[syzbot] WARNING in btrfs_space_info_update_bytes_may_use
20 views
Skip to first unread message
syzbot
Oct 30, 2022, 8:15:43āÆPM10/30/22
to c...@fb.com, dst...@suse.com, jo...@toxicpanda.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=158eaff6880000
kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8
dashboard link: https://syzkaller.appspot.com/bug?extid=8edfa01e46fd9fe3fbfb
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17db9ab1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e21b6880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba5b49fa77de/disk-b229b6ca.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7c061f2ae4dc/vmlinux-b229b6ca.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bc45c1300e9b/bzImage-b229b6ca.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/17cf7ba1084e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8edfa0...@syzkaller.appspotmail.com
BTRFS info (device loop0): enabling ssd optimizations
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3604 at fs/btrfs/space-info.h:122 btrfs_space_info_update_bytes_may_use+0x524/0x820 fs/btrfs/space-info.h:122
Modules linked in:
CPU: 0 PID: 3604 Comm: syz-executor245 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:btrfs_space_info_update_bytes_may_use+0x524/0x820 fs/btrfs/space-info.h:122
Code: fd e9 77 fb ff ff e8 3b 4b fd fd 4d 89 e6 48 89 de 49 f7 de 4c 89 f7 e8 9a 47 fd fd 49 39 de 0f 86 b5 fc ff ff e8 1c 4b fd fd <0f> 0b 31 db e9 af fc ff ff e8 0e 4b fd fd 48 8d 7d 18 be ff ff ff
RSP: 0018:ffffc90003f4f9c0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000d0000 RCX: 0000000000000000
RDX: ffff888021f78000 RSI: ffffffff837f5164 RDI: 0000000000000006
RBP: ffff88807da53000 R08: 0000000000000006 R09: 00000000000e0000
R10: 00000000000d0000 R11: 000000000008c07e R12: fffffffffff20000
R13: ffff88807da53060 R14: 00000000000e0000 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faff6153690 CR3: 000000000bc8e000 CR4: 0000000000350ef0
Call Trace:
<TASK>
btrfs_space_info_free_bytes_may_use fs/btrfs/space-info.h:154 [inline]
block_rsv_release_bytes fs/btrfs/block-rsv.c:151 [inline]
btrfs_block_rsv_release+0x515/0x650 fs/btrfs/block-rsv.c:295
btrfs_release_global_block_rsv+0x22/0x2e0 fs/btrfs/block-rsv.c:463
btrfs_free_block_groups+0x954/0x1100 fs/btrfs/block-group.c:4051
close_ctree+0xd17/0xdc3 fs/btrfs/disk-io.c:4710
generic_shutdown_super+0x154/0x410 fs/super.c:491
kill_anon_super+0x36/0x60 fs/super.c:1085
btrfs_kill_super+0x38/0x50 fs/btrfs/super.c:2441
deactivate_locked_super+0x94/0x160 fs/super.c:331
deactivate_super+0xad/0xd0 fs/super.c:362
cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1186
task_work_run+0x16b/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb35/0x2a20 kernel/exit.c:820
do_group_exit+0xd0/0x2a0 kernel/exit.c:950
__do_sys_exit_group kernel/exit.c:961 [inline]
__se_sys_exit_group kernel/exit.c:959 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:959
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f87197f03e9
Code: Unable to access opcode bytes at 0x7f87197f03bf.
RSP: 002b:00007ffebfd5c0d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f871987d470 RCX: 00007f87197f03e9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffebf003031
R10: 0000000080000009 R11: 0000000000000246 R12: 00007f871987d470
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=158eaff6880000
kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8
dashboard link: https://syzkaller.appspot.com/bug?extid=8edfa01e46fd9fe3fbfb
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17db9ab1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e21b6880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba5b49fa77de/disk-b229b6ca.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7c061f2ae4dc/vmlinux-b229b6ca.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bc45c1300e9b/bzImage-b229b6ca.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/17cf7ba1084e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8edfa0...@syzkaller.appspotmail.com
BTRFS info (device loop0): enabling ssd optimizations
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3604 at fs/btrfs/space-info.h:122 btrfs_space_info_update_bytes_may_use+0x524/0x820 fs/btrfs/space-info.h:122
Modules linked in:
CPU: 0 PID: 3604 Comm: syz-executor245 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:btrfs_space_info_update_bytes_may_use+0x524/0x820 fs/btrfs/space-info.h:122
Code: fd e9 77 fb ff ff e8 3b 4b fd fd 4d 89 e6 48 89 de 49 f7 de 4c 89 f7 e8 9a 47 fd fd 49 39 de 0f 86 b5 fc ff ff e8 1c 4b fd fd <0f> 0b 31 db e9 af fc ff ff e8 0e 4b fd fd 48 8d 7d 18 be ff ff ff
RSP: 0018:ffffc90003f4f9c0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 00000000000d0000 RCX: 0000000000000000
RDX: ffff888021f78000 RSI: ffffffff837f5164 RDI: 0000000000000006
RBP: ffff88807da53000 R08: 0000000000000006 R09: 00000000000e0000
R10: 00000000000d0000 R11: 000000000008c07e R12: fffffffffff20000
R13: ffff88807da53060 R14: 00000000000e0000 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faff6153690 CR3: 000000000bc8e000 CR4: 0000000000350ef0
Call Trace:
<TASK>
btrfs_space_info_free_bytes_may_use fs/btrfs/space-info.h:154 [inline]
block_rsv_release_bytes fs/btrfs/block-rsv.c:151 [inline]
btrfs_block_rsv_release+0x515/0x650 fs/btrfs/block-rsv.c:295
btrfs_release_global_block_rsv+0x22/0x2e0 fs/btrfs/block-rsv.c:463
btrfs_free_block_groups+0x954/0x1100 fs/btrfs/block-group.c:4051
close_ctree+0xd17/0xdc3 fs/btrfs/disk-io.c:4710
generic_shutdown_super+0x154/0x410 fs/super.c:491
kill_anon_super+0x36/0x60 fs/super.c:1085
btrfs_kill_super+0x38/0x50 fs/btrfs/super.c:2441
deactivate_locked_super+0x94/0x160 fs/super.c:331
deactivate_super+0xad/0xd0 fs/super.c:362
cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1186
task_work_run+0x16b/0x270 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xb35/0x2a20 kernel/exit.c:820
do_group_exit+0xd0/0x2a0 kernel/exit.c:950
__do_sys_exit_group kernel/exit.c:961 [inline]
__se_sys_exit_group kernel/exit.c:959 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:959
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f87197f03e9
Code: Unable to access opcode bytes at 0x7f87197f03bf.
RSP: 002b:00007ffebfd5c0d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f871987d470 RCX: 00007f87197f03e9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00007ffebf003031
R10: 0000000080000009 R11: 0000000000000246 R12: 00007f871987d470
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Oct 31, 2022, 7:51:24āÆAM10/31/22
to ak...@linux-foundation.org, c...@fb.com, dst...@suse.com, h...@lst.de, jo...@toxicpanda.com, linm...@huawei.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, torv...@linux-foundation.org, wi...@infradead.org
syzbot has bisected this issue to:
commit 0c7c575df56b957390206deb018c41acbb412159
Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
Date: Wed Feb 24 20:01:52 2021 +0000
mm/filemap: remove dynamically allocated array from filemap_read
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119e21b6880000
start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=139e21b6880000
console output: https://syzkaller.appspot.com/x/log.txt?x=159e21b6880000
Fixes: 0c7c575df56b ("mm/filemap: remove dynamically allocated array from filemap_read")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 0c7c575df56b957390206deb018c41acbb412159
Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
Date: Wed Feb 24 20:01:52 2021 +0000
mm/filemap: remove dynamically allocated array from filemap_read
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119e21b6880000
start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=139e21b6880000
console output: https://syzkaller.appspot.com/x/log.txt?x=159e21b6880000
kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8
dashboard link: https://syzkaller.appspot.com/bug?extid=8edfa01e46fd9fe3fbfb
dashboard link: https://syzkaller.appspot.com/bug?extid=8edfa01e46fd9fe3fbfb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17db9ab1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e21b6880000
Reported-by: syzbot+8edfa0...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e21b6880000
Fixes: 0c7c575df56b ("mm/filemap: remove dynamically allocated array from filemap_read")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Matthew Wilcox
Oct 31, 2022, 9:50:46āÆAM10/31/22
to syzbot, ak...@linux-foundation.org, c...@fb.com, dst...@suse.com, h...@lst.de, jo...@toxicpanda.com, linm...@huawei.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, torv...@linux-foundation.org
Dmitry, I don't see a way to tell syzbot that its bisection has gone
astray. Can you add one or document it if it already exists?
On Mon, Oct 31, 2022 at 04:51:22AM -0700, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 0c7c575df56b957390206deb018c41acbb412159
> Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
> Date: Wed Feb 24 20:01:52 2021 +0000
>
> mm/filemap: remove dynamically allocated array from filemap_read
This change affects the read path. The crash happens in the unmount
path. The data structure that's being checked is modified in the write
path. I just can't see how this commit is in any way related.
astray. Can you add one or document it if it already exists?
On Mon, Oct 31, 2022 at 04:51:22AM -0700, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 0c7c575df56b957390206deb018c41acbb412159
> Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
> Date: Wed Feb 24 20:01:52 2021 +0000
>
> mm/filemap: remove dynamically allocated array from filemap_read
path. The data structure that's being checked is modified in the write
path. I just can't see how this commit is in any way related.
David Sterba
Oct 31, 2022, 10:24:10āÆAM10/31/22
to Matthew Wilcox, syzbot, ak...@linux-foundation.org, c...@fb.com, dst...@suse.com, h...@lst.de, jo...@toxicpanda.com, linm...@huawei.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, torv...@linux-foundation.org
On Mon, Oct 31, 2022 at 01:50:32PM +0000, Matthew Wilcox wrote:
> Dmitry, I don't see a way to tell syzbot that its bisection has gone
> astray. Can you add one or document it if it already exists?
>
> On Mon, Oct 31, 2022 at 04:51:22AM -0700, syzbot wrote:
> > syzbot has bisected this issue to:
> >
> > commit 0c7c575df56b957390206deb018c41acbb412159
> > Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
> > Date: Wed Feb 24 20:01:52 2021 +0000
> >
> > mm/filemap: remove dynamically allocated array from filemap_read
>
> This change affects the read path. The crash happens in the unmount
> path. The data structure that's being checked is modified in the write
> path. I just can't see how this commit is in any way related.
Yeah I agree the bisection hasn't identified the correct commit.
> Dmitry, I don't see a way to tell syzbot that its bisection has gone
> astray. Can you add one or document it if it already exists?
>
> On Mon, Oct 31, 2022 at 04:51:22AM -0700, syzbot wrote:
> > syzbot has bisected this issue to:
> >
> > commit 0c7c575df56b957390206deb018c41acbb412159
> > Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
> > Date: Wed Feb 24 20:01:52 2021 +0000
> >
> > mm/filemap: remove dynamically allocated array from filemap_read
>
> This change affects the read path. The crash happens in the unmount
> path. The data structure that's being checked is modified in the write
> path. I just can't see how this commit is in any way related.
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119e21b6880000
> > start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
warning basically on each run so it's not completely random. There might
be some timing change that triggers the warning, likely it's caused by
some the space accounting bug.
Aleksandr Nogikh
Oct 31, 2022, 2:57:13āÆPM10/31/22
to Matthew Wilcox, syzbot, ak...@linux-foundation.org, c...@fb.com, dst...@suse.com, h...@lst.de, jo...@toxicpanda.com, linm...@huawei.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, torv...@linux-foundation.org
On Mon, Oct 31, 2022 at 6:50 AM Matthew Wilcox <wi...@infradead.org> wrote:
>
> Dmitry, I don't see a way to tell syzbot that its bisection has gone
> astray. Can you add one or document it if it already exists?
No, unfortunately it's not possible now. I've filed an issue:
>
> Dmitry, I don't see a way to tell syzbot that its bisection has gone
> astray. Can you add one or document it if it already exists?
https://github.com/google/syzkaller/issues/3491
>
> On Mon, Oct 31, 2022 at 04:51:22AM -0700, syzbot wrote:
> > syzbot has bisected this issue to:
> >
> > commit 0c7c575df56b957390206deb018c41acbb412159
> > Author: Matthew Wilcox (Oracle) <wi...@infradead.org>
> > Date: Wed Feb 24 20:01:52 2021 +0000
> >
> > mm/filemap: remove dynamically allocated array from filemap_read
>
> This change affects the read path. The crash happens in the unmount
> path. The data structure that's being checked is modified in the write
> path. I just can't see how this commit is in any way related.
kmalloc while the reproducer for the bug does fault injection (see the
"(fail_nth: 10)" line in syz repro). So it might have inadvertently
made the issue more visible to the fuzzer.
>
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119e21b6880000
> > start commit: b229b6ca5abb Merge tag 'perf-tools-fixes-for-v6.1-2022-10-..
> > git tree: upstream
> > final oops: https://syzkaller.appspot.com/x/report.txt?x=139e21b6880000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=159e21b6880000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=a66c6c673fb555e8
> > dashboard link: https://syzkaller.appspot.com/bug?extid=8edfa01e46fd9fe3fbfb
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17db9ab1880000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124e21b6880000
> >
> > Reported-by: syzbot+8edfa0...@syzkaller.appspotmail.com
> > Fixes: 0c7c575df56b ("mm/filemap: remove dynamically allocated array from filemap_read")
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/Y1/SqIuP4tbszPAW%40casper.infradead.org.
Aleksandr Nogikh
Oct 31, 2022, 3:02:59āÆPM10/31/22
to syzbot, c...@fb.com, dst...@suse.com, jo...@toxicpanda.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, yin3...@gmail.com
FWIW there's an attempt to fix a very similarly looking problem
(https://lore.kernel.org/all/0000000000002a...@google.com/)
by Hawkins Jiawei (cc'd):
https://lore.kernel.org/linux-btrfs/20221030162223....@gmail.com/t/
If the bugs are indeed related, we might want to tell the bot to
deduplicate one to another.
(https://lore.kernel.org/all/0000000000002a...@google.com/)
by Hawkins Jiawei (cc'd):
https://lore.kernel.org/linux-btrfs/20221030162223....@gmail.com/t/
If the bugs are indeed related, we might want to tell the bot to
deduplicate one to another.
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000d9d6f05ec498263%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages