Hello,
syzbot found the following issue on:
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=1583176a280000
kernel config:
https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
dashboard link:
https://syzkaller.appspot.com/bug?extid=4b8823967328f40d1f25
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12a31712280000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=13e4796c280000
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/566fb7a68e35/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+4b8823...@syzkaller.appspotmail.com
EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: inode #12: comm syz-executor697: casefold flag without casefold feature
------------[ cut here ]------------
Looking for class "&ea_inode->i_rwsem" with key ext4_fs_type, but found a different class "&type->i_mutex_dir_key" with the same key
WARNING: CPU: 0 PID: 4224 at kernel/locking/lockdep.c:941 look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
Modules linked in:
CPU: 0 PID: 4224 Comm: syz-executor697 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
lr : look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
sp : ffff80001da36d10
x29: ffff80001da36d10 x28: dfff800000000000 x27: 0000000100000000
x26: ffff8000195af780 x25: ffff8000195af000 x24: ffff0000d7dc9b40
x23: ffff8000154e1cc0 x22: 0000000000000000 x21: ffff800015900b39
x20: ffff0000dec67258 x19: ffff8000181ed6c0 x18: 1fffe000368b6776
x17: 0000000000000000 x16: ffff8000120e6354 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff808000081ae818 x10: 0000000000000000 x9 : 2126701d1e4e3500
x8 : 2126701d1e4e3500 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001da365f8 x4 : ffff800015672960 x3 : ffff800008585158
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
look_up_lock_class+0xec/0x158 kernel/locking/lockdep.c:938
register_lock_class+0x90/0x6a8 kernel/locking/lockdep.c:1290
lockdep_init_map_type+0x358/0x7d4 kernel/locking/lockdep.c:4859
ext4_xattr_inode_set_class fs/ext4/xattr.c:126 [inline]
ext4_xattr_inode_iget+0x278/0x4b8 fs/ext4/xattr.c:425
ext4_xattr_inode_get+0x148/0x674 fs/ext4/xattr.c:501
ext4_xattr_move_to_block fs/ext4/xattr.c:2590 [inline]
ext4_xattr_make_inode_space fs/ext4/xattr.c:2692 [inline]
ext4_expand_extra_isize_ea+0xb9c/0x1688 fs/ext4/xattr.c:2784
__ext4_expand_extra_isize+0x290/0x348 fs/ext4/inode.c:5890
ext4_try_to_expand_extra_isize fs/ext4/inode.c:5933 [inline]
__ext4_mark_inode_dirty+0x484/0x8fc fs/ext4/inode.c:6011
ext4_evict_inode+0xb74/0x12cc fs/ext4/inode.c:279
evict+0x260/0x68c fs/inode.c:664
iput_final fs/inode.c:1747 [inline]
iput+0x7c0/0x8a4 fs/inode.c:1773
ext4_process_orphan+0x244/0x2b8 fs/ext4/orphan.c:360
ext4_orphan_cleanup+0x968/0x1140 fs/ext4/orphan.c:474
__ext4_fill_super fs/ext4/super.c:5531 [inline]
ext4_fill_super+0x6f6c/0x75cc fs/ext4/super.c:5659
get_tree_bdev+0x360/0x54c fs/super.c:1346
ext4_get_tree+0x28/0x38 fs/ext4/super.c:5689
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 19271
hardirqs last enabled at (19271): [<ffff80000827b628>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline]
hardirqs last enabled at (19271): [<ffff80000827b628>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5000
hardirqs last disabled at (19270): [<ffff8000121b163c>] __schedule+0x2a4/0x1c98 kernel/sched/core.c:6453
softirqs last enabled at (19242): [<ffff800008020d74>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (19242): [<ffff800008020d74>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (19233): [<ffff80000802a948>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
EXT4-fs warning (device loop0): ext4_xattr_inode_get:511: inode #12: comm syz-executor697: ea_inode file size=60 entry size=6
EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck.
EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: inode #12: comm syz-executor697: casefold flag without casefold feature
EXT4-fs error (device loop0): ext4_do_update_inode:5181: inode #15: comm syz-executor697: corrupted inode contents
EXT4-fs error (device loop0): ext4_dirty_inode:6043: inode #15: comm syz-executor697: mark_inode_dirty error
EXT4-fs error (device loop0): ext4_do_update_inode:5181: inode #15: comm syz-executor697: corrupted inode contents
EXT4-fs error (device loop0): ext4_xattr_delete_inode:2955: inode #15: comm syz-executor697: mark_inode_dirty error
EXT4-fs error (device loop0): ext4_xattr_delete_inode:2958: inode #15: comm syz-executor697: mark inode dirty (error -117)
EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117)
EXT4-fs (loop0): 1
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup