syzbot

 sign-in | mailing list | source | docs
🐞 Open [826]
🐞 Fixed [84]
🐞 Invalid [1073]
Missing Backports [127]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in wnd_add_free_ext

Status: upstream: reported C repro on 2023/08/23 21:49
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+124a57fd3102943d5c15@syzkaller.appspotmail.com
First crash: 798d, last: 10d
Fix bisection: failed (error log, bisect log)
  
Bug presence (3)
Date Name Commit Repro Result
2023/11/23 linux-5.15.y (ToT) 2a910f4af54d C [report] WARNING in wnd_add_free_ext
2023/08/25 upstream (ToT) f8d6ff449094 C [report] WARNING in wnd_add_free_ext
2023/11/23 upstream (ToT) 9b6de136b5f0 C Didn't crash
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in wnd_add_free_ext (3) ntfs3 -1 C done 19 205d 441d 28/29 fixed on 2025/05/06 15:33
linux-6.1 WARNING in wnd_add_free_ext origin:upstream missing-backport -1 C inconclusive 15 377d 807d 0/3 upstream: reported C repro on 2023/08/15 03:08
upstream WARNING in wnd_add_free_ext (4) ntfs3 -1 7 51d 133d 0/29 upstream: reported on 2025/06/19 08:12
upstream WARNING in wnd_add_free_ext (2) ntfs3 -1 C done done 16 742d 848d 0/29 auto-obsoleted due to no activity on 2024/01/24 12:23
upstream WARNING in wnd_add_free_ext ntfs3 -1 2 1014d 1038d 0/29 auto-obsoleted due to no activity on 2023/05/20 17:24
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/10/19 23:53 10m retest repro linux-5.15.y report log
2025/08/09 15:42 11m retest repro linux-5.15.y report log
2025/05/28 05:53 11m retest repro linux-5.15.y report log
2025/03/14 01:02 13m retest repro linux-5.15.y report log
2025/01/02 03:58 11m retest repro linux-5.15.y report log
2024/10/15 01:01 0m retest repro linux-5.15.y error
Fix bisection attempts (9)
Created Duration User Patch Repo Result
2025/07/13 21:38 3m fix candidate upstream error job log
2025/05/03 02:12 1m fix candidate upstream error job log
2025/03/05 12:00 3m fix candidate upstream error job log
2025/01/29 12:48 1h27m fix candidate upstream error job log
2024/08/04 03:20 1m fix candidate upstream error job log
2024/03/26 03:32 0m fix candidate upstream error job log
2024/02/10 10:34 1m fix candidate upstream error job log
2023/12/31 03:30 1m fix candidate upstream error job log
2023/10/11 16:58 5m bisect fix linux-5.15.y error job log

Sample crash report:
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Not tainted 5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8be87 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f458 x24: ffff0000df45f3c0
x23: ffff0000df45f438 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f420 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000086d730c
x14: 00000000ffff8000 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x178/0x1f4 fs/ntfs3/fsntfs.c:2482
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 31410
hardirqs last  enabled at (31409): [<ffff800008a67e50>] lookup_bh_lru fs/buffer.c:1294 [inline]
hardirqs last  enabled at (31409): [<ffff800008a67e50>] __find_get_block+0x1d0/0xdd4 fs/buffer.c:1306
hardirqs last disabled at (31410): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (30716): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (30716): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (30705): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (30705): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (30705): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3a ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Tainted: G        W         5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8be93 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f4b8 x24: ffff0000df45f3c0
x23: ffff0000df45f498 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f480 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000086d730c
x14: 00000000ffff8000 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x178/0x1f4 fs/ntfs3/fsntfs.c:2482
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 31994
hardirqs last  enabled at (31993): [<ffff800008a67e50>] lookup_bh_lru fs/buffer.c:1294 [inline]
hardirqs last  enabled at (31993): [<ffff800008a67e50>] __find_get_block+0x1d0/0xdd4 fs/buffer.c:1306
hardirqs last disabled at (31994): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (31636): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (31636): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (31413): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (31413): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (31413): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3b ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Tainted: G        W         5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8be9f x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f518 x24: ffff0000df45f3c0
x23: ffff0000df45f4f8 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f4e0 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000086d730c
x14: 00000000ffff8000 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x178/0x1f4 fs/ntfs3/fsntfs.c:2482
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 32382
hardirqs last  enabled at (32381): [<ffff800008a67e50>] lookup_bh_lru fs/buffer.c:1294 [inline]
hardirqs last  enabled at (32381): [<ffff800008a67e50>] __find_get_block+0x1d0/0xdd4 fs/buffer.c:1306
hardirqs last disabled at (32382): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (32016): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (32016): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (31997): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (31997): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (31997): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3c ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Tainted: G        W         5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8beab x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f578 x24: ffff0000df45f3c0
x23: ffff0000df45f558 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f540 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000086d730c
x14: 00000000ffff8000 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x178/0x1f4 fs/ntfs3/fsntfs.c:2482
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 32774
hardirqs last  enabled at (32773): [<ffff800008a67e50>] lookup_bh_lru fs/buffer.c:1294 [inline]
hardirqs last  enabled at (32773): [<ffff800008a67e50>] __find_get_block+0x1d0/0xdd4 fs/buffer.c:1306
hardirqs last disabled at (32774): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (32400): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (32400): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (32385): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (32385): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (32385): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3d ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Tainted: G        W         5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8beb7 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f5d8 x24: ffff0000df45f3c0
x23: ffff0000df45f5b8 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f5a0 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000086d730c
x14: 00000000ffff8000 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x178/0x1f4 fs/ntfs3/fsntfs.c:2482
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 33176
hardirqs last  enabled at (33175): [<ffff800008a67e50>] lookup_bh_lru fs/buffer.c:1294 [inline]
hardirqs last  enabled at (33175): [<ffff800008a67e50>] __find_get_block+0x1d0/0xdd4 fs/buffer.c:1306
hardirqs last disabled at (33176): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (32790): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (32790): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (32777): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (32777): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (32777): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3e ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3964 at fs/ntfs3/bitmap.c:221 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
Modules linked in:
CPU: 1 PID: 3964 Comm: syz-executor349 Tainted: G        W         5.15.127-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
sp : ffff80001cfe7220
x29: ffff80001cfe7250 x28: 1fffe0001be8bec3 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df45f638 x24: ffff0000df45f3c0
x23: ffff0000df45f618 x22: 00000000000001e7 x21: ffff0000c2c182d0
x20: ffff0000df45f600 x19: 00000000000001e7 x18: 0000000000000000
x17: ff808000086d730c x16: ffff800011967c34 x15: ffff8000089645ac
x14: ffff800008964488 x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009578490 x10: 0000000000000000 x9 : ffff800009578490
x8 : ffff0000c89cb680 x7 : 0000000000000000 x6 : ffff80000805cbac
x5 : ffff0000d65a71e8 x4 : 0000000000000060 x3 : 0000000000000040
x2 : ffffffffffffffc0 x1 : 00000000000001e7 x0 : 00000000000001e7
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:356
 wnd_set_free+0x4ac/0x508 fs/ntfs3/bitmap.c:760
 mark_as_free_ex+0x1c4/0x1f4 fs/ntfs3/fsntfs.c:2492
 run_deallocate_ex+0x1d4/0x49c fs/ntfs3/attrib.c:147
 attr_set_size+0xd08/0x2bdc fs/ntfs3/attrib.c:679
 ntfs_truncate fs/ntfs3/file.c:496 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:771
 notify_change+0xac4/0xd60 fs/attr.c:488
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2e0/0x388 fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 33592
hardirqs last  enabled at (33591): [<ffff800011a3d938>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (33591): [<ffff800011a3d938>] _raw_spin_unlock_irqrestore+0xac/0x158 kernel/locking/spinlock.c:194
hardirqs last disabled at (33592): [<ffff8000119632c8>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last  enabled at (33202): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (33202): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (33179): [<ffff8000081b56a0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (33179): [<ffff8000081b56a0>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (33179): [<ffff8000081b56a0>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:637
---[ end trace ee86f56678fa7a3f ]---
ntfs3: loop0: ntfs_evict_inode r=5 failed, -22.

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/23 22:15 linux-5.15.y f6f7927ac664 b81ca3f6 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 WARNING in wnd_add_free_ext
2023/08/23 21:48 linux-5.15.y f6f7927ac664 b81ca3f6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 WARNING in wnd_add_free_ext
* Struck through repros no longer work on HEAD.