[v5.15] WARNING in hfsplus_free_extents
0 views
Skip to first unread message
syzbot
May 17, 2023, 1:56:46 PM5/17/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=159bf80e280000
kernel config: https://syzkaller.appspot.com/x/.config?x=a61e8195d8bdf36e
dashboard link: https://syzkaller.appspot.com/bug?extid=4b5f0821b1142785380e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b65d6c2ec328/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cf811ebac37b/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b2f32fdecf97/bzImage-9d6bde85.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b5f08...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x703/0xae0
Modules linked in:
CPU: 0 PID: 400 Comm: syz-executor.4 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:hfsplus_free_extents+0x703/0xae0 fs/hfsplus/extents.c:346
Code: 0f cb 44 89 ef 89 de e8 eb 1c 41 ff 41 39 dd 75 20 49 83 c7 28 e8 7d 1b 41 ff 41 bc 05 00 00 00 e9 e2 f9 ff ff e8 6d 1b 41 ff <0f> 0b e9 83 f9 ff ff 44 89 ef 89 de e8 bc 1c 41 ff 41 29 dd 73 0a
RSP: 0018:ffffc9000537fb90 EFLAGS: 00010287
RAX: ffffffff823ecd73 RBX: ffff888075345820 RCX: 0000000000040000
RDX: ffffc90005a9a000 RSI: 0000000000017369 RDI: 000000000001736a
RBP: ffff888040a56000 R08: dffffc0000000000 R09: ffffed100847180a
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000002 R14: 1ffff92000a6ff96 R15: ffff888023b006d8
FS: 00007f6afbd72700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30723000 CR3: 000000001ae3f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfsplus_file_truncate+0x822/0xb80 fs/hfsplus/extents.c:591
hfsplus_file_release+0x301/0x3e0 fs/hfsplus/inode.c:240
__fput+0x3bf/0x890 fs/file_table.c:280
task_work_run+0x129/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f6b05ba1169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6afbd72168 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6b05cc1050 RCX: 00007f6b05ba1169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f6b05bfcca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffddd6980ff R14: 00007f6afbd72300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=159bf80e280000
kernel config: https://syzkaller.appspot.com/x/.config?x=a61e8195d8bdf36e
dashboard link: https://syzkaller.appspot.com/bug?extid=4b5f0821b1142785380e
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b65d6c2ec328/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cf811ebac37b/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b2f32fdecf97/bzImage-9d6bde85.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b5f08...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 400 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x703/0xae0
Modules linked in:
CPU: 0 PID: 400 Comm: syz-executor.4 Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:hfsplus_free_extents+0x703/0xae0 fs/hfsplus/extents.c:346
Code: 0f cb 44 89 ef 89 de e8 eb 1c 41 ff 41 39 dd 75 20 49 83 c7 28 e8 7d 1b 41 ff 41 bc 05 00 00 00 e9 e2 f9 ff ff e8 6d 1b 41 ff <0f> 0b e9 83 f9 ff ff 44 89 ef 89 de e8 bc 1c 41 ff 41 29 dd 73 0a
RSP: 0018:ffffc9000537fb90 EFLAGS: 00010287
RAX: ffffffff823ecd73 RBX: ffff888075345820 RCX: 0000000000040000
RDX: ffffc90005a9a000 RSI: 0000000000017369 RDI: 000000000001736a
RBP: ffff888040a56000 R08: dffffc0000000000 R09: ffffed100847180a
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000002 R14: 1ffff92000a6ff96 R15: ffff888023b006d8
FS: 00007f6afbd72700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30723000 CR3: 000000001ae3f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfsplus_file_truncate+0x822/0xb80 fs/hfsplus/extents.c:591
hfsplus_file_release+0x301/0x3e0 fs/hfsplus/inode.c:240
__fput+0x3bf/0x890 fs/file_table.c:280
task_work_run+0x129/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop+0x106/0x130 kernel/entry/common.c:175
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x5d/0x250 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f6b05ba1169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6afbd72168 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f6b05cc1050 RCX: 00007f6b05ba1169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f6b05bfcca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffddd6980ff R14: 00007f6afbd72300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jul 23, 2023, 5:10:11 AM7/23/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17f825e6a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f546a5c7ff981a94
dashboard link: https://syzkaller.appspot.com/bug?extid=4b5f0821b1142785380e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1750af21a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15fedcbea80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/601dfce79849/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b8e802138c25/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9b3b48ff5c05/bzImage-d54cfc42.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/1e52afa687d7/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b5f08...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8273 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x703/0xae0
Modules linked in:
CPU: 1 PID: 8273 Comm: syz-executor223 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
RSP: 0018:ffffc900067b7510 EFLAGS: 00010293
RAX: ffffffff823efdb3 RBX: ffff888074fa6820 RCX: ffff888020665940
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88807d6d8048
RBP: ffff88807d080000 R08: dffffc0000000000 R09: ffffed100fadb00a
FS: 00007fe8e31d96c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
notify_change+0xd4d/0x1000 fs/attr.c:488
do_truncate+0x21c/0x300 fs/open.c:65
handle_truncate fs/namei.c:3195 [inline]
do_open fs/namei.c:3542 [inline]
path_openat+0x28a0/0x2f20 fs/namei.c:3672
do_filp_open+0x21c/0x460 fs/namei.c:3699
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_openat fs/open.c:1243 [inline]
__se_sys_openat fs/open.c:1238 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1238
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe8eb5dec89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe8e31d9218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fe8eb6676e8 RCX: 00007fe8eb5dec89
RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c
RBP: 00007fe8eb6676e0 R08: 00007ffe64491ad7 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8eb633728
R13: 00007fe8eb63306b R14: 00737570635f6576 R15: 0073756c70736668
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: d54cfc420586 Linux 5.15.120
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17f825e6a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=f546a5c7ff981a94
dashboard link: https://syzkaller.appspot.com/bug?extid=4b5f0821b1142785380e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1750af21a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15fedcbea80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/601dfce79849/disk-d54cfc42.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b8e802138c25/vmlinux-d54cfc42.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9b3b48ff5c05/bzImage-d54cfc42.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/1e52afa687d7/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4b5f08...@syzkaller.appspotmail.com
WARNING: CPU: 1 PID: 8273 at fs/hfsplus/extents.c:346 hfsplus_free_extents+0x703/0xae0
Modules linked in:
CPU: 1 PID: 8273 Comm: syz-executor223 Not tainted 5.15.120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
RIP: 0010:hfsplus_free_extents+0x703/0xae0 fs/hfsplus/extents.c:346
Code: 0f cb 44 89 ef 89 de e8 6b 04 41 ff 41 39 dd 75 20 49 83 c7 28 e8 fd 02 41 ff 41 bc 05 00 00 00 e9 e2 f9 ff ff e8 ed 02 41 ff <0f> 0b e9 83 f9 ff ff 44 89 ef 89 de e8 3c 04 41 ff 41 29 dd 73 0a
RSP: 0018:ffffc900067b7510 EFLAGS: 00010293
RAX: ffffffff823efdb3 RBX: ffff888074fa6820 RCX: ffff888020665940
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88807d6d8048
RBP: ffff88807d080000 R08: dffffc0000000000 R09: ffffed100fadb00a
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000047 R14: 1ffff92000cf6ec6 R15: ffff88807bb072d8
FS: 00007fe8e31d96c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe8e31fac00 CR3: 0000000075690000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfsplus_file_truncate+0x822/0xb80 fs/hfsplus/extents.c:591
hfsplus_setattr+0x1b9/0x280 fs/hfsplus/inode.c:267
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
hfsplus_file_truncate+0x822/0xb80 fs/hfsplus/extents.c:591
notify_change+0xd4d/0x1000 fs/attr.c:488
do_truncate+0x21c/0x300 fs/open.c:65
handle_truncate fs/namei.c:3195 [inline]
do_open fs/namei.c:3542 [inline]
path_openat+0x28a0/0x2f20 fs/namei.c:3672
do_filp_open+0x21c/0x460 fs/namei.c:3699
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_openat fs/open.c:1243 [inline]
__se_sys_openat fs/open.c:1238 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1238
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe8eb5dec89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fe8e31d9218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fe8eb6676e8 RCX: 00007fe8eb5dec89
RDX: 000000000000275a RSI: 00000000200001c0 RDI: 00000000ffffff9c
RBP: 00007fe8eb6676e0 R08: 00007ffe64491ad7 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8eb633728
R13: 00007fe8eb63306b R14: 00737570635f6576 R15: 0073756c70736668
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages