The attached program (found with syzkaller) triggers the following warning in bdev_inode_switch_bdi in a 3.18 amd64-generic kernel:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3196 at /mnt/host/source/src/third_party/kernel/v3.18/fs/block_dev.c:67 bdev_inode_switch_bdi+0xa8/0xb9()
Modules linked in: i2c_dev uinput sr_mod cdrom bluetooth zram fuse cfg80211 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables virtio_net i2c_piix4 snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device ppp_async ppp_generic slhc tun
CPU: 0 PID: 3196 Comm: syz-executor Not tainted 3.18.0 #27
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
0000000000000009 00000000349a7923 ffff8800312d7a18 ffffffff81b5aedc
0000000000000000 ffffffff349a7923 0000000000000000 ffff88001fc5d360
ffff8800312d7a68 ffffffff810636df ffff8800312d7a88 ffffffff8121cd5e
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff81b5aedc>] dump_stack+0x74/0xb3 lib/dump_stack.c:50
[<ffffffff810636df>] warn_slowpath_common+0xa9/0xc7 kernel/panic.c:441
[<ffffffff8121cd5e>] ? bdev_inode_switch_bdi+0xa8/0xb9 fs/block_dev.c:67
[<ffffffff8106383b>] warn_slowpath_null+0x31/0x33 kernel/panic.c:474
[<ffffffff8121cd5e>] bdev_inode_switch_bdi+0xa8/0xb9 fs/block_dev.c:67
[<ffffffff8121e5b6>] __blkdev_put+0xe9/0x276 fs/block_dev.c:1464
[<ffffffff8121f663>] blkdev_put+0x1d3/0x1e2 fs/block_dev.c:1534
[<ffffffff8121f716>] ? blkdev_get_by_path+0xa4/0xa4 fs/block_dev.c:1378
[<ffffffff8121f764>] blkdev_close+0x4e/0x55 fs/block_dev.c:1541
[<ffffffff811d1164>] __fput+0x1c9/0x321 fs/file_table.c:208
[<ffffffff811d132b>] ____fput+0x1f/0x21 fs/file_table.c:244
[<ffffffff8108c37a>] task_work_run+0xf9/0x12c kernel/task_work.c:123
[< inline >] exit_task_work include/linux/task_work.h:21
[<ffffffff810658fc>] do_exit+0x6a4/0x11f6 kernel/exit.c:762
[< inline >] ? debug_spin_unlock kernel/locking/spinlock_debug.c:103
[<ffffffff810bfebe>] ? do_raw_spin_unlock+0xbb/0xcd kernel/locking/spinlock_debug.c:158
[< inline >] ? spin_unlock include/linux/spinlock.h:357
[< inline >] ? unqueue_me kernel/futex.c:1849
[<ffffffff810f9198>] ? futex_wait+0x1cf/0x368 kernel/futex.c:2203
[<ffffffff81072b79>] ? recalc_sigpending_tsk+0xa4/0xae kernel/signal.c:145
[<ffffffff81067f33>] do_group_exit+0x9d/0x184 kernel/exit.c:892
[< inline >] ? debug_spin_unlock kernel/locking/spinlock_debug.c:103
[<ffffffff810bfebe>] ? do_raw_spin_unlock+0xbb/0xcd kernel/locking/spinlock_debug.c:158
[< inline >] ? spin_unlock_irq include/linux/spinlock.h:367
[<ffffffff81078aea>] ? get_signal+0x810/0x950 kernel/signal.c:2325
[<ffffffff81078bd2>] get_signal+0x8f8/0x950 kernel/signal.c:2350
[<ffffffff8100320b>] do_signal+0x37/0x8a4 arch/x86/kernel/signal.c:703
[<ffffffff8121d00d>] ? block_ioctl+0x8d/0x9b fs/block_dev.c:1559
[<ffffffff811e8f93>] ? do_vfs_ioctl+0x6f8/0x71e fs/ioctl.c:598
[<ffffffff81003aa4>] do_notify_resume+0x2c/0x6d arch/x86/kernel/signal.c:754
[< inline >] ? SYSC_ioctl fs/ioctl.c:615
[<ffffffff811e9059>] ? SyS_ioctl+0xa0/0xb3 fs/ioctl.c:604
[<ffffffff81b62dac>] int_signal+0x12/0x17 arch/x86/kernel/entry_64.S:620
---[ end trace 01602eeeab2bd1b9 ]---
|
Deleted:
warning_bdev_inode_switch_bdi.c
24.0 KB
|
Comment 1 by zalcorn@chromium.org
, Dec 27 2017