199277 – BUG() in ext4_mb_find_by_goal() when mounting and operating a crafted ext4 image

Bug 199277 - BUG() in ext4_mb_find_by_goal() when mounting and operating a crafted ext4 image

Summary: BUG() in ext4_mb_find_by_goal() when mounting and operating a crafted ext4 image

Status:	RESOLVED UNREPRODUCIBLE

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	ext4 (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	fs_ext4@kernel-bugs.osdl.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-03 17:04 UTC by Wen Xu
Modified:	2018-04-10 06:10 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	4.x
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
The crafted image which causes kernel panic (2.00 MB, application/octet-stream) 2018-04-03 17:04 UTC, Wen Xu	Details
poc.c (3.18 KB, text/plain) 2018-04-03 17:05 UTC, Wen Xu	Details
Add an attachment (proposed patch, testcase, etc.)

Description Wen Xu 2018-04-03 17:04:50 UTC

Created attachment 275093 [details]
The crafted image which causes kernel panic

- Overview
BUG() triggered in ext4_mb_find_by_goal() when mounting and operating a crafted ext4 image.

- Reproduce (tested on 4.4/4.15)
# mkdir mnt
# mount -t ext4 81.img mnt
# gcc -o poc poc.c
# ./poc ./mnt

- Reason
BUG() at fs/ext4/mballoc.c:1873
I suspect the root cause is that kernel misses sanitary check when assigning ex.fe_len

- Crash dump (on 4.15)
[21577.263910] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[21577.265324] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended
[21577.268052] EXT4-fs (loop0): mounted filesystem without journal. Opts: (null)
[21589.109835] ------------[ cut here ]------------
[21589.113323] WARNING: CPU: 2 PID: 10938 at fs/ext4/ext4.h:2735 ext4_block_bitmap_csum_set+0xa1/0xb0
[21589.113512] Modules linked in: ppdev coretemp intel_rapl_perf vmw_balloon joydev input_leds serio_raw i2c_piix4 shpchp nfit parport_pc parport vmw_vsock_vmci_transport vsock mac_hid vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear psmouse crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc e1000 aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci mptspi scsi_transport_spi libahci mptscsih mptbase pata_acpi [last unloaded: zerofs]
[21589.115778] CPU: 2 PID: 10938 Comm: poc Tainted: G           OE   4.13.0 #4
[21589.115779] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[21589.115780] task: ffff92f9f5a7dd00 task.stack: ffffac72c3484000
[21589.115784] RIP: 0010:ext4_block_bitmap_csum_set+0xa1/0xb0
[21589.115785] RSP: 0018:ffffac72c34878b0 EFLAGS: 00010246
[21589.115786] RAX: 0000000000000000 RBX: ffff92faf2eed800 RCX: ffff92fa61bfbea0
[21589.115787] RDX: ffff92fa6415c800 RSI: 0000000000000000 RDI: ffff92faf2ee8800
[21589.115788] RBP: ffffac72c34878e0 R08: ffff92faf2eed800 R09: 0000000000000000
[21589.115820] R10: ffff92fa6415c400 R11: ffffac72c34877b8 R12: ffff92fa6415c800
[21589.115821] R13: 0000000000000000 R14: 0000000000000000 R15: ffff92fa61bfbea0
[21589.115823] FS:  00007f4929572500(0000) GS:ffff92faf9680000(0000) knlGS:0000000000000000
[21589.115824] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[21589.115824] CR2: 000055bcffbc93a8 CR3: 00000000a42bb000 CR4: 00000000001406e0
[21589.115865] Call Trace:
[21589.115934]  ? ext4_num_base_meta_clusters+0x6e/0x90
[21589.115969]  ext4_read_block_bitmap_nowait+0x4a8/0x610
[21589.115971]  ext4_read_block_bitmap+0x19/0x50
[21589.116010]  ext4_free_blocks+0x1f4/0xb70
[21589.116014]  ? __ext4_ext_check+0x26d/0x370
[21589.116016]  ext4_ext_remove_space+0xb3c/0x1210
[21589.116018]  ext4_ext_truncate+0x94/0xa0
[21589.116019]  ext4_truncate+0x385/0x430
[21589.116021]  ext4_setattr+0x3b8/0xa50
[21589.116121]  notify_change+0x308/0x460
[21589.116159]  ? ext4_xattr_security_set+0x30/0x30
[21589.116229]  do_truncate+0x73/0xc0
[21589.116233]  path_openat+0xfb4/0x1660
[21589.116387]  ? generic_file_read_iter+0x91a/0xa10
[21589.116390]  do_filp_open+0x8c/0x100
[21589.116392]  ? dput.part.23+0x18c/0x1e0
[21589.116393]  do_sys_open+0x1ba/0x260
[21589.116395]  SyS_openat+0x14/0x20
[21589.116885]  entry_SYSCALL_64_fastpath+0x1e/0xa9
[21589.116899] RIP: 0033:0x7f4929078d7e
[21589.116900] RSP: 002b:00007ffeb93cf2d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[21589.116902] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4929078d7e
[21589.116902] RDX: 0000000000000202 RSI: 000055bcffbc12d0 RDI: ffffffffffffff9c
[21589.116903] RBP: 00007ffeb93cf4b0 R08: 0000000000000003 R09: 0000000000000000
[21589.116903] R10: 0000000000000000 R11: 0000000000000246 R12: 000055bcfe496d30
[21589.116904] R13: 00007ffeb93cf5b0 R14: 0000000000000000 R15: 0000000000000000
[21589.116905] Code: 89 44 24 18 48 83 3b 39 76 09 c1 e8 10 66 41 89 44 24 38 48 8b 45 e8 65 48 33 04 25 28 00 00 00 75 11 48 83 c4 20 5b 41 5c 5d c3 <0f> ff eb e4 0f 0b 0f 0b e8 b2 cb da ff 90 90 0f 1f 44 00 00 55
[21589.116925] ---[ end trace 773bb6da1a2c9d87 ]---
[21589.117011] ------------[ cut here ]------------
[21589.117015] WARNING: CPU: 2 PID: 10938 at fs/ext4/ext4.h:2735 ext4_group_desc_csum+0x16e/0x210
[21589.117015] Modules linked in: ppdev coretemp intel_rapl_perf vmw_balloon joydev input_leds serio_raw i2c_piix4 shpchp nfit parport_pc parport vmw_vsock_vmci_transport vsock mac_hid vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear psmouse crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc e1000 aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci mptspi scsi_transport_spi libahci mptscsih mptbase pata_acpi [last unloaded: zerofs]
[21589.117039] CPU: 2 PID: 10938 Comm: poc Tainted: G        W  OE   4.13.0 #4
[21589.117040] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[21589.117041] task: ffff92f9f5a7dd00 task.stack: ffffac72c3484000
[21589.117042] RIP: 0010:ext4_group_desc_csum+0x16e/0x210
[21589.117043] RSP: 0018:ffffac72c3487888 EFLAGS: 00010246
[21589.117044] RAX: ffff92faf2eed800 RBX: ffff92faf2eed800 RCX: ffff92faf2eed800
[21589.117045] RDX: ffff92fa6415c400 RSI: 0000000000000000 RDI: ffff92faf2ee8800
[21589.117045] RBP: ffffac72c34878c8 R08: ffff92faf2eed800 R09: 0000000000000000
[21589.117046] R10: ffff92fa6415c400 R11: ffffac72c34877b8 R12: ffff92fa6415c800
[21589.117046] R13: ffff92faf2ee8800 R14: 0000000000000000 R15: ffff92fa61bfbea0
[21589.117047] FS:  00007f4929572500(0000) GS:ffff92faf9680000(0000) knlGS:0000000000000000
[21589.117048] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[21589.117049] CR2: 000055bcffbc93a8 CR3: 00000000a42bb000 CR4: 00000000001406e0
[21589.117081] Call Trace:
[21589.117084]  ext4_group_desc_csum_set+0x33/0x40
[21589.117086]  ext4_read_block_bitmap_nowait+0x4b6/0x610
[21589.117171]  ext4_read_block_bitmap+0x19/0x50
[21589.117175]  ext4_free_blocks+0x1f4/0xb70
[21589.117177]  ? __ext4_ext_check+0x26d/0x370
[21589.117190]  ext4_ext_remove_space+0xb3c/0x1210
[21589.117193]  ext4_ext_truncate+0x94/0xa0
[21589.117194]  ext4_truncate+0x385/0x430
[21589.117196]  ext4_setattr+0x3b8/0xa50
[21589.117198]  notify_change+0x308/0x460
[21589.117200]  ? ext4_xattr_security_set+0x30/0x30
[21589.117202]  do_truncate+0x73/0xc0
[21589.117203]  path_openat+0xfb4/0x1660
[21589.117205]  ? generic_file_read_iter+0x91a/0xa10
[21589.117207]  do_filp_open+0x8c/0x100
[21589.117209]  ? dput.part.23+0x18c/0x1e0
[21589.117212]  do_sys_open+0x1ba/0x260
[21589.117216]  SyS_openat+0x14/0x20
[21589.117218]  entry_SYSCALL_64_fastpath+0x1e/0xa9
[21589.117219] RIP: 0033:0x7f4929078d7e
[21589.117219] RSP: 002b:00007ffeb93cf2d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[21589.117220] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4929078d7e
[21589.117221] RDX: 0000000000000202 RSI: 000055bcffbc12d0 RDI: ffffffffffffff9c
[21589.117221] RBP: 00007ffeb93cf4b0 R08: 0000000000000003 R09: 0000000000000000
[21589.117222] R10: 0000000000000000 R11: 0000000000000246 R12: 000055bcfe496d30
[21589.117223] R13: 00007ffeb93cf5b0 R14: 0000000000000000 R15: 0000000000000000
[21589.117224] Code: 89 c2 8b 45 d8 85 d2 0f 85 a0 00 00 00 48 8b 4d e0 65 48 33 0c 25 28 00 00 00 0f 85 9b 00 00 00 48 83 c4 28 5b 41 5c 41 5d 5d c3 <0f> ff 48 8b 73 68 31 c0 f6 46 64 10 74 d4 48 83 c6 68 ba 10 00
[21589.117269] ---[ end trace 773bb6da1a2c9d88 ]---
[21589.117872] ------------[ cut here ]------------
[21589.117899] WARNING: CPU: 2 PID: 10938 at fs/ext4/ext4.h:2735 ext4_block_bitmap_csum_verify+0xae/0xd0
[21589.117900] Modules linked in: ppdev coretemp intel_rapl_perf vmw_balloon joydev input_leds serio_raw i2c_piix4 shpchp nfit parport_pc parport vmw_vsock_vmci_transport vsock mac_hid vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear psmouse crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc e1000 aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci mptspi scsi_transport_spi libahci mptscsih mptbase pata_acpi [last unloaded: zerofs]
[21589.117988] CPU: 2 PID: 10938 Comm: poc Tainted: G        W  OE   4.13.0 #4
[21589.117989] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[21589.117991] task: ffff92f9f5a7dd00 task.stack: ffffac72c3484000
[21589.117994] RIP: 0010:ext4_block_bitmap_csum_verify+0xae/0xd0
[21589.117994] RSP: 0018:ffffac72c3487848 EFLAGS: 00010246
[21589.117996] RAX: 0000000000000000 RBX: ffff92faf2eed800 RCX: ffff92fa61bfbea0
[21589.117996] RDX: ffff92fa6415c800 RSI: 0000000000000000 RDI: ffff92faf2ee8800
[21589.117997] RBP: ffffac72c3487880 R08: ffff92faeefcda68 R09: 0000000000000000
[21589.117998] R10: ffff92fa6415c400 R11: ffffac72c34877b8 R12: 0000000000000000
[21589.117998] R13: ffff92fa61bfbea0 R14: 0000000000000000 R15: ffff92faf2eed800
[21589.118000] FS:  00007f4929572500(0000) GS:ffff92faf9680000(0000) knlGS:0000000000000000
[21589.118001] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[21589.118002] CR2: 000055bcffbc93a8 CR3: 00000000a42bb000 CR4: 00000000001406e0
[21589.118159] Call Trace:
[21589.118174]  ? ext4_group_desc_csum+0x170/0x210
[21589.118176]  ext4_validate_block_bitmap+0xee/0x350
[21589.118179]  ext4_read_block_bitmap_nowait+0xa8/0x610
[21589.118181]  ext4_read_block_bitmap+0x19/0x50
[21589.118190]  ext4_free_blocks+0x1f4/0xb70
[21589.118194]  ? __ext4_ext_check+0x26d/0x370
[21589.118213]  ext4_ext_remove_space+0xb3c/0x1210
[21589.118215]  ext4_ext_truncate+0x94/0xa0
[21589.118218]  ext4_truncate+0x385/0x430
[21589.118219]  ext4_setattr+0x3b8/0xa50
[21589.118227]  notify_change+0x308/0x460
[21589.118229]  ? ext4_xattr_security_set+0x30/0x30
[21589.118295]  do_truncate+0x73/0xc0
[21589.118299]  path_openat+0xfb4/0x1660
[21589.118303]  ? generic_file_read_iter+0x91a/0xa10
[21589.118305]  do_filp_open+0x8c/0x100
[21589.118307]  ? dput.part.23+0x18c/0x1e0
[21589.118308]  do_sys_open+0x1ba/0x260
[21589.118309]  SyS_openat+0x14/0x20
[21589.118313]  entry_SYSCALL_64_fastpath+0x1e/0xa9
[21589.118314] RIP: 0033:0x7f4929078d7e
[21589.118315] RSP: 002b:00007ffeb93cf2d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[21589.118316] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4929078d7e
[21589.118316] RDX: 0000000000000202 RSI: 000055bcffbc12d0 RDI: ffffffffffffff9c
[21589.118317] RBP: 00007ffeb93cf4b0 R08: 0000000000000003 R09: 0000000000000000
[21589.118318] R10: 0000000000000000 R11: 0000000000000246 R12: 000055bcfe496d30
[21589.118318] R13: 00007ffeb93cf5b0 R14: 0000000000000000 R15: 0000000000000000
[21589.118319] Code: c0 41 39 c5 0f 94 c0 0f b6 c0 eb 05 b8 01 00 00 00 48 8b 75 e0 65 48 33 34 25 28 00 00 00 75 26 48 83 c4 20 5b 41 5c 41 5d 5d c3 <0f> ff b8 01 00 00 00 eb dd 41 0f b7 54 24 38 c1 e2 10 41 09 d5
[21589.118338] ---[ end trace 773bb6da1a2c9d89 ]---
[21589.118359] EXT4-fs error (device loop0): ext4_mb_generate_buddy:756: group 0, block bitmap and bg descriptor inconsistent: 0 vs 2033 free clusters
[21589.118567] ------------[ cut here ]------------
[21589.118570] WARNING: CPU: 2 PID: 10938 at fs/ext4/ext4.h:2735 ext4_superblock_csum_set+0x85/0xa0
[21589.118571] Modules linked in: ppdev coretemp intel_rapl_perf vmw_balloon joydev input_leds serio_raw i2c_piix4 shpchp nfit parport_pc parport vmw_vsock_vmci_transport vsock mac_hid vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear psmouse crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc e1000 aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci mptspi scsi_transport_spi libahci mptscsih mptbase pata_acpi [last unloaded: zerofs]
[21589.118607] CPU: 2 PID: 10938 Comm: poc Tainted: G        W  OE   4.13.0 #4
[21589.118608] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[21589.118609] task: ffff92f9f5a7dd00 task.stack: ffffac72c3484000
[21589.118610] RIP: 0010:ext4_superblock_csum_set+0x85/0xa0
[21589.118611] RSP: 0018:ffffac72c3487640 EFLAGS: 00010246
[21589.118612] RAX: 0000000000000000 RBX: ffff92fa6415c400 RCX: 0000000000000000
[21589.118612] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff92faf2ee8800
[21589.118613] RBP: ffffac72c3487668 R08: fffffffffffffff0 R09: 000000000000000f
[21589.118613] R10: ffffac72c3487780 R11: ffffffff9fc7c9c0 R12: ffff92faf2ee8800
[21589.118614] R13: ffffffffa022eb60 R14: ffff92fa6415c400 R15: 000000000000003c
[21589.118615] FS:  00007f4929572500(0000) GS:ffff92faf9680000(0000) knlGS:0000000000000000
[21589.118616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[21589.118616] CR2: 000055bcffbc93a8 CR3: 00000000a42bb000 CR4: 00000000001406e0
[21589.118621] Call Trace:
[21589.119158]  ? __percpu_counter_sum+0x6a/0x80
[21589.119162]  ext4_commit_super+0x19f/0x2d0
[21589.119164]  __ext4_grp_locked_error+0x198/0x260
[21589.119169]  ext4_mb_generate_buddy+0x2c6/0x320
[21589.119194]  ext4_mb_init_cache+0x33c/0x720
[21589.119205]  ? pagecache_get_page+0xdf/0x210
[21589.119206]  ext4_mb_init_group+0x167/0x260
[21589.119272]  ? __schedule+0x14d/0x840
[21589.119276]  ext4_mb_load_buddy_gfp+0x3c0/0x3f0
[21589.119278]  ext4_free_blocks+0x360/0xb70
[21589.119280]  ? __ext4_ext_check+0x26d/0x370
[21589.119282]  ext4_ext_remove_space+0xb3c/0x1210
[21589.119284]  ext4_ext_truncate+0x94/0xa0
[21589.119285]  ext4_truncate+0x385/0x430
[21589.119287]  ext4_setattr+0x3b8/0xa50
[21589.119289]  notify_change+0x308/0x460
[21589.119291]  ? ext4_xattr_security_set+0x30/0x30
[21589.119293]  do_truncate+0x73/0xc0
[21589.119331]  path_openat+0xfb4/0x1660
[21589.119334]  ? generic_file_read_iter+0x91a/0xa10
[21589.119337]  do_filp_open+0x8c/0x100
[21589.119338]  ? dput.part.23+0x18c/0x1e0
[21589.119340]  do_sys_open+0x1ba/0x260
[21589.119341]  SyS_openat+0x14/0x20
[21589.119342]  entry_SYSCALL_64_fastpath+0x1e/0xa9
[21589.119344] RIP: 0033:0x7f4929078d7e
[21589.119345] RSP: 002b:00007ffeb93cf2d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[21589.119346] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4929078d7e
[21589.119347] RDX: 0000000000000202 RSI: 000055bcffbc12d0 RDI: ffffffffffffff9c
[21589.119347] RBP: 00007ffeb93cf4b0 R08: 0000000000000003 R09: 0000000000000000
[21589.119348] R10: 0000000000000000 R11: 0000000000000246 R12: 000055bcfe496d30
[21589.119348] R13: 00007ffeb93cf5b0 R14: 0000000000000000 R15: 0000000000000000
[21589.119349] Code: ff ff ff e8 7e a9 0a 00 85 c0 75 25 8b 45 e8 89 83 fc 03 00 00 48 8b 45 f0 65 48 33 04 25 28 00 00 00 75 0f 48 83 c4 20 5b 5d c3 <0f> ff eb e6 0f 0b 0f 0b e8 5e f1 d5 ff 0f 1f 40 00 66 2e 0f 1f
[21589.119369] ---[ end trace 773bb6da1a2c9d8a ]---
[21589.119739] ------------[ cut here ]------------
[21589.119740] kernel BUG at fs/ext4/ext4.h:2808!
[21589.119831] invalid opcode: 0000 [#1] SMP
[21589.119862] Modules linked in: ppdev coretemp intel_rapl_perf vmw_balloon joydev input_leds serio_raw i2c_piix4 shpchp nfit parport_pc parport vmw_vsock_vmci_transport vsock mac_hid vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 raid10 raid456 libcrc32c async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq raid1 raid0 multipath linear psmouse crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc e1000 aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci mptspi scsi_transport_spi libahci mptscsih mptbase pata_acpi [last unloaded: zerofs]
[21589.120279] CPU: 2 PID: 10938 Comm: poc Tainted: G        W  OE   4.13.0 #4
[21589.120335] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
[21589.120422] task: ffff92f9f5a7dd00 task.stack: ffffac72c3484000
[21589.120485] RIP: 0010:ext4_mb_find_by_goal+0x1eb/0x2c0
[21589.120531] RSP: 0018:ffffac72c34877d8 EFLAGS: 00010246
[21589.120577] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000100001fff
[21589.120634] RDX: ffff92faf2ee8800 RSI: ffffac72c3487868 RDI: ffff92faf6004100
[21589.120691] RBP: ffffac72c3487830 R08: ffff92faf2ee8800 R09: ffff92faf2eed800
[21589.120748] R10: 0000000000000000 R11: ffff92faf2ee8800 R12: ffff92faf6004100
[21589.120805] R13: ffff92faf2eed800 R14: ffff92faf2eed800 R15: ffffac72c34879e8
[21589.120867] FS:  00007f4929572500(0000) GS:ffff92faf9680000(0000) knlGS:0000000000000000
[21589.120940] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[21589.120991] CR2: 000055bcffbc93a8 CR3: 00000000a42bb000 CR4: 00000000001406e0
[21589.121051] Call Trace:
[21589.121084]  ? ext4_dirty_inode+0x4b/0x70
[21589.121126]  ext4_mb_regular_allocator+0x65/0x430
[21589.121172]  ? mutex_lock+0x12/0x40
[21589.121211]  ? ext4_mb_initialize_context+0x14c/0x1b0
[21589.121258]  ext4_mb_new_blocks+0x6b8/0xbb0
[21589.121351]  ? __kmalloc+0x179/0x200
[21589.121392]  ? ext4_find_extent+0x243/0x2b0
[21589.121435]  ? ext4_find_extent+0x243/0x2b0
[21589.121477]  ext4_ext_map_blocks+0xadb/0xed0
[21589.121520]  ext4_map_blocks+0x3bc/0x5f0
[21589.121669]  ? alloc_buffer_head+0x21/0x60
[21589.121713]  _ext4_get_block+0x75/0x110
[21589.121753]  ext4_get_block+0x16/0x20
[21589.121792]  ext4_block_write_begin+0x150/0x470
[21589.121869]  ? lru_cache_add+0xe/0x10
[21589.121910]  ? _ext4_get_block+0x110/0x110
[21589.121952]  ? __ext4_journal_start_sb+0x36/0x120
[21589.121997]  ext4_write_begin+0x17c/0x520
[21589.122039]  ? ext4_xattr_get+0x9e/0x290
[21589.122079]  ext4_da_write_begin+0x20c/0x3a0
[21589.122122]  generic_perform_write+0xb9/0x1a0
[21589.122167]  __generic_file_write_iter+0x1af/0x1e0
[21589.122211]  ext4_file_write_iter+0xc4/0x3d0
[21589.122295]  new_sync_write+0x109/0x160
[21589.122349]  __vfs_write+0x29/0x40
[21589.122386]  vfs_write+0xb5/0x1b0
[21589.122423]  SyS_write+0x58/0xc0
[21589.122460]  entry_SYSCALL_64_fastpath+0x1e/0xa9
[21589.122504] RIP: 0033:0x7f49290790c4
[21589.122542] RSP: 002b:00007ffeb93cf348 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[21589.122614] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f49290790c4
[21589.122690] RDX: 0000000000000205 RSI: 000055bcfe698040 RDI: 0000000000000003
[21589.122742] RBP: 00007ffeb93cf4b0 R08: 0000000000000003 R09: 0000000000000000
[21589.122795] R10: 0000000000000000 R11: 0000000000000246 R12: 000055bcfe496d30
[21589.122847] R13: 00007ffeb93cf5b0 R14: 0000000000000000 R15: 0000000000000000
[21589.122899] Code: 24 08 48 8b b0 a8 00 00 00 48 03 9e 80 01 00 00 48 89 df c6 07 00 0f 1f 40 00 49 8b 76 10 4c 89 f7 e8 2a ca ff ff e9 8e fe ff ff <0f> 0b 85 c0 0f 84 47 ff ff ff 8d 48 ff 48 8d b2 2c 03 00 00 f0
[21589.123046] RIP: ext4_mb_find_by_goal+0x1eb/0x2c0 RSP: ffffac72c34877d8
[21589.123114] ---[ end trace 773bb6da1a2c9d8b ]---

Reported by Wen Xu from SSLab, Gatech

Comment 1 Wen Xu 2018-04-03 17:05:16 UTC

Created attachment 275095 [details]
poc.c

Comment 2 Wen Xu 2018-04-10 05:50:46 UTC

This is not reproducible on latest ext4 development branch.

Note You need to log in before you can comment on or make changes to this bug.