[v6.1] WARNING in udf_free_blocks
4 views
Skip to first unread message
syzbot
Jan 5, 2025, 5:15:24 AM1/5/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7dc732d24ff7 Linux 6.1.123
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12adaedf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=b700290711767e0c
dashboard link: https://syzkaller.appspot.com/bug?extid=ceb5c0f20fb1ee724414
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ad136b42edb/disk-7dc732d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/859a37ce3517/vmlinux-7dc732d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6d506d0fa6c0/bzImage-7dc732d2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ceb5c0...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_add_free_space fs/udf/balloc.c:137 [inline]
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_table_free_blocks fs/udf/balloc.c:397 [inline]
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_free_blocks+0x1d2c/0x21e0 fs/udf/balloc.c:686
Modules linked in:
CPU: 1 PID: 8248 Comm: syz.6.594 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:udf_updated_lvid fs/udf/udfdecl.h:125 [inline]
RIP: 0010:udf_add_free_space fs/udf/balloc.c:137 [inline]
RIP: 0010:udf_table_free_blocks fs/udf/balloc.c:397 [inline]
RIP: 0010:udf_free_blocks+0x1d2c/0x21e0 fs/udf/balloc.c:686
Code: 5e da fe e9 d1 e3 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 3d e4 ff ff 48 89 df e8 be 5e da fe e9 30 e4 ff ff e8 b4 ca 82 fe <0f> 0b e9 c5 ed ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 58 e4
RSP: 0018:ffffc90005da7400 EFLAGS: 00010293
RAX: ffffffff8307d14c RBX: 0000000042028000 RCX: ffff88802cd2d940
RDX: 0000000000000000 RSI: 0000000042028000 RDI: 0000000000000000
RBP: ffffc90005da7610 R08: ffffffff8307bf0b R09: fffffbfff1d360ee
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90005da7530
R13: dffffc0000000000 R14: ffff888029bf001c R15: ffff88804f670158
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f956e6a2f98 CR3: 0000000067a7d000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_discard_prealloc+0x55c/0x860 fs/udf/truncate.c:151
udf_release_file+0xb5/0x120 fs/udf/file.c:236
__fput+0x3f6/0x8d0 fs/file_table.c:320
task_work_run+0x246/0x300 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0xa6e/0x26a0 kernel/exit.c:871
do_group_exit+0x202/0x2b0 kernel/exit.c:1021
get_signal+0x16f7/0x17d0 kernel/signal.c:2871
arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa73bf85db7
Code: Unable to access opcode bytes at 0x7fa73bf85d8d.
RSP: 002b:00007fa73cd9de18 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000001000000 RCX: 00007fa73bf85db7
RDX: 0000000000000000 RSI: 0000000008400000 RDI: 00007fa7317f7000
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000001f675
R10: 0000000020000002 R11: 0000000000000246 R12: 0000000000000009
R13: 00007fa73cd9def0 R14: 00007fa73cd9deb0 R15: 00007fa7317f7000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7dc732d24ff7 Linux 6.1.123
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12adaedf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=b700290711767e0c
dashboard link: https://syzkaller.appspot.com/bug?extid=ceb5c0f20fb1ee724414
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ad136b42edb/disk-7dc732d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/859a37ce3517/vmlinux-7dc732d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6d506d0fa6c0/bzImage-7dc732d2.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ceb5c0...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_add_free_space fs/udf/balloc.c:137 [inline]
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_table_free_blocks fs/udf/balloc.c:397 [inline]
WARNING: CPU: 1 PID: 8248 at fs/udf/udfdecl.h:127 udf_free_blocks+0x1d2c/0x21e0 fs/udf/balloc.c:686
Modules linked in:
CPU: 1 PID: 8248 Comm: syz.6.594 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:udf_updated_lvid fs/udf/udfdecl.h:125 [inline]
RIP: 0010:udf_add_free_space fs/udf/balloc.c:137 [inline]
RIP: 0010:udf_table_free_blocks fs/udf/balloc.c:397 [inline]
RIP: 0010:udf_free_blocks+0x1d2c/0x21e0 fs/udf/balloc.c:686
Code: 5e da fe e9 d1 e3 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 3d e4 ff ff 48 89 df e8 be 5e da fe e9 30 e4 ff ff e8 b4 ca 82 fe <0f> 0b e9 c5 ed ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 58 e4
RSP: 0018:ffffc90005da7400 EFLAGS: 00010293
RAX: ffffffff8307d14c RBX: 0000000042028000 RCX: ffff88802cd2d940
RDX: 0000000000000000 RSI: 0000000042028000 RDI: 0000000000000000
RBP: ffffc90005da7610 R08: ffffffff8307bf0b R09: fffffbfff1d360ee
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90005da7530
R13: dffffc0000000000 R14: ffff888029bf001c R15: ffff88804f670158
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f956e6a2f98 CR3: 0000000067a7d000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udf_discard_prealloc+0x55c/0x860 fs/udf/truncate.c:151
udf_release_file+0xb5/0x120 fs/udf/file.c:236
__fput+0x3f6/0x8d0 fs/file_table.c:320
task_work_run+0x246/0x300 kernel/task_work.c:203
exit_task_work include/linux/task_work.h:39 [inline]
do_exit+0xa6e/0x26a0 kernel/exit.c:871
do_group_exit+0x202/0x2b0 kernel/exit.c:1021
get_signal+0x16f7/0x17d0 kernel/signal.c:2871
arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa73bf85db7
Code: Unable to access opcode bytes at 0x7fa73bf85d8d.
RSP: 002b:00007fa73cd9de18 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
RAX: 0000000000000000 RBX: 0000000001000000 RCX: 00007fa73bf85db7
RDX: 0000000000000000 RSI: 0000000008400000 RDI: 00007fa7317f7000
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000001f675
R10: 0000000020000002 R11: 0000000000000246 R12: 0000000000000009
R13: 00007fa73cd9def0 R14: 00007fa73cd9deb0 R15: 00007fa7317f7000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 15, 2025, 6:15:14 AM4/15/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages