syzbot


kernel BUG at fs/f2fs/inode.c:LINE!

Status: upstream: reported C repro on 2020/10/13 04:23
Subsystems: f2fs tmpfs
[Documentation on labels]
Reported-by: syzbot+1f29dfb52bc47a05075f@syzkaller.appspotmail.com
First crash: 1320d, last: 518d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 kernel BUG at fs/f2fs/inode.c:LINE! C error 1 819d 1333d 0/1 upstream: reported C repro on 2020/09/30 06:02
upstream kernel BUG at fs/f2fs/inode.c:LINE! f2fs C 1 2227d 2226d 8/26 fixed on 2018/07/09 18:05
upstream kernel BUG in f2fs_evict_inode f2fs C error 135 241d 520d 23/26 fixed on 2023/10/12 12:47
linux-6.1 kernel BUG in f2fs_evict_inode origin:upstream C 15 12d 410d 0/3 upstream: reported C repro on 2023/04/11 09:45
upstream kernel BUG in f2fs_evict_inode (2) f2fs C error 156 2d07h 199d 0/26 upstream: reported C repro on 2023/11/08 15:01
linux-5.15 kernel BUG in f2fs_evict_inode (2) origin:upstream C 24 1d19h 201d 0/3 upstream: reported C repro on 2023/11/06 18:33
linux-4.14 kernel BUG in f2fs_evict_inode f2fs tmpfs C 1 448d 516d 0/1 upstream: reported C repro on 2022/12/26 05:49
linux-5.15 kernel BUG in f2fs_evict_inode 3 407d 428d 0/3 auto-obsoleted due to no activity on 2023/08/12 09:15
Fix bisection attempts (14)
Created Duration User Patch Repo Result
2021/10/29 14:32 12m bisect fix linux-4.19.y error job log (0)
2021/09/28 10:07 34m bisect fix linux-4.19.y job log (0) log
2021/08/29 09:35 32m bisect fix linux-4.19.y job log (0) log
2021/07/30 09:03 30m bisect fix linux-4.19.y job log (0) log
2021/06/30 08:40 23m bisect fix linux-4.19.y job log (0) log
2021/05/31 07:27 26m bisect fix linux-4.19.y job log (0) log
2021/05/01 07:03 23m bisect fix linux-4.19.y job log (0) log
2021/03/24 01:18 22m bisect fix linux-4.19.y job log (0) log
2021/02/22 00:29 23m bisect fix linux-4.19.y job log (0) log
2021/02/18 11:35 19m bisect fix linux-4.19.y error job log (0)
2021/02/10 05:44 0m bisect fix linux-4.19.y error job log (0)
2021/01/11 05:19 24m bisect fix linux-4.19.y job log (0) log
2020/12/12 04:47 29m bisect fix linux-4.19.y job log (0) log
2020/11/12 04:23 24m bisect fix linux-4.19.y job log (0) log

Sample crash report:
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
F2FS-fs (loop0): Corrupted max_depth of 3: 2049
syz-executor360[8114]: segfault at 0 ip 00007f1e2a338ac0 sp 00007ffe6067cee8 error 4 in syz-executor3603873955[7f1e2a2d2000+88000]
Code: 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 74 48 83 e0 f0 <66> 0f 74 00 66 0f 74 48 10 66 0f 74 50 20 66 0f 74 58 30 66 0f d7
------------[ cut here ]------------
kernel BUG at fs/f2fs/inode.c:706!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8114 Comm: syz-executor360 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:f2fs_evict_inode+0x1054/0x1330 fs/f2fs/inode.c:706
Code: de e8 60 27 52 fe 85 db 0f 84 1a ff ff ff e9 08 ff ff ff e8 de 25 52 fe 48 89 ef e8 26 58 03 00 e9 29 f4 ff ff e8 cc 25 52 fe <0f> 0b 4c 89 f7 e8 b2 02 88 fe e9 61 f6 ff ff e8 a8 02 88 fe e9 38
RSP: 0018:ffff8880b15af6d0 EFLAGS: 00010293
RAX: ffff8880b162e080 RBX: 0000000000000001 RCX: ffffffff831053bf
RDX: 0000000000000000 RSI: ffffffff83105fa4 RDI: 0000000000000007
RBP: ffff88808b0970c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000074071 R12: ffff8880b00ac0c0
R13: ffff88808b097490 R14: ffff88808b097518 R15: ffff8880b25f0978
FS:  0000555555c30300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8ae5245000 CR3: 00000000a0e10000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 evict+0x2ed/0x760 fs/inode.c:559
 dispose_list+0x124/0x1f0 fs/inode.c:594
 evict_inodes+0x341/0x430 fs/inode.c:644
 generic_shutdown_super+0xb3/0x370 fs/super.c:448
 kill_block_super+0x97/0xf0 fs/super.c:1185
 kill_f2fs_super+0x241/0x330 fs/f2fs/super.c:3257
 deactivate_locked_super+0x94/0x160 fs/super.c:329
 deactivate_super+0x174/0x1a0 fs/super.c:360
 cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xbf3/0x2be0 kernel/exit.c:870
 do_group_exit+0x125/0x310 kernel/exit.c:967
 get_signal+0x3f2/0x1f70 kernel/signal.c:2589
 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode+0x277/0x2d0 arch/x86/entry/common.c:198
 retint_user+0x8/0x18
RIP: 0033:0x7f1e2a338ac0
Code: Bad RIP value.
RSP: 002b:00007ffe6067cee8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000000
RDX: 00000000000000e0 RSI: 00000000000000e0 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 00000000000000c0 R11: 00000000000000e0 R12: 0000000020000100
R13: 00007ffe6067cfb0 R14: 0000000000000000 R15: 00007ffe6067cfb0
Modules linked in:
---[ end trace d3a5ba92d399075f ]---
RIP: 0010:f2fs_evict_inode+0x1054/0x1330 fs/f2fs/inode.c:706
Code: de e8 60 27 52 fe 85 db 0f 84 1a ff ff ff e9 08 ff ff ff e8 de 25 52 fe 48 89 ef e8 26 58 03 00 e9 29 f4 ff ff e8 cc 25 52 fe <0f> 0b 4c 89 f7 e8 b2 02 88 fe e9 61 f6 ff ff e8 a8 02 88 fe e9 38
RSP: 0018:ffff8880b15af6d0 EFLAGS: 00010293
RAX: ffff8880b162e080 RBX: 0000000000000001 RCX: ffffffff831053bf
RDX: 0000000000000000 RSI: ffffffff83105fa4 RDI: 0000000000000007
RBP: ffff88808b0970c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000074071 R12: ffff8880b00ac0c0
R13: ffff88808b097490 R14: ffff88808b097518 R15: ffff8880b25f0978
FS:  0000555555c30300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bf7005c2e8 CR3: 0000000094248000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	66 0f ef c0          	pxor   %xmm0,%xmm0
   4:	66 0f ef c9          	pxor   %xmm1,%xmm1
   8:	66 0f ef d2          	pxor   %xmm2,%xmm2
   c:	66 0f ef db          	pxor   %xmm3,%xmm3
  10:	48 89 f8             	mov    %rdi,%rax
  13:	48 89 f9             	mov    %rdi,%rcx
  16:	48 81 e1 ff 0f 00 00 	and    $0xfff,%rcx
  1d:	48 81 f9 cf 0f 00 00 	cmp    $0xfcf,%rcx
  24:	77 74                	ja     0x9a
  26:	48 83 e0 f0          	and    $0xfffffffffffffff0,%rax
* 2a:	66 0f 74 00          	pcmpeqb (%rax),%xmm0 <-- trapping instruction
  2e:	66 0f 74 48 10       	pcmpeqb 0x10(%rax),%xmm1
  33:	66 0f 74 50 20       	pcmpeqb 0x20(%rax),%xmm2
  38:	66 0f 74 58 30       	pcmpeqb 0x30(%rax),%xmm3
  3d:	66                   	data16
  3e:	0f                   	.byte 0xf
  3f:	d7                   	xlat   %ds:(%rbx)

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/24 02:27 linux-4.19.y 3f8a27f9e27b 9da18ae8 .config console log report syz C [disk image] [vmlinux] [mounted in repro] ci2-linux-4-19 kernel BUG in f2fs_evict_inode
2020/10/13 04:23 linux-4.19.y a1b977b49b66 d32b0bbf .config console log report syz C ci2-linux-4-19
2021/04/01 07:03 linux-4.19.y 2034d6f0838e 6a81331a .config console log report info ci2-linux-4-19 kernel BUG in f2fs_evict_inode
* Struck through repros no longer work on HEAD.