Re: [f2fs-dev] [syzbot] [f2fs?] kernel BUG in new_curseg (2)

[syzbot <syzbot+15669ec8c35ddf6c3d43@syzkaller.appspotmail.com>]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in f2fs_handle_critical_error

kworker/u8:3: attempt to access beyond end of device
loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
------------[ cut here ]------------
WARNING: CPU: 0 PID: 53 at fs/f2fs/super.c:4255 f2fs_handle_critical_error+0x34f/0x590 fs/f2fs/super.c:4255
Modules linked in:
CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.14.0-rc1-syzkaller-00028-gb49923b8c6ce #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:f2fs_handle_critical_error+0x34f/0x590 fs/f2fs/super.c:4255
Code: 48 83 e6 40 31 ff e8 00 10 a4 fd 48 83 e3 40 0f 84 30 02 00 00 e8 11 0b a4 fd 48 8b 5c 24 10 40 84 ed 74 1a e8 02 0b a4 fd 90 <0f> 0b 90 80 7c 24 08 00 74 30 e8 f2 0a a4 fd e9 83 00 00 00 e8 e8
RSP: 0018:ffffc90000bd6be0 EFLAGS: 00010293
RAX: ffffffff841b52be RBX: ffff88807df62000 RCX: ffff8880226fda00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
RBP: 0000000000000003 R08: ffffffff841b521b R09: 1ffffffff2858d2c
R10: dffffc0000000000 R11: fffffbfff2858d2d R12: ffff8880551e596b
R13: dffffc0000000000 R14: ffff8880551e4000 R15: ffff8880551e5988
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f490b243290 CR3: 0000000029b3e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 f2fs_write_end_io+0x674/0x9a0 fs/f2fs/data.c:347
 __submit_merged_bio+0x2a9/0x710 fs/f2fs/data.c:537
 __f2fs_submit_merged_write fs/f2fs/data.c:633 [inline]
 __submit_merged_write_cond fs/f2fs/data.c:655 [inline]
 f2fs_submit_merged_write+0x1ea/0x2c0 fs/f2fs/data.c:665
 f2fs_sync_node_pages+0x1a2c/0x1c90 fs/f2fs/node.c:2101
 f2fs_write_node_pages+0x304/0x6d0 fs/f2fs/node.c:2173
 do_writepages+0x35f/0x880 mm/page-writeback.c:2687
 __writeback_single_inode+0x14f/0x10d0 fs/fs-writeback.c:1680
 writeback_sb_inodes+0x820/0x1360 fs/fs-writeback.c:1976
 wb_writeback+0x413/0xb80 fs/fs-writeback.c:2156
 wb_do_writeback fs/fs-writeback.c:2303 [inline]
 wb_workfn+0x410/0x1080 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>


Tested on:

commit:         b49923b8 f2fs: fix to avoid panic once fallocation fai..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git bugfix/syzbot
console output: https://syzkaller.appspot.com/x/log.txt?x=14c2b1b0580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=147b7d49d83b8036
dashboard link: https://syzkaller.appspot.com/bug?extid=15669ec8c35ddf6c3d43
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel