syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1335]
Subsystems
🐞 Fixed [7145]
🐞 Invalid [18893]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING in walk_component

Status: upstream: reported C repro on 2022/12/13 07:46
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+eba014ac93ef29f83dc8@syzkaller.appspotmail.com
First crash: 1278d, last: 205d
Cause bisection: introduced by (bisect log) :
commit 6e5be40d32fb1907285277c02e74493ed43d77fe
Author: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Date: Fri Aug 13 14:21:30 2021 +0000

  fs/ntfs3: Add NTFS3 in fs/Kconfig and fs/Makefile

Crash: WARNING in walk_component (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit d772781964415c63759572b917e21c4f7ec08d9f
Author: Jakub Kicinski <kuba@kernel.org>
Date: Fri Jan 6 06:33:54 2023 +0000

  devlink: bump the instance index directly when iterating

  
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
ab300b3d-857b-4b4a-9f59-d61870740134 assessment-security 💥 WARNING in walk_component 2026/06/02 11:16 2026/06/02 11:16 2026/06/02 11:44 1095583bae1d2729a3b4be301cb6ddc85ced9e38 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/4af8dab6bf088cf1688501a945f7e63872b5ae9d" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: drivers/nvme/target/fc.c:151:2: warning: 'counted_by' should not be applied to an array with element of unknown size because 'struct nvmet_fc_fcp_iod' is a struct type with a flexible array member. This will be an error in a future compiler version [-Wbounds-safety-counted-by-elt-type-unknown-size] include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/881bc2893624d3941717b2b72ac326c7b89cc74e/io_uring/io_uring.c:97: In file included from /app/workdir/cache/src/881bc2893624d3941717b2b72ac326c7b89cc74e/io_uring/napi.h:8: In file included from /app/workdir/cache/src/881bc2893624d3941717b2b72ac326c7b89cc74e/include/net/busy_poll.h:18: /app/workdir/cache/src/881bc2893624d3941717b2b72ac326c7b89cc74e/include/net/ip.h:472:14: warning: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigne
20935384-18cf-4578-a9d1-bc47cba964cf assessment-security 💥 WARNING in walk_component 2026/05/24 11:30 2026/05/24 11:30 2026/05/24 11:54 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/4af8dab6bf088cf1688501a945f7e63872b5ae9d" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small drivers/nvme/target/fc.c:151:2: warning: 'counted_by' should not be applied to an array with element of unknown size because 'struct nvmet_fc_fcp_iod' is a struct type with a flexible array member. This will be an error in a future compiler version [-Wbounds-safety-counted-by-elt-type-unknown-size] * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/6bd0192d4c99e77f4beb7d914ec506a8de14d3c8/io_uring/io_uring.c:97: In file included from /app/workdir/cache/src/6bd0192d4c99e77f4beb7d914ec506a8de14d3c8/io_uring/napi.h:8: In file included from /app/workdir/cache/src/6bd0192d4c99e77f4beb7d914ec506a8de14d3c8/include/net/busy_poll.h:18: /app/workdir/cache/src/6bd0192d4c99e77f4beb7d914ec506a8de14d3c8/include/net/ip.h:472:14: warning: default initialization of an object of type 'typeof (rt->dst.expires)' (aka 'const unsigne
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] WARNING in walk_component 1 (5) 2023/07/13 08:31
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/05/31 07:12 18m retest repro upstream report log
2026/04/05 07:20 14m retest repro upstream report log
2026/03/22 06:26 13m retest repro upstream log
2026/01/25 06:59 19m retest repro upstream report log
2026/01/11 06:08 12m retest repro upstream report log
2025/11/16 06:36 17m retest repro upstream report log
2025/11/02 05:51 14m retest repro upstream report log
2025/09/07 05:58 13m retest repro upstream report log
2025/08/24 05:33 15m retest repro upstream report log
2025/06/29 05:09 14m retest repro upstream report log
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2023/07/12 19:05 7h25m bisect fix upstream OK (1) job log
2023/06/04 09:45 25m bisect fix upstream OK (0) job log log
2023/05/04 16:51 25m bisect fix upstream OK (0) job log log
2023/03/08 00:00 25m bisect fix upstream OK (0) job log log

Sample crash report:
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff888032eae310, owner = 0x0, curr 0xffff88801d9f2440, list empty
WARNING: CPU: 0 PID: 8825 at kernel/locking/rwsem.c:1343 __up_read+0x5fb/0x760 kernel/locking/rwsem.c:1343
Modules linked in:
CPU: 0 PID: 8825 Comm: syz-executor284 Not tainted 6.9.0-rc2-syzkaller-00413-gf2f80ac80987 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__up_read+0x5fb/0x760 kernel/locking/rwsem.c:1343
Code: 3c 02 00 0f 85 c0 00 00 00 48 8b 13 41 57 4c 89 f1 48 c7 c6 c0 c3 2c 8b 4c 8b 4c 24 10 48 c7 c7 60 c2 2c 8b e8 86 81 e5 ff 90 <0f> 0b 90 90 59 e9 fc fa ff ff 48 c7 c7 14 86 e1 8f 48 89 04 24 e8
RSP: 0018:ffffc9000cfcfb38 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff888032eae310 RCX: ffffffff814fe349
RDX: ffff88801d9f2440 RSI: ffffffff814fe356 RDI: 0000000000000001
RBP: ffffffff8fe18614 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888032eae318
R13: 1ffff920019f9f6b R14: ffff888032eae310 R15: ffffffff8b2cc1a0
FS:  00007f51eb6556c0(0000) GS:ffff88806b000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f51e33ff000 CR3: 000000001bb56000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 inode_unlock_shared include/linux/fs.h:810 [inline]
 lookup_slow fs/namei.c:1710 [inline]
 walk_component+0x35b/0x5b0 fs/namei.c:2004
 lookup_last fs/namei.c:2461 [inline]
 path_lookupat+0x17f/0x770 fs/namei.c:2485
 filename_lookup+0x1e5/0x5b0 fs/namei.c:2514
 user_path_at_empty+0x42/0x60 fs/namei.c:2921
 user_path_at include/linux/namei.h:57 [inline]
 __do_sys_chdir fs/open.c:558 [inline]
 __se_sys_chdir fs/open.c:552 [inline]
 __x64_sys_chdir+0xc2/0x270 fs/open.c:552
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xd2/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x72/0x7a
RIP: 0033:0x7f51eb6c7a79
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f51eb655218 EFLAGS: 00000246 ORIG_RAX: 0000000000000050
RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00007f51eb6c7a79
RDX: 00007f51eb6c7a79 RSI: 00007f51eb69f036 RDI: 0000000020000380
RBP: 00007f51eb7666b8 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc48cce417 R11: 0000000000000246 R12: 00007f51eb7666b0
R13: 00007f51eb7666bc R14: 6573726168636f69 R15: 0030656c69662f2e
 </TASK>

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/07 00:44 upstream f2f80ac80987 ca620dd8 .config console log report syz C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream WARNING in walk_component
2024/03/24 08:53 upstream 484193fecd2b 0ea90952 .config console log report syz C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream WARNING in walk_component
2023/09/09 05:41 upstream a48fa7efaf11 6654cf89 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root WARNING in walk_component
2023/07/18 09:21 upstream fdf0eaf11452 20f8b3c2 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root WARNING in walk_component
2023/03/17 02:38 upstream 0ddc84d2dd43 18b58603 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root WARNING in walk_component
2023/01/21 03:25 upstream ff83fec8179e 559a440a .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root WARNING in walk_component
2023/01/06 16:15 upstream 1f5abbd77e2c 1dac8c7a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root WARNING in walk_component
2022/12/09 07:37 upstream f3e8416619ce 1034e5fa .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root WARNING in walk_component
2023/02/06 00:00 linux-next 4fafd96910ad be607b78 .config strace log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root WARNING in walk_component
2024/06/14 23:54 upstream 2ccbdf43d5e7 8d849073 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in walk_component
2024/05/24 15:31 upstream 8f6a15f095a6 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in walk_component
2024/01/26 19:35 upstream ecb1b8288dc7 cc4a4020 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root WARNING in walk_component
2023/08/26 17:07 upstream 7d2f353b2682 03d9c195 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in walk_component
2023/04/04 05:13 upstream 148341f0a2f5 7db618d0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in walk_component
2023/01/06 15:47 upstream 1f5abbd77e2c 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in walk_component
* Struck through repros no longer work on HEAD.