Re: kernel BUG at fs/ext4/fsync.c:LINE!
From: ChunYu Wang
Date: Thu Sep 14 2017 - 11:04:46 EST
Hi GeneBlue,
Thanks for this reporting, do you have any logs related to the bug and
could find the syscalls enabled for fuzzing during triggering this
bug? I do not think it is not reproducible, but first, it needs some
inspections manually.
- ChunYu
On Thu, Sep 14, 2017 at 7:54 PM, GeneBlue <geneblue.mail@xxxxxxxxx> wrote:
> Hi:
> I've got this crash when fuzzing linux kernel 4.13.0-rc7 on commit
> 42ff72cf27027fa28dd79acabe01d9196f1480a7. Unfortunately this crash is not
> reproducible. And this crash was found by syzkaller.
>
>
> ------------[ cut here ]------------
> kernel BUG at fs/ext4/fsync.c:106!
> invalid opcode: 0000 [#1] SMP KASAN
> Dumping ftrace buffer:
> (ftrace buffer empty)
> Modules linked in:
> CPU: 0 PID: 25424 Comm: syz-executor5 Not tainted 4.13.0-rc7+ #2
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
> task: ffff880038690000 task.stack: ffff880024648000
> RIP: 0010:ext4_sync_file+0x7b6/0xfb0 fs/ext4/fsync.c:106
> RSP: 0018:ffff88003ec07ae0 EFLAGS: 00010206
> RAX: ffff880038690000 RBX: ffff8800239adaa0 RCX: dffffc0000000000
> RDX: 0000000000000100 RSI: 1ffff100070d21ff RDI: ffff880038690ff8
> RBP: ffff88003ec07b30 R08: dffffc0000000000 R09: 1ffff1000cbf5730
> R10: dffffc0000000000 R11: 1ffff1000cbf58f7 R12: ffff880065fab300
> R13: ffff88003dc36a80 R14: ffff880065fac400 R15: ffff880038690000
> FS: 0000000002188940(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007ffd1350fbb0 CR3: 000000002718d000 CR4: 00000000000006f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
> Call Trace:
> <IRQ>
> vfs_fsync_range+0x10c/0x250 fs/sync.c:195
> generic_write_sync include/linux/fs.h:2625 [inline]
> dio_complete+0x564/0x710 fs/direct-io.c:282
> dio_bio_end_aio+0x120/0x360 fs/direct-io.c:323
> bio_endio+0x1df/0x5d0 block/bio.c:1839
> req_bio_endio block/blk-core.c:204 [inline]
> blk_update_request+0x210/0xd30 block/blk-core.c:2729
> scsi_end_request+0xa7/0x5b0 drivers/scsi/scsi_lib.c:634
> scsi_io_completion+0x73d/0x1430 drivers/scsi/scsi_lib.c:834
> scsi_finish_command+0x3e9/0x560 drivers/scsi/scsi.c:248
> scsi_softirq_done+0x2db/0x360 drivers/scsi/scsi_lib.c:1602
> blk_done_softirq+0x247/0x380 block/blk-softirq.c:36
> __do_softirq+0x23f/0x924 kernel/softirq.c:284
> invoke_softirq kernel/softirq.c:364 [inline]
> irq_exit+0x1a7/0x1e0 kernel/softirq.c:405
> exiting_irq arch/x86/include/asm/apic.h:638 [inline]
> do_IRQ+0x81/0x1a0 arch/x86/kernel/irq.c:256
> common_interrupt+0x93/0x93 arch/x86/entry/entry_64.S:482
> RIP: 0010:__ext4_handle_dirty_metadata+0x5d/0x5c0 fs/ext4/ext4_jbd2.c:275
> RSP: 0018:ffff88002464f9d0 EFLAGS: 00000297 ORIG_RAX: ffffffffffffffc1
> RAX: ffff880038690000 RBX: ffff88003e4199d8 RCX: 0000000000000000
> RDX: 0000000000000000 RSI: ffff88003e4199d8 RDI: ffff88003869004c
> RBP: ffff88002464fa18 R08: 0000000000000007 R09: dffffc0000000000
> R10: 1ffff100070d211c R11: 0000000000000000 R12: ffff8800381f95c0
> R13: 0000000000000000 R14: 00000000000000a0 R15: 000000000000141f
> </IRQ>
> ext4_do_update_inode fs/ext4/inode.c:5151 [inline]
> ext4_mark_iloc_dirty+0x17e1/0x2980 fs/ext4/inode.c:5673
> ext4_orphan_del+0x711/0x930 fs/ext4/namei.c:2901
> ext4_evict_inode+0xe6b/0x1690 fs/ext4/inode.c:308
> evict+0x248/0x620 fs/inode.c:553
> iput_final fs/inode.c:1514 [inline]
> iput+0x538/0x840 fs/inode.c:1541
> do_unlinkat+0x28b/0x640 fs/namei.c:4049
> SYSC_unlink fs/namei.c:4090 [inline]
> SyS_unlink+0x1a/0x20 fs/namei.c:4088
> entry_SYSCALL_64_fastpath+0x1f/0xbe
> RIP: 0033:0x447077
> RSP: 002b:00007ffd135102e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
> RAX: ffffffffffffffda RBX: 0000000000000066 RCX: 0000000000447077
> RDX: 00007ffd13510300 RSI: 00007ffd13510390 RDI: 00007ffd13510390
> RBP: 0000000000000046 R08: 0000000000000000 R09: 000000000218acdb
> R10: 0000000000000005 R11: 0000000000000206 R12: 00000000004a8919
> R13: 00007ffd13510218 R14: 0000000000000001 R15: 00007ffd13510218
> Code: 8b 4d c0 41 f6 01 20 0f 85 1c 03 00 00 e8 f3 ae bb ff 48 8b 7d c0 44
> 89 e6 e8 37 76 13 00 41 89 c4 e9 dc fa ff ff e8 da ae bb ff <0f> 0b e8 d3 ae
> bb ff 8b 4d d4 48 8b 55 b0 4c 89 ef 48 8b 75 b8
> RIP: ext4_sync_file+0x7b6/0xfb0 fs/ext4/fsync.c:106 RSP: ffff88003ec07ae0
> ---[ end trace 3049124842185959 ]---
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller+unsubscribe@xxxxxxxxxxxxxxxxx
> For more options, visit https://groups.google.com/d/optout.