* WARNING: ODEBUG bug in f2fs_fill_super
@ 2018-08-27 21:04 syzbot
2019-02-20 15:12 ` Dmitry Vyukov
0 siblings, 1 reply; 5+ messages in thread
From: syzbot @ 2018-08-27 21:04 UTC (permalink / raw)
To: jaegeuk, linux-f2fs-devel, linux-kernel, syzkaller-bugs, yuchao0
Hello,
syzbot found the following crash on:
HEAD commit: e27bc174c9c6 Add linux-next specific files for 20180824
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11c0034a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=28446088176757ea
dashboard link: https://syzkaller.appspot.com/bug?extid=77ea19d309d4cdc55cc1
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: percpu_counter
hint: (null)
WARNING: CPU: 1 PID: 18832 at lib/debugobjects.c:329
debug_print_object+0x16a/0x210 lib/debugobjects.c:326
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996
RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
Code: 3a 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd
20 e5 3a 87 4c 89 f6 48 c7 c7 c0 da 3a 87 e8 26 ec e3 fd <0f> 0b 83 05 a9
49 28 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
RSP: 0018:ffff8801a9a97360 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffc90012037000
RDX: 000000000002cd2b RSI: ffffffff8163b051 RDI: 0000000000000001
RBP: ffff8801a9a973a0 R08: ffff8801c1f76100 R09: ffffed003b623eca
R10: ffffed003b623eca R11: ffff8801db11f657 R12: 0000000000000001
R13: ffffffff882b7ae0 R14: ffffffff873adf60 R15: 0000000000000000
__debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
kfree+0xc7/0x210 mm/slab.c:3812
f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
mount_bdev+0x314/0x3e0 fs/super.c:1347
f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
legacy_get_tree+0x131/0x460 fs/fs_context.c:732
vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
do_new_mount fs/namespace.c:2627 [inline]
do_mount+0x6f9/0x1e30 fs/namespace.c:2951
ksys_mount+0x12d/0x140 fs/namespace.c:3167
__do_sys_mount fs/namespace.c:3181 [inline]
__se_sys_mount fs/namespace.c:3178 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459aba
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
======================================================
WARNING: possible circular locking dependency detected
4.18.0-next-20180824+ #47 Not tainted
------------------------------------------------------
syz-executor4/18832 is trying to acquire lock:
00000000cd8e7eb7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
kernel/locking/semaphore.c:136
but task is already holding lock:
0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at: __debug_check_no_obj_freed
lib/debugobjects.c:777 [inline]
0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&obj_hash[i].lock){-.-.}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
__debug_object_init+0x127/0x12e0 lib/debugobjects.c:384
debug_object_init+0x16/0x20 lib/debugobjects.c:432
debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
debug_init kernel/time/hrtimer.c:458 [inline]
hrtimer_init+0x97/0x410 kernel/time/hrtimer.c:1308
init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1057
__sched_fork+0x2ae/0x590 kernel/sched/core.c:2160
init_idle+0x75/0x740 kernel/sched/core.c:5377
sched_init+0xbee/0xcbd kernel/sched/core.c:6060
start_kernel+0x47d/0x94e init/main.c:602
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
-> #2 (&rq->lock){-.-.}:
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
rq_lock kernel/sched/sched.h:1821 [inline]
task_fork_fair+0x93/0x680 kernel/sched/fair.c:9574
sched_fork+0x44b/0xbd0 kernel/sched/core.c:2353
copy_process+0x235e/0x7af0 kernel/fork.c:1840
_do_fork+0x1ca/0x1170 kernel/fork.c:2169
kernel_thread+0x34/0x40 kernel/fork.c:2228
rest_init+0x22/0xe4 init/main.c:408
start_kernel+0x913/0x94e init/main.c:739
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
-> #1 (&p->pi_lock){-.-.}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
try_to_wake_up+0xd2/0x1250 kernel/sched/core.c:1960
wake_up_process+0x10/0x20 kernel/sched/core.c:2123
__up.isra.1+0x1c0/0x2a0 kernel/locking/semaphore.c:262
up+0x13c/0x1c0 kernel/locking/semaphore.c:187
__up_console_sem+0xbe/0x1b0 kernel/printk/printk.c:245
console_unlock+0x506/0x10d0 kernel/printk/printk.c:2430
con_install+0x34e/0x420 drivers/tty/vt/vt.c:3241
tty_driver_install_tty drivers/tty/tty_io.c:1224 [inline]
tty_init_dev+0xfd/0x460 drivers/tty/tty_io.c:1324
tty_open_by_driver drivers/tty/tty_io.c:1959 [inline]
tty_open+0x692/0xb30 drivers/tty/tty_io.c:2007
chrdev_open+0x25a/0x770 fs/char_dev.c:417
do_dentry_open+0x49c/0x1140 fs/open.c:771
vfs_open+0xa0/0xd0 fs/open.c:880
do_last fs/namei.c:3418 [inline]
path_openat+0x12fb/0x5300 fs/namei.c:3534
do_filp_open+0x255/0x380 fs/namei.c:3564
do_sys_open+0x584/0x720 fs/open.c:1063
__do_sys_open fs/open.c:1081 [inline]
__se_sys_open fs/open.c:1076 [inline]
__x64_sys_open+0x7e/0xc0 fs/open.c:1076
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 ((console_sem).lock){-.-.}:
lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
__down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
console_trylock_spinning kernel/printk/printk.c:1651 [inline]
vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
printk+0xa7/0xcf kernel/printk/printk.c:2001
__warn_printk+0x8c/0xe0 kernel/panic.c:590
debug_print_object+0x16a/0x210 lib/debugobjects.c:326
__debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
kfree+0xc7/0x210 mm/slab.c:3812
f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
mount_bdev+0x314/0x3e0 fs/super.c:1347
f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
legacy_get_tree+0x131/0x460 fs/fs_context.c:732
vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
do_new_mount fs/namespace.c:2627 [inline]
do_mount+0x6f9/0x1e30 fs/namespace.c:2951
ksys_mount+0x12d/0x140 fs/namespace.c:3167
__do_sys_mount fs/namespace.c:3181 [inline]
__se_sys_mount fs/namespace.c:3178 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
(console_sem).lock --> &rq->lock --> &obj_hash[i].lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&obj_hash[i].lock);
lock(&rq->lock);
lock(&obj_hash[i].lock);
lock((console_sem).lock);
*** DEADLOCK ***
2 locks held by syz-executor4/18832:
#0: 000000002b55bbcc (&fc->fs_type->s_umount_key#49/1){+.+.}, at:
alloc_super+0x25e/0xb20 fs/super.c:225
#1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
__debug_check_no_obj_freed lib/debugobjects.c:777 [inline]
#1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
stack backtrace:
CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
print_circular_bug.isra.34.cold.55+0x1bd/0x27d
kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1862 [inline]
check_prevs_add kernel/locking/lockdep.c:1975 [inline]
validate_chain kernel/locking/lockdep.c:2416 [inline]
__lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
__down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
console_trylock_spinning kernel/printk/printk.c:1651 [inline]
vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
printk+0xa7/0xcf kernel/printk/printk.c:2001
__warn_printk+0x8c/0xe0 kernel/panic.c:590
debug_print_object+0x16a/0x210 lib/debugobjects.c:326
__debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
kfree+0xc7/0x210 mm/slab.c:3812
f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
mount_bdev+0x314/0x3e0 fs/super.c:1347
f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
legacy_get_tree+0x131/0x460 fs/fs_context.c:732
vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
do_new_mount fs/namespace.c:2627 [inline]
do_mount+0x6f9/0x1e30 fs/namespace.c:2951
ksys_mount+0x12d/0x140 fs/namespace.c:3167
__do_sys_mount fs/namespace.c:3181 [inline]
__se_sys_mount fs/namespace.c:3178 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459aba
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
Dumping ftrace buffer:
---------------------------------
syz-exec-23595 1...2 1079757271us : 0: }D
syz-exec-23595 1..s3 1079757464us : 0: }D
---------------------------------
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING: ODEBUG bug in f2fs_fill_super
2018-08-27 21:04 WARNING: ODEBUG bug in f2fs_fill_super syzbot
@ 2019-02-20 15:12 ` Dmitry Vyukov
2019-02-21 2:45 ` Sheng Yong
0 siblings, 1 reply; 5+ messages in thread
From: Dmitry Vyukov @ 2019-02-20 15:12 UTC (permalink / raw)
To: syzbot, jaegeuk, stummala, shengyong1
Cc: linux-f2fs-devel, LKML, syzkaller-bugs, yuchao0
On Mon, Aug 27, 2018 at 11:04 PM syzbot
<syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: e27bc174c9c6 Add linux-next specific files for 20180824
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=11c0034a400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=28446088176757ea
> dashboard link: https://syzkaller.appspot.com/bug?extid=77ea19d309d4cdc55cc1
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com
>
> ------------[ cut here ]------------
> ODEBUG: free active (active state 0) object type: percpu_counter
> hint: (null)
> WARNING: CPU: 1 PID: 18832 at lib/debugobjects.c:329
> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> Kernel panic - not syncing: panic_on_warn set ...
Was this fixed by something?
It happened a number of times, but then stopped after Oct 23 2018. Was it:
commit 26b5a079197c8cb6725565968b7fd3299bd1877b
Author: Sheng Yong <shengyong1@huawei.com>
Date: Fri Oct 12 18:49:26 2018 +0800
f2fs: cleanup dirty pages if recover failed
which fixed some bugs in f2fs_fill_super?
> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
> panic+0x238/0x4e7 kernel/panic.c:184
> __warn.cold.8+0x163/0x1ba kernel/panic.c:536
> report_bug+0x252/0x2d0 lib/bug.c:186
> fixup_bug arch/x86/kernel/traps.c:178 [inline]
> do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
> invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996
> RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> Code: 3a 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd
> 20 e5 3a 87 4c 89 f6 48 c7 c7 c0 da 3a 87 e8 26 ec e3 fd <0f> 0b 83 05 a9
> 49 28 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
> RSP: 0018:ffff8801a9a97360 EFLAGS: 00010082
> RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffc90012037000
> RDX: 000000000002cd2b RSI: ffffffff8163b051 RDI: 0000000000000001
> RBP: ffff8801a9a973a0 R08: ffff8801c1f76100 R09: ffffed003b623eca
> R10: ffffed003b623eca R11: ffff8801db11f657 R12: 0000000000000001
> R13: ffffffff882b7ae0 R14: ffffffff873adf60 R15: 0000000000000000
> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> kfree+0xc7/0x210 mm/slab.c:3812
> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> mount_bdev+0x314/0x3e0 fs/super.c:1347
> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> do_new_mount fs/namespace.c:2627 [inline]
> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> __do_sys_mount fs/namespace.c:3181 [inline]
> __se_sys_mount fs/namespace.c:3178 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x459aba
> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
>
> ======================================================
> WARNING: possible circular locking dependency detected
> 4.18.0-next-20180824+ #47 Not tainted
> ------------------------------------------------------
> syz-executor4/18832 is trying to acquire lock:
> 00000000cd8e7eb7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
> kernel/locking/semaphore.c:136
>
> but task is already holding lock:
> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at: __debug_check_no_obj_freed
> lib/debugobjects.c:777 [inline]
> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>
> which lock already depends on the new lock.
>
>
> the existing dependency chain (in reverse order) is:
>
> -> #3 (&obj_hash[i].lock){-.-.}:
> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> __debug_object_init+0x127/0x12e0 lib/debugobjects.c:384
> debug_object_init+0x16/0x20 lib/debugobjects.c:432
> debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
> debug_init kernel/time/hrtimer.c:458 [inline]
> hrtimer_init+0x97/0x410 kernel/time/hrtimer.c:1308
> init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1057
> __sched_fork+0x2ae/0x590 kernel/sched/core.c:2160
> init_idle+0x75/0x740 kernel/sched/core.c:5377
> sched_init+0xbee/0xcbd kernel/sched/core.c:6060
> start_kernel+0x47d/0x94e init/main.c:602
> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>
> -> #2 (&rq->lock){-.-.}:
> __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
> _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
> rq_lock kernel/sched/sched.h:1821 [inline]
> task_fork_fair+0x93/0x680 kernel/sched/fair.c:9574
> sched_fork+0x44b/0xbd0 kernel/sched/core.c:2353
> copy_process+0x235e/0x7af0 kernel/fork.c:1840
> _do_fork+0x1ca/0x1170 kernel/fork.c:2169
> kernel_thread+0x34/0x40 kernel/fork.c:2228
> rest_init+0x22/0xe4 init/main.c:408
> start_kernel+0x913/0x94e init/main.c:739
> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>
> -> #1 (&p->pi_lock){-.-.}:
> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> try_to_wake_up+0xd2/0x1250 kernel/sched/core.c:1960
> wake_up_process+0x10/0x20 kernel/sched/core.c:2123
> __up.isra.1+0x1c0/0x2a0 kernel/locking/semaphore.c:262
> up+0x13c/0x1c0 kernel/locking/semaphore.c:187
> __up_console_sem+0xbe/0x1b0 kernel/printk/printk.c:245
> console_unlock+0x506/0x10d0 kernel/printk/printk.c:2430
> con_install+0x34e/0x420 drivers/tty/vt/vt.c:3241
> tty_driver_install_tty drivers/tty/tty_io.c:1224 [inline]
> tty_init_dev+0xfd/0x460 drivers/tty/tty_io.c:1324
> tty_open_by_driver drivers/tty/tty_io.c:1959 [inline]
> tty_open+0x692/0xb30 drivers/tty/tty_io.c:2007
> chrdev_open+0x25a/0x770 fs/char_dev.c:417
> do_dentry_open+0x49c/0x1140 fs/open.c:771
> vfs_open+0xa0/0xd0 fs/open.c:880
> do_last fs/namei.c:3418 [inline]
> path_openat+0x12fb/0x5300 fs/namei.c:3534
> do_filp_open+0x255/0x380 fs/namei.c:3564
> do_sys_open+0x584/0x720 fs/open.c:1063
> __do_sys_open fs/open.c:1081 [inline]
> __se_sys_open fs/open.c:1076 [inline]
> __x64_sys_open+0x7e/0xc0 fs/open.c:1076
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>
> -> #0 ((console_sem).lock){-.-.}:
> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:2001
> __warn_printk+0x8c/0xe0 kernel/panic.c:590
> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> kfree+0xc7/0x210 mm/slab.c:3812
> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> mount_bdev+0x314/0x3e0 fs/super.c:1347
> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> do_new_mount fs/namespace.c:2627 [inline]
> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> __do_sys_mount fs/namespace.c:3181 [inline]
> __se_sys_mount fs/namespace.c:3178 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>
> other info that might help us debug this:
>
> Chain exists of:
> (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
>
> Possible unsafe locking scenario:
>
> CPU0 CPU1
> ---- ----
> lock(&obj_hash[i].lock);
> lock(&rq->lock);
> lock(&obj_hash[i].lock);
> lock((console_sem).lock);
>
> *** DEADLOCK ***
>
> 2 locks held by syz-executor4/18832:
> #0: 000000002b55bbcc (&fc->fs_type->s_umount_key#49/1){+.+.}, at:
> alloc_super+0x25e/0xb20 fs/super.c:225
> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> __debug_check_no_obj_freed lib/debugobjects.c:777 [inline]
> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>
> stack backtrace:
> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> __dump_stack lib/dump_stack.c:77 [inline]
> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
> print_circular_bug.isra.34.cold.55+0x1bd/0x27d
> kernel/locking/lockdep.c:1222
> check_prev_add kernel/locking/lockdep.c:1862 [inline]
> check_prevs_add kernel/locking/lockdep.c:1975 [inline]
> validate_chain kernel/locking/lockdep.c:2416 [inline]
> __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
> printk+0xa7/0xcf kernel/printk/printk.c:2001
> __warn_printk+0x8c/0xe0 kernel/panic.c:590
> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> kfree+0xc7/0x210 mm/slab.c:3812
> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> mount_bdev+0x314/0x3e0 fs/super.c:1347
> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> do_new_mount fs/namespace.c:2627 [inline]
> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> __do_sys_mount fs/namespace.c:3181 [inline]
> __se_sys_mount fs/namespace.c:3178 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x459aba
> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
> Dumping ftrace buffer:
> ---------------------------------
> syz-exec-23595 1...2 1079757271us : 0: }D
> syz-exec-23595 1..s3 1079757464us : 0: }D
> ---------------------------------
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009e76240574711017%40google.com.
> For more options, visit https://groups.google.com/d/optout.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING: ODEBUG bug in f2fs_fill_super
2019-02-20 15:12 ` Dmitry Vyukov
@ 2019-02-21 2:45 ` Sheng Yong
0 siblings, 0 replies; 5+ messages in thread
From: Sheng Yong @ 2019-02-21 2:45 UTC (permalink / raw)
To: Dmitry Vyukov, syzbot, jaegeuk, stummala
Cc: linux-f2fs-devel, LKML, syzkaller-bugs, yuchao0
Hi, Dmitry,
On 2019/2/20 23:12, Dmitry Vyukov wrote:
> On Mon, Aug 27, 2018 at 11:04 PM syzbot
> <syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit: e27bc174c9c6 Add linux-next specific files for 20180824
>> git tree: linux-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=11c0034a400000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=28446088176757ea
>> dashboard link: https://syzkaller.appspot.com/bug?extid=77ea19d309d4cdc55cc1
>> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>>
>> Unfortunately, I don't have any reproducer for this crash yet.
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com
>>
>> ------------[ cut here ]------------
>> ODEBUG: free active (active state 0) object type: percpu_counter
>> hint: (null)
>> WARNING: CPU: 1 PID: 18832 at lib/debugobjects.c:329
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> Kernel panic - not syncing: panic_on_warn set ...
>
>
> Was this fixed by something?
> It happened a number of times, but then stopped after Oct 23 2018. Was it:
>
> commit 26b5a079197c8cb6725565968b7fd3299bd1877b
> Author: Sheng Yong <shengyong1@huawei.com>
> Date: Fri Oct 12 18:49:26 2018 +0800
> f2fs: cleanup dirty pages if recover failed
>
> which fixed some bugs in f2fs_fill_super?
>
During mount, f2fs tries to recover fsync-ed data of last unclean umount.
But if recover fails, f2fs_fill_super did not cleanup dirty pages which
have already recovered. This will trigger f2fs_bug_on later.
This patch fixes this by cleaning up these dirty pages and avoiding to
writing back these pages. After that, f2fs will retry mount without
recover.
But I don't see the reason of the debugobject warning, and not sure if the
patch fixed the warning :(
thanks,
>
>
>> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> Call Trace:
>> __dump_stack lib/dump_stack.c:77 [inline]
>> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
>> panic+0x238/0x4e7 kernel/panic.c:184
>> __warn.cold.8+0x163/0x1ba kernel/panic.c:536
>> report_bug+0x252/0x2d0 lib/bug.c:186
>> fixup_bug arch/x86/kernel/traps.c:178 [inline]
>> do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
>> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
>> invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996
>> RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> Code: 3a 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd
>> 20 e5 3a 87 4c 89 f6 48 c7 c7 c0 da 3a 87 e8 26 ec e3 fd <0f> 0b 83 05 a9
>> 49 28 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
>> RSP: 0018:ffff8801a9a97360 EFLAGS: 00010082
>> RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffc90012037000
>> RDX: 000000000002cd2b RSI: ffffffff8163b051 RDI: 0000000000000001
>> RBP: ffff8801a9a973a0 R08: ffff8801c1f76100 R09: ffffed003b623eca
>> R10: ffffed003b623eca R11: ffff8801db11f657 R12: 0000000000000001
>> R13: ffffffff882b7ae0 R14: ffffffff873adf60 R15: 0000000000000000
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x459aba
>> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
>> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
>> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
>> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
>> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
>> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
>> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
>>
>> ======================================================
>> WARNING: possible circular locking dependency detected
>> 4.18.0-next-20180824+ #47 Not tainted
>> ------------------------------------------------------
>> syz-executor4/18832 is trying to acquire lock:
>> 00000000cd8e7eb7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
>> kernel/locking/semaphore.c:136
>>
>> but task is already holding lock:
>> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at: __debug_check_no_obj_freed
>> lib/debugobjects.c:777 [inline]
>> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>>
>> which lock already depends on the new lock.
>>
>>
>> the existing dependency chain (in reverse order) is:
>>
>> -> #3 (&obj_hash[i].lock){-.-.}:
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> __debug_object_init+0x127/0x12e0 lib/debugobjects.c:384
>> debug_object_init+0x16/0x20 lib/debugobjects.c:432
>> debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
>> debug_init kernel/time/hrtimer.c:458 [inline]
>> hrtimer_init+0x97/0x410 kernel/time/hrtimer.c:1308
>> init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1057
>> __sched_fork+0x2ae/0x590 kernel/sched/core.c:2160
>> init_idle+0x75/0x740 kernel/sched/core.c:5377
>> sched_init+0xbee/0xcbd kernel/sched/core.c:6060
>> start_kernel+0x47d/0x94e init/main.c:602
>> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
>> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
>> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>>
>> -> #2 (&rq->lock){-.-.}:
>> __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
>> _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
>> rq_lock kernel/sched/sched.h:1821 [inline]
>> task_fork_fair+0x93/0x680 kernel/sched/fair.c:9574
>> sched_fork+0x44b/0xbd0 kernel/sched/core.c:2353
>> copy_process+0x235e/0x7af0 kernel/fork.c:1840
>> _do_fork+0x1ca/0x1170 kernel/fork.c:2169
>> kernel_thread+0x34/0x40 kernel/fork.c:2228
>> rest_init+0x22/0xe4 init/main.c:408
>> start_kernel+0x913/0x94e init/main.c:739
>> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
>> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
>> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>>
>> -> #1 (&p->pi_lock){-.-.}:
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> try_to_wake_up+0xd2/0x1250 kernel/sched/core.c:1960
>> wake_up_process+0x10/0x20 kernel/sched/core.c:2123
>> __up.isra.1+0x1c0/0x2a0 kernel/locking/semaphore.c:262
>> up+0x13c/0x1c0 kernel/locking/semaphore.c:187
>> __up_console_sem+0xbe/0x1b0 kernel/printk/printk.c:245
>> console_unlock+0x506/0x10d0 kernel/printk/printk.c:2430
>> con_install+0x34e/0x420 drivers/tty/vt/vt.c:3241
>> tty_driver_install_tty drivers/tty/tty_io.c:1224 [inline]
>> tty_init_dev+0xfd/0x460 drivers/tty/tty_io.c:1324
>> tty_open_by_driver drivers/tty/tty_io.c:1959 [inline]
>> tty_open+0x692/0xb30 drivers/tty/tty_io.c:2007
>> chrdev_open+0x25a/0x770 fs/char_dev.c:417
>> do_dentry_open+0x49c/0x1140 fs/open.c:771
>> vfs_open+0xa0/0xd0 fs/open.c:880
>> do_last fs/namei.c:3418 [inline]
>> path_openat+0x12fb/0x5300 fs/namei.c:3534
>> do_filp_open+0x255/0x380 fs/namei.c:3564
>> do_sys_open+0x584/0x720 fs/open.c:1063
>> __do_sys_open fs/open.c:1081 [inline]
>> __se_sys_open fs/open.c:1076 [inline]
>> __x64_sys_open+0x7e/0xc0 fs/open.c:1076
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>>
>> -> #0 ((console_sem).lock){-.-.}:
>> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
>> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
>> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
>> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
>> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
>> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
>> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
>> printk+0xa7/0xcf kernel/printk/printk.c:2001
>> __warn_printk+0x8c/0xe0 kernel/panic.c:590
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>>
>> other info that might help us debug this:
>>
>> Chain exists of:
>> (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
>>
>> Possible unsafe locking scenario:
>>
>> CPU0 CPU1
>> ---- ----
>> lock(&obj_hash[i].lock);
>> lock(&rq->lock);
>> lock(&obj_hash[i].lock);
>> lock((console_sem).lock);
>>
>> *** DEADLOCK ***
>>
>> 2 locks held by syz-executor4/18832:
>> #0: 000000002b55bbcc (&fc->fs_type->s_umount_key#49/1){+.+.}, at:
>> alloc_super+0x25e/0xb20 fs/super.c:225
>> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> __debug_check_no_obj_freed lib/debugobjects.c:777 [inline]
>> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>>
>> stack backtrace:
>> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> Call Trace:
>> __dump_stack lib/dump_stack.c:77 [inline]
>> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
>> print_circular_bug.isra.34.cold.55+0x1bd/0x27d
>> kernel/locking/lockdep.c:1222
>> check_prev_add kernel/locking/lockdep.c:1862 [inline]
>> check_prevs_add kernel/locking/lockdep.c:1975 [inline]
>> validate_chain kernel/locking/lockdep.c:2416 [inline]
>> __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
>> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
>> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
>> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
>> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
>> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
>> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
>> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
>> printk+0xa7/0xcf kernel/printk/printk.c:2001
>> __warn_printk+0x8c/0xe0 kernel/panic.c:590
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x459aba
>> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
>> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
>> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
>> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
>> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
>> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
>> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
>> Dumping ftrace buffer:
>> ---------------------------------
>> syz-exec-23595 1...2 1079757271us : 0: }D
>> syz-exec-23595 1..s3 1079757464us : 0: }D
>> ---------------------------------
>> Kernel Offset: disabled
>> Rebooting in 86400 seconds..
>>
>>
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
>> syzbot.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009e76240574711017%40google.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> .
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING: ODEBUG bug in f2fs_fill_super
@ 2019-02-21 2:45 ` Sheng Yong
0 siblings, 0 replies; 5+ messages in thread
From: Sheng Yong @ 2019-02-21 2:45 UTC (permalink / raw)
To: Dmitry Vyukov, syzbot, jaegeuk, stummala
Cc: linux-f2fs-devel, LKML, syzkaller-bugs, yuchao0
Hi, Dmitry,
On 2019/2/20 23:12, Dmitry Vyukov wrote:
> On Mon, Aug 27, 2018 at 11:04 PM syzbot
> <syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit: e27bc174c9c6 Add linux-next specific files for 20180824
>> git tree: linux-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=11c0034a400000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=28446088176757ea
>> dashboard link: https://syzkaller.appspot.com/bug?extid=77ea19d309d4cdc55cc1
>> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
>>
>> Unfortunately, I don't have any reproducer for this crash yet.
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the commit:
>> Reported-by: syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com
>>
>> ------------[ cut here ]------------
>> ODEBUG: free active (active state 0) object type: percpu_counter
>> hint: (null)
>> WARNING: CPU: 1 PID: 18832 at lib/debugobjects.c:329
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> Kernel panic - not syncing: panic_on_warn set ...
>
>
> Was this fixed by something?
> It happened a number of times, but then stopped after Oct 23 2018. Was it:
>
> commit 26b5a079197c8cb6725565968b7fd3299bd1877b
> Author: Sheng Yong <shengyong1@huawei.com>
> Date: Fri Oct 12 18:49:26 2018 +0800
> f2fs: cleanup dirty pages if recover failed
>
> which fixed some bugs in f2fs_fill_super?
>
During mount, f2fs tries to recover fsync-ed data of last unclean umount.
But if recover fails, f2fs_fill_super did not cleanup dirty pages which
have already recovered. This will trigger f2fs_bug_on later.
This patch fixes this by cleaning up these dirty pages and avoiding to
writing back these pages. After that, f2fs will retry mount without
recover.
But I don't see the reason of the debugobject warning, and not sure if the
patch fixed the warning :(
thanks,
>
>
>> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> Call Trace:
>> __dump_stack lib/dump_stack.c:77 [inline]
>> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
>> panic+0x238/0x4e7 kernel/panic.c:184
>> __warn.cold.8+0x163/0x1ba kernel/panic.c:536
>> report_bug+0x252/0x2d0 lib/bug.c:186
>> fixup_bug arch/x86/kernel/traps.c:178 [inline]
>> do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
>> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
>> invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996
>> RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> Code: 3a 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd
>> 20 e5 3a 87 4c 89 f6 48 c7 c7 c0 da 3a 87 e8 26 ec e3 fd <0f> 0b 83 05 a9
>> 49 28 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
>> RSP: 0018:ffff8801a9a97360 EFLAGS: 00010082
>> RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffc90012037000
>> RDX: 000000000002cd2b RSI: ffffffff8163b051 RDI: 0000000000000001
>> RBP: ffff8801a9a973a0 R08: ffff8801c1f76100 R09: ffffed003b623eca
>> R10: ffffed003b623eca R11: ffff8801db11f657 R12: 0000000000000001
>> R13: ffffffff882b7ae0 R14: ffffffff873adf60 R15: 0000000000000000
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x459aba
>> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
>> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
>> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
>> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
>> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
>> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
>> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
>>
>> ======================================================
>> WARNING: possible circular locking dependency detected
>> 4.18.0-next-20180824+ #47 Not tainted
>> ------------------------------------------------------
>> syz-executor4/18832 is trying to acquire lock:
>> 00000000cd8e7eb7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
>> kernel/locking/semaphore.c:136
>>
>> but task is already holding lock:
>> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at: __debug_check_no_obj_freed
>> lib/debugobjects.c:777 [inline]
>> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>>
>> which lock already depends on the new lock.
>>
>>
>> the existing dependency chain (in reverse order) is:
>>
>> -> #3 (&obj_hash[i].lock){-.-.}:
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> __debug_object_init+0x127/0x12e0 lib/debugobjects.c:384
>> debug_object_init+0x16/0x20 lib/debugobjects.c:432
>> debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
>> debug_init kernel/time/hrtimer.c:458 [inline]
>> hrtimer_init+0x97/0x410 kernel/time/hrtimer.c:1308
>> init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1057
>> __sched_fork+0x2ae/0x590 kernel/sched/core.c:2160
>> init_idle+0x75/0x740 kernel/sched/core.c:5377
>> sched_init+0xbee/0xcbd kernel/sched/core.c:6060
>> start_kernel+0x47d/0x94e init/main.c:602
>> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
>> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
>> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>>
>> -> #2 (&rq->lock){-.-.}:
>> __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
>> _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
>> rq_lock kernel/sched/sched.h:1821 [inline]
>> task_fork_fair+0x93/0x680 kernel/sched/fair.c:9574
>> sched_fork+0x44b/0xbd0 kernel/sched/core.c:2353
>> copy_process+0x235e/0x7af0 kernel/fork.c:1840
>> _do_fork+0x1ca/0x1170 kernel/fork.c:2169
>> kernel_thread+0x34/0x40 kernel/fork.c:2228
>> rest_init+0x22/0xe4 init/main.c:408
>> start_kernel+0x913/0x94e init/main.c:739
>> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
>> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
>> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
>>
>> -> #1 (&p->pi_lock){-.-.}:
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> try_to_wake_up+0xd2/0x1250 kernel/sched/core.c:1960
>> wake_up_process+0x10/0x20 kernel/sched/core.c:2123
>> __up.isra.1+0x1c0/0x2a0 kernel/locking/semaphore.c:262
>> up+0x13c/0x1c0 kernel/locking/semaphore.c:187
>> __up_console_sem+0xbe/0x1b0 kernel/printk/printk.c:245
>> console_unlock+0x506/0x10d0 kernel/printk/printk.c:2430
>> con_install+0x34e/0x420 drivers/tty/vt/vt.c:3241
>> tty_driver_install_tty drivers/tty/tty_io.c:1224 [inline]
>> tty_init_dev+0xfd/0x460 drivers/tty/tty_io.c:1324
>> tty_open_by_driver drivers/tty/tty_io.c:1959 [inline]
>> tty_open+0x692/0xb30 drivers/tty/tty_io.c:2007
>> chrdev_open+0x25a/0x770 fs/char_dev.c:417
>> do_dentry_open+0x49c/0x1140 fs/open.c:771
>> vfs_open+0xa0/0xd0 fs/open.c:880
>> do_last fs/namei.c:3418 [inline]
>> path_openat+0x12fb/0x5300 fs/namei.c:3534
>> do_filp_open+0x255/0x380 fs/namei.c:3564
>> do_sys_open+0x584/0x720 fs/open.c:1063
>> __do_sys_open fs/open.c:1081 [inline]
>> __se_sys_open fs/open.c:1076 [inline]
>> __x64_sys_open+0x7e/0xc0 fs/open.c:1076
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>>
>> -> #0 ((console_sem).lock){-.-.}:
>> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
>> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
>> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
>> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
>> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
>> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
>> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
>> printk+0xa7/0xcf kernel/printk/printk.c:2001
>> __warn_printk+0x8c/0xe0 kernel/panic.c:590
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>>
>> other info that might help us debug this:
>>
>> Chain exists of:
>> (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
>>
>> Possible unsafe locking scenario:
>>
>> CPU0 CPU1
>> ---- ----
>> lock(&obj_hash[i].lock);
>> lock(&rq->lock);
>> lock(&obj_hash[i].lock);
>> lock((console_sem).lock);
>>
>> *** DEADLOCK ***
>>
>> 2 locks held by syz-executor4/18832:
>> #0: 000000002b55bbcc (&fc->fs_type->s_umount_key#49/1){+.+.}, at:
>> alloc_super+0x25e/0xb20 fs/super.c:225
>> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> __debug_check_no_obj_freed lib/debugobjects.c:777 [inline]
>> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
>> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
>>
>> stack backtrace:
>> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> Call Trace:
>> __dump_stack lib/dump_stack.c:77 [inline]
>> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
>> print_circular_bug.isra.34.cold.55+0x1bd/0x27d
>> kernel/locking/lockdep.c:1222
>> check_prev_add kernel/locking/lockdep.c:1862 [inline]
>> check_prevs_add kernel/locking/lockdep.c:1975 [inline]
>> validate_chain kernel/locking/lockdep.c:2416 [inline]
>> __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
>> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
>> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
>> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
>> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
>> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
>> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
>> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
>> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
>> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
>> printk+0xa7/0xcf kernel/printk/printk.c:2001
>> __warn_printk+0x8c/0xe0 kernel/panic.c:590
>> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
>> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
>> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
>> kfree+0xc7/0x210 mm/slab.c:3812
>> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
>> mount_bdev+0x314/0x3e0 fs/super.c:1347
>> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
>> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
>> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
>> do_new_mount fs/namespace.c:2627 [inline]
>> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
>> ksys_mount+0x12d/0x140 fs/namespace.c:3167
>> __do_sys_mount fs/namespace.c:3181 [inline]
>> __se_sys_mount fs/namespace.c:3178 [inline]
>> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
>> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
>> entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x459aba
>> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
>> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
>> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
>> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
>> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
>> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
>> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
>> Dumping ftrace buffer:
>> ---------------------------------
>> syz-exec-23595 1...2 1079757271us : 0: }D
>> syz-exec-23595 1..s3 1079757464us : 0: }D
>> ---------------------------------
>> Kernel Offset: disabled
>> Rebooting in 86400 seconds..
>>
>>
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
>> syzbot.
>>
>> --
>> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009e76240574711017%40google.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> .
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING: ODEBUG bug in f2fs_fill_super
2019-02-21 2:45 ` Sheng Yong
(?)
@ 2019-02-21 9:27 ` Dmitry Vyukov
-1 siblings, 0 replies; 5+ messages in thread
From: Dmitry Vyukov @ 2019-02-21 9:27 UTC (permalink / raw)
To: Sheng Yong
Cc: syzbot, jaegeuk, stummala, linux-f2fs-devel, LKML,
syzkaller-bugs, yuchao0
On Thu, Feb 21, 2019 at 3:46 AM Sheng Yong <shengyong1@huawei.com> wrote:
>
> Hi, Dmitry,
>
> On 2019/2/20 23:12, Dmitry Vyukov wrote:
> > On Mon, Aug 27, 2018 at 11:04 PM syzbot
> > <syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following crash on:
> >>
> >> HEAD commit: e27bc174c9c6 Add linux-next specific files for 20180824
> >> git tree: linux-next
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=11c0034a400000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=28446088176757ea
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=77ea19d309d4cdc55cc1
> >> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> >>
> >> Unfortunately, I don't have any reproducer for this crash yet.
> >>
> >> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> >> Reported-by: syzbot+77ea19d309d4cdc55cc1@syzkaller.appspotmail.com
> >>
> >> ------------[ cut here ]------------
> >> ODEBUG: free active (active state 0) object type: percpu_counter
> >> hint: (null)
> >> WARNING: CPU: 1 PID: 18832 at lib/debugobjects.c:329
> >> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> >> Kernel panic - not syncing: panic_on_warn set ...
> >
> >
> > Was this fixed by something?
> > It happened a number of times, but then stopped after Oct 23 2018. Was it:
> >
> > commit 26b5a079197c8cb6725565968b7fd3299bd1877b
> > Author: Sheng Yong <shengyong1@huawei.com>
> > Date: Fri Oct 12 18:49:26 2018 +0800
> > f2fs: cleanup dirty pages if recover failed
> >
> > which fixed some bugs in f2fs_fill_super?
> >
> During mount, f2fs tries to recover fsync-ed data of last unclean umount.
> But if recover fails, f2fs_fill_super did not cleanup dirty pages which
> have already recovered. This will trigger f2fs_bug_on later.
>
> This patch fixes this by cleaning up these dirty pages and avoiding to
> writing back these pages. After that, f2fs will retry mount without
> recover.
>
> But I don't see the reason of the debugobject warning, and not sure if the
> patch fixed the warning :(
Thanks for the info.
So maybe it's still fixed by something (though, after briefly skimming
thorough the log, I don't see any other commits that could do it), or
maybe syzkaller unlearned how to trigger it, or maybe this bug is now
always preceded by some other bug so it's not possible to trigger it,
but it's still there.
Anyway, this bug report is a candidate for closure as obsoleted.
> >> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
> >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> >> Google 01/01/2011
> >> Call Trace:
> >> __dump_stack lib/dump_stack.c:77 [inline]
> >> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
> >> panic+0x238/0x4e7 kernel/panic.c:184
> >> __warn.cold.8+0x163/0x1ba kernel/panic.c:536
> >> report_bug+0x252/0x2d0 lib/bug.c:186
> >> fixup_bug arch/x86/kernel/traps.c:178 [inline]
> >> do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
> >> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
> >> invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:996
> >> RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> >> Code: 3a 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 92 00 00 00 48 8b 14 dd
> >> 20 e5 3a 87 4c 89 f6 48 c7 c7 c0 da 3a 87 e8 26 ec e3 fd <0f> 0b 83 05 a9
> >> 49 28 05 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
> >> RSP: 0018:ffff8801a9a97360 EFLAGS: 00010082
> >> RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffc90012037000
> >> RDX: 000000000002cd2b RSI: ffffffff8163b051 RDI: 0000000000000001
> >> RBP: ffff8801a9a973a0 R08: ffff8801c1f76100 R09: ffffed003b623eca
> >> R10: ffffed003b623eca R11: ffff8801db11f657 R12: 0000000000000001
> >> R13: ffffffff882b7ae0 R14: ffffffff873adf60 R15: 0000000000000000
> >> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> >> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> >> kfree+0xc7/0x210 mm/slab.c:3812
> >> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> >> mount_bdev+0x314/0x3e0 fs/super.c:1347
> >> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> >> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> >> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> >> do_new_mount fs/namespace.c:2627 [inline]
> >> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> >> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> >> __do_sys_mount fs/namespace.c:3181 [inline]
> >> __se_sys_mount fs/namespace.c:3178 [inline]
> >> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> >> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> >> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> >> RIP: 0033:0x459aba
> >> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
> >> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
> >> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
> >> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
> >> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
> >> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
> >> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
> >> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
> >> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
> >>
> >> ======================================================
> >> WARNING: possible circular locking dependency detected
> >> 4.18.0-next-20180824+ #47 Not tainted
> >> ------------------------------------------------------
> >> syz-executor4/18832 is trying to acquire lock:
> >> 00000000cd8e7eb7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
> >> kernel/locking/semaphore.c:136
> >>
> >> but task is already holding lock:
> >> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at: __debug_check_no_obj_freed
> >> lib/debugobjects.c:777 [inline]
> >> 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> >> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
> >>
> >> which lock already depends on the new lock.
> >>
> >>
> >> the existing dependency chain (in reverse order) is:
> >>
> >> -> #3 (&obj_hash[i].lock){-.-.}:
> >> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> >> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> >> __debug_object_init+0x127/0x12e0 lib/debugobjects.c:384
> >> debug_object_init+0x16/0x20 lib/debugobjects.c:432
> >> debug_hrtimer_init kernel/time/hrtimer.c:410 [inline]
> >> debug_init kernel/time/hrtimer.c:458 [inline]
> >> hrtimer_init+0x97/0x410 kernel/time/hrtimer.c:1308
> >> init_dl_task_timer+0x1b/0x50 kernel/sched/deadline.c:1057
> >> __sched_fork+0x2ae/0x590 kernel/sched/core.c:2160
> >> init_idle+0x75/0x740 kernel/sched/core.c:5377
> >> sched_init+0xbee/0xcbd kernel/sched/core.c:6060
> >> start_kernel+0x47d/0x94e init/main.c:602
> >> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
> >> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
> >> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
> >>
> >> -> #2 (&rq->lock){-.-.}:
> >> __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
> >> _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
> >> rq_lock kernel/sched/sched.h:1821 [inline]
> >> task_fork_fair+0x93/0x680 kernel/sched/fair.c:9574
> >> sched_fork+0x44b/0xbd0 kernel/sched/core.c:2353
> >> copy_process+0x235e/0x7af0 kernel/fork.c:1840
> >> _do_fork+0x1ca/0x1170 kernel/fork.c:2169
> >> kernel_thread+0x34/0x40 kernel/fork.c:2228
> >> rest_init+0x22/0xe4 init/main.c:408
> >> start_kernel+0x913/0x94e init/main.c:739
> >> x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:452
> >> x86_64_start_kernel+0x76/0x79 arch/x86/kernel/head64.c:433
> >> secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
> >>
> >> -> #1 (&p->pi_lock){-.-.}:
> >> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> >> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> >> try_to_wake_up+0xd2/0x1250 kernel/sched/core.c:1960
> >> wake_up_process+0x10/0x20 kernel/sched/core.c:2123
> >> __up.isra.1+0x1c0/0x2a0 kernel/locking/semaphore.c:262
> >> up+0x13c/0x1c0 kernel/locking/semaphore.c:187
> >> __up_console_sem+0xbe/0x1b0 kernel/printk/printk.c:245
> >> console_unlock+0x506/0x10d0 kernel/printk/printk.c:2430
> >> con_install+0x34e/0x420 drivers/tty/vt/vt.c:3241
> >> tty_driver_install_tty drivers/tty/tty_io.c:1224 [inline]
> >> tty_init_dev+0xfd/0x460 drivers/tty/tty_io.c:1324
> >> tty_open_by_driver drivers/tty/tty_io.c:1959 [inline]
> >> tty_open+0x692/0xb30 drivers/tty/tty_io.c:2007
> >> chrdev_open+0x25a/0x770 fs/char_dev.c:417
> >> do_dentry_open+0x49c/0x1140 fs/open.c:771
> >> vfs_open+0xa0/0xd0 fs/open.c:880
> >> do_last fs/namei.c:3418 [inline]
> >> path_openat+0x12fb/0x5300 fs/namei.c:3534
> >> do_filp_open+0x255/0x380 fs/namei.c:3564
> >> do_sys_open+0x584/0x720 fs/open.c:1063
> >> __do_sys_open fs/open.c:1081 [inline]
> >> __se_sys_open fs/open.c:1076 [inline]
> >> __x64_sys_open+0x7e/0xc0 fs/open.c:1076
> >> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> >> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> >>
> >> -> #0 ((console_sem).lock){-.-.}:
> >> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
> >> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> >> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> >> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
> >> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
> >> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
> >> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
> >> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
> >> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
> >> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
> >> printk+0xa7/0xcf kernel/printk/printk.c:2001
> >> __warn_printk+0x8c/0xe0 kernel/panic.c:590
> >> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> >> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> >> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> >> kfree+0xc7/0x210 mm/slab.c:3812
> >> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> >> mount_bdev+0x314/0x3e0 fs/super.c:1347
> >> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> >> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> >> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> >> do_new_mount fs/namespace.c:2627 [inline]
> >> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> >> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> >> __do_sys_mount fs/namespace.c:3181 [inline]
> >> __se_sys_mount fs/namespace.c:3178 [inline]
> >> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> >> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> >> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> >>
> >> other info that might help us debug this:
> >>
> >> Chain exists of:
> >> (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
> >>
> >> Possible unsafe locking scenario:
> >>
> >> CPU0 CPU1
> >> ---- ----
> >> lock(&obj_hash[i].lock);
> >> lock(&rq->lock);
> >> lock(&obj_hash[i].lock);
> >> lock((console_sem).lock);
> >>
> >> *** DEADLOCK ***
> >>
> >> 2 locks held by syz-executor4/18832:
> >> #0: 000000002b55bbcc (&fc->fs_type->s_umount_key#49/1){+.+.}, at:
> >> alloc_super+0x25e/0xb20 fs/super.c:225
> >> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> >> __debug_check_no_obj_freed lib/debugobjects.c:777 [inline]
> >> #1: 0000000046ad1dd4 (&obj_hash[i].lock){-.-.}, at:
> >> debug_check_no_obj_freed+0x16c/0x595 lib/debugobjects.c:818
> >>
> >> stack backtrace:
> >> CPU: 1 PID: 18832 Comm: syz-executor4 Not tainted 4.18.0-next-20180824+ #47
> >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> >> Google 01/01/2011
> >> Call Trace:
> >> __dump_stack lib/dump_stack.c:77 [inline]
> >> dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
> >> print_circular_bug.isra.34.cold.55+0x1bd/0x27d
> >> kernel/locking/lockdep.c:1222
> >> check_prev_add kernel/locking/lockdep.c:1862 [inline]
> >> check_prevs_add kernel/locking/lockdep.c:1975 [inline]
> >> validate_chain kernel/locking/lockdep.c:2416 [inline]
> >> __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
> >> lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
> >> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
> >> _raw_spin_lock_irqsave+0x96/0xc0 kernel/locking/spinlock.c:152
> >> down_trylock+0x13/0x70 kernel/locking/semaphore.c:136
> >> __down_trylock_console_sem+0xae/0x200 kernel/printk/printk.c:228
> >> console_trylock+0x15/0xa0 kernel/printk/printk.c:2249
> >> console_trylock_spinning kernel/printk/printk.c:1651 [inline]
> >> vprintk_emit+0x31f/0x910 kernel/printk/printk.c:1926
> >> vprintk_default+0x28/0x30 kernel/printk/printk.c:1968
> >> vprintk_func+0x7a/0x117 kernel/printk/printk_safe.c:398
> >> printk+0xa7/0xcf kernel/printk/printk.c:2001
> >> __warn_printk+0x8c/0xe0 kernel/panic.c:590
> >> debug_print_object+0x16a/0x210 lib/debugobjects.c:326
> >> __debug_check_no_obj_freed lib/debugobjects.c:786 [inline]
> >> debug_check_no_obj_freed+0x3b2/0x595 lib/debugobjects.c:818
> >> kfree+0xc7/0x210 mm/slab.c:3812
> >> f2fs_fill_super+0xe1a/0x8150 fs/f2fs/super.c:3147
> >> mount_bdev+0x314/0x3e0 fs/super.c:1347
> >> f2fs_mount+0x3c/0x50 fs/f2fs/super.c:3161
> >> legacy_get_tree+0x131/0x460 fs/fs_context.c:732
> >> vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746
> >> do_new_mount fs/namespace.c:2627 [inline]
> >> do_mount+0x6f9/0x1e30 fs/namespace.c:2951
> >> ksys_mount+0x12d/0x140 fs/namespace.c:3167
> >> __do_sys_mount fs/namespace.c:3181 [inline]
> >> __se_sys_mount fs/namespace.c:3178 [inline]
> >> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178
> >> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
> >> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> >> RIP: 0033:0x459aba
> >> Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f
> >> 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
> >> ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00
> >> RSP: 002b:00007f16f9937a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
> >> RAX: ffffffffffffffda RBX: 00007f16f9937b30 RCX: 0000000000459aba
> >> RDX: 00007f16f9937ad0 RSI: 0000000020000100 RDI: 00007f16f9937af0
> >> RBP: 0000000020000100 R08: 00007f16f9937b30 R09: 00007f16f9937ad0
> >> R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
> >> R13: 0000000000000000 R14: 00000000004c9c12 R15: 0000000000000000
> >> Dumping ftrace buffer:
> >> ---------------------------------
> >> syz-exec-23595 1...2 1079757271us : 0: }D
> >> syz-exec-23595 1..s3 1079757464us : 0: }D
> >> ---------------------------------
> >> Kernel Offset: disabled
> >> Rebooting in 86400 seconds..
> >>
> >>
> >> ---
> >> This bug is generated by a bot. It may contain errors.
> >> See https://goo.gl/tpsmEJ for more information about syzbot.
> >> syzbot engineers can be reached at syzkaller@googlegroups.com.
> >>
> >> syzbot will keep track of this bug report. See:
> >> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> >> syzbot.
> >>
> >> --
> >> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> >> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> >> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009e76240574711017%40google.com.
> >> For more options, visit https://groups.google.com/d/optout.
> >
> > .
> >
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-21 9:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-27 21:04 WARNING: ODEBUG bug in f2fs_fill_super syzbot
2019-02-20 15:12 ` Dmitry Vyukov
2019-02-21 2:45 ` Sheng Yong
2019-02-21 2:45 ` Sheng Yong
2019-02-21 9:27 ` Dmitry Vyukov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.