[v5.15] kernel BUG in set_state_bits
1 view
Skip to first unread message
syzbot
Apr 3, 2023, 3:24:46 PM4/3/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=174f5335c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=ad704c01c5da34051e01
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad704c...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:939!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 1324 Comm: syz-executor.4 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
lr : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
sp : ffff800020b67400
x29: ffff800020b67400 x28: 0000000000000000 x27: 0000000000001000
x26: dfff800000000000 x25: 0000000000000001 x24: 0000000000000107
x23: 0000000000000000 x22: 0000000000000fff x21: 0000000000001000
x20: 00000000fffffff4 x19: ffff000139bc2af0 x18: 0000000000000002
x17: ff808000083336c4 x16: ffff80001193f6fc x15: ffff8000083336c4
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000000f6d2 x10: ffff800022e3c000 x9 : ffff80000a06cff8
x8 : 000000000000f6d3 x7 : 0000000000000000 x6 : 000000000003b458
x5 : ffff800020b66818 x4 : 0000000000000100 x3 : 0000000000000a20
x2 : 0000000000000038 x1 : 00000000fffffff4 x0 : 0000000000000000
Call trace:
set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
insert_state fs/btrfs/extent_io.c:572 [inline]
set_extent_bit+0xe08/0x1464 fs/btrfs/extent_io.c:1022
set_record_extent_bits+0x70/0x94 fs/btrfs/extent_io.c:1422
qgroup_reserve_data+0x214/0x878 fs/btrfs/qgroup.c:3690
btrfs_qgroup_reserve_data+0x40/0xec fs/btrfs/qgroup.c:3733
btrfs_check_data_free_space+0x208/0x2f4 fs/btrfs/delalloc-space.c:145
btrfs_buffered_write+0x46c/0xe6c fs/btrfs/file.c:1730
btrfs_file_write_iter+0x198/0xad8 fs/btrfs/file.c:2088
call_write_iter include/linux/fs.h:2103 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97a1586f f9400fa8 17ffff54 9791488f (d4210000)
---[ end trace 5b2d724a2d16d19e ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=174f5335c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=ad704c01c5da34051e01
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad704c...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:939!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 1324 Comm: syz-executor.4 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
lr : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
sp : ffff800020b67400
x29: ffff800020b67400 x28: 0000000000000000 x27: 0000000000001000
x26: dfff800000000000 x25: 0000000000000001 x24: 0000000000000107
x23: 0000000000000000 x22: 0000000000000fff x21: 0000000000001000
x20: 00000000fffffff4 x19: ffff000139bc2af0 x18: 0000000000000002
x17: ff808000083336c4 x16: ffff80001193f6fc x15: ffff8000083336c4
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000000f6d2 x10: ffff800022e3c000 x9 : ffff80000a06cff8
x8 : 000000000000f6d3 x7 : 0000000000000000 x6 : 000000000003b458
x5 : ffff800020b66818 x4 : 0000000000000100 x3 : 0000000000000a20
x2 : 0000000000000038 x1 : 00000000fffffff4 x0 : 0000000000000000
Call trace:
set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
insert_state fs/btrfs/extent_io.c:572 [inline]
set_extent_bit+0xe08/0x1464 fs/btrfs/extent_io.c:1022
set_record_extent_bits+0x70/0x94 fs/btrfs/extent_io.c:1422
qgroup_reserve_data+0x214/0x878 fs/btrfs/qgroup.c:3690
btrfs_qgroup_reserve_data+0x40/0xec fs/btrfs/qgroup.c:3733
btrfs_check_data_free_space+0x208/0x2f4 fs/btrfs/delalloc-space.c:145
btrfs_buffered_write+0x46c/0xe6c fs/btrfs/file.c:1730
btrfs_file_write_iter+0x198/0xad8 fs/btrfs/file.c:2088
call_write_iter include/linux/fs.h:2103 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97a1586f f9400fa8 17ffff54 9791488f (d4210000)
---[ end trace 5b2d724a2d16d19e ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
May 27, 2023, 10:21:51 PM5/27/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16292fb1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12016d51280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/528fa500611a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad704c...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:939!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3966 Comm: syz-executor608 Not tainted 5.15.113-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
x29: ffff80001acd7400 x28: 0000000000000000 x27: 0000000000001000
x26: dfff800000000000 x25: 0000000000000001 x24: 0000000000000108
x17: ff80800008335ea8 x16: ffff800011950fac x15: ffff800008335ea8
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000a073968 x10: 0000000000000000 x9 : ffff80000a073968
x8 : ffff0000d699b680 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff80001acd6818 x4 : 0000000000000100 x3 : 0000000000000a20
btrfs_qgroup_reserve_data+0x40/0xec fs/btrfs/qgroup.c:3742
btrfs_file_write_iter+0x820/0xad8 fs/btrfs/file.c:2086
---[ end trace cdb339aebb598a47 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 1fe619a7d252 Linux 5.15.113
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16292fb1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f10ee30ae29b021
dashboard link: https://syzkaller.appspot.com/bug?extid=ad704c01c5da34051e01
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163edf6d280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12016d51280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1b707a1e1816/disk-1fe619a7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/19cc598a8bbe/vmlinux-1fe619a7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a6cf7269bae5/Image-1fe619a7.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/528fa500611a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad704c...@syzkaller.appspotmail.com
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:939!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
lr : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
sp : ffff80001acd7400
pc : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
lr : set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
x29: ffff80001acd7400 x28: 0000000000000000 x27: 0000000000001000
x26: dfff800000000000 x25: 0000000000000001 x24: 0000000000000108
x23: 0000000000000000 x22: 0000000000000fff x21: 0000000000001000
x20: 00000000fffffff4 x19: ffff0000c8c407d0 x18: 0000000000000002
x17: ff80800008335ea8 x16: ffff800011950fac x15: ffff800008335ea8
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000a073968 x10: 0000000000000000 x9 : ffff80000a073968
x8 : ffff0000d699b680 x7 : 0000000000000000 x6 : 0000000000000001
x5 : ffff80001acd6818 x4 : 0000000000000100 x3 : 0000000000000a20
x2 : 0000000000000038 x1 : 00000000fffffff4 x0 : 0000000000000000
Call trace:
set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
insert_state fs/btrfs/extent_io.c:572 [inline]
set_extent_bit+0xe08/0x1464 fs/btrfs/extent_io.c:1022
set_record_extent_bits+0x70/0x94 fs/btrfs/extent_io.c:1422
qgroup_reserve_data+0x214/0x878 fs/btrfs/qgroup.c:3699
Call trace:
set_state_bits+0x370/0x374 fs/btrfs/extent_io.c:939
insert_state fs/btrfs/extent_io.c:572 [inline]
set_extent_bit+0xe08/0x1464 fs/btrfs/extent_io.c:1022
set_record_extent_bits+0x70/0x94 fs/btrfs/extent_io.c:1422
btrfs_qgroup_reserve_data+0x40/0xec fs/btrfs/qgroup.c:3742
btrfs_check_data_free_space+0x208/0x2f4 fs/btrfs/delalloc-space.c:145
btrfs_buffered_write+0x46c/0xe6c fs/btrfs/file.c:1730
btrfs_direct_write fs/btrfs/file.c:2038 [inline]
btrfs_buffered_write+0x46c/0xe6c fs/btrfs/file.c:1730
btrfs_file_write_iter+0x820/0xad8 fs/btrfs/file.c:2086
call_write_iter include/linux/fs.h:2103 [inline]
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97a14fd4 f9400fa8 17ffff54 97913de6 (d4210000)
new_sync_write fs/read_write.c:507 [inline]
vfs_write+0x87c/0xb3c fs/read_write.c:594
ksys_write+0x15c/0x26c fs/read_write.c:647
__do_sys_write fs/read_write.c:659 [inline]
__se_sys_write fs/read_write.c:656 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:656
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---[ end trace cdb339aebb598a47 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages