[v6.1] WARNING in btrfs_mark_ordered_io_finished
0 views
Skip to first unread message
syzbot
6:12 AM (4 hours ago) 6:12 AM
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 50cbba13faa2 Linux 6.1.159
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1441dbda580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=0a084e4045edfc313196
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ad0bd66715a/disk-50cbba13.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3284d626258e/vmlinux-50cbba13.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1f92ca7bbfc/Image-50cbba13.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a084e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4606 at fs/btrfs/ordered-data.c:392 btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
Modules linked in:
CPU: 0 PID: 4606 Comm: syz.4.43 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
lr : btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
sp : ffff8000214f6bf0
x29: ffff8000214f6c90 x28: ffff0000dc1d40d8 x27: 1fffe0001b83a800
x26: fffffffffffff000 x25: 1fffe0001b83a806 x24: 1fffe0001b83a801
x23: ffff0000dc1d4030 x22: ffff0000dc1d4008 x21: 0000000000001000
x20: 0000000000002000 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff8000082e8d70 x15: 0000000000000000
x14: 0000000000000406 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff00800009fa7754 x10: 0000000000000000 x9 : ffff800009fa7754
x8 : ffff0000d40e3780 x7 : ffff800009fa70ac x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff8000082e8e90
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000001000
Call trace:
btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
btrfs_cleanup_ordered_extents+0x3cc/0x408 fs/btrfs/inode.c:249
btrfs_run_delalloc_range+0x380/0xf18 fs/btrfs/inode.c:2242
writepage_delalloc+0x110/0x2dc fs/btrfs/extent_io.c:1980
__extent_writepage+0x528/0xc20 fs/btrfs/extent_io.c:2284
extent_write_cache_pages fs/btrfs/extent_io.c:3199 [inline]
extent_writepages+0x928/0x102c fs/btrfs/extent_io.c:3321
btrfs_writepages+0x28/0x38 fs/btrfs/inode.c:8303
do_writepages+0x2c0/0x4fc mm/page-writeback.c:2491
filemap_fdatawrite_wbc+0x124/0x174 mm/filemap.c:388
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
filemap_fdatawrite_range+0xbc/0x10c mm/filemap.c:439
btrfs_fdatawrite_range fs/btrfs/file.c:3890 [inline]
start_ordered_ops+0xe8/0x224 fs/btrfs/file.c:1742
btrfs_sync_file+0x398/0xf44 fs/btrfs/file.c:1825
vfs_fsync_range+0x168/0x188 fs/sync.c:188
generic_write_sync include/linux/fs.h:2962 [inline]
btrfs_do_write_iter+0xafc/0x1154 fs/btrfs/file.c:1691
btrfs_file_write_iter+0x2c/0x3c fs/btrfs/file.c:1705
do_iter_readv_writev fs/read_write.c:-1 [inline]
do_iter_write+0x530/0x91c fs/read_write.c:861
vfs_writev fs/read_write.c:934 [inline]
do_pwritev+0x1c8/0x2fc fs/read_write.c:1031
__do_sys_pwritev2 fs/read_write.c:1090 [inline]
__se_sys_pwritev2 fs/read_write.c:1081 [inline]
__arm64_sys_pwritev2+0xd4/0x108 fs/read_write.c:1081
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 550734
hardirqs last enabled at (550733): [<ffff8000088d9938>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (550734): [<ffff8000119e5110>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (550734): [<ffff8000119e5110>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (550726): [<ffff8000081aa3e0>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (550726): [<ffff8000081aa3e0>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (550591): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
BTRFS critical (device loop4): bad ordered extent accounting, root=5 ino=260 OE offset=4096 OE len=4096 to_dec=4096 left=0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 50cbba13faa2 Linux 6.1.159
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1441dbda580000
kernel config: https://syzkaller.appspot.com/x/.config?x=31ea1cecaf34f0db
dashboard link: https://syzkaller.appspot.com/bug?extid=0a084e4045edfc313196
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ad0bd66715a/disk-50cbba13.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3284d626258e/vmlinux-50cbba13.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a1f92ca7bbfc/Image-50cbba13.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0a084e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4606 at fs/btrfs/ordered-data.c:392 btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
Modules linked in:
CPU: 0 PID: 4606 Comm: syz.4.43 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 824000c5 (Nzcv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
lr : btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
sp : ffff8000214f6bf0
x29: ffff8000214f6c90 x28: ffff0000dc1d40d8 x27: 1fffe0001b83a800
x26: fffffffffffff000 x25: 1fffe0001b83a806 x24: 1fffe0001b83a801
x23: ffff0000dc1d4030 x22: ffff0000dc1d4008 x21: 0000000000001000
x20: 0000000000002000 x19: dfff800000000000 x18: ffff800011a5bd40
x17: 1fffe00033ee7b7e x16: ffff8000082e8d70 x15: 0000000000000000
x14: 0000000000000406 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff00800009fa7754 x10: 0000000000000000 x9 : ffff800009fa7754
x8 : ffff0000d40e3780 x7 : ffff800009fa70ac x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff8000082e8e90
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000001000
Call trace:
btrfs_mark_ordered_io_finished+0x80c/0xc6c fs/btrfs/ordered-data.c:392
btrfs_cleanup_ordered_extents+0x3cc/0x408 fs/btrfs/inode.c:249
btrfs_run_delalloc_range+0x380/0xf18 fs/btrfs/inode.c:2242
writepage_delalloc+0x110/0x2dc fs/btrfs/extent_io.c:1980
__extent_writepage+0x528/0xc20 fs/btrfs/extent_io.c:2284
extent_write_cache_pages fs/btrfs/extent_io.c:3199 [inline]
extent_writepages+0x928/0x102c fs/btrfs/extent_io.c:3321
btrfs_writepages+0x28/0x38 fs/btrfs/inode.c:8303
do_writepages+0x2c0/0x4fc mm/page-writeback.c:2491
filemap_fdatawrite_wbc+0x124/0x174 mm/filemap.c:388
__filemap_fdatawrite_range mm/filemap.c:421 [inline]
filemap_fdatawrite_range+0xbc/0x10c mm/filemap.c:439
btrfs_fdatawrite_range fs/btrfs/file.c:3890 [inline]
start_ordered_ops+0xe8/0x224 fs/btrfs/file.c:1742
btrfs_sync_file+0x398/0xf44 fs/btrfs/file.c:1825
vfs_fsync_range+0x168/0x188 fs/sync.c:188
generic_write_sync include/linux/fs.h:2962 [inline]
btrfs_do_write_iter+0xafc/0x1154 fs/btrfs/file.c:1691
btrfs_file_write_iter+0x2c/0x3c fs/btrfs/file.c:1705
do_iter_readv_writev fs/read_write.c:-1 [inline]
do_iter_write+0x530/0x91c fs/read_write.c:861
vfs_writev fs/read_write.c:934 [inline]
do_pwritev+0x1c8/0x2fc fs/read_write.c:1031
__do_sys_pwritev2 fs/read_write.c:1090 [inline]
__se_sys_pwritev2 fs/read_write.c:1081 [inline]
__arm64_sys_pwritev2+0xd4/0x108 fs/read_write.c:1081
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 550734
hardirqs last enabled at (550733): [<ffff8000088d9938>] kasan_quarantine_put+0xc4/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (550734): [<ffff8000119e5110>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (550734): [<ffff8000119e5110>] _raw_spin_lock_irqsave+0xa4/0xb4 kernel/locking/spinlock.c:162
softirqs last enabled at (550726): [<ffff8000081aa3e0>] softirq_handle_end kernel/softirq.c:439 [inline]
softirqs last enabled at (550726): [<ffff8000081aa3e0>] handle_softirqs+0xaf8/0xc6c kernel/softirq.c:624
softirqs last disabled at (550591): [<ffff800008020164>] __do_softirq+0x14/0x20 kernel/softirq.c:630
---[ end trace 0000000000000000 ]---
BTRFS critical (device loop4): bad ordered extent accounting, root=5 ino=260 OE offset=4096 OE len=4096 to_dec=4096 left=0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages