachefs/recovery.c:1005
bch2_fs_start+0x914/0xbc0 fs/bcachefs/super.c:1212
bch2_fs_get_tree+0x880/0x1030 fs/bcachefs/fs.c:2490
vfs_get_tree+0x90/0x28c fs/super.c:1804
do_new_mount+0x228/0x814 fs/namespace.c:3902
path_mount+0x5b4/0xde0 fs/namespace.c:4226
do_mount fs/namespace.c:4239 [inline]
__do_sys_mount fs/namespace.c:4450 [inline]
__se_sys_mount fs/namespace.c:4427 [inline]
__arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4427
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: 17fffe3f 977aae52 d4210000 977aae50 (d4210000)
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
next prev parent reply other threads:[~2025-07-06 22:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-19 11:18 [syzbot] [bcachefs?] kernel BUG in bch2_trans_update_by_path syzbot
2025-07-06 22:48 ` syzbot [this message]
2025-07-07 12:00 ` syzbot
2025-08-05 3:52 ` Alan Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=686afd3c.a00a0220.c7b3.0067.GAE@google.com \
--to=syzbot+210dfbddd64294066983@syzkaller.appspotmail.com \
--cc=kent.overstreet@linux.dev \
--cc=linux-bcachefs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.