BUG: unable to handle kernel paging request in build_segment_manager
43 views
Skip to first unread message
syzbot
Apr 20, 2018, 2:02:02 PM4/20/18
to jae...@kernel.org, linux-f2...@lists.sourceforge.net, linux-...@vger.kernel.org, syzkall...@googlegroups.com, yuc...@huawei.com
Hello,
syzbot hit the following crash on upstream commit
87ef12027b9b1dd0e0b12cf311fbcb19f9d92539 (Wed Apr 18 19:48:17 2018 +0000)
Merge tag 'ceph-for-4.17-rc2' of git://github.com/ceph/ceph-client
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=83699adeb2d13579c31e
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5805208181407744
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6005073343676416
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6555047731134464
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83699a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop0): invalid crc value
BUG: unable to handle kernel paging request at ffffed006b2a50c0
PGD 21ffee067 P4D 21ffee067 PUD 21fbeb067 PMD 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4514 Comm: syzkaller989480 Not tainted 4.17.0-rc1+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:build_sit_entries fs/f2fs/segment.c:3653 [inline]
RIP: 0010:build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852
RSP: 0018:ffff8801b102e5b0 EFLAGS: 00010a06
RAX: 1ffff1006b2a50c0 RBX: 0000000000000004 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801ac74243e
RBP: ffff8801b102f410 R08: ffff8801acbd46c0 R09: fffffbfff14d9af8
R10: fffffbfff14d9af8 R11: ffff8801acbd46c0 R12: ffff8801ac742a80
R13: ffff8801d9519100 R14: dffffc0000000000 R15: ffff880359528600
FS: 0000000001e04880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed006b2a50c0 CR3: 00000001ac6ac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443d6a
RSP: 002b:00007ffd312813c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000c00 RCX: 0000000000443d6a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd312813d0
RBP: 0000000000000003 R08: 0000000020016a00 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
R13: 0000000000402c60 R14: 0000000000000000 R15: 0000000000000000
Code: 48 89 55 80 48 8b 50 36 48 89 55 88 48 8b 50 3e 48 89 55 90 48 8b 50
46 48 89 55 98 0f b7 40 4e 66 89 45 a0 4c 89 f8 48 c1 e8 03 <42> 0f b6 04
30 84 c0 74 08 3c 03 0f 8e 1d 3a 00 00 41 0f b7 07
RIP: build_sit_entries fs/f2fs/segment.c:3653 [inline] RSP: ffff8801b102e5b0
RIP: build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852 RSP:
ffff8801b102e5b0
CR2: ffffed006b2a50c0
---[ end trace a2034989e196ff17 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot hit the following crash on upstream commit
87ef12027b9b1dd0e0b12cf311fbcb19f9d92539 (Wed Apr 18 19:48:17 2018 +0000)
Merge tag 'ceph-for-4.17-rc2' of git://github.com/ceph/ceph-client
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=83699adeb2d13579c31e
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5805208181407744
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6005073343676416
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6555047731134464
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83699a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop0): invalid crc value
BUG: unable to handle kernel paging request at ffffed006b2a50c0
PGD 21ffee067 P4D 21ffee067 PUD 21fbeb067 PMD 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4514 Comm: syzkaller989480 Not tainted 4.17.0-rc1+ #8
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:build_sit_entries fs/f2fs/segment.c:3653 [inline]
RIP: 0010:build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852
RSP: 0018:ffff8801b102e5b0 EFLAGS: 00010a06
RAX: 1ffff1006b2a50c0 RBX: 0000000000000004 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801ac74243e
RBP: ffff8801b102f410 R08: ffff8801acbd46c0 R09: fffffbfff14d9af8
R10: fffffbfff14d9af8 R11: ffff8801acbd46c0 R12: ffff8801ac742a80
R13: ffff8801d9519100 R14: dffffc0000000000 R15: ffff880359528600
FS: 0000000001e04880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed006b2a50c0 CR3: 00000001ac6ac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443d6a
RSP: 002b:00007ffd312813c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000c00 RCX: 0000000000443d6a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd312813d0
RBP: 0000000000000003 R08: 0000000020016a00 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
R13: 0000000000402c60 R14: 0000000000000000 R15: 0000000000000000
Code: 48 89 55 80 48 8b 50 36 48 89 55 88 48 8b 50 3e 48 89 55 90 48 8b 50
46 48 89 55 98 0f b7 40 4e 66 89 45 a0 4c 89 f8 48 c1 e8 03 <42> 0f b6 04
30 84 c0 74 08 3c 03 0f 8e 1d 3a 00 00 41 0f b7 07
RIP: build_sit_entries fs/f2fs/segment.c:3653 [inline] RSP: ffff8801b102e5b0
RIP: build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852 RSP:
ffff8801b102e5b0
CR2: ffffed006b2a50c0
---[ end trace a2034989e196ff17 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot
Apr 24, 2018, 4:07:02 PM4/24/18
to jae...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
BUG: unable to handle kernel paging request in build_segment_manager
IPVS: ftp: loaded support on port[0] = 21
RIP: 0010:build_segment_manager+0x7fd1/0xbc50 fs/f2fs/segment.c:3865
RSP: 0018:ffff8801cb5e65b0 EFLAGS: 00010a06
RAX: 1ffff10066c5d6b8 RBX: ffff8803362eb5c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b63e8b7e
RBP: ffff8801cb5e7410 R08: 0000000000000001 R09: fffffbfff14d9af8
R10: fffffbfff14d9af8 R11: ffff8801aa9fe040 R12: ffff8801cb5e7368
R13: dffffc0000000000 R14: ffff8801b63e8b7a R15: ffff8801ba5a0300
FS: 00007f9151e32700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
RSP: 002b:00007f9151e31ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f9151e31bf0
RBP: 000000000000006a R08: 0000000020016a00 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 000000000000006a R14: 00000000006fcb80 R15: 0000000000000000
28 84 c0 74 08 3c 03 0f 8e 67 34 00 00 0f b7 03 8b
RIP: build_sit_entries fs/f2fs/segment.c:3668 [inline] RSP: ffff8801cb5e65b0
RIP: build_segment_manager+0x7fd1/0xbc50 fs/f2fs/segment.c:3865 RSP:
ffff8801cb5e65b0
CR2: ffffed0066c5d6b8
---[ end trace a9854ace72434d6c ]---
BUG: unable to handle kernel paging request at ffffed00664044c0
Tested on
git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/dev-test
commit
7a6b959a2f7998ed41a46105196267d1be27377b (Tue Apr 24 17:37:18 2018 +0000)
f2fs: avoid bug_on on corrupted inode
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=4634571895209984
syzbot has tested the proposed patch but the reproducer still triggered
crash:
BUG: unable to handle kernel paging request in build_segment_manager
IPVS: ftp: loaded support on port[0] = 21
F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop1): invalid crc value
F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop0): invalid crc value
BUG: unable to handle kernel paging request at ffffed0066c5d6b8
PGD 21ffee067 P4D 21ffee067 PUD 21fbeb067 PMD 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4857 Comm: syz-executor1 Not tainted 4.17.0-rc1+ #1
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:build_sit_entries fs/f2fs/segment.c:3668 [inline]
Google 01/01/2011
RIP: 0010:build_segment_manager+0x7fd1/0xbc50 fs/f2fs/segment.c:3865
RSP: 0018:ffff8801cb5e65b0 EFLAGS: 00010a06
RAX: 1ffff10066c5d6b8 RBX: ffff8803362eb5c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b63e8b7e
RBP: ffff8801cb5e7410 R08: 0000000000000001 R09: fffffbfff14d9af8
R10: fffffbfff14d9af8 R11: ffff8801aa9fe040 R12: ffff8801cb5e7368
R13: dffffc0000000000 R14: ffff8801b63e8b7a R15: ffff8801ba5a0300
FS: 00007f9151e32700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed0066c5d6b8 CR3: 00000001d7553000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457daa
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RSP: 002b:00007f9151e31ba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f9151e31bf0
RBP: 000000000000006a R08: 0000000020016a00 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 000000000000006a R14: 00000000006fcb80 R15: 0000000000000000
Code: 48 89 55 80 48 8b 50 36 48 89 55 88 48 8b 50 3e 48 89 55 90 48 8b 50
46 48 89 55 98 0f b7 40 4e 66 89 45 a0 48 89 d8 48 c1 e8 03 <42> 0f b6 04
28 84 c0 74 08 3c 03 0f 8e 67 34 00 00 0f b7 03 8b
RIP: build_sit_entries fs/f2fs/segment.c:3668 [inline] RSP: ffff8801cb5e65b0
RIP: build_segment_manager+0x7fd1/0xbc50 fs/f2fs/segment.c:3865 RSP:
ffff8801cb5e65b0
CR2: ffffed0066c5d6b8
---[ end trace a9854ace72434d6c ]---
BUG: unable to handle kernel paging request at ffffed00664044c0
Tested on
git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/dev-test
commit
7a6b959a2f7998ed41a46105196267d1be27377b (Tue Apr 24 17:37:18 2018 +0000)
f2fs: avoid bug_on on corrupted inode
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=4634571895209984
syzbot
Apr 24, 2018, 6:38:02 PM4/24/18
to jae...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
WARNING: held lock freed!
syzbot has tested the proposed patch but the reproducer still triggered
crash:
F2FS-fs (loop4): invalid crc value
F2FS-fs (loop4): Wrong journal entry on segno 26
F2FS-fs (loop4): Failed to initialize F2FS segment manager
=========================
WARNING: held lock freed!
4.17.0-rc1+ #1 Not tainted
-------------------------
syz-executor4/4845 is freeing memory ffff8801cf80c080-ffff8801cf80c87f,
with a lock still held there!
00000000fe3dd31b (&array[i].journal_rwsem){++++}, at: build_sit_entries
fs/f2fs/segment.c:3660 [inline]
00000000fe3dd31b (&array[i].journal_rwsem){++++}, at:
build_segment_manager+0x7bd9/0xbdc0 fs/f2fs/segment.c:3873
2 locks held by syz-executor4/4845:
#0: 00000000f769252a (&type->s_umount_key#42/1){+.+.}, at: alloc_super
fs/super.c:212 [inline]
#0: 00000000f769252a (&type->s_umount_key#42/1){+.+.}, at:
sget_userns+0x2dd/0xf20 fs/super.c:503
#1: 00000000fe3dd31b (&array[i].journal_rwsem){++++}, at:
build_sit_entries fs/f2fs/segment.c:3660 [inline]
#1: 00000000fe3dd31b (&array[i].journal_rwsem){++++}, at:
build_segment_manager+0x7bd9/0xbdc0 fs/f2fs/segment.c:3873
stack backtrace:
CPU: 1 PID: 4845 Comm: syz-executor4 Not tainted 4.17.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
Google 01/01/2011
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
print_freed_lock_bug kernel/locking/lockdep.c:4385 [inline]
debug_check_no_locks_freed.cold.61+0xa5/0xb1 kernel/locking/lockdep.c:4418
kfree+0xbb/0x260 mm/slab.c:3810
F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
destroy_curseg fs/f2fs/segment.c:3932 [inline]
destroy_segment_manager+0x3f8/0xad0 fs/f2fs/segment.c:3987
f2fs_fill_super+0x4b39/0x7bf0 fs/f2fs/super.c:2981
F2FS-fs (loop2): invalid crc value
F2FS-fs (loop2): Wrong journal entry on segno 26
F2FS-fs (loop2): Failed to initialize F2FS segment manager
mount_bdev+0x30c/0x3e0 fs/super.c:1165
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457daa
RSP: 002b:00007fca20efaba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
mount_fs+0xae/0x328 fs/super.c:1268
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2517 [inline]
do_mount+0x564/0x3070 fs/namespace.c:2847
ksys_mount+0x12d/0x140 fs/namespace.c:3063
__do_sys_mount fs/namespace.c:3077 [inline]
__se_sys_mount fs/namespace.c:3074 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457daa
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457daa
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fca20efabf0
RBP: 000000000000006a R08: 0000000020016a00 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 000000000000006a R14: 00000000006fcb80 R15: 0000000000000000
syz-executor4 (4845) used greatest stack depth: 16920 bytes left
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
R13: 000000000000006a R14: 00000000006fcb80 R15: 0000000000000000
syz-executor (4879) used greatest stack depth: 16344 bytes left
syz-executor (5165) used greatest stack depth: 16264 bytes left
f2fs_msg: 2399 callbacks suppressed
F2FS-fs (loop5): Wrong journal entry on segno 26
F2FS-fs (loop5): Failed to initialize F2FS segment manager
F2FS-fs (loop7): Wrong journal entry on segno 26
F2FS-fs (loop7): Failed to initialize F2FS segment manager
F2FS-fs (loop3): Wrong journal entry on segno 26
F2FS-fs (loop3): Failed to initialize F2FS segment manager
F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
f2fs_msg: 2612 callbacks suppressed
F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop2): Wrong journal entry on segno 26
F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop6): Wrong journal entry on segno 26
F2FS-fs (loop2): Failed to initialize F2FS segment manager
F2FS-fs (loop6): Failed to initialize F2FS segment manager
F2FS-fs (loop7): Wrong journal entry on segno 26
F2FS-fs (loop7): Failed to initialize F2FS segment manager
F2FS-fs (loop0): Wrong journal entry on segno 26
F2FS-fs (loop0): Failed to initialize F2FS segment manager
Tested on https://github.com/jaegeuk/f2fs.git/g-dev-test commit
96e7b0fd8b564ad309975fe9ec6dec5d3052669d (Fri Apr 20 04:10:28 2018 +0000)
Revert "fs/dcache.c: add cond_resched() in shrink_dentry_list()"
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
Raw console output:
syzbot
Apr 24, 2018, 7:05:02 PM4/24/18
to jae...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
f123909f411a4a8bcda78f7b5fed802f2b3bc06e (Fri Apr 20 04:10:28 2018 +0000)
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
f123909f411a4a8bcda78f7b5fed802f2b3bc06e (Fri Apr 20 04:10:28 2018 +0000)
Revert "fs/dcache.c: add cond_resched() in shrink_dentry_list()"
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
---
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Kernel config:
https://syzkaller.appspot.com/x/.config?id=1808800213120130118
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
syzbot
Apr 25, 2018, 12:26:02 AM4/25/18
to jae...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/jaegeuk/f2fs.git/g-dev-test commit
c9a3878c29c4daef389e8c25d274babc5ae67afe (Fri Apr 20 04:10:28 2018 +0000)
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/jaegeuk/f2fs.git/g-dev-test commit
syzbot
Apr 25, 2018, 3:52:03 AM4/25/18
to jae...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/jaegeuk/f2fs.git/g-dev-test commit
b3a173a243afb71fc3d222348a7aa4bca5b93249 (Fri Apr 20 04:10:28 2018 +0000)
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+83699a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on https://github.com/jaegeuk/f2fs.git/g-dev-test commit
Reply all
Reply to author
Forward
0 new messages