202743 – pktcdvd triggers kernel BUG at fs/inode.c:1563

Bug 202743 - pktcdvd triggers kernel BUG at fs/inode.c:1563

Summary: pktcdvd triggers kernel BUG at fs/inode.c:1563

Status:	NEW

Alias:	None

Product:	IO/Storage
Classification:	Unclassified
Component:	Block Layer (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	Jens Axboe

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-04 02:07 UTC by Bart Van Assche
Modified:	2020-04-22 22:18 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	v5.1-rc1 (linux-next-20190301)
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bart Van Assche 2019-03-04 02:07:59 UTC

This did not occur with kernel v5.0-rc8 but apparently occurs with linux-next-20190301:

------------[ cut here ]------------
kernel BUG at fs/inode.c:1563!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 PID: 5367 Comm: pktsetup Not tainted 5.0.0-rc8-next-20190301-dbg+ #1
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
RIP: 0010:iput+0x3e9/0x400
Call Trace:
 __blkdev_put+0x317/0x3d0
 blkdev_put+0x62/0x200
 pkt_remove_dev+0x1d9/0x290 [pktcdvd]
 pkt_ctl_ioctl+0x27f/0x2b0 [pktcdvd]
 do_vfs_ioctl+0x144/0xa20
 ksys_ioctl+0x41/0x80
 __x64_sys_ioctl+0x43/0x50
 do_syscall_64+0x77/0x220
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fd075ba13c7
---[ end trace fe01d1e8554ccd65 ]---

The iput() implementation:

void iput(struct inode *inode)
{
	if (!inode)
		return;
	BUG_ON(inode->i_state & I_CLEAR);
retry:
	if (atomic_dec_and_lock(&inode->i_count, &inode->i_lock)) {
		if (inode->i_nlink && (inode->i_state & I_DIRTY_TIME)) {
			atomic_inc(&inode->i_count);
			spin_unlock(&inode->i_lock);
			trace_writeback_lazytime_iput(inode);
			mark_inode_dirty_sync(inode);
			goto retry;
		}
		iput_final(inode);
	}
}
EXPORT_SYMBOL(iput);

Comment 1 ValdikSS 2020-04-22 22:18:09 UTC

See also bug #207317

Note You need to log in before you can comment on or make changes to this bug.