syzbot


WARNING in nilfs_segctor_do_construct (2)

Status: fixed on 2023/07/04 09:17
Subsystems: nilfs
[Documentation on labels]
Reported-by: syzbot+33494cd0df2ec2931851@syzkaller.appspotmail.com
Fix commit: fee5eaecca86 nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
First crash: 348d, last: 348d
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl 1 (1) 2023/05/24 09:43
[syzbot] [nilfs?] WARNING in nilfs_segctor_do_construct (2) 0 (1) 2023/05/15 12:56
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in nilfs_segctor_do_construct nilfs2 C 1 419d 493d 0/1 upstream: reported C repro on 2022/12/18 15:02
linux-5.15 WARNING in nilfs_segctor_do_construct C done 2 321d 342d 3/3 fixed on 2023/07/20 13:49
linux-6.1 WARNING in nilfs_segctor_do_construct C done 2 318d 347d 3/3 fixed on 2023/07/26 10:02
upstream WARNING in nilfs_segctor_do_construct nilfs C 5 452d 575d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
NILFS (loop1): nilfs_sufile_update: invalid segment number: 52
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5017 at fs/nilfs2/segment.c:1503 nilfs_segctor_collect fs/nilfs2/segment.c:1556 [inline]
WARNING: CPU: 0 PID: 5017 at fs/nilfs2/segment.c:1503 nilfs_segctor_do_construct+0x31e7/0x6d30 fs/nilfs2/segment.c:2070
Modules linked in:

CPU: 0 PID: 5017 Comm: segctord Not tainted 6.4.0-rc1-syzkaller-00133-g9a48d6046722 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1503 [inline]
RIP: 0010:nilfs_segctor_collect fs/nilfs2/segment.c:1556 [inline]
RIP: 0010:nilfs_segctor_do_construct+0x31e7/0x6d30 fs/nilfs2/segment.c:2070
Code: ff df 80 3c 08 00 74 08 4c 89 ef e8 03 fb 93 fe 4d 8b 6d 00 4c 3b 6c 24 50 74 31 e8 13 2d 3c fe e9 39 ff ff ff e8 09 2d 3c fe <0f> 0b eb c3 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 44 ff ff ff 4c
RSP: 0018:ffffc90003b7f700 EFLAGS: 00010293

RAX: ffffffff834f3a37 RBX: 00000000ffffffea RCX: ffff888027728000
RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000000
RBP: ffffc90003b7fc30 R08: ffffffff834f39f5 R09: fffff5200076fe51
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000010
R13: ffff888076756dc8 R14: dffffc0000000000 R15: ffff8880765d4e38
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020074000 CR3: 0000000029d7c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nilfs_segctor_construct+0x145/0x8c0 fs/nilfs2/segment.c:2404
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2512 [inline]
 nilfs_segctor_thread+0x53a/0x1140 fs/nilfs2/segment.c:2595
 kthread+0x2b8/0x350 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/13 10:50 upstream 9a48d6046722 2b9ba477 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs WARNING in nilfs_segctor_do_construct
2023/05/13 11:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b9ba477 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 WARNING in nilfs_segctor_do_construct
2023/05/13 10:26 upstream 9a48d6046722 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs WARNING in nilfs_segctor_do_construct
* Struck through repros no longer work on HEAD.