Re: [syzbot] [bcachefs?] kernel BUG in __bch2_trans_get

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+3a42e4989f9047772c6d@syzkaller.appspotmail.com>
To: kent.overstreet@linux.dev, linux-bcachefs@vger.kernel.org,
	 linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bcachefs?] kernel BUG in __bch2_trans_get
Date: Thu, 18 Sep 2025 23:16:29 -0700	[thread overview]
Message-ID: <68ccf53d.050a0220.28a605.001a.GAE@google.com> (raw)
In-Reply-To: <68bd8fc2.050a0220.192772.01da.GAE@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    c9d61056440c Merge branch 'for-next/core' into for-kernelci
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14aa6534580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b8b6789b42526d72
dashboard link: https://syzkaller.appspot.com/bug?extid=3a42e4989f9047772c6d
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12f3e858580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11b6c712580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4f571468ab6f/disk-c9d61056.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3871c29d58eb/vmlinux-c9d61056.xz
kernel image: https://storage.googleapis.com/syzbot-assets/dbc62ff54c5b/Image-c9d61056.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/257c55ab376d/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3a42e4989f9047772c6d@syzkaller.appspotmail.com

bcachefs (loop0): /file3 offset 0: data_read_io_err
  u64s 7 type extent 1073741828:24:U32_MAX len 24 ver 0: durability: 1 crc: c_size 24 size 24 offset 0 nonce 0 csum crc32c 0:0  compress none ptr: 0:34:8 gen 0
bcachefs (loop0): /file3 offset 0: data read error: data_read_io_err
bcachefs (loop0): /file3 offset 0: data read error, data_read_io_err
  u64s 7 type extent 1073741828:24:U32_MAX len 24 ver 0: durability: 1 crc: c_size 24 size 24 offset 0 nonce 0 csum crc32c 0:0  compress none ptr: 0:34:8 gen 0
  loop0 io error
------------[ cut here ]------------
kernel BUG at fs/bcachefs/btree_iter.c:3462!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 14 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Workqueue: events_unbound bch2_rbio_retry
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __bch2_trans_get+0x9ac/0x9d4 fs/bcachefs/btree_iter.c:3460
lr : __bch2_trans_get+0x9ac/0x9d4 fs/bcachefs/btree_iter.c:3460
sp : ffff800097c674a0
x29: ffff800097c674a0 x28: 1fffe0001d620840 x27: ffff0000c1a01e80
x26: dfff800000000000 x25: 0000000000000006 x24: ffff0000db4541d8
x23: 000000000000000e x22: ffff0000eb104200 x21: 0000000000000025
x20: ffff0000eb100000 x19: ffff0000d2510000 x18: 00000000ffffffff
x17: ffff800093529000 x16: ffff80008b01d6e0 x15: 0000000000000001
x14: 1ffff00012f8ce34 x13: 0000000000000000 x12: 0000000000000000
x11: ffff700012f8ce35 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1a01e80 x7 : ffff8000828bb454 x6 : 0000000000000000
x5 : ffff8000936f2db0 x4 : 0000000000000008 x3 : ffff800080522fb4
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000000
Call trace:
 __bch2_trans_get+0x9ac/0x9d4 fs/bcachefs/btree_iter.c:3460 (P)
 bch2_rbio_retry+0x17c/0xd44 fs/bcachefs/io_read.c:594
 bch2_rbio_punt fs/bcachefs/io_read.c:411 [inline]
 bch2_rbio_error+0x24c/0x354 fs/bcachefs/io_read.c:686
 bch2_read_endio+0x510/0x908 fs/bcachefs/io_read.c:-1
 bio_endio+0x858/0x894 block/bio.c:1651
 bch2_rbio_done fs/bcachefs/io_read.c:464 [inline]
 bch2_rbio_retry+0x86c/0xd44 fs/bcachefs/io_read.c:667
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3400
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
Code: 17ffff25 9779d56a 17fffe9f 9779d568 (d4210000) 
---[ end trace 0000000000000000 ]---


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

     prev parent reply	other threads:[~2025-09-19  6:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-07 13:59 [syzbot] [bcachefs?] kernel BUG in __bch2_trans_get syzbot
2025-09-19  6:16 ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=68ccf53d.050a0220.28a605.001a.GAE@google.com \
    --to=syzbot+3a42e4989f9047772c6d@syzkaller.appspotmail.com \
    --cc=kent.overstreet@linux.dev \
    --cc=linux-bcachefs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.