syzbot


WARNING in nilfs_segctor_do_construct

Status: fixed on 2023/07/26 10:02
Reported-by: syzbot+35f5977346432055055a@syzkaller.appspotmail.com
Fix commit: 69caea4eed1c nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
First crash: 283d, last: 254d
Fix bisection: fixed by (bisect log) :
commit 69caea4eed1cfb9f9e4373e47ba839958061c0ac
Author: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Date: Wed May 24 09:43:48 2023 +0000

  nilfs2: fix possible out-of-bounds segment allocation in resize ioctl

  
Bug presence (1)
Date Name Commit Repro Result
2023/07/04 upstream (ToT) 24be4d0b46bb C Didn't crash
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in nilfs_segctor_do_construct nilfs2 C 1 356d 430d 0/1 upstream: reported C repro on 2022/12/18 15:02
linux-5.15 WARNING in nilfs_segctor_do_construct C done 2 257d 279d 3/3 fixed on 2023/07/20 13:49
upstream WARNING in nilfs_segctor_do_construct (2) nilfs C error 3 284d 282d 23/26 fixed on 2023/07/04 09:17
upstream WARNING in nilfs_segctor_do_construct nilfs C 5 388d 511d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): nilfs_sufile_update: invalid segment number: 56
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3542 at fs/nilfs2/segment.c:1501 nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
WARNING: CPU: 0 PID: 3542 at fs/nilfs2/segment.c:1501 nilfs_segctor_do_construct+0x3189/0x6cc0 fs/nilfs2/segment.c:2068
Modules linked in:
CPU: 0 PID: 3542 Comm: segctord Not tainted 6.1.33-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
RIP: 0010:nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
RIP: 0010:nilfs_segctor_do_construct+0x3189/0x6cc0 fs/nilfs2/segment.c:2068
Code: ff df 80 3c 08 00 74 08 4c 89 ef e8 41 7b 94 fe 4d 8b 6d 00 4c 3b 6c 24 50 74 31 e8 b1 33 3e fe e9 39 ff ff ff e8 a7 33 3e fe <0f> 0b eb c3 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 44 ff ff ff 4c
RSP: 0018:ffffc90003c9f700 EFLAGS: 00010293
RAX: ffffffff834ba1a9 RBX: 00000000ffffffea RCX: ffff888028d00000
RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000000
RBP: ffffc90003c9fc30 R08: ffffffff834ba167 R09: fffff52000793e55
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000010
R13: ffff888074bc2848 R14: dffffc0000000000 R15: ffff888074b9a160
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f100a5eb718 CR3: 000000001ebc2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/12 12:04 linux-6.1.y 2f3918bc53fb 49519f06 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan WARNING in nilfs_segctor_do_construct
2023/05/14 04:13 linux-6.1.y bf4ad6fa4e53 2b9ba477 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in nilfs_segctor_do_construct
* Struck through repros no longer work on HEAD.