WARNING in ext4_put_io_end_defer
6 views
Skip to first unread message
syzbot
Apr 14, 2019, 5:30:14 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 0cecdf83 BACKPORT, FROMLIST: fscrypt: add Speck128/256 sup..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1205c06f800000
kernel config: https://syzkaller.appspot.com/x/.config?x=6371d3be19f18973
dashboard link: https://syzkaller.appspot.com/bug?extid=9b9d9ecbf2353c92daba
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9b9d9e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11614 at fs/ext4/page-io.c:205 ext4_add_complete_io
fs/ext4/page-io.c:205 [inline]
WARNING: CPU: 0 PID: 11614 at fs/ext4/page-io.c:205
ext4_put_io_end_defer+0x21f/0x2d0 fs/ext4/page-io.c:268
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 11614 Comm: syz-executor7 Not tainted 4.9.103-g0cecdf8 #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801db2077c8 ffffffff81eb34a9 ffffffff83c48b40 00000000ffffffff
0000000000000000 0000000000000000 00000000000000cd ffff8801db207888
ffffffff81421aa5 0000000041b58ab3 ffffffff843b94a8 ffffffff814218e6
Call Trace:
<IRQ> [ 571.884029] [<ffffffff81eb34a9>] __dump_stack
lib/dump_stack.c:15 [inline]
<IRQ> [ 571.884029] [<ffffffff81eb34a9>] dump_stack+0xc1/0x128
lib/dump_stack.c:51
[<ffffffff81421aa5>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff81421d91>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff8113665c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81761ddf>] ext4_add_complete_io fs/ext4/page-io.c:205 [inline]
[<ffffffff81761ddf>] ext4_put_io_end_defer+0x21f/0x2d0
fs/ext4/page-io.c:268
[<ffffffff81761fc6>] ext4_end_bio+0x136/0x460 fs/ext4/page-io.c:324
[<ffffffff81e00142>] bio_endio+0x1a2/0x200 block/bio.c:1781
[<ffffffff81e210b8>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81e210b8>] blk_update_request+0x248/0x9c0 block/blk-core.c:2631
[<ffffffff826dd68d>] scsi_end_request+0x9d/0x5c0
drivers/scsi/scsi_lib.c:606
[<ffffffff826e5fac>] scsi_io_completion+0x27c/0x17f0
drivers/scsi/scsi_lib.c:829
[<ffffffff826c9d0a>] scsi_finish_command+0x3ba/0x530
drivers/scsi/scsi.c:607
[<ffffffff826e49e0>] scsi_softirq_done+0x250/0x360
drivers/scsi/scsi_lib.c:1567
[<ffffffff81e45fa3>] blk_mq_ipi_complete_request block/blk-mq.c:376
[inline]
[<ffffffff81e45fa3>] __blk_mq_complete_request+0x203/0x4a0
block/blk-mq.c:388
[<ffffffff81e462a5>] blk_mq_complete_request+0x65/0x80 block/blk-mq.c:407
[<ffffffff826e0bee>] scsi_mq_done+0xce/0x320 drivers/scsi/scsi_lib.c:1877
[<ffffffff8270b425>] virtscsi_complete_cmd+0x5d5/0x810
drivers/scsi/virtio_scsi.c:212
[<ffffffff82708a2b>] virtscsi_vq_done+0xcb/0x170
drivers/scsi/virtio_scsi.c:230
[<ffffffff82708b77>] virtscsi_req_done+0xa7/0xd0
drivers/scsi/virtio_scsi.c:245
[<ffffffff820f7e1b>] vring_interrupt+0x10b/0x150
drivers/virtio/virtio_ring.c:907
[<ffffffff81263761>] __handle_irq_event_percpu+0xf1/0x7d0
kernel/irq/handle.c:145
[<ffffffff81263eb4>] handle_irq_event_percpu+0x74/0x150
kernel/irq/handle.c:185
[<ffffffff81264037>] handle_irq_event+0xa7/0x140 kernel/irq/handle.c:202
[<ffffffff8126e2ef>] handle_edge_irq+0x1ff/0x900 kernel/irq/chip.c:665
[<ffffffff81059a04>] generic_handle_irq_desc include/linux/irqdesc.h:150
[inline]
[<ffffffff81059a04>] handle_irq+0x254/0x3a0 arch/x86/kernel/irq_64.c:76
[<ffffffff839fa879>] do_IRQ+0x89/0x1c0 arch/x86/kernel/irq.c:239
[<ffffffff839f8920>] common_interrupt+0xa0/0xa0
arch/x86/entry/entry_64.S:461
<EOI> [ 572.161059] [<ffffffff8123aff3>] ? arch_local_irq_restore
arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> [ 572.161059] [<ffffffff8123aff3>] ? lock_acquire+0x173/0x3e0
kernel/locking/lockdep.c:3759
[<ffffffff839f73b6>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff839f73b6>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff81e4baaf>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff81e4baaf>] blk_mq_insert_requests+0x16f/0x900 block/blk-mq.c:1071
[<ffffffff81e4fd3d>] blk_mq_flush_plug_list+0x3bd/0x520 block/blk-mq.c:1138
[<ffffffff81e26102>] blk_flush_plug_list+0x292/0x860 block/blk-core.c:3263
[<ffffffff81e27328>] blk_finish_plug+0x58/0xb0 block/blk-core.c:3327
[<ffffffff8164241f>] do_blockdev_direct_IO+0x26df/0x5a80
fs/direct-io.c:1303
[<ffffffff81645865>] __blockdev_direct_IO+0xa5/0xd0 fs/direct-io.c:1360
[<ffffffff817586e8>] ext4_direct_IO_write fs/ext4/inode.c:3519 [inline]
[<ffffffff817586e8>] ext4_direct_IO+0x978/0x29a0 fs/ext4/inode.c:3675
[<ffffffff8143d294>] generic_file_direct_write+0x284/0x510
mm/filemap.c:2642
[<ffffffff8143d73f>] __generic_file_write_iter+0x21f/0x540
mm/filemap.c:2822
[<ffffffff8172c553>] ext4_file_write_iter+0x463/0xd90 fs/ext4/file.c:165
[<ffffffff81570290>] vfs_iter_write+0x2e0/0x460 fs/read_write.c:390
[<ffffffff816170db>] iter_file_splice_write+0x5fb/0xb30 fs/splice.c:768
[<ffffffff81612148>] do_splice_from fs/splice.c:870 [inline]
[<ffffffff81612148>] direct_splice_actor+0x128/0x190 fs/splice.c:1037
[<ffffffff81613491>] splice_direct_to_actor+0x2c1/0x7e0 fs/splice.c:992
[<ffffffff81613b53>] do_splice_direct+0x1a3/0x270 fs/splice.c:1080
[<ffffffff81575160>] do_sendfile+0x4f0/0xc60 fs/read_write.c:1393
[<ffffffff815771e1>] SYSC_sendfile64 fs/read_write.c:1448 [inline]
[<ffffffff815771e1>] SyS_sendfile64+0xd1/0x160 fs/read_write.c:1440
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f8013>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Shutting down cpus with NMI
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 0cecdf83 BACKPORT, FROMLIST: fscrypt: add Speck128/256 sup..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1205c06f800000
kernel config: https://syzkaller.appspot.com/x/.config?x=6371d3be19f18973
dashboard link: https://syzkaller.appspot.com/bug?extid=9b9d9ecbf2353c92daba
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9b9d9e...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 11614 at fs/ext4/page-io.c:205 ext4_add_complete_io
fs/ext4/page-io.c:205 [inline]
WARNING: CPU: 0 PID: 11614 at fs/ext4/page-io.c:205
ext4_put_io_end_defer+0x21f/0x2d0 fs/ext4/page-io.c:268
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 11614 Comm: syz-executor7 Not tainted 4.9.103-g0cecdf8 #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801db2077c8 ffffffff81eb34a9 ffffffff83c48b40 00000000ffffffff
0000000000000000 0000000000000000 00000000000000cd ffff8801db207888
ffffffff81421aa5 0000000041b58ab3 ffffffff843b94a8 ffffffff814218e6
Call Trace:
<IRQ> [ 571.884029] [<ffffffff81eb34a9>] __dump_stack
lib/dump_stack.c:15 [inline]
<IRQ> [ 571.884029] [<ffffffff81eb34a9>] dump_stack+0xc1/0x128
lib/dump_stack.c:51
[<ffffffff81421aa5>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff81421d91>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff8113665c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81761ddf>] ext4_add_complete_io fs/ext4/page-io.c:205 [inline]
[<ffffffff81761ddf>] ext4_put_io_end_defer+0x21f/0x2d0
fs/ext4/page-io.c:268
[<ffffffff81761fc6>] ext4_end_bio+0x136/0x460 fs/ext4/page-io.c:324
[<ffffffff81e00142>] bio_endio+0x1a2/0x200 block/bio.c:1781
[<ffffffff81e210b8>] req_bio_endio block/blk-core.c:157 [inline]
[<ffffffff81e210b8>] blk_update_request+0x248/0x9c0 block/blk-core.c:2631
[<ffffffff826dd68d>] scsi_end_request+0x9d/0x5c0
drivers/scsi/scsi_lib.c:606
[<ffffffff826e5fac>] scsi_io_completion+0x27c/0x17f0
drivers/scsi/scsi_lib.c:829
[<ffffffff826c9d0a>] scsi_finish_command+0x3ba/0x530
drivers/scsi/scsi.c:607
[<ffffffff826e49e0>] scsi_softirq_done+0x250/0x360
drivers/scsi/scsi_lib.c:1567
[<ffffffff81e45fa3>] blk_mq_ipi_complete_request block/blk-mq.c:376
[inline]
[<ffffffff81e45fa3>] __blk_mq_complete_request+0x203/0x4a0
block/blk-mq.c:388
[<ffffffff81e462a5>] blk_mq_complete_request+0x65/0x80 block/blk-mq.c:407
[<ffffffff826e0bee>] scsi_mq_done+0xce/0x320 drivers/scsi/scsi_lib.c:1877
[<ffffffff8270b425>] virtscsi_complete_cmd+0x5d5/0x810
drivers/scsi/virtio_scsi.c:212
[<ffffffff82708a2b>] virtscsi_vq_done+0xcb/0x170
drivers/scsi/virtio_scsi.c:230
[<ffffffff82708b77>] virtscsi_req_done+0xa7/0xd0
drivers/scsi/virtio_scsi.c:245
[<ffffffff820f7e1b>] vring_interrupt+0x10b/0x150
drivers/virtio/virtio_ring.c:907
[<ffffffff81263761>] __handle_irq_event_percpu+0xf1/0x7d0
kernel/irq/handle.c:145
[<ffffffff81263eb4>] handle_irq_event_percpu+0x74/0x150
kernel/irq/handle.c:185
[<ffffffff81264037>] handle_irq_event+0xa7/0x140 kernel/irq/handle.c:202
[<ffffffff8126e2ef>] handle_edge_irq+0x1ff/0x900 kernel/irq/chip.c:665
[<ffffffff81059a04>] generic_handle_irq_desc include/linux/irqdesc.h:150
[inline]
[<ffffffff81059a04>] handle_irq+0x254/0x3a0 arch/x86/kernel/irq_64.c:76
[<ffffffff839fa879>] do_IRQ+0x89/0x1c0 arch/x86/kernel/irq.c:239
[<ffffffff839f8920>] common_interrupt+0xa0/0xa0
arch/x86/entry/entry_64.S:461
<EOI> [ 572.161059] [<ffffffff8123aff3>] ? arch_local_irq_restore
arch/x86/include/asm/paravirt.h:768 [inline]
<EOI> [ 572.161059] [<ffffffff8123aff3>] ? lock_acquire+0x173/0x3e0
kernel/locking/lockdep.c:3759
[<ffffffff839f73b6>] __raw_spin_lock include/linux/spinlock_api_smp.h:144
[inline]
[<ffffffff839f73b6>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
[<ffffffff81e4baaf>] spin_lock include/linux/spinlock.h:302 [inline]
[<ffffffff81e4baaf>] blk_mq_insert_requests+0x16f/0x900 block/blk-mq.c:1071
[<ffffffff81e4fd3d>] blk_mq_flush_plug_list+0x3bd/0x520 block/blk-mq.c:1138
[<ffffffff81e26102>] blk_flush_plug_list+0x292/0x860 block/blk-core.c:3263
[<ffffffff81e27328>] blk_finish_plug+0x58/0xb0 block/blk-core.c:3327
[<ffffffff8164241f>] do_blockdev_direct_IO+0x26df/0x5a80
fs/direct-io.c:1303
[<ffffffff81645865>] __blockdev_direct_IO+0xa5/0xd0 fs/direct-io.c:1360
[<ffffffff817586e8>] ext4_direct_IO_write fs/ext4/inode.c:3519 [inline]
[<ffffffff817586e8>] ext4_direct_IO+0x978/0x29a0 fs/ext4/inode.c:3675
[<ffffffff8143d294>] generic_file_direct_write+0x284/0x510
mm/filemap.c:2642
[<ffffffff8143d73f>] __generic_file_write_iter+0x21f/0x540
mm/filemap.c:2822
[<ffffffff8172c553>] ext4_file_write_iter+0x463/0xd90 fs/ext4/file.c:165
[<ffffffff81570290>] vfs_iter_write+0x2e0/0x460 fs/read_write.c:390
[<ffffffff816170db>] iter_file_splice_write+0x5fb/0xb30 fs/splice.c:768
[<ffffffff81612148>] do_splice_from fs/splice.c:870 [inline]
[<ffffffff81612148>] direct_splice_actor+0x128/0x190 fs/splice.c:1037
[<ffffffff81613491>] splice_direct_to_actor+0x2c1/0x7e0 fs/splice.c:992
[<ffffffff81613b53>] do_splice_direct+0x1a3/0x270 fs/splice.c:1080
[<ffffffff81575160>] do_sendfile+0x4f0/0xc60 fs/read_write.c:1393
[<ffffffff815771e1>] SYSC_sendfile64 fs/read_write.c:1448 [inline]
[<ffffffff815771e1>] SyS_sendfile64+0xd1/0x160 fs/read_write.c:1440
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f8013>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Shutting down cpus with NMI
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 28, 2019, 5:31:04 AM4/28/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages