Re: [syzbot] [btrfs?] WARNING in btrfs_destroy_inode (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+25df068cd8509f8c0fe1@syzkaller.appspotmail.com>
To: clm@fb.com, dsterba@suse.com, josef@toxicpanda.com,
	 linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [btrfs?] WARNING in btrfs_destroy_inode (3)
Date: Wed, 29 Oct 2025 06:01:29 -0700	[thread overview]
Message-ID: <69021029.050a0220.3344a1.041e.GAE@google.com> (raw)
In-Reply-To: <68fe7262.050a0220.3344a1.0145.GAE@google.com>

syzbot has found a reproducer for the following issue on:

HEAD commit:    b98c94eed4a9 arm64: mte: Do not warn if the page is alread..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15febd42580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=158bd6857eb7a550
dashboard link: https://syzkaller.appspot.com/bug?extid=25df068cd8509f8c0fe1
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13febd42580000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=10ca0e14580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c82e514449b/disk-b98c94ee.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a322ed38c368/vmlinux-b98c94ee.xz
kernel image: https://storage.googleapis.com/syzbot-assets/059db7d7114e/Image-b98c94ee.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7af3d5d4bd72/mount_0.gz
  fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=174a0e14580000)

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25df068cd8509f8c0fe1@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
lr : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: ffff0000f1b90b10
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 (P)
 destroy_inode fs/inode.c:396 [inline]
 evict+0x6e4/0x928 fs/inode.c:834
 dispose_list fs/inode.c:852 [inline]
 evict_inodes+0x638/0x6d0 fs/inode.c:906
 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
 kill_anon_super+0x4c/0x7c fs/super.c:1281
 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
 deactivate_locked_super+0xc4/0x12c fs/super.c:473
 deactivate_super+0xe0/0x100 fs/super.c:506
 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
 el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140212
hardirqs last  enabled at (140211): [<ffff8000805b8d70>] __call_rcu_common kernel/rcu/tree.c:3148 [inline]
hardirqs last  enabled at (140211): [<ffff8000805b8d70>] call_rcu+0x65c/0x978 kernel/rcu/tree.c:3243
hardirqs last disabled at (140212): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last  enabled at (138874): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last  enabled at (138874): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (138851): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7943 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
lr : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000010000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 (P)
 destroy_inode fs/inode.c:396 [inline]
 evict+0x6e4/0x928 fs/inode.c:834
 dispose_list fs/inode.c:852 [inline]
 evict_inodes+0x638/0x6d0 fs/inode.c:906
 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
 kill_anon_super+0x4c/0x7c fs/super.c:1281
 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
 deactivate_locked_super+0xc4/0x12c fs/super.c:473
 deactivate_super+0xe0/0x100 fs/super.c:506
 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
 el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140270
hardirqs last  enabled at (140269): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140270): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last  enabled at (140254): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last  enabled at (140254): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140215): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7948 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
lr : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000001000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000001000 x0 : 0000000000000000
Call trace:
 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 (P)
 destroy_inode fs/inode.c:396 [inline]
 evict+0x6e4/0x928 fs/inode.c:834
 dispose_list fs/inode.c:852 [inline]
 evict_inodes+0x638/0x6d0 fs/inode.c:906
 generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
 kill_anon_super+0x4c/0x7c fs/super.c:1281
 btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
 deactivate_locked_super+0xc4/0x12c fs/super.c:473
 deactivate_super+0xe0/0x100 fs/super.c:506
 cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1334
 task_work_run+0x1dc/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
 el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140312
hardirqs last  enabled at (140311): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140312): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last  enabled at (140306): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last  enabled at (140306): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140273): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/block-group.c:4462 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
lr : check_removing_space_info+0x260/0x280 fs/btrfs/block-group.c:4462
sp : ffff8000a6067930
x29: ffff8000a6067930 x28: 1fffe0001bc4a12c x27: dfff800000000000
x26: ffff0000ca5681c0 x25: 0000000000000001 x24: 1fffe0001bc4a002
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000010000
x20: ffff0000cb314000 x19: ffff0000de250000 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800080536230 x15: 0000000000000001
x14: 1fffe0001bc4a004 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001bc4a005 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800082594440 x6 : 0000000000000000
x5 : ffff8000934e52c0 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000000 x1 : ffff0000de250000 x0 : ffff0000cb314000
Call trace:
 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 (P)
 btrfs_free_block_groups+0xa80/0xd10 fs/btrfs/block-group.c:4580
 close_ctree+0x650/0x113c fs/btrfs/disk-io.c:4426
 btrfs_put_super+0x1ac/0x1c0 fs/btrfs/super.c:74


---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

     prev parent reply	other threads:[~2025-10-29 13:01 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-26 19:11 [syzbot] [btrfs?] WARNING in btrfs_destroy_inode (3) syzbot
2025-10-29 13:01 ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69021029.050a0220.3344a1.041e.GAE@google.com \
    --to=syzbot+25df068cd8509f8c0fe1@syzkaller.appspotmail.com \
    --cc=clm@fb.com \
    --cc=dsterba@suse.com \
    --cc=josef@toxicpanda.com \
    --cc=linux-btrfs@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.