syzbot


kernel BUG in new_curseg (2)

Status: upstream: reported on 2024/12/14 00:50
Subsystems: f2fs
[Documentation on labels]
Reported-by: syzbot+15669ec8c35ddf6c3d43@syzkaller.appspotmail.com
First crash: 37d, last: 10d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly f2fs report (Dec 2024) 0 (1) 2024/12/19 21:34
[syzbot] [f2fs?] kernel BUG in new_curseg (2) 0 (1) 2024/12/14 00:50
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in new_curseg f2fs C 8 116d 129d 28/28 fixed on 2024/10/22 11:57

Sample crash report:
ip6tnl0: entered allmulticast mode
loop0: detected capacity change from 0 to 262144
F2FS-fs (loop0): invalid crc value
F2FS-fs (loop0): Found nat_bits in checkpoint
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
------------[ cut here ]------------
kernel BUG at fs/f2fs/segment.c:2746!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted 6.13.0-rc5-syzkaller-00198-g9244696b34f2 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]
RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876
Code: fe fd e9 1a fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 4c fa ff ff 48 89 df e8 49 13 fe fd e9 3f fa ff ff e8 5f af 97 fd 90 <0f> 0b e8 57 af 97 fd 90 0f 0b e8 4f af 97 fd 90 0f 0b e8 47 af 97
RSP: 0000:ffffc9000d2ef660 EFLAGS: 00010246
RAX: ffffffff8407d4c1 RBX: 000000000000001b RCX: 0000000000100000
RDX: ffffc9000e872000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: dffffc0000000000 R08: ffffffff8407c2f5 R09: fffff52001a5debc
R10: dffffc0000000000 R11: fffff52001a5debc R12: 000000000000001b
R13: ffff888011c75101 R14: 000000000000001b R15: ffff88803ffbc7d8
FS:  00007fb4c6ade6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561eeddce000 CR3: 0000000043eda000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 f2fs_allocate_data_block+0x21d5/0x4060 fs/f2fs/segment.c:3737
 __allocate_data_block fs/f2fs/data.c:1420 [inline]
 f2fs_map_blocks+0x1338/0x4e70 fs/f2fs/data.c:1622
 f2fs_expand_inode_data+0x6db/0xca0 fs/f2fs/file.c:1837
 f2fs_fallocate+0x537/0xa10 fs/f2fs/file.c:1940
 vfs_fallocate+0x569/0x6e0 fs/open.c:327
 ksys_fallocate fs/open.c:351 [inline]
 __do_sys_fallocate fs/open.c:356 [inline]
 __se_sys_fallocate fs/open.c:354 [inline]
 __x64_sys_fallocate+0xbc/0x110 fs/open.c:354
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb4c5d85d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb4c6ade038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fb4c5f75fa0 RCX: 00007fb4c5d85d29
RDX: 0000000000000004 RSI: 0000000000000001 RDI: 000000000000000d
RBP: 00007fb4c5e01b08 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000041000f4 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fb4c5f75fa0 R15: 00007ffde6bfce68
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]
RIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876
Code: fe fd e9 1a fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 4c fa ff ff 48 89 df e8 49 13 fe fd e9 3f fa ff ff e8 5f af 97 fd 90 <0f> 0b e8 57 af 97 fd 90 0f 0b e8 4f af 97 fd 90 0f 0b e8 47 af 97
RSP: 0000:ffffc9000d2ef660 EFLAGS: 00010246
RAX: ffffffff8407d4c1 RBX: 000000000000001b RCX: 0000000000100000
RDX: ffffc9000e872000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: dffffc0000000000 R08: ffffffff8407c2f5 R09: fffff52001a5debc
R10: dffffc0000000000 R11: fffff52001a5debc R12: 000000000000001b
R13: ffff888011c75101 R14: 000000000000001b R15: ffff88803ffbc7d8
FS:  00007fb4c6ade6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561eeddce000 CR3: 0000000043eda000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/06 02:15 upstream 9244696b34f2 f3558dbf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2025/01/02 22:07 upstream 0bc21e701a6f d3ccff63 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2025/01/02 08:14 upstream 56e6a3499e14 d3ccff63 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/27 08:31 upstream d6ef8b40d075 d3ccff63 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/25 07:46 upstream 9b2ffa6148b1 444551c4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/20 02:06 upstream baaa2567a712 c87fa8a3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/19 12:58 upstream eabcdba3ad40 1d58202c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/18 06:12 upstream 59dbb9d81adf a0626d3a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/16 05:31 upstream dccbe2047a5b 7cbfbb3a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/14 04:22 upstream 4800575d8c0b 7cbfbb3a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/10 09:27 upstream 7cb1b4663150 cfc402b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
2024/12/10 00:46 upstream 7cb1b4663150 deb72877 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in new_curseg
* Struck through repros no longer work on HEAD.