syzbot

 sign-in | mailing list | source | docs
🐞 Open [1335]
Subsystems
🐞 Fixed [5785]
🐞 Invalid [14131]
Missing Backports [88]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in tree_insert_offset

Status: upstream: reported on 2024/11/02 14:36
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+b7baad46fdef9a0008ce@syzkaller.appspotmail.com
First crash: 7d00h, last: 7d00h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [btrfs?] WARNING in tree_insert_offset 0 (1) 2024/11/02 14:36
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 WARNING in tree_insert_offset btrfs C error 6 613d 697d 0/1 upstream: reported C repro on 2022/12/08 15:35

Sample crash report:
loop0: detected capacity change from 0 to 262144
=======================================================
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.0 (5332)
BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
BTRFS info (device loop0): using free-space-tree
BTRFS info (device loop0): scrub: started on devid 1
BTRFS info (device loop0): scrub: finished on devid 1 with status: 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 fail_dump lib/fault-inject.c:53 [inline]
 should_fail_ex+0x3b0/0x4e0 lib/fault-inject.c:154
 should_failslab+0xac/0x100 mm/failslab.c:46
 slab_pre_alloc_hook mm/slub.c:4038 [inline]
 slab_alloc_node mm/slub.c:4114 [inline]
 __kmalloc_cache_noprof+0x6c/0x2c0 mm/slub.c:4290
 kmalloc_noprof include/linux/slab.h:878 [inline]
 kzalloc_noprof include/linux/slab.h:1014 [inline]
 btrfs_cache_block_group+0xc5/0x6f0 fs/btrfs/block-group.c:928
 btrfs_update_block_group+0x26c/0xb30 fs/btrfs/block-group.c:3676
 do_free_extent_accounting fs/btrfs/extent-tree.c:2998 [inline]
 __btrfs_free_extent+0x1d88/0x3a10 fs/btrfs/extent-tree.c:3362
 run_delayed_tree_ref fs/btrfs/extent-tree.c:1740 [inline]
 run_one_delayed_ref fs/btrfs/extent-tree.c:1766 [inline]
 btrfs_run_delayed_refs_for_head fs/btrfs/extent-tree.c:2031 [inline]
 __btrfs_run_delayed_refs+0x112e/0x4680 fs/btrfs/extent-tree.c:2101
 btrfs_run_delayed_refs+0xe3/0x2c0 fs/btrfs/extent-tree.c:2213
 btrfs_commit_transaction+0x4be/0x3740 fs/btrfs/transaction.c:2197
 sync_filesystem+0x1c8/0x230 fs/sync.c:66
 btrfs_reconfigure+0x2f3/0x2c30 fs/btrfs/super.c:1507
 reconfigure_super+0x445/0x880 fs/super.c:1083
 vfs_cmd_reconfigure fs/fsopen.c:262 [inline]
 vfs_fsconfig_locked fs/fsopen.c:291 [inline]
 __do_sys_fsconfig fs/fsopen.c:472 [inline]
 __se_sys_fsconfig+0xb68/0xf70 fs/fsopen.c:344
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5b17f7e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5b18d79038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f5b18135f80 RCX: 00007f5b17f7e719
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 00007f5b18d79090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00007f5b18135f80 R15: 00007ffd6518d2d8
 </TASK>
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5332 at fs/btrfs/free-space-cache.c:1638 tree_insert_offset+0x2c9/0x350 fs/btrfs/free-space-cache.c:1638
Modules linked in:
CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:tree_insert_offset+0x2c9/0x350 fs/btrfs/free-space-cache.c:1638
Code: e8 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 38 4f cb fd 90 0f 0b 90 bd ef ff ff ff eb db e8 28 4f cb fd 90 <0f> 0b 90 bd ef ff ff ff eb cb e8 18 4f cb fd 90 0f 0b 90 4d 85 ed
RSP: 0018:ffffc9000d2ce948 EFLAGS: 00010293
RAX: ffffffff83c98968 RBX: ffff8880362db4e0 RCX: ffff88800021a440
RDX: 0000000000000000 RSI: 0000000001504000 RDI: 0000000001504000
RBP: ffff8880362db6d8 R08: ffffffff83c98834 R09: fffff52001a59d34
R10: dffffc0000000000 R11: fffff52001a59d34 R12: ffff8880362db498
R13: 0000000001504000 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007f5b18d796c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559cf5234740 CR3: 000000004073c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 link_free_space+0xef/0x5d0 fs/btrfs/free-space-cache.c:1844
 btrfs_find_space_for_alloc+0xdb4/0xed0 fs/btrfs/free-space-cache.c:3133
 find_free_extent_unclustered fs/btrfs/extent-tree.c:3781 [inline]
 do_allocation_clustered fs/btrfs/extent-tree.c:3804 [inline]
 do_allocation fs/btrfs/extent-tree.c:4006 [inline]
 find_free_extent+0x2e59/0x5850 fs/btrfs/extent-tree.c:4541
 btrfs_reserve_extent+0x422/0x810 fs/btrfs/extent-tree.c:4695
 btrfs_alloc_tree_block+0x202/0x1440 fs/btrfs/extent-tree.c:5150
 btrfs_force_cow_block+0x526/0x1da0 fs/btrfs/ctree.c:573
 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754
 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116
 btrfs_update_device+0x1b0/0x580 fs/btrfs/volumes.c:2902
 remove_chunk_item+0x166/0x700 fs/btrfs/volumes.c:3183
 btrfs_remove_chunk+0xa12/0x1b20 fs/btrfs/volumes.c:3269
 btrfs_delete_unused_bgs+0xd94/0x1120 fs/btrfs/block-group.c:1681
 btrfs_remount_ro fs/btrfs/super.c:1359 [inline]
 btrfs_reconfigure+0xbda/0x2c30 fs/btrfs/super.c:1540
 reconfigure_super+0x445/0x880 fs/super.c:1083
 vfs_cmd_reconfigure fs/fsopen.c:262 [inline]
 vfs_fsconfig_locked fs/fsopen.c:291 [inline]
 __do_sys_fsconfig fs/fsopen.c:472 [inline]
 __se_sys_fsconfig+0xb68/0xf70 fs/fsopen.c:344
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5b17f7e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5b18d79038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f5b18135f80 RCX: 00007f5b17f7e719
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 00007f5b18d79090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
R13: 0000000000000000 R14: 00007f5b18135f80 R15: 00007ffd6518d2d8
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/29 14:25 upstream e42b1a9a2557 66aeb999 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root WARNING in tree_insert_offset
* Struck through repros no longer work on HEAD.