ci2 starts bisection 2024-08-28 13:05:15.359090404 +0000 UTC m=+90.834375367 bisecting cause commit starting from 86987d84b968b69a610fd00ab9006c13db193b4e building syzkaller on 6c853ff934ae691d82d2ddf8d401fdd07ed4ab74 ensuring issue is reproducible on original commit 86987d84b968b69a610fd00ab9006c13db193b4e testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a16fbab675ee5f49e3b3d19629190ff0566014352200360ad5ef6c27dd99a2ad all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] check whether we can drop unnecessary instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4a43ab128b438a8dfeb6572152b98fdd86760bbb305ba264c483c170c4a8dc84 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the bug reproduces without the instrumentation disabling configs for [KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed kconfig minimization: base=3993 full=8129 leaves diff=2115 split chunks (needed=false): <2115> split chunk #0 of len 2115 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 60ae0c4f65b0e4271c7bd91fb5e5e64b0175d1bb51717a5bd76a7fde5f83c385 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the chunk can be dropped testing without sub-chunk 2/5 disabling configs for [UBSAN KASAN LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 334b93e9bfb1c717f2bf46a5a4468bc547f8e9ca1226d8d6d1620c02fc1b1eca all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN KASAN LOCKDEP], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d049de5465561ba17e050930cd4dde9f295a49f15215a0d2ae4b3c397a595cab all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: fe56c747f17912644f02ecf6b19bfe2373f08e73400cf5a6e5f02fba0fedb68d all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the chunk can be dropped testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN KASAN LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 86987d84b968b69a610fd00ab9006c13db193b4e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5d07cb71dd29c77db41a1b8ee9ca4989b77e560a7d9dcfb5fae74ee8c201cc94 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] the chunk can be dropped disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN KASAN], they are not needed picked [v6.10 v6.9 v6.8 v6.6 v6.4 v6.2 v6.0 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 33 release tags testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: f755701593f48847fe755fb99d66277b258a9462bf836d29cb89026204b296a5 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.9 testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1521c7ba89020ce0d760a7db3f528eeeab6f69301b53a9db8e49c875037f201f all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4febb63460d90b433ad6c1066eef1ed4e85251c949124cfba94552227f936d91 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8c3055058e2f4f125902abbae675cf9aaca9ae39cd169a8fd5ac1d07d1ed3b2f all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1458e189359802a9f37598727a9cf9941e7e9a60466dfc566f313477a0549fed all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: afd68abeed5eb10928d5c08412e443e05d974df637f884fd4ad3a943216af0b2 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ac5b0a654c53c44088335f0b4dede44c2d38ebd88366192618ed7672526a4f0c all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: aace7a2d54ed363311e98847c157c052cce6e75b619227d239b33bbc028a3b49 all runs: OK false negative chance: 0.000 # git bisect start 4fe89d07dcc2804c8b562f6c7896a45643d34b2f 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 16503 revisions left to test after this (roughly 14 steps) [0fac198def2b41138850867b6aa92044c76ff802] Merge tag 'fs.idmapped.overlay.acl.v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux testing commit 0fac198def2b41138850867b6aa92044c76ff802 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0660d2bea308e940425000c0606ebac13c90b8124cff390c73f5ce71a1be2f6f all runs: OK false negative chance: 0.000 # git bisect good 0fac198def2b41138850867b6aa92044c76ff802 Bisecting: 8189 revisions left to test after this (roughly 13 steps) [723c188d5cd42a07344f997b0b7e1d83b4173c8d] Merge tag 'staging-6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 723c188d5cd42a07344f997b0b7e1d83b4173c8d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 929df4571ed4c6f183b481222b863c34b684ca7c76517a4b3928a5261be84eaf all runs: OK false negative chance: 0.000 # git bisect good 723c188d5cd42a07344f997b0b7e1d83b4173c8d Bisecting: 4099 revisions left to test after this (roughly 12 steps) [83ee9f23763a432a4077bf20624ee35de87bce99] powerpc/kexec: Fix build failure from uninitialised variable testing commit 83ee9f23763a432a4077bf20624ee35de87bce99 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 39a90a2e045558ceac8fbf0fe11437b4fbf5a0c2fb6665af732a2ef345705b0b all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] # git bisect bad 83ee9f23763a432a4077bf20624ee35de87bce99 Bisecting: 2036 revisions left to test after this (roughly 11 steps) [965a9d75e3d250088a269e0c903e86fe775b48c6] Merge tag 'trace-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace testing commit 965a9d75e3d250088a269e0c903e86fe775b48c6 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c5bf6c25bad6ae013d231070747b49dd76c6945216dfae0d15a780a62124e266 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] # git bisect bad 965a9d75e3d250088a269e0c903e86fe775b48c6 Bisecting: 1028 revisions left to test after this (roughly 10 steps) [37644cac6e8297d0908aef054caabb439c467c7d] Merge tag 'gpio-updates-for-v6.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux testing commit 37644cac6e8297d0908aef054caabb439c467c7d gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 2a2ee31e01403980274c34ee5cb8ec29f153a1c98a73f700207079569bfc1316 all runs: OK false negative chance: 0.000 # git bisect good 37644cac6e8297d0908aef054caabb439c467c7d Bisecting: 597 revisions left to test after this (roughly 9 steps) [328141e51e6fc79d21168bfd4e356dddc2ec7491] Merge tag 'mmc-v5.20' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc testing commit 328141e51e6fc79d21168bfd4e356dddc2ec7491 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 580685ed5328071fcca6b706ec45fceae8b612cd5dec7bbe0eb6707ce0c1a8aa all runs: OK false negative chance: 0.000 # git bisect good 328141e51e6fc79d21168bfd4e356dddc2ec7491 Bisecting: 297 revisions left to test after this (roughly 8 steps) [e495274793ea602415d050452088a496abcd9e6c] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit e495274793ea602415d050452088a496abcd9e6c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e25505aa64a31ff86a89c5cf45c89816430213e97dffd304513ef5c40032d7c1 all runs: OK false negative chance: 0.000 # git bisect good e495274793ea602415d050452088a496abcd9e6c Bisecting: 160 revisions left to test after this (roughly 7 steps) [fa9db655d0e112c108fe838809608caf759bdf5e] Merge tag 'for-5.20/block-2022-08-04' of git://git.kernel.dk/linux-block testing commit fa9db655d0e112c108fe838809608caf759bdf5e gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a6867319f189cdf7bdf5f531a8678897511683c1f87304987f31c606b474c993 all runs: OK false negative chance: 0.000 # git bisect good fa9db655d0e112c108fe838809608caf759bdf5e Bisecting: 94 revisions left to test after this (roughly 6 steps) [5e9466a5d0604e20082d828008047b3165592caf] xfs: delete extra space and tab in blank line testing commit 5e9466a5d0604e20082d828008047b3165592caf gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 15184cb36ab07572fc92236a09e0fcbb99dc0d1764c8fd993c618cc096f7c5d4 all runs: OK false negative chance: 0.000 # git bisect good 5e9466a5d0604e20082d828008047b3165592caf Bisecting: 47 revisions left to test after this (roughly 6 steps) [95522f0b18a059afa5aca036aa454c98beb553b5] scripts/tracing: Fix typo 'the the' in comment testing commit 95522f0b18a059afa5aca036aa454c98beb553b5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5ed110b3744042b404664c6ba1565cc45462fed92f82003ab47c4370af53e70f all runs: OK false negative chance: 0.000 # git bisect good 95522f0b18a059afa5aca036aa454c98beb553b5 Bisecting: 23 revisions left to test after this (roughly 5 steps) [3dc96bba65f53daa217f0a8f43edad145286a8f5] mbcache: add functions to delete entry if unused testing commit 3dc96bba65f53daa217f0a8f43edad145286a8f5 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 128d3a1fe1bd294c9b257758c9d00a7b4e0bd85c709df97370eb66136328d116 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] # git bisect bad 3dc96bba65f53daa217f0a8f43edad145286a8f5 Bisecting: 11 revisions left to test after this (roughly 4 steps) [67d7d8ad99beccd9fe92d585b87f1760dc9018e3] ext4: fix use-after-free in ext4_xattr_set_entry testing commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9a418daebba16e71f8eede17dab70999b241c94aeba7a8a55df3b435cde25d93 all runs: crashed: kernel BUG in ext4_inline_data_truncate representative crash: kernel BUG in ext4_inline_data_truncate, types: [BUG] # git bisect bad 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 Bisecting: 5 revisions left to test after this (roughly 3 steps) [cb3b3bf22cf33707d684e74207908ba0ef3b6467] jbd2: rename jbd_debug() to jbd2_debug() testing commit cb3b3bf22cf33707d684e74207908ba0ef3b6467 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 535f07ea1546c7e6644494f4a42da1d74c199ddb7757b7c8247a07475b37a567 all runs: OK false negative chance: 0.000 # git bisect good cb3b3bf22cf33707d684e74207908ba0ef3b6467 Bisecting: 2 revisions left to test after this (roughly 2 steps) [a89573ce4ad32f19f43ec669771726817e185be0] jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() testing commit a89573ce4ad32f19f43ec669771726817e185be0 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4c48ff41404c7630ec6ebad7a1b22affa8f0c52682dd714a084669f6ae3d11a5 all runs: OK false negative chance: 0.000 # git bisect good a89573ce4ad32f19f43ec669771726817e185be0 Bisecting: 0 revisions left to test after this (roughly 1 step) [179b14152dcb6a24c3415200603aebca70ff13af] ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h testing commit 179b14152dcb6a24c3415200603aebca70ff13af gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: beee51f42ef0a816598683e688c63d80932eaf82fcfe62414e813a5495e63af7 all runs: OK false negative chance: 0.000 # git bisect good 179b14152dcb6a24c3415200603aebca70ff13af 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 is the first bad commit commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 Author: Baokun Li Date: Thu Jun 16 10:13:56 2022 +0800 ext4: fix use-after-free in ext4_xattr_set_entry Hulk Robot reported a issue: ================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x18ab/0x3500 Write of size 4105 at addr ffff8881675ef5f4 by task syz-executor.0/7092 CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.19.90-dirty #17 Call Trace: [...] memcpy+0x34/0x50 mm/kasan/kasan.c:303 ext4_xattr_set_entry+0x18ab/0x3500 fs/ext4/xattr.c:1747 ext4_xattr_ibody_inline_set+0x86/0x2a0 fs/ext4/xattr.c:2205 ext4_xattr_set_handle+0x940/0x1300 fs/ext4/xattr.c:2386 ext4_xattr_set+0x1da/0x300 fs/ext4/xattr.c:2498 __vfs_setxattr+0x112/0x170 fs/xattr.c:149 __vfs_setxattr_noperm+0x11b/0x2a0 fs/xattr.c:180 __vfs_setxattr_locked+0x17b/0x250 fs/xattr.c:238 vfs_setxattr+0xed/0x270 fs/xattr.c:255 setxattr+0x235/0x330 fs/xattr.c:520 path_setxattr+0x176/0x190 fs/xattr.c:539 __do_sys_lsetxattr fs/xattr.c:561 [inline] __se_sys_lsetxattr fs/xattr.c:557 [inline] __x64_sys_lsetxattr+0xc2/0x160 fs/xattr.c:557 do_syscall_64+0xdf/0x530 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x459fe9 RSP: 002b:00007fa5e54b4c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd RAX: ffffffffffffffda RBX: 000000000051bf60 RCX: 0000000000459fe9 RDX: 00000000200003c0 RSI: 0000000020000180 RDI: 0000000020000140 RBP: 000000000051bf60 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000001009 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc73c93fc0 R14: 000000000051bf60 R15: 00007fa5e54b4d80 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_xattr_set ext4_xattr_set_handle ext4_xattr_ibody_find >> s->end < s->base >> no EXT4_STATE_XATTR >> xattr_check_inode is not executed ext4_xattr_ibody_set ext4_xattr_set_entry >> size_t min_offs = s->end - s->base >> UAF in memcpy we can easily reproduce this problem with the following commands: mkfs.ext4 -F /dev/sda mount -o debug_want_extra_isize=128 /dev/sda /mnt touch /mnt/file setfattr -n user.cat -v `seq -s z 4096|tr -d '[:digit:]'` /mnt/file In ext4_xattr_ibody_find, we have the following assignment logic: header = IHDR(inode, raw_inode) = raw_inode + EXT4_GOOD_OLD_INODE_SIZE + i_extra_isize is->s.base = IFIRST(header) = header + sizeof(struct ext4_xattr_ibody_header) is->s.end = raw_inode + s_inode_size In ext4_xattr_set_entry min_offs = s->end - s->base = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) last = s->first free = min_offs - ((void *)last - s->base) - sizeof(__u32) = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) - sizeof(__u32) In the calculation formula, all values except s_inode_size and i_extra_size are fixed values. When i_extra_size is the maximum value s_inode_size - EXT4_GOOD_OLD_INODE_SIZE, min_offs is -4 and free is -8. The value overflows. As a result, the preceding issue is triggered when memcpy is executed. Therefore, when finding xattr or setting xattr, check whether there is space for storing xattr in the inode to resolve this issue. Cc: stable@kernel.org Reported-by: Hulk Robot Signed-off-by: Baokun Li Reviewed-by: Ritesh Harjani (IBM) Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20220616021358.2504451-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o fs/ext4/xattr.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) accumulated error probability: 0.00 culprit signature: 9a418daebba16e71f8eede17dab70999b241c94aeba7a8a55df3b435cde25d93 parent signature: beee51f42ef0a816598683e688c63d80932eaf82fcfe62414e813a5495e63af7 revisions tested: 30, total time: 6h44m1.657068848s (build: 1h56m8.392397874s, test: 3h42m3.719461925s) first bad commit: 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 ext4: fix use-after-free in ext4_xattr_set_entry recipients (to): ["jack@suse.cz" "libaokun1@huawei.com" "ritesh.list@gmail.com" "tytso@mit.edu"] recipients (cc): [] crash: kernel BUG in ext4_inline_data_truncate ------------[ cut here ]------------ kernel BUG at fs/ext4/inline.c:1973! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 2453 Comm: syz.0.15 Not tainted 5.19.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:ext4_inline_data_truncate+0x3e5/0x3f0 fs/ext4/inline.c:1973 Code: d1 ca 04 00 89 c5 85 c0 0f 85 ae fe ff ff e9 67 fe ff ff bd f4 ff ff ff e9 2b fe ff ff 89 c5 e9 98 fe ff ff e8 9c 82 79 00 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 66 0f 1f 00 55 41 57 41 56 41 54 RSP: 0018:ffffc90001cd3cb8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888114e51f18 RCX: 0000000000000080 RDX: 0000000000000108 RSI: 0000000000000100 RDI: ffff888114e51f18 RBP: ffffc90001cd3d6c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000078 R13: 0000000000000010 R14: 0000000000000002 R15: ffff888114e51cc0 FS: 00005555558f7500(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f23ce42f2a9 CR3: 000000010cfa0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ext4_truncate+0x169/0x4f0 fs/ext4/inode.c:4204 ext4_evict_inode+0x53c/0x710 fs/ext4/inode.c:284 evict+0xcc/0x220 fs/inode.c:664 __dentry_kill+0x12a/0x200 fs/dcache.c:607 dentry_kill+0x62/0x120 dput+0x91/0xf0 fs/dcache.c:913 __fput+0x16f/0x210 fs/file_table.c:330 task_work_run+0x66/0xa0 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xa4/0xb0 kernel/entry/common.c:169 exit_to_user_mode_prepare+0x64/0xe0 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x2c/0x1f0 kernel/entry/common.c:294 do_syscall_64+0x55/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7ff47cd61e79 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffffe371538 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 RAX: 0000000000000000 RBX: 000000000000c766 RCX: 00007ff47cd61e79 RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 RBP: 00007ffffe371608 R08: 0000000000000001 R09: 00007ffffe37181f R10: 00007ff47cbe8000 R11: 0000000000000246 R12: 0000000000000032 R13: 00007ffffe371630 R14: 00007ffffe371650 R15: ffffffffffffffff Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ext4_inline_data_truncate+0x3e5/0x3f0 fs/ext4/inline.c:1973 Code: d1 ca 04 00 89 c5 85 c0 0f 85 ae fe ff ff e9 67 fe ff ff bd f4 ff ff ff e9 2b fe ff ff 89 c5 e9 98 fe ff ff e8 9c 82 79 00 90 <0f> 0b 66 0f 1f 84 00 00 00 00 00 66 0f 1f 00 55 41 57 41 56 41 54 RSP: 0018:ffffc90001cd3cb8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888114e51f18 RCX: 0000000000000080 RDX: 0000000000000108 RSI: 0000000000000100 RDI: ffff888114e51f18 RBP: ffffc90001cd3d6c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000078 R13: 0000000000000010 R14: 0000000000000002 R15: ffff888114e51cc0 FS: 00005555558f7500(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f23ce42f2a9 CR3: 000000010cfa0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400