syzbot


kernel BUG in clear_state_bit

Status: upstream: reported C repro on 2023/06/24 17:54
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+4063a2893e2b4f1ce6b5@syzkaller.appspotmail.com
First crash: 538d, last: 277d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: kernel BUG in clear_state_bit (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2024/02/05 linux-6.1.y (ToT) e5c3b988b827 C [report] kernel BUG in clear_state_bit
2023/09/22 upstream (ToT) 27bbf45eae9c C [report] kernel BUG in clear_state_bit
2024/02/05 upstream (ToT) 54be6c6c5ae8 C Didn't crash
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 kernel BUG in clear_state_bit missing-backport origin:lts-only C error 4 3d05h 538d 0/3 upstream: reported C repro on 2023/06/24 20:08
upstream kernel BUG in clear_state_bit btrfs C done 75 5h35m 750d 0/28 upstream: reported C repro on 2022/11/25 09:46
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2024/03/22 07:58 1h44m fix candidate upstream OK (0) job log
2024/03/11 20:05 1h05m bisect fix linux-6.1.y OK (0) job log log
2024/01/27 18:11 1h45m bisect fix linux-6.1.y OK (0) job log log
2023/12/26 19:03 1h44m bisect fix linux-6.1.y OK (0) job log log
2023/11/26 12:01 1h34m bisect fix linux-6.1.y OK (0) job log log
2023/10/26 13:54 1h26m bisect fix linux-6.1.y OK (0) job log log
2023/09/13 22:35 1h36m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
RDX: 00007fa82d9d63b0 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000001 R08: 00007fffdc04d697 R09: 00007fffdc04d940
R10: 0000000000000001 R11: 0000000000000246 R12: 00007fffdc04d91c
R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007fffdc04d960
 </TASK>
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent-io-tree.c:517!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3605 Comm: syz-executor188 Not tainted 6.1.54-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
RIP: 0010:clear_state_bit+0x328/0x330 fs/btrfs/extent-io-tree.c:517
Code: 33 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 82 48 33 fe e9 ba fe ff ff e8 78 98 dc fd <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48
RSP: 0018:ffffc90003bdf490 EFLAGS: 00010293
RAX: ffffffff83ad7c18 RBX: 00000000fffffff4 RCX: ffff888074233b80
RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff83ad7a43 R09: fffffbfff1a4366f
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880142e06c0
R13: ffffc90003bdf698 R14: 0000000000001000 R15: dffffc0000000000
FS:  0000555556d48380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020009000 CR3: 000000007de94000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __clear_extent_bit+0x53b/0xba0 fs/btrfs/extent-io-tree.c:676
 clear_record_extent_bits+0x4e/0x80 fs/btrfs/extent-io-tree.c:1620
 __btrfs_qgroup_release_data+0x514/0xa60 fs/btrfs/qgroup.c:3905
 btrfs_invalidate_folio+0x879/0xf90 fs/btrfs/inode.c:8382
 folio_invalidate mm/truncate.c:159 [inline]
 truncate_cleanup_folio+0x1e3/0x5e0 mm/truncate.c:179
 truncate_inode_pages_range+0x2e6/0x1340 mm/truncate.c:369
 truncate_inode_pages mm/truncate.c:452 [inline]
 truncate_pagecache mm/truncate.c:753 [inline]
 truncate_setsize+0xcb/0xf0 mm/truncate.c:778
 btrfs_setsize fs/btrfs/inode.c:5227 [inline]
 btrfs_setattr+0x635/0x1250 fs/btrfs/inode.c:5266
 notify_change+0xdcd/0x1080 fs/attr.c:483
 do_truncate+0x21c/0x300 fs/open.c:65
 do_sys_ftruncate+0x2e2/0x380 fs/open.c:193
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa82d9d72e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffdc04d8f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007fffdc04d920 RCX: 00007fa82d9d72e9
RDX: 00007fa82d9d63b0 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000001 R08: 00007fffdc04d697 R09: 00007fffdc04d940
R10: 0000000000000001 R11: 0000000000000246 R12: 00007fffdc04d91c
R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007fffdc04d960
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:clear_state_bit+0x328/0x330 fs/btrfs/extent-io-tree.c:517
Code: 33 fe e9 9a fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c7 fe ff ff 4c 89 ef e8 82 48 33 fe e9 ba fe ff ff e8 78 98 dc fd <0f> 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48
RSP: 0018:ffffc90003bdf490 EFLAGS: 00010293
RAX: ffffffff83ad7c18 RBX: 00000000fffffff4 RCX: ffff888074233b80
RDX: 0000000000000000 RSI: 00000000fffffff4 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff83ad7a43 R09: fffffbfff1a4366f
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880142e06c0
R13: ffffc90003bdf698 R14: 0000000000001000 R15: dffffc0000000000
FS:  0000555556d48380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020009000 CR3: 000000007de94000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/22 00:16 linux-6.1.y a356197db198 0b6a67ac .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan kernel BUG in clear_state_bit
2023/06/24 18:20 linux-6.1.y e84a4e368abe 79782afc .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 kernel BUG in clear_state_bit
2023/06/30 14:17 linux-6.1.y a1c449d00ff8 01298212 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 kernel BUG in clear_state_bit
2023/06/24 17:54 linux-6.1.y e84a4e368abe 79782afc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 kernel BUG in clear_state_bit
* Struck through repros no longer work on HEAD.