syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG at fs/ext4/fsync.c:LINE!

Status: public: reported C repro on 2019/04/14 08:51
Reported-by: syzbot+43f100a7b0d7527cc7e0@syzkaller.appspotmail.com
First crash: 1937d, last: 1698d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 kernel BUG at fs/ext4/fsync.c:LINE! C 1 1796d 1796d 0/2 public: reported C repro on 2019/05/24 08:47

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: crng init done
------------[ cut here ]------------
kernel BUG at fs/ext4/fsync.c:103!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 2080 Comm: syz-executor138 Not tainted 4.9.148+ #1
task: ffff8801cf2b2f80 task.stack: ffff8801cef58000
RIP: 0010:[<ffffffff816b8b98>]  [<ffffffff816b8b98>] ext4_sync_file+0x7f8/0x10a0 fs/ext4/fsync.c:103
RSP: 0018:ffff8801db707af0  EFLAGS: 00010206
RAX: ffff8801cf2b2f80 RBX: ffff8801ca73ca80 RCX: dffffc0000000000
RDX: 0000000000000100 RSI: ffffffff816b8b98 RDI: ffff8801cf2b3fb8
RBP: ffff8801db707b38 R08: 0000000000000000 R09: ffff8801cf2b3878
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801cf1f5800
R13: ffff8801ca73caa8 R14: ffff8801d5cdd500 R15: 0000000000000000
FS:  0000000001b63880(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000021000000 CR3: 00000001cf358000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801ca73cb58 000000000000ffff 0000000000000000 ffff880100000001
 ffffffff816b83a0 ffff8801cf1f5800 0000000000000001 0000000000000000
 000000000000ffff ffff8801db707b88 ffffffff815b37f1 e9e627954b055420
Call Trace:
 <IRQ> 
 [<ffffffff815b37f1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815cf916>] generic_write_sync include/linux/fs.h:2609 [inline]
 [<ffffffff815cf916>] dio_complete+0x376/0x6e0 fs/direct-io.c:282
 [<ffffffff815cfda4>] dio_bio_end_aio+0x124/0x390 fs/direct-io.c:323
 [<ffffffff81ab817d>] bio_endio+0x1ad/0x200 block/bio.c:1781
 [<ffffffff81ad869e>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81ad869e>] blk_update_request+0x24e/0x9d0 block/blk-core.c:2628
 [<ffffffff81e1cbcc>] scsi_end_request+0x9c/0x5c0 drivers/scsi/scsi_lib.c:606
 [<ffffffff81e25bc5>] scsi_io_completion+0x275/0x17e0 drivers/scsi/scsi_lib.c:829
 [<ffffffff81e0878d>] scsi_finish_command+0x3ad/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81e240f9>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1567
 [<ffffffff81af672e>] blk_done_softirq+0x27e/0x3e0 block/blk-softirq.c:35
 [<ffffffff82817d7d>] __do_softirq+0x22d/0x964 kernel/softirq.c:288
 [<ffffffff810eeae9>] invoke_softirq kernel/softirq.c:368 [inline]
 [<ffffffff810eeae9>] irq_exit+0x119/0x160 kernel/softirq.c:409
 [<ffffffff82814ca1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
 [<ffffffff82814ca1>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:252
 [<ffffffff8281329d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:461
 <EOI> 
 [<ffffffff8280c841>] down_write+0x41/0xa0 kernel/locking/rwsem.c:52
 [<ffffffff816cc1ba>] ext4_map_blocks+0x77a/0x1710 fs/ext4/inode.c:605
 [<ffffffff816d937e>] mpage_map_one_extent fs/ext4/inode.c:2387 [inline]
 [<ffffffff816d937e>] mpage_map_and_submit_extent fs/ext4/inode.c:2443 [inline]
 [<ffffffff816d937e>] ext4_writepages+0x155e/0x2d20 fs/ext4/inode.c:2783
 [<ffffffff814344ac>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2331
 [<ffffffff814121bd>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:390
 [<ffffffff814122c4>] __filemap_fdatawrite mm/filemap.c:398 [inline]
 [<ffffffff814122c4>] filemap_flush+0x24/0x30 mm/filemap.c:423
 [<ffffffff816cf976>] ext4_alloc_da_blocks+0xd6/0x340 fs/ext4/inode.c:3157
 [<ffffffff816b5abf>] ext4_release_file+0x1ff/0x2e0 fs/ext4/file.c:42
 [<ffffffff81511ad4>] __fput+0x274/0x720 fs/file_table.c:208
 [<ffffffff81512006>] ____fput+0x16/0x20 fs/file_table.c:244
 [<ffffffff8113cd98>] task_work_run+0x108/0x180 kernel/task_work.c:116
 [<ffffffff81003deb>] tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 [<ffffffff81003deb>] exit_to_usermode_loop+0x13b/0x160 arch/x86/entry/common.c:162
 [<ffffffff81005907>] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 [<ffffffff81005907>] syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
 [<ffffffff81005907>] do_syscall_64+0x3f7/0x570 arch/x86/entry/common.c:290
 [<ffffffff82812993>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 00 0f 85 03 08 00 00 49 8b bd 28 01 00 00 31 d2 be c0 00 40 02 e8 89 d5 42 00 45 85 e4 44 0f 44 e0 e9 ef fa ff ff e8 98 27 c6 ff <0f> 0b e8 91 27 c6 ff 65 8b 15 8a d5 95 7e 89 d2 48 0f a3 15 c8 
RIP  [<ffffffff816b8b98>] ext4_sync_file+0x7f8/0x10a0 fs/ext4/fsync.c:103
 RSP <ffff8801db707af0>
---[ end trace 6b6bb05cdaf8665d ]---

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/02 19:52 https://android.googlesource.com/kernel/common android-4.9 9f23a833fdcd f0491811 .config console log report syz C ci-android-49-kasan-gce-root
2019/08/29 21:18 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 fd37b39e .config console log report ci-android-49-kasan-gce
2019/01/24 14:49 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 ce1ccf97 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.