Hello,
syzbot found the following crash on:
HEAD commit: dfca92ba Merge 4.4.169 into android-4.4
git tree: android-4.4
console output:
https://syzkaller.appspot.com/x/log.txt?x=171dec4b400000
kernel config:
https://syzkaller.appspot.com/x/.config?x=39bc4256ec37590
dashboard link:
https://syzkaller.appspot.com/bug?extid=dd67188a561e8ad93a47
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+dd6718...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 27897 at fs/buffer.c:1160
mark_buffer_dirty+0x259/0x4d0 fs/buffer.c:1160()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 27897 Comm: syz-executor4 Not tainted 4.4.169+ #1
0000000000000000 f78d46e92ba991f7 ffff8800871d73c8 ffffffff81aab9c1
0000000000000000 ffffffff82835ee0 ffffffff828a3200 0000000000000488
ffffffff815434b9 ffff8800871d74a8 ffffffff813a46d2 0000000041b58ab3
Call Trace:
[<ffffffff81aab9c1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aab9c1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813a46d2>] panic+0x1b9/0x37b kernel/panic.c:112
[<ffffffff813a48c9>] warn_slowpath_common kernel/panic.c:455 [inline]
[<ffffffff813a48c9>] warn_slowpath_common.cold+0x20/0x20 kernel/panic.c:435
[<ffffffff810d3aca>] warn_slowpath_null+0x2a/0x30 kernel/panic.c:492
[<ffffffff815434b9>] mark_buffer_dirty+0x259/0x4d0 fs/buffer.c:1160
[<ffffffff81543fd5>] __block_commit_write.isra.0+0x135/0x1b0
fs/buffer.c:2006
[<ffffffff81544096>] block_write_end+0x46/0xb0 fs/buffer.c:2084
[<ffffffff8154c767>] blkdev_write_end+0x47/0x70 fs/block_dev.c:325
[<ffffffff813b9346>] generic_perform_write+0x326/0x540 mm/filemap.c:2602
lo_write_bvec: 42120 callbacks suppressed
loop: Write error at byte offset 10240000, length 4096.
loop: Write error at byte offset 10244096, length 4096.
loop: Write error at byte offset 10248192, length 4096.
loop: Write error at byte offset 10252288, length 4096.
loop: Write error at byte offset 10256384, length 4096.
loop: Write error at byte offset 10260480, length 4096.
loop: Write error at byte offset 10264576, length 4096.
loop: Write error at byte offset 10268672, length 4096.
loop: Write error at byte offset 10272768, length 4096.
loop: Write error at byte offset 10276864, length 4096.
blk_update_request: 42248 callbacks suppressed
blk_update_request: I/O error, dev loop0, sector 21024
blk_update_request: I/O error, dev loop0, sector 21032
blk_update_request: I/O error, dev loop0, sector 21040
blk_update_request: I/O error, dev loop0, sector 21048
blk_update_request: I/O error, dev loop0, sector 21056
blk_update_request: I/O error, dev loop0, sector 21064
blk_update_request: I/O error, dev loop0, sector 21072
blk_update_request: I/O error, dev loop0, sector 21080
blk_update_request: I/O error, dev loop0, sector 21088
blk_update_request: I/O error, dev loop0, sector 21096
buffer_io_error: 42376 callbacks suppressed
Buffer I/O error on dev loop0, logical block 2756, lost async page write
Buffer I/O error on dev loop0, logical block 2757, lost async page write
Buffer I/O error on dev loop0, logical block 2758, lost async page write
Buffer I/O error on dev loop0, logical block 2759, lost async page write
Buffer I/O error on dev loop0, logical block 2760, lost async page write
Buffer I/O error on dev loop0, logical block 2761, lost async page write
Buffer I/O error on dev loop0, logical block 2762, lost async page write
Buffer I/O error on dev loop0, logical block 2763, lost async page write
Buffer I/O error on dev loop0, logical block 2764, lost async page write
Buffer I/O error on dev loop0, logical block 2765, lost async page write
[<ffffffff813bcec0>] __generic_file_write_iter+0x350/0x540
mm/filemap.c:2716
[<ffffffff8154f7fe>] blkdev_write_iter+0x1ce/0x470 fs/block_dev.c:1655
[<ffffffff81495d10>] vfs_iter_write+0x1d0/0x2d0 fs/read_write.c:364
[<ffffffff815340a1>] iter_file_splice_write+0x5c1/0xb30 fs/splice.c:1024
[<ffffffff81530586>] do_splice_from fs/splice.c:1128 [inline]
[<ffffffff81530586>] direct_splice_actor+0x126/0x1a0 fs/splice.c:1294
[<ffffffff81531e9e>] splice_direct_to_actor+0x2ce/0x850 fs/splice.c:1247
[<ffffffff815325c5>] do_splice_direct+0x1a5/0x260 fs/splice.c:1337
[<ffffffff81499ccd>] do_sendfile+0x4ed/0xba0 fs/read_write.c:1227
[<ffffffff8149bce7>] SYSC_sendfile64 fs/read_write.c:1288 [inline]
[<ffffffff8149bce7>] SyS_sendfile64+0x137/0x150 fs/read_write.c:1274
[<ffffffff827153a1>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.