BUG: spinlock bad magic in btrfs_stop_all

Title	Replies (including bot)	Last reply
[syzbot] [btrfs?] BUG: spinlock bad magic in btrfs_stop_all_workers	0 (1)	2024/06/18 21:43

Title

Replies (including bot)

Last reply

[syzbot] [btrfs?] BUG: spinlock bad magic in btrfs_stop_all_workers

0 (1)

2024/06/18 21:43

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	BUG: spinlock bad magic in lock_sock_nested (2) bluetooth				1	890d	890d	0/27	auto-closed as invalid on 2022/04/18 01:34
upstream	BUG: spinlock bad magic in lock_sock_nested bluetooth				26	1031d	1386d	0/27	auto-closed as invalid on 2021/12/27 15:41
upstream	BUG: unable to handle kernel paging request in take_dentry_name_snapshot reiserfs overlayfs	C	error	done	30	80d	572d	0/27	closed as dup on 2023/10/04 08:35
upstream	BUG: spinlock bad magic in skb_queue_tail afs net				1	554d	550d	0/27	auto-obsoleted due to no activity on 2023/03/19 17:50

BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 BUG: spinlock bad magic on CPU#0, syz-executor.3/7928 ================================================================== BUG: KASAN: slab-out-of-bounds in task_pid_nr include/linux/pid.h:232 [inline] BUG: KASAN: slab-out-of-bounds in spin_dump kernel/locking/spinlock_debug.c:64 [inline] BUG: KASAN: slab-out-of-bounds in spin_bug+0x17d/0x1d0 kernel/locking/spinlock_debug.c:78 Read of size 4 at addr ffff888028b23dd8 by task syz-executor.3/7928 CPU: 0 PID: 7928 Comm: syz-executor.3 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 task_pid_nr include/linux/pid.h:232 [inline] spin_dump kernel/locking/spinlock_debug.c:64 [inline] spin_bug+0x17d/0x1d0 kernel/locking/spinlock_debug.c:78 debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] do_raw_spin_lock+0x225/0x2c0 kernel/locking/spinlock_debug.c:115 put_pwq_unlocked kernel/workqueue.c:1662 [inline] put_pwq_unlocked kernel/workqueue.c:1655 [inline] destroy_workqueue+0x5df/0xaa0 kernel/workqueue.c:5851 btrfs_stop_all_workers+0x10f/0x370 fs/btrfs/disk-io.c:1794 close_ctree+0x4e3/0xf90 fs/btrfs/disk-io.c:4365 generic_shutdown_super+0x159/0x3d0 fs/super.c:642 kill_anon_super+0x3a/0x60 fs/super.c:1226 btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2096 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 deactivate_super+0xde/0x100 fs/super.c:506 cleanup_mnt+0x222/0x450 fs/namespace.c:1267 task_work_run+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:218 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e RIP: 0023:0xf727f579 Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000ffb86a58 EFLAGS: 00000292 ORIG_RAX: 0000000000000034 RAX: 0000000000000000 RBX: 00000000ffb86b00 RCX: 0000000000000009 RDX: 00000000f73d5ff4 RSI: 00000000f7326361 RDI: 00000000ffb87ba4 RBP: 00000000ffb86b00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 8951: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:4122 [inline] __kmalloc_noprof+0x1ec/0x420 mm/slub.c:4135 kmalloc_noprof include/linux/slab.h:664 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] alloc_workqueue+0xe02/0x1ca0 kernel/workqueue.c:5667 btrfs_alloc_workqueue+0x21c/0x510 fs/btrfs/async-thread.c:112 btrfs_init_workqueues fs/btrfs/disk-io.c:2007 [inline] open_ctree+0x158e/0x52e0 fs/btrfs/disk-io.c:3362 btrfs_fill_super fs/btrfs/super.c:946 [inline] btrfs_get_tree_super fs/btrfs/super.c:1863 [inline] btrfs_get_tree+0x11e9/0x1b90 fs/btrfs/super.c:2089 vfs_get_tree+0x8f/0x380 fs/super.c:1780 fc_mount+0x16/0xc0 fs/namespace.c:1125 btrfs_get_tree_subvol fs/btrfs/super.c:2052 [inline] btrfs_get_tree+0xa53/0x1b90 fs/btrfs/super.c:2090 vfs_get_tree+0x8f/0x380 fs/super.c:1780 do_new_mount fs/namespace.c:3352 [inline] path_mount+0x6e1/0x1f10 fs/namespace.c:3679 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount fs/namespace.c:3875 [inline] __ia32_sys_mount+0x295/0x320 fs/namespace.c:3875 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e The buggy address belongs to the object at ffff888028b23800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 960 bytes to the right of allocated 536-byte region [ffff888028b23800, ffff888028b23a18) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28b20 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffefff(slab) raw: 00fff00000000040 ffff888015442dc0 ffffea0000adf200 dead000000000002 raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 head: 00fff00000000040 ffff888015442dc0 ffffea0000adf200 dead000000000002 head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 head: 00fff00000000003 ffffea0000a2c801 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1096, tgid 1096 (kworker/u32:9), ts 154103322344, free_ts 47027523951 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x136a/0x2e50 mm/page_alloc.c:3420 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4678 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x56/0x110 mm/slub.c:2265 allocate_slab mm/slub.c:2428 [inline] new_slab+0x84/0x260 mm/slub.c:2481 ___slab_alloc+0xdac/0x1870 mm/slub.c:3667 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3757 __slab_alloc_node mm/slub.c:3810 [inline] slab_alloc_node mm/slub.c:3989 [inline] __do_kmalloc_node mm/slub.c:4121 [inline] __kmalloc_noprof+0x37f/0x420 mm/slub.c:4135 kmalloc_noprof include/linux/slab.h:664 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] ieee802_11_parse_elems_full+0xef/0x15b0 net/mac80211/parse.c:880 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2332 [inline] ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2339 [inline] ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1574 [inline] ieee80211_ibss_rx_queued_mgmt+0xc54/0x3030 net/mac80211/ibss.c:1605 ieee80211_iface_process_skb net/mac80211/iface.c:1605 [inline] ieee80211_iface_work+0xc07/0xf00 net/mac80211/iface.c:1659 cfg80211_wiphy_work+0x255/0x330 net/wireless/core.c:437 process_one_work+0x958/0x1ad0 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 page last free pid 5221 tgid 5221 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0x64a/0xe40 mm/page_alloc.c:2583 qlink_free mm/kasan/quarantine.c:163 [inline] qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3941 [inline] slab_alloc_node mm/slub.c:4001 [inline] kmalloc_trace_noprof+0x11e/0x310 mm/slub.c:4148 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] kobject_uevent_env+0x265/0x15f0 lib/kobject_uevent.c:525 __kobject_del+0x168/0x1f0 lib/kobject.c:601 kobject_cleanup lib/kobject.c:680 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x31c/0x5b0 lib/kobject.c:737 netdev_queue_update_kobjects+0x4a2/0x640 net/core/net-sysfs.c:1854 netif_set_real_num_tx_queues+0x168/0x880 net/core/dev.c:2940 veth_init_queues+0xe1/0x190 drivers/net/veth.c:1755 veth_newlink+0x627/0xa10 drivers/net/veth.c:1878 rtnl_newlink_create net/core/rtnetlink.c:3510 [inline] __rtnl_newlink+0x119c/0x1960 net/core/rtnetlink.c:3730 rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3743 rtnetlink_rcv_msg+0x3c7/0xea0 net/core/rtnetlink.c:6635 netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2564 Memory state around the buggy address: ffff888028b23c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888028b23d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888028b23d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888028b23e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888028b23e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 10 06 adc %al,(%rsi) 2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi 6: 10 07 adc %al,(%rdi) 8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi c: 10 08 adc %cl,(%rax) e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi 1e: 00 51 52 add %dl,0x52(%rcx) 21: 55 push %rbp 22: 89 e5 mov %esp,%ebp 24: 0f 34 sysenter 26: cd 80 int $0x80 * 28: 5d pop %rbp <-- trapping instruction 29: 5a pop %rdx 2a: 59 pop %rcx 2b: c3 ret 2c: 90 nop 2d: 90 nop 2e: 90 nop 2f: 90 nop 30: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 37: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2024/06/16 02:57	upstream	2ccbdf43d5e7	c2e07261	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: spinlock bad magic in btrfs_stop_all_workers
2024/06/09 13:23	upstream	061d1af7b030	c2e07261	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: spinlock bad magic in btrfs_stop_all_workers
2024/05/20 07:59	upstream	eb6a9339efeb	c2e07261	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: spinlock bad magic in btrfs_stop_all_workers
2024/05/19 21:18	upstream	0450d2083be6	c2e07261	.config	console log	report	info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: spinlock bad magic in btrfs_stop_all_workers
2024/06/18 21:42	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	ac2193b4b460	639d6cdf	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	BUG: spinlock bad magic in ext4_put_super

Crashes (5):

Assets (help?)