[syzbot] kernel BUG in close_ctree

[syzbot] kernel BUG in close_ctree

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    eb7081409f94 Linux 6.1-rc6
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17e5b309880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=5db36e7087dcccae
dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/12e9c825ff47/disk-eb708140.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/107e5e091c9e/vmlinux-eb708140.xz
kernel image: https://storage.googleapis.com/syzbot-assets/605ab211617d/bzImage-eb708140.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com

assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4664
------------[ cut here ]------------
kernel BUG at fs/btrfs/ctree.h:3713!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3696 Comm: syz-executor.2 Not tainted 6.1.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:assertfail.constprop.0+0x27/0x29 fs/btrfs/ctree.h:3713
Code: 3f c9 f7 41 54 41 89 f4 55 48 89 fd e8 a2 3f c9 f7 44 89 e1 48 89 ee 48 c7 c2 60 a4 95 8a 48 c7 c7 a0 a4 95 8a e8 00 76 f5 ff <0f> 0b e8 82 3f c9 f7 e8 8d 3d 15 f8 be 73 04 00 00 48 c7 c7 40 a5
RSP: 0018:ffffc90003727be8 EFLAGS: 00010282
RAX: 0000000000000051 RBX: ffff888027d9c000 RCX: 0000000000000000
RDX: ffff88804a6b6280 RSI: ffffffff8164973c RDI: fffff520006e4f6f
RBP: ffffffff8a95dac0 R08: 0000000000000051 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000001238
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801da29200
FS:  0000555555bec400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f17654d56be CR3: 0000000031a82000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 close_ctree+0x502/0xdc7 fs/btrfs/disk-io.c:4664
 generic_shutdown_super+0x158/0x410 fs/super.c:492
 kill_anon_super+0x3a/0x60 fs/super.c:1086
 btrfs_kill_super+0x3c/0x50 fs/btrfs/super.c:2441
 deactivate_locked_super+0x98/0x160 fs/super.c:332
 deactivate_super+0xb1/0xd0 fs/super.c:363
 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1186
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7827a8d5f7
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeef557068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7827a8d5f7
RDX: 00007ffeef55713c RSI: 000000000000000a RDI: 00007ffeef557130
RBP: 00007ffeef557130 R08: 00000000ffffffff R09: 00007ffeef556f00
R10: 0000555555bed8b3 R11: 0000000000000246 R12: 00007f7827ae6b46
R13: 00007ffeef5581f0 R14: 0000555555bed810 R15: 00007ffeef558230
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:assertfail.constprop.0+0x27/0x29 fs/btrfs/ctree.h:3713
Code: 3f c9 f7 41 54 41 89 f4 55 48 89 fd e8 a2 3f c9 f7 44 89 e1 48 89 ee 48 c7 c2 60 a4 95 8a 48 c7 c7 a0 a4 95 8a e8 00 76 f5 ff <0f> 0b e8 82 3f c9 f7 e8 8d 3d 15 f8 be 73 04 00 00 48 c7 c7 40 a5
RSP: 0018:ffffc90003727be8 EFLAGS: 00010282
RAX: 0000000000000051 RBX: ffff888027d9c000 RCX: 0000000000000000
RDX: ffff88804a6b6280 RSI: ffffffff8164973c RDI: fffff520006e4f6f
RBP: ffffffff8a95dac0 R08: 0000000000000051 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000001238
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801da29200
FS:  0000555555bec400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd78dea19d8 CR3: 0000000031a82000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Re: [syzbot] kernel BUG in close_ctree

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    c3eb11fbb826 Merge tag 'pci-v6.1-fixes-3' of git://git.ker..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=115013c5880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=8d01b6e3197974dd
dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1360d8e3880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=175f0d53880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d81ac029767f/disk-c3eb11fb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b68346b5b73c/vmlinux-c3eb11fb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/410a61724587/bzImage-c3eb11fb.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/f5bd1887114f/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com

assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4664
------------[ cut here ]------------
kernel BUG at fs/btrfs/ctree.h:3713!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3632 Comm: syz-executor235 Not tainted 6.1.0-rc6-syzkaller-00015-gc3eb11fbb826 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:assertfail+0x1a/0x1c fs/btrfs/ctree.h:3713
Code: 48 c7 c2 80 aa 38 8b 31 c0 e8 ef e3 ff ff 0f 0b 89 f1 48 89 fe 48 c7 c7 60 d9 38 8b 48 c7 c2 50 0a 39 8b 31 c0 e8 d3 e3 ff ff <0f> 0b 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec
RSP: 0018:ffffc90003d7fa58 EFLAGS: 00010246
RAX: 0000000000000051 RBX: ffff88807c960d58 RCX: 83509907ab950400
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90003d7fbe8 R08: ffffffff816e568d R09: fffff520007aff05
R10: fffff520007aff05 R11: 1ffff920007aff04 R12: 0000000000000000
R13: ffff88807c960000 R14: dffffc0000000000 R15: dffffc0000000000
FS:  00005555573a6300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcab996e28 CR3: 0000000078318000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 close_ctree+0x818/0xbde fs/btrfs/disk-io.c:4664
 generic_shutdown_super+0x130/0x310 fs/super.c:492
 kill_anon_super+0x36/0x60 fs/super.c:1086
 btrfs_kill_super+0x3d/0x50 fs/btrfs/super.c:2441
 deactivate_locked_super+0xa7/0xf0 fs/super.c:332
 cleanup_mnt+0x494/0x520 fs/namespace.c:1186
 task_work_run+0x243/0x300 kernel/task_work.c:179
 ptrace_notify+0x29a/0x340 kernel/signal.c:2354
 ptrace_report_syscall include/linux/ptrace.h:420 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
 syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:251
 syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:278
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:296
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd3e400af67
Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcab997568 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3e400af67
RDX: 00007ffcab99762a RSI: 000000000000000a RDI: 00007ffcab997620
RBP: 00007ffcab997620 R08: 00000000ffffffff R09: 00007ffcab997400
R10: 00005555573a7653 R11: 0000000000000202 R12: 00007ffcab9986e0
R13: 00005555573a75f0 R14: 00007ffcab997590 R15: 00007ffcab998700
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:assertfail+0x1a/0x1c fs/btrfs/ctree.h:3713
Code: 48 c7 c2 80 aa 38 8b 31 c0 e8 ef e3 ff ff 0f 0b 89 f1 48 89 fe 48 c7 c7 60 d9 38 8b 48 c7 c2 50 0a 39 8b 31 c0 e8 d3 e3 ff ff <0f> 0b 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec
RSP: 0018:ffffc90003d7fa58 EFLAGS: 00010246
RAX: 0000000000000051 RBX: ffff88807c960d58 RCX: 83509907ab950400
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90003d7fbe8 R08: ffffffff816e568d R09: fffff520007aff05
R10: fffff520007aff05 R11: 1ffff920007aff04 R12: 0000000000000000
R13: ffff88807c960000 R14: dffffc0000000000 R15: dffffc0000000000
FS:  00005555573a6300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd3e405ad48 CR3: 0000000078318000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Re: [syzbot] kernel BUG in close_ctree

[Julian Sun]

On Fri, 2022-11-25 at 09:09 -0800, syzbot wrote:
> > syzbot has found a reproducer for the following issue on:
> > 
> > HEAD commit:    c3eb11fbb826 Merge tag 'pci-v6.1-fixes-3' of
> > git://git.ker..
> > git tree:       upstream
> > console+strace:
> > https://syzkaller.appspot.com/x/log.txt?x=115013c5880000
> > kernel config:  
> > https://syzkaller.appspot.com/x/.config?x=8d01b6e3197974dd
> > dashboard link: 
> > https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
> > compiler:       Debian clang version
> > 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
> > (GNU Binutils for Debian) 2.35.2
> > syz repro:      
> > https://syzkaller.appspot.com/x/repro.syz?x=1360d8e3880000
> > C reproducer:  
> > https://syzkaller.appspot.com/x/repro.c?x=175f0d53880000
> > 
> > Downloadable assets:
> > disk image: 
> > https://storage.googleapis.com/syzbot-assets/d81ac029767f/disk-c3eb11fb.raw.xz
> > vmlinux: 
> > https://storage.googleapis.com/syzbot-assets/b68346b5b73c/vmlinux-c3eb11fb.xz
> > kernel image: 
> > https://storage.googleapis.com/syzbot-assets/410a61724587/bzImage-c3eb11fb.xz
> > mounted in repro: 
> > https://storage.googleapis.com/syzbot-assets/f5bd1887114f/mount_0.gz
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the
> > commit:
> > Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com
> > 
> > assertion failed: list_empty(&fs_info->delayed_iputs), in
> > fs/btrfs/disk-io.c:4664
> > ------------[ cut here ]------------
> > kernel BUG at fs/btrfs/ctree.h:3713!
> > invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> > CPU: 1 PID: 3632 Comm: syz-executor235 Not tainted
> > 6.1.0-rc6-syzkaller-00015-gc3eb11fbb826 #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 10/26/2022
> > RIP: 0010:assertfail+0x1a/0x1c fs/btrfs/ctree.h:3713
> > Code: 48 c7 c2 80 aa 38 8b 31 c0 e8 ef e3 ff ff 0f 0b 89 f1 48 89 fe 48
> > c7 c7 60 d9 38 8b 48 c7 c2 50 0a 39 8b 31 c0 e8 d3 e3 ff ff <0f> 0b 55
> > 48
> > 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec
> > RSP: 0018:ffffc90003d7fa58 EFLAGS: 00010246
> > RAX: 0000000000000051 RBX: ffff88807c960d58 RCX: 83509907ab950400
> > RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> > RBP: ffffc90003d7fbe8 R08: ffffffff816e568d R09: fffff520007aff05
> > R10: fffff520007aff05 R11: 1ffff920007aff04 R12: 0000000000000000
> > R13: ffff88807c960000 R14: dffffc0000000000 R15: dffffc0000000000
> > FS:  00005555573a6300(0000) GS:ffff8880b9900000(0000)
> > knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007ffcab996e28 CR3: 0000000078318000 CR4: 00000000003506e0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > Call Trace:
> >  <TASK>
> >  close_ctree+0x818/0xbde fs/btrfs/disk-io.c:4664
> >  generic_shutdown_super+0x130/0x310 fs/super.c:492
> >  kill_anon_super+0x36/0x60 fs/super.c:1086
> >  btrfs_kill_super+0x3d/0x50 fs/btrfs/super.c:2441
> >  deactivate_locked_super+0xa7/0xf0 fs/super.c:332
> >  cleanup_mnt+0x494/0x520 fs/namespace.c:1186
> >  task_work_run+0x243/0x300 kernel/task_work.c:179
> >  ptrace_notify+0x29a/0x340 kernel/signal.c:2354
> >  ptrace_report_syscall include/linux/ptrace.h:420 [inline]
> >  ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline]
> >  syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:251
> >  syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:278
> >  __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
> >  syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:296
> >  do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
> >  entry_SYSCALL_64_after_hwframe+0x63/0xcd
> > RIP: 0033:0x7fd3e400af67
> > Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64
> > 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01
> > f0
> > ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> > RSP: 002b:00007ffcab997568 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
> > RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3e400af67
> > RDX: 00007ffcab99762a RSI: 000000000000000a RDI: 00007ffcab997620
> > RBP: 00007ffcab997620 R08: 00000000ffffffff R09: 00007ffcab997400
> > R10: 00005555573a7653 R11: 0000000000000202 R12: 00007ffcab9986e0
> > R13: 00005555573a75f0 R14: 00007ffcab997590 R15: 00007ffcab998700
> >  </TASK>
> > Modules linked in:
> > ---[ end trace 0000000000000000 ]---
> > RIP: 0010:assertfail+0x1a/0x1c fs/btrfs/ctree.h:3713
> > Code: 48 c7 c2 80 aa 38 8b 31 c0 e8 ef e3 ff ff 0f 0b 89 f1 48 89 fe 48
> > c7 c7 60 d9 38 8b 48 c7 c2 50 0a 39 8b 31 c0 e8 d3 e3 ff ff <0f> 0b 55
> > 48
> > 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec
> > RSP: 0018:ffffc90003d7fa58 EFLAGS: 00010246
> > RAX: 0000000000000051 RBX: ffff88807c960d58 RCX: 83509907ab950400
> > RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> > RBP: ffffc90003d7fbe8 R08: ffffffff816e568d R09: fffff520007aff05
> > R10: fffff520007aff05 R11: 1ffff920007aff04 R12: 0000000000000000
> > R13: ffff88807c960000 R14: dffffc0000000000 R15: dffffc0000000000
> > FS:  00005555573a6300(0000) GS:ffff8880b9800000(0000)
> > knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007fd3e405ad48 CR3: 0000000078318000 CR4: 00000000003506f0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > 

#syz test: upstream

-- 
Julian Sun <sunjunchao2870@gmail.com>

-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [btrfs?] kernel BUG in close_ctree

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

ss_scheduled_works+0xa2c/0x1830
[   73.327092][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.333107][   T35]  ? assign_work+0x364/0x3d0
[   73.338035][   T35]  worker_thread+0x86d/0xd70
[   73.342932][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.348918][   T35]  ? __kthread_parkme+0x169/0x1d0
[   73.354380][   T35]  ? __pfx_worker_thread+0x10/0x10
[   73.359663][   T35]  kthread+0x2f0/0x390
[   73.364017][   T35]  ? __pfx_worker_thread+0x10/0x10
[   73.369795][   T35]  ? __pfx_kthread+0x10/0x10
[   73.374478][   T35]  ret_from_fork+0x4b/0x80
[   73.378997][   T35]  ? __pfx_kthread+0x10/0x10
[   73.383608][   T35]  ret_from_fork_asm+0x1a/0x30
[   73.388385][   T35]  </TASK>
[   73.393498][   T35] 
[   73.396306][   T35] =============================
[   73.401993][   T35] WARNING: suspicious RCU usage
[   73.407119][   T35] 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0 Not tainted
[   73.414474][   T35] -----------------------------
[   73.419426][   T35] net/netfilter/ipset/ip_set_core.c:1211 suspicious rcu_dereference_protected() usage!
[   73.429512][   T35] 
[   73.429512][   T35] other info that might help us debug this:
[   73.429512][   T35] 
[   73.440230][   T35] 
[   73.440230][   T35] rcu_scheduler_active = 2, debug_locks = 1
[   73.448892][   T35] 3 locks held by kworker/u8:2/35:
[   73.454197][   T35]  #0: ffff88801b6e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[   73.465331][   T35]  #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[   73.476037][   T35]  #2: ffffffff8f83e650 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[   73.485586][   T35] 
[   73.485586][   T35] stack backtrace:
[   73.491593][   T35] CPU: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0
[   73.502691][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   73.513716][   T35] Workqueue: netns cleanup_net
[   73.518809][   T35] Call Trace:
[   73.523025][   T35]  <TASK>
[   73.526175][   T35]  dump_stack_lvl+0x241/0x360
[   73.531256][   T35]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.536637][   T35]  ? __pfx__printk+0x10/0x10
[   73.541357][   T35]  lockdep_rcu_suspicious+0x221/0x340
[   73.546777][   T35]  _destroy_all_sets+0x53f/0x5f0
[   73.551742][   T35]  ip_set_net_exit+0x20/0x50
[   73.556358][   T35]  cleanup_net+0x802/0xcc0
[   73.561075][   T35]  ? __pfx_cleanup_net+0x10/0x10
[   73.566478][   T35]  ? process_scheduled_works+0x945/0x1830
[   73.572218][   T35]  process_scheduled_works+0xa2c/0x1830
[   73.577987][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
[   73.584088][   T35]  ? assign_work+0x364/0x3d0
[   73.588812][   T35]  worker_thread+0x86d/0xd70
[   73.593517][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   73.599856][   T35]  ? __kthread_parkme+0x169/0x1d0
[   73.605099][   T35]  ? __pfx_worker_thread+0x10/0x10
[   73.610568][   T35]  kthread+0x2f0/0x390
[   73.614847][   T35]  ? __pfx_worker_thread+0x10/0x10
[   73.620047][   T35]  ? __pfx_kthread+0x10/0x10
[   73.624822][   T35]  ret_from_fork+0x4b/0x80
[   73.629506][   T35]  ? __pfx_kthread+0x10/0x10
[   73.634200][   T35]  ret_from_fork_asm+0x1a/0x30
[   73.639333][   T35]  </TASK>
[   73.837536][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.846609][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.881180][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.889451][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.764101][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.774581][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.787132][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.795836][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.804209][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   74.816388][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.110885][ T5269] chnl_net:caif_netlink_parms(): no params data found
[   76.202433][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.209738][ T5269] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.217802][ T5269] bridge_slave_0: entered allmulticast mode
[   76.232096][ T5269] bridge_slave_0: entered promiscuous mode
[   76.248093][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.255436][ T5269] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.263723][ T5269] bridge_slave_1: entered allmulticast mode
[   76.270778][ T5269] bridge_slave_1: entered promiscuous mode
[   76.307733][ T5269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.319630][ T5269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.352955][ T5269] team0: Port device team_slave_0 added
[   76.365037][ T5269] team0: Port device team_slave_1 added
[   76.393595][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.400676][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.428714][ T5269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.444591][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.452810][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.479277][ T5269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.518718][ T5269] hsr_slave_0: entered promiscuous mode
[   76.526127][ T5269] hsr_slave_1: entered promiscuous mode
[   76.644065][ T5269] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   76.656191][ T5269] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   76.666601][ T5269] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   76.677174][ T5269] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   76.705301][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.713063][ T5269] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.721178][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.728612][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.793408][ T5269] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.813501][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.824694][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.847764][ T5269] 8021q: adding VLAN 0 to HW filter on device team0
[   76.864992][ T5276] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.872724][ T5276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.888966][ T5277] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.896454][ T5277] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.934240][ T5269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   76.946752][ T5269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   77.085939][ T5269] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.138427][ T5269] veth0_vlan: entered promiscuous mode
[   77.155530][ T5269] veth1_vlan: entered promiscuous mode
[   77.199855][ T5269] veth0_macvtap: entered promiscuous mode
[   77.216097][ T5269] veth1_macvtap: entered promiscuous mode
[   77.241139][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.265095][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.280957][ T5269] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.293499][ T5269] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.302863][ T5269] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.314571][ T5269] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.503942][ T5269] syz-executor (5269) used greatest stack depth: 18704 bytes left
[   77.557203][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/11/01 04:20:05 executed programs: 0
[   77.656155][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.729378][ T4592] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.746402][ T4592] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.747184][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.762998][ T4592] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.775774][ T4592] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.785232][ T4592] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.793548][ T4592] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.820026][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.956684][ T5291] chnl_net:caif_netlink_parms(): no params data found
[   78.025169][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.032601][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.039953][ T5291] bridge_slave_0: entered allmulticast mode
[   78.047981][ T5291] bridge_slave_0: entered promiscuous mode
[   78.056275][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.063812][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.070975][ T5291] bridge_slave_1: entered allmulticast mode
[   78.078397][ T5291] bridge_slave_1: entered promiscuous mode
[   78.108847][ T5291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.123105][ T5291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.158143][ T5291] team0: Port device team_slave_0 added
[   78.168279][ T5291] team0: Port device team_slave_1 added
[   78.198300][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.205463][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.235902][ T5291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.249282][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.257256][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.283977][ T5291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.334156][ T5291] hsr_slave_0: entered promiscuous mode
[   78.340571][ T5291] hsr_slave_1: entered promiscuous mode
[   78.348761][ T5291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.357164][ T5291] Cannot create hsr debugfs directory
[   79.832991][   T54] Bluetooth: hci0: command tx timeout
[   81.912093][   T54] Bluetooth: hci0: command tx timeout
[   82.159166][  T786] cfg80211: failed to load regulatory.db
[   82.197063][   T35] bridge_slave_1: left allmulticast mode
[   82.204459][   T35] bridge_slave_1: left promiscuous mode
[   82.211112][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.223520][   T35] bridge_slave_0: left allmulticast mode
[   82.229353][   T35] bridge_slave_0: left promiscuous mode
[   82.237641][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.488532][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.500105][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.510830][   T35] bond0 (unregistering): Released all slaves
[   82.646242][   T35] hsr_slave_0: left promiscuous mode
[   82.656470][   T35] hsr_slave_1: left promiscuous mode
[   82.665484][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.673171][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.681803][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.693548][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.717176][   T35] veth1_macvtap: left promiscuous mode
[   82.723507][   T35] veth0_macvtap: left promiscuous mode
[   82.729270][   T35] veth1_vlan: left promiscuous mode
[   82.738660][   T35] veth0_vlan: left promiscuous mode


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2237638905=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at 666f77ed02
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=666f77ed02b98b834393ff84c646a8d611605f6f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241016-170423'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"666f77ed02b98b834393ff84c646a8d611605f6f\"
/usr/bin/ld: /tmp/cc65bbgo.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc65bbgo.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=105d32a7980000


Tested on:

commit:         d31e86ef arm64: access_ok() optimization
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --
kernel config:  https://syzkaller.appspot.com/x/.config?x=7db415dfa086046c
dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

Re: [syzbot] [btrfs?] kernel BUG in close_ctree

[Julian Sun]

#syz test

syzbot <syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com>
于2024年11月1日周五 12:21写道：
>
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> ss_scheduled_works+0xa2c/0x1830
> [   73.327092][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
> [   73.333107][   T35]  ? assign_work+0x364/0x3d0
> [   73.338035][   T35]  worker_thread+0x86d/0xd70
> [   73.342932][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
> [   73.348918][   T35]  ? __kthread_parkme+0x169/0x1d0
> [   73.354380][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.359663][   T35]  kthread+0x2f0/0x390
> [   73.364017][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.369795][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.374478][   T35]  ret_from_fork+0x4b/0x80
> [   73.378997][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.383608][   T35]  ret_from_fork_asm+0x1a/0x30
> [   73.388385][   T35]  </TASK>
> [   73.393498][   T35]
> [   73.396306][   T35] =============================
> [   73.401993][   T35] WARNING: suspicious RCU usage
> [   73.407119][   T35] 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0 Not tainted
> [   73.414474][   T35] -----------------------------
> [   73.419426][   T35] net/netfilter/ipset/ip_set_core.c:1211 suspicious rcu_dereference_protected() usage!
> [   73.429512][   T35]
> [   73.429512][   T35] other info that might help us debug this:
> [   73.429512][   T35]
> [   73.440230][   T35]
> [   73.440230][   T35] rcu_scheduler_active = 2, debug_locks = 1
> [   73.448892][   T35] 3 locks held by kworker/u8:2/35:
> [   73.454197][   T35]  #0: ffff88801b6e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
> [   73.465331][   T35]  #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
> [   73.476037][   T35]  #2: ffffffff8f83e650 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
> [   73.485586][   T35]
> [   73.485586][   T35] stack backtrace:
> [   73.491593][   T35] CPU: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0
> [   73.502691][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> [   73.513716][   T35] Workqueue: netns cleanup_net
> [   73.518809][   T35] Call Trace:
> [   73.523025][   T35]  <TASK>
> [   73.526175][   T35]  dump_stack_lvl+0x241/0x360
> [   73.531256][   T35]  ? __pfx_dump_stack_lvl+0x10/0x10
> [   73.536637][   T35]  ? __pfx__printk+0x10/0x10
> [   73.541357][   T35]  lockdep_rcu_suspicious+0x221/0x340
> [   73.546777][   T35]  _destroy_all_sets+0x53f/0x5f0
> [   73.551742][   T35]  ip_set_net_exit+0x20/0x50
> [   73.556358][   T35]  cleanup_net+0x802/0xcc0
> [   73.561075][   T35]  ? __pfx_cleanup_net+0x10/0x10
> [   73.566478][   T35]  ? process_scheduled_works+0x945/0x1830
> [   73.572218][   T35]  process_scheduled_works+0xa2c/0x1830
> [   73.577987][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
> [   73.584088][   T35]  ? assign_work+0x364/0x3d0
> [   73.588812][   T35]  worker_thread+0x86d/0xd70
> [   73.593517][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
> [   73.599856][   T35]  ? __kthread_parkme+0x169/0x1d0
> [   73.605099][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.610568][   T35]  kthread+0x2f0/0x390
> [   73.614847][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.620047][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.624822][   T35]  ret_from_fork+0x4b/0x80
> [   73.629506][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.634200][   T35]  ret_from_fork_asm+0x1a/0x30
> [   73.639333][   T35]  </TASK>
> [   73.837536][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [   73.846609][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [   73.881180][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [   73.889451][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [   74.764101][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
> [   74.774581][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
> [   74.787132][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
> [   74.795836][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
> [   74.804209][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
> [   74.816388][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
> [   76.110885][ T5269] chnl_net:caif_netlink_parms(): no params data found
> [   76.202433][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.209738][ T5269] bridge0: port 1(bridge_slave_0) entered disabled state
> [   76.217802][ T5269] bridge_slave_0: entered allmulticast mode
> [   76.232096][ T5269] bridge_slave_0: entered promiscuous mode
> [   76.248093][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.255436][ T5269] bridge0: port 2(bridge_slave_1) entered disabled state
> [   76.263723][ T5269] bridge_slave_1: entered allmulticast mode
> [   76.270778][ T5269] bridge_slave_1: entered promiscuous mode
> [   76.307733][ T5269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [   76.319630][ T5269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [   76.352955][ T5269] team0: Port device team_slave_0 added
> [   76.365037][ T5269] team0: Port device team_slave_1 added
> [   76.393595][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_0
> [   76.400676][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   76.428714][ T5269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [   76.444591][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_1
> [   76.452810][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   76.479277][ T5269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [   76.518718][ T5269] hsr_slave_0: entered promiscuous mode
> [   76.526127][ T5269] hsr_slave_1: entered promiscuous mode
> [   76.644065][ T5269] netdevsim netdevsim0 netdevsim0: renamed from eth0
> [   76.656191][ T5269] netdevsim netdevsim0 netdevsim1: renamed from eth1
> [   76.666601][ T5269] netdevsim netdevsim0 netdevsim2: renamed from eth2
> [   76.677174][ T5269] netdevsim netdevsim0 netdevsim3: renamed from eth3
> [   76.705301][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.713063][ T5269] bridge0: port 2(bridge_slave_1) entered forwarding state
> [   76.721178][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.728612][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state
> [   76.793408][ T5269] 8021q: adding VLAN 0 to HW filter on device bond0
> [   76.813501][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
> [   76.824694][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
> [   76.847764][ T5269] 8021q: adding VLAN 0 to HW filter on device team0
> [   76.864992][ T5276] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.872724][ T5276] bridge0: port 1(bridge_slave_0) entered forwarding state
> [   76.888966][ T5277] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.896454][ T5277] bridge0: port 2(bridge_slave_1) entered forwarding state
> [   76.934240][ T5269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
> [   76.946752][ T5269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
> [   77.085939][ T5269] 8021q: adding VLAN 0 to HW filter on device batadv0
> [   77.138427][ T5269] veth0_vlan: entered promiscuous mode
> [   77.155530][ T5269] veth1_vlan: entered promiscuous mode
> [   77.199855][ T5269] veth0_macvtap: entered promiscuous mode
> [   77.216097][ T5269] veth1_macvtap: entered promiscuous mode
> [   77.241139][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_0
> [   77.265095][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_1
> [   77.280957][ T5269] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.293499][ T5269] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.302863][ T5269] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.314571][ T5269] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.503942][ T5269] syz-executor (5269) used greatest stack depth: 18704 bytes left
> [   77.557203][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> 2024/11/01 04:20:05 executed programs: 0
> [   77.656155][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.729378][ T4592] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
> [   77.746402][ T4592] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
> [   77.747184][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.762998][ T4592] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
> [   77.775774][ T4592] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
> [   77.785232][ T4592] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
> [   77.793548][ T4592] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
> [   77.820026][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.956684][ T5291] chnl_net:caif_netlink_parms(): no params data found
> [   78.025169][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state
> [   78.032601][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state
> [   78.039953][ T5291] bridge_slave_0: entered allmulticast mode
> [   78.047981][ T5291] bridge_slave_0: entered promiscuous mode
> [   78.056275][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state
> [   78.063812][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state
> [   78.070975][ T5291] bridge_slave_1: entered allmulticast mode
> [   78.078397][ T5291] bridge_slave_1: entered promiscuous mode
> [   78.108847][ T5291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [   78.123105][ T5291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [   78.158143][ T5291] team0: Port device team_slave_0 added
> [   78.168279][ T5291] team0: Port device team_slave_1 added
> [   78.198300][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_0
> [   78.205463][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   78.235902][ T5291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [   78.249282][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_1
> [   78.257256][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   78.283977][ T5291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [   78.334156][ T5291] hsr_slave_0: entered promiscuous mode
> [   78.340571][ T5291] hsr_slave_1: entered promiscuous mode
> [   78.348761][ T5291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
> [   78.357164][ T5291] Cannot create hsr debugfs directory
> [   79.832991][   T54] Bluetooth: hci0: command tx timeout
> [   81.912093][   T54] Bluetooth: hci0: command tx timeout
> [   82.159166][  T786] cfg80211: failed to load regulatory.db
> [   82.197063][   T35] bridge_slave_1: left allmulticast mode
> [   82.204459][   T35] bridge_slave_1: left promiscuous mode
> [   82.211112][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
> [   82.223520][   T35] bridge_slave_0: left allmulticast mode
> [   82.229353][   T35] bridge_slave_0: left promiscuous mode
> [   82.237641][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
> [   82.488532][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
> [   82.500105][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
> [   82.510830][   T35] bond0 (unregistering): Released all slaves
> [   82.646242][   T35] hsr_slave_0: left promiscuous mode
> [   82.656470][   T35] hsr_slave_1: left promiscuous mode
> [   82.665484][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
> [   82.673171][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
> [   82.681803][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
> [   82.693548][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
> [   82.717176][   T35] veth1_macvtap: left promiscuous mode
> [   82.723507][   T35] veth0_macvtap: left promiscuous mode
> [   82.729270][   T35] veth1_vlan: left promiscuous mode
> [   82.738660][   T35] veth0_vlan: left promiscuous mode
>
>
> syzkaller build log:
> go env (err=<nil>)
> GO111MODULE='auto'
> GOARCH='amd64'
> GOBIN=''
> GOCACHE='/syzkaller/.cache/go-build'
> GOENV='/syzkaller/.config/go/env'
> GOEXE=''
> GOEXPERIMENT=''
> GOFLAGS=''
> GOHOSTARCH='amd64'
> GOHOSTOS='linux'
> GOINSECURE=''
> GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
> GONOPROXY=''
> GONOSUMDB=''
> GOOS='linux'
> GOPATH='/syzkaller/jobs/linux/gopath'
> GOPRIVATE=''
> GOPROXY='https://proxy.golang.org,direct'
> GOROOT='/usr/local/go'
> GOSUMDB='sum.golang.org'
> GOTMPDIR=''
> GOTOOLCHAIN='auto'
> GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
> GOVCS=''
> GOVERSION='go1.22.7'
> GCCGO='gccgo'
> GOAMD64='v1'
> AR='ar'
> CC='gcc'
> CXX='g++'
> CGO_ENABLED='1'
> GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
> GOWORK=''
> CGO_CFLAGS='-O2 -g'
> CGO_CPPFLAGS=''
> CGO_CXXFLAGS='-O2 -g'
> CGO_FFLAGS='-O2 -g'
> CGO_LDFLAGS='-O2 -g'
> PKG_CONFIG='pkg-config'
> GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2237638905=/tmp/go-build -gno-record-gcc-switches'
>
> git status (err=<nil>)
> HEAD detached at 666f77ed02
> nothing to commit, working tree clean
>
>
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
> make .descriptions
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> bin/syz-sysgen
> go fmt ./sys/... >/dev/null
> touch .descriptions
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=666f77ed02b98b834393ff84c646a8d611605f6f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241016-170423'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
> mkdir -p ./bin/linux_amd64
> g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
>         -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
>         -DHOSTGOOS_linux=1 -DGIT_REVISION=\"666f77ed02b98b834393ff84c646a8d611605f6f\"
> /usr/bin/ld: /tmp/cc65bbgo.o: in function `test_cover_filter()':
> executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
> /usr/bin/ld: /tmp/cc65bbgo.o: in function `Connection::Connect(char const*, char const*)':
> executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
>
>
> Error text is too large and was truncated, full error text is at:
> https://syzkaller.appspot.com/x/error.txt?x=105d32a7980000
>
>
> Tested on:
>
> commit:         d31e86ef arm64: access_ok() optimization
> git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --
> kernel config:  https://syzkaller.appspot.com/x/.config?x=7db415dfa086046c
> dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
>
> Note: no patches were applied.



-- 
Julian Sun <sunjunchao2870@gmail.com>

Re: [syzbot] [btrfs?] kernel BUG in close_ctree

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com
Tested-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com

Tested on:

commit:         6c52d4da Merge tag 'for-linus' of git://git.kernel.org..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11f5155f980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=99a5a84880eccc01
dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.
Note: testing is done by a robot and is best-effort only.

Re: [syzbot] kernel BUG in close_ctree

[Qu Wenruo]

#syz test: https://github.com/btrfs/linux.git for-next


在 2022/11/23 18:40, syzbot 写道:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    eb7081409f94 Linux 6.1-rc6
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17e5b309880000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=5db36e7087dcccae
> dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/12e9c825ff47/disk-eb708140.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/107e5e091c9e/vmlinux-eb708140.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/605ab211617d/bzImage-eb708140.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com
>
> assertion failed: list_empty(&fs_info->delayed_iputs), in fs/btrfs/disk-io.c:4664
> ------------[ cut here ]------------
> kernel BUG at fs/btrfs/ctree.h:3713!
> invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 3696 Comm: syz-executor.2 Not tainted 6.1.0-rc6-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
> RIP: 0010:assertfail.constprop.0+0x27/0x29 fs/btrfs/ctree.h:3713
> Code: 3f c9 f7 41 54 41 89 f4 55 48 89 fd e8 a2 3f c9 f7 44 89 e1 48 89 ee 48 c7 c2 60 a4 95 8a 48 c7 c7 a0 a4 95 8a e8 00 76 f5 ff <0f> 0b e8 82 3f c9 f7 e8 8d 3d 15 f8 be 73 04 00 00 48 c7 c7 40 a5
> RSP: 0018:ffffc90003727be8 EFLAGS: 00010282
> RAX: 0000000000000051 RBX: ffff888027d9c000 RCX: 0000000000000000
> RDX: ffff88804a6b6280 RSI: ffffffff8164973c RDI: fffff520006e4f6f
> RBP: ffffffff8a95dac0 R08: 0000000000000051 R09: 0000000000000000
> R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000001238
> R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801da29200
> FS:  0000555555bec400(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f17654d56be CR3: 0000000031a82000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>   <TASK>
>   close_ctree+0x502/0xdc7 fs/btrfs/disk-io.c:4664
>   generic_shutdown_super+0x158/0x410 fs/super.c:492
>   kill_anon_super+0x3a/0x60 fs/super.c:1086
>   btrfs_kill_super+0x3c/0x50 fs/btrfs/super.c:2441
>   deactivate_locked_super+0x98/0x160 fs/super.c:332
>   deactivate_super+0xb1/0xd0 fs/super.c:363
>   cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1186
>   task_work_run+0x16f/0x270 kernel/task_work.c:179
>   resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
>   exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
>   exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:203
>   __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
>   syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296
>   do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
>   entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7f7827a8d5f7
> Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffeef557068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7827a8d5f7
> RDX: 00007ffeef55713c RSI: 000000000000000a RDI: 00007ffeef557130
> RBP: 00007ffeef557130 R08: 00000000ffffffff R09: 00007ffeef556f00
> R10: 0000555555bed8b3 R11: 0000000000000246 R12: 00007f7827ae6b46
> R13: 00007ffeef5581f0 R14: 0000555555bed810 R15: 00007ffeef558230
>   </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:assertfail.constprop.0+0x27/0x29 fs/btrfs/ctree.h:3713
> Code: 3f c9 f7 41 54 41 89 f4 55 48 89 fd e8 a2 3f c9 f7 44 89 e1 48 89 ee 48 c7 c2 60 a4 95 8a 48 c7 c7 a0 a4 95 8a e8 00 76 f5 ff <0f> 0b e8 82 3f c9 f7 e8 8d 3d 15 f8 be 73 04 00 00 48 c7 c7 40 a5
> RSP: 0018:ffffc90003727be8 EFLAGS: 00010282
> RAX: 0000000000000051 RBX: ffff888027d9c000 RCX: 0000000000000000
> RDX: ffff88804a6b6280 RSI: ffffffff8164973c RDI: fffff520006e4f6f
> RBP: ffffffff8a95dac0 R08: 0000000000000051 R09: 0000000000000000
> R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000001238
> R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801da29200
> FS:  0000555555bec400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fd78dea19d8 CR3: 0000000031a82000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>

Re: [syzbot] [btrfs?] kernel BUG in close_ctree

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com
Tested-by: syzbot+2665d678fffcc4608e18@syzkaller.appspotmail.com

Tested on:

commit:         70a1072f btrfs: extract the main loop of btrfs_buffere..
git tree:       https://github.com/btrfs/linux.git for-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12875c4c580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=d5d862b4e27dc0b3
dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.
Note: testing is done by a robot and is best-effort only.