Hello,
syzbot found the following issue on:
HEAD commit: 54d2c66f Merge 5.4.70 into android12-5.4
git tree: android12-5.4
console output:
https://syzkaller.appspot.com/x/log.txt?x=143dc68b900000
kernel config:
https://syzkaller.appspot.com/x/.config?x=4bda4a55322c359a
dashboard link:
https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Android (6032204 based on r370808) clang version 10.0.1 (
https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+c24787...@syzkaller.appspotmail.com
EXT4-fs error (device sda1) in ext4_reserve_inode_write:6003: Out of memory
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2976!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3660 Comm: syz-executor.3 Not tainted 5.4.70-syzkaller-00061-g54d2c66faf42 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R10: ffffed1032e6872d R11: 0000000000000000 R12: 1ffff1103aca367e
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000204d41ff CR3: 00000001c94fe005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_discard_preallocations+0x76d/0x1210 fs/ext4/mballoc.c:4091
ext4_release_file+0x160/0x300 fs/ext4/file.c:98
__fput+0x27d/0x6c0 fs/file_table.c:280
task_work_run+0x176/0x1a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
prepare_exit_to_usermode+0x286/0x2e0 arch/x86/entry/common.c:194
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffcb13d9cd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000417781
RDX: 0000000000000000 RSI: 0000000000000ef4 RDI: 0000000000000007
RBP: 0000000000000001 R08: 000000009de48ef4 R09: 000000009de48ef8
R10: 00007ffcb13d9db0 R11: 0000000000000293 R12: 000000000118c9a0
R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118bf2c
Modules linked in:
---[ end trace 8c5a974167b1d2af ]---
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203f0000 CR3: 00000001c94fe004 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.