kernel BUG at fs/ext4/fsync.c:LINE!
7 views
Skip to first unread message
syzbot
May 24, 2019, 4:47:06 AM5/24/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1119dd8aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=6b3db5c3691adc1cdd41
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1226f472a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16dfcdf8a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6b3db5...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ext4/fsync.c:96!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 2074 Comm: syz-executor707 Not tainted 4.4.174+ #17
task: ffff8800b749df00 task.stack: ffff8800b6450000
RIP: 0010:[<ffffffff816359e0>] [<ffffffff816359e0>]
ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
RSP: 0018:ffff8801db607aa8 EFLAGS: 00010206
RAX: ffff8800b749df00 RBX: ffff8801d6b8d1a0 RCX: dffffc0000000000
RDX: 0000000000000100 RSI: ffffffff816359e0 RDI: ffff8800b749ef50
RBP: ffff8801db607af8 R08: 0000000000000003 R09: ffff8800b749e810
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800b7705600
R13: ffff8801d6b8d1c8 R14: 0000000000000000 R15: ffff8801d768a200
FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:0000000008ff3840
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007fff9634c0e8 CR3: 00000000b7703000 CR4: 00000000001606b0
Stack:
ffff8800ba2ba000 ffff8801d6b8d278 0000000100000009 000000000000ffff
0000000000000000 ffffffff816350b0 ffff8800b7705600 0000000000000001
0000000000000000 000000000000ffff ffff8801db607b48 ffffffff81538fd1
Call Trace:
<IRQ>
[<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
[<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
[<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
[<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
[<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
[<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0
drivers/scsi/scsi_lib.c:695
[<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810
drivers/scsi/scsi_lib.c:918
[<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520
drivers/scsi/scsi.c:607
[<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370
drivers/scsi/scsi_lib.c:1654
[<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
[<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
[<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
[<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
[<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
[<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
[<ffffffff8271971d>] common_interrupt+0x9d/0x9d
arch/x86/entry/entry_64.S:623
<EOI>
[<ffffffff81abc15e>] __radix_tree_lookup+0x12e/0x290 lib/radix-tree.c:523
[<ffffffff81abc332>] radix_tree_lookup_slot+0x72/0xc0 lib/radix-tree.c:555
[<ffffffff813b801e>] find_get_entry+0x8e/0x340 mm/filemap.c:1046
[<ffffffff813b99e8>] pagecache_get_page+0x48/0x400 mm/filemap.c:1146
[<ffffffff8153f986>] find_get_page_flags include/linux/pagemap.h:282
[inline]
[<ffffffff8153f986>] __find_get_block_slow+0x126/0x330 fs/buffer.c:214
[<ffffffff81541a11>] unmap_underlying_metadata+0x31/0xb0 fs/buffer.c:1640
[<ffffffff8165748f>] mpage_map_one_extent fs/ext4/inode.c:2249 [inline]
[<ffffffff8165748f>] mpage_map_and_submit_extent fs/ext4/inode.c:2287
[inline]
[<ffffffff8165748f>] ext4_writepages+0x14bf/0x2c40 fs/ext4/inode.c:2620
[<ffffffff813dac6c>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2341
[<ffffffff813bc53d>] __filemap_fdatawrite_range+0x1ad/0x260
mm/filemap.c:347
[<ffffffff813bc644>] __filemap_fdatawrite mm/filemap.c:355 [inline]
[<ffffffff813bc644>] filemap_flush+0x24/0x30 mm/filemap.c:380
[<ffffffff8164e295>] ext4_alloc_da_blocks+0x105/0x3d0 fs/ext4/inode.c:2993
[<ffffffff8170ca4e>] ext4_ind_migrate+0x51e/0x610 fs/ext4/migrate.c:640
[<ffffffff8166b356>] ext4_ioctl+0x2676/0x2cd0 fs/ext4/ioctl.c:317
[<ffffffff8166ba90>] ext4_compat_ioctl+0xe0/0x420 fs/ext4/ioctl.c:776
[<ffffffff8159b2c3>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
[<ffffffff8159b2c3>] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544
[<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330
[inline]
[<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
arch/x86/entry/common.c:397
[<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
Code: 00 00 49 8b 86 60 fe ff ff 48 0f ba e0 27 0f 82 e7 fe ff ff e8 22 3c
cd ff 4c 89 f7 e8 ca 66 eb ff e9 81 fb ff ff e8 10 3c cd ff <0f> 0b e8 09
3c cd ff 65 8b 15 1a 07 9e 7e 48 8b 05 8b 0e 20 01
RIP [<ffffffff816359e0>] ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
RSP <ffff8801db607aa8>
---[ end trace adc0f74abdaa0bc3 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1119dd8aa00000
kernel config: https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link: https://syzkaller.appspot.com/bug?extid=6b3db5c3691adc1cdd41
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1226f472a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16dfcdf8a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+6b3db5...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ext4/fsync.c:96!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 2074 Comm: syz-executor707 Not tainted 4.4.174+ #17
task: ffff8800b749df00 task.stack: ffff8800b6450000
RIP: 0010:[<ffffffff816359e0>] [<ffffffff816359e0>]
ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
RSP: 0018:ffff8801db607aa8 EFLAGS: 00010206
RAX: ffff8800b749df00 RBX: ffff8801d6b8d1a0 RCX: dffffc0000000000
RDX: 0000000000000100 RSI: ffffffff816359e0 RDI: ffff8800b749ef50
RBP: ffff8801db607af8 R08: 0000000000000003 R09: ffff8800b749e810
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800b7705600
R13: ffff8801d6b8d1c8 R14: 0000000000000000 R15: ffff8801d768a200
FS: 0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:0000000008ff3840
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007fff9634c0e8 CR3: 00000000b7703000 CR4: 00000000001606b0
Stack:
ffff8800ba2ba000 ffff8801d6b8d278 0000000100000009 000000000000ffff
0000000000000000 ffffffff816350b0 ffff8800b7705600 0000000000000001
0000000000000000 000000000000ffff ffff8801db607b48 ffffffff81538fd1
Call Trace:
<IRQ>
[<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
[<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
[<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
[<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
[<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
[<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
[<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0
drivers/scsi/scsi_lib.c:695
[<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810
drivers/scsi/scsi_lib.c:918
[<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520
drivers/scsi/scsi.c:607
[<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370
drivers/scsi/scsi_lib.c:1654
[<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
[<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
[<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
[<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
[<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
[<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
[<ffffffff8271971d>] common_interrupt+0x9d/0x9d
arch/x86/entry/entry_64.S:623
<EOI>
[<ffffffff81abc15e>] __radix_tree_lookup+0x12e/0x290 lib/radix-tree.c:523
[<ffffffff81abc332>] radix_tree_lookup_slot+0x72/0xc0 lib/radix-tree.c:555
[<ffffffff813b801e>] find_get_entry+0x8e/0x340 mm/filemap.c:1046
[<ffffffff813b99e8>] pagecache_get_page+0x48/0x400 mm/filemap.c:1146
[<ffffffff8153f986>] find_get_page_flags include/linux/pagemap.h:282
[inline]
[<ffffffff8153f986>] __find_get_block_slow+0x126/0x330 fs/buffer.c:214
[<ffffffff81541a11>] unmap_underlying_metadata+0x31/0xb0 fs/buffer.c:1640
[<ffffffff8165748f>] mpage_map_one_extent fs/ext4/inode.c:2249 [inline]
[<ffffffff8165748f>] mpage_map_and_submit_extent fs/ext4/inode.c:2287
[inline]
[<ffffffff8165748f>] ext4_writepages+0x14bf/0x2c40 fs/ext4/inode.c:2620
[<ffffffff813dac6c>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2341
[<ffffffff813bc53d>] __filemap_fdatawrite_range+0x1ad/0x260
mm/filemap.c:347
[<ffffffff813bc644>] __filemap_fdatawrite mm/filemap.c:355 [inline]
[<ffffffff813bc644>] filemap_flush+0x24/0x30 mm/filemap.c:380
[<ffffffff8164e295>] ext4_alloc_da_blocks+0x105/0x3d0 fs/ext4/inode.c:2993
[<ffffffff8170ca4e>] ext4_ind_migrate+0x51e/0x610 fs/ext4/migrate.c:640
[<ffffffff8166b356>] ext4_ioctl+0x2676/0x2cd0 fs/ext4/ioctl.c:317
[<ffffffff8166ba90>] ext4_compat_ioctl+0xe0/0x420 fs/ext4/ioctl.c:776
[<ffffffff8159b2c3>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
[<ffffffff8159b2c3>] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544
[<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330
[inline]
[<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90
arch/x86/entry/common.c:397
[<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
Code: 00 00 49 8b 86 60 fe ff ff 48 0f ba e0 27 0f 82 e7 fe ff ff e8 22 3c
cd ff 4c 89 f7 e8 ca 66 eb ff e9 81 fb ff ff e8 10 3c cd ff <0f> 0b e8 09
3c cd ff 65 8b 15 1a 07 9e 7e 48 8b 05 8b 0e 20 01
RIP [<ffffffff816359e0>] ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
RSP <ffff8801db607aa8>
---[ end trace adc0f74abdaa0bc3 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages