syzbot

 sign-in | mailing list | source | docs
🐞 Open [106] 🐞 Fixed [1] 🐞 Invalid [166] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in __mark_inode_dirty (2)

Status: public: reported syz repro on 2019/09/26 21:43
Reported-by: syzbot+cb0492d5a9ccc9afad75@syzkaller.appspotmail.com
First crash: 1528d, last: 1467d
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __mark_inode_dirty fs 1 2206d 2202d 0/25 closed as invalid on 2018/02/13 19:14
upstream WARNING in __mark_inode_dirty (2) fs 1 1986d 1986d 0/25 auto-closed as invalid on 2019/02/22 10:29
linux-4.14 WARNING in __mark_inode_dirty 3 1380d 1421d 0/1 auto-closed as invalid on 2020/06/21 10:48
linux-4.14 WARNING in __mark_inode_dirty (2) 5 1003d 1229d 0/1 auto-closed as invalid on 2021/07/03 15:16
android-414 WARNING in __mark_inode_dirty 11 1763d 1695d 0/1 auto-closed as invalid on 2019/08/03 08:11

Sample crash report:
audit: type=1400 audit(1569532441.939:9): avc:  denied  { map } for  pid=1788 comm="syz-execprog" path="/root/syzkaller-shm097800402" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
bdi-block not registered
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2695 at fs/fs-writeback.c:2204 __mark_inode_dirty.cold+0x2f/0x42 fs/fs-writeback.c:2204
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 2695 Comm: syz-executor.4 Not tainted 4.14.146+ #0
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xca/0x134 lib/dump_stack.c:53
 panic+0x1ea/0x3d3 kernel/panic.c:182
 __warn.cold+0x2f/0x3a kernel/panic.c:546
 report_bug+0x20a/0x248 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bf/0x2d0 arch/x86/kernel/traps.c:295
 invalid_op+0x18/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:__mark_inode_dirty.cold+0x2f/0x42 fs/fs-writeback.c:2204
RSP: 0018:ffff8881d315f448 EFLAGS: 00010286
RAX: 0000000000000018 RBX: ffff8881da417a58 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffffb8669f80 RDI: ffffed103a62be7b
RBP: ffff8881d9378000 R08: 0000000000000018 R09: ffffed103b764ce9
R10: ffffed103b764ce8 R11: ffff8881dbb26747 R12: ffff8881d9378058
R13: ffff8881da417b30 R14: ffff8881d93780b0 R15: ffff8881d9378000
 mark_buffer_dirty+0x258/0x490 fs/buffer.c:1177
 __block_commit_write.isra.0+0x138/0x210 fs/buffer.c:2100
 block_write_end+0x42/0xf0 fs/buffer.c:2178
 blkdev_write_end+0x3c/0x130 fs/block_dev.c:620
 generic_perform_write+0x281/0x460 mm/filemap.c:3143
 __generic_file_write_iter+0x32e/0x550 mm/filemap.c:3257
 blkdev_write_iter fs/block_dev.c:1914 [inline]
 blkdev_write_iter+0x1fb/0x3d0 fs/block_dev.c:1891
 call_write_iter include/linux/fs.h:1788 [inline]
 do_iter_readv_writev+0x379/0x580 fs/read_write.c:679
 do_iter_write fs/read_write.c:958 [inline]
 do_iter_write+0x152/0x550 fs/read_write.c:939
 vfs_iter_write+0x70/0xa0 fs/read_write.c:971
 iter_file_splice_write+0x560/0xa50 fs/splice.c:749
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x118/0x160 fs/splice.c:1018
 splice_direct_to_actor+0x292/0x760 fs/splice.c:973
 do_splice_direct+0x177/0x240 fs/splice.c:1061
 do_sendfile+0x493/0xb20 fs/read_write.c:1445
 SYSC_sendfile64 fs/read_write.c:1506 [inline]
 SyS_sendfile64+0x11f/0x140 fs/read_write.c:1492
 do_syscall_64+0x19b/0x520 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459a29
RSP: 002b:00007fe0f2705c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a29
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0020000102000007 R11: 0000000000000246 R12: 00007fe0f27066d4
R13: 00000000004c720a R14: 00000000004dca00 R15: 00000000ffffffff
Kernel Offset: 0x35800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/26 21:32 android-4.14 d649ef04c3ed 2f1548bc .config console log report syz ci-android-414-kasan-gce-root
2019/11/27 01:58 android-4.14 f9b4ab5c8e99 1048481f .config console log report ci-android-414-kasan-gce-root
2019/11/20 10:57 android-4.14 460dc7c31cef f4b7ed07 .config console log report ci-android-414-kasan-gce-root
2019/11/17 21:51 android-4.14 460dc7c31cef d5696d51 .config console log report ci-android-414-kasan-gce-root
2019/11/08 15:21 android-4.14 f40abacc8ac0 1e35461e .config console log report ci-android-414-kasan-gce-root
2019/10/06 12:46 android-4.14 ed203b32ee7e f3f7d9c8 .config console log report ci-android-414-kasan-gce-root
2019/09/26 20:43 android-4.14 d649ef04c3ed 2f1548bc .config console log report ci-android-414-kasan-gce-root
* Struck through repros no longer work on HEAD.