syzbot


BUG: unable to handle kernel paging request in __ext4_expand_extra_isize

Status: auto-closed as invalid on 2020/03/13 17:51
Reported-by: syzbot+67fc36fdd1d7368119c8@syzkaller.appspotmail.com
First crash: 1846d, last: 1846d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in __ext4_expand_extra_isize ext4 6 1890d 1871d 15/28 fixed on 2019/12/13 00:31

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
EXT4-fs (sda1): Unrecognized mount option "euid=00000000000000000000" or missing value
8021q: adding VLAN 0 to HW filter on device batadv0
BUG: unable to handle kernel paging request at ffffed1018000000
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
PGD 21fff0067 P4D 21fff0067 PUD 12fff9067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
CPU: 1 PID: 7322 Comm: rs:main Q:Reg Not tainted 4.19.84 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:196 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline]
RIP: 0010:check_memory_region+0x9c/0x190 mm/kasan/kasan.c:267
IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
Code: c9 4d 0f 49 c1 49 c1 f8 03 45 85 c0 0f 84 fb 00 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 8f 00 00 00 <48> 83 38 00 74 ed 4c 8d 40 08 eb 09 48 83 c0 01 49 39 c0 74 0a 80
RSP: 0018:ffff8880a5587688 EFLAGS: 00010283
RAX: ffffed1018000000 RBX: ffffed1019fdda30 RCX: ffffffff81e84ae5
RDX: 0000000000000001 RSI: 000000000fffffe0 RDI: ffff8880bfeed1a0
RBP: ffff8880a55876a0 R08: ffffed1019fdda30 R09: 0000000001fffff8
R10: ffffed1019fdda2f R11: ffff8880cfeed17f R12: ffffed1017fdda34
R13: 0000000000000004 R14: 0000000000000000 R15: ffff8880bfeed1a0
IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
FS:  00007f29d97a6700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed1018000000 CR3: 00000000a1ef2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memset+0x24/0x40 mm/kasan/kasan.c:285
 memset include/linux/string.h:333 [inline]
 __ext4_expand_extra_isize+0x175/0x250 fs/ext4/inode.c:5916
IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5968 [inline]
 ext4_mark_inode_dirty+0x6f0/0x940 fs/ext4/inode.c:6044
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
 ext4_dirty_inode+0x8f/0xc0 fs/ext4/inode.c:6078
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
 __mark_inode_dirty+0x915/0x1280 fs/fs-writeback.c:2176
 mark_inode_dirty include/linux/fs.h:2082 [inline]
 __generic_write_end+0x1b9/0x240 fs/buffer.c:2118
 generic_write_end+0x6c/0x90 fs/buffer.c:2163
 ext4_da_write_end+0x3c5/0xa50 fs/ext4/inode.c:3184
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
 generic_perform_write+0x2ed/0x520 mm/filemap.c:3173
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
 __generic_file_write_iter+0x25e/0x630 mm/filemap.c:3287
 ext4_file_write_iter+0x32b/0x1060 fs/ext4/file.c:270
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
 call_write_iter include/linux/fs.h:1820 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x587/0x810 fs/read_write.c:487
 vfs_write+0x20c/0x560 fs/read_write.c:549
 ksys_write+0x14f/0x2d0 fs/read_write.c:599
8021q: adding VLAN 0 to HW filter on device batadv0
 __do_sys_write fs/read_write.c:611 [inline]
 __se_sys_write fs/read_write.c:608 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:608
kobject: 'vlan0' (000000001dc009eb): kobject_add_internal: parent: 'mesh', set: '<NULL>'
 do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f29db20419d
Code: d1 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 be fa ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 07 fb ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007f29d97a5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000177 RCX: 00007f29db20419d
RDX: 0000000000000177 RSI: 0000000002269a90 RDI: 0000000000000001
RBP: 0000000002269a90 R08: 0000000002269bf7 R09: 00007f29dab80eb7
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007f29d97a5480 R14: 0000000000000003 R15: 0000000002269890
Modules linked in:
CR2: ffffed1018000000
---[ end trace 38a4caa885b2a901 ]---
RIP: 0010:memory_is_nonzero mm/kasan/kasan.c:196 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/kasan.c:210 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/kasan.c:241 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/kasan.c:257 [inline]
RIP: 0010:check_memory_region+0x9c/0x190 mm/kasan/kasan.c:267
Code: c9 4d 0f 49 c1 49 c1 f8 03 45 85 c0 0f 84 fb 00 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 8f 00 00 00 <48> 83 38 00 74 ed 4c 8d 40 08 eb 09 48 83 c0 01 49 39 c0 74 0a 80
RSP: 0018:ffff8880a5587688 EFLAGS: 00010283
RAX: ffffed1018000000 RBX: ffffed1019fdda30 RCX: ffffffff81e84ae5
RDX: 0000000000000001 RSI: 000000000fffffe0 RDI: ffff8880bfeed1a0
RBP: ffff8880a55876a0 R08: ffffed1019fdda30 R09: 0000000001fffff8
R10: ffffed1019fdda2f R11: ffff8880cfeed17f R12: ffffed1017fdda34
R13: 0000000000000004 R14: 0000000000000000 R15: ffff8880bfeed1a0
FS:  00007f29d97a6700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed1018000000 CR3: 00000000a1ef2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/14 17:50 linux-4.19.y c555efaf1402 048f2d49 .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.