[v5.15] kernel BUG in __clear_extent_bit
0 views
Skip to first unread message
syzbot
Aug 10, 2023, 8:58:02 PM8/10/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c275eaaaa342 Linux 5.15.125
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162e7dd7a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=d5effadda2808dce
dashboard link: https://syzkaller.appspot.com/bug?extid=87ed0f6b88d6ff3177ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4ec3cb6c37d5/disk-c275eaaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d758e21b247/vmlinux-c275eaaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d2177731a824/Image-c275eaaa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87ed0f...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:821!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 10035 Comm: syz-executor.5 Not tainted 5.15.125-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
lr : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
sp : ffff800025fc6be0
x29: ffff800025fc6cd0 x28: 1fffe0001afd9efa x27: dfff800000000000
x26: ffff0000cff251c0 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000000001fff x22: 0000000000000fff x21: ffff0000d7ecf7d8
x20: ffff0000d7ecf7d0 x19: ffff0000d35a6cb0 x18: 0000000000000002
x17: ff80800008334ef0 x16: ffff80001195fe04 x15: ffff800008334ef0
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000001a534 x10: ffff80001d819000 x9 : ffff80000a073110
x8 : 000000000001a535 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff800025fc6038 x4 : 00000000000000c8 x3 : 0000000000000088
x2 : 0000000000000001 x1 : ffff800011f60e40 x0 : 0000000000000000
Call trace:
__clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
try_release_extent_state fs/btrfs/extent_io.c:5246 [inline]
try_release_extent_mapping+0x458/0x480 fs/btrfs/extent_io.c:5343
__btrfs_releasepage+0x30/0x200 fs/btrfs/inode.c:8611
btrfs_releasepage+0x1a8/0x258 fs/btrfs/inode.c:8624
try_to_release_page+0x204/0x2d0 mm/filemap.c:3970
invalidate_complete_page mm/truncate.c:203 [inline]
invalidate_inode_page+0x250/0x308 mm/truncate.c:255
__invalidate_mapping_pages+0x280/0x664 mm/truncate.c:494
invalidate_mapping_pages+0x38/0x4c mm/truncate.c:533
btrfs_direct_write fs/btrfs/file.c:2056 [inline]
btrfs_file_write_iter+0x9e8/0xad8 fs/btrfs/file.c:2086
do_iter_readv_writev+0x420/0x5f8
do_iter_write+0x1b8/0x664 fs/read_write.c:855
vfs_iter_write+0x88/0xac fs/read_write.c:896
iter_file_splice_write+0x618/0xc48 fs/splice.c:689
do_splice_from fs/splice.c:767 [inline]
direct_splice_actor+0xe4/0x1c0 fs/splice.c:936
splice_direct_to_actor+0x408/0x9a0 fs/splice.c:891
do_splice_direct+0x1f4/0x334 fs/splice.c:979
generic_copy_file_range fs/read_write.c:1385 [inline]
vfs_copy_file_range+0x944/0x1130 fs/read_write.c:1531
__do_sys_copy_file_range fs/read_write.c:1588 [inline]
__se_sys_copy_file_range fs/read_write.c:1551 [inline]
__arm64_sys_copy_file_range+0x5f8/0x9d8 fs/read_write.c:1551
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 2a1503e3 95e368dd d4210000 97913978 (d4210000)
---[ end trace e08345ed6c84a37f ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c275eaaaa342 Linux 5.15.125
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=162e7dd7a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=d5effadda2808dce
dashboard link: https://syzkaller.appspot.com/bug?extid=87ed0f6b88d6ff3177ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4ec3cb6c37d5/disk-c275eaaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d758e21b247/vmlinux-c275eaaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d2177731a824/Image-c275eaaa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87ed0f...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:821!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 10035 Comm: syz-executor.5 Not tainted 5.15.125-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
lr : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
sp : ffff800025fc6be0
x29: ffff800025fc6cd0 x28: 1fffe0001afd9efa x27: dfff800000000000
x26: ffff0000cff251c0 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000000001fff x22: 0000000000000fff x21: ffff0000d7ecf7d8
x20: ffff0000d7ecf7d0 x19: ffff0000d35a6cb0 x18: 0000000000000002
x17: ff80800008334ef0 x16: ffff80001195fe04 x15: ffff800008334ef0
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000001a534 x10: ffff80001d819000 x9 : ffff80000a073110
x8 : 000000000001a535 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff800025fc6038 x4 : 00000000000000c8 x3 : 0000000000000088
x2 : 0000000000000001 x1 : ffff800011f60e40 x0 : 0000000000000000
Call trace:
__clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
try_release_extent_state fs/btrfs/extent_io.c:5246 [inline]
try_release_extent_mapping+0x458/0x480 fs/btrfs/extent_io.c:5343
__btrfs_releasepage+0x30/0x200 fs/btrfs/inode.c:8611
btrfs_releasepage+0x1a8/0x258 fs/btrfs/inode.c:8624
try_to_release_page+0x204/0x2d0 mm/filemap.c:3970
invalidate_complete_page mm/truncate.c:203 [inline]
invalidate_inode_page+0x250/0x308 mm/truncate.c:255
__invalidate_mapping_pages+0x280/0x664 mm/truncate.c:494
invalidate_mapping_pages+0x38/0x4c mm/truncate.c:533
btrfs_direct_write fs/btrfs/file.c:2056 [inline]
btrfs_file_write_iter+0x9e8/0xad8 fs/btrfs/file.c:2086
do_iter_readv_writev+0x420/0x5f8
do_iter_write+0x1b8/0x664 fs/read_write.c:855
vfs_iter_write+0x88/0xac fs/read_write.c:896
iter_file_splice_write+0x618/0xc48 fs/splice.c:689
do_splice_from fs/splice.c:767 [inline]
direct_splice_actor+0xe4/0x1c0 fs/splice.c:936
splice_direct_to_actor+0x408/0x9a0 fs/splice.c:891
do_splice_direct+0x1f4/0x334 fs/splice.c:979
generic_copy_file_range fs/read_write.c:1385 [inline]
vfs_copy_file_range+0x944/0x1130 fs/read_write.c:1531
__do_sys_copy_file_range fs/read_write.c:1588 [inline]
__se_sys_copy_file_range fs/read_write.c:1551 [inline]
__arm64_sys_copy_file_range+0x5f8/0x9d8 fs/read_write.c:1551
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 2a1503e3 95e368dd d4210000 97913978 (d4210000)
---[ end trace e08345ed6c84a37f ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 10, 2023, 10:54:57 PM8/10/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c275eaaaa342 Linux 5.15.125
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12f26017a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a577fda80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4ec3cb6c37d5/disk-c275eaaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d758e21b247/vmlinux-c275eaaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d2177731a824/Image-c275eaaa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/aa24ba407452/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87ed0f...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:821!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4680 Comm: syz-executor402 Not tainted 5.15.125-syzkaller #0
x29: ffff80001eb16cd0 x28: 1fffe0001975d55e x27: dfff800000000000
x26: ffff0000d8258000 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000000001fff x22: 0000000000000fff x21: ffff0000cbaeaaf8
x20: ffff0000cbaeaaf0 x19: ffff0000e20eecb0 x18: 0000000000000002
x11: ff8080000a073110 x10: 0000000000000000 x9 : ffff80000a073110
x8 : ffff0000d8258000 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff80001eb16038 x4 : 00000000000000c8 x3 : 0000000000000088
x2 : 0000000000000000 x1 : ffff800011f60e40 x0 : 0000000000000000
---[ end trace 9ea205a04bd60659 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: c275eaaaa342 Linux 5.15.125
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=d5effadda2808dce
dashboard link: https://syzkaller.appspot.com/bug?extid=87ed0f6b88d6ff3177ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113921c3a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=87ed0f6b88d6ff3177ad
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a577fda80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4ec3cb6c37d5/disk-c275eaaa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d758e21b247/vmlinux-c275eaaa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d2177731a824/Image-c275eaaa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+87ed0f...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:821!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
lr : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
sp : ffff80001eb16be0
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
lr : __clear_extent_bit+0xc2c/0xcc0 fs/btrfs/extent_io.c:821
x29: ffff80001eb16cd0 x28: 1fffe0001975d55e x27: dfff800000000000
x26: ffff0000d8258000 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000000001fff x22: 0000000000000fff x21: ffff0000cbaeaaf8
x20: ffff0000cbaeaaf0 x19: ffff0000e20eecb0 x18: 0000000000000002
x17: ff80800008334ef0 x16: ffff80001195fe04 x15: ffff800008334ef0
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000a073110 x10: 0000000000000000 x9 : ffff80000a073110
x8 : ffff0000d8258000 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff80001eb16038 x4 : 00000000000000c8 x3 : 0000000000000088
x2 : 0000000000000000 x1 : ffff800011f60e40 x0 : 0000000000000000
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages