[syzbot] [f2fs?] WARNING in f2fs_rename2 (2)
1 view
Skip to first unread message
syzbot
Oct 13, 2025, 5:57:29 PM (9 hours ago) Oct 13
to ch...@kernel.org, jae...@kernel.org, linux-f2...@lists.sourceforge.net, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bf45a62baffc Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=113b0c58580000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd2356106f507975
dashboard link: https://syzkaller.appspot.com/bug?extid=632cf32276a9a564188d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=100a3892580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=151c5b34580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0d4874557e9/disk-bf45a62b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0bf44a13b5b2/vmlinux-bf45a62b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/18db8bc9907c/Image-bf45a62b.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/33a03f772bd8/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=15cce542580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+632cf3...@syzkaller.appspotmail.com
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
F2FS-fs (loop0): Corrupted max_depth of 3: 16842753
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6707 at fs/inode.c:417 drop_nlink+0xe4/0x138 fs/inode.c:417
Modules linked in:
CPU: 0 UID: 0 PID: 6707 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : drop_nlink+0xe4/0x138 fs/inode.c:417
lr : drop_nlink+0xe4/0x138 fs/inode.c:417
sp : ffff80009e187740
x29: ffff80009e187740 x28: 0000000000000000 x27: ffff0000d416503f
x26: ffff0000f68508f8 x25: ffff0000f69f08f8 x24: 0000000000000000
x23: 1fffe0001ed0a247 x22: dfff800000000000 x21: 0000000000000000
x20: ffff0000f6851238 x19: ffff0000f68511f0 x18: 00000000ffffffff
x17: ffff800093605000 x16: ffff800080528494 x15: 0000000000000001
x14: 1fffe0001ed0a2d5 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001ed0a2d6 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c7453d00 x7 : ffff80008269f9fc x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008052866c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
drop_nlink+0xe4/0x138 fs/inode.c:417 (P)
f2fs_i_links_write fs/f2fs/f2fs.h:3233 [inline]
f2fs_rename fs/f2fs/namei.c:1017 [inline]
f2fs_rename2+0x1288/0x1fb4 fs/f2fs/namei.c:1290
vfs_rename+0x934/0xce0 fs/namei.c:5129
do_renameat2+0x614/0x8c8 fs/namei.c:5278
__do_sys_renameat2 fs/namei.c:5312 [inline]
__se_sys_renameat2 fs/namei.c:5309 [inline]
__arm64_sys_renameat2+0xd8/0xf4 fs/namei.c:5309
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 170020
hardirqs last enabled at (170019): [<ffff800080630af8>] seqcount_lockdep_reader_access+0x7c/0xf8 include/linux/seqlock.h:74
hardirqs last disabled at (170020): [<ffff80008b05ee64>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (169238): [<ffff800080202608>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (169236): [<ffff8000802025d4>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bf45a62baffc Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=113b0c58580000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd2356106f507975
dashboard link: https://syzkaller.appspot.com/bug?extid=632cf32276a9a564188d
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=100a3892580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=151c5b34580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0d4874557e9/disk-bf45a62b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0bf44a13b5b2/vmlinux-bf45a62b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/18db8bc9907c/Image-bf45a62b.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/33a03f772bd8/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=15cce542580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+632cf3...@syzkaller.appspotmail.com
F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
F2FS-fs (loop0): Corrupted max_depth of 3: 16842753
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6707 at fs/inode.c:417 drop_nlink+0xe4/0x138 fs/inode.c:417
Modules linked in:
CPU: 0 UID: 0 PID: 6707 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : drop_nlink+0xe4/0x138 fs/inode.c:417
lr : drop_nlink+0xe4/0x138 fs/inode.c:417
sp : ffff80009e187740
x29: ffff80009e187740 x28: 0000000000000000 x27: ffff0000d416503f
x26: ffff0000f68508f8 x25: ffff0000f69f08f8 x24: 0000000000000000
x23: 1fffe0001ed0a247 x22: dfff800000000000 x21: 0000000000000000
x20: ffff0000f6851238 x19: ffff0000f68511f0 x18: 00000000ffffffff
x17: ffff800093605000 x16: ffff800080528494 x15: 0000000000000001
x14: 1fffe0001ed0a2d5 x13: 0000000000000000 x12: 0000000000000000
x11: ffff60001ed0a2d6 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c7453d00 x7 : ffff80008269f9fc x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008052866c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
drop_nlink+0xe4/0x138 fs/inode.c:417 (P)
f2fs_i_links_write fs/f2fs/f2fs.h:3233 [inline]
f2fs_rename fs/f2fs/namei.c:1017 [inline]
f2fs_rename2+0x1288/0x1fb4 fs/f2fs/namei.c:1290
vfs_rename+0x934/0xce0 fs/namei.c:5129
do_renameat2+0x614/0x8c8 fs/namei.c:5278
__do_sys_renameat2 fs/namei.c:5312 [inline]
__se_sys_renameat2 fs/namei.c:5309 [inline]
__arm64_sys_renameat2+0xd8/0xf4 fs/namei.c:5309
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744
el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
irq event stamp: 170020
hardirqs last enabled at (170019): [<ffff800080630af8>] seqcount_lockdep_reader_access+0x7c/0xf8 include/linux/seqlock.h:74
hardirqs last disabled at (170020): [<ffff80008b05ee64>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last enabled at (169238): [<ffff800080202608>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (169236): [<ffff8000802025d4>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages