Hello,
syzbot hit the following crash on upstream commit
0adb32858b0bddf4ada5f364a84ed60b196dbcda (Sun Apr 1 21:20:27 2018 +0000)
Linux 4.16
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=f3b1a2c79758f3eec76c
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6181981368877056
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=6303722082664448
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5129995567497216
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-2374466361298166459
compiler: gcc (GCC) 7.1.1 20170620
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f3b1a2c79758f3eec76c@xxxxxxxxxxxxxxxxxxxxxxxxx
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
EXT4-fs (loop0): mounted filesystem without journal. Opts:
EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is
recommended
EXT4-fs warning (device loop0): ext4_update_dynamic_rev:774: updating to
rev 1 because of new feature flag, running e2fsck is recommended
EXT4-fs (loop0): mounted filesystem without journal. Opts:
WARNING: CPU: 0 PID: 5126 at fs/ext4/ext4.h:2690 ext4_has_metadata_csum
fs/ext4/ext4.h:2689 [inline]
WARNING: CPU: 0 PID: 5126 at fs/ext4/ext4.h:2690
ext4_superblock_csum_set+0x2b8/0x350 fs/ext4/super.c:179
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5126 Comm: syzkaller957684 Not tainted 4.16.0+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
panic+0x1e4/0x41c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
report_bug+0x1f4/0x2b0 lib/bug.c:186
fixup_bug.part.10+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:986
RIP: 0010:ext4_has_metadata_csum fs/ext4/ext4.h:2689 [inline]
RIP: 0010:ext4_superblock_csum_set+0x2b8/0x350 fs/ext4/super.c:179
RSP: 0000:ffff8801b3e97868 EFLAGS: 00010293
RAX: ffff8801bf85e1c0 RBX: 1ffff100367d2f0d RCX: ffffffff81fd4308
RDX: 0000000000000000 RSI: ffff8801bea41400 RDI: ffff8801bea41464
RBP: ffff8801b3e978f0 R08: 1ffff100367d2ede R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c28a46c0
R13: ffff8801b3e978c8 R14: ffff8801bea41400 R15: ffff8801c28a4c40
ext4_commit_super+0x609/0xb60 fs/ext4/super.c:4720
ext4_put_super+0x25b/0xf50 fs/ext4/super.c:898
generic_shutdown_super+0x1b5/0x540 fs/super.c:439
kill_block_super+0x9b/0xf0 fs/super.c:1146
deactivate_locked_super+0x88/0xd0 fs/super.c:312
deactivate_super+0x141/0x1b0 fs/super.c:343
cleanup_mnt+0xb2/0x150 fs/namespace.c:1173
__cleanup_mnt+0x16/0x20 fs/namespace.c:1180
task_work_run+0x199/0x270 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x275/0x2f0 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
do_syscall_64+0x6ec/0x940 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x449d2a
RSP: 002b:00007f07d6e22cf8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffec RBX: 0000000020000100 RCX: 0000000000449d2a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f07d6e22d10
RBP: 0000000000000012 R08: 0000000020012f00 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000006
R13: 0000000000000007 R14: 0000000000000000 R15: 0000000000000012
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@xxxxxxxxxxxxxxxx.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.