syzbot

 sign-in | mailing list | source | docs
🐞 Open [969] Subsystems 🐞 Fixed [4558] 🐞 Invalid [10510] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in nilfs_segctor_do_construct (2)

Status: upstream: reported C repro on 2023/05/15 12:56
Labels: nilfs (incorrect?)
Reported-by: syzbot+33494cd0df2ec2931851@syzkaller.appspotmail.com
Fix commit: nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
Patched on: [], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 20d, last: 20d

Cause bisection: failed (error log, bisect log)
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] nilfs2: fix possible out-of-bounds segment allocation in resize ioctl 1 (1) 2023/05/24 09:43
[syzbot] [nilfs?] WARNING in nilfs_segctor_do_construct (2) 0 (1) 2023/05/15 12:56
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in nilfs_segctor_do_construct nilfs2 C 1 91d 166d 0/1 upstream: reported C repro on 2022/12/18 15:02
linux-5.15 WARNING in nilfs_segctor_do_construct origin:upstream C 1 14d 14d 0/3 upstream: reported C repro on 2023/05/18 16:49
linux-6.1 WARNING in nilfs_segctor_do_construct origin:upstream C 1 19d 19d 0/3 upstream: reported C repro on 2023/05/14 04:14
upstream WARNING in nilfs_segctor_do_construct nilfs C 5 124d 247d 24/24 fixed on 2023/02/24 13:50

Sample crash report:
NILFS (loop1): nilfs_sufile_update: invalid segment number: 52
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5017 at fs/nilfs2/segment.c:1503 nilfs_segctor_collect fs/nilfs2/segment.c:1556 [inline]
WARNING: CPU: 0 PID: 5017 at fs/nilfs2/segment.c:1503 nilfs_segctor_do_construct+0x31e7/0x6d30 fs/nilfs2/segment.c:2070
Modules linked in:

CPU: 0 PID: 5017 Comm: segctord Not tainted 6.4.0-rc1-syzkaller-00133-g9a48d6046722 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
RIP: 0010:nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1503 [inline]
RIP: 0010:nilfs_segctor_collect fs/nilfs2/segment.c:1556 [inline]
RIP: 0010:nilfs_segctor_do_construct+0x31e7/0x6d30 fs/nilfs2/segment.c:2070
Code: ff df 80 3c 08 00 74 08 4c 89 ef e8 03 fb 93 fe 4d 8b 6d 00 4c 3b 6c 24 50 74 31 e8 13 2d 3c fe e9 39 ff ff ff e8 09 2d 3c fe <0f> 0b eb c3 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 44 ff ff ff 4c
RSP: 0018:ffffc90003b7f700 EFLAGS: 00010293

RAX: ffffffff834f3a37 RBX: 00000000ffffffea RCX: ffff888027728000
RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000000
RBP: ffffc90003b7fc30 R08: ffffffff834f39f5 R09: fffff5200076fe51
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000010
R13: ffff888076756dc8 R14: dffffc0000000000 R15: ffff8880765d4e38
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020074000 CR3: 0000000029d7c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nilfs_segctor_construct+0x145/0x8c0 fs/nilfs2/segment.c:2404
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2512 [inline]
 nilfs_segctor_thread+0x53a/0x1140 fs/nilfs2/segment.c:2595
 kthread+0x2b8/0x350 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/13 10:50 upstream 9a48d6046722 2b9ba477 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs WARNING in nilfs_segctor_do_construct
2023/05/13 11:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 2b9ba477 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 WARNING in nilfs_segctor_do_construct
2023/05/13 10:26 upstream 9a48d6046722 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs WARNING in nilfs_segctor_do_construct
* Struck through repros no longer work on HEAD.