Hello,
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=159bf80e280000
kernel config:
https://syzkaller.appspot.com/x/.config?x=a61e8195d8bdf36e
dashboard link:
https://syzkaller.appspot.com/bug?extid=4b5f0821b1142785380e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/b65d6c2ec328/disk-9d6bde85.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/cf811ebac37b/vmlinux-9d6bde85.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/b2f32fdecf97/bzImage-9d6bde85.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+4b5f08...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x703/0xae0
Modules linked in:
CPU: 0 PID: 400 Comm: syz-executor.4 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:hfsplus_free_extents+0x703/0xae0 fs/hfsplus/extents.c:346
Code: 0f cb 44 89 ef 89 de e8 eb 1c 41 ff 41 39 dd 75 20 49 83 c7 28 e8 7d 1b 41 ff 41 bc 05 00 00 00 e9 e2 f9 ff ff e8 6d 1b 41 ff <0f> 0b e9 83 f9 ff ff 44 89 ef 89 de e8 bc 1c 41 ff 41 29 dd 73 0a
RSP: 0018:ffffc9000537fb90 EFLAGS: 00010287
RAX: ffffffff823ecd73 RBX: ffff888075345820 RCX: 0000000000040000
RDX: ffffc90005a9a000 RSI: 0000000000017369 RDI: 000000000001736a
RBP: ffff888040a56000 R08: dffffc0000000000 R09: ffffed100847180a
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000002 R14: 1ffff92000a6ff96 R15: ffff888023b006d8
FS: 00007f6afbd72700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30723000 CR3: 000000001ae3f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfsplus_file_truncate+0x822/0xb80 fs/hfsplus/extents.c:591
hfsplus_file_release+0x301/0x3e0 fs/hfsplus/inode.c:240
__fput+0x3bf/0x890 fs/file_table.c:280
task_work_run+0x129/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f6b05ba1169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6afbd72168 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6b05cc1050 RCX: 00007f6b05ba1169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f6b05bfcca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffddd6980ff R14: 00007f6afbd72300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup