Ubuntu
linux package

BUG_ON(!PagePrivate(page))

Bug #1953514 reported by Dmitry Nagornykh
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

А “!PagePrivate(page)” assertion fail was discovered in “ext4_writepage”. The problem was originally found by syzbot, https://syzkaller.appspot.com/bug?id=ae0125a57674f57b675fad8f1440eb2be4790fba. It is reproduced by the root user in the docker container or host on Ubuntu 20.04.3 LTS with Linux 5.4.0-91-generic. The bug reproducer is built from https://raw.githubusercontent.com/dvyukov/syzkaller-repros/master/linux/ae0125a57674f57b675fad8f1440eb2be4790fba.c. It reproduces in Ubuntu 18.04.6 LTS with Linux 4.15.0-163-generic and Ubuntu 20.04.3 LTS with Linux mainline v5.16-rc4 also.

There are steps to reproduce in the Docker container:
-----------------------------------------------------------
docker pull ubuntu
docker run -ti ubuntu bash
apt update
apt install gcc wget
wget https://raw.githubusercontent.com/dvyukov/syzkaller-repros/master/linux/ae0125a57674f57b675fad8f1440eb2be4790fba.c
gcc ./ae0125a57674f57b675fad8f1440eb2be4790fba.c -static -pthread -o ae0125a57674f57b675fad8f1440eb2be4790fba
./ae0125a57674f57b675fad8f1440eb2be4790fba

The kernel crash contains as a result:
----------------------------------------
kernel BUG at fs/ext4/inode.c:2163!
invalid opcode: 0000 [#1] SMP PTI
CPU: 1 PID: 280 Comm: jbd2/vda2-8 Kdump: loaded Tainted: G W 5.4.0-91-generic #102-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:ext4_writepage+0x2d6/0x310
Code: 8b 45 30 ba 00 10 00 00 31 f6 41 bc fb ff ff ff 48 8b 40 70 48 8b 40 40 e8 47 20 a6 00 4c 89 f7 e8 2f 2c e7 ff e9 86 fe ff ff <0f> 0b 0f 0b e9 78 ff ff ff 4c 89 e7 4c 89 f6 41 bc f4 ff ff ff e8
RSP: 0018:ffffadaf401dfa28 EFLAGS: 00010246
RAX: 000fffffc0000037 RBX: ffff94ec39b9bb48 RCX: 0000000000000010
RDX: 0000000000000008 RSI: ffffadaf401dfc10 RDI: ffffd75e81decd00
RBP: ffffadaf401dfa78 R08: ffff94ecfffd3000 R09: 0000000000031155
R10: 0000000000031100 R11: 0000000000000015 R12: ffffadaf401dfc10
R13: ffff94ec39b9b9d0 R14: ffffd75e81decd00 R15: 0000000000001000
FS: 0000000000000000(0000) GS:ffff94ecfbb00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8a055c3010 CR3: 0000000137362002 CR4: 0000000000360ee0
Call Trace:
 ? __mod_lruvec_state+0x44/0xf0
 __writepage+0x1d/0x50
 write_cache_pages+0x1ae/0x4b0
 ? __wb_calc_thresh+0x130/0x130
 ? check_preempt_curr+0x7a/0x90
 ? ttwu_do_wakeup+0x1e/0x150
 ? ttwu_do_activate+0x5b/0x70
 generic_writepages+0x57/0x90
 jbd2_journal_submit_inode_data_buffers+0x63/0x80
 ext4_journal_submit_inode_data_buffers+0xd5/0x100
 jbd2_journal_commit_transaction+0x48f/0x18c0

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-image-5.4.0-91-generic 5.4.0-91.102
ProcVersionSignature: Ubuntu 5.4.0-91.102-generic 5.4.151
Uname: Linux 5.4.0-91-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Dec 7 14:39 seq
 crw-rw---- 1 root audio 116, 33 Dec 7 14:39 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.11-0ubuntu27.21
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Tue Dec 7 14:40:03 2021
InstallationDate: Installed on 2021-11-29 (8 days ago)
InstallationMedia: Ubuntu-Server 20.04.3 LTS "Focal Fossa" - Release amd64 (20210824)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:

Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:

ProcEnviron:
 TERM=vt220
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=C.UTF-8
 SHELL=/bin/bash
ProcFB: 0 bochs-drmdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-91-generic root=UUID=2ad85404-d6b7-4c7d-a860-b873557a175c ro console=ttyS0 slub_debug=FZ crashkernel=256M
RelatedPackageVersions:
 linux-restricted-modules-5.4.0-91-generic N/A
 linux-backports-modules-5.4.0-91-generic N/A
 linux-firmware 1.187.20
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: 1.13.0-1ubuntu1.1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-focal
dmi.modalias: dmi:bvnSeaBIOS:bvr1.13.0-1ubuntu1.1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-focal:cvnQEMU:ct1:cvrpc-i440fx-focal:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-focal
dmi.sys.vendor: QEMU

Revision history for this message
Dmitry Nagornykh (dnn81) wrote :
Seth Arnold (seth-arnold)
information type: Private Security → Public Security
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.