[syzbot] [btrfs?] WARNING in btrfs_destroy_inode (3)
2 views
Skip to first unread message
syzbot
Oct 26, 2025, 3:11:32āÆPMĀ (3 days ago)Ā Oct 26
to c...@fb.com, dst...@suse.com, jo...@toxicpanda.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 43e9ad0c55a3 Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=127ea3cd980000
kernel config: https://syzkaller.appspot.com/x/.config?x=df98b4d1d5944c56
dashboard link: https://syzkaller.appspot.com/bug?extid=25df068cd8509f8c0fe1
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-43e9ad0c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/58bbcd26d07f/vmlinux-43e9ad0c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7223e24dee9/bzImage-43e9ad0c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25df06...@syzkaller.appspotmail.com
BTRFS info (device loop0): balance: start -d -m
BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 3, rd 1, flush 0, corrupt 0, gen 0
BTRFS error (device loop0 state EA): nocow_one_range failed, root=-9 inode=258 start=53248 len=12288: -5
BTRFS error (device loop0 state EA): run_delalloc_nocow failed, root=18446744073709551607 inode=258 start=53248 len=12288 cur_offset=53248 oe_cleanup=53248 oe_cleanup_len=0 untouched_start=65536 untouched_len=0: -5
BTRFS error (device loop0 state EA): failed to run delalloc range, root=-9 ino=258 folio=53248 submit_bitmap=0 start=53248 len=12288: -5
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5324 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x7c9/0x910 fs/btrfs/inode.c:7942
Modules linked in:
CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:btrfs_destroy_inode+0x7c9/0x910 fs/btrfs/inode.c:7942
Code: 4a fd ff e9 03 ff ff ff e8 d4 6a ef fd 90 0f 0b 90 e9 c4 f8 ff ff e8 c6 6a ef fd 90 0f 0b 90 e9 ee f8 ff ff e8 b8 6a ef fd 90 <0f> 0b 90 e9 1f f9 ff ff e8 aa 6a ef fd 90 0f 0b 90 e9 47 f9 ff ff
RSP: 0018:ffffc9000d497860 EFLAGS: 00010287
RAX: ffffffff83d0a8d8 RBX: 0000000000028000 RCX: 0000000000100000
RDX: ffffc9000ea83000 RSI: 0000000000062177 RDI: 0000000000062178
RBP: ffff8880427a2280 R08: ffff888041940777 R09: 1ffff110083280ee
R10: dffffc0000000000 R11: ffffffff83d0a110 R12: ffff8880427a24f0
R13: dffffc0000000000 R14: ffff8880427a2628 R15: ffff888035518000
FS: 00007fece6bca6c0(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc0fc53000 CR3: 00000000435f3000 CR4: 0000000000352ef0
Call Trace:
<TASK>
destroy_inode fs/inode.c:396 [inline]
evict+0x7c2/0x9c0 fs/inode.c:834
btrfs_relocate_block_group+0xb4a/0xc60 fs/btrfs/relocation.c:4026
btrfs_relocate_chunk+0x12f/0x5c0 fs/btrfs/volumes.c:3451
__btrfs_balance+0x1860/0x23f0 fs/btrfs/volumes.c:4227
btrfs_balance+0xac2/0x11b0 fs/btrfs/volumes.c:4604
btrfs_ioctl_balance+0x3d3/0x610 fs/btrfs/ioctl.c:3577
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fece5d8efc9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fece6bca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fece5fe6090 RCX: 00007fece5d8efc9
RDX: 0000200000000180 RSI: 00000000c4009420 RDI: 0000000000000005
RBP: 00007fece5e11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fece5fe6128 R14: 00007fece5fe6090 R15: 00007ffc0fc52ca8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 43e9ad0c55a3 Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=127ea3cd980000
kernel config: https://syzkaller.appspot.com/x/.config?x=df98b4d1d5944c56
dashboard link: https://syzkaller.appspot.com/bug?extid=25df068cd8509f8c0fe1
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-43e9ad0c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/58bbcd26d07f/vmlinux-43e9ad0c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7223e24dee9/bzImage-43e9ad0c.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25df06...@syzkaller.appspotmail.com
BTRFS info (device loop0): balance: start -d -m
BTRFS info (device loop0): relocating block group 6881280 flags data|metadata
BTRFS info (device loop0): relocating block group 5242880 flags data|metadata
BTRFS error (device loop0): bdev /dev/loop0 errs: wr 3, rd 1, flush 0, corrupt 0, gen 0
BTRFS error (device loop0 state EA): nocow_one_range failed, root=-9 inode=258 start=53248 len=12288: -5
BTRFS error (device loop0 state EA): run_delalloc_nocow failed, root=18446744073709551607 inode=258 start=53248 len=12288 cur_offset=53248 oe_cleanup=53248 oe_cleanup_len=0 untouched_start=65536 untouched_len=0: -5
BTRFS error (device loop0 state EA): failed to run delalloc range, root=-9 ino=258 folio=53248 submit_bitmap=0 start=53248 len=12288: -5
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5324 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x7c9/0x910 fs/btrfs/inode.c:7942
Modules linked in:
CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:btrfs_destroy_inode+0x7c9/0x910 fs/btrfs/inode.c:7942
Code: 4a fd ff e9 03 ff ff ff e8 d4 6a ef fd 90 0f 0b 90 e9 c4 f8 ff ff e8 c6 6a ef fd 90 0f 0b 90 e9 ee f8 ff ff e8 b8 6a ef fd 90 <0f> 0b 90 e9 1f f9 ff ff e8 aa 6a ef fd 90 0f 0b 90 e9 47 f9 ff ff
RSP: 0018:ffffc9000d497860 EFLAGS: 00010287
RAX: ffffffff83d0a8d8 RBX: 0000000000028000 RCX: 0000000000100000
RDX: ffffc9000ea83000 RSI: 0000000000062177 RDI: 0000000000062178
RBP: ffff8880427a2280 R08: ffff888041940777 R09: 1ffff110083280ee
R10: dffffc0000000000 R11: ffffffff83d0a110 R12: ffff8880427a24f0
R13: dffffc0000000000 R14: ffff8880427a2628 R15: ffff888035518000
FS: 00007fece6bca6c0(0000) GS:ffff88808d733000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc0fc53000 CR3: 00000000435f3000 CR4: 0000000000352ef0
Call Trace:
<TASK>
destroy_inode fs/inode.c:396 [inline]
evict+0x7c2/0x9c0 fs/inode.c:834
btrfs_relocate_block_group+0xb4a/0xc60 fs/btrfs/relocation.c:4026
btrfs_relocate_chunk+0x12f/0x5c0 fs/btrfs/volumes.c:3451
__btrfs_balance+0x1860/0x23f0 fs/btrfs/volumes.c:4227
btrfs_balance+0xac2/0x11b0 fs/btrfs/volumes.c:4604
btrfs_ioctl_balance+0x3d3/0x610 fs/btrfs/ioctl.c:3577
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fece5d8efc9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fece6bca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fece5fe6090 RCX: 00007fece5d8efc9
RDX: 0000200000000180 RSI: 00000000c4009420 RDI: 0000000000000005
RBP: 00007fece5e11f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fece5fe6128 R14: 00007fece5fe6090 R15: 00007ffc0fc52ca8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
9:01āÆAMĀ (6 hours ago)Ā 9:01āÆAM
to c...@fb.com, dst...@suse.com, jo...@toxicpanda.com, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: b98c94eed4a9 arm64: mte: Do not warn if the page is alread..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15febd42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=158bd6857eb7a550
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13febd42580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ca0e14580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c82e514449b/disk-b98c94ee.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a322ed38c368/vmlinux-b98c94ee.xz
kernel image: https://storage.googleapis.com/syzbot-assets/059db7d7114e/Image-b98c94ee.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7af3d5d4bd72/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=174a0e14580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25df06...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
lr : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: ffff0000f1b90b10
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140212
hardirqs last enabled at (140211): [<ffff8000805b8d70>] __call_rcu_common kernel/rcu/tree.c:3148 [inline]
hardirqs last enabled at (140211): [<ffff8000805b8d70>] call_rcu+0x65c/0x978 kernel/rcu/tree.c:3243
hardirqs last disabled at (140212): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (138874): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (138874): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (138851): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7943 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
lr : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000010000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140270
hardirqs last enabled at (140269): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140270): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (140254): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (140254): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140215): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7948 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
lr : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000001000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000001000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140312
hardirqs last enabled at (140311): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140312): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (140306): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (140306): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140273): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/block-group.c:4462 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
lr : check_removing_space_info+0x260/0x280 fs/btrfs/block-group.c:4462
sp : ffff8000a6067930
x29: ffff8000a6067930 x28: 1fffe0001bc4a12c x27: dfff800000000000
x26: ffff0000ca5681c0 x25: 0000000000000001 x24: 1fffe0001bc4a002
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000010000
x20: ffff0000cb314000 x19: ffff0000de250000 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800080536230 x15: 0000000000000001
x14: 1fffe0001bc4a004 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001bc4a005 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800082594440 x6 : 0000000000000000
x5 : ffff8000934e52c0 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000000 x1 : ffff0000de250000 x0 : ffff0000cb314000
Call trace:
check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 (P)
btrfs_free_block_groups+0xa80/0xd10 fs/btrfs/block-group.c:4580
close_ctree+0x650/0x113c fs/btrfs/disk-io.c:4426
btrfs_put_super+0x1ac/0x1c0 fs/btrfs/super.c:74
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: b98c94eed4a9 arm64: mte: Do not warn if the page is alread..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15febd42580000
kernel config: https://syzkaller.appspot.com/x/.config?x=158bd6857eb7a550
dashboard link: https://syzkaller.appspot.com/bug?extid=25df068cd8509f8c0fe1
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13febd42580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ca0e14580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2c82e514449b/disk-b98c94ee.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a322ed38c368/vmlinux-b98c94ee.xz
kernel image: https://storage.googleapis.com/syzbot-assets/059db7d7114e/Image-b98c94ee.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7af3d5d4bd72/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=174a0e14580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25df06...@syzkaller.appspotmail.com
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7942 btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
lr : btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: ffff0000f1b90b10
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x258/0x798 fs/btrfs/inode.c:7942 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140212
hardirqs last enabled at (140211): [<ffff8000805b8d70>] __call_rcu_common kernel/rcu/tree.c:3148 [inline]
hardirqs last enabled at (140211): [<ffff8000805b8d70>] call_rcu+0x65c/0x978 kernel/rcu/tree.c:3243
hardirqs last disabled at (140212): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (138874): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (138874): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (138851): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7943 btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
lr : btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000010000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000010000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x264/0x798 fs/btrfs/inode.c:7943 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140270
hardirqs last enabled at (140269): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140270): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (140254): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (140254): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140215): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/inode.c:7948 btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
lr : btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948
sp : ffff8000a6067900
x29: ffff8000a6067920 x28: dfff800000000000 x27: 1fffe0001e3721a3
x26: ffff700014c0cf38 x25: dfff800000000000 x24: 1fffe0001e372114
x23: ffff0000cb81c000 x22: 0000000000010000 x21: 0000000000001000
x20: ffff0000f1b90c48 x19: ffff0000f1b908a0 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800082de95c8 x15: 0000000000000001
x14: 1fffe0001e3721cc x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001e3721cd x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800080e995c0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080f03e80
x2 : 0000000000000000 x1 : 0000000000001000 x0 : 0000000000000000
Call trace:
btrfs_destroy_inode+0x294/0x798 fs/btrfs/inode.c:7948 (P)
destroy_inode fs/inode.c:396 [inline]
evict+0x6e4/0x928 fs/inode.c:834
dispose_list fs/inode.c:852 [inline]
evict_inodes+0x638/0x6d0 fs/inode.c:906
generic_shutdown_super+0xa0/0x2b8 fs/super.c:627
kill_anon_super+0x4c/0x7c fs/super.c:1281
btrfs_kill_super+0x40/0x58 fs/btrfs/super.c:2129
deactivate_locked_super+0xc4/0x12c fs/super.c:473
deactivate_super+0xe0/0x100 fs/super.c:506
cleanup_mnt+0x31c/0x3ac fs/namespace.c:1327
__cleanup_mnt+0x20/0x30 fs/namespace.c:1334
task_work_run+0x1dc/0x260 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xfc/0x178 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:103 [inline]
el0_svc+0x170/0x254 arch/arm64/kernel/entry-common.c:747
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:765
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 140312
hardirqs last enabled at (140311): [<ffff80008adef224>] irqentry_exit+0xd8/0x108 kernel/entry/common.c:214
hardirqs last disabled at (140312): [<ffff80008ade9670>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (140306): [<ffff8000803d7488>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (140306): [<ffff8000803d7488>] handle_softirqs+0xaf8/0xc88 kernel/softirq.c:650
softirqs last disabled at (140273): [<ffff800080022024>] __do_softirq+0x14/0x20 kernel/softirq.c:656
---[ end trace 0000000000000000 ]---
BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6657 at fs/btrfs/block-group.c:4462 check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
Modules linked in:
CPU: 1 UID: 0 PID: 6657 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463
lr : check_removing_space_info+0x260/0x280 fs/btrfs/block-group.c:4462
sp : ffff8000a6067930
x29: ffff8000a6067930 x28: 1fffe0001bc4a12c x27: dfff800000000000
x26: ffff0000ca5681c0 x25: 0000000000000001 x24: 1fffe0001bc4a002
x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000010000
x20: ffff0000cb314000 x19: ffff0000de250000 x18: 00000000ffffffff
x17: ffff800093305000 x16: ffff800080536230 x15: 0000000000000001
x14: 1fffe0001bc4a004 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001bc4a005 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000d166dc40 x7 : ffff800082594440 x6 : 0000000000000000
x5 : ffff8000934e52c0 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000000 x1 : ffff0000de250000 x0 : ffff0000cb314000
Call trace:
check_removing_space_info+0x10c/0x280 fs/btrfs/block-group.c:4463 (P)
btrfs_free_block_groups+0xa80/0xd10 fs/btrfs/block-group.c:4580
close_ctree+0x650/0x113c fs/btrfs/disk-io.c:4426
btrfs_put_super+0x1ac/0x1c0 fs/btrfs/super.c:74
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages