WARNING in udf_truncate_extents

WARNING in udf_truncate_extents

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    da690031 Merge branch 'i2c/for-current' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=172e2ef0500000
kernel config:  https://syzkaller.appspot.com/x/.config?x=de7f697da23057c7
dashboard link: https://syzkaller.appspot.com/bug?extid=43fc5ba6dcb33e3261ca
compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10ce0a8b900000

The issue was bisected to:

commit 2004bfdef945fe55196db6b9cdf321fbc75bb0de
Author: Bart Van Assche <bvanassche@acm.org>
Date:   Tue Mar 10 04:26:21 2020 +0000

    null_blk: Fix the null_add_dev() error path

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10110920500000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=12110920500000
console output: https://syzkaller.appspot.com/x/log.txt?x=14110920500000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+43fc5ba6dcb33e3261ca@syzkaller.appspotmail.com
Fixes: 2004bfdef945 ("null_blk: Fix the null_add_dev() error path")

UDF-fs: Scanning with blocksize 512 failed
UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000)
------------[ cut here ]------------
WARNING: CPU: 1 PID: 17858 at fs/udf/truncate.c:226 udf_truncate_extents+0xf74/0x1120 fs/udf/truncate.c:226
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 17858 Comm: syz-executor.5 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d6/0x29e lib/dump_stack.c:118
 panic+0x2c0/0x800 kernel/panic.c:231
 __warn+0x227/0x250 kernel/panic.c:600
 report_bug+0x1b1/0x2e0 lib/bug.c:198
 handle_bug+0x42/0x80 arch/x86/kernel/traps.c:234
 exc_invalid_op+0x16/0x40 arch/x86/kernel/traps.c:254
 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:udf_truncate_extents+0xf74/0x1120 fs/udf/truncate.c:226
Code: 24 14 18 00 00 00 43 80 3c 2f 00 0f 85 63 fe ff ff e9 6b fe ff ff e8 2b 9a cd fe bb fb ff ff ff e9 27 ff ff ff e8 1c 9a cd fe <0f> 0b e9 1b ff ff ff 89 d9 80 e1 07 38 c1 0f 8c 59 f1 ff ff 48 89
RSP: 0018:ffffc90005ea7a08 EFLAGS: 00010293
RAX: ffffffff82a763d4 RBX: 0000000000000000 RCX: ffff888077582040
RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000000
RBP: 0000000000000400 R08: ffffffff82a757a8 R09: ffffffff82a54d54
R10: 0000000000000002 R11: ffff888077582040 R12: 0000000005ea7aff
R13: 00000000000c2000 R14: 0000000000000308 R15: 1ffff1100e577c10
 udf_write_failed fs/udf/inode.c:176 [inline]
 udf_write_begin+0x1e2/0x210 fs/udf/inode.c:211
 generic_perform_write+0x23b/0x4e0 mm/filemap.c:3505
 __generic_file_write_iter+0x22b/0x4e0 mm/filemap.c:3634
 udf_file_write_iter+0x339/0x4e0 fs/udf/file.c:169
 do_iter_readv_writev+0x4f9/0x6c0 include/linux/fs.h:1876
 do_iter_write+0x164/0x610 fs/read_write.c:1026
 vfs_writev fs/read_write.c:1099 [inline]
 do_pwritev+0x234/0x430 fs/read_write.c:1196
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45de59
Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f4cc0709c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
RAX: ffffffffffffffda RBX: 0000000000026400 RCX: 000000000045de59
RDX: 0000000000000001 RSI: 00000000200014c0 RDI: 0000000000000003
RBP: 000000000118bf70 R08: 0000000000000020 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fffd7780fdf R14: 00007f4cc070a9c0 R15: 000000000118bf2c
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Re: WARNING in udf_truncate_extents

[Bart Van Assche]

On 10/12/20 6:20 AM, syzbot wrote:
> dashboard link: https://syzkaller.appspot.com/bug?extid=43fc5ba6dcb33e3261ca
> compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10ce0a8b900000
> 
> The issue was bisected to:
> 
> commit 2004bfdef945fe55196db6b9cdf321fbc75bb0de
> Author: Bart Van Assche <bvanassche@acm.org>
> Date:   Tue Mar 10 04:26:21 2020 +0000
> 
>     null_blk: Fix the null_add_dev() error path

#syz wrong-bisect

Re: Re: WARNING in udf_truncate_extents

[syzbot]

> On 10/12/20 6:20 AM, syzbot wrote:
>> dashboard link: https://syzkaller.appspot.com/bug?extid=43fc5ba6dcb33e3261ca
>> compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10ce0a8b900000
>> 
>> The issue was bisected to:
>> 
>> commit 2004bfdef945fe55196db6b9cdf321fbc75bb0de
>> Author: Bart Van Assche <bvanassche@acm.org>
>> Date:   Tue Mar 10 04:26:21 2020 +0000
>> 
>>     null_blk: Fix the null_add_dev() error path
>
> #syz wrong-bisect

unknown command "wrong-bisect"

Re: Re: WARNING in udf_truncate_extents

[syzbot]

> On 10/12/20 6:20 AM, syzbot wrote:
>> dashboard link: https://syzkaller.appspot.com/bug?extid=43fc5ba6dcb33e3261ca
>> compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10ce0a8b900000
>> 
>> The issue was bisected to:
>> 
>> commit 2004bfdef945fe55196db6b9cdf321fbc75bb0de
>> Author: Bart Van Assche <bvanassche@acm.org>
>> Date:   Tue Mar 10 04:26:21 2020 +0000
>> 
>>     null_blk: Fix the null_add_dev() error path
>
> #syz wrong-bisect

unknown command "wrong-bisect"

>
> -- 
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/2765fd98-7101-832e-2b34-72bd8c5ecf22%40acm.org.

Re: [syzbot] WARNING in udf_truncate_extents

[syzbot]

syzbot has found a reproducer for the following issue on:

HEAD commit:    4899a36f91a9 Merge tag 'powerpc-6.1-1' of git://git.kernel..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=10260ea4880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=e2021a61197ebe02
dashboard link: https://syzkaller.appspot.com/bug?extid=43fc5ba6dcb33e3261ca
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=154bdf0a880000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1548ca78880000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a98722ff83f/disk-4899a36f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/7a31d6690395/vmlinux-4899a36f.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/a6d9d98c8bd8/mount_0.gz

The issue was bisected to:

commit 2004bfdef945fe55196db6b9cdf321fbc75bb0de
Author: Bart Van Assche <bvanassche@acm.org>
Date:   Tue Mar 10 04:26:21 2020 +0000

    null_blk: Fix the null_add_dev() error path

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10110920500000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=12110920500000
console output: https://syzkaller.appspot.com/x/log.txt?x=14110920500000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+43fc5ba6dcb33e3261ca@syzkaller.appspotmail.com
Fixes: 2004bfdef945 ("null_blk: Fix the null_add_dev() error path")

loop0: detected capacity change from 0 to 2048
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3622 at fs/udf/truncate.c:226 udf_truncate_extents+0x844/0x930 fs/udf/truncate.c:226
Modules linked in:
CPU: 1 PID: 3622 Comm: syz-executor198 Not tainted 6.0.0-syzkaller-09413-g4899a36f91a9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:udf_truncate_extents+0x844/0x930 fs/udf/truncate.c:226
Code: 84 d2 74 05 e8 bd db f2 fe 8b 44 24 20 be 07 00 00 00 48 89 df 89 83 cc fe ff ff e8 56 ec 0d ff e9 a5 fd ff ff e8 0c c5 a5 fe <0f> 0b e9 1f fe ff ff e8 00 c5 a5 fe 0f 0b 48 8b 7c 24 18 e8 24 db
RSP: 0018:ffffc900040ef9d8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88806fc3d4a0 RCX: 0000000000000000
RDX: ffff88801dc10000 RSI: ffffffff82d58224 RDI: 0000000000000007
RBP: ffffc900040efac0 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: 000000000008c07c R12: ffffc900040efa80
R13: 0000000000000200 R14: 00000000000000ff R15: ffff88807e738000
FS:  000055555697f300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000e000 CR3: 000000001bebe000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 udf_write_failed.isra.0+0x173/0x1c0 fs/udf/inode.c:179
 udf_write_begin+0x7f/0xa0 fs/udf/inode.c:214
 generic_perform_write+0x246/0x560 mm/filemap.c:3745
 __generic_file_write_iter+0x2aa/0x4d0 mm/filemap.c:3873
 udf_file_write_iter+0x2cc/0x650 fs/udf/file.c:170
 call_write_iter include/linux/fs.h:2190 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x9e9/0xdd0 fs/read_write.c:584
 ksys_write+0x127/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f305ad3c8f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff2d740688 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000200001c0 RCX: 00007f305ad3c8f9
RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007fff2d7406b0 R09: 00007fff2d7406b0
R10: 00007fff2d740560 R11: 0000000000000246 R12: 00007fff2d7406ac
R13: 00007fff2d7406e0 R14: 00007fff2d7406c0 R15: 0000000000000009
 </TASK>

Re: WARNING in udf_truncate_extents

[Jan Kara]

Hello!

On Thu 16-02-23 21:44:45, Sanan Hasanov wrote:
> We found a bug using a modified kernel configuration file used by syzbot.
> 
> We enhanced the coverage of the configuration file using our tool, klocalizer.
> 
> Kernel Branch: 6.2.0-rc6-next-20230203
> Kernel config: https://drive.google.com/file/d/1jWHyzy2KABqlRawd3FO2V2ZVNoMWpkZu/view?usp=share_link
> C Reproducer: https://drive.google.com/file/d/1zH4AtT1D3O-vqihwMy-kxrFW6Rni6bZ_/view?usp=share_link

Hum, so looking into the reproducer I don't see how it could trigger the
warning below because the reproducer just mounts UDF image and then forks
64 processes. In particular there is no write happening to the UDF
filesystem shown in the stacktrace. Are you sure this reproducer indeed
triggers this warning for you?

								Honza

> ------------[ cut here ]------------
> WARNING: CPU: 6 PID: 10426 at fs/udf/truncate.c:208 udf_truncate_extents+0x8a9/0x9d0
> Modules linked in:
> CPU: 6 PID: 10426 Comm: syz-executor.3 Not tainted 6.2.0-rc6-next-20230203 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> RIP: 0010:udf_truncate_extents+0x8a9/0x9d0
> Code: 84 d2 74 05 e8 e8 1e f9 fe 8b 44 24 20 be 07 00 00 00 48 89 df 89 83 cc fe ff ff e8 61 0b 13 ff e9 a5 fd ff ff e8 b7 23 aa fe <0f> 0b e9 1f fe ff ff e8 ab 23 aa fe 0f 0b 48 8b 7c 24 08 48 89 74
> RSP: 0000:ffffc9000c6f7050 EFLAGS: 00010293
> RAX: 0000000000000000 RBX: ffff888045252160 RCX: 0000000000000000
> RDX: ffff888114e53900 RSI: ffffffff82d5b399 RDI: 0000000000000007
> RBP: ffffc9000c6f7140 R08: 0000000000000007 R09: 0000000000000000
> R10: 0000000000000350 R11: 0000000000000001 R12: ffff8880530de000
> R13: 0000000000000350 R14: 00000000000000ff R15: ffffc9000c6f7100
> FS:  00007f601837e700(0000) GS:ffff888119f00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000000001ffffe40 CR3: 000000004c1b1000 CR4: 0000000000350ee0
> Call Trace:
>  <TASK>
>  udf_write_failed.isra.0+0x173/0x1c0
>  udf_write_begin+0x2c5/0x370
>  generic_perform_write+0x259/0x580
>  __generic_file_write_iter+0x2ae/0x500
>  udf_file_write_iter+0x233/0x740
>  __kernel_write_iter+0x262/0x7a0
>  __kernel_write+0xc9/0x110
>  dump_emit+0x21d/0x340
>  elf_core_dump+0x215c/0x3720
>  do_coredump+0x2d30/0x3ce0
>  get_signal+0x1c11/0x25c0
>  arch_do_signal_or_restart+0x79/0x5a0
>  exit_to_user_mode_prepare+0x11f/0x240
>  irqentry_exit_to_user_mode+0x9/0x30
>  asm_exc_general_protection+0x26/0x30
> RIP: 0033:0x7f601728edd5
> Code: 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 84
> RSP: 002b:0000000020000040 EFLAGS: 00010217
> RAX: 0000000000000000 RBX: 00007f60173bc120 RCX: 00007f601728edcd
> RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
> RBP: 00007f60172fc59c R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
> R13: 00007ffc959cbaaf R14: 00007ffc959cbc50 R15: 00007f601837dd80
>  </TASK>
> irq event stamp: 1369
> hardirqs last  enabled at (1379): [<ffffffff81643788>] __up_console_sem+0x78/0x80
> hardirqs last disabled at (1388): [<ffffffff8164376d>] __up_console_sem+0x5d/0x80
> softirqs last  enabled at (490): [<ffffffff814b2d7d>] __irq_exit_rcu+0x11d/0x190
> softirqs last disabled at (351): [<ffffffff814b2d7d>] __irq_exit_rcu+0x11d/0x190
> ---[ end trace 0000000000000000 ]---
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

WARNING in udf_truncate_extents

[Sanan Hasanov]

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel Branch: 6.2.0-rc6-next-20230203
Kernel config: https://drive.google.com/file/d/1jWHyzy2KABqlRawd3FO2V2ZVNoMWpkZu/view?usp=share_link
C Reproducer: https://drive.google.com/file/d/1zH4AtT1D3O-vqihwMy-kxrFW6Rni6bZ_/view?usp=share_link

Thank you!

Best regards,
Sanan Hasanov

------------[ cut here ]------------
WARNING: CPU: 6 PID: 10426 at fs/udf/truncate.c:208 udf_truncate_extents+0x8a9/0x9d0
Modules linked in:
CPU: 6 PID: 10426 Comm: syz-executor.3 Not tainted 6.2.0-rc6-next-20230203 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:udf_truncate_extents+0x8a9/0x9d0
Code: 84 d2 74 05 e8 e8 1e f9 fe 8b 44 24 20 be 07 00 00 00 48 89 df 89 83 cc fe ff ff e8 61 0b 13 ff e9 a5 fd ff ff e8 b7 23 aa fe <0f> 0b e9 1f fe ff ff e8 ab 23 aa fe 0f 0b 48 8b 7c 24 08 48 89 74
RSP: 0000:ffffc9000c6f7050 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888045252160 RCX: 0000000000000000
RDX: ffff888114e53900 RSI: ffffffff82d5b399 RDI: 0000000000000007
RBP: ffffc9000c6f7140 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000350 R11: 0000000000000001 R12: ffff8880530de000
R13: 0000000000000350 R14: 00000000000000ff R15: ffffc9000c6f7100
FS:  00007f601837e700(0000) GS:ffff888119f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000001ffffe40 CR3: 000000004c1b1000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 udf_write_failed.isra.0+0x173/0x1c0
 udf_write_begin+0x2c5/0x370
 generic_perform_write+0x259/0x580
 __generic_file_write_iter+0x2ae/0x500
 udf_file_write_iter+0x233/0x740
 __kernel_write_iter+0x262/0x7a0
 __kernel_write+0xc9/0x110
 dump_emit+0x21d/0x340
 elf_core_dump+0x215c/0x3720
 do_coredump+0x2d30/0x3ce0
 get_signal+0x1c11/0x25c0
 arch_do_signal_or_restart+0x79/0x5a0
 exit_to_user_mode_prepare+0x11f/0x240
 irqentry_exit_to_user_mode+0x9/0x30
 asm_exc_general_protection+0x26/0x30
RIP: 0033:0x7f601728edd5
Code: 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 84
RSP: 002b:0000000020000040 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f60173bc120 RCX: 00007f601728edcd
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 00007f60172fc59c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc959cbaaf R14: 00007ffc959cbc50 R15: 00007f601837dd80
 </TASK>
irq event stamp: 1369
hardirqs last  enabled at (1379): [<ffffffff81643788>] __up_console_sem+0x78/0x80
hardirqs last disabled at (1388): [<ffffffff8164376d>] __up_console_sem+0x5d/0x80
softirqs last  enabled at (490): [<ffffffff814b2d7d>] __irq_exit_rcu+0x11d/0x190
softirqs last disabled at (351): [<ffffffff814b2d7d>] __irq_exit_rcu+0x11d/0x190
---[ end trace 0000000000000000 ]---