kernel BUG at fs/ext4/inode.c:LINE!
20 views
Skip to first unread message
syzbot
Oct 13, 2020, 9:19:18 PM10/13/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a1b977b4 Linux 4.19.150
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12589cd8500000
kernel config: https://syzkaller.appspot.com/x/.config?x=c14008c8da1ca4d4
dashboard link: https://syzkaller.appspot.com/bug?extid=48d1691ba2166f340a9c
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10990f9f900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=177d909b900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48d169...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,noacl,nomblk_io_submit,nomblk_io_submit,barrier=0x000000000000007f,
EXT4-fs (loop0): re-mounted. Opts:
EXT4-fs error (device loop0): __ext4_new_inode:922: comm syz-executor306: reserved inode found cleared - inode=1
EXT4-fs (loop0): Remounting filesystem read-only
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:981!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6496 Comm: syz-executor306 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_getblk+0x470/0x510 fs/ext4/inode.c:981
Code: 01 e8 b4 12 7c ff 4c 89 e7 e8 6c 00 ce ff e9 94 fd ff ff e8 a2 12 7c ff 4c 89 e7 e8 ba 00 ce ff e9 d3 fe ff ff e8 90 12 7c ff <0f> 0b 48 c7 c7 00 c0 a1 89 e8 52 5c c0 01 e8 bd b6 4c ff 48 89 34
RSP: 0018:ffff8880a3e27258 EFLAGS: 00010293
RAX: ffff8880a3d86140 RBX: 0000000000000009 RCX: ffffffff81f5bf31
RDX: 0000000000000000 RSI: ffffffff81f5bfd0 RDI: 0000000000000005
RBP: 1ffff110147c4e4d R08: 0000000000002400 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000021
R13: 0000000000000000 R14: ffff888082ffa5f0 R15: 0000000000000001
FS: 0000000001380880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005589959e3230 CR3: 00000000909cc000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_bread+0x7c/0x210 fs/ext4/inode.c:1035
ext4_quota_write+0x244/0x580 fs/ext4/super.c:5997
write_blk+0x12d/0x210 fs/quota/quota_tree.c:72
remove_free_dqentry+0x1eb/0x4b0 fs/quota/quota_tree.c:168
free_dqentry fs/quota/quota_tree.c:436 [inline]
remove_tree+0x9cc/0x1110 fs/quota/quota_tree.c:491
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
qtree_delete_dquot fs/quota/quota_tree.c:527 [inline]
qtree_release_dquot fs/quota/quota_tree.c:673 [inline]
qtree_release_dquot+0x195/0x1d0 fs/quota/quota_tree.c:669
v2_release_dquot+0xce/0x120 fs/quota/quota_v2.c:350
dquot_release+0x1be/0x3b0 fs/quota/dquot.c:497
ext4_release_dquot+0x23e/0x2b0 fs/ext4/super.c:5676
dqput.part.0+0x1a3/0x850 fs/quota/dquot.c:794
dqput fs/quota/dquot.c:752 [inline]
dqput_all fs/quota/dquot.c:391 [inline]
__dquot_drop+0x1c6/0x2a0 fs/quota/dquot.c:1568
dquot_drop+0x14b/0x1a0 fs/quota/dquot.c:1593
ext4_clear_inode+0x31/0x1d0 fs/ext4/super.c:1180
ext4_evict_inode+0x25b/0x1830 fs/ext4/inode.c:348
evict+0x2ed/0x780 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
evict_inodes+0x341/0x430 fs/inode.c:644
generic_shutdown_super+0xb3/0x370 fs/super.c:448
kill_block_super+0x97/0xf0 fs/super.c:1185
deactivate_locked_super+0x8c/0x100 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1da/0x300 fs/namespace.c:1098
task_work_run+0x141/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448467
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdc905e478 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000019f89 RCX: 0000000000448467
RDX: 0000000000400cf7 RSI: 0000000000000002 RDI: 00007ffdc905e520
RBP: 0000000000001961 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffdc905f580
R13: 0000000001381880 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 29c470143373e70d ]---
RIP: 0010:ext4_getblk+0x470/0x510 fs/ext4/inode.c:981
Code: 01 e8 b4 12 7c ff 4c 89 e7 e8 6c 00 ce ff e9 94 fd ff ff e8 a2 12 7c ff 4c 89 e7 e8 ba 00 ce ff e9 d3 fe ff ff e8 90 12 7c ff <0f> 0b 48 c7 c7 00 c0 a1 89 e8 52 5c c0 01 e8 bd b6 4c ff 48 89 34
RSP: 0018:ffff8880a3e27258 EFLAGS: 00010293
RAX: ffff8880a3d86140 RBX: 0000000000000009 RCX: ffffffff81f5bf31
RDX: 0000000000000000 RSI: ffffffff81f5bfd0 RDI: 0000000000000005
RBP: 1ffff110147c4e4d R08: 0000000000002400 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000021
R13: 0000000000000000 R14: ffff888082ffa5f0 R15: 0000000000000001
FS: 0000000001380880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005589959e3230 CR3: 00000000909cc000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: a1b977b4 Linux 4.19.150
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12589cd8500000
kernel config: https://syzkaller.appspot.com/x/.config?x=c14008c8da1ca4d4
dashboard link: https://syzkaller.appspot.com/bug?extid=48d1691ba2166f340a9c
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10990f9f900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=177d909b900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+48d169...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,noacl,nomblk_io_submit,nomblk_io_submit,barrier=0x000000000000007f,
EXT4-fs (loop0): re-mounted. Opts:
EXT4-fs error (device loop0): __ext4_new_inode:922: comm syz-executor306: reserved inode found cleared - inode=1
EXT4-fs (loop0): Remounting filesystem read-only
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:981!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6496 Comm: syz-executor306 Not tainted 4.19.150-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ext4_getblk+0x470/0x510 fs/ext4/inode.c:981
Code: 01 e8 b4 12 7c ff 4c 89 e7 e8 6c 00 ce ff e9 94 fd ff ff e8 a2 12 7c ff 4c 89 e7 e8 ba 00 ce ff e9 d3 fe ff ff e8 90 12 7c ff <0f> 0b 48 c7 c7 00 c0 a1 89 e8 52 5c c0 01 e8 bd b6 4c ff 48 89 34
RSP: 0018:ffff8880a3e27258 EFLAGS: 00010293
RAX: ffff8880a3d86140 RBX: 0000000000000009 RCX: ffffffff81f5bf31
RDX: 0000000000000000 RSI: ffffffff81f5bfd0 RDI: 0000000000000005
RBP: 1ffff110147c4e4d R08: 0000000000002400 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000021
R13: 0000000000000000 R14: ffff888082ffa5f0 R15: 0000000000000001
FS: 0000000001380880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005589959e3230 CR3: 00000000909cc000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_bread+0x7c/0x210 fs/ext4/inode.c:1035
ext4_quota_write+0x244/0x580 fs/ext4/super.c:5997
write_blk+0x12d/0x210 fs/quota/quota_tree.c:72
remove_free_dqentry+0x1eb/0x4b0 fs/quota/quota_tree.c:168
free_dqentry fs/quota/quota_tree.c:436 [inline]
remove_tree+0x9cc/0x1110 fs/quota/quota_tree.c:491
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
remove_tree+0x1eb/0x1110 fs/quota/quota_tree.c:494
qtree_delete_dquot fs/quota/quota_tree.c:527 [inline]
qtree_release_dquot fs/quota/quota_tree.c:673 [inline]
qtree_release_dquot+0x195/0x1d0 fs/quota/quota_tree.c:669
v2_release_dquot+0xce/0x120 fs/quota/quota_v2.c:350
dquot_release+0x1be/0x3b0 fs/quota/dquot.c:497
ext4_release_dquot+0x23e/0x2b0 fs/ext4/super.c:5676
dqput.part.0+0x1a3/0x850 fs/quota/dquot.c:794
dqput fs/quota/dquot.c:752 [inline]
dqput_all fs/quota/dquot.c:391 [inline]
__dquot_drop+0x1c6/0x2a0 fs/quota/dquot.c:1568
dquot_drop+0x14b/0x1a0 fs/quota/dquot.c:1593
ext4_clear_inode+0x31/0x1d0 fs/ext4/super.c:1180
ext4_evict_inode+0x25b/0x1830 fs/ext4/inode.c:348
evict+0x2ed/0x780 fs/inode.c:559
dispose_list+0x124/0x1f0 fs/inode.c:594
evict_inodes+0x341/0x430 fs/inode.c:644
generic_shutdown_super+0xb3/0x370 fs/super.c:448
kill_block_super+0x97/0xf0 fs/super.c:1185
deactivate_locked_super+0x8c/0x100 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1da/0x300 fs/namespace.c:1098
task_work_run+0x141/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x269/0x2c0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x57c/0x670 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448467
Code: 00 00 00 b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d a2 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdc905e478 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000019f89 RCX: 0000000000448467
RDX: 0000000000400cf7 RSI: 0000000000000002 RDI: 00007ffdc905e520
RBP: 0000000000001961 R08: 0000000000000000 R09: 0000000000000009
R10: 0000000000000005 R11: 0000000000000202 R12: 00007ffdc905f580
R13: 0000000001381880 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 29c470143373e70d ]---
RIP: 0010:ext4_getblk+0x470/0x510 fs/ext4/inode.c:981
Code: 01 e8 b4 12 7c ff 4c 89 e7 e8 6c 00 ce ff e9 94 fd ff ff e8 a2 12 7c ff 4c 89 e7 e8 ba 00 ce ff e9 d3 fe ff ff e8 90 12 7c ff <0f> 0b 48 c7 c7 00 c0 a1 89 e8 52 5c c0 01 e8 bd b6 4c ff 48 89 34
RSP: 0018:ffff8880a3e27258 EFLAGS: 00010293
RAX: ffff8880a3d86140 RBX: 0000000000000009 RCX: ffffffff81f5bf31
RDX: 0000000000000000 RSI: ffffffff81f5bfd0 RDI: 0000000000000005
RBP: 1ffff110147c4e4d R08: 0000000000002400 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000021
R13: 0000000000000000 R14: ffff888082ffa5f0 R15: 0000000000000001
FS: 0000000001380880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005589959e3230 CR3: 00000000909cc000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages