[v6.1] WARNING in nilfs_segctor_do_construct
0 views
Skip to first unread message
syzbot
May 14, 2023, 7:14:57 AM5/14/23
Hello,
syzbot found the following issue on:
HEAD commit: bf4ad6fa4e53 Linux 6.1.28
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d5a652280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ee1a89a0c6a2db67
dashboard link: https://syzkaller.appspot.com/bug?extid=35f5977346432055055a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10df62b2280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ea21c6280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7b85a636ba8/disk-bf4ad6fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a626aeb9d231/vmlinux-bf4ad6fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/78fbbffb9ee8/Image-bf4ad6fa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/126c903ec4fa/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): nilfs_sufile_update: invalid segment number: 54
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
Modules linked in:
CPU: 0 PID: 4218 Comm: segctord Not tainted 6.1.28-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
pc : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
pc : nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
lr : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
lr : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
lr : nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
sp : ffff80001d9a7580
x29: ffff80001d9a7af0 x28: dfff800000000000 x27: 1fffe0001bc38634
x26: 1fffe0001b065412 x25: 0000000000000000 x24: 1fffe0001b06541b
x23: 1ffff00003b34f44 x22: 00000000ffffffea x21: ffff0000e2502588
x20: ffff0000e245a160 x19: ffff0000e2502420 x18: ffff80001d9a68a0
x17: 0000000000000000 x16: ffff8000120e8d94 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800009db21f4 x10: 0000000000000000 x9 : ffff800009db21f4
x8 : ffff0000d8571bc0 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d9a6c58 x4 : ffff800015672b20 x3 : ffff80000aa6f08c
x2 : ffff0001b45b3cd0 x1 : 00000000ffffffea x0 : 0000000000000000
Call trace:
nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
nilfs_segctor_construct+0x110/0x768 fs/nilfs2/segment.c:2402
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2510 [inline]
nilfs_segctor_thread+0x3d4/0xd74 fs/nilfs2/segment.c:2593
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 16302
hardirqs last enabled at (16301): [<ffff8000083440c8>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (16302): [<ffff8000120e4a4c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (10386): [<ffff800008020d74>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (10386): [<ffff800008020d74>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (10381): [<ffff80000802a994>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: bf4ad6fa4e53 Linux 6.1.28
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d5a652280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ee1a89a0c6a2db67
dashboard link: https://syzkaller.appspot.com/bug?extid=35f5977346432055055a
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10df62b2280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ea21c6280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a7b85a636ba8/disk-bf4ad6fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a626aeb9d231/vmlinux-bf4ad6fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/78fbbffb9ee8/Image-bf4ad6fa.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/126c903ec4fa/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
NILFS (loop0): nilfs_sufile_update: invalid segment number: 54
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
WARNING: CPU: 0 PID: 4218 at fs/nilfs2/segment.c:1501 nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
Modules linked in:
CPU: 0 PID: 4218 Comm: segctord Not tainted 6.1.28-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
pc : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
pc : nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
lr : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
lr : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
lr : nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
sp : ffff80001d9a7580
x29: ffff80001d9a7af0 x28: dfff800000000000 x27: 1fffe0001bc38634
x26: 1fffe0001b065412 x25: 0000000000000000 x24: 1fffe0001b06541b
x23: 1ffff00003b34f44 x22: 00000000ffffffea x21: ffff0000e2502588
x20: ffff0000e245a160 x19: ffff0000e2502420 x18: ffff80001d9a68a0
x17: 0000000000000000 x16: ffff8000120e8d94 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
x11: ff80800009db21f4 x10: 0000000000000000 x9 : ffff800009db21f4
x8 : ffff0000d8571bc0 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d9a6c58 x4 : ffff800015672b20 x3 : ffff80000aa6f08c
x2 : ffff0001b45b3cd0 x1 : 00000000ffffffea x0 : 0000000000000000
Call trace:
nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
nilfs_segctor_do_construct+0x2924/0x640c fs/nilfs2/segment.c:2068
nilfs_segctor_construct+0x110/0x768 fs/nilfs2/segment.c:2402
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2510 [inline]
nilfs_segctor_thread+0x3d4/0xd74 fs/nilfs2/segment.c:2593
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 16302
hardirqs last enabled at (16301): [<ffff8000083440c8>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (16302): [<ffff8000120e4a4c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (10386): [<ffff800008020d74>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (10386): [<ffff800008020d74>] __do_softirq+0xc14/0xea0 kernel/softirq.c:600
softirqs last disabled at (10381): [<ffff80000802a994>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
May 18, 2023, 7:49:01 PM5/18/23
Hello,
syzbot found the following issue on:
HEAD commit: 9d6bde853685 Linux 5.15.112
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=172ebd09280000
kernel config: https://syzkaller.appspot.com/x/.config?x=508f7a387ef8f82b
dashboard link: https://syzkaller.appspot.com/bug?extid=d3455d73502c4eac697f
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1417b25a280000
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10993a5a280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a8ab2bd416bb/disk-9d6bde85.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c358e3d58bb2/vmlinux-9d6bde85.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c82319bbaeb8/Image-9d6bde85.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cb3272be7f61/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4002 at fs/nilfs2/segment.c:1501 nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
WARNING: CPU: 1 PID: 4002 at fs/nilfs2/segment.c:1501 nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
WARNING: CPU: 1 PID: 4002 at fs/nilfs2/segment.c:1501 nilfs_segctor_do_construct+0x2b04/0x6804 fs/nilfs2/segment.c:2068
Modules linked in:
CPU: 1 PID: 4002 Comm: segctord Not tainted 5.15.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
pc : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
pc : nilfs_segctor_do_construct+0x2b04/0x6804 fs/nilfs2/segment.c:2068
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
pc : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
lr : nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
lr : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
lr : nilfs_segctor_do_construct+0x2b04/0x6804 fs/nilfs2/segment.c:2068
lr : nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
sp : ffff80001af47580
x29: ffff80001af47ad0 x28: 0000000000000004 x27: 1ffff000035e8f40
x26: 0000000000000000 x25: dfff800000000000 x24: 1fffe000192cf01b
x23: ffff80001af47940 x22: 00000000ffffffea x21: ffff0000e0139608
x20: ffff0000dcfd2160 x19: ffff0000e01394a0 x18: 0000000000000001
x17: ff80800008335ea8 x16: ffff80001194786c x15: ffff800008335ea8
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff80800009ccf15c x10: 0000000000000000 x9 : ffff800009ccf15c
x8 : ffff0000caaa1b40 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001af46ab8 x4 : ffff8000149afce0 x3 : ffff80000a952400
x2 : ffff0001b481ed10 x1 : 00000000ffffffea x0 : 0000000000000000
Call trace:
nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
nilfs_segctor_do_construct+0x2b04/0x6804 fs/nilfs2/segment.c:2068
nilfs_segctor_truncate_segments fs/nilfs2/segment.c:1501 [inline]
nilfs_segctor_collect fs/nilfs2/segment.c:1554 [inline]
nilfs_segctor_construct+0x110/0x768 fs/nilfs2/segment.c:2404
nilfs_segctor_thread_construct fs/nilfs2/segment.c:2512 [inline]
nilfs_segctor_thread+0x3c8/0xe94 fs/nilfs2/segment.c:2595
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 12248
hardirqs last enabled at (12247): [<ffff80000832bae8>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (12248): [<ffff800011942f00>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (9906): [<ffff800008020ccc>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (9906): [<ffff800008020ccc>] __do_softirq+0xb5c/0xe20 kernel/softirq.c:587
softirqs last disabled at (9901): [<ffff8000081b573c>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (9901): [<ffff8000081b573c>] invoke_softirq kernel/softirq.c:439 [inline]
softirqs last disabled at (9901): [<ffff8000081b573c>] __irq_exit_rcu+0x28c/0x534 kernel/softirq.c:636
---[ end trace 210839dbd4a54aa0 ]---
syzbot
Jul 20, 2023, 4:44:43 PM7/20/23
syzbot suspects this issue was fixed by commit:
commit 4357336192eda57810c612f2b878194e63f9dbc3
Author: Ryusuke Konishi <[email protected]>
Date: Wed May 24 09:43:48 2023 +0000
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=156eff8ea80000
start commit: d7af3e5ba454 Linux 5.15.115
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=1b527a384742ac24
dashboard link: https://syzkaller.appspot.com/bug?extid=d3455d73502c4eac697f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a542fd280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17559add280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 4357336192eda57810c612f2b878194e63f9dbc3
Author: Ryusuke Konishi <[email protected]>
Date: Wed May 24 09:43:48 2023 +0000
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=156eff8ea80000
start commit: d7af3e5ba454 Linux 5.15.115
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=1b527a384742ac24
dashboard link: https://syzkaller.appspot.com/bug?extid=d3455d73502c4eac697f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a542fd280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17559add280000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Jul 26, 2023, 12:57:31 PM7/26/23
syzbot suspects this issue was fixed by commit:
commit 69caea4eed1cfb9f9e4373e47ba839958061c0ac
Author: Ryusuke Konishi <[email protected]>
Date: Wed May 24 09:43:48 2023 +0000
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12460631a80000
Date: Wed May 24 09:43:48 2023 +0000
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
start commit: [unknown]
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=ee1a89a0c6a2db67
dashboard link: https://syzkaller.appspot.com/bug?extid=35f5977346432055055a
dashboard link: https://syzkaller.appspot.com/bug?extid=35f5977346432055055a
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10df62b2280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ea21c6280000
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10df62b2280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ea21c6280000
Reply all
Reply to author
Forward
0 new messages