[v5.15] BUG: sleeping function called from invalid context in f2fs_register_inmem_page
0 views
Skip to first unread message
syzbot
Mar 11, 2023, 10:33:49 AM3/11/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d214f240b0f6 Linux 5.15.100
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d92288c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c5c5a36ceb954515
dashboard link: https://syzkaller.appspot.com/bug?extid=0f88499e6ce46b4e9300
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4e12037285d4/disk-d214f240.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/929d982226d5/vmlinux-d214f240.xz
kernel image: https://storage.googleapis.com/syzbot-assets/59140c032c99/bzImage-d214f240.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f8849...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6075, name: syz-executor.3
1 lock held by syz-executor.3/6075:
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 6075 Comm: syz-executor.3 Not tainted 5.15.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
___might_sleep+0x547/0x6a0 kernel/sched/core.c:9622
might_alloc include/linux/sched/mm.h:209 [inline]
slab_pre_alloc_hook+0x44/0xc0 mm/slab.h:492
slab_alloc_node mm/slub.c:3134 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x3f/0x2e0 mm/slub.c:3233
f2fs_kmem_cache_alloc_nofail fs/f2fs/f2fs.h:2627 [inline]
f2fs_kmem_cache_alloc fs/f2fs/f2fs.h:2637 [inline]
f2fs_register_inmem_page+0x1de/0x7c0 fs/f2fs/segment.c:192
f2fs_set_data_page_dirty+0x875/0xb80 fs/f2fs/data.c:3781
zap_pte_range mm/memory.c:1366 [inline]
zap_pmd_range mm/memory.c:1494 [inline]
zap_pud_range mm/memory.c:1523 [inline]
zap_p4d_range mm/memory.c:1544 [inline]
unmap_page_range+0xdcd/0x2630 mm/memory.c:1565
unmap_vmas+0x1f8/0x390 mm/memory.c:1642
exit_mmap+0x3b6/0x670 mm/mmap.c:3186
__mmput+0x112/0x3b0 kernel/fork.c:1118
exit_mm+0x688/0x7f0 kernel/exit.c:548
do_exit+0x626/0x2480 kernel/exit.c:859
do_group_exit+0x144/0x310 kernel/exit.c:994
get_signal+0xc66/0x14e0 kernel/signal.c:2889
arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:865
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x5d/0x2b0 kernel/entry/common.c:300
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f8e659fd0f9
Code: Unable to access opcode bytes at RIP 0x7f8e659fd0cf.
RSP: 002b:00007f8e5da33218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f8e65b1d058 RCX: 00007f8e659fd0f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8e65b1d058
RBP: 00007f8e65b1d050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e65b1d05c
R13: 00007ffdc0c486df R14: 00007f8e5da33300 R15: 0000000000022000
</TASK>
=============================
[ BUG: Invalid wait context ]
5.15.100-syzkaller #0 Tainted: G W
-----------------------------
syz-executor.3/6075 is trying to lock:
ffff8880541d5298 (&fi->inmem_lock){+.+.}-{3:3}, at: f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
other info that might help us debug this:
context-{4:4}
1 lock held by syz-executor.3/6075:
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
stack backtrace:
CPU: 1 PID: 6075 Comm: syz-executor.3 Tainted: G W 5.15.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_lock_invalid_wait_context kernel/locking/lockdep.c:4663 [inline]
check_wait_context kernel/locking/lockdep.c:4724 [inline]
__lock_acquire+0x14f5/0x1ff0 kernel/locking/lockdep.c:4961
lock_acquire+0x1ff/0x570 kernel/locking/lockdep.c:5622
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
f2fs_set_data_page_dirty+0x875/0xb80 fs/f2fs/data.c:3781
zap_pte_range mm/memory.c:1366 [inline]
zap_pmd_range mm/memory.c:1494 [inline]
zap_pud_range mm/memory.c:1523 [inline]
zap_p4d_range mm/memory.c:1544 [inline]
unmap_page_range+0xdcd/0x2630 mm/memory.c:1565
unmap_vmas+0x1f8/0x390 mm/memory.c:1642
exit_mmap+0x3b6/0x670 mm/mmap.c:3186
__mmput+0x112/0x3b0 kernel/fork.c:1118
exit_mm+0x688/0x7f0 kernel/exit.c:548
do_exit+0x626/0x2480 kernel/exit.c:859
do_group_exit+0x144/0x310 kernel/exit.c:994
get_signal+0xc66/0x14e0 kernel/signal.c:2889
arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:865
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x5d/0x2b0 kernel/entry/common.c:300
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f8e659fd0f9
Code: Unable to access opcode bytes at RIP 0x7f8e659fd0cf.
RSP: 002b:00007f8e5da33218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f8e65b1d058 RCX: 00007f8e659fd0f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8e65b1d058
RBP: 00007f8e65b1d050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e65b1d05c
R13: 00007ffdc0c486df R14: 00007f8e5da33300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d214f240b0f6 Linux 5.15.100
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d92288c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c5c5a36ceb954515
dashboard link: https://syzkaller.appspot.com/bug?extid=0f88499e6ce46b4e9300
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4e12037285d4/disk-d214f240.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/929d982226d5/vmlinux-d214f240.xz
kernel image: https://storage.googleapis.com/syzbot-assets/59140c032c99/bzImage-d214f240.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f8849...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6075, name: syz-executor.3
1 lock held by syz-executor.3/6075:
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 6075 Comm: syz-executor.3 Not tainted 5.15.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
___might_sleep+0x547/0x6a0 kernel/sched/core.c:9622
might_alloc include/linux/sched/mm.h:209 [inline]
slab_pre_alloc_hook+0x44/0xc0 mm/slab.h:492
slab_alloc_node mm/slub.c:3134 [inline]
slab_alloc mm/slub.c:3228 [inline]
kmem_cache_alloc+0x3f/0x2e0 mm/slub.c:3233
f2fs_kmem_cache_alloc_nofail fs/f2fs/f2fs.h:2627 [inline]
f2fs_kmem_cache_alloc fs/f2fs/f2fs.h:2637 [inline]
f2fs_register_inmem_page+0x1de/0x7c0 fs/f2fs/segment.c:192
f2fs_set_data_page_dirty+0x875/0xb80 fs/f2fs/data.c:3781
zap_pte_range mm/memory.c:1366 [inline]
zap_pmd_range mm/memory.c:1494 [inline]
zap_pud_range mm/memory.c:1523 [inline]
zap_p4d_range mm/memory.c:1544 [inline]
unmap_page_range+0xdcd/0x2630 mm/memory.c:1565
unmap_vmas+0x1f8/0x390 mm/memory.c:1642
exit_mmap+0x3b6/0x670 mm/mmap.c:3186
__mmput+0x112/0x3b0 kernel/fork.c:1118
exit_mm+0x688/0x7f0 kernel/exit.c:548
do_exit+0x626/0x2480 kernel/exit.c:859
do_group_exit+0x144/0x310 kernel/exit.c:994
get_signal+0xc66/0x14e0 kernel/signal.c:2889
arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:865
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x5d/0x2b0 kernel/entry/common.c:300
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f8e659fd0f9
Code: Unable to access opcode bytes at RIP 0x7f8e659fd0cf.
RSP: 002b:00007f8e5da33218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f8e65b1d058 RCX: 00007f8e659fd0f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8e65b1d058
RBP: 00007f8e65b1d050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e65b1d05c
R13: 00007ffdc0c486df R14: 00007f8e5da33300 R15: 0000000000022000
</TASK>
=============================
[ BUG: Invalid wait context ]
5.15.100-syzkaller #0 Tainted: G W
-----------------------------
syz-executor.3/6075 is trying to lock:
ffff8880541d5298 (&fi->inmem_lock){+.+.}-{3:3}, at: f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
other info that might help us debug this:
context-{4:4}
1 lock held by syz-executor.3/6075:
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88807f014498 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
stack backtrace:
CPU: 1 PID: 6075 Comm: syz-executor.3 Tainted: G W 5.15.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_lock_invalid_wait_context kernel/locking/lockdep.c:4663 [inline]
check_wait_context kernel/locking/lockdep.c:4724 [inline]
__lock_acquire+0x14f5/0x1ff0 kernel/locking/lockdep.c:4961
lock_acquire+0x1ff/0x570 kernel/locking/lockdep.c:5622
__mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
__mutex_lock kernel/locking/mutex.c:729 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
f2fs_set_data_page_dirty+0x875/0xb80 fs/f2fs/data.c:3781
zap_pte_range mm/memory.c:1366 [inline]
zap_pmd_range mm/memory.c:1494 [inline]
zap_pud_range mm/memory.c:1523 [inline]
zap_p4d_range mm/memory.c:1544 [inline]
unmap_page_range+0xdcd/0x2630 mm/memory.c:1565
unmap_vmas+0x1f8/0x390 mm/memory.c:1642
exit_mmap+0x3b6/0x670 mm/mmap.c:3186
__mmput+0x112/0x3b0 kernel/fork.c:1118
exit_mm+0x688/0x7f0 kernel/exit.c:548
do_exit+0x626/0x2480 kernel/exit.c:859
do_group_exit+0x144/0x310 kernel/exit.c:994
get_signal+0xc66/0x14e0 kernel/signal.c:2889
arch_do_signal_or_restart+0xc3/0x1890 arch/x86/kernel/signal.c:865
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0x97/0x130 kernel/entry/common.c:172
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:207
__syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
syscall_exit_to_user_mode+0x5d/0x2b0 kernel/entry/common.c:300
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f8e659fd0f9
Code: Unable to access opcode bytes at RIP 0x7f8e659fd0cf.
RSP: 002b:00007f8e5da33218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f8e65b1d058 RCX: 00007f8e659fd0f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8e65b1d058
RBP: 00007f8e65b1d050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8e65b1d05c
R13: 00007ffdc0c486df R14: 00007f8e5da33300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 13, 2023, 3:38:54 AM3/13/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: bbf9f29bac04 Linux 5.15.101
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13649072c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c4a69039b8408b46
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=148bebf4c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/20c511f4e9f8/disk-bbf9f29b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/af0889244076/vmlinux-bbf9f29b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25bcdac064d7/bzImage-bbf9f29b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c7144899f952/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f8849...@syzkaller.appspotmail.com
attempt to access beyond end of device
loop2: rw=2049, want=77952, limit=63271
1 lock held by syz-executor319/5001:
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
RIP: 0033:0x7ffb0599d4f9
Code: Unable to access opcode bytes at RIP 0x7ffb0599d4cf.
RSP: 002b:00007ffb05947308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007ffb05a305a8 RCX: 00007ffb0599d4f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb05a305a8
RBP: 00007ffb05a305a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb05a305ac
R13: 00007ffb059f7088 R14: 0032656c69662f2e R15: 0000000000022000
-----------------------------
syz-executor319/5001 is trying to lock:
ffff88806363bf98 (&fi->inmem_lock){+.+.}-{3:3}, at: f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
stack backtrace:
CPU: 0 PID: 5001 Comm: syz-executor319 Tainted: G W 5.15.101-syzkaller #0
RIP: 0033:0x7ffb0599d4f9
Code: Unable to access opcode bytes at RIP 0x7ffb0599d4cf.
RSP: 002b:00007ffb05947308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007ffb05a305a8 RCX: 00007ffb0599d4f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb05a305a8
RBP: 00007ffb05a305a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb05a305ac
R13: 00007ffb059f7088 R14: 0032656c69662f2e R15: 0000000000022000
</TASK>
HEAD commit: bbf9f29bac04 Linux 5.15.101
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13649072c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c4a69039b8408b46
dashboard link: https://syzkaller.appspot.com/bug?extid=0f88499e6ce46b4e9300
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=158b811ac80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=148bebf4c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/20c511f4e9f8/disk-bbf9f29b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/af0889244076/vmlinux-bbf9f29b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/25bcdac064d7/bzImage-bbf9f29b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c7144899f952/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0f8849...@syzkaller.appspotmail.com
loop2: rw=2049, want=77952, limit=63271
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5001, name: syz-executor319
1 lock held by syz-executor319/5001:
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 5001 Comm: syz-executor319 Not tainted 5.15.101-syzkaller #0
[<0000000000000000>] 0x0
Code: Unable to access opcode bytes at RIP 0x7ffb0599d4cf.
RSP: 002b:00007ffb05947308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007ffb05a305a8 RCX: 00007ffb0599d4f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb05a305a8
RBP: 00007ffb05a305a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb05a305ac
R13: 00007ffb059f7088 R14: 0032656c69662f2e R15: 0000000000022000
</TASK>
=============================
[ BUG: Invalid wait context ]
5.15.101-syzkaller #0 Tainted: G W
=============================
[ BUG: Invalid wait context ]
-----------------------------
syz-executor319/5001 is trying to lock:
ffff88806363bf98 (&fi->inmem_lock){+.+.}-{3:3}, at: f2fs_register_inmem_page+0x30c/0x7c0 fs/f2fs/segment.c:201
other info that might help us debug this:
context-{4:4}
1 lock held by syz-executor319/5001:
context-{4:4}
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pte_range mm/memory.c:1331 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pmd_range mm/memory.c:1494 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_pud_range mm/memory.c:1523 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: zap_p4d_range mm/memory.c:1544 [inline]
#0: ffff88801cf25a38 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: unmap_page_range+0x9c3/0x2630 mm/memory.c:1565
stack backtrace:
CPU: 0 PID: 5001 Comm: syz-executor319 Tainted: G W 5.15.101-syzkaller #0
Code: Unable to access opcode bytes at RIP 0x7ffb0599d4cf.
RSP: 002b:00007ffb05947308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007ffb05a305a8 RCX: 00007ffb0599d4f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007ffb05a305a8
RBP: 00007ffb05a305a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb05a305ac
R13: 00007ffb059f7088 R14: 0032656c69662f2e R15: 0000000000022000
</TASK>
syzbot
Sep 17, 2023, 8:10:38 PM9/17/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 3db1de0e582c358dd013f3703cd55b5fe4076436
git tree: upstream
Author: Daeho Jeong <daeho...@google.com>
Date: Thu Apr 28 18:18:09 2022 +0000
f2fs: change the current atomic write way
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10406dac680000
kernel config: https://syzkaller.appspot.com/x/.config?x=6f83fab0469f5de7
dashboard link: https://syzkaller.appspot.com/bug?extid=0f88499e6ce46b4e9300
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1398a23ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d1abd1c80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 3db1de0e582c358dd013f3703cd55b5fe4076436
git tree: upstream
Author: Daeho Jeong <daeho...@google.com>
Date: Thu Apr 28 18:18:09 2022 +0000
f2fs: change the current atomic write way
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10406dac680000
kernel config: https://syzkaller.appspot.com/x/.config?x=6f83fab0469f5de7
dashboard link: https://syzkaller.appspot.com/bug?extid=0f88499e6ce46b4e9300
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1398a23ec80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d1abd1c80000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages