syzbot


WARNING in ext2_get_group_desc

Status: fixed on 2023/02/24 13:50
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+d273f7d7f58afd93be48@syzkaller.appspotmail.com
Fix commit: fa78f3369372 ext2: Add more validity checks for inode counts
First crash: 682d, last: 682d
Discussions (17)
Title Replies (including bot) Last reply
[PATCH 5.4 000/389] 5.4.211-rc1 review 396 (396) 2022/10/26 16:43
[PATCH 5.15 000/779] 5.15.61-rc1 review 804 (804) 2022/09/23 09:30
[PATCH 5.10 000/545] 5.10.137-rc1 review 570 (570) 2022/08/29 08:17
[PATCH 4.19 000/287] 4.19.256-rc1 review 298 (298) 2022/08/25 10:11
[PATCH 4.14 000/229] 4.14.291-rc1 review 232 (232) 2022/08/24 06:23
[PATCH 5.18 0000/1095] 5.18.18-rc1 review 1101 (1101) 2022/08/21 13:22
[PATCH 5.19 0000/1157] 5.19.2-rc1 review 1184 (1184) 2022/08/21 08:05
[PATCH AUTOSEL 4.19 01/16] arm64: Do not forget syscall when starting a new thread. 17 (17) 2022/08/13 13:44
[PATCH AUTOSEL 5.19 01/58] x86: Handle idle=nomwait cmdline properly for x86_idle 59 (59) 2022/08/09 14:01
[PATCH AUTOSEL 5.15 01/45] x86: Handle idle=nomwait cmdline properly for x86_idle 45 (45) 2022/08/08 18:44
[PATCH AUTOSEL 4.9 1/8] arm64: fix oops in concurrently setting insn_emulation sysctls 8 (8) 2022/08/08 01:40
[PATCH AUTOSEL 4.14 01/12] arm64: Do not forget syscall when starting a new thread. 12 (12) 2022/08/08 01:39
[PATCH AUTOSEL 5.4 01/23] x86: Handle idle=nomwait cmdline properly for x86_idle 23 (23) 2022/08/08 01:38
[PATCH AUTOSEL 5.10 01/29] x86: Handle idle=nomwait cmdline properly for x86_idle 28 (28) 2022/08/08 01:37
[PATCH AUTOSEL 5.18 01/53] x86: Handle idle=nomwait cmdline properly for x86_idle 52 (52) 2022/08/08 01:33
[PATCH] ext2: Add more validity checks for inode counts 1 (1) 2022/07/26 11:23
[syzbot] WARNING in ext2_get_group_desc 0 (1) 2022/07/21 08:16

Sample crash report:
loop1: detected capacity change from 0 to 20
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3999 at fs/ext2/balloc.c:51 ext2_get_group_desc+0x88/0xb4 fs/ext2/balloc.c:51
block_group >= groups_count - block_group = 1, groups_count = 1
Modules linked in:
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3999 Comm: syz-executor.1 Not tainted 5.19.0-rc6-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<816f379c>] (dump_backtrace) from [<816f3acc>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:253)
 r7:81d72500 r6:82422fec r5:60000093 r4:81d80550
[<816f3ab4>] (show_stack) from [<816fc3f8>] (__dump_stack lib/dump_stack.c:88 [inline])
[<816f3ab4>] (show_stack) from [<816fc3f8>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106)
[<816fc3b0>] (dump_stack_lvl) from [<816fc41c>] (dump_stack+0x18/0x1c lib/dump_stack.c:113)
 r5:00000000 r4:82642d14
[<816fc404>] (dump_stack) from [<816f4668>] (panic+0x11c/0x360 kernel/panic.c:274)
[<816f454c>] (panic) from [<80242a2c>] (__warn+0x98/0x198 kernel/panic.c:623)
 r3:00000001 r2:00000000 r1:00000000 r0:81d72500
 r7:806112e0
[<80242994>] (__warn) from [<816f4948>] (warn_slowpath_fmt+0x9c/0xd4 kernel/panic.c:653)
 r8:00000009 r7:806112e0 r6:00000033 r5:81db0ac4 r4:81db0a80
[<816f48b0>] (warn_slowpath_fmt) from [<806112e0>] (ext2_get_group_desc+0x88/0xb4 fs/ext2/balloc.c:51)
 r8:00000001 r7:851d1c00 r6:ee24dde0 r5:851d1c00 r4:00000000
[<80611258>] (ext2_get_group_desc) from [<80615118>] (ext2_get_inode+0x94/0x134 fs/ext2/inode.c:1345)
 r4:00000002
[<80615084>] (ext2_get_inode) from [<80617194>] (ext2_iget+0x84/0x438 fs/ext2/inode.c:1425)
 r9:88485670 r8:00000000 r7:851d1c00 r6:00000002 r5:00000000 r4:8497b6f8
[<80617110>] (ext2_iget) from [<8061a940>] (ext2_fill_super+0xb30/0xe14 fs/ext2/super.c:1162)
 r8:00000000 r7:84af7600 r6:88307400 r5:851d1c00 r4:88485600
[<80619e10>] (ext2_fill_super) from [<8049e2a0>] (mount_bdev+0x178/0x1a4 fs/super.c:1367)
 r10:852b4000 r9:83917dbc r8:00000083 r7:852b4000 r6:00000000 r5:851d1c00
 r4:83917b80
[<8049e128>] (mount_bdev) from [<806189ac>] (ext2_mount+0x20/0x28 fs/ext2/super.c:1465)
 r9:86184b80 r8:86184200 r7:ee24df6c r6:00000020 r5:8061898c r4:85352f00
[<8061898c>] (ext2_mount) from [<804de934>] (legacy_get_tree+0x2c/0x50 fs/fs_context.c:610)
[<804de908>] (legacy_get_tree) from [<8049c85c>] (vfs_get_tree+0x2c/0x108 fs/super.c:1497)
 r5:85352f00 r4:85352f00
[<8049c830>] (vfs_get_tree) from [<804c5818>] (do_new_mount fs/namespace.c:3040 [inline])
[<8049c830>] (vfs_get_tree) from [<804c5818>] (path_mount+0x3e8/0xabc fs/namespace.c:3370)
 r6:00000020 r5:00000000 r4:85352f00
[<804c5430>] (path_mount) from [<804c6428>] (do_mount fs/namespace.c:3383 [inline])
[<804c5430>] (path_mount) from [<804c6428>] (__do_sys_mount fs/namespace.c:3591 [inline])
[<804c5430>] (path_mount) from [<804c6428>] (sys_mount+0x118/0x220 fs/namespace.c:3568)
 r10:00000000 r9:76f05ef8 r8:00000000 r7:00000000 r6:852b4000 r5:86184200
 r4:86184b80
[<804c6310>] (sys_mount) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:64)
Exception stack(0xee24dfa8 to 0xee24dff0)
dfa0:                   76f05ef8 20000000 76f05eb8 20000240 20000000 00000000
dfc0: 76f05ef8 20000000 20000340 00000015 76f05eb8 00000000 76f05eb8 00000000
dfe0: 000862b8 76f05e70 00016a48 0004d500
 r10:00000015 r9:84f38bc0 r8:80200288 r7:00000015 r6:20000340 r5:20000000
 r4:76f05ef8
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/07/17 08:06 upstream c658cabbfd32 95cb00d1 .config console log report info ci-qemu2-arm32 WARNING in ext2_get_group_desc
* Struck through repros no longer work on HEAD.