[v6.1] WARNING: locking bug in ext4_move_extents
7 views
Skip to first unread message
syzbot
Jun 9, 2023, 7:44:02 AM6/9/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2f3918bc53fb Linux 6.1.33
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=100e00d9280000
kernel config: https://syzkaller.appspot.com/x/.config?x=668ab7dd51e152ad
dashboard link: https://syzkaller.appspot.com/bug?extid=d4200fc83fa03a684c6e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/148750653b59/disk-2f3918bc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f86efd682b25/vmlinux-2f3918bc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/483386a4e270/bzImage-2f3918bc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4200f...@syzkaller.appspotmail.com
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.782, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 0 PID: 14018 at kernel/locking/lockdep.c:941 look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 0 PID: 14018 Comm: syz-executor.4 Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Code: 8b 16 48 c7 c0 20 a1 14 90 48 39 c2 74 46 f6 05 13 dc bb 03 01 75 3d c6 05 0a dc bb 03 01 48 c7 c7 40 f2 eb 8a e8 6e fe ce f6 <0f> 0b eb 26 e8 75 ba ad f9 48 c7 c7 80 f1 eb 8a 89 de e8 a0 f1 fd
RSP: 0018:ffffc90004c5f430 EFLAGS: 00010046
RAX: da6a44099fa51300 RBX: ffffffff8fffb4e0 RCX: 0000000000040000
RDX: ffffc90006876000 RSI: 00000000000062b8 RDI: 00000000000062b9
RBP: ffffc90004c5f530 R08: ffffffff81524d5e R09: ffffed1017304f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff9200098be94 R14: ffff88804a6b34b0 R15: ffffffff91c0f521
FS: 00007f7fb2578700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32b2c000 CR3: 000000001fa80000 CR4: 00000000003506f0
Call Trace:
<TASK>
register_lock_class+0x100/0x990 kernel/locking/lockdep.c:1290
__lock_acquire+0xd3/0x1f80 kernel/locking/lockdep.c:4935
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5669
down_write_nested+0x39/0x60 kernel/locking/rwsem.c:1689
ext4_move_extents+0x379/0xe40 fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:1355 [inline]
ext4_ioctl+0x3ae7/0x5f70 fs/ext4/ioctl.c:1611
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7fb188c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7fb2578168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7fb19abf80 RCX: 00007f7fb188c169
RDX: 0000000020000080 RSI: 00000000c028660f RDI: 0000000000000004
RBP: 00007f7fb18e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5ff595ff R14: 00007f7fb2578300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 2f3918bc53fb Linux 6.1.33
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=100e00d9280000
kernel config: https://syzkaller.appspot.com/x/.config?x=668ab7dd51e152ad
dashboard link: https://syzkaller.appspot.com/bug?extid=d4200fc83fa03a684c6e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/148750653b59/disk-2f3918bc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f86efd682b25/vmlinux-2f3918bc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/483386a4e270/bzImage-2f3918bc.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4200f...@syzkaller.appspotmail.com
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.782, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 0 PID: 14018 at kernel/locking/lockdep.c:941 look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 0 PID: 14018 Comm: syz-executor.4 Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xc2/0x140 kernel/locking/lockdep.c:938
Code: 8b 16 48 c7 c0 20 a1 14 90 48 39 c2 74 46 f6 05 13 dc bb 03 01 75 3d c6 05 0a dc bb 03 01 48 c7 c7 40 f2 eb 8a e8 6e fe ce f6 <0f> 0b eb 26 e8 75 ba ad f9 48 c7 c7 80 f1 eb 8a 89 de e8 a0 f1 fd
RSP: 0018:ffffc90004c5f430 EFLAGS: 00010046
RAX: da6a44099fa51300 RBX: ffffffff8fffb4e0 RCX: 0000000000040000
RDX: ffffc90006876000 RSI: 00000000000062b8 RDI: 00000000000062b9
RBP: ffffc90004c5f530 R08: ffffffff81524d5e R09: ffffed1017304f1c
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff9200098be94 R14: ffff88804a6b34b0 R15: ffffffff91c0f521
FS: 00007f7fb2578700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32b2c000 CR3: 000000001fa80000 CR4: 00000000003506f0
Call Trace:
<TASK>
register_lock_class+0x100/0x990 kernel/locking/lockdep.c:1290
__lock_acquire+0xd3/0x1f80 kernel/locking/lockdep.c:4935
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5669
down_write_nested+0x39/0x60 kernel/locking/rwsem.c:1689
ext4_move_extents+0x379/0xe40 fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:1355 [inline]
ext4_ioctl+0x3ae7/0x5f70 fs/ext4/ioctl.c:1611
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7fb188c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7fb2578168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f7fb19abf80 RCX: 00007f7fb188c169
RDX: 0000000020000080 RSI: 00000000c028660f RDI: 0000000000000004
RBP: 00007f7fb18e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5ff595ff R14: 00007f7fb2578300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 9, 2023, 12:42:01 PM6/9/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7349e40704a0 Linux 5.15.116
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14781fa5280000
kernel config: https://syzkaller.appspot.com/x/.config?x=831c3122ac9c9145
dashboard link: https://syzkaller.appspot.com/bug?extid=b41ace86a3cfc6471c6e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8c03c3ad4501/disk-7349e407.raw.xz
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/350c3d79bc87/vmlinux-7349e407.xz
kernel image: https://storage.googleapis.com/syzbot-assets/73a4ed3d5438/bzImage-7349e407.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 22771 at kernel/locking/lockdep.c:896 look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Modules linked in:
CPU: 0 PID: 22771 Comm: syz-executor.4 Not tainted 5.15.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:look_up_lock_class+0xa0/0x120 kernel/locking/lockdep.c:895
Code: 00 48 85 db 74 4c 4c 39 7b 40 74 05 48 8b 1b eb eb 48 8b 83 b0 00 00 00 49 3b 46 18 74 36 48 c7 c0 00 b0 a8 8f 49 39 06 74 2a <0f> 0b eb 26 e8 e7 15 e8 f9 48 c7 c7 60 1d 8b 8a 89 de e8 a2 d5 fe
RSP: 0018:ffffc9000310f4b0 EFLAGS: 00010002
RAX: ffffffff8fa8b000 RBX: ffffffff8f942a80 RCX: ffff88804edb8000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880752b2a58
RBP: ffffc9000310f5b0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: 1ffff92000621ea4 R14: ffff8880752b2a58 R15: ffffffff914eb081
FS: 00007f26395ba700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f729000 CR3: 00000000741f2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
register_lock_class+0x100/0x9a0 kernel/locking/lockdep.c:1245
__lock_acquire+0xd7/0x1ff0 kernel/locking/lockdep.c:4890
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5622
down_write_nested+0xa0/0x180 kernel/locking/rwsem.c:1657
ext4_move_extents+0x395/0xed0 fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:987 [inline]
ext4_ioctl+0x2ff5/0x5b60 fs/ext4/ioctl.c:1273
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
RIP: 0033:0x7f263b0ab169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f26395ba168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f263b1cb1f0 RCX: 00007f263b0ab169
RDX: 0000000020000080 RSI: 00000000c028660f RDI: 0000000000000007
RBP: 00007f263b106ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd44701a9f R14: 00007f26395ba300 R15: 0000000000022000
syzbot
Jun 10, 2023, 9:16:54 PM6/10/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2f3918bc53fb Linux 6.1.33
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=140e6d43280000
kernel config: https://syzkaller.appspot.com/x/.config?x=64e29382e385f1b9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13fc5c53280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10f18d2d280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f180a77b248f/disk-2f3918bc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/582d3206652e/vmlinux-2f3918bc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/20934119e0f6/Image-2f3918bc.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/6f13d01c3fd0/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4200f...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.777, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 1 PID: 4446 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 1 PID: 4446 Comm: syz-executor822 Not tainted 6.1.33-syzkaller #0
pc : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
lr : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
sp : ffff80001dd77060
x29: ffff80001dd77060 x28: dfff800000000000 x27: ffff800008e9fc94
x26: ffff8000195e37e0 x25: ffff8000195e3000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff800019778441
x20: ffff0000e24548c0 x19: ffff800018232680 x18: 1ffff00003baeefc
x17: 0000000000000000 x16: ffff800012102bf4 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081af018 x10: 0000000000000000 x9 : 54889cb975f44c00
x8 : 54889cb975f44c00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dd76958 x4 : ffff8000156a2a40 x3 : ffff8000085879f4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
register_lock_class+0x90/0x6a8 kernel/locking/lockdep.c:1290
__lock_acquire+0x184/0x764c kernel/locking/lockdep.c:4935
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write_nested+0x64/0x94 kernel/locking/rwsem.c:1689
ext4_double_down_write_data_sem+0x3c/0x4c
ext4_move_extents+0x2b0/0xb44 fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:1355 [inline]
ext4_ioctl+0x3ed4/0x6ad0 fs/ext4/ioctl.c:1611
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 4963
hardirqs last enabled at (4963): [<ffff80000896dd24>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (4962): [<ffff80000896dce4>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:215
softirqs last enabled at (4754): [<ffff800008032bc0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (4752): [<ffff800008032b8c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 2f3918bc53fb Linux 6.1.33
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=64e29382e385f1b9
dashboard link: https://syzkaller.appspot.com/bug?extid=d4200fc83fa03a684c6e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13fc5c53280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10f18d2d280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f180a77b248f/disk-2f3918bc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/582d3206652e/vmlinux-2f3918bc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/20934119e0f6/Image-2f3918bc.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/6f13d01c3fd0/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4200f...@syzkaller.appspotmail.com
------------[ cut here ]------------
Looking for class "&ei->i_data_sem" with key init_once.__key.777, but found a different class "&ei->i_data_sem" with the same key
WARNING: CPU: 1 PID: 4446 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 1 PID: 4446 Comm: syz-executor822 Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
lr : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
sp : ffff80001dd77060
x29: ffff80001dd77060 x28: dfff800000000000 x27: ffff800008e9fc94
x26: ffff8000195e37e0 x25: ffff8000195e3000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff800019778441
x20: ffff0000e24548c0 x19: ffff800018232680 x18: 1ffff00003baeefc
x17: 0000000000000000 x16: ffff800012102bf4 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081af018 x10: 0000000000000000 x9 : 54889cb975f44c00
x8 : 54889cb975f44c00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001dd76958 x4 : ffff8000156a2a40 x3 : ffff8000085879f4
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
register_lock_class+0x90/0x6a8 kernel/locking/lockdep.c:1290
__lock_acquire+0x184/0x764c kernel/locking/lockdep.c:4935
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
down_write_nested+0x64/0x94 kernel/locking/rwsem.c:1689
ext4_double_down_write_data_sem+0x3c/0x4c
ext4_move_extents+0x2b0/0xb44 fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:1355 [inline]
ext4_ioctl+0x3ed4/0x6ad0 fs/ext4/ioctl.c:1611
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 4963
hardirqs last enabled at (4963): [<ffff80000896dd24>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (4962): [<ffff80000896dce4>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:215
softirqs last enabled at (4754): [<ffff800008032bc0>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (4752): [<ffff800008032b8c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jun 11, 2023, 2:49:53 PM6/11/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7349e40704a0 Linux 5.15.116
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14102465280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f650a0601dbf525d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e7d1fd280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16092f95280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eec1263e4f05/disk-7349e407.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/833d6ae016fd/vmlinux-7349e407.xz
kernel image: https://storage.googleapis.com/syzbot-assets/da142afba386/Image-7349e407.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a19fd17f58c9/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b41ace...@syzkaller.appspotmail.com
WARNING: CPU: 1 PID: 4189 at kernel/locking/lockdep.c:896 look_up_lock_class+0x134/0x13c
Modules linked in:
CPU: 1 PID: 4189 Comm: syz-executor415 Not tainted 5.15.116-syzkaller #0
pc : look_up_lock_class+0x134/0x13c
lr : look_up_lock_class+0x74/0x13c
sp : ffff80001cb770c0
x29: ffff80001cb770c0 x28: dfff800000000000 x27: 0000000000000001
x26: ffff8000183e0d20 x25: ffff8000183e0000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff80001850a661
x20: ffff0000dec03e48 x19: ffff80001702f6c0 x18: 0000000000000000
x17: ff80800008d99ebc x16: ffff8000082ea840 x15: 00000000200000c0
x14: 1ffff0000291e06a x13: ffff80001cb77280 x12: dfff800000000000
x11: ffff8000082ede34 x10: ffff8000148f034c x9 : ffff8000171a7d00
x8 : ffff80001850a660 x7 : ffff800008dd4918 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000001
Call trace:
look_up_lock_class+0x134/0x13c
register_lock_class+0x90/0x6a4 kernel/locking/lockdep.c:1245
__lock_acquire+0x184/0x7620 kernel/locking/lockdep.c:4890
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write_nested+0x118/0x26c kernel/locking/rwsem.c:1657
ext4_double_down_write_data_sem+0x3c/0x4c
ext4_move_extents+0x2b0/0xb6c fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:987 [inline]
ext4_ioctl+0x3314/0x6190 fs/ext4/ioctl.c:1273
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 5001
hardirqs last enabled at (5001): [<ffff8000088c87b4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (5000): [<ffff8000088c8774>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:204
softirqs last enabled at (3432): [<ffff8000080300b4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (3430): [<ffff800008030080>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace fb7d2b085bfb62d9 ]---
HEAD commit: 7349e40704a0 Linux 5.15.116
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f650a0601dbf525d
dashboard link: https://syzkaller.appspot.com/bug?extid=b41ace86a3cfc6471c6e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e7d1fd280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16092f95280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/eec1263e4f05/disk-7349e407.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/833d6ae016fd/vmlinux-7349e407.xz
kernel image: https://storage.googleapis.com/syzbot-assets/da142afba386/Image-7349e407.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a19fd17f58c9/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b41ace...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 512
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4189 at kernel/locking/lockdep.c:896 look_up_lock_class+0x134/0x13c
Modules linked in:
CPU: 1 PID: 4189 Comm: syz-executor415 Not tainted 5.15.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : look_up_lock_class+0x134/0x13c
lr : look_up_lock_class+0x74/0x13c
sp : ffff80001cb770c0
x29: ffff80001cb770c0 x28: dfff800000000000 x27: 0000000000000001
x26: ffff8000183e0d20 x25: ffff8000183e0000 x24: 0000000000000000
x23: 0000000000000000 x22: 0000000000000000 x21: ffff80001850a661
x20: ffff0000dec03e48 x19: ffff80001702f6c0 x18: 0000000000000000
x17: ff80800008d99ebc x16: ffff8000082ea840 x15: 00000000200000c0
x14: 1ffff0000291e06a x13: ffff80001cb77280 x12: dfff800000000000
x11: ffff8000082ede34 x10: ffff8000148f034c x9 : ffff8000171a7d00
x8 : ffff80001850a660 x7 : ffff800008dd4918 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000001
Call trace:
look_up_lock_class+0x134/0x13c
register_lock_class+0x90/0x6a4 kernel/locking/lockdep.c:1245
__lock_acquire+0x184/0x7620 kernel/locking/lockdep.c:4890
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
down_write_nested+0x118/0x26c kernel/locking/rwsem.c:1657
ext4_double_down_write_data_sem+0x3c/0x4c
ext4_move_extents+0x2b0/0xb6c fs/ext4/move_extent.c:610
__ext4_ioctl fs/ext4/ioctl.c:987 [inline]
ext4_ioctl+0x3314/0x6190 fs/ext4/ioctl.c:1273
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl fs/ioctl.c:860 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:860
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 5001
hardirqs last enabled at (5001): [<ffff8000088c87b4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (5000): [<ffff8000088c8774>] kasan_quarantine_put+0x9c/0x204 mm/kasan/quarantine.c:204
softirqs last enabled at (3432): [<ffff8000080300b4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (3430): [<ffff800008030080>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace fb7d2b085bfb62d9 ]---
Reply all
Reply to author
Forward
0 new messages