syzbot


WARNING in wnd_add_free_ext

Status: upstream: reported C repro on 2023/08/15 03:08
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+1869f0a6d7c75414e0dd@syzkaller.appspotmail.com
First crash: 486d, last: 56d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: WARNING in wnd_add_free_ext (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2023/11/13 linux-6.1.y (ToT) fb2635ac69ab C [report] WARNING in wnd_add_free_ext
2023/08/15 upstream (ToT) 2ccdd1b13c59 C [report] WARNING in wnd_add_free_ext
2023/11/13 upstream (ToT) b85ea95d0864 C Didn't crash
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in wnd_add_free_ext (3) ntfs3 C done 15 12d 119d 26/28 upstream: reported C repro on 2024/08/15 04:43
linux-5.15 WARNING in wnd_add_free_ext origin:upstream missing-backport C error 2 385d 477d 0/3 upstream: reported C repro on 2023/08/23 21:49
upstream WARNING in wnd_add_free_ext (2) ntfs3 C done done 16 420d 526d 0/28 auto-obsoleted due to no activity on 2024/01/24 12:23
upstream WARNING in wnd_add_free_ext ntfs3 2 692d 716d 0/28 auto-obsoleted due to no activity on 2023/05/20 17:24
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2023/12/17 06:00 1h46m fix candidate upstream OK (0) job log
2023/11/10 16:00 1h48m bisect fix linux-6.1.y OK (0) job log log
2023/10/07 12:35 1h35m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4221 at fs/ntfs3/bitmap.c:216 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
Modules linked in:
CPU: 1 PID: 4221 Comm: syz-executor124 Not tainted 6.1.68-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
sp : ffff80001dd271f0
x29: ffff80001dd27220 x28: 1fffe0001be9f633 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df4fb1b8 x24: ffff0000e2852420
x23: ffff0000df4fb198 x22: 00000000000002a5 x21: ffff0000d87a42d0
x20: ffff0000df4fb180 x19: 00000000000002a5 x18: ffff80001dd26880
x17: ffff8000188a7000 x16: ffff80001213cbac x15: 0000000000000000
x14: 0000000012138d14 x13: 000000000ec700d4 x12: 0000000086a72ee7
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000096620e8
x8 : ffff0000d54b3780 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 00000000ffffffff x3 : 0000000000000a20
x2 : ffff0000c41f1380 x1 : 00000000000002a5 x0 : 00000000000002a5
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
 wnd_set_free+0x468/0x4c4 fs/ntfs3/bitmap.c:756
 mark_as_free_ex+0x138/0x358 fs/ntfs3/fsntfs.c:2447
 run_deallocate_ex+0x1e0/0x4ac fs/ntfs3/attrib.c:149
 attr_set_size+0x10ec/0x3430 fs/ntfs3/attrib.c:758
 ntfs_truncate fs/ntfs3/file.c:494 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:792
 notify_change+0xb58/0xe1c fs/attr.c:499
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2c4/0x36c fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 20064
hardirqs last  enabled at (20063): [<ffff800008b2e4f4>] lookup_bh_lru fs/buffer.c:1291 [inline]
hardirqs last  enabled at (20063): [<ffff800008b2e4f4>] __find_get_block+0x1d0/0xeec fs/buffer.c:1303
hardirqs last disabled at (20064): [<ffff800012138864>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (18946): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (18946): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (18929): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4221 at fs/ntfs3/bitmap.c:216 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
Modules linked in:
CPU: 1 PID: 4221 Comm: syz-executor124 Tainted: G        W          6.1.68-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
sp : ffff80001dd271f0
x29: ffff80001dd27220 x28: 1fffe0001be9f66f x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df4fb398 x24: ffff0000e2852420
x23: ffff0000df4fb378 x22: 00000000000002a5 x21: ffff0000d87a42d0
x20: ffff0000df4fb360 x19: 00000000000002a5 x18: ffff80001dd26880
x17: ffff8000188a7000 x16: ffff80001213cbac x15: ffff800008a30aa4
x14: ffff800008a30980 x13: ffff800008062558 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000096620e8
x8 : ffff0000d54b3780 x7 : 0000000000000000 x6 : ffff800008062558
x5 : ffff0000d0235178 x4 : 00000000ffffffff x3 : 0000000000000a20
x2 : ffff0000c41f1380 x1 : 00000000000002a5 x0 : 00000000000002a5
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
 wnd_set_free+0x468/0x4c4 fs/ntfs3/bitmap.c:756
 mark_as_free_ex+0x1cc/0x358 fs/ntfs3/fsntfs.c:2457
 run_deallocate_ex+0x1e0/0x4ac fs/ntfs3/attrib.c:149
 attr_set_size+0x10ec/0x3430 fs/ntfs3/attrib.c:758
 ntfs_truncate fs/ntfs3/file.c:494 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:792
 notify_change+0xb58/0xe1c fs/attr.c:499
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2c4/0x36c fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 20466
hardirqs last  enabled at (20465): [<ffff80001221cf64>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (20465): [<ffff80001221cf64>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (20466): [<ffff800012138864>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (20182): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (20182): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (20067): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4221 at fs/ntfs3/bitmap.c:216 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
Modules linked in:
CPU: 1 PID: 4221 Comm: syz-executor124 Tainted: G        W          6.1.68-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
lr : wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
sp : ffff80001dd271f0
x29: ffff80001dd27220 x28: 1fffe0001be9f693 x27: dfff800000000000
x26: dfff800000000000 x25: ffff0000df4fb4b8 x24: ffff0000df4fb240
x23: ffff0000df4fb498 x22: 00000000000002f9 x21: ffff0000d87a42d0
x20: ffff0000df4fb480 x19: 00000000000002f9 x18: ffff80001dd26880
x17: ffff8000188a7000 x16: ffff80001213cbac x15: 0000000000000000
x14: 0000000012138d14 x13: 000000000d79dcbf x12: 000000000f74f3bc
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000096620e8
x8 : ffff0000d54b3780 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 00000000ffffffff x3 : 0000000000000a20
x2 : ffff0000c41f1380 x1 : 00000000000002f9 x0 : 00000000000002f9
Call trace:
 wnd_add_free_ext+0x9b0/0xc00 fs/ntfs3/bitmap.c:351
 wnd_set_free+0x468/0x4c4 fs/ntfs3/bitmap.c:756
 mark_as_free_ex+0x1cc/0x358 fs/ntfs3/fsntfs.c:2457
 run_deallocate_ex+0x1e0/0x4ac fs/ntfs3/attrib.c:149
 attr_set_size+0x10ec/0x3430 fs/ntfs3/attrib.c:758
 ntfs_truncate fs/ntfs3/file.c:494 [inline]
 ntfs3_setattr+0x5f8/0x974 fs/ntfs3/file.c:792
 notify_change+0xb58/0xe1c fs/attr.c:499
 do_truncate+0x1c0/0x28c fs/open.c:65
 vfs_truncate+0x2c4/0x36c fs/open.c:111
 do_sys_truncate+0xec/0x1b4 fs/open.c:134
 __do_sys_truncate fs/open.c:146 [inline]
 __se_sys_truncate fs/open.c:144 [inline]
 __arm64_sys_truncate+0x5c/0x70 fs/open.c:144
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 20566
hardirqs last  enabled at (20565): [<ffff800008b2e4f4>] lookup_bh_lru fs/buffer.c:1291 [inline]
hardirqs last  enabled at (20565): [<ffff800008b2e4f4>] __find_get_block+0x1d0/0xeec fs/buffer.c:1303
hardirqs last disabled at (20566): [<ffff800012138864>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (20474): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (20474): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (20469): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/12/18 03:20 linux-6.1.y ba6f5fb46511 3222d10c .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in wnd_add_free_ext
2023/12/01 07:18 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in wnd_add_free_ext
2023/11/13 02:10 linux-6.1.y fb2635ac69ab 6d6dbf8a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in wnd_add_free_ext
2023/08/15 03:28 linux-6.1.y 1321ab403b38 39990d51 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in wnd_add_free_ext
2024/10/17 19:04 linux-6.1.y 54d90d17e8ce 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/17 19:01 linux-6.1.y 54d90d17e8ce 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/16 21:33 linux-6.1.y aa4cd140bba5 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/16 21:29 linux-6.1.y aa4cd140bba5 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/15 00:41 linux-6.1.y aa4cd140bba5 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/12 01:30 linux-6.1.y aa4cd140bba5 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/12 01:17 linux-6.1.y aa4cd140bba5 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/10 05:58 linux-6.1.y aa4cd140bba5 0278d004 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/10 05:58 linux-6.1.y aa4cd140bba5 0278d004 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2024/10/10 05:57 linux-6.1.y aa4cd140bba5 0278d004 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in wnd_add_free_ext
2023/08/15 03:06 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in wnd_add_free_ext
* Struck through repros no longer work on HEAD.