[v6.1] WARNING in hfs_mdb_commit
0 views
Skip to first unread message
syzbot
May 13, 2026, 1:28:25 PM (3 days ago) May 13
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ad16b162f21d Linux 6.1.172
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16fced06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0605c5af04d7603
dashboard link: https://syzkaller.appspot.com/bug?extid=2058ce469fb4ad897eae
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2188b271cf45/disk-ad16b162.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/356336b9737c/vmlinux-ad16b162.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3453b10f11f7/bzImage-ad16b162.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2058ce...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5218 at fs/buffer.c:1081 mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Modules linked in:
CPU: 1 PID: 5218 Comm: syz.6.79 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Code: 83 71 e2 ff 49 8b 3f be 04 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc a9 fc ff e8 27 65 91 ff e9 43 ff ff ff e8 1d 65 91 ff <0f> 0b e9 ba fc ff ff e8 11 65 91 ff 0f 0b e9 00 fd ff ff e8 05 65
RSP: 0018:ffffc9000486fc00 EFLAGS: 00010287
RAX: ffffffff81f11033 RBX: ffff888071723000 RCX: 0000000000080000
RDX: ffffc90005509000 RSI: 00000000000163ef RDI: 00000000000163f0
RBP: 1ffff1100e66b001 R08: ffff888071723007 R09: 1ffff1100e2e4600
R10: dffffc0000000000 R11: ffffed100e2e4601 R12: dffffc0000000000
R13: ffff888073358678 R14: ffff88804e312c0b R15: ffff888049215492
FS: 00007f6e577cc6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd69a157000 CR3: 00000000751d5000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfs_mdb_commit+0x7cb/0x1100 fs/hfs/mdb.c:302
hfs_sync_fs+0x11/0x20 fs/hfs/super.c:35
sync_filesystem+0x1be/0x220 fs/sync.c:66
hfs_remount+0x2b/0x220 fs/hfs/super.c:115
reconfigure_super+0x219/0x8a0 fs/super.c:977
vfs_fsconfig_locked+0x18d/0x3f0 fs/fsopen.c:260
__do_sys_fsconfig fs/fsopen.c:445 [inline]
__se_sys_fsconfig+0x65a/0x790 fs/fsopen.c:320
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6e5959ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e577cc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f6e59816090 RCX: 00007f6e5959ce59
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
RBP: 00007f6e59632d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6e59816128 R14: 00007f6e59816090 R15: 00007ffd45a7b968
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ad16b162f21d Linux 6.1.172
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16fced06580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f0605c5af04d7603
dashboard link: https://syzkaller.appspot.com/bug?extid=2058ce469fb4ad897eae
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2188b271cf45/disk-ad16b162.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/356336b9737c/vmlinux-ad16b162.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3453b10f11f7/bzImage-ad16b162.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2058ce...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5218 at fs/buffer.c:1081 mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Modules linked in:
CPU: 1 PID: 5218 Comm: syz.6.79 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Code: 83 71 e2 ff 49 8b 3f be 04 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc a9 fc ff e8 27 65 91 ff e9 43 ff ff ff e8 1d 65 91 ff <0f> 0b e9 ba fc ff ff e8 11 65 91 ff 0f 0b e9 00 fd ff ff e8 05 65
RSP: 0018:ffffc9000486fc00 EFLAGS: 00010287
RAX: ffffffff81f11033 RBX: ffff888071723000 RCX: 0000000000080000
RDX: ffffc90005509000 RSI: 00000000000163ef RDI: 00000000000163f0
RBP: 1ffff1100e66b001 R08: ffff888071723007 R09: 1ffff1100e2e4600
R10: dffffc0000000000 R11: ffffed100e2e4601 R12: dffffc0000000000
R13: ffff888073358678 R14: ffff88804e312c0b R15: ffff888049215492
FS: 00007f6e577cc6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd69a157000 CR3: 00000000751d5000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfs_mdb_commit+0x7cb/0x1100 fs/hfs/mdb.c:302
hfs_sync_fs+0x11/0x20 fs/hfs/super.c:35
sync_filesystem+0x1be/0x220 fs/sync.c:66
hfs_remount+0x2b/0x220 fs/hfs/super.c:115
reconfigure_super+0x219/0x8a0 fs/super.c:977
vfs_fsconfig_locked+0x18d/0x3f0 fs/fsopen.c:260
__do_sys_fsconfig fs/fsopen.c:445 [inline]
__se_sys_fsconfig+0x65a/0x790 fs/fsopen.c:320
do_syscall_x64 arch/x86/entry/common.c:46 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6e5959ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6e577cc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f6e59816090 RCX: 00007f6e5959ce59
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
RBP: 00007f6e59632d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6e59816128 R14: 00007f6e59816090 R15: 00007ffd45a7b968
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 14, 2026, 9:33:40 AM (2 days ago) May 14
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ad16b162f21d Linux 6.1.172
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10d10726580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126e18c8580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2188b271cf45/disk-ad16b162.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/356336b9737c/vmlinux-ad16b162.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3453b10f11f7/bzImage-ad16b162.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/45da3a18b27e/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2058ce...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4375 at fs/buffer.c:1081 mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Modules linked in:
CPU: 1 PID: 4375 Comm: syz-executor Not tainted syzkaller #0
RAX: ffffffff81f11033 RBX: ffff88805c8b2e80 RCX: ffff888077248000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 1ffff1100f12bc01 R08: ffff88805c8b2e87 R09: 1ffff1100b9165d0
R10: dffffc0000000000 R11: ffffed100b9165d1 R12: dffffc0000000000
R13: ffff88807895e678 R14: ffff8880599fbc0b R15: ffff888059a84492
FS: 0000555590207500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
generic_shutdown_super+0x6b/0x340 fs/super.c:474
kill_block_super+0x7c/0xe0 fs/super.c:1470
deactivate_locked_super+0x93/0xf0 fs/super.c:332
cleanup_mnt+0x42c/0x4b0 fs/namespace.c:1191
task_work_run+0x1d0/0x260 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6766f9e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007fff2e0c51e8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f6766f9e097
RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007fff2e0c6390
RBP: 00007f67670321ca R08: 0000000000020590 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff2e0c6390
R13: 00007f67670321ca R14: 00005555902074e8 R15: 00007fff2e0c7460
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ad16b162f21d Linux 6.1.172
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f0605c5af04d7603
dashboard link: https://syzkaller.appspot.com/bug?extid=2058ce469fb4ad897eae
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15d957ba580000
dashboard link: https://syzkaller.appspot.com/bug?extid=2058ce469fb4ad897eae
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126e18c8580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2188b271cf45/disk-ad16b162.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/356336b9737c/vmlinux-ad16b162.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3453b10f11f7/bzImage-ad16b162.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2058ce...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 4375 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Code: 83 71 e2 ff 49 8b 3f be 04 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc a9 fc ff e8 27 65 91 ff e9 43 ff ff ff e8 1d 65 91 ff <0f> 0b e9 ba fc ff ff e8 11 65 91 ff 0f 0b e9 00 fd ff ff e8 05 65
RSP: 0018:ffffc90002f87c10 EFLAGS: 00010293
RIP: 0010:mark_buffer_dirty+0x383/0x7a0 fs/buffer.c:1081
Code: 83 71 e2 ff 49 8b 3f be 04 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 fc a9 fc ff e8 27 65 91 ff e9 43 ff ff ff e8 1d 65 91 ff <0f> 0b e9 ba fc ff ff e8 11 65 91 ff 0f 0b e9 00 fd ff ff e8 05 65
RAX: ffffffff81f11033 RBX: ffff88805c8b2e80 RCX: ffff888077248000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: 1ffff1100f12bc01 R08: ffff88805c8b2e87 R09: 1ffff1100b9165d0
R10: dffffc0000000000 R11: ffffed100b9165d1 R12: dffffc0000000000
R13: ffff88807895e678 R14: ffff8880599fbc0b R15: ffff888059a84492
FS: 0000555590207500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555590232ab8 CR3: 000000002a49b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfs_mdb_commit+0x7cb/0x1100 fs/hfs/mdb.c:302
hfs_sync_fs+0x11/0x20 fs/hfs/super.c:35
sync_filesystem+0xe6/0x220 fs/sync.c:56
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfs_mdb_commit+0x7cb/0x1100 fs/hfs/mdb.c:302
hfs_sync_fs+0x11/0x20 fs/hfs/super.c:35
generic_shutdown_super+0x6b/0x340 fs/super.c:474
kill_block_super+0x7c/0xe0 fs/super.c:1470
deactivate_locked_super+0x93/0xf0 fs/super.c:332
cleanup_mnt+0x42c/0x4b0 fs/namespace.c:1191
task_work_run+0x1d0/0x260 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xe6/0x110 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xee/0x180 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:303
do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6766f9e097
Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007fff2e0c51e8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f6766f9e097
RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007fff2e0c6390
RBP: 00007f67670321ca R08: 0000000000020590 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff2e0c6390
R13: 00007f67670321ca R14: 00005555902074e8 R15: 00007fff2e0c7460
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages