kernel BUG in btrfs_global_root_insert

From: Sanan Hasanov
Date: Mon Feb 27 2023 - 01:24:02 EST

Next message: Usama Arif: "Re: [External] Re: [PATCH v12 00/11] Parallel CPU bringup for x86_64"
Previous message: Sanan Hasanov: "BUG: unable to handle kernel NULL pointer dereference in rcu_core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel Branch: 6.2.0-rc8-next-20230216
Kernel config: https://drive.google.com/file/d/1kpgNI36h0EQvewtvqC6j8Qv2VGrWuiwz/view?usp=share_link
C Reproducer: https://drive.google.com/file/d/1HS0Rd6uxycIxCq0Qv8KwKXgHSZ9W27fb/view?usp=share_link

Thank you!

Best regards,
Sanan Hasanov

BTRFS warning (device loop0): couldn't read tree root
assertion failed: !tmp, in fs/btrfs/disk-io.c:1002
------------[ cut here ]------------
kernel BUG at fs/btrfs/messages.c:259!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24800 Comm: syz-executor.0 Not tainted 6.2.0-rc8-next-20230216+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259
Code: 1f 00 41 55 41 89 d5 41 54 49 89 f4 55 48 89 fd e8 c9 7a 21 fe 44 89 e9 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 d4 8a e8 94 e1 07 fe <0f> 0b 66 90 66 0f 1f 00 55 48 89 fd e8 a3 7a 21 fe 48 89 ef 5d 48
RSP: 0018:ffffc9000c1af670 EFLAGS: 00010286
RAX: 0000000000000032 RBX: ffff8880453be000 RCX: ffffc900126de000
RDX: 0000000000000000 RSI: ffffffff81614205 RDI: 0000000000000001
RBP: ffffffff8ad239a0 R08: 0000000000000001 R09: ffff8881198a898b
R10: ffffed1023315131 R11: 6f69747265737361 R12: ffffffff8ad22a40
R13: 00000000000003ea R14: ffff888116e98060 R15: 0000000000000000
FS: 00007f036ab58700(0000) GS:ffff888119880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff8adf26c0 CR3: 000000004c692000 CR4: 0000000000350ee0
Call Trace:
<TASK>
btrfs_global_root_insert+0x1e6/0x250 fs/btrfs/disk-io.c:1002
load_global_roots_objectid+0x11d/0x850 fs/btrfs/disk-io.c:2361
load_global_roots fs/btrfs/disk-io.c:2395 [inline]
btrfs_read_roots fs/btrfs/disk-io.c:2422 [inline]
init_tree_roots fs/btrfs/disk-io.c:2845 [inline]
open_ctree+0x213f/0x4ee0 fs/btrfs/disk-io.c:3541
btrfs_fill_super fs/btrfs/super.c:1152 [inline]
btrfs_mount_root+0x98b/0xcd0 fs/btrfs/super.c:1521
legacy_get_tree+0x107/0x210 fs/fs_context.c:610
vfs_get_tree+0x8d/0x330 fs/super.c:1501
fc_mount fs/namespace.c:1035 [inline]
vfs_kern_mount.part.0+0xaf/0x140 fs/namespace.c:1065
vfs_kern_mount+0x40/0x60 fs/namespace.c:1052
btrfs_mount+0x20d/0x990 fs/btrfs/super.c:1581
legacy_get_tree+0x107/0x210 fs/fs_context.c:610
vfs_get_tree+0x8d/0x330 fs/super.c:1501
do_new_mount fs/namespace.c:3042 [inline]
path_mount+0x4bf/0x1ac0 fs/namespace.c:3372
do_mount fs/namespace.c:3385 [inline]
__do_sys_mount fs/namespace.c:3594 [inline]
__se_sys_mount fs/namespace.c:3571 [inline]
__x64_sys_mount+0x235/0x2c0 fs/namespace.c:3571
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0x80 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f0369a9176e
Code: 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f036ab57a08 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f0369a9176e
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f036ab57a60
RBP: 00007f036ab57aa0 R08: 00007f036ab57aa0 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f036ab57a60 R15: 0000000020000040
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259
Code: 1f 00 41 55 41 89 d5 41 54 49 89 f4 55 48 89 fd e8 c9 7a 21 fe 44 89 e9 4c 89 e2 48 89 ee 48 c7 c7 e0 e3 d4 8a e8 94 e1 07 fe <0f> 0b 66 90 66 0f 1f 00 55 48 89 fd e8 a3 7a 21 fe 48 89 ef 5d 48
RSP: 0018:ffffc9000c1af670 EFLAGS: 00010286
RAX: 0000000000000032 RBX: ffff8880453be000 RCX: ffffc900126de000
RDX: 0000000000000000 RSI: ffffffff81614205 RDI: 0000000000000001
RBP: ffffffff8ad239a0 R08: 0000000000000001 R09: ffff8881198a898b
R10: ffffed1023315131 R11: 6f69747265737361 R12: ffffffff8ad22a40
R13: 00000000000003ea R14: ffff888116e98060 R15: 0000000000000000
FS: 00007f036ab58700(0000) GS:ffff888119880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff8adf26c0 CR3: 000000004c692000 CR4: 0000000000350ee0

Next message: Usama Arif: "Re: [External] Re: [PATCH v12 00/11] Parallel CPU bringup for x86_64"
Previous message: Sanan Hasanov: "BUG: unable to handle kernel NULL pointer dereference in rcu_core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]