[syzbot] [udf?] WARNING in udf_setsize (2)
10 views
Skip to first unread message
syzbot
Jun 12, 2023, 2:18:57 PM6/12/23
to ja...@suse.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5f63595ebd82 Merge tag 'input-for-v6.4-rc5' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1667baf1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7474de833c217bf4
dashboard link: https://syzkaller.appspot.com/bug?extid=db6df8c0f578bc11e50e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d12b9e46ffe8/disk-5f63595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c9044ded7edd/vmlinux-5f63595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/09f0fd3926e8/bzImage-5f63595e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+db6df8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8731 at fs/udf/inode.c:673 udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Modules linked in:
CPU: 1 PID: 8731 Comm: syz-executor.4 Not tainted 6.4.0-rc5-syzkaller-00024-g5f63595ebd82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:udf_extend_file fs/udf/inode.c:672 [inline]
RIP: 0010:udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Code: 00 00 00 00 fc ff df 74 0a e8 4a fc 8c fe e9 18 ff ff ff 4c 89 64 24 20 e8 3b fc 8c fe 4c 89 fb e9 a7 fd ff ff e8 2e fc 8c fe <0f> 0b e9 1b f6 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 2b f0 ff ff 4c
RSP: 0018:ffffc90004fcfae0 EFLAGS: 00010293
RAX: ffffffff82fe8302 RBX: 0000000000000800 RCX: ffff888035f93b80
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000800
RBP: ffffc90004fcfcd0 R08: ffffffff82fe7900 R09: ffffed100ea45358
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920009f9f70
R13: 0000000000000751 R14: 0000000000000009 R15: 0000000000001000
FS: 00007f3365a37700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 00000000797b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_setattr+0x370/0x540 fs/udf/file.c:239
notify_change+0xc8b/0xf40 fs/attr.c:483
do_truncate+0x220/0x300 fs/open.c:66
do_sys_ftruncate+0x2e4/0x380 fs/open.c:194
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3364c8c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3365a37168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f3364dac120 RCX: 00007f3364c8c169
RDX: 0000000000000000 RSI: 0000000000000751 RDI: 0000000000000004
RBP: 00007f3364ce7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6db1fcaf R14: 00007f3365a37300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5f63595ebd82 Merge tag 'input-for-v6.4-rc5' of git://git.k..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1667baf1280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7474de833c217bf4
dashboard link: https://syzkaller.appspot.com/bug?extid=db6df8c0f578bc11e50e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d12b9e46ffe8/disk-5f63595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c9044ded7edd/vmlinux-5f63595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/09f0fd3926e8/bzImage-5f63595e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+db6df8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8731 at fs/udf/inode.c:673 udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Modules linked in:
CPU: 1 PID: 8731 Comm: syz-executor.4 Not tainted 6.4.0-rc5-syzkaller-00024-g5f63595ebd82 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:udf_extend_file fs/udf/inode.c:672 [inline]
RIP: 0010:udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Code: 00 00 00 00 fc ff df 74 0a e8 4a fc 8c fe e9 18 ff ff ff 4c 89 64 24 20 e8 3b fc 8c fe 4c 89 fb e9 a7 fd ff ff e8 2e fc 8c fe <0f> 0b e9 1b f6 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 2b f0 ff ff 4c
RSP: 0018:ffffc90004fcfae0 EFLAGS: 00010293
RAX: ffffffff82fe8302 RBX: 0000000000000800 RCX: ffff888035f93b80
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000000000000800
RBP: ffffc90004fcfcd0 R08: ffffffff82fe7900 R09: ffffed100ea45358
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920009f9f70
R13: 0000000000000751 R14: 0000000000000009 R15: 0000000000001000
FS: 00007f3365a37700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 00000000797b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_setattr+0x370/0x540 fs/udf/file.c:239
notify_change+0xc8b/0xf40 fs/attr.c:483
do_truncate+0x220/0x300 fs/open.c:66
do_sys_ftruncate+0x2e4/0x380 fs/open.c:194
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3364c8c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3365a37168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f3364dac120 RCX: 00007f3364c8c169
RDX: 0000000000000000 RSI: 0000000000000751 RDI: 0000000000000004
RBP: 00007f3364ce7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6db1fcaf R14: 00007f3365a37300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 20, 2023, 9:06:49 PM6/20/23
to ja...@suse.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 99ec1ed7c2ed Merge tag '6.4-rc6-smb3-server-fixes' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16d849b7280000
kernel config: https://syzkaller.appspot.com/x/.config?x=e74b395fe4978721
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141c5260a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f16a44eaf8dd/disk-99ec1ed7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f9e8611423fa/vmlinux-99ec1ed7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6127eeba514b/bzImage-99ec1ed7.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a39116bf6f18/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+db6df8...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 2048
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5066 at fs/udf/inode.c:673 udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Modules linked in:
CPU: 0 PID: 5066 Comm: syz-executor615 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RSP: 0018:ffffc90003b5fae0 EFLAGS: 00010293
RAX: ffffffff82fe9222 RBX: 0000000000000200 RCX: ffff8880163c1dc0
RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000200
RBP: ffffc90003b5fcd0 R08: ffffffff82fe8820 R09: ffffed100ea634f2
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200076bf70
R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000400
FS: 00007ff22b5e5700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff22b5e52f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007ff22b6bf7a0 RCX: 00007ff22b6395f9
RDX: 00007ff22b6395f9 RSI: 0000000000000002 RDI: 0000000000000004
RBP: 00007ff22b68be00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff22b68b208
R13: 00007ff22b68b0c0 R14: 0030656c69662f2e R15: 00007ff22b6bf7a8
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 99ec1ed7c2ed Merge tag '6.4-rc6-smb3-server-fixes' of git:..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16d849b7280000
kernel config: https://syzkaller.appspot.com/x/.config?x=e74b395fe4978721
dashboard link: https://syzkaller.appspot.com/bug?extid=db6df8c0f578bc11e50e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1662e03f280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141c5260a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f16a44eaf8dd/disk-99ec1ed7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f9e8611423fa/vmlinux-99ec1ed7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6127eeba514b/bzImage-99ec1ed7.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a39116bf6f18/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+db6df8...@syzkaller.appspotmail.com
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5066 at fs/udf/inode.c:673 udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Modules linked in:
CPU: 0 PID: 5066 Comm: syz-executor615 Not tainted 6.4.0-rc7-syzkaller-00019-g99ec1ed7c2ed #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:udf_extend_file fs/udf/inode.c:672 [inline]
RIP: 0010:udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
Code: 00 00 00 00 fc ff df 74 0a e8 9a ed 8c fe e9 18 ff ff ff 4c 89 64 24 20 e8 8b ed 8c fe 4c 89 fb e9 a7 fd ff ff e8 7e ed 8c fe <0f> 0b e9 1b f6 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 2b f0 ff ff 4c
RIP: 0010:udf_setsize+0x1092/0x1480 fs/udf/inode.c:1275
RSP: 0018:ffffc90003b5fae0 EFLAGS: 00010293
RAX: ffffffff82fe9222 RBX: 0000000000000200 RCX: ffff8880163c1dc0
RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000200
RBP: ffffc90003b5fcd0 R08: ffffffff82fe8820 R09: ffffed100ea634f2
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff9200076bf70
R13: 0000000000000002 R14: 0000000000000009 R15: 0000000000000400
FS: 00007ff22b5e5700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff2232c4718 CR3: 000000002afd3000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_setattr+0x370/0x540 fs/udf/file.c:239
notify_change+0xc8b/0xf40 fs/attr.c:483
do_truncate+0x220/0x300 fs/open.c:66
do_sys_ftruncate+0x2e4/0x380 fs/open.c:194
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7ff22b6395f9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_setattr+0x370/0x540 fs/udf/file.c:239
notify_change+0xc8b/0xf40 fs/attr.c:483
do_truncate+0x220/0x300 fs/open.c:66
do_sys_ftruncate+0x2e4/0x380 fs/open.c:194
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff22b5e52f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007ff22b6bf7a0 RCX: 00007ff22b6395f9
RDX: 00007ff22b6395f9 RSI: 0000000000000002 RDI: 0000000000000004
RBP: 00007ff22b68be00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff22b68b208
R13: 00007ff22b68b0c0 R14: 0030656c69662f2e R15: 00007ff22b6bf7a8
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jun 21, 2023, 12:59:35 PM6/21/23
to ja...@suse.com, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
syzbot has bisected this issue to:
commit 16d0556568148bdcaa45d077cac9f8f7077cf70a
Author: Jan Kara <ja...@suse.cz>
Date: Wed Dec 7 17:17:34 2022 +0000
udf: Discard preallocation before extending file with a hole
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17327857280000
start commit: 99ec1ed7c2ed Merge tag '6.4-rc6-smb3-server-fixes' of git:..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=14b27857280000
console output: https://syzkaller.appspot.com/x/log.txt?x=10b27857280000
Fixes: 16d055656814 ("udf: Discard preallocation before extending file with a hole")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 16d0556568148bdcaa45d077cac9f8f7077cf70a
Author: Jan Kara <ja...@suse.cz>
Date: Wed Dec 7 17:17:34 2022 +0000
udf: Discard preallocation before extending file with a hole
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17327857280000
start commit: 99ec1ed7c2ed Merge tag '6.4-rc6-smb3-server-fixes' of git:..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=14b27857280000
console output: https://syzkaller.appspot.com/x/log.txt?x=10b27857280000
kernel config: https://syzkaller.appspot.com/x/.config?x=e74b395fe4978721
dashboard link: https://syzkaller.appspot.com/bug?extid=db6df8c0f578bc11e50e
dashboard link: https://syzkaller.appspot.com/bug?extid=db6df8c0f578bc11e50e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1662e03f280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141c5260a80000
Reported-by: syzbot+db6df8...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141c5260a80000
Fixes: 16d055656814 ("udf: Discard preallocation before extending file with a hole")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages