syzbot

 sign-in | mailing list | source | docs
🐞 Open [178] 🐞 Fixed [22] 🐞 Invalid [59] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: scheduling while atomic in f2fs_register_inmem_page

Status: auto-obsoleted due to no activity on 2024/03/04 10:27
Bug presence: origin:lts
[Documentation on labels]
Reported-by: syzbot+b9c67110e04430822b08@syzkaller.appspotmail.com
First crash: 400d, last: 146d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit 76ca4a07659a31cc62977664bcf638d6a24af068
Author: Daeho Jeong <daehojeong@google.com>
Date: Thu Apr 28 18:18:09 2022 +0000

  BACKPORT: f2fs: change the current atomic write way

  
Discussions (1)
Title Replies (including bot) Last reply
[PATCH v3] f2fs: change the current atomic write way 6 (6) 2023/03/31 14:22
Bug presence (2)
Date Name Commit Repro Result
2023/05/04 lts (merge base) d86dfc4d95cd C [report] BUG: scheduling while atomic in f2fs_register_inmem_page
2023/05/04 upstream (ToT) 1a5304fecee5 C Didn't crash
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 BUG: scheduling while atomic in f2fs_register_inmem_page 1 378d 378d 0/2 closed as invalid on 2023/05/12 10:24
android-5-10 BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 400d 400d 0/2 closed as invalid on 2023/05/12 10:22
Last patch testing requests (31)
Created Duration User Patch Repo Result
2024/01/17 02:27 23m retest repro android13-5.15-lts OK log
2023/11/25 10:12 14m retest repro android13-5.15-lts report log
2023/09/04 22:43 7m retest repro android13-5.15-lts report log
2023/05/11 09:47 8m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 6213f5d4d23c50d393a31dc8e351e63a1fd10dbe report log
2023/05/11 09:09 17m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 3db1de0e582c358dd013f3703cd55b5fe4076436 OK log
2023/05/11 08:26 18m tudor.ambarus@linaro.org https://android.googlesource.com/kernel/common 5448b2fda85f2d90de03f053226f721ba2f7e731 report log
2023/03/24 08:22 15m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 3db1de0e582c358dd013f3703cd55b5fe4076436 OK log
2023/03/24 08:10 9m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 6213f5d4d23c50d393a31dc8e351e63a1fd10dbe report log
2023/03/24 07:50 15m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 7bc155fec5b371dbb57256e84a49c78692a09060 OK log
2023/03/24 07:06 7m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 2880f47b949f1f49e2d861ffbba91d57416be7d9 report log
2023/03/24 06:26 7m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git f2db71053dc0409fae785096ad19cce4c8a95af7 report log
2023/03/24 05:49 15m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git c81d5bae404abc6b257667e84d39b9b50c7063d4 OK log
2023/03/23 17:40 19m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 1501f707d2b24316b41d45bdc95a73bc8cc8dd49 OK log
2023/03/23 15:55 16m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 68e6134bb70ab20e9f7c36c1ae7dc96b8ed778ae OK log
2023/03/23 15:30 15m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 96752be4d7b443e6f1e322428d61f777d7d8bd4d OK log
2023/03/23 14:56 15m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git f8a52af9d00d59fd887d8ad1fa0c2c88a5d775b9 report log
2023/03/23 13:18 7m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 664a393a2663a0f62fc1b18157ccae33dcdbb8c8 report log
2023/03/23 12:43 8m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 7e284070abe53d448517b80493863595af4ab5f0 report log
2023/03/23 12:18 16m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git 5d4af9c1f04ab0411ba5818baad9a68e87f33099 OK log
2023/03/23 12:07 7m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git c011dd537ffe47462051930413fed07dbdc80313 report log
2023/03/23 10:40 11m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git v5.18 report log
2023/03/23 10:15 9m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git v5.17 report log
2023/03/23 08:01 16m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git v5.19 OK log
2023/03/23 06:44 7m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git v5.16 error OK
2023/03/22 12:14 21m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux master OK log
2023/03/22 12:01 21m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git dev-test OK log
2023/03/22 11:58 19m tudor.ambarus@linaro.org git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux master OK log
2023/03/20 12:47 16m nogikh@google.com android13-5.15-lts report log
2023/03/20 12:17 0m tudor.ambarus@linaro.org android13-5.15-lts error OK
2023/03/20 11:51 8m tudor.ambarus@linaro.org https://android.googlesource.com/kernel/common 5448b2fda85f2d90de03f053226f721ba2f7e731 error OK
2023/03/20 11:50 8m tudor.ambarus@linaro.org https://android.googlesource.com/kernel/common 5448b2fda85f2d90de03f053226f721ba2f7e731 error OK
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2023/12/25 19:26 3h16m bisect fix android13-5.15-lts job log (1)
2023/11/08 00:24 1h47m bisect fix android13-5.15-lts job log (0) log
2023/10/06 10:46 2h34m bisect fix android13-5.15-lts job log (0) log
2023/06/26 20:27 43m bisect fix android13-5.15-lts job log (0) log
2023/05/25 15:55 16m bisect fix android13-5.15-lts job log (0) log
2023/04/19 13:11 16m bisect fix android13-5.15-lts job log (0) log

Sample crash report:
BUG: scheduling while atomic: syz-executor406/302/0x00000002
Modules linked in:
Preemption disabled at:
[<ffffffff81a682ef>] spin_lock include/linux/spinlock.h:363 [inline]
[<ffffffff81a682ef>] zap_pte_range mm/memory.c:1390 [inline]
[<ffffffff81a682ef>] zap_pmd_range mm/memory.c:1553 [inline]
[<ffffffff81a682ef>] zap_pud_range mm/memory.c:1582 [inline]
[<ffffffff81a682ef>] zap_p4d_range mm/memory.c:1603 [inline]
[<ffffffff81a682ef>] unmap_page_range+0xa2f/0x1ca0 mm/memory.c:1624
CPU: 0 PID: 302 Comm: syz-executor406 Not tainted 5.15.137-syzkaller-01792-g61cfd264993d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x17 lib/dump_stack.c:113
 __schedule_bug+0x195/0x260 kernel/sched/core.c:5701
 schedule_debug kernel/sched/core.c:5728 [inline]
 __schedule+0xd0b/0x1580 kernel/sched/core.c:6396
 schedule+0x11f/0x1e0 kernel/sched/core.c:6589
 schedule_preempt_disabled+0x13/0x20 kernel/sched/core.c:6648
 mutex_optimistic_spin kernel/locking/mutex.c:521 [inline]
 __mutex_lock_common kernel/locking/mutex.c:620 [inline]
 __mutex_lock+0x5b5/0x1870 kernel/locking/mutex.c:755
 __mutex_lock_slowpath+0xe/0x10 kernel/locking/mutex.c:1006
 mutex_lock+0x135/0x1e0 kernel/locking/mutex.c:288
 f2fs_register_inmem_page+0x22c/0x4b0 fs/f2fs/segment.c:202
 f2fs_set_data_page_dirty+0x591/0x730 fs/f2fs/data.c:3631
 set_page_dirty+0x1a4/0x300 mm/page-writeback.c:2611
 zap_pte_range mm/memory.c:1425 [inline]
 zap_pmd_range mm/memory.c:1553 [inline]
 zap_pud_range mm/memory.c:1582 [inline]
 zap_p4d_range mm/memory.c:1603 [inline]
 unmap_page_range+0xf33/0x1ca0 mm/memory.c:1624
 unmap_single_vma mm/memory.c:1669 [inline]
 unmap_vmas+0x389/0x560 mm/memory.c:1701
 exit_mmap+0x3d8/0x6f0 mm/mmap.c:3209
 __mmput+0x95/0x310 kernel/fork.c:1179
 mmput+0x5b/0x170 kernel/fork.c:1202
 exit_mm kernel/exit.c:551 [inline]
 do_exit+0xbb4/0x2b60 kernel/exit.c:862
 do_group_exit+0x141/0x310 kernel/exit.c:997
 get_signal+0x7a3/0x1630 kernel/signal.c:2891
 arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:172
 exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x26/0x160 kernel/entry/common.c:301
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f767b680459
Code: Unable to access opcode bytes at RIP 0x7f767b68042f.
RSP: 002b:00007f767b614228 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 00000000000000ca RBX: 00007f767b711618 RCX: 00007f767b680459
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f767b71161c
RBP: 00007f767b711610 R08: 00007f767b6146c0 R09: 00007f767b6146c0
R10: 0000000020000000 R11: 0000000000000246 R12: 00007f767b71161c
R13: 00007f767b6dd9d0 R14: 00007f767b6cd400 R15: 00007ffc306b4c68
 </TASK>
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(val > preempt_count())
WARNING: CPU: 1 PID: 302 at kernel/sched/core.c:5644 preempt_count_sub+0xa8/0x160 kernel/sched/core.c:5644
Modules linked in:
CPU: 1 PID: 302 Comm: syz-executor406 Tainted: G        W         5.15.137-syzkaller-01792-g61cfd264993d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:preempt_count_sub+0xa8/0x160 kernel/sched/core.c:5644
Code: 03 42 0f b6 04 30 84 c0 0f 85 86 00 00 00 83 3d 65 38 ba 05 00 75 d1 48 c7 c7 a0 8d 28 85 48 c7 c6 40 8e 28 85 e8 88 64 f5 ff <0f> 0b eb ba e8 9f eb 14 01 85 c0 74 b1 48 c7 c0 e8 46 06 87 48 c1
RSP: 0018:ffffc90000a274c8 EFLAGS: 00010246
RAX: 4ab8522e2b066000 RBX: 0000000000000001 RCX: ffff88811e36cf00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffffc90000a274d8 R08: ffffffff81574165 R09: ffffed103ee04e93
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0400000000000080 R14: dffffc0000000000 R15: 0000000020200000
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000021000000 CR3: 000000011de22000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock+0x4d/0x70 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:403 [inline]
 zap_pte_range mm/memory.c:1494 [inline]
 zap_pmd_range mm/memory.c:1553 [inline]
 zap_pud_range mm/memory.c:1582 [inline]
 zap_p4d_range mm/memory.c:1603 [inline]
 unmap_page_range+0x1a8c/0x1ca0 mm/memory.c:1624
 unmap_single_vma mm/memory.c:1669 [inline]
 unmap_vmas+0x389/0x560 mm/memory.c:1701
 exit_mmap+0x3d8/0x6f0 mm/mmap.c:3209
 __mmput+0x95/0x310 kernel/fork.c:1179
 mmput+0x5b/0x170 kernel/fork.c:1202
 exit_mm kernel/exit.c:551 [inline]
 do_exit+0xbb4/0x2b60 kernel/exit.c:862
 do_group_exit+0x141/0x310 kernel/exit.c:997
 get_signal+0x7a3/0x1630 kernel/signal.c:2891
 arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:172
 exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:208
 __syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
 syscall_exit_to_user_mode+0x26/0x160 kernel/entry/common.c:301
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f767b680459
Code: Unable to access opcode bytes at RIP 0x7f767b68042f.
RSP: 002b:00007f767b614228 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 00000000000000ca RBX: 00007f767b711618 RCX: 00007f767b680459
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f767b71161c
RBP: 00007f767b711610 R08: 00007f767b6146c0 R09: 00007f767b6146c0
R10: 0000000020000000 R11: 0000000000000246 R12: 00007f767b71161c
R13: 00007f767b6dd9d0 R14: 00007f767b6cd400 R15: 00007ffc306b4c68
 </TASK>
---[ end trace e63ebe89ec3bf6a9 ]---

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/11 10:12 android13-5.15-lts 61cfd264993d d80eec66 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-15 BUG: scheduling while atomic in f2fs_register_inmem_page
2023/03/16 03:55 android13-5.15-lts 5448b2fda85f 18b58603 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-android-5-15 BUG: scheduling while atomic in f2fs_register_inmem_page
2023/11/11 09:56 android13-5.15-lts 61cfd264993d d80eec66 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 BUG: scheduling while atomic in f2fs_register_inmem_page
2023/03/16 03:36 android13-5.15-lts 5448b2fda85f 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15 BUG: scheduling while atomic in f2fs_register_inmem_page
* Struck through repros no longer work on HEAD.