Hello,
syzbot found the following issue on:
HEAD commit: 715abedee4cd Add linux-next specific files for 20230515
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11d745dd280000
kernel config: https://syzkaller.appspot.com/x/.config?x=6a2745d066dda0ec
dashboard link: https://syzkaller.appspot.com/bug?extid=307da6ca5cb0d01d581a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d4d1d06b34b8/disk-715abede.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3ef33a86fdc8/vmlinux-715abede.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e0006b413ed1/bzImage-715abede.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9503 at fs/ext4/inode.c:3326 ext4_iomap_begin+0x1ae/0x7a0 fs/ext4/inode.c:3326
Modules linked in:
CPU: 1 PID: 9503 Comm: syz-executor.1 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:ext4_iomap_begin+0x1ae/0x7a0 fs/ext4/inode.c:3326
Code: 83 c0 01 38 d0 7c 08 84 d2 0f 85 ee 05 00 00 41 0f b7 9f ba 05 00 00 31 ff 89 de e8 4c a5 57 ff 66 85 db 74 5c e8 42 a9 57 ff <0f> 0b 41 bd de ff ff ff e8 35 a9 57 ff 48 b8 00 00 00 00 00 fc ff
RSP: 0018:ffffc90006a1f560 EFLAGS: 00010216
RAX: 000000000002ebb2 RBX: 00000000000000a4 RCX: ffffc90004103000
RDX: 0000000000040000 RSI: ffffffff822c7a6e RDI: 0000000000000003
RBP: 0000000000000080 R08: 0000000000000003 R09: 0000000000000000
R10: 00000000000000a4 R11: 0000000000094001 R12: 000000000000000b
R13: ffff88803f00bf7a R14: ffffc90006a1f838 R15: ffff88803f00beb0
FS: 00007f3cc037b700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 000000008f1f7000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iomap_iter+0x446/0x10e0 fs/iomap/iter.c:91
__iomap_dio_rw+0x7a5/0x1f90 fs/iomap/direct-io.c:597
iomap_dio_rw+0x40/0xa0 fs/iomap/direct-io.c:688
ext4_dio_read_iter fs/ext4/file.c:94 [inline]
ext4_file_read_iter+0x4be/0x690 fs/ext4/file.c:145
call_read_iter include/linux/fs.h:1862 [inline]
generic_file_splice_read+0x182/0x4b0 fs/splice.c:419
do_splice_to+0x1b9/0x240 fs/splice.c:902
splice_direct_to_actor+0x2ab/0x8a0 fs/splice.c:973
do_splice_direct+0x1ab/0x280 fs/splice.c:1082
do_sendfile+0xb19/0x12c0 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64 fs/read_write.c:1308 [inline]
__x64_sys_sendfile64+0x1d0/0x210 fs/read_write.c:1308
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3cbf68c199
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3cc037b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f3cbf7abf80 RCX: 00007f3cbf68c199
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00007f3cbf6e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0001000000201005 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffebb26bb1f R14: 00007f3cc037b300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot has bisected this issue to:
commit 310ee0902b8d9d0a13a5a13e94688a5863fa29c2
Author: Brian Foster <[email protected]>
Date: Tue Mar 14 13:07:59 2023 +0000
ext4: allow concurrent unaligned dio overwrites
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10a8442a680000
start commit: 9ed22ae6be81 Merge tag 'spi-fix-v6.6-rc3' of git://git.ker..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=12a8442a680000
console output: https://syzkaller.appspot.com/x/log.txt?x=14a8442a680000
kernel config: https://syzkaller.appspot.com/x/.config?x=12da82ece7bf46f9
dashboard link: https://syzkaller.appspot.com/bug?extid=307da6ca5cb0d01d581a
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15eb672e680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16219bc6680000
Reported-by: [email protected]
Fixes: 310ee0902b8d ("ext4: allow concurrent unaligned dio overwrites")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 6830ea3a6c59..cad659c2e9cc 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -537,6 +537,9 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
bool ilock_shared = true;
int dio_flags = 0;
+ if (ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA))
+ ilock_shared = false;
+
/*
* Quick check here without any i_rwsem lock to see if it is extending
* IO. A more reliable check is done in ext4_dio_write_checks() with
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: [email protected]
Tested on:
commit: 71e58659 Merge tag 'gpio-fixes-for-v6.6-rc4' of git://..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=176a0d01680000
kernel config: https://syzkaller.appspot.com/x/.config?x=12da82ece7bf46f9
dashboard link: https://syzkaller.appspot.com/bug?extid=307da6ca5cb0d01d581a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16d320b2680000
Note: testing is done by a robot and is best-effort only.
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: [email protected]
Tested on:
commit: 1c84724c Merge tag 'slab-fixes-for-6.6-rc4' of git://g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a06bae680000
kernel config: https://syzkaller.appspot.com/x/.config?x=12da82ece7bf46f9
dashboard link: https://syzkaller.appspot.com/bug?extid=307da6ca5cb0d01d581a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=160c17c6680000
Note: testing is done by a robot and is best-effort only.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 6830ea3a6c59..19ff9be02ea7 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -569,6 +569,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
return ext4_buffered_write_iter(iocb, from);
}
+ ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
ret = ext4_dio_write_checks(iocb, from, &ilock_shared, &extend,
&unwritten, &dio_flags);
if (ret <= 0)
@@ -579,7 +580,7 @@ static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
* to allocate blocks for DIO. We know the inode does not have any
* inline data now because ext4_dio_supported() checked for that.
*/
- ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
+ //ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
offset = iocb->ki_pos;
count = ret;