Hello,
syzbot found the following crash on:
HEAD commit: 1a147b74 Merge branch 'DSA-mtu'
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14237713e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=46ee14d4915944bc
dashboard link: https://syzkaller.appspot.com/bug?extid=67e4f16db666b1c8253c
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12237713e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ec7c97e00000
The bug was bisected to:
commit 658b0f92bc7003bc734471f61bf7cd56339eb8c3
Author: Murilo Opsfelder Araujo <[email protected]>
Date: Wed Aug 1 21:33:15 2018 +0000
powerpc/traps: Print unhandled signals in a separate function
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15979f5be00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=17979f5be00000
console output: https://syzkaller.appspot.com/x/log.txt?x=13979f5be00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: [email protected]
Fixes: 658b0f92bc70 ("powerpc/traps: Print unhandled signals in a separate function")
EXT4-fs warning (device sda1): ext4_da_update_reserve_space:344: ext4_da_update_reserve_space: ino 15722, used 1 with only 0 reserved data blocks
------------[ cut here ]------------
WARNING: CPU: 1 PID: 359 at fs/ext4/inode.c:348 ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:344
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 359 Comm: kworker/u4:5 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x35 kernel/panic.c:582
report_bug+0x27b/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
fixup_bug arch/x86/kernel/traps.c:169 [inline]
do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:348
Code: 02 00 0f 85 94 01 00 00 48 8b 7d 28 49 c7 c0 20 72 3c 88 41 56 48 c7 c1 80 60 3c 88 53 ba 58 01 00 00 4c 89 c6 e8 1e 6d 0d 00 <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04
RSP: 0018:ffffc90002197288 EFLAGS: 00010296
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff820bf066 RDI: fffff52000432e21
RBP: ffff888086b744c8 R08: 0000000000000091 R09: ffffed1015ce6659
R10: ffffed1015ce6658 R11: ffff8880ae7332c7 R12: 0000000000000001
R13: ffff888086b74990 R14: 0000000000000000 R15: ffff888086b74a40
ext4_ext_map_blocks+0x24aa/0x37d0 fs/ext4/extents.c:4500
ext4_map_blocks+0x4cb/0x1650 fs/ext4/inode.c:622
mpage_map_one_extent fs/ext4/inode.c:2365 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2418 [inline]
ext4_writepages+0x19eb/0x3080 fs/ext4/inode.c:2772
do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
__writeback_single_inode+0x12a/0x1410 fs/fs-writeback.c:1452
writeback_sb_inodes+0x515/0xdd0 fs/fs-writeback.c:1716
wb_writeback+0x2a5/0xd90 fs/fs-writeback.c:1892
wb_do_writeback fs/fs-writeback.c:2037 [inline]
wb_workfn+0x339/0x11c0 fs/fs-writeback.c:2078
process_one_work+0x94b/0x1690 kernel/workqueue.c:2266
worker_thread+0x96/0xe20 kernel/workqueue.c:2412
kthread+0x357/0x430 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
On Thu, Apr 2, 2020 at 4:06 PM Murilo Opsfelder Araújo
<[email protected]> wrote:
>
> On Thursday, April 2, 2020 8:02:11 AM -03 syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit: 1a147b74 Merge branch 'DSA-mtu'
> > git tree: net-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14237713e00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=46ee14d4915944bc
> > dashboard link: https://syzkaller.appspot.com/bug?extid=67e4f16db666b1c8253c
> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12237713e00000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ec7c97e00000
> >
> > The bug was bisected to:
> >
> > commit 658b0f92bc7003bc734471f61bf7cd56339eb8c3
> > Author: Murilo Opsfelder Araujo <[email protected]>
> > Date: Wed Aug 1 21:33:15 2018 +0000
> >
> > powerpc/traps: Print unhandled signals in a separate function
>
> This commit is specific to powerpc and the crash is from an x86_64 system.
>
> There is a bunch of scp errors in the logs:
>
> scp: ./syz-executor998635077: No space left on device
>
> Is it possible that these errors might be misleading the syzbot?
You may see how it reacted on them based on
# git bisect bad/good
lines. As far as I see these errors did not confuse it.
But this guy did:
run #0: crashed: general protection fault in batadv_iv_ogm_queue_add
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15979f5be00000
> > final crash: https://syzkaller.appspot.com/x/report.txt?x=17979f5be00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=13979f5be00000
> >
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: [email protected]
> > Fixes: 658b0f92bc70 ("powerpc/traps: Print unhandled signals in a separate
> > function")
> >
> > EXT4-fs warning (device sda1): ext4_da_update_reserve_space:344:
> > ext4_da_update_reserve_space: ino 15722, used 1 with only 0 reserved data
> > blocks ------------[ cut here ]------------
> > WARNING: CPU: 1 PID: 359 at fs/ext4/inode.c:348
> > ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:344 Kernel panic -
> > not syncing: panic_on_warn set ...
> > CPU: 1 PID: 359 Comm: kworker/u4:5 Not tainted 5.6.0-rc7-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011 Workqueue: writeback wb_workfn (flush-8:0)
> > Call Trace:
> > __dump_stack lib/dump_stack.c:77 [inline]
> > dump_stack+0x188/0x20d lib/dump_stack.c:118
> > panic+0x2e3/0x75c kernel/panic.c:221
> > __warn.cold+0x2f/0x35 kernel/panic.c:582
> > report_bug+0x27b/0x2f0 lib/bug.c:195
> > fixup_bug arch/x86/kernel/traps.c:174 [inline]
> > fixup_bug arch/x86/kernel/traps.c:169 [inline]
> > do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
> > do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
> > invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
> > RIP: 0010:ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:348
> > Code: 02 00 0f 85 94 01 00 00 48 8b 7d 28 49 c7 c0 20 72 3c 88 41 56 48 c7
> > c1 80 60 3c 88 53 ba 58 01 00 00 4c 89 c6 e8 1e 6d 0d 00 <0f> 0b 48 b8 00
> > 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 RSP:
> > 0018:ffffc90002197288 EFLAGS: 00010296
> > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
> > RDX: 0000000000000000 RSI: ffffffff820bf066 RDI: fffff52000432e21
> > RBP: ffff888086b744c8 R08: 0000000000000091 R09: ffffed1015ce6659
> > R10: ffffed1015ce6658 R11: ffff8880ae7332c7 R12: 0000000000000001
> > R13: ffff888086b74990 R14: 0000000000000000 R15: ffff888086b74a40
> > ext4_ext_map_blocks+0x24aa/0x37d0 fs/ext4/extents.c:4500
> > ext4_map_blocks+0x4cb/0x1650 fs/ext4/inode.c:622
> > mpage_map_one_extent fs/ext4/inode.c:2365 [inline]
> > mpage_map_and_submit_extent fs/ext4/inode.c:2418 [inline]
> > ext4_writepages+0x19eb/0x3080 fs/ext4/inode.c:2772
> > do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
> > __writeback_single_inode+0x12a/0x1410 fs/fs-writeback.c:1452
> > writeback_sb_inodes+0x515/0xdd0 fs/fs-writeback.c:1716
> > wb_writeback+0x2a5/0xd90 fs/fs-writeback.c:1892
> > wb_do_writeback fs/fs-writeback.c:2037 [inline]
> > wb_workfn+0x339/0x11c0 fs/fs-writeback.c:2078
> > process_one_work+0x94b/0x1690 kernel/workqueue.c:2266
> > worker_thread+0x96/0xe20 kernel/workqueue.c:2412
> > kthread+0x357/0x430 kernel/kthread.c:255
> > ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
> >
> >
> > ---
> > This bug is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at [email protected].
> >
> > syzbot will keep track of this bug report. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> > syzbot can test patches for this bug, for details see:
> > https://goo.gl/tpsmEJ#testing-patches
>
> --
> Murilo
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/2094673.WoIe4zePQG%40kermit.br.ibm.com.
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
I'm curious why this is only showing up as failing on next-next.
Let's see if it fails on the ext4.git tree.
From the bisect logs syzbot is able to repro on all of v5.x and
v4.20.0. However, I'm not able to repro it using kvm with either
v5.6-rc4 or the tip of the ext4 git tree. So let's see what syzbot
can do with the tip of the dev tree.
- Ted