bisecting fixing commit since fa33f9094f36943ea32f7fbe323293b62e96151d building syzkaller on 45a13a7381e60020d94d037d88a75727984b7a9a testing commit fa33f9094f36943ea32f7fbe323293b62e96151d compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: e90a4c987c16340aaed1faa0ac2bea4231d610100f9072f7bf14207b5508b107 run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: WARNING in udf_truncate_extents run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: WARNING in udf_truncate_extents run #10: crashed: unregister_netdevice: waiting for DEV to become free run #11: crashed: WARNING in udf_truncate_extents run #12: crashed: unregister_netdevice: waiting for DEV to become free run #13: crashed: unregister_netdevice: waiting for DEV to become free run #14: crashed: unregister_netdevice: waiting for DEV to become free run #15: crashed: unregister_netdevice: waiting for DEV to become free run #16: crashed: unregister_netdevice: waiting for DEV to become free run #17: crashed: unregister_netdevice: waiting for DEV to become free run #18: crashed: unregister_netdevice: waiting for DEV to become free run #19: crashed: unregister_netdevice: waiting for DEV to become free testing current HEAD 74766a973637a02c32c04c1c6496e114e4855239 testing commit 74766a973637a02c32c04c1c6496e114e4855239 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: 87cea79eac1903c8c3a9924fc7a9733e986a28bd5dde0116b0975d39623e806b run #0: crashed: WARNING in udf_truncate_extents run #1: crashed: unregister_netdevice: waiting for DEV to become free run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: WARNING in udf_truncate_extents run #9: crashed: unregister_netdevice: waiting for DEV to become free revisions tested: 2, total time: 29m58.597965917s (build: 22m43.801489644s, test: 6m36.8034843s) the crash still happens on HEAD commit msg: Linux 4.14.275 crash: unregister_netdevice: waiting for DEV to become free IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready syz-executor.0 (7979) used greatest stack depth: 24160 bytes left can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2020/09/19 18:44 (1000) audit: type=1804 audit(1649046886.964:2): pid=8314 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 audit: type=1800 audit(1649046886.964:3): pid=8314 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor208" name="bus" dev="loop0" ino=1312 res=0 audit: type=1804 audit(1649046886.964:4): pid=8314 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 audit: type=1804 audit(1649046887.104:5): pid=8321 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 attempt to access beyond end of device loop0: rw=2049, want=3205, limit=2816 audit: type=1804 audit(1649046887.104:6): pid=8321 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 Buffer I/O error on dev loop0, logical block 3204, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3307, limit=2816 Buffer I/O error on dev loop0, logical block 3306, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3329, limit=2816 Buffer I/O error on dev loop0, logical block 3328, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3330, limit=2816 Buffer I/O error on dev loop0, logical block 3329, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3331, limit=2816 Buffer I/O error on dev loop0, logical block 3330, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3332, limit=2816 Buffer I/O error on dev loop0, logical block 3331, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3333, limit=2816 Buffer I/O error on dev loop0, logical block 3332, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3434, limit=2816 Buffer I/O error on dev loop0, logical block 3433, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3458, limit=2816 Buffer I/O error on dev loop0, logical block 3457, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3462, limit=2816 Buffer I/O error on dev loop0, logical block 3461, lost async page write attempt to access beyond end of device loop0: rw=2049, want=3562, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3587, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3590, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3690, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3713, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3716, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3718, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3818, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3841, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3842, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3844, limit=2816 audit: type=1804 audit(1649046887.524:7): pid=8325 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 audit: type=1804 audit(1649046887.544:8): pid=8325 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 attempt to access beyond end of device loop0: rw=2049, want=4353, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4356, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4357, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4358, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4458, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4481, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4483, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4484, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4485, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4486, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4586, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4615, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4714, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4738, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4743, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4842, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4865, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4866, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4867, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4871, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4971, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4993, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4996, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=4999, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=5098, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=5119, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=5120, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=5122, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=5123, limit=2816 audit: type=1804 audit(1649046887.944:9): pid=8329 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 audit: type=1804 audit(1649046887.944:10): pid=8329 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 audit: type=1804 audit(1649046888.024:11): pid=8333 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor208" name="/root/file0/bus" dev="loop0" ino=1312 res=1 attempt to access beyond end of device loop0: rw=2049, want=2819, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=2820, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=2922, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=2946, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=2949, limit=2816 attempt to access beyond end of device loop0: rw=2049, want=3052, limit=2816 ------------[ cut here ]------------ WARNING: CPU: 1 PID: 8337 at fs/udf/truncate.c:226 udf_truncate_extents+0x563/0x810 fs/udf/truncate.c:226