syzbot


kernel BUG at fs/ext4/ext4.h:LINE!

Status: upstream: reported C repro on 2020/10/08 13:59
Reported-by: syzbot+c24787e72920213d5bcb@syzkaller.appspotmail.com
First crash: 722d, last: 45d
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at fs/ext4/ext4.h:LINE! C error 8 88d 684d 0/1 upstream: reported C repro on 2020/11/15 12:08
upstream kernel BUG at fs/ext4/ext4.h:LINE! 1 638d 634d 0/24 auto-closed as invalid on 2021/05/01 06:31
android-5-10 kernel BUG in ext4_free_blocks 3 291d 324d 0/2 auto-closed as invalid on 2022/03/13 09:34
linux-4.14 kernel BUG in ext4_mb_load_buddy_gfp C 4 29d 519d 0/1 upstream: reported C repro on 2021/04/29 16:39
android-5-10 kernel BUG in ext4_free_blocks (2) C error 2 89d 89d 0/2 upstream: reported C repro on 2022/07/04 02:04
upstream kernel BUG in ext4_get_group_info C error 2 56d 407d 0/24 upstream: reported C repro on 2021/08/19 08:21

Sample crash report:
EXT4-fs (loop0): Remounting filesystem read-only
------------[ cut here ]------------
kernel BUG at fs/ext4/ext4.h:2982!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 304 Comm: syz-executor195 Not tainted 5.4.190-syzkaller-00060-g148e4ba7f4fc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2982 [inline]
RIP: 0010:ext4_free_blocks+0x2181/0x22c0 fs/ext4/mballoc.c:4825
Code: 29 04 0f 92 c3 40 0f 92 c6 31 ff e8 09 e8 a2 ff 84 db 75 1f e8 70 e5 a2 ff e9 27 01 00 00 e8 66 e5 a2 ff 0f 0b e8 5f e5 a2 ff <0f> 0b e8 58 e5 a2 ff 0f 0b 65 ff 05 7b 25 45 7e 48 c7 c0 f8 37 e5
RSP: 0018:ffff8881dd99f560 EFLAGS: 00010293
RAX: ffffffff81bd6801 RBX: ffff8881dda92000 RCX: ffff8881e16d8fc0
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffff81bd4c79 R09: ffff8881dd99f668
R10: ffffed103bb33ed4 R11: 1ffff1103bb33ecd R12: 0000000000000010
R13: 0000000000000000 R14: ffff8881dda92040 R15: 00000000ffffffff
FS:  00005555562d9300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555902246ab0 CR3: 00000001dd9a3000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ext4_clear_blocks+0x8ce/0xcc0 fs/ext4/indirect.c:872
 ext4_free_data fs/ext4/indirect.c:945 [inline]
 ext4_ind_truncate+0x7fb/0xf90 fs/ext4/indirect.c:1137
 ext4_truncate+0x992/0x1150 fs/ext4/inode.c:4644
 ext4_evict_inode+0x117b/0x1930 fs/ext4/inode.c:306
 evict+0x29b/0x6a0 fs/inode.c:576
 ext4_quota_enable fs/ext4/super.c:6038 [inline]
 ext4_enable_quotas+0x281/0x8a0 fs/ext4/super.c:6061
 ext4_orphan_cleanup+0x2d5/0xcd0 fs/ext4/super.c:2754
 ext4_fill_super+0x80e7/0x88c0 fs/ext4/super.c:4713
 mount_bdev+0x22d/0x340 fs/super.c:1417
 legacy_get_tree+0xde/0x170 fs/fs_context.c:647
 vfs_get_tree+0x85/0x260 fs/super.c:1547
 do_new_mount+0x23a/0x500 fs/namespace.c:2843
 do_mount+0x5e2/0xcd0 fs/namespace.c:3163
 ksys_mount+0xc2/0xf0 fs/namespace.c:3372
 __do_sys_mount fs/namespace.c:3386 [inline]
 __se_sys_mount fs/namespace.c:3383 [inline]
 __x64_sys_mount+0xb1/0xc0 fs/namespace.c:3383
 do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fdf6e38f4da
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffda0603018 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffda0603070 RCX: 00007fdf6e38f4da
RDX: 0000000020000000 RSI: 0000000020000040 RDI: 00007ffda0603030
RBP: 00007ffda0603030 R08: 00007ffda0603070 R09: 0000000800000015
R10: 0000000000000081 R11: 0000000000000202 R12: 0000000000000004
R13: 0000000000000003 R14: 0000000000000003 R15: 0000000000000010
Modules linked in:
---[ end trace 6c85bdead229b6b3 ]---
RIP: 0010:ext4_get_group_info fs/ext4/ext4.h:2982 [inline]
RIP: 0010:ext4_free_blocks+0x2181/0x22c0 fs/ext4/mballoc.c:4825
Code: 29 04 0f 92 c3 40 0f 92 c6 31 ff e8 09 e8 a2 ff 84 db 75 1f e8 70 e5 a2 ff e9 27 01 00 00 e8 66 e5 a2 ff 0f 0b e8 5f e5 a2 ff <0f> 0b e8 58 e5 a2 ff 0f 0b 65 ff 05 7b 25 45 7e 48 c7 c0 f8 37 e5
RSP: 0018:ffff8881dd99f560 EFLAGS: 00010293
RAX: ffffffff81bd6801 RBX: ffff8881dda92000 RCX: ffff8881e16d8fc0
RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffff81bd4c79 R09: ffff8881dd99f668
R10: ffffed103bb33ed4 R11: 1ffff1103bb33ecd R12: 0000000000000010
R13: 0000000000000000 R14: ffff8881dda92040 R15: 00000000ffffffff
FS:  00005555562d9300(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555902246ab0 CR3: 00000001dd9a3000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (7):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-android-5-4-kasan 2022/07/04 02:33 android12-5.4 148e4ba7f4fc 1434eec0 .config log report syz C kernel BUG in ext4_free_blocks
ci2-android-5-4-kasan 2021/03/27 06:23 android12-5.4 7af03784d889 a8529b82 .config log report syz C kernel BUG in ext4_mb_load_buddy_gfp
ci2-android-5-4-kasan 2021/08/21 13:25 android12-5.4 3ce13296e72d b599f2fc .config log report syz kernel BUG in ext4_mb_load_buddy_gfp
ci2-android-5-4-kasan 2021/01/20 11:25 android12-5.4 e4139b2a81bd d4f4eca5 .config log report syz kernel BUG in ext4_mb_find_by_goal
ci2-android-5-4-kasan 2022/08/16 11:45 android12-5.4 2bf0b614f0fb 7a7cb304 .config log report info kernel BUG in ext4_mb_load_buddy_gfp
ci2-android-5-4-kasan 2021/11/11 19:57 android12-5.4 f49f3b377eae 75b04091 .config log report info kernel BUG in ext4_free_blocks
ci2-android-5-4-kasan 2020/10/08 13:58 android12-5.4 54d2c66faf42 92390980 .config log report info
* Struck through repros no longer work on HEAD.