[syzbot] [ext4?] kernel BUG in ext4_write_inline_data_end
53 views
Skip to first unread message
syzbot
Mar 2, 2023, 6:48:59 PM3/2/23
Hello,
syzbot found the following issue on:
HEAD commit: 2ebd1fbb946d Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=13de1350c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=3519974f3f27816d
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160fccacc80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e5963cc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16985cc7a274/disk-2ebd1fbb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd3452567115/vmlinux-2ebd1fbb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c75510922212/Image-2ebd1fbb.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/0427397bf5ad/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:226!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6191 Comm: syz-executor142 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ext4_write_inline_data fs/ext4/inline.c:226 [inline]
pc : ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
lr : ext4_write_inline_data fs/ext4/inline.c:226 [inline]
lr : ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
sp : ffff80001eac7520
x29: ffff80001eac7630 x28: ffff0000d7a63680 x27: dfff800000000000
x26: 0000000000000060 x25: ffff80001eac75c0 x24: 0000000040000000
x23: 000000000000006c x22: 0000000000000060 x21: 000000000000000c
x20: ffff0000de2e48e8 x19: 0000000000000000 x18: ffff80001eac70d8
x17: ffff800015b8d000 x16: ffff80001231393c x15: 00000000200002c0
x14: 1ffff00002b720af x13: 0000000000000007 x12: 0000000000000001
x11: ff80800008e4087c x10: 0000000000000000 x9 : ffff800008e4087c
x8 : ffff0000d7a63680 x7 : ffff800008de16f0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 00000000000008a5 x3 : ffff800008b36a88
x2 : 0000000000000001 x1 : 0000000000000060 x0 : 000000000000006c
Call trace:
ext4_write_inline_data fs/ext4/inline.c:226 [inline]
ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
ext4_da_write_end+0x330/0x9fc fs/ext4/inode.c:3150
generic_perform_write+0x384/0x55c mm/filemap.c:3784
ext4_buffered_write_iter+0x2e0/0x538 fs/ext4/file.c:285
ext4_file_write_iter+0x188/0x16c0
call_write_iter include/linux/fs.h:2189 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x610/0x914 fs/read_write.c:584
ksys_write+0x15c/0x26c fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:646
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
Code: 14000043 97db2731 d4210000 97db272f (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 2ebd1fbb946d Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=13de1350c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=3519974f3f27816d
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160fccacc80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17e5963cc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/16985cc7a274/disk-2ebd1fbb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fd3452567115/vmlinux-2ebd1fbb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c75510922212/Image-2ebd1fbb.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/0427397bf5ad/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:226!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6191 Comm: syz-executor142 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ext4_write_inline_data fs/ext4/inline.c:226 [inline]
pc : ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
lr : ext4_write_inline_data fs/ext4/inline.c:226 [inline]
lr : ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
sp : ffff80001eac7520
x29: ffff80001eac7630 x28: ffff0000d7a63680 x27: dfff800000000000
x26: 0000000000000060 x25: ffff80001eac75c0 x24: 0000000040000000
x23: 000000000000006c x22: 0000000000000060 x21: 000000000000000c
x20: ffff0000de2e48e8 x19: 0000000000000000 x18: ffff80001eac70d8
x17: ffff800015b8d000 x16: ffff80001231393c x15: 00000000200002c0
x14: 1ffff00002b720af x13: 0000000000000007 x12: 0000000000000001
x11: ff80800008e4087c x10: 0000000000000000 x9 : ffff800008e4087c
x8 : ffff0000d7a63680 x7 : ffff800008de16f0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 00000000000008a5 x3 : ffff800008b36a88
x2 : 0000000000000001 x1 : 0000000000000060 x0 : 000000000000006c
Call trace:
ext4_write_inline_data fs/ext4/inline.c:226 [inline]
ext4_write_inline_data_end+0xe28/0xf84 fs/ext4/inline.c:767
ext4_da_write_end+0x330/0x9fc fs/ext4/inode.c:3150
generic_perform_write+0x384/0x55c mm/filemap.c:3784
ext4_buffered_write_iter+0x2e0/0x538 fs/ext4/file.c:285
ext4_file_write_iter+0x188/0x16c0
call_write_iter include/linux/fs.h:2189 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x610/0x914 fs/read_write.c:584
ksys_write+0x15c/0x26c fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:646
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
Code: 14000043 97db2731 d4210000 97db272f (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Theodore Ts'o
Jun 30, 2023, 8:28:51 AM6/30/23
to syzbot, [email protected]
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..57de580bb8dd 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..57de580bb8dd 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
syzbot
Jun 30, 2023, 10:02:38 PM6/30/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
EXT4-fs warning (device loop3): ext4_write_inline_data:238: inode #18: pos 114688, len 4096, i_inline_size 60
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5645 Comm: syz-executor.3 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 82 fa a8 ff e9 0a ff ff ff e8 b8 25 51 ff 0f 0b e8 b1 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000642f1c0 EFLAGS: 00010293
RAX: ffffffff823a597f RBX: 000000000000003c RCX: ffff888028b79dc0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 000000000001d000
RBP: dffffc0000000000 R08: ffffffff823a572c R09: fffff52000c85dc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888066673000
R13: 000000000001d000 R14: ffffc9000642f2a0 R15: 1ffff1100cd3c60d
FS: 00007f66f6f15700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3d58b15e89 CR3: 000000007a51a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:778
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f66f628c389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f66f6f15168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f66f63abf80 RCX: 00007f66f628c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f66f62d7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc700c4eaf R14: 00007f66f6f15300 R15: 0000000000022000
</TASK>
Modules linked in:
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 82 fa a8 ff e9 0a ff ff ff e8 b8 25 51 ff 0f 0b e8 b1 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000642f1c0 EFLAGS: 00010293
RAX: ffffffff823a597f RBX: 000000000000003c RCX: ffff888028b79dc0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 000000000001d000
RBP: dffffc0000000000 R08: ffffffff823a572c R09: fffff52000c85dc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888066673000
R13: 000000000001d000 R14: ffffc9000642f2a0 R15: 1ffff1100cd3c60d
FS: 00007f66f6f15700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f866a1a8718 CR3: 000000007a51a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=17d6ecf0a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
EXT4-fs warning (device loop3): ext4_write_inline_data:238: inode #18: pos 114688, len 4096, i_inline_size 60
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5645 Comm: syz-executor.3 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 82 fa a8 ff e9 0a ff ff ff e8 b8 25 51 ff 0f 0b e8 b1 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000642f1c0 EFLAGS: 00010293
RAX: ffffffff823a597f RBX: 000000000000003c RCX: ffff888028b79dc0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 000000000001d000
RBP: dffffc0000000000 R08: ffffffff823a572c R09: fffff52000c85dc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888066673000
R13: 000000000001d000 R14: ffffc9000642f2a0 R15: 1ffff1100cd3c60d
FS: 00007f66f6f15700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3d58b15e89 CR3: 000000007a51a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:778
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f66f628c389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f66f6f15168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f66f63abf80 RCX: 00007f66f628c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f66f62d7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc700c4eaf R14: 00007f66f6f15300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 82 fa a8 ff e9 0a ff ff ff e8 b8 25 51 ff 0f 0b e8 b1 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000642f1c0 EFLAGS: 00010293
RAX: ffffffff823a597f RBX: 000000000000003c RCX: ffff888028b79dc0
RDX: 0000000000000000 RSI: 000000000000003c RDI: 000000000001d000
RBP: dffffc0000000000 R08: ffffffff823a572c R09: fffff52000c85dc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888066673000
R13: 000000000001d000 R14: ffffc9000642f2a0 R15: 1ffff1100cd3c60d
FS: 00007f66f6f15700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f866a1a8718 CR3: 000000007a51a000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=17d6ecf0a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=12109120a80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jun 30, 2023, 11:41:00 PM6/30/23
to syzbot, [email protected]
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..85baf1c62e65 100644
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
@@ -687,6 +691,10 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out;
syzbot
Jul 1, 2023, 12:07:29 AM7/1/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
EXT4-fs warning (device loop2): ext4_write_inline_data:238: inode #18: pos 32768, len 4096, i_inline_size 60
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5621 Comm: syz-executor.2 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
RSP: 0018:ffffc900045df1c0 EFLAGS: 00010293
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff88802a15bb80
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000009000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff520008bbdc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880631a7000
R13: 0000000000009000 R14: ffffc900045df2a0 R15: 1ffff1100cc849cd
FS: 00007f593c951700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 00000000636e6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:782
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f593bc8c389
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f593c951168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f593bdabf80 RCX: 00007f593bc8c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f593bcd7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe2ae362df R14: 00007f593c951300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
RSP: 0018:ffffc900045df1c0 EFLAGS: 00010293
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff88802a15bb80
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000009000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff520008bbdc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880631a7000
R13: 0000000000009000 R14: ffffc900045df2a0 R15: 1ffff1100cc849cd
FS: 00007f593c951700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 00000000636e6000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=1461a110a80000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11919248a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jul 1, 2023, 6:15:22 AM7/1/23
to syzbot, [email protected]
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..523b23303cab 100644
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
@@ -687,6 +691,10 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out;
@@ -913,6 +921,10 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping,
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
@@ -687,6 +691,10 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out;
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out_journal;
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
syzbot
Jul 1, 2023, 10:24:36 AM7/1/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5607 Comm: syz-executor.1 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc900069771c0 EFLAGS: 00010293
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff88806779bb80
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000001000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff52000d2edc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880622b2000
R13: 0000000000001000 R14: ffffc900069772a0 R15: 1ffff1100c725b0d
FS: 00007f6d0af3e700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 0000000062400000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:782
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6d0a28c389
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:782
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6d0af3e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f6d0a3ac050 RCX: 00007f6d0a28c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f6d0a2d7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff1015a2bf R14: 00007f6d0af3e300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc900069771c0 EFLAGS: 00010293
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff88806779bb80
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000001000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff52000d2edc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880622b2000
R13: 0000000000001000 R14: ffffc900069772a0 R15: 1ffff1100c725b0d
FS: 00007f6d0af3e700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559131df4950 CR3: 0000000062400000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=111187eca80000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1314124f280000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jul 1, 2023, 8:05:35 PM7/1/23
to syzbot, [email protected]
index 43be684dabcb..f150b205d73e 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -1117,6 +1117,17 @@ static int ext4_write_begin(struct file *file, struct address_space *mapping,
if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
return -EIO;
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
trace_ext4_write_begin(inode, pos, len);
/*
* Reserve one block more for addition to orphan list in case
@@ -1269,6 +1280,17 @@ static int ext4_write_end(struct file *file,
trace_ext4_write_end(inode, pos, len, copied);
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
if (ext4_has_inline_data(inode) &&
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
return ext4_write_inline_data_end(inode, pos, len, copied,
@@ -1379,6 +1401,17 @@ static int ext4_journalled_write_end(struct file *file,
BUG_ON(!ext4_handle_valid(handle));
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
if (ext4_has_inline_data(inode))
return ext4_write_inline_data_end(inode, pos, len, copied,
folio);
@@ -2860,6 +2893,17 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
return -EIO;
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
index = pos >> PAGE_SHIFT;
if (ext4_nonda_switch(inode->i_sb) || ext4_verity_in_progress(inode)) {
syzbot
Jul 2, 2023, 1:13:39 AM7/2/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_do_writepages
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
------------[ cut here ]------------
kernel BUG at fs/ext4/inode.c:2595!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5531 Comm: kworker/u4:6 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Workqueue: writeback wb_workfn (flush-7:2)
RIP: 0010:ext4_do_writepages+0x3d93/0x3da0 fs/ext4/inode.c:2594
Code: c7 30 14 0c 8d 4c 89 f2 e8 5a 33 31 02 e9 9b fb ff ff e8 80 a7 4f ff 0f 0b e8 79 a7 4f ff 0f 0b e8 32 b6 73 08 e8 6d a7 4f ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffc9000654eec0 EFLAGS: 00010293
RAX: ffffffff823bd7c3 RBX: 0000004000000000 RCX: ffff888023c70000
RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
RBP: ffffc9000654f230 R08: ffffffff823b9fed R09: ffffed100d23864b
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: ffff8880691c34b0 R14: 0000006210000000 R15: 1ffff1100d2386db
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555556421848 CR3: 0000000028c24000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
<TASK>
ext4_writepages+0x203/0x3e0 fs/ext4/inode.c:2799
do_writepages+0x3a6/0x670 mm/page-writeback.c:2551
__writeback_single_inode+0x155/0xfa0 fs/fs-writeback.c:1603
writeback_sb_inodes+0x8e3/0x11d0 fs/fs-writeback.c:1894
wb_writeback+0x458/0xc70 fs/fs-writeback.c:2068
wb_do_writeback fs/fs-writeback.c:2211 [inline]
wb_workfn+0x400/0xff0 fs/fs-writeback.c:2251
process_one_work+0x8a0/0x10e0 kernel/workqueue.c:2405
worker_thread+0xa63/0x1210 kernel/workqueue.c:2552
kthread+0x2b8/0x350 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_do_writepages+0x3d93/0x3da0 fs/ext4/inode.c:2594
Modules linked in:
---[ end trace 0000000000000000 ]---
Code: c7 30 14 0c 8d 4c 89 f2 e8 5a 33 31 02 e9 9b fb ff ff e8 80 a7 4f ff 0f 0b e8 79 a7 4f ff 0f 0b e8 32 b6 73 08 e8 6d a7 4f ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffc9000654eec0 EFLAGS: 00010293
RAX: ffffffff823bd7c3 RBX: 0000004000000000 RCX: ffff888023c70000
RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
RBP: ffffc9000654f230 R08: ffffffff823b9fed R09: ffffed100d23864b
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
R13: ffff8880691c34b0 R14: 0000006210000000 R15: 1ffff1100d2386db
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555567c5848 CR3: 000000002d252000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=10bd39cb280000
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=17dadbfb280000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jul 2, 2023, 2:33:22 AM7/2/23
to syzbot, [email protected]
(Trying again because the failure mode was completely different...)
syzbot
Jul 2, 2023, 3:04:24 AM7/2/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
EXT4-fs warning (device loop3): ext4_write_inline_data:238: inode #18: pos 397312, len 4096, i_inline_size 60
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5591 Comm: syz-executor.3 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000565f1c0 EFLAGS: 00010293
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff888021100000
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000062000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff52000acbdc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888062d2e000
R13: 0000000000062000 R14: ffffc9000565f2a0 R15: 1ffff1100ea3360d
FS: 00007f6dee336700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020007f82 CR3: 0000000062674000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:782
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6ded68c389
<TASK>
ext4_write_inline_data_end+0x2ea/0xc30 fs/ext4/inline.c:782
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6dee336168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f6ded7ac050 RCX: 00007f6ded68c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f6ded6d7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe1da9673f R14: 00007f6dee336300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc9000565f1c0 EFLAGS: 00010293
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 e2 f9 a8 ff e9 0a ff ff ff e8 18 25 51 ff 0f 0b e8 11 25 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RAX: ffffffff823a5a1f RBX: 000000000000003c RCX: ffff888021100000
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000062000
RBP: dffffc0000000000 R08: ffffffff823a57cc R09: fffff52000acbdc1
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888062d2e000
R13: 0000000000062000 R14: ffffc9000565f2a0 R15: 1ffff1100ea3360d
FS: 00007f6dee336700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b6d54ab008 CR3: 0000000062674000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=14cd3d14a80000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=12c12770a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jul 2, 2023, 11:11:19 PM7/2/23
to syzbot, [email protected]
More printk debugging, since it appears pos is changing between the
calls to a_ops->write_begin() and a_ops->write_end() in
generic_perform_write() in mm/filmap.c, and that doesn't seem
possible/logical. From the last test run:
A. [ T5579] loop3: detected capacity change from 0 to 2048
B. [ T5579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
C. [ T5579] EXT4-fs warning (device loop3): ext4_da_write_begin:2905: inode #18: pos 0, len 4, has_inline_data 0, may_inline_data 1 i_inline_size 0
D. [ T5579] EXT4-fs warning (device loop3): ext4_da_write_inline_data_begin:927: inode #18: pos 0 len 4 prepare_inline_data returns 0
E. [ T5591] EXT4-fs warning (device loop3): ext4_da_write_begin:2905: inode #18: pos 0, len 4096, has_inline_data 1, may_inline_data 1 i_inline_size 60
F. [ T5594] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1212: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
G. [ T5591] EXT4-fs warning (device loop3): ext4_write_inline_data:238: inode #18: pos 397312, len 4096, i_inline_size 60
Note the that pos is 0 in line E, but 397312 in line G. Where the
#!@#@! did 397312 come from? And line E should have resulted in a
call to ext4_da_write_inline_data_begin(), which should have resulted
in the conversion of the inline inode.
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..efcde1182e08 100644
struct ext4_iloc iloc;
int ret = 0, ret2;
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu len %u copied %u",
+ inode->i_ino, pos, len, copied);
if (unlikely(copied < len) && !folio_test_uptodate(folio))
copied = 0;
@@ -838,6 +848,12 @@ static int ext4_da_convert_inline_data_to_extent(struct address_space *mapping,
int ret = 0, inline_size;
struct folio *folio;
+ ext4_warning(inode->i_sb, "inode #%lu: inline_data %d, "
+ "may_inline_data %d, i_inline_size %u",
+ inode->i_ino,
+ ext4_test_inode_flag(inode, EXT4_INODE_INLINE_DATA),
mapping_gfp_mask(mapping));
if (IS_ERR(folio))
@@ -913,6 +929,10 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping,
{
int ret;
+ ext4_warning(inode->i_sb, "inode #%lu: inline_size %d",
+ inode->i_ino, inline_size);
ret = ext4_create_inline_data(handle, inode, inline_size);
if (ret) {
ext4_msg(inode->i_sb, KERN_EMERG,
@@ -1119,6 +1141,8 @@ static void ext4_restore_inline_data(handle_t *handle, struct inode *inode,
inode->i_ino, ret);
return;
}
+ ext4_warning(inode->i_sb, "calling ext4_write_inline_data: ino %lu",
+ inode->i_ino);
ext4_write_inline_data(inode, iloc, buf, 0, inline_size);
ext4_set_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
}
@@ -1178,6 +1202,8 @@ static int ext4_convert_inline_data_nolock(handle_t *handle,
struct ext4_map_blocks map;
int inline_size;
+ ext4_warning(inode->i_sb, "inode #%lu", inode->i_ino);
+
inline_size = ext4_get_inline_size(inode);
buf = kmalloc(inline_size, GFP_NOFS);
if (!buf) {
@@ -2006,6 +2032,7 @@ int ext4_convert_inline_data(struct inode *inode)
handle_t *handle;
struct ext4_iloc iloc;
+ WARN_ON(1);
if (!ext4_has_inline_data(inode)) {
ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
return 0;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 43be684dabcb..9e5c250e56a8 100644
@@ -2860,10 +2893,24 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
+ ext4_warning(inode->i_sb, "falling back to write_begin: "
+ "ino %lu, pos %llu len %u",
+ inode->i_ino, pos, len);
return ext4_write_begin(file, mapping, pos,
len, pagep, fsdata);
}
@@ -2871,6 +2918,9 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
trace_ext4_da_write_begin(inode, pos, len);
if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb, "calling ext4_da_write_inline_data_begin: "
+ "ino %lu, pos %llu len %u",
+ inode->i_ino, pos, len);
ret = ext4_da_write_inline_data_begin(mapping, inode, pos, len,
pagep, fsdata);
if (ret < 0)
@@ -2948,6 +2998,17 @@ static int ext4_da_write_end(struct file *file,
int write_mode = (int)(unsigned long)fsdata;
struct folio *folio = page_folio(page);
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
if (write_mode == FALL_BACK_TO_NONDELALLOC)
return ext4_write_end(file, mapping, pos,
len, copied, &folio->page, fsdata);
calls to a_ops->write_begin() and a_ops->write_end() in
generic_perform_write() in mm/filmap.c, and that doesn't seem
possible/logical. From the last test run:
A. [ T5579] loop3: detected capacity change from 0 to 2048
B. [ T5579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
C. [ T5579] EXT4-fs warning (device loop3): ext4_da_write_begin:2905: inode #18: pos 0, len 4, has_inline_data 0, may_inline_data 1 i_inline_size 0
D. [ T5579] EXT4-fs warning (device loop3): ext4_da_write_inline_data_begin:927: inode #18: pos 0 len 4 prepare_inline_data returns 0
E. [ T5591] EXT4-fs warning (device loop3): ext4_da_write_begin:2905: inode #18: pos 0, len 4096, has_inline_data 1, may_inline_data 1 i_inline_size 60
F. [ T5594] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1212: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
G. [ T5591] EXT4-fs warning (device loop3): ext4_write_inline_data:238: inode #18: pos 397312, len 4096, i_inline_size 60
Note the that pos is 0 in line E, but 397312 in line G. Where the
#!@#@! did 397312 come from? And line E should have resulted in a
call to ext4_da_write_inline_data_begin(), which should have resulted
in the conversion of the inline inode.
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
@@ -687,6 +691,10 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out;
@@ -749,6 +757,8 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len,
+++ b/fs/ext4/inline.c
@@ -232,6 +232,10 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
+ if (pos + len > EXT4_I(inode)->i_inline_size)
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu, len %u, "
+ "i_inline_size %u", inode->i_ino,
+ pos, len, EXT4_I(inode)->i_inline_size);
BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
@@ -687,6 +691,10 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out;
struct ext4_iloc iloc;
int ret = 0, ret2;
+ ext4_warning(inode->i_sb, "inode #%lu: pos %llu len %u copied %u",
+ inode->i_ino, pos, len, copied);
if (unlikely(copied < len) && !folio_test_uptodate(folio))
copied = 0;
@@ -838,6 +848,12 @@ static int ext4_da_convert_inline_data_to_extent(struct address_space *mapping,
int ret = 0, inline_size;
struct folio *folio;
+ ext4_warning(inode->i_sb, "inode #%lu: inline_data %d, "
+ "may_inline_data %d, i_inline_size %u",
+ inode->i_ino,
+ ext4_test_inode_flag(inode, EXT4_INODE_INLINE_DATA),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
folio = __filemap_get_folio(mapping, 0, FGP_WRITEBEGIN,
+ EXT4_I(inode)->i_inline_size);
mapping_gfp_mask(mapping));
if (IS_ERR(folio))
@@ -913,6 +929,10 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping,
}
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out_journal;
@@ -1112,6 +1132,8 @@ static void ext4_restore_inline_data(handle_t *handle, struct inode *inode,
ret = ext4_prepare_inline_data(handle, inode, pos + len);
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu len %u "
+ "prepare_inline_data returns %d",
+ inode->i_ino, pos, len, ret);
if (ret && ret != -ENOSPC)
goto out_journal;
{
int ret;
+ ext4_warning(inode->i_sb, "inode #%lu: inline_size %d",
+ inode->i_ino, inline_size);
ret = ext4_create_inline_data(handle, inode, inline_size);
if (ret) {
ext4_msg(inode->i_sb, KERN_EMERG,
@@ -1119,6 +1141,8 @@ static void ext4_restore_inline_data(handle_t *handle, struct inode *inode,
inode->i_ino, ret);
return;
}
+ ext4_warning(inode->i_sb, "calling ext4_write_inline_data: ino %lu",
+ inode->i_ino);
ext4_write_inline_data(inode, iloc, buf, 0, inline_size);
ext4_set_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
}
@@ -1178,6 +1202,8 @@ static int ext4_convert_inline_data_nolock(handle_t *handle,
struct ext4_map_blocks map;
int inline_size;
+ ext4_warning(inode->i_sb, "inode #%lu", inode->i_ino);
+
inline_size = ext4_get_inline_size(inode);
buf = kmalloc(inline_size, GFP_NOFS);
if (!buf) {
@@ -2006,6 +2032,7 @@ int ext4_convert_inline_data(struct inode *inode)
handle_t *handle;
struct ext4_iloc iloc;
+ WARN_ON(1);
if (!ext4_has_inline_data(inode)) {
ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
return 0;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 43be684dabcb..9e5c250e56a8 100644
if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
return -EIO;
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
index = pos >> PAGE_SHIFT;
if (ext4_nonda_switch(inode->i_sb) || ext4_verity_in_progress(inode)) {
*fsdata = (void *)FALL_BACK_TO_NONDELALLOC;
return -EIO;
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
index = pos >> PAGE_SHIFT;
if (ext4_nonda_switch(inode->i_sb) || ext4_verity_in_progress(inode)) {
+ ext4_warning(inode->i_sb, "falling back to write_begin: "
+ "ino %lu, pos %llu len %u",
+ inode->i_ino, pos, len);
return ext4_write_begin(file, mapping, pos,
len, pagep, fsdata);
}
@@ -2871,6 +2918,9 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping,
trace_ext4_da_write_begin(inode, pos, len);
if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb, "calling ext4_da_write_inline_data_begin: "
+ "ino %lu, pos %llu len %u",
+ inode->i_ino, pos, len);
ret = ext4_da_write_inline_data_begin(mapping, inode, pos, len,
pagep, fsdata);
if (ret < 0)
@@ -2948,6 +2998,17 @@ static int ext4_da_write_end(struct file *file,
int write_mode = (int)(unsigned long)fsdata;
struct folio *folio = page_folio(page);
+ if (ext4_has_inline_data(inode) ||
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) {
+ ext4_warning(inode->i_sb,
+ "inode #%lu: pos %llu, len %u, "
+ "has_inline_data %d, "
+ "may_inline_data %d i_inline_size %u",
+ inode->i_ino, pos, len,
+ ext4_has_inline_data(inode),
+ ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA),
+ EXT4_I(inode)->i_inline_size);
+ }
return ext4_write_end(file, mapping, pos,
len, copied, &folio->page, fsdata);
syzbot
Jul 2, 2023, 11:28:26 PM7/2/23
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
WARNING in ext4_convert_inline_data
cgroup: Unknown subsys name 'net'
cgroup: Unknown subsys name 'rlimit'
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4992 at fs/ext4/inline.c:2035 ext4_convert_inline_data+0x8b/0x620 fs/ext4/inline.c:2033
Modules linked in:
CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
FS: 00005555555e4400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
vfs_fallocate+0x54b/0x6b0 fs/open.c:324
ksys_fallocate fs/open.c:347 [inline]
__do_sys_fallocate fs/open.c:355 [inline]
__se_sys_fallocate fs/open.c:353 [inline]
__x64_sys_fallocate+0xbd/0x100 fs/open.c:353
Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
</TASK>
Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts.
2023/07/02 20:26:49 fuzzer started
2023/07/02 20:26:50 connecting to host at 10.128.0.169:32889
2023/07/02 20:26:50 checking machine...
2023/07/02 20:26:50 checking revisions...
2023/07/02 20:26:50 testing simple program...
syzkaller login: [ 57.223406][ T4992] cgroup: Unknown subsys name 'net'
[ 57.369983][ T4992] cgroup: Unknown subsys name 'rlimit'
[ 57.477551][ T4992] ------------[ cut here ]------------
[ 57.483545][ T4992] WARNING: CPU: 1 PID: 4992 at fs/ext4/inline.c:2035 ext4_convert_inline_data+0x8b/0x620
[ 57.493689][ T4992] Modules linked in:
[ 57.497926][ T4992] CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
[ 57.509089][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.520246][ T4992] RIP: 0010:ext4_convert_inline_data+0x8b/0x620
[ 57.526593][ T4992] Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
[ 57.546761][ T4992] RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
[ 57.552974][ T4992] RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
[ 57.561531][ T4992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
[ 57.569759][ T4992] RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
[ 57.577719][ T4992] R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
[ 57.585976][ T4992] R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
[ 57.594307][ T4992] FS: 00005555555e4400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 57.603456][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.610476][ T4992] CR2: 00007fed4b750bf8 CR3: 0000000073aa8000 CR4: 00000000003506e0
[ 57.618805][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.627658][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.636028][ T4992] Call Trace:
[ 57.639319][ T4992] <TASK>
[ 57.642603][ T4992] ? __warn+0x162/0x4a0
[ 57.646971][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.652855][ T4992] ? report_bug+0x2b3/0x500
[ 57.657384][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.663888][ T4992] ? handle_bug+0x3d/0x70
[ 57.668518][ T4992] ? exc_invalid_op+0x1a/0x50
[ 57.673823][ T4992] ? asm_exc_invalid_op+0x1a/0x20
[ 57.678978][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.684988][ T4992] ? __might_sleep+0xc0/0xc0
[ 57.689829][ T4992] ? __down_write_common+0x161/0x200
[ 57.695394][ T4992] ? ext4_inline_data_truncate+0xcd0/0xcd0
[ 57.701565][ T4992] ext4_fallocate+0x14c/0x1f80
[ 57.706550][ T4992] ? rcu_read_lock_any_held+0xb7/0x160
[ 57.712594][ T4992] ? memalloc_retry_wait+0xb0/0xb0
[ 57.717916][ T4992] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 57.724596][ T4992] vfs_fallocate+0x54b/0x6b0
[ 57.729682][ T4992] __x64_sys_fallocate+0xbd/0x100
[ 57.735388][ T4992] do_syscall_64+0x41/0xc0
[ 57.740341][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.746845][ T4992] RIP: 0033:0x7f8bb668bc56
[ 57.751769][ T4992] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
[ 57.772846][ T4992] RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 57.781759][ T4992] RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
[ 57.789967][ T4992] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
[ 57.798201][ T4992] RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
[ 57.806367][ T4992] R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
[ 57.814658][ T4992] R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
[ 57.823290][ T4992] </TASK>
[ 57.826521][ T4992] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 57.833964][ T4992] CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
[ 57.845196][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.855674][ T4992] Call Trace:
[ 57.859032][ T4992] <TASK>
[ 57.861957][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 57.866901][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.872442][ T4992] ? panic+0x770/0x770
[ 57.876526][ T4992] ? vscnprintf+0x5d/0x80
[ 57.881219][ T4992] panic+0x30f/0x770
[ 57.885117][ T4992] ? __warn+0x171/0x4a0
[ 57.889634][ T4992] ? __memcpy_flushcache+0x2b0/0x2b0
[ 57.895378][ T4992] __warn+0x314/0x4a0
[ 57.899356][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.907193][ T4992] report_bug+0x2b3/0x500
[ 57.911633][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.917370][ T4992] handle_bug+0x3d/0x70
[ 57.921954][ T4992] exc_invalid_op+0x1a/0x50
[ 57.926622][ T4992] asm_exc_invalid_op+0x1a/0x20
[ 57.931498][ T4992] RIP: 0010:ext4_convert_inline_data+0x8b/0x620
[ 57.938207][ T4992] Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
[ 57.958797][ T4992] RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
[ 57.964895][ T4992] RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
[ 57.973155][ T4992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
[ 57.981253][ T4992] RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
[ 57.989557][ T4992] R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
[ 57.997830][ T4992] R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
[ 58.006460][ T4992] ? __might_sleep+0xc0/0xc0
[ 58.011167][ T4992] ? __down_write_common+0x161/0x200
[ 58.016568][ T4992] ? ext4_inline_data_truncate+0xcd0/0xcd0
[ 58.022859][ T4992] ext4_fallocate+0x14c/0x1f80
[ 58.027909][ T4992] ? rcu_read_lock_any_held+0xb7/0x160
[ 58.033497][ T4992] ? memalloc_retry_wait+0xb0/0xb0
[ 58.038714][ T4992] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 58.044816][ T4992] vfs_fallocate+0x54b/0x6b0
[ 58.049602][ T4992] __x64_sys_fallocate+0xbd/0x100
[ 58.054797][ T4992] do_syscall_64+0x41/0xc0
[ 58.059437][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.065529][ T4992] RIP: 0033:0x7f8bb668bc56
[ 58.070035][ T4992] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
[ 58.091129][ T4992] RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 58.100434][ T4992] RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
[ 58.108516][ T4992] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
[ 58.116499][ T4992] RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
[ 58.124578][ T4992] R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
[ 58.132974][ T4992] R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
[ 58.141320][ T4992] </TASK>
[ 58.144407][ T4992] Kernel Offset: disabled
[ 58.149188][ T4992] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4011439599=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 09ffe2697
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"09ffe269727719aad37ea8145eb57fefb0097165\"
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
syzbot tried to test the proposed patch but the build/boot failed:
WARNING in ext4_convert_inline_data
cgroup: Unknown subsys name 'net'
cgroup: Unknown subsys name 'rlimit'
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4992 at fs/ext4/inline.c:2035 ext4_convert_inline_data+0x8b/0x620 fs/ext4/inline.c:2033
Modules linked in:
CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_convert_inline_data+0x8b/0x620 fs/ext4/inline.c:2035
Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
FS: 00005555555e4400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fed4b750bf8 CR3: 0000000073aa8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_fallocate+0x14c/0x1f80 fs/ext4/extents.c:4700
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
vfs_fallocate+0x54b/0x6b0 fs/open.c:324
ksys_fallocate fs/open.c:347 [inline]
__do_sys_fallocate fs/open.c:355 [inline]
__se_sys_fallocate fs/open.c:353 [inline]
__x64_sys_fallocate+0xbd/0x100 fs/open.c:353
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8bb668bc56
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
</TASK>
Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts.
2023/07/02 20:26:49 fuzzer started
2023/07/02 20:26:50 connecting to host at 10.128.0.169:32889
2023/07/02 20:26:50 checking machine...
2023/07/02 20:26:50 checking revisions...
2023/07/02 20:26:50 testing simple program...
syzkaller login: [ 57.223406][ T4992] cgroup: Unknown subsys name 'net'
[ 57.369983][ T4992] cgroup: Unknown subsys name 'rlimit'
[ 57.477551][ T4992] ------------[ cut here ]------------
[ 57.483545][ T4992] WARNING: CPU: 1 PID: 4992 at fs/ext4/inline.c:2035 ext4_convert_inline_data+0x8b/0x620
[ 57.493689][ T4992] Modules linked in:
[ 57.497926][ T4992] CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
[ 57.509089][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.520246][ T4992] RIP: 0010:ext4_convert_inline_data+0x8b/0x620
[ 57.526593][ T4992] Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
[ 57.546761][ T4992] RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
[ 57.552974][ T4992] RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
[ 57.561531][ T4992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
[ 57.569759][ T4992] RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
[ 57.577719][ T4992] R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
[ 57.585976][ T4992] R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
[ 57.594307][ T4992] FS: 00005555555e4400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 57.603456][ T4992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 57.610476][ T4992] CR2: 00007fed4b750bf8 CR3: 0000000073aa8000 CR4: 00000000003506e0
[ 57.618805][ T4992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 57.627658][ T4992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 57.636028][ T4992] Call Trace:
[ 57.639319][ T4992] <TASK>
[ 57.642603][ T4992] ? __warn+0x162/0x4a0
[ 57.646971][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.652855][ T4992] ? report_bug+0x2b3/0x500
[ 57.657384][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.663888][ T4992] ? handle_bug+0x3d/0x70
[ 57.668518][ T4992] ? exc_invalid_op+0x1a/0x50
[ 57.673823][ T4992] ? asm_exc_invalid_op+0x1a/0x20
[ 57.678978][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.684988][ T4992] ? __might_sleep+0xc0/0xc0
[ 57.689829][ T4992] ? __down_write_common+0x161/0x200
[ 57.695394][ T4992] ? ext4_inline_data_truncate+0xcd0/0xcd0
[ 57.701565][ T4992] ext4_fallocate+0x14c/0x1f80
[ 57.706550][ T4992] ? rcu_read_lock_any_held+0xb7/0x160
[ 57.712594][ T4992] ? memalloc_retry_wait+0xb0/0xb0
[ 57.717916][ T4992] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 57.724596][ T4992] vfs_fallocate+0x54b/0x6b0
[ 57.729682][ T4992] __x64_sys_fallocate+0xbd/0x100
[ 57.735388][ T4992] do_syscall_64+0x41/0xc0
[ 57.740341][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.746845][ T4992] RIP: 0033:0x7f8bb668bc56
[ 57.751769][ T4992] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
[ 57.772846][ T4992] RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 57.781759][ T4992] RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
[ 57.789967][ T4992] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
[ 57.798201][ T4992] RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
[ 57.806367][ T4992] R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
[ 57.814658][ T4992] R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
[ 57.823290][ T4992] </TASK>
[ 57.826521][ T4992] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 57.833964][ T4992] CPU: 1 PID: 4992 Comm: syz-executor Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
[ 57.845196][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.855674][ T4992] Call Trace:
[ 57.859032][ T4992] <TASK>
[ 57.861957][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 57.866901][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.872442][ T4992] ? panic+0x770/0x770
[ 57.876526][ T4992] ? vscnprintf+0x5d/0x80
[ 57.881219][ T4992] panic+0x30f/0x770
[ 57.885117][ T4992] ? __warn+0x171/0x4a0
[ 57.889634][ T4992] ? __memcpy_flushcache+0x2b0/0x2b0
[ 57.895378][ T4992] __warn+0x314/0x4a0
[ 57.899356][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.907193][ T4992] report_bug+0x2b3/0x500
[ 57.911633][ T4992] ? ext4_convert_inline_data+0x8b/0x620
[ 57.917370][ T4992] handle_bug+0x3d/0x70
[ 57.921954][ T4992] exc_invalid_op+0x1a/0x50
[ 57.926622][ T4992] asm_exc_invalid_op+0x1a/0x20
[ 57.931498][ T4992] RIP: 0010:ext4_convert_inline_data+0x8b/0x620
[ 57.938207][ T4992] Code: f1 f1 f1 00 00 00 f3 4b 89 04 2c 43 c7 44 2c 08 f3 f3 f3 f3 e8 f6 9c 50 ff 48 8d 7c 24 68 ba 10 00 00 00 31 f6 e8 e5 73 a8 ff <0f> 0b 48 89 5c 24 08 4c 8d bb a0 fd ff ff 4c 89 ff be 08 00 00 00
[ 57.958797][ T4992] RSP: 0018:ffffc90003bdfc80 EFLAGS: 00010246
[ 57.964895][ T4992] RAX: ffffc90003bdfce8 RBX: ffff8880754c8cb0 RCX: 0000000000000000
[ 57.973155][ T4992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003bdfcf8
[ 57.981253][ T4992] RBP: ffffc90003bdfd70 R08: dffffc0000000000 R09: 0000000000000000
[ 57.989557][ T4992] R10: ffffc90003bdfce8 R11: dffffc0000000001 R12: 1ffff9200077bf98
[ 57.997830][ T4992] R13: dffffc0000000000 R14: ffff88802b6cb1a0 R15: 0000000000000010
[ 58.006460][ T4992] ? __might_sleep+0xc0/0xc0
[ 58.011167][ T4992] ? __down_write_common+0x161/0x200
[ 58.016568][ T4992] ? ext4_inline_data_truncate+0xcd0/0xcd0
[ 58.022859][ T4992] ext4_fallocate+0x14c/0x1f80
[ 58.027909][ T4992] ? rcu_read_lock_any_held+0xb7/0x160
[ 58.033497][ T4992] ? memalloc_retry_wait+0xb0/0xb0
[ 58.038714][ T4992] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 58.044816][ T4992] vfs_fallocate+0x54b/0x6b0
[ 58.049602][ T4992] __x64_sys_fallocate+0xbd/0x100
[ 58.054797][ T4992] do_syscall_64+0x41/0xc0
[ 58.059437][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.065529][ T4992] RIP: 0033:0x7f8bb668bc56
[ 58.070035][ T4992] Code: 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 1d 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 90 48 83 ec 28 48 89 54 24 10 89 74 24
[ 58.091129][ T4992] RSP: 002b:00007ffda9497e98 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 58.100434][ T4992] RAX: ffffffffffffffda RBX: 00007ffda9498528 RCX: 00007f8bb668bc56
[ 58.108516][ T4992] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000000000003
[ 58.116499][ T4992] RBP: 0000000000000003 R08: 000000000000ffff R09: 0000000000000000
[ 58.124578][ T4992] R10: 0000000007a12000 R11: 0000000000000246 R12: 0000000000000060
[ 58.132974][ T4992] R13: 0000000000000003 R14: 00007ffda9498f19 R15: 00007f8bb6729560
[ 58.141320][ T4992] </TASK>
[ 58.144407][ T4992] Kernel Offset: disabled
[ 58.149188][ T4992] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4011439599=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 09ffe2697
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=09ffe269727719aad37ea8145eb57fefb0097165 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230619-164256'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"09ffe269727719aad37ea8145eb57fefb0097165\"
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=139d64a4a80000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Theodore Ts'o
Jul 3, 2023, 5:27:55 AM7/3/23
to syzbot, [email protected]
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index a4b7e4bc32d4..ab2f3ef997a7 100644
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
syzbot
Jul 3, 2023, 6:14:39 AM7/3/23
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in ext4_write_inline_data
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 5557 Comm: syz-executor.3 Not tainted 6.4.0-rc5-syzkaller-00059-g2ef6c32a914b-dirty #0
kernel BUG at fs/ext4/inline.c:239!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 42 f9 a8 ff e9 0a ff ff ff e8 78 24 51 ff 0f 0b e8 71 24 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
RSP: 0018:ffffc90006eb71a0 EFLAGS: 00010293
RAX: ffffffff823a5abf RBX: 000000000000003c RCX: ffff888025340000
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000023000
RBP: dffffc0000000000 R08: ffffffff823a586c R09: fffffbfff2065260
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880b994b000
R13: 0000000000023000 R14: ffffc90006eb72a0 R15: 1ffff1100e93188d
FS: 00007f02f0b20700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f61c6cc7d28 CR3: 000000007e8f7000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_write_inline_data_end+0x378/0xcd0 fs/ext4/inline.c:784
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
generic_perform_write+0x3ed/0x5e0 mm/filemap.c:3934
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
ext4_buffered_write_iter+0x122/0x3a0 fs/ext4/file.c:289
ext4_file_write_iter+0x1de/0x1b40
do_iter_write+0x7b1/0xcb0 fs/read_write.c:860
iter_file_splice_write+0x843/0xfe0 fs/splice.c:795
do_splice_from fs/splice.c:873 [inline]
direct_splice_actor+0xe7/0x1c0 fs/splice.c:1039
splice_direct_to_actor+0x4c4/0xbd0 fs/splice.c:994
do_splice_direct+0x283/0x3d0 fs/splice.c:1082
do_sendfile+0x620/0xff0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f02efe8c389
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f02f0b20168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f02effac050 RCX: 00007f02efe8c389
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f02efed7493 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffff385e7f R14: 00007f02f0b20300 R15: 0000000000022000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
Code: ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c 17 ff ff ff 48 89 df e8 42 f9 a8 ff e9 0a ff ff ff e8 78 24 51 ff 0f 0b e8 71 24 51 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 55
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x45f/0x470 fs/ext4/inline.c:239
RSP: 0018:ffffc90006eb71a0 EFLAGS: 00010293
RAX: ffffffff823a5abf RBX: 000000000000003c RCX: ffff888025340000
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000023000
RBP: dffffc0000000000 R08: ffffffff823a586c R09: fffffbfff2065260
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880b994b000
R13: 0000000000023000 R14: ffffc90006eb72a0 R15: 1ffff1100e93188d
FS: 00007f02f0b20700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a98a703950 CR3: 000000007e8f7000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
console output: https://syzkaller.appspot.com/x/log.txt?x=140e6df0a80000
commit: 2ef6c32a ext4: avoid updating the superblock on a r/o ..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
kernel config: https://syzkaller.appspot.com/x/.config?x=dc8c46601644fc33
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=127a938f280000
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syzbot
Jan 25, 2024, 6:17:04 AM1/25/24
syzbot suspects this issue was fixed by commit:
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <[email protected]>
Date: Wed Nov 1 17:43:10 2023 +0000
fs: Block writes to mounted block devices
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1682e45fe80000
start commit: 90b0c2b2edd1 Merge tag 'pinctrl-v6.7-1' of git://git.kerne..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=93ac5233c138249e
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17277d7f680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123c58df680000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs: Block writes to mounted block devices
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <[email protected]>
Date: Wed Nov 1 17:43:10 2023 +0000
fs: Block writes to mounted block devices
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1682e45fe80000
start commit: 90b0c2b2edd1 Merge tag 'pinctrl-v6.7-1' of git://git.kerne..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=93ac5233c138249e
dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17277d7f680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123c58df680000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs: Block writes to mounted block devices
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Jan Kara
Jan 26, 2024, 2:06:10 PM1/26/24
On Wed 24-01-24 19:17:03, syzbot wrote:
> syzbot suspects this issue was fixed by commit:
>
> commit 6f861765464f43a71462d52026fbddfc858239a5
> Author: Jan Kara <[email protected]>
> Date: Wed Nov 1 17:43:10 2023 +0000
>
> fs: Block writes to mounted block devices
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1682e45fe80000
> start commit: 90b0c2b2edd1 Merge tag 'pinctrl-v6.7-1' of git://git.kerne..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=93ac5233c138249e
> dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17277d7f680000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123c58df680000
>
> If the result looks correct, please mark the issue as fixed by replying with:
Makes sense:
> syzbot suspects this issue was fixed by commit:
>
> commit 6f861765464f43a71462d52026fbddfc858239a5
> Author: Jan Kara <[email protected]>
> Date: Wed Nov 1 17:43:10 2023 +0000
>
> fs: Block writes to mounted block devices
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1682e45fe80000
> start commit: 90b0c2b2edd1 Merge tag 'pinctrl-v6.7-1' of git://git.kerne..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=93ac5233c138249e
> dashboard link: https://syzkaller.appspot.com/bug?extid=198e7455f3a4f38b838a
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17277d7f680000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123c58df680000
>
> If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs: Block writes to mounted block devices
--
Jan Kara <[email protected]>
SUSE Labs, CR
Reply all
Reply to author
Forward
0 new messages