[v6.1] kernel BUG in ocfs2_remove_extent
1 view
Skip to first unread message
syzbot
Aug 11, 2025, 8:06:30 AMAug 11
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3594f306da12 Linux 6.1.147
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14274842580000
kernel config: https://syzkaller.appspot.com/x/.config?x=30b8ca4950f83e04
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5b0395e2ec6c/disk-3594f306.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c3ec331b7d5b/vmlinux-3594f306.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bff42068e062/bzImage-3594f306.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5635 Comm: syz.0.319 Not tainted 6.1.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc9001c976560 EFLAGS: 00010293
RAX: ffffffff83348d40 RBX: ffff88804fc586d0 RCX: ffff88802700bb80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc9001c976890 R08: ffff88802700bb80 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff11009f8b0da R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fa8695f98 CR3: 000000005c985000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ocfs2_remove_btree_range+0xd92/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xaf5/0x1bf0 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0x10d5/0x41e0 fs/ocfs2/inode.c:1216
evict+0x485/0x870 fs/inode.c:705
ocfs2_dentry_iput+0x244/0x370 fs/ocfs2/dcache.c:418
__dentry_kill+0x431/0x650 fs/dcache.c:611
dentry_kill+0xb8/0x290 fs/dcache.c:-1
dput+0xfa/0x1d0 fs/dcache.c:918
__fput+0x5e0/0x920 fs/file_table.c:328
task_work_run+0x1ca/0x250 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x93e/0x2400 kernel/exit.c:880
do_group_exit+0x217/0x2d0 kernel/exit.c:1022
get_signal+0x1272/0x1350 kernel/signal.c:2871
arch_do_signal_or_restart+0xb0/0x1230 arch/x86/kernel/signal.c:871
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:316
exc_page_fault+0x88/0x100 arch/x86/mm/fault.c:1490
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7f68b844f927
Code: Unable to access opcode bytes at 0x7f68b844f8fd.
RSP: 002b:00007f68b93e1120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f68b858ebe9
RDX: 00007f68b93e1140 RSI: 00007f68b93e1270 RDI: 000000000000000b
RBP: 00007f68b8611e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f68b87b6038 R14: 00007f68b87b5fa0 R15: 00007ffcd0003bc8
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc9001c976560 EFLAGS: 00010293
RAX: ffffffff83348d40 RBX: ffff88804fc586d0 RCX: ffff88802700bb80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc9001c976890 R08: ffff88802700bb80 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff11009f8b0da R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff912384198 CR3: 000000007e59a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3594f306da12 Linux 6.1.147
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14274842580000
kernel config: https://syzkaller.appspot.com/x/.config?x=30b8ca4950f83e04
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5b0395e2ec6c/disk-3594f306.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c3ec331b7d5b/vmlinux-3594f306.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bff42068e062/bzImage-3594f306.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5635 Comm: syz.0.319 Not tainted 6.1.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc9001c976560 EFLAGS: 00010293
RAX: ffffffff83348d40 RBX: ffff88804fc586d0 RCX: ffff88802700bb80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc9001c976890 R08: ffff88802700bb80 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff11009f8b0da R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2fa8695f98 CR3: 000000005c985000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ocfs2_remove_btree_range+0xd92/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xaf5/0x1bf0 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0x10d5/0x41e0 fs/ocfs2/inode.c:1216
evict+0x485/0x870 fs/inode.c:705
ocfs2_dentry_iput+0x244/0x370 fs/ocfs2/dcache.c:418
__dentry_kill+0x431/0x650 fs/dcache.c:611
dentry_kill+0xb8/0x290 fs/dcache.c:-1
dput+0xfa/0x1d0 fs/dcache.c:918
__fput+0x5e0/0x920 fs/file_table.c:328
task_work_run+0x1ca/0x250 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x93e/0x2400 kernel/exit.c:880
do_group_exit+0x217/0x2d0 kernel/exit.c:1022
get_signal+0x1272/0x1350 kernel/signal.c:2871
arch_do_signal_or_restart+0xb0/0x1230 arch/x86/kernel/signal.c:871
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
irqentry_exit_to_user_mode+0x5/0x30 kernel/entry/common.c:316
exc_page_fault+0x88/0x100 arch/x86/mm/fault.c:1490
asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0033:0x7f68b844f927
Code: Unable to access opcode bytes at 0x7f68b844f8fd.
RSP: 002b:00007f68b93e1120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f68b858ebe9
RDX: 00007f68b93e1140 RSI: 00007f68b93e1270 RDI: 000000000000000b
RBP: 00007f68b8611e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f68b87b6038 R14: 00007f68b87b5fa0 R15: 00007ffcd0003bc8
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc9001c976560 EFLAGS: 00010293
RAX: ffffffff83348d40 RBX: ffff88804fc586d0 RCX: ffff88802700bb80
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc9001c976890 R08: ffff88802700bb80 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff11009f8b0da R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff912384198 CR3: 000000007e59a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 11, 2025, 10:18:41 AMAug 11
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3594f306da12 Linux 6.1.147
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1698c842580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5b0395e2ec6c/disk-3594f306.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c3ec331b7d5b/vmlinux-3594f306.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bff42068e062/bzImage-3594f306.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/1bf700cd2555/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=124205a2580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4435 Comm: syz.0.17 Not tainted 6.1.147-syzkaller #0
RAX: ffffffff83348d40 RBX: ffff888058e3d4d0 RCX: ffff88807c4a8000
RIP: 0033:0x7f13a764f927
Code: Unable to access opcode bytes at 0x7f13a764f8fd.
RSP: 002b:00007f13a85c7120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f13a778ebe9
RDX: 00007f13a85c7140 RSI: 00007f13a85c7270 RDI: 000000000000000b
RBP: 00007f13a7811e19 R08: 0000000000000000 R09: 0000000000000000
RAX: ffffffff83348d40 RBX: ffff888058e3d4d0 RCX: ffff88807c4a8000
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 3594f306da12 Linux 6.1.147
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=30b8ca4950f83e04
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a5f434580000
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5b0395e2ec6c/disk-3594f306.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c3ec331b7d5b/vmlinux-3594f306.xz
kernel image: https://storage.googleapis.com/syzbot-assets/bff42068e062/bzImage-3594f306.xz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=124205a2580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc90003456560 EFLAGS: 00010293
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RAX: ffffffff83348d40 RBX: ffff888058e3d4d0 RCX: ffff88807c4a8000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc90003456890 R08: ffff88807c4a8000 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff1100b1c7a9a R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c008203000 CR3: 000000000c88e000 CR4: 00000000003506f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Code: Unable to access opcode bytes at 0x7f13a764f8fd.
RSP: 002b:00007f13a85c7120 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f13a778ebe9
RDX: 00007f13a85c7140 RSI: 00007f13a85c7270 RDI: 000000000000000b
RBP: 00007f13a7811e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f13a79b6038 R14: 00007f13a79b5fa0 R15: 00007ffc39379618
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RSP: 0018:ffffc90003456560 EFLAGS: 00010293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e70/0x2010 fs/ocfs2/alloc.c:5574
Code: fe e9 70 fa ff ff 48 8b 0c 24 80 e1 07 fe c1 38 c1 0f 8c b0 fa ff ff 48 8b 3c 24 e8 0a 56 9c fe e9 a2 fa ff ff e8 a0 39 4c fe <0f> 0b 65 44 8b 3d 56 8c cd 7c 48 c7 c0 b0 4d 1f 8e 48 c1 e8 03 42
RAX: ffffffff83348d40 RBX: ffff888058e3d4d0 RCX: ffff88807c4a8000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000007
RBP: ffffc90003456890 R08: ffff88807c4a8000 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 0000000000000007
R13: 1ffff1100b1c7a9a R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b153a1796 CR3: 000000007e591000 CR4: 00000000003506e0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Sep 7, 2025, 1:05:36 AM (2 days ago) Sep 7
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1697a562580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146f7a42580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=167b3312580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/550b1917c7da/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=16c48562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4614 Comm: syz.2.19 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
lr : ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
sp : ffff800021a96340
x29: ffff800021a96640 x28: ffff0000f63144d4 x27: 1fffe0001ec6289a
x26: ffff800021a96ad8 x25: dfff800000000000 x24: 0000000000000002
x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
x20: ffff0000d4524910 x19: ffff0000d4524900 x18: ffff800011abbcc0
x17: ffff8000181f9000 x16: ffff8000082d22d4 x15: 0000000000000000
x14: 00000000fffffffc x13: 0000000000ff0100 x12: 0000000000ff0100
x11: ff00800009cbbb78 x10: 0000000000000000 x9 : ffff800009cbbb78
x8 : ffff0000c8571bc0 x7 : ffff8000081ce214 x6 : ffff8000081a18b4
x5 : ffff0000f1986410 x4 : ffff800021a96540 x3 : ffff800009cad91c
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000002
Call trace:
ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
ocfs2_remove_btree_range+0xc58/0x11c4 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0x820/0x1864 fs/ocfs2/alloc.c:7354
evict+0x3c8/0x810 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x764/0x7f4 fs/inode.c:1860
ocfs2_dentry_iput+0x1d4/0x2d4 fs/ocfs2/dcache.c:418
dentry_unlink_inode+0x348/0x438 fs/dcache.c:403
__dentry_kill+0x320/0x598 fs/dcache.c:611
dentry_kill+0xc8/0x248 fs/dcache.c:-1
dput+0x238/0x454 fs/dcache.c:918
__fput+0x480/0x7c0 fs/file_table.c:328
____fput+0x20/0x30 fs/file_table.c:348
task_work_run+0x1ec/0x270 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x54c/0x19a8 kernel/exit.c:880
do_group_exit+0x194/0x22c kernel/exit.c:1022
get_signal+0x11d0/0x1310 kernel/signal.c:2871
do_signal arch/arm64/kernel/signal.c:1081 [inline]
do_notify_resume+0x290/0x2b0c arch/arm64/kernel/signal.c:1134
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_da+0xb4/0x154 arch/arm64/kernel/entry-common.c:516
el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1a03e0 97b06b6f 17fffe9a 979f97f1 (d4210000)
HEAD commit: 28c695c365e1 Linux 6.1.150
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1697a562580000
kernel config: https://syzkaller.appspot.com/x/.config?x=68aa5a3af1cb953a
dashboard link: https://syzkaller.appspot.com/bug?extid=8abfb36e428abc49ae66
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146f7a42580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=167b3312580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16e807247bf6/disk-28c695c3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a2c735eaf8f9/vmlinux-28c695c3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/080f0096d6c9/Image-28c695c3.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/550b1917c7da/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=16c48562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8abfb3...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
Modules linked in:
CPU: 0 PID: 4614 Comm: syz.2.19 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
lr : ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
sp : ffff800021a96340
x29: ffff800021a96640 x28: ffff0000f63144d4 x27: 1fffe0001ec6289a
x26: ffff800021a96ad8 x25: dfff800000000000 x24: 0000000000000002
x23: 0000000000000001 x22: 0000000000000000 x21: 0000000000000000
x20: ffff0000d4524910 x19: ffff0000d4524900 x18: ffff800011abbcc0
x17: ffff8000181f9000 x16: ffff8000082d22d4 x15: 0000000000000000
x14: 00000000fffffffc x13: 0000000000ff0100 x12: 0000000000ff0100
x11: ff00800009cbbb78 x10: 0000000000000000 x9 : ffff800009cbbb78
x8 : ffff0000c8571bc0 x7 : ffff8000081ce214 x6 : ffff8000081a18b4
x5 : ffff0000f1986410 x4 : ffff800021a96540 x3 : ffff800009cad91c
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000002
Call trace:
ocfs2_remove_extent+0x1b14/0x1d0c fs/ocfs2/alloc.c:5574
ocfs2_remove_btree_range+0xc58/0x11c4 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0x820/0x1864 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0xe0c/0x3d20 fs/ocfs2/inode.c:1216
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
evict+0x3c8/0x810 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x764/0x7f4 fs/inode.c:1860
ocfs2_dentry_iput+0x1d4/0x2d4 fs/ocfs2/dcache.c:418
dentry_unlink_inode+0x348/0x438 fs/dcache.c:403
__dentry_kill+0x320/0x598 fs/dcache.c:611
dentry_kill+0xc8/0x248 fs/dcache.c:-1
dput+0x238/0x454 fs/dcache.c:918
__fput+0x480/0x7c0 fs/file_table.c:328
____fput+0x20/0x30 fs/file_table.c:348
task_work_run+0x1ec/0x270 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0x54c/0x19a8 kernel/exit.c:880
do_group_exit+0x194/0x22c kernel/exit.c:1022
get_signal+0x11d0/0x1310 kernel/signal.c:2871
do_signal arch/arm64/kernel/signal.c:1081 [inline]
do_notify_resume+0x290/0x2b0c arch/arm64/kernel/signal.c:1134
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_da+0xb4/0x154 arch/arm64/kernel/entry-common.c:516
el0t_64_sync_handler+0x90/0xf0 arch/arm64/kernel/entry-common.c:658
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1a03e0 97b06b6f 17fffe9a 979f97f1 (d4210000)
---[ end trace 0000000000000000 ]---
syzbot
Sep 7, 2025, 8:51:32 AM (2 days ago) Sep 7
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 355bd0b51d2f Linux 6.6.104
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1245fa42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=1dd53396e7124586dca9
disk image: https://storage.googleapis.com/syzbot-assets/ef00d28b2c5b/disk-355bd0b5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7627cd51eb0a/vmlinux-355bd0b5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fdd0a51dd65/bzImage-355bd0b5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1dd533...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003236be0 EFLAGS: 00010293
RAX: ffffffff83491af9 RBX: ffffc900032373d8 RCX: ffff888023dc5a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: ffffc90003236f30 R08: ffff888023dc5a00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100993fa9a
R13: 0000000000000003 R14: ffff88804c9fd4d0 R15: ffff88804c9fd4d4
FS: 000055558222d500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
Call Trace:
<TASK>
ocfs2_remove_btree_range+0xd96/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xb4b/0x21a0 fs/ocfs2/alloc.c:7354
evict+0x486/0x870 fs/inode.c:705
do_unlinkat+0x37b/0x570 fs/namei.c:4398
__do_sys_unlink fs/namei.c:4439 [inline]
__se_sys_unlink fs/namei.c:4437 [inline]
__x64_sys_unlink+0x49/0x50 fs/namei.c:4437
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f17f858e197
Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcb3c4118 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f858e197
RDX: 00007ffdcb3c4140 RSI: 00007ffdcb3c41d0 RDI: 00007ffdcb3c41d0
RBP: 00007ffdcb3c41d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdcb3c52c0
R13: 00007f17f8611c05 R14: 000000000007cabb R15: 00007ffdcb3c6390
</TASK>
Modules linked in:
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003236be0 EFLAGS: 00010293
RAX: ffffffff83491af9 RBX: ffffc900032373d8 RCX: ffff888023dc5a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: ffffc90003236f30 R08: ffff888023dc5a00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100993fa9a
R13: 0000000000000003 R14: ffff88804c9fd4d0 R15: ffff88804c9fd4d4
FS: 000055558222d500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
syzbot found the following issue on:
HEAD commit: 355bd0b51d2f Linux 6.6.104
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1245fa42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=1dd53396e7124586dca9
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ef00d28b2c5b/disk-355bd0b5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7627cd51eb0a/vmlinux-355bd0b5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fdd0a51dd65/bzImage-355bd0b5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12497 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003236be0 EFLAGS: 00010293
RAX: ffffffff83491af9 RBX: ffffc900032373d8 RCX: ffff888023dc5a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: ffffc90003236f30 R08: ffff888023dc5a00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100993fa9a
R13: 0000000000000003 R14: ffff88804c9fd4d0 R15: ffff88804c9fd4d4
FS: 000055558222d500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3152225000 CR3: 000000007c857000 CR4: 00000000003506f0
Call Trace:
<TASK>
ocfs2_remove_btree_range+0xd96/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xb4b/0x21a0 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0xef6/0x3e60 fs/ocfs2/inode.c:1216
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
evict+0x486/0x870 fs/inode.c:705
do_unlinkat+0x37b/0x570 fs/namei.c:4398
__do_sys_unlink fs/namei.c:4439 [inline]
__se_sys_unlink fs/namei.c:4437 [inline]
__x64_sys_unlink+0x49/0x50 fs/namei.c:4437
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f17f858e197
Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcb3c4118 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f858e197
RDX: 00007ffdcb3c4140 RSI: 00007ffdcb3c41d0 RDI: 00007ffdcb3c41d0
RBP: 00007ffdcb3c41d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdcb3c52c0
R13: 00007f17f8611c05 R14: 000000000007cabb R15: 00007ffdcb3c6390
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003236be0 EFLAGS: 00010293
RAX: ffffffff83491af9 RBX: ffffc900032373d8 RCX: ffff888023dc5a00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: ffffc90003236f30 R08: ffff888023dc5a00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100993fa9a
R13: 0000000000000003 R14: ffff88804c9fd4d0 R15: ffff88804c9fd4d4
FS: 000055558222d500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f31527d5000 CR3: 000000007c857000 CR4: 00000000003506e0
syzbot
Sep 7, 2025, 11:52:26 AM (2 days ago) Sep 7
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 355bd0b51d2f Linux 6.6.104
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1798e562580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13feb962580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ef00d28b2c5b/disk-355bd0b5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7627cd51eb0a/vmlinux-355bd0b5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fdd0a51dd65/bzImage-355bd0b5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/beba26d496e1/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=13464562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1dd533...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5902 Comm: syz-executor Not tainted syzkaller #0
RAX: ffffffff83491af9 RBX: ffffc900033273d8 RCX: ffff88802bc8bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
RBP: ffffc90003326f30 R08: ffff88802bc8bc00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100ba54c9a
R13: 0000000000000004 R14: ffff88805d2a64d0 R15: ffff88805d2a64d4
FS: 000055557ecae500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe8ea38e197
RDX: 00007ffc96a11f20 RSI: 00007ffc96a11fb0 RDI: 00007ffc96a11fb0
RBP: 00007ffc96a11fb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc96a130a0
R13: 00007fe8ea411c05 R14: 0000000000019be5 R15: 00007ffc96a14170
RAX: ffffffff83491af9 RBX: ffffc900033273d8 RCX: ffff88802bc8bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
RBP: ffffc90003326f30 R08: ffff88802bc8bc00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100ba54c9a
R13: 0000000000000004 R14: ffff88805d2a64d0 R15: ffff88805d2a64d4
FS: 000055557ecae500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
HEAD commit: 355bd0b51d2f Linux 6.6.104
git tree: linux-6.6.y
kernel config: https://syzkaller.appspot.com/x/.config?x=dac93b93d3de2741
dashboard link: https://syzkaller.appspot.com/bug?extid=1dd53396e7124586dca9
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1058e562580000
dashboard link: https://syzkaller.appspot.com/bug?extid=1dd53396e7124586dca9
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13feb962580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ef00d28b2c5b/disk-355bd0b5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7627cd51eb0a/vmlinux-355bd0b5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3fdd0a51dd65/bzImage-355bd0b5.xz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=13464562580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1dd533...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5574!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003326be0 EFLAGS: 00010293
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RAX: ffffffff83491af9 RBX: ffffc900033273d8 RCX: ffff88802bc8bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
RBP: ffffc90003326f30 R08: ffff88802bc8bc00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100ba54c9a
R13: 0000000000000004 R14: ffff88805d2a64d0 R15: ffff88805d2a64d4
FS: 000055557ecae500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557ecd9648 CR3: 000000005fcef000 CR4: 00000000003506f0
Call Trace:
<TASK>
ocfs2_remove_btree_range+0xd96/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xb4b/0x21a0 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0xef6/0x3e60 fs/ocfs2/inode.c:1216
evict+0x486/0x870 fs/inode.c:705
do_unlinkat+0x37b/0x570 fs/namei.c:4398
__do_sys_unlink fs/namei.c:4439 [inline]
__se_sys_unlink fs/namei.c:4437 [inline]
__x64_sys_unlink+0x49/0x50 fs/namei.c:4437
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe8ea38e197
<TASK>
ocfs2_remove_btree_range+0xd96/0x1480 fs/ocfs2/alloc.c:5771
ocfs2_commit_truncate+0xb4b/0x21a0 fs/ocfs2/alloc.c:7354
ocfs2_truncate_for_delete fs/ocfs2/inode.c:623 [inline]
ocfs2_wipe_inode fs/ocfs2/inode.c:790 [inline]
ocfs2_delete_inode fs/ocfs2/inode.c:1079 [inline]
ocfs2_evict_inode+0xef6/0x3e60 fs/ocfs2/inode.c:1216
evict+0x486/0x870 fs/inode.c:705
do_unlinkat+0x37b/0x570 fs/namei.c:4398
__do_sys_unlink fs/namei.c:4439 [inline]
__se_sys_unlink fs/namei.c:4437 [inline]
__x64_sys_unlink+0x49/0x50 fs/namei.c:4437
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc96a11ef8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe8ea38e197
RDX: 00007ffc96a11f20 RSI: 00007ffc96a11fb0 RDI: 00007ffc96a11fb0
RBP: 00007ffc96a11fb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc96a130a0
R13: 00007fe8ea411c05 R14: 0000000000019be5 R15: 00007ffc96a14170
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RSP: 0018:ffffc90003326be0 EFLAGS: 00010293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_remove_extent+0x1e99/0x1ff0 fs/ocfs2/alloc.c:5574
Code: 68 fa ff ff 48 8b 4c 24 08 80 e1 07 fe c1 38 c1 0f 8c ad fa ff ff 48 8b 7c 24 08 e8 c1 ba 93 fe e9 9e fa ff ff e8 a7 74 3c fe <0f> 0b f3 0f 1e fa 65 8b 1d 06 9f ba 7c bf 07 00 00 00 89 de e8 3e
RAX: ffffffff83491af9 RBX: ffffc900033273d8 RCX: ffff88802bc8bc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
RBP: ffffc90003326f30 R08: ffff88802bc8bc00 R09: 0000000000000006
R10: 00000000fffffffc R11: 0000000000000000 R12: 1ffff1100ba54c9a
R13: 0000000000000004 R14: ffff88805d2a64d0 R15: ffff88805d2a64d4
FS: 000055557ecae500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c003d7d000 CR3: 000000005fcef000 CR4: 00000000003506f0
Reply all
Reply to author
Forward
0 new messages