syzbot

 sign-in | mailing list | source | docs
🐞 Open [568] 🐞 Fixed [32] 🐞 Invalid [301] Missing Backports [45] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in nilfs_segctor_do_construct

Status: fixed on 2023/07/20 13:49
Reported-by: syzbot+d3455d73502c4eac697f@syzkaller.appspotmail.com
Fix commit: 4357336192ed nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
First crash: 353d, last: 331d
Fix bisection: fixed by (bisect log) :
commit 4357336192eda57810c612f2b878194e63f9dbc3
Author: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Date: Wed May 24 09:43:48 2023 +0000

  nilfs2: fix possible out-of-bounds segment allocation in resize ioctl

  
Bug presence (1)
Date Name Commit Repro Result
2023/07/08 upstream (ToT) 8689f4f2ea56 C Didn't crash
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 WARNING in nilfs_segctor_do_construct nilfs2 C 1 429d 504d 0/1 upstream: reported C repro on 2022/12/18 15:02
upstream WARNING in nilfs_segctor_do_construct (2) nilfs C error 3 358d 356d 23/26 fixed on 2023/07/04 09:17
linux-6.1 WARNING in nilfs_segctor_do_construct C done 2 328d 357d 3/3 fixed on 2023/07/26 10:02
upstream WARNING in nilfs_segctor_do_construct nilfs C 5 462d 585d 22/26 fixed on 2023/02/24 13:50

Sample crash report:
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): nilfs_sufile_update: invalid segment number: 43
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3501 at fs/nilfs2/segment.c:1501 nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
WARNING: CPU: 1 PID: 3501 at fs/nilfs2/segment.c:1501 nilfs_segctor_do_construct+0x337f/0x7190 fs/nilfs2/segment.c:2068
Modules linked in:
CPU: 1 PID: 3501 Comm: segctord Not tainted 5.15.115-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
RIP: 0010:nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
RIP: 0010:nilfs_segctor_do_construct+0x337f/0x7190 fs/nilfs2/segment.c:2068
Code: ff df 80 3c 08 00 74 08 4c 89 ef e8 4b d9 a3 fe 4d 8b 6d 00 4c 3b 6c 24 70 74 31 e8 9b 7e 5a fe e9 34 ff ff ff e8 91 7e 5a fe <0f> 0b eb c3 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 3f ff ff ff 4c
RSP: 0018:ffffc90002cbf740 EFLAGS: 00010293
RAX: ffffffff83257abf RBX: 00000000ffffffea RCX: ffff888015ba1dc0
RDX: 0000000000000000 RSI: 00000000ffffffea RDI: 0000000000000000
RBP: ffffc90002cbfc30 R08: ffffffff83257a7d R09: ffffed10173667a0
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000010
R13: ffff88807526a008 R14: ffffc90002cbfa48 R15: ffff888071172160
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f42ebf65e18 CR3: 00000000232dc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 nilfs_segctor_construct+0x145/0x8c0 fs/nilfs2/segment.c:2404
 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2512 [inline]
 nilfs_segctor_thread+0x512/0x1130 fs/nilfs2/segment.c:2595
 kthread+0x3f6/0x4f0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/08 22:18 linux-5.15.y d7af3e5ba454 058b3a5a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan WARNING in nilfs_segctor_do_construct
2023/05/18 16:48 linux-5.15.y 9d6bde853685 3bb7af1d .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 WARNING in nilfs_segctor_do_construct
* Struck through repros no longer work on HEAD.