syzbot


BUG: sleeping function called from invalid context in ext4_superblock_csum_set

Status: fixed on 2020/12/05 10:30
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+7a4ba6a239b91a126c28@syzkaller.appspotmail.com
Fix commit: d196e229a80c Revert "ext4: fix superblock checksum calculation race"
First crash: 1469d, last: 1460d
Discussions (2)
Title Replies (including bot) Last reply
Re: BUG: sleeping function called from invalid context in ext4_superblock_csum_set 2 (2) 2020/11/11 14:31
BUG: sleeping function called from invalid context in ext4_superblock_csum_set 0 (1) 2020/11/01 23:24

Sample crash report:
EXT4-fs error (device sda1): mb_free_blocks:1506: group 7, inode 16815: block 247840:freeing already freed block (bit 18464); block bitmap corrupt.
BUG: sleeping function called from invalid context at include/linux/buffer_head.h:364
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14519, name: syz-executor.3
5 locks held by syz-executor.3/14519:
 #0: ffff88801b516460 (sb_writers#6){.+.+}-{0:0}, at: sb_start_write include/linux/fs.h:1648 [inline]
 #0: ffff88801b516460 (sb_writers#6){.+.+}-{0:0}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:354
 #1: ffff888023a22488 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:774 [inline]
 #1: ffff888023a22488 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: do_truncate+0x125/0x1f0 fs/open.c:62
 #2: ffff888023a22310 (&ei->i_mmap_sem){++++}-{3:3}, at: ext4_setattr+0xdde/0x1ff0 fs/ext4/inode.c:5417
 #3: ffff888023a22278 (&ei->i_data_sem){++++}-{3:3}, at: ext4_truncate+0x787/0x1420 fs/ext4/inode.c:4248
 #4: ffff8880169d61d8 (&bgl->locks[i].lock){+.+.}-{2:2}, at: spin_trylock include/linux/spinlock.h:364 [inline]
 #4: ffff8880169d61d8 (&bgl->locks[i].lock){+.+.}-{2:2}, at: ext4_lock_group+0x71/0x240 fs/ext4/ext4.h:3314
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 3 PID: 14519 Comm: syz-executor.3 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:118
 ___might_sleep.cold+0x1e8/0x22e kernel/sched/core.c:7298
 lock_buffer include/linux/buffer_head.h:364 [inline]
 ext4_superblock_csum_set+0x164/0x3c0 fs/ext4/super.c:301
 ext4_commit_super+0x611/0xc50 fs/ext4/super.c:5536
 __ext4_grp_locked_error+0x4c9/0x570 fs/ext4/super.c:1017
 mb_free_blocks+0xb59/0x15f0 fs/ext4/mballoc.c:1506
 ext4_mb_release_inode_pa.isra.0+0x310/0xca0 fs/ext4/mballoc.c:4177
 ext4_discard_preallocations+0x6c5/0xe90 fs/ext4/mballoc.c:4441
 ext4_truncate+0x791/0x1420 fs/ext4/inode.c:4250
 ext4_setattr+0x133c/0x1ff0 fs/ext4/inode.c:5492
 notify_change+0xb60/0x10a0 fs/attr.c:336
 do_truncate+0x134/0x1f0 fs/open.c:64
 handle_truncate fs/namei.c:2910 [inline]
 do_open fs/namei.c:3256 [inline]
 path_openat+0x2054/0x2730 fs/namei.c:3369
 do_filp_open+0x17e/0x3c0 fs/namei.c:3396
 do_sys_openat2+0x16d/0x420 fs/open.c:1168
 do_sys_open fs/open.c:1184 [inline]
 __do_sys_creat fs/open.c:1258 [inline]
 __se_sys_creat fs/open.c:1252 [inline]
 __x64_sys_creat+0xc9/0x120 fs/open.c:1252
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45da59
Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fa51c6f2c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00000000006f4da0 RCX: 000000000045da59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00000000004aab8b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf00
R13: 00007fff8f7aa59f R14: 00007fa51c6d3000 R15: 0000000000000003
EXT4-fs error (device sda1): ext4_mb_generate_buddy:802: group 7, block bitmap and bg descriptor inconsistent: 16341 vs 16350 free clusters
EXT4-fs (sda1): pa 0000000066a85796: logic 32768, phys. 247808, len 2048
EXT4-fs error (device sda1): ext4_mb_release_inode_pa:4186: group 7, free 2016, pa_free 2007

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/07 21:38 upstream af6e7de0c7d1 64069d48 .config console log report info ci-qemu-upstream
2020/10/28 23:17 upstream ed8780e3f2ec f24824d3 .config console log report info ci-qemu-upstream
* Struck through repros no longer work on HEAD.