kernel BUG in btrfs_rmap_block
9 views
Skip to first unread message
syzbot
Feb 16, 2023, 1:55:49 PM2/16/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a8ad60f2af58 Linux 4.14.305
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14957bd0c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f23dc9802022031
dashboard link: https://syzkaller.appspot.com/bug?extid=e4391649e78c5b8f2d7f
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c38348fd389d/disk-a8ad60f2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a775d221689/vmlinux-a8ad60f2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32e71e04d2b4/bzImage-a8ad60f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e43916...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007f15b12cf1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fff70650f2f R14: 00007f15b12cf300 R15: 0000000000022000
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:5965!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 15490 Comm: syz-executor.2 Not tainted 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
task: ffff8880b323e000 task.stack: ffff888046d58000
RIP: 0010:btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965
RSP: 0018:ffff888046d5f650 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc90008004000
RDX: 0000000000040000 RSI: ffffffff82a7767a RDI: 0000000000000286
RBP: ffff8880aa3a6a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005
R13: 0000000000000000 R14: ffff888094761b00 R15: 00000000007e0000
FS: 00007f15b12cf700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005617dd1ac9f8 CR3: 00000000a08b1000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
exclude_super_stripes+0x102/0x480 fs/btrfs/extent-tree.c:280
btrfs_make_block_group+0x288/0x950 fs/btrfs/extent-tree.c:10422
__btrfs_alloc_chunk+0x1194/0x18e0 fs/btrfs/volumes.c:4850
do_chunk_alloc+0x2fa/0x800 fs/btrfs/extent-tree.c:4707
btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 fs/btrfs/extent-tree.c:4338
btrfs_check_data_free_space+0xc4/0x130 fs/btrfs/extent-tree.c:4422
btrfs_delalloc_reserve_space+0x2a/0xa0 fs/btrfs/extent-tree.c:6291
btrfs_truncate_block+0x1c0/0xda0 fs/btrfs/inode.c:4911
btrfs_cont_expand+0x15c/0xc70 fs/btrfs/inode.c:5070
btrfs_setsize fs/btrfs/inode.c:5188 [inline]
btrfs_setattr+0x407/0x870 fs/btrfs/inode.c:5295
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f15b2d5d0f9
RSP: 002b:00007f15b12cf168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f15b2e7cf80 RCX: 00007f15b2d5d0f9
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007f15b12cf1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fff70650f2f R14: 00007f15b12cf300 R15: 0000000000022000
Code: 0f af 64 24 38 4c 89 64 24 38 e9 5f fb ff ff e8 4d e0 ad fe 0f 0b e9 7e fd ff ff 41 bc fb ff ff ff e9 d9 fe ff ff e8 36 e0 ad fe <0f> 0b e8 2f e0 ad fe 44 8d 63 fe 48 8b 44 24 20 44 89 e1 31 d2
RIP: btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965 RSP: ffff888046d5f650
---[ end trace 2a342c8b65aeebef ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: a8ad60f2af58 Linux 4.14.305
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14957bd0c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=2f23dc9802022031
dashboard link: https://syzkaller.appspot.com/bug?extid=e4391649e78c5b8f2d7f
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c38348fd389d/disk-a8ad60f2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a775d221689/vmlinux-a8ad60f2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32e71e04d2b4/bzImage-a8ad60f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e43916...@syzkaller.appspotmail.com
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007f15b12cf1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fff70650f2f R14: 00007f15b12cf300 R15: 0000000000022000
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:5965!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 15490 Comm: syz-executor.2 Not tainted 4.14.305-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
task: ffff8880b323e000 task.stack: ffff888046d58000
RIP: 0010:btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965
RSP: 0018:ffff888046d5f650 EFLAGS: 00010246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc90008004000
RDX: 0000000000040000 RSI: ffffffff82a7767a RDI: 0000000000000286
RBP: ffff8880aa3a6a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005
R13: 0000000000000000 R14: ffff888094761b00 R15: 00000000007e0000
FS: 00007f15b12cf700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005617dd1ac9f8 CR3: 00000000a08b1000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
exclude_super_stripes+0x102/0x480 fs/btrfs/extent-tree.c:280
btrfs_make_block_group+0x288/0x950 fs/btrfs/extent-tree.c:10422
__btrfs_alloc_chunk+0x1194/0x18e0 fs/btrfs/volumes.c:4850
do_chunk_alloc+0x2fa/0x800 fs/btrfs/extent-tree.c:4707
btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 fs/btrfs/extent-tree.c:4338
btrfs_check_data_free_space+0xc4/0x130 fs/btrfs/extent-tree.c:4422
btrfs_delalloc_reserve_space+0x2a/0xa0 fs/btrfs/extent-tree.c:6291
btrfs_truncate_block+0x1c0/0xda0 fs/btrfs/inode.c:4911
btrfs_cont_expand+0x15c/0xc70 fs/btrfs/inode.c:5070
btrfs_setsize fs/btrfs/inode.c:5188 [inline]
btrfs_setattr+0x407/0x870 fs/btrfs/inode.c:5295
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f15b2d5d0f9
RSP: 002b:00007f15b12cf168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f15b2e7cf80 RCX: 00007f15b2d5d0f9
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007f15b12cf1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fff70650f2f R14: 00007f15b12cf300 R15: 0000000000022000
Code: 0f af 64 24 38 4c 89 64 24 38 e9 5f fb ff ff e8 4d e0 ad fe 0f 0b e9 7e fd ff ff 41 bc fb ff ff ff e9 d9 fe ff ff e8 36 e0 ad fe <0f> 0b e8 2f e0 ad fe 44 8d 63 fe 48 8b 44 24 20 44 89 e1 31 d2
RIP: btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965 RSP: ffff888046d5f650
---[ end trace 2a342c8b65aeebef ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 16, 2023, 2:09:10 PM2/16/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: a8ad60f2af58 Linux 4.14.305
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12306178c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1568256f480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c38348fd389d/disk-a8ad60f2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a775d221689/vmlinux-a8ad60f2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32e71e04d2b4/bzImage-a8ad60f2.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5532ee65902f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e43916...@syzkaller.appspotmail.com
RDX: 0000000000000390 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131
RAX: ffff888096ef2340 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286
RBP: ffff888097bc0e80 R08: 0000000000000000 R09: 0000000000000000
FS: 000055555726d3c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
RSP: 002b:00007ffd39821388 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007ffd398213c8 RCX: 00007fbe9e35d109
RDX: 0000000000000390 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131
---[ end trace 232f6eecee309a2e ]---
HEAD commit: a8ad60f2af58 Linux 4.14.305
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=2f23dc9802022031
dashboard link: https://syzkaller.appspot.com/bug?extid=e4391649e78c5b8f2d7f
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10700768c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=e4391649e78c5b8f2d7f
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1568256f480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c38348fd389d/disk-a8ad60f2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a775d221689/vmlinux-a8ad60f2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32e71e04d2b4/bzImage-a8ad60f2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e43916...@syzkaller.appspotmail.com
RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fbe9e3990e8 R14: 0000000000000000 R15: 0000000000000000
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:5965!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 7985 Comm: syz-executor224 Not tainted 4.14.305-syzkaller #0
kernel BUG at fs/btrfs/volumes.c:5965!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
task: ffff888096ef2340 task.stack: ffff888091a70000
RIP: 0010:btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965
RSP: 0018:ffff888091a77650 EFLAGS: 00010297
RAX: ffff888096ef2340 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286
RBP: ffff888097bc0e80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000005
R13: 0000000000000000 R14: ffff8880b3aa6040 R15: 00000000007e0000
FS: 000055555726d3c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b8b894f8e0 CR3: 00000000b05bb000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
exclude_super_stripes+0x102/0x480 fs/btrfs/extent-tree.c:280
btrfs_make_block_group+0x288/0x950 fs/btrfs/extent-tree.c:10422
__btrfs_alloc_chunk+0x1194/0x18e0 fs/btrfs/volumes.c:4850
do_chunk_alloc+0x2fa/0x800 fs/btrfs/extent-tree.c:4707
btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 fs/btrfs/extent-tree.c:4338
btrfs_check_data_free_space+0xc4/0x130 fs/btrfs/extent-tree.c:4422
btrfs_delalloc_reserve_space+0x2a/0xa0 fs/btrfs/extent-tree.c:6291
btrfs_truncate_block+0x1c0/0xda0 fs/btrfs/inode.c:4911
btrfs_cont_expand+0x15c/0xc70 fs/btrfs/inode.c:5070
btrfs_setsize fs/btrfs/inode.c:5188 [inline]
btrfs_setattr+0x407/0x870 fs/btrfs/inode.c:5295
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fbe9e35d109
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
exclude_super_stripes+0x102/0x480 fs/btrfs/extent-tree.c:280
btrfs_make_block_group+0x288/0x950 fs/btrfs/extent-tree.c:10422
__btrfs_alloc_chunk+0x1194/0x18e0 fs/btrfs/volumes.c:4850
do_chunk_alloc+0x2fa/0x800 fs/btrfs/extent-tree.c:4707
btrfs_alloc_data_chunk_ondemand+0x2de/0xc50 fs/btrfs/extent-tree.c:4338
btrfs_check_data_free_space+0xc4/0x130 fs/btrfs/extent-tree.c:4422
btrfs_delalloc_reserve_space+0x2a/0xa0 fs/btrfs/extent-tree.c:6291
btrfs_truncate_block+0x1c0/0xda0 fs/btrfs/inode.c:4911
btrfs_cont_expand+0x15c/0xc70 fs/btrfs/inode.c:5070
btrfs_setsize fs/btrfs/inode.c:5188 [inline]
btrfs_setattr+0x407/0x870 fs/btrfs/inode.c:5295
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RSP: 002b:00007ffd39821388 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007ffd398213c8 RCX: 00007fbe9e35d109
RDX: 0000000000000390 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd39821390 R08: 0000000000000002 R09: 0000000000003131
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007fbe9e3990e8 R14: 0000000000000000 R15: 0000000000000000
Code: 0f af 64 24 38 4c 89 64 24 38 e9 5f fb ff ff e8 4d e0 ad fe 0f 0b e9 7e fd ff ff 41 bc fb ff ff ff e9 d9 fe ff ff e8 36 e0 ad fe <0f> 0b e8 2f e0 ad fe 44 8d 63 fe 48 8b 44 24 20 44 89 e1 31 d2
RIP: btrfs_rmap_block+0x61a/0x750 fs/btrfs/volumes.c:5965 RSP: ffff888091a77650
---[ end trace 232f6eecee309a2e ]---
syzbot
Feb 16, 2023, 2:35:51 PM2/16/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=102dd968c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=170548e19f8d29ea1deb
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12cedcc8c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c682fe42150b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+170548...@syzkaller.appspotmail.com
RDX: 0000000000000880 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd8d118880 R08: 0000000000000002 R09: 00007ffd8d118890
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffd8d1188c0 R14: 00007ffd8d1188a0 R15: 0000000000000000
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:5983!
Code: db 48 8d 2c dd 00 00 00 00 48 c1 eb 3d 48 85 db 0f 95 c3 31 ff 0f b6 db 48 89 de e8 be e1 71 fe 48 85 db 74 5b e8 24 e0 71 fe <0f> 0b e8 1d e0 71 fe 49 8d 7f 1c 48 b8 00 00 00 00 00 fc ff df 48
RSP: 0018:ffff888094d07580 EFLAGS: 00010293
RAX: ffff8880afc14300 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff82f0a54c RDI: 0000000000000286
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b00002c0 R14: 0000000000820000 R15: ffff8880abd9bf00
FS: 000055555699c300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
btrfs_make_block_group+0x2a7/0x940 fs/btrfs/extent-tree.c:10167
__btrfs_alloc_chunk+0xf77/0x1c20 fs/btrfs/volumes.c:4865
do_chunk_alloc+0x4e8/0xb70 fs/btrfs/extent-tree.c:4527
btrfs_alloc_data_chunk_ondemand+0x32b/0xce0 fs/btrfs/extent-tree.c:4161
btrfs_check_data_free_space+0xc8/0x150 fs/btrfs/extent-tree.c:4245
btrfs_delalloc_reserve_space+0x2a/0xb0 fs/btrfs/extent-tree.c:6033
btrfs_truncate_block+0x213/0x1150 fs/btrfs/inode.c:4977
btrfs_cont_expand+0x171/0xd80 fs/btrfs/inode.c:5133
btrfs_setsize fs/btrfs/inode.c:5250 [inline]
btrfs_setattr+0x8cf/0xff0 fs/btrfs/inode.c:5320
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f629a70fac9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd8d118858 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f629a70fac9
RDX: 0000000000000880 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd8d118880 R08: 0000000000000002 R09: 00007ffd8d118890
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffd8d1188c0 R14: 00007ffd8d1188a0 R15: 0000000000000000
Modules linked in:
---[ end trace ddcbd20012b6779c ]---
RIP: 0010:btrfs_rmap_block+0x1cc/0x8c0 fs/btrfs/volumes.c:5983
Code: db 48 8d 2c dd 00 00 00 00 48 c1 eb 3d 48 85 db 0f 95 c3 31 ff 0f b6 db 48 89 de e8 be e1 71 fe 48 85 db 74 5b e8 24 e0 71 fe <0f> 0b e8 1d e0 71 fe 49 8d 7f 1c 48 b8 00 00 00 00 00 fc ff df 48
RSP: 0018:ffff888094d07580 EFLAGS: 00010293
RAX: ffff8880afc14300 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff82f0a54c RDI: 0000000000000286
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b00002c0 R14: 0000000000820000 R15: ffff8880abd9bf00
FS: 000055555699c300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=102dd968c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=170548e19f8d29ea1deb
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1102818b480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12cedcc8c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c682fe42150b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
RDX: 0000000000000880 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd8d118880 R08: 0000000000000002 R09: 00007ffd8d118890
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffd8d1188c0 R14: 00007ffd8d1188a0 R15: 0000000000000000
------------[ cut here ]------------
kernel BUG at fs/btrfs/volumes.c:5983!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8124 Comm: syz-executor382 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
RIP: 0010:btrfs_rmap_block+0x1cc/0x8c0 fs/btrfs/volumes.c:5983
Code: db 48 8d 2c dd 00 00 00 00 48 c1 eb 3d 48 85 db 0f 95 c3 31 ff 0f b6 db 48 89 de e8 be e1 71 fe 48 85 db 74 5b e8 24 e0 71 fe <0f> 0b e8 1d e0 71 fe 49 8d 7f 1c 48 b8 00 00 00 00 00 fc ff df 48
RSP: 0018:ffff888094d07580 EFLAGS: 00010293
RAX: ffff8880afc14300 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff82f0a54c RDI: 0000000000000286
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b00002c0 R14: 0000000000820000 R15: ffff8880abd9bf00
FS: 000055555699c300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f629a787138 CR3: 0000000099dce000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
exclude_super_stripes+0x141/0x550 fs/btrfs/extent-tree.c:253
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
btrfs_make_block_group+0x2a7/0x940 fs/btrfs/extent-tree.c:10167
__btrfs_alloc_chunk+0xf77/0x1c20 fs/btrfs/volumes.c:4865
do_chunk_alloc+0x4e8/0xb70 fs/btrfs/extent-tree.c:4527
btrfs_alloc_data_chunk_ondemand+0x32b/0xce0 fs/btrfs/extent-tree.c:4161
btrfs_check_data_free_space+0xc8/0x150 fs/btrfs/extent-tree.c:4245
btrfs_delalloc_reserve_space+0x2a/0xb0 fs/btrfs/extent-tree.c:6033
btrfs_truncate_block+0x213/0x1150 fs/btrfs/inode.c:4977
btrfs_cont_expand+0x171/0xd80 fs/btrfs/inode.c:5133
btrfs_setsize fs/btrfs/inode.c:5250 [inline]
btrfs_setattr+0x8cf/0xff0 fs/btrfs/inode.c:5320
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f629a70fac9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd8d118858 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f629a70fac9
RDX: 0000000000000880 RSI: 0000000002007ffb RDI: 0000000000000004
RBP: 00007ffd8d118880 R08: 0000000000000002 R09: 00007ffd8d118890
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00007ffd8d1188c0 R14: 00007ffd8d1188a0 R15: 0000000000000000
Modules linked in:
---[ end trace ddcbd20012b6779c ]---
RIP: 0010:btrfs_rmap_block+0x1cc/0x8c0 fs/btrfs/volumes.c:5983
Code: db 48 8d 2c dd 00 00 00 00 48 c1 eb 3d 48 85 db 0f 95 c3 31 ff 0f b6 db 48 89 de e8 be e1 71 fe 48 85 db 74 5b e8 24 e0 71 fe <0f> 0b e8 1d e0 71 fe 49 8d 7f 1c 48 b8 00 00 00 00 00 fc ff df 48
RSP: 0018:ffff888094d07580 EFLAGS: 00010293
RAX: ffff8880afc14300 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff82f0a54c RDI: 0000000000000286
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8880b00002c0 R14: 0000000000820000 R15: ffff8880abd9bf00
FS: 000055555699c300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f629a787138 CR3: 0000000099dce000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages