Hello,
syzbot found the following issue on:
HEAD commit: 7eaef76fbc46 Linux 6.1.20
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=153675bec80000
kernel config:
https://syzkaller.appspot.com/x/.config?x=29ad3fe3c7b61175
dashboard link:
https://syzkaller.appspot.com/bug?extid=c9e721ff7f0f74b75956
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=176c3ebac80000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=11847c6ec80000
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/34f95428f5fb/disk-7eaef76f.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/1bdd9b2c390d/vmlinux-7eaef76f.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/419140981cfa/Image-7eaef76f.gz.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/04a0c5642707/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+c9e721...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5560 at fs/udf/truncate.c:208 udf_truncate_extents+0xbf4/0xdc8
Modules linked in:
CPU: 0 PID: 5560 Comm: syz-executor120 Not tainted 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : udf_truncate_extents+0xbf4/0xdc8
lr : udf_truncate_extents+0xbf0/0xdc8 fs/udf/truncate.c:208
sp : ffff800020076da0
x29: ffff800020076f80 x28: ffff0000e105a818 x27: 0000000000000200
x26: dfff800000000000 x25: ffff800020076f20 x24: 00000000000000ff
x23: 0000000000000010 x22: ffff800020076ee0 x21: 00000000000000ff
x20: ffff0000e105a7c8 x19: ffff800020076ea0 x18: ffff8000200767a0
x17: ffff80001572d000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: ffff0000d5bf1b40
x11: ff80800009991b88 x10: 0000000000000000 x9 : ffff800009991b88
x8 : ffff0000d5bf1b40 x7 : ffff800009973fe8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : ffff800020076ea8 x1 : 0000000000000200 x0 : 0000000000000000
Call trace:
udf_truncate_extents+0xbf4/0xdc8
udf_do_extend_file+0xae0/0xde0 fs/udf/inode.c:592
inode_getblk fs/udf/inode.c:799 [inline]
udf_get_block+0x1170/0x3f08 fs/udf/inode.c:449
__block_write_begin_int+0x340/0x13b4 fs/buffer.c:1991
__block_write_begin fs/buffer.c:2041 [inline]
block_write_begin+0x98/0x11c fs/buffer.c:2102
udf_write_begin+0x44/0x88 fs/udf/inode.c:212
generic_perform_write+0x278/0x55c mm/filemap.c:3754
__generic_file_write_iter+0x168/0x388 mm/filemap.c:3882
udf_file_write_iter+0x234/0x584 fs/udf/file.c:164
call_write_iter include/linux/fs.h:2205 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x610/0x914 fs/read_write.c:584
ksys_write+0x15c/0x26c fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:646
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 14710
hardirqs last enabled at (14709): [<ffff80000896fe60>] ___slab_alloc+0xd08/0xee0 mm/slub.c:3132
hardirqs last disabled at (14710): [<ffff8000122560d4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (14496): [<ffff800008020ee8>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (14496): [<ffff800008020ee8>] __do_softirq+0xd88/0xff4 kernel/softirq.c:600
softirqs last disabled at (14467): [<ffff80000802b598>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5560 at fs/udf/truncate.c:208 udf_truncate_extents+0xbf4/0xdc8
Modules linked in:
CPU: 1 PID: 5560 Comm: syz-executor120 Tainted: G W 6.1.20-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : udf_truncate_extents+0xbf4/0xdc8
lr : udf_truncate_extents+0xbf0/0xdc8 fs/udf/truncate.c:208
sp : ffff8000200775c0
x29: ffff8000200777a0 x28: ffff0000e105a818 x27: 0000000000000200
x26: dfff800000000000 x25: ffff800020077740 x24: 00000000000000ff
x23: 0000000000000010 x22: ffff800020077700 x21: 00000000000000ff
x20: ffff0000e105a7c8 x19: ffff8000200776c0 x18: 1fffe000368b3d76
x17: ffff80001572d000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: ffff0000d5bf1b40
x11: ff80800009991b88 x10: 0000000000000000 x9 : ffff800009991b88
x8 : ffff0000d5bf1b40 x7 : ffff800009973fe8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : ffff8000200776c8 x1 : 0000000000000200 x0 : 0000000000000000
Call trace:
udf_truncate_extents+0xbf4/0xdc8
udf_write_failed+0x164/0x1b4 fs/udf/inode.c:179
udf_write_begin+0x84/0x88 fs/udf/inode.c:214
generic_perform_write+0x278/0x55c mm/filemap.c:3754
__generic_file_write_iter+0x168/0x388 mm/filemap.c:3882
udf_file_write_iter+0x234/0x584 fs/udf/file.c:164
call_write_iter include/linux/fs.h:2205 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x610/0x914 fs/read_write.c:584
ksys_write+0x15c/0x26c fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__arm64_sys_write+0x7c/0x90 fs/read_write.c:646
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 14902
hardirqs last enabled at (14901): [<ffff80001233903c>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (14901): [<ffff80001233903c>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (14902): [<ffff8000122560d4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (14832): [<ffff800008020ee8>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (14832): [<ffff800008020ee8>] __do_softirq+0xd88/0xff4 kernel/softirq.c:600
softirqs last disabled at (14713): [<ffff80000802b598>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches