kernel BUG at fs/ext4/ext4.h:LINE!
已查看 42 次
跳至第一个未读帖子
syzbot
2020年10月8日 09:59:182020/10/8
收件人 syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 54d2c66f Merge 5.4.70 into android12-5.4
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=143dc68b900000
kernel config: https://syzkaller.appspot.com/x/.config?x=4bda4a55322c359a
dashboard link: https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
EXT4-fs error (device sda1) in ext4_reserve_inode_write:6003: Out of memory
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2976!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3660 Comm: syz-executor.3 Not tainted 5.4.70-syzkaller-00061-g54d2c66faf42 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R10: ffffed1032e6872d R11: 0000000000000000 R12: 1ffff1103aca367e
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000204d41ff CR3: 00000001c94fe005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_discard_preallocations+0x76d/0x1210 fs/ext4/mballoc.c:4091
ext4_release_file+0x160/0x300 fs/ext4/file.c:98
__fput+0x27d/0x6c0 fs/file_table.c:280
task_work_run+0x176/0x1a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
prepare_exit_to_usermode+0x286/0x2e0 arch/x86/entry/common.c:194
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffcb13d9cd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000417781
RDX: 0000000000000000 RSI: 0000000000000ef4 RDI: 0000000000000007
RBP: 0000000000000001 R08: 000000009de48ef4 R09: 000000009de48ef8
R10: 00007ffcb13d9db0 R11: 0000000000000293 R12: 000000000118c9a0
R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118bf2c
Modules linked in:
---[ end trace 8c5a974167b1d2af ]---
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203f0000 CR3: 00000001c94fe004 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 54d2c66f Merge 5.4.70 into android12-5.4
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=143dc68b900000
kernel config: https://syzkaller.appspot.com/x/.config?x=4bda4a55322c359a
dashboard link: https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
EXT4-fs error (device sda1) in ext4_reserve_inode_write:6003: Out of memory
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2976!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3660 Comm: syz-executor.3 Not tainted 5.4.70-syzkaller-00061-g54d2c66faf42 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R10: ffffed1032e6872d R11: 0000000000000000 R12: 1ffff1103aca367e
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000204d41ff CR3: 00000001c94fe005 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_discard_preallocations+0x76d/0x1210 fs/ext4/mballoc.c:4091
ext4_release_file+0x160/0x300 fs/ext4/file.c:98
__fput+0x27d/0x6c0 fs/file_table.c:280
task_work_run+0x176/0x1a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
prepare_exit_to_usermode+0x286/0x2e0 arch/x86/entry/common.c:194
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x417781
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffcb13d9cd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000417781
RDX: 0000000000000000 RSI: 0000000000000ef4 RDI: 0000000000000007
RBP: 0000000000000001 R08: 000000009de48ef4 R09: 000000009de48ef8
R10: 00007ffcb13d9db0 R11: 0000000000000293 R12: 000000000118c9a0
R13: 000000000118c9a0 R14: 00000000000003e8 R15: 000000000118bf2c
Modules linked in:
---[ end trace 8c5a974167b1d2af ]---
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2976 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xe51/0xe70 fs/ext4/mballoc.c:1116
Code: ff e8 a3 34 cd ff e9 d8 f3 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 1a f4 ff ff e8 a9 34 cd ff e9 10 f4 ff ff e8 1f 7a 9f ff <0f> 0b e8 18 7a 9f ff 0f 0b e8 11 7a 9f ff 0f 0b e8 0a 7a 9f ff 0f
RSP: 0018:ffff8881c90b7c08 EFLAGS: 00010293
RAX: ffffffff81a1ed91 RBX: 0000000000000010 RCX: ffff8881c9675d00
RDX: 0000000000000000 RSI: 00000000fffe6f52 RDI: 0000000000000010
RBP: ffff8881d6590000 R08: ffffffff81a1e022 R09: ffffed1032e6872d
R13: 00000000fffe6f52 R14: ffff8881d651b018 R15: ffff8881d651b3f0
FS: 0000000002c0d940(0000) GS:ffff8881db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203f0000 CR3: 00000001c94fe004 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
2021年1月20日 06:26:172021/1/20
收件人 syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e4139b2a ANDROID: dm-user: Fix the list walk-and-delete code
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=14e60f3f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=e50b6c748323589e
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
EXT4-fs error (device loop0): ext4_xattr_ibody_get:591: inode #18: comm syz-executor.0: corrupted in-inode xattr
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2977!
RIP: 0010:ext4_mb_find_by_goal+0x12af/0x12e0 fs/ext4/mballoc.c:1824
Code: f3 e9 77 fb ff ff 49 ff ce 4c 89 f3 e9 44 fc ff ff e8 05 63 9d ff e9 1d f3 ff ff e8 fb 62 9d ff e9 5b f4 ff ff e8 f1 62 9d ff <0f> 0b e8 1a 0b 75 ff e8 e5 62 9d ff 0f 0b e8 de 62 9d ff 0f 0b e8
RSP: 0018:ffff8881e79ae780 EFLAGS: 00010293
RAX: ffffffff81c7722f RBX: 0000000000000001 RCX: ffff8881e80c9f00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff8881e79ae8b0 R08: ffffffff81c760ba R09: ffffed103c02e669
R10: ffffed103c02e669 R11: 0000000000000000 R12: 1ffff1103cf9247e
R13: 0000000000000001 R14: 1ffff1103cf35d00 R15: ffff8881e7c923f0
FS: 00007f5c02ad6700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
ext4_mb_new_blocks+0x72a/0x28a0 fs/ext4/mballoc.c:4567
ext4_ext_map_blocks+0x2e19/0x4690 fs/ext4/extents.c:4467
ext4_map_blocks+0x982/0x1eb0 fs/ext4/inode.c:659
_ext4_get_block+0x217/0x6c0 fs/ext4/inode.c:810
ext4_block_write_begin+0x6db/0x1210 fs/ext4/inode.c:1221
ext4_write_begin+0x9a6/0x1b60 fs/ext4/ext4_jbd2.h:453
ext4_da_write_begin+0x340/0xfc0 fs/ext4/inode.c:3070
generic_perform_write+0x2f7/0x590 mm/filemap.c:3292
__generic_file_write_iter+0x232/0x460 mm/filemap.c:3421
ext4_file_write_iter+0x46f/0x1070 fs/ext4/file.c:270
do_iter_readv_writev+0x64e/0x8e0 include/linux/fs.h:1959
do_iter_write+0x16d/0x570 fs/read_write.c:970
vfs_writev fs/read_write.c:1015 [inline]
do_pwritev+0x2b9/0x4c0 fs/read_write.c:1112
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5c02ad5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
RDX: 0000000000000002 RSI: 0000000020000380 RDI: 0000000000000006
RBP: 000000000119c078 R08: 000000000000001f R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 000000000119c034
R13: 00007fff953d2cff R14: 00007f5c02ad69c0 R15: 000000000119c034
Modules linked in:
RBP: ffff8881e79ae8b0 R08: ffffffff81c760ba R09: ffffed103c02e669
R10: ffffed103c02e669 R11: 0000000000000000 R12: 1ffff1103cf9247e
R13: 0000000000000001 R14: 1ffff1103cf35d00 R15: ffff8881e7c923f0
FS: 00007f5c02ad6700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
HEAD commit: e4139b2a ANDROID: dm-user: Fix the list walk-and-delete code
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=14e60f3f500000
kernel config: https://syzkaller.appspot.com/x/.config?x=e50b6c748323589e
dashboard link: https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14bfc4c8d00000
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2977!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 385 Comm: syz-executor.0 Not tainted 5.4.91-syzkaller-00408-ge4139b2a81bd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2977 [inline]
RIP: 0010:ext4_mb_find_by_goal+0x12af/0x12e0 fs/ext4/mballoc.c:1824
Code: f3 e9 77 fb ff ff 49 ff ce 4c 89 f3 e9 44 fc ff ff e8 05 63 9d ff e9 1d f3 ff ff e8 fb 62 9d ff e9 5b f4 ff ff e8 f1 62 9d ff <0f> 0b e8 1a 0b 75 ff e8 e5 62 9d ff 0f 0b e8 de 62 9d ff 0f 0b e8
RSP: 0018:ffff8881e79ae780 EFLAGS: 00010293
RAX: ffffffff81c7722f RBX: 0000000000000001 RCX: ffff8881e80c9f00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffff8881e79ae8b0 R08: ffffffff81c760ba R09: ffffed103c02e669
R10: ffffed103c02e669 R11: 0000000000000000 R12: 1ffff1103cf9247e
R13: 0000000000000001 R14: 1ffff1103cf35d00 R15: ffff8881e7c923f0
FS: 00007f5c02ad6700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556e19977578 CR3: 00000001e8421000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_mb_regular_allocator+0x1eb/0x1600 fs/ext4/mballoc.c:2127
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_mb_new_blocks+0x72a/0x28a0 fs/ext4/mballoc.c:4567
ext4_ext_map_blocks+0x2e19/0x4690 fs/ext4/extents.c:4467
ext4_map_blocks+0x982/0x1eb0 fs/ext4/inode.c:659
_ext4_get_block+0x217/0x6c0 fs/ext4/inode.c:810
ext4_block_write_begin+0x6db/0x1210 fs/ext4/inode.c:1221
ext4_write_begin+0x9a6/0x1b60 fs/ext4/ext4_jbd2.h:453
ext4_da_write_begin+0x340/0xfc0 fs/ext4/inode.c:3070
generic_perform_write+0x2f7/0x590 mm/filemap.c:3292
__generic_file_write_iter+0x232/0x460 mm/filemap.c:3421
ext4_file_write_iter+0x46f/0x1070 fs/ext4/file.c:270
do_iter_readv_writev+0x64e/0x8e0 include/linux/fs.h:1959
do_iter_write+0x16d/0x570 fs/read_write.c:970
vfs_writev fs/read_write.c:1015 [inline]
do_pwritev+0x2b9/0x4c0 fs/read_write.c:1112
do_syscall_64+0xcb/0x150 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45e219
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5c02ad5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
RDX: 0000000000000002 RSI: 0000000020000380 RDI: 0000000000000006
RBP: 000000000119c078 R08: 000000000000001f R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 000000000119c034
R13: 00007fff953d2cff R14: 00007f5c02ad69c0 R15: 000000000119c034
Modules linked in:
RBP: ffff8881e79ae8b0 R08: ffffffff81c760ba R09: ffffed103c02e669
R10: ffffed103c02e669 R11: 0000000000000000 R12: 1ffff1103cf9247e
R13: 0000000000000001 R14: 1ffff1103cf35d00 R15: ffff8881e7c923f0
FS: 00007f5c02ad6700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556e19977578 CR3: 00000001e8421000 CR4: 00000000001406e0
syzbot
2021年3月27日 02:24:112021/3/27
收件人 syzkaller-a...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7af03784 ANDROID: Make vsock virtio packet buff size confi..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13bfb1aad00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca03477603d6d76
dashboard link: https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=171b34aad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17878d06d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
RIP: 0010:ext4_mb_load_buddy_gfp+0xdf0/0xe10 fs/ext4/mballoc.c:1116
Code: ff e8 84 3c cd ff e9 45 f4 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 8c f4 ff ff e8 8a 3c cd ff e9 82 f4 ff ff e8 50 6e 9e ff <0f> 0b e8 49 6e 9e ff 0f 0b e8 42 6e 9e ff 0f 0b e8 3b 6e 9e ff 0f
RSP: 0018:ffff8881e8d07c08 EFLAGS: 00010293
RAX: ffffffff81c6d8f0 RBX: 0000000000000010 RCX: ffff8881e92ede80
RDX: 0000000000000000 RSI: 00000000fffec510 RDI: 0000000000000010
RBP: ffff8881f1763000 R08: ffffffff81c6cbd3 R09: ffffed103be1e007
R10: ffffed103be1e007 R11: 0000000000000000 R12: 1ffff1103e2ec47e
R13: ffff8881f1762018 R14: 00000000fffec510 R15: ffff8881f17623f0
FS: 00000000005de400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
ext4_release_file+0x160/0x300 fs/ext4/file.c:98
__fput+0x27d/0x6c0 fs/file_table.c:281
task_work_run+0x186/0x1b0 kernel/task_work.c:113
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x40845b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007fffeda7d0d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000040845b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000004cf4ec R08: 0000000000000000 R09: 0000003500000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 00007fffeda7d130 R14: 00007fffeda7d1a0 R15: 000000000000000b
Modules linked in:
RDX: 0000000000000000 RSI: 00000000fffec510 RDI: 0000000000000010
RBP: ffff8881f1763000 R08: ffffffff81c6cbd3 R09: ffffed103be1e007
R10: ffffed103be1e007 R11: 0000000000000000 R12: 1ffff1103e2ec47e
R13: ffff8881f1762018 R14: 00000000fffec510 R15: ffff8881f17623f0
FS: 00000000005de400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
HEAD commit: 7af03784 ANDROID: Make vsock virtio packet buff size confi..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13bfb1aad00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca03477603d6d76
dashboard link: https://syzkaller.appspot.com/bug?extid=c24787e72920213d5bcb
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=171b34aad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17878d06d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c24787...@syzkaller.appspotmail.com
kernel BUG at fs/ext4/ext4.h:2977!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 349 Comm: syz-executor312 Not tainted 5.4.108-syzkaller-00846-g7af03784d889 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2977 [inline]
RIP: 0010:ext4_mb_load_buddy_gfp+0xdf0/0xe10 fs/ext4/mballoc.c:1116
Code: ff e8 84 3c cd ff e9 45 f4 ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 8c f4 ff ff e8 8a 3c cd ff e9 82 f4 ff ff e8 50 6e 9e ff <0f> 0b e8 49 6e 9e ff 0f 0b e8 42 6e 9e ff 0f 0b e8 3b 6e 9e ff 0f
RSP: 0018:ffff8881e8d07c08 EFLAGS: 00010293
RAX: ffffffff81c6d8f0 RBX: 0000000000000010 RCX: ffff8881e92ede80
RDX: 0000000000000000 RSI: 00000000fffec510 RDI: 0000000000000010
RBP: ffff8881f1763000 R08: ffffffff81c6cbd3 R09: ffffed103be1e007
R10: ffffed103be1e007 R11: 0000000000000000 R12: 1ffff1103e2ec47e
R13: ffff8881f1762018 R14: 00000000fffec510 R15: ffff8881f17623f0
FS: 00000000005de400(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc84ba52718 CR3: 00000001ea9e4000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_discard_preallocations+0x63d/0x1240 fs/ext4/mballoc.c:4091
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_release_file+0x160/0x300 fs/ext4/file.c:98
__fput+0x27d/0x6c0 fs/file_table.c:281
task_work_run+0x186/0x1b0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
prepare_exit_to_usermode+0x2b0/0x310 arch/x86/entry/common.c:194
exit_to_usermode_loop arch/x86/entry/common.c:163 [inline]
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x40845b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007fffeda7d0d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000040845b
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000004cf4ec R08: 0000000000000000 R09: 0000003500000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 00007fffeda7d130 R14: 00007fffeda7d1a0 R15: 000000000000000b
Modules linked in:
RDX: 0000000000000000 RSI: 00000000fffec510 RDI: 0000000000000010
RBP: ffff8881f1763000 R08: ffffffff81c6cbd3 R09: ffffed103be1e007
R10: ffffed103be1e007 R11: 0000000000000000 R12: 1ffff1103e2ec47e
R13: ffff8881f1762018 R14: 00000000fffec510 R15: ffff8881f17623f0
FS: 00000000005de400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe59ea20000 CR3: 00000001ea9e4000 CR4: 00000000001406e0
回复全部
回复作者
转发
0 个新帖子