syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG at fs/ext4/fsync.c:LINE!

Status: public: reported C repro on 2019/05/24 08:47
Reported-by: syzbot+6b3db5c3691adc1cdd41@syzkaller.appspotmail.com
First crash: 1798d, last: 1798d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 kernel BUG at fs/ext4/fsync.c:LINE! C 3 1700d 1837d 0/3 public: reported C repro on 2019/04/14 08:51

Sample crash report:
------------[ cut here ]------------
kernel BUG at fs/ext4/fsync.c:96!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 2074 Comm: syz-executor707 Not tainted 4.4.174+ #17
task: ffff8800b749df00 task.stack: ffff8800b6450000
RIP: 0010:[<ffffffff816359e0>]  [<ffffffff816359e0>] ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
RSP: 0018:ffff8801db607aa8  EFLAGS: 00010206
RAX: ffff8800b749df00 RBX: ffff8801d6b8d1a0 RCX: dffffc0000000000
RDX: 0000000000000100 RSI: ffffffff816359e0 RDI: ffff8800b749ef50
RBP: ffff8801db607af8 R08: 0000000000000003 R09: ffff8800b749e810
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800b7705600
R13: ffff8801d6b8d1c8 R14: 0000000000000000 R15: ffff8801d768a200
FS:  0000000000000000(0000) GS:ffff8801db600000(0063) knlGS:0000000008ff3840
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007fff9634c0e8 CR3: 00000000b7703000 CR4: 00000000001606b0
Stack:
 ffff8800ba2ba000 ffff8801d6b8d278 0000000100000009 000000000000ffff
 0000000000000000 ffffffff816350b0 ffff8800b7705600 0000000000000001
 0000000000000000 000000000000ffff ffff8801db607b48 ffffffff81538fd1
Call Trace:
 <IRQ> 
 [<ffffffff81538fd1>] vfs_fsync_range+0x111/0x260 fs/sync.c:195
 [<ffffffff815534d6>] generic_write_sync include/linux/fs.h:2517 [inline]
 [<ffffffff815534d6>] dio_complete+0x3e6/0x720 fs/direct-io.c:266
 [<ffffffff81553986>] dio_bio_end_aio+0x176/0x3f0 fs/direct-io.c:312
 [<ffffffff81a22de7>] bio_endio+0x187/0x1e0 block/bio.c:1786
 [<ffffffff81a41d37>] req_bio_endio block/blk-core.c:157 [inline]
 [<ffffffff81a41d37>] blk_update_request+0x267/0xa50 block/blk-core.c:2653
 [<ffffffff81d76bbc>] scsi_end_request+0x9c/0x5d0 drivers/scsi/scsi_lib.c:695
 [<ffffffff81d7f3c5>] scsi_io_completion+0x275/0x1810 drivers/scsi/scsi_lib.c:918
 [<ffffffff81d62b84>] scsi_finish_command+0x3a4/0x520 drivers/scsi/scsi.c:607
 [<ffffffff81d7d919>] scsi_softirq_done+0x259/0x370 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81a5f098>] blk_done_softirq+0x258/0x3a0 block/blk-softirq.c:35
 [<ffffffff8271bb16>] __do_softirq+0x226/0xa3f kernel/softirq.c:273
 [<ffffffff810e1a8a>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff810e1a8a>] irq_exit+0x10a/0x150 kernel/softirq.c:391
 [<ffffffff8271b111>] exiting_irq arch/x86/include/asm/apic.h:652 [inline]
 [<ffffffff8271b111>] do_IRQ+0x111/0x1d0 arch/x86/kernel/irq.c:251
 [<ffffffff8271971d>] common_interrupt+0x9d/0x9d arch/x86/entry/entry_64.S:623
 <EOI> 
 [<ffffffff81abc15e>] __radix_tree_lookup+0x12e/0x290 lib/radix-tree.c:523
 [<ffffffff81abc332>] radix_tree_lookup_slot+0x72/0xc0 lib/radix-tree.c:555
 [<ffffffff813b801e>] find_get_entry+0x8e/0x340 mm/filemap.c:1046
 [<ffffffff813b99e8>] pagecache_get_page+0x48/0x400 mm/filemap.c:1146
 [<ffffffff8153f986>] find_get_page_flags include/linux/pagemap.h:282 [inline]
 [<ffffffff8153f986>] __find_get_block_slow+0x126/0x330 fs/buffer.c:214
 [<ffffffff81541a11>] unmap_underlying_metadata+0x31/0xb0 fs/buffer.c:1640
 [<ffffffff8165748f>] mpage_map_one_extent fs/ext4/inode.c:2249 [inline]
 [<ffffffff8165748f>] mpage_map_and_submit_extent fs/ext4/inode.c:2287 [inline]
 [<ffffffff8165748f>] ext4_writepages+0x14bf/0x2c40 fs/ext4/inode.c:2620
 [<ffffffff813dac6c>] do_writepages+0xfc/0x1e0 mm/page-writeback.c:2341
 [<ffffffff813bc53d>] __filemap_fdatawrite_range+0x1ad/0x260 mm/filemap.c:347
 [<ffffffff813bc644>] __filemap_fdatawrite mm/filemap.c:355 [inline]
 [<ffffffff813bc644>] filemap_flush+0x24/0x30 mm/filemap.c:380
 [<ffffffff8164e295>] ext4_alloc_da_blocks+0x105/0x3d0 fs/ext4/inode.c:2993
 [<ffffffff8170ca4e>] ext4_ind_migrate+0x51e/0x610 fs/ext4/migrate.c:640
 [<ffffffff8166b356>] ext4_ioctl+0x2676/0x2cd0 fs/ext4/ioctl.c:317
 [<ffffffff8166ba90>] ext4_compat_ioctl+0xe0/0x420 fs/ext4/ioctl.c:776
 [<ffffffff8159b2c3>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
 [<ffffffff8159b2c3>] compat_SyS_ioctl+0x403/0x2210 fs/compat_ioctl.c:1544
 [<ffffffff8100603d>] do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 [<ffffffff8100603d>] do_fast_syscall_32+0x32d/0xa90 arch/x86/entry/common.c:397
 [<ffffffff8271a350>] sysenter_flags_fixed+0xd/0x1a
Code: 00 00 49 8b 86 60 fe ff ff 48 0f ba e0 27 0f 82 e7 fe ff ff e8 22 3c cd ff 4c 89 f7 e8 ca 66 eb ff e9 81 fb ff ff e8 10 3c cd ff <0f> 0b e8 09 3c cd ff 65 8b 15 1a 07 9e 7e 48 8b 05 8b 0e 20 01 
RIP  [<ffffffff816359e0>] ext4_sync_file+0x930/0xf10 fs/ext4/fsync.c:96
 RSP <ffff8801db607aa8>
---[ end trace adc0f74abdaa0bc3 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/05/24 07:46 https://android.googlesource.com/kernel/common android-4.4 62872f952d6b 0dadcd9d .config console log report syz C ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.