[v5.15] WARNING in nilfs_dat_prepare_end
4 views
Skip to first unread message
syzbot
Mar 9, 2023, 6:37:38 PM3/9/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a32114c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+325e6b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 17270 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
Modules linked in:
CPU: 0 PID: 17270 Comm: syz-executor.4 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
sp : ffff80001da36fd0
x29: ffff80001da36fe0 x28: 1fffe00022122689 x27: 1fffe0002212266c
x26: dfff800000000000 x25: dfff800000000000 x24: 0000000001000008
x23: 1ffff00003b46e0c x22: 00000000fffffffe x21: ffff000110910158
x20: ffff80001da37060 x19: ffff80001da37078 x18: 0000000000000000
x17: ff80800009cb8c5c x16: 0000000000000002 x15: ffff800009cb8c5c
x14: 00000000ffffffef x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003461b x10: ffff800020609000 x9 : ffff800009cd2da0
x8 : 000000000003461c x7 : 0000000000000000 x6 : ffff80000805dafc
x5 : ffff00010f58b938 x4 : 0000000000000000 x3 : ffff800008a6a8e4
x2 : 0000000000000001 x1 : 00000000fffffffe x0 : 00000000fffffffe
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_direct_delete+0x154/0x2c0 fs/nilfs2/direct.c:155
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate_bmap+0x198/0x314 fs/nilfs2/inode.c:850
nilfs_truncate+0x1f8/0x404 fs/nilfs2/inode.c:880
nilfs_setattr+0x1d4/0x278 fs/nilfs2/inode.c:976
notify_change+0xae4/0xd80 fs/attr.c:426
do_truncate+0x1bc/0x288 fs/open.c:65
handle_truncate fs/namei.c:3136 [inline]
do_open fs/namei.c:3484 [inline]
path_openat+0x20c0/0x26c4 fs/namei.c:3615
do_filp_open+0x1a8/0x3b4 fs/namei.c:3642
do_sys_openat2+0x128/0x3d8 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_openat fs/open.c:1243 [inline]
__se_sys_openat fs/open.c:1238 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1238
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 8828
hardirqs last enabled at (8827): [<ffff8000088c98f4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (8828): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (8518): [<ffff800008030c58>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (8516): [<ffff800008030c24>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 294247d8aebe429e ]---
NILFS (loop4): error -2 truncating bmap (ino=16)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: d9b4a0c83a2d Linux 5.15.98
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a32114c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b57cfa804330c3b7
dashboard link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8088989394e3/disk-d9b4a0c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2651d6753959/vmlinux-d9b4a0c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f3fa3f994f9a/Image-d9b4a0c8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+325e6b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 17270 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
Modules linked in:
CPU: 0 PID: 17270 Comm: syz-executor.4 Not tainted 5.15.98-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
sp : ffff80001da36fd0
x29: ffff80001da36fe0 x28: 1fffe00022122689 x27: 1fffe0002212266c
x26: dfff800000000000 x25: dfff800000000000 x24: 0000000001000008
x23: 1ffff00003b46e0c x22: 00000000fffffffe x21: ffff000110910158
x20: ffff80001da37060 x19: ffff80001da37078 x18: 0000000000000000
x17: ff80800009cb8c5c x16: 0000000000000002 x15: ffff800009cb8c5c
x14: 00000000ffffffef x13: ffffffffffffffff x12: 0000000000040000
x11: 000000000003461b x10: ffff800020609000 x9 : ffff800009cd2da0
x8 : 000000000003461c x7 : 0000000000000000 x6 : ffff80000805dafc
x5 : ffff00010f58b938 x4 : 0000000000000000 x3 : ffff800008a6a8e4
x2 : 0000000000000001 x1 : 00000000fffffffe x0 : 00000000fffffffe
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_direct_delete+0x154/0x2c0 fs/nilfs2/direct.c:155
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate_bmap+0x198/0x314 fs/nilfs2/inode.c:850
nilfs_truncate+0x1f8/0x404 fs/nilfs2/inode.c:880
nilfs_setattr+0x1d4/0x278 fs/nilfs2/inode.c:976
notify_change+0xae4/0xd80 fs/attr.c:426
do_truncate+0x1bc/0x288 fs/open.c:65
handle_truncate fs/namei.c:3136 [inline]
do_open fs/namei.c:3484 [inline]
path_openat+0x20c0/0x26c4 fs/namei.c:3615
do_filp_open+0x1a8/0x3b4 fs/namei.c:3642
do_sys_openat2+0x128/0x3d8 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_openat fs/open.c:1243 [inline]
__se_sys_openat fs/open.c:1238 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1238
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
irq event stamp: 8828
hardirqs last enabled at (8827): [<ffff8000088c98f4>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:231
hardirqs last disabled at (8828): [<ffff800011976650>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (8518): [<ffff800008030c58>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:31
softirqs last disabled at (8516): [<ffff800008030c24>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:18
---[ end trace 294247d8aebe429e ]---
NILFS (loop4): error -2 truncating bmap (ino=16)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 13, 2023, 4:57:45 PM3/13/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6449a0ba6843 Linux 6.1.19
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17bfc51ac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=75eadb21ef1208e4
dashboard link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/dc227ecd3e21/disk-6449a0ba.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/1d08e21b50c2/vmlinux-6449a0ba.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71a43f2c4d2c/Image-6449a0ba.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 30706 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
Modules linked in:
CPU: 0 PID: 30706 Comm: syz-executor.3 Not tainted 6.1.19-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
sp : ffff80002d337510
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
x29: ffff80002d337520 x28: 0000000000000000 x27: dfff800000000000
x26: ffff00013a050ce8 x25: dfff800000000000 x24: 0000000000000000
x23: 1fffe0002252a3d3 x22: 00000000fffffffe x21: ffff00013a056e40
x20: ffff000112951e98 x19: ffff000112951eb0 x18: ffff80002d336d00
x17: ffff80001572d000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000002 x13: 00000000ffffffef x12: 0000000000040000
x11: 000000000001d43c x10: ffff80002294b000 x9 : ffff800009e27294
x8 : 000000000001d43d x7 : ffff800008062f50 x6 : ffff800008063160
x5 : ffff0000d02e2cd0 x4 : ffff80002d336d18 x3 : ffff800008b3d16c
x2 : 0000000000000001 x1 : 00000000fffffffe x0 : 00000000fffffffe
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_btree_prepare_delete fs/nilfs2/btree.c:1451 [inline]
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_btree_delete+0x6f0/0x11bc fs/nilfs2/btree.c:1599
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate_bmap+0x198/0x314 fs/nilfs2/inode.c:846
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate+0x1f8/0x404 fs/nilfs2/inode.c:876
nilfs_setattr+0x1d4/0x278 fs/nilfs2/inode.c:972
notify_change+0xc24/0xec0 fs/attr.c:482
do_truncate+0x1c0/0x28c fs/open.c:65
do_sys_ftruncate+0x288/0x31c fs/open.c:193
__do_sys_ftruncate fs/open.c:204 [inline]
__se_sys_ftruncate fs/open.c:202 [inline]
__arm64_sys_ftruncate+0x60/0x74 fs/open.c:202
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 8542
hardirqs last enabled at (8541): [<ffff80000897d020>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (8542): [<ffff80001224fad4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (8286): [<ffff8000080337c4>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (8284): [<ffff800008033790>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
NILFS (loop3): error -2 truncating bmap (ino=16)
syzbot
May 5, 2023, 3:34:52 AM5/5/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17dea884280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ad7a14280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/478883f72f4a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bebf30...@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 2048
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4216 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
Modules linked in:
CPU: 1 PID: 4216 Comm: syz-executor946 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
x29: ffff80001d9c6f80 x28: 0000000000000000 x27: dfff800000000000
x26: ffff0000e1c38680 x25: dfff800000000000 x24: 0000000000000000
x23: 1fffe0001bbbd973 x22: 00000000fffffffe x21: ffff0000e1c70158
x20: ffff0000dddecb98 x19: ffff0000dddecbb0 x18: ffff80001d9c6760
x17: ffff80001558d000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 00000000ffffffef x12: ffff0000c63d0000
x11: ff80800009d9b720 x10: 0000000000000000 x9 : ffff800009d9b720
x8 : ffff0000c63d0000 x7 : ffff800008061ea0 x6 : ffff8000080620b0
x5 : ffff0000d10af0c0 x4 : ffff80001d9c6788 x3 : ffff800008b28cf8
do_open fs/namei.c:3561 [inline]
path_openat+0x1fa0/0x2548 fs/namei.c:3714
do_filp_open+0x1bc/0x3cc fs/namei.c:3741
do_sys_openat2+0x128/0x3d8 fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_openat fs/open.c:1342 [inline]
__se_sys_openat fs/open.c:1337 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1337
hardirqs last enabled at (22649): [<ffff80000896b310>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (22650): [<ffff8000120e200c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (22198): [<ffff800008032b74>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (22196): [<ffff800008032b40>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: ca48fc16c493 Linux 6.1.27
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17dea884280000
kernel config: https://syzkaller.appspot.com/x/.config?x=aea4bb7802570997
dashboard link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17adaaa8280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ad7a14280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ec11c1903c52/disk-ca48fc16.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8ce41c1ad391/vmlinux-ca48fc16.xz
kernel image: https://storage.googleapis.com/syzbot-assets/affba5631cad/Image-ca48fc16.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/478883f72f4a/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+bebf30...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4216 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
Modules linked in:
CPU: 1 PID: 4216 Comm: syz-executor946 Not tainted 6.1.27-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
sp : ffff80001d9c6f70
pc : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
lr : nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
x29: ffff80001d9c6f80 x28: 0000000000000000 x27: dfff800000000000
x26: ffff0000e1c38680 x25: dfff800000000000 x24: 0000000000000000
x23: 1fffe0001bbbd973 x22: 00000000fffffffe x21: ffff0000e1c70158
x20: ffff0000dddecb98 x19: ffff0000dddecbb0 x18: ffff80001d9c6760
x17: ffff80001558d000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 00000000ffffffef x12: ffff0000c63d0000
x11: ff80800009d9b720 x10: 0000000000000000 x9 : ffff800009d9b720
x8 : ffff0000c63d0000 x7 : ffff800008061ea0 x6 : ffff8000080620b0
x5 : ffff0000d10af0c0 x4 : ffff80001d9c6788 x3 : ffff800008b28cf8
x2 : 0000000000000001 x1 : 00000000fffffffe x0 : 00000000fffffffe
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_btree_prepare_delete fs/nilfs2/btree.c:1451 [inline]
nilfs_btree_delete+0x6f0/0x11bc fs/nilfs2/btree.c:1599
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate_bmap+0x198/0x314 fs/nilfs2/inode.c:846
nilfs_truncate+0x1f8/0x404 fs/nilfs2/inode.c:876
nilfs_setattr+0x1d4/0x278 fs/nilfs2/inode.c:972
notify_change+0xc24/0xec0 fs/attr.c:482
do_truncate+0x1c0/0x28c fs/open.c:65
handle_truncate fs/namei.c:3216 [inline]
Call trace:
nilfs_dat_prepare_end+0x2ac/0x2f4 fs/nilfs2/dat.c:158
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_btree_prepare_delete fs/nilfs2/btree.c:1451 [inline]
nilfs_btree_delete+0x6f0/0x11bc fs/nilfs2/btree.c:1599
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2a0/0x4c0 fs/nilfs2/bmap.c:297
nilfs_truncate_bmap+0x198/0x314 fs/nilfs2/inode.c:846
nilfs_truncate+0x1f8/0x404 fs/nilfs2/inode.c:876
nilfs_setattr+0x1d4/0x278 fs/nilfs2/inode.c:972
notify_change+0xc24/0xec0 fs/attr.c:482
do_truncate+0x1c0/0x28c fs/open.c:65
do_open fs/namei.c:3561 [inline]
path_openat+0x1fa0/0x2548 fs/namei.c:3714
do_filp_open+0x1bc/0x3cc fs/namei.c:3741
do_sys_openat2+0x128/0x3d8 fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_openat fs/open.c:1342 [inline]
__se_sys_openat fs/open.c:1337 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1337
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 22650
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
hardirqs last enabled at (22649): [<ffff80000896b310>] kasan_quarantine_put+0xdc/0x204 mm/kasan/quarantine.c:242
hardirqs last disabled at (22650): [<ffff8000120e200c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (22198): [<ffff800008032b74>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (22196): [<ffff800008032b40>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
NILFS (loop0): error -2 truncating bmap (ino=16)
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
May 5, 2023, 4:13:14 AM5/5/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=146daaa8280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166f8014280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc04f54c047f/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6b4ba4cb1191/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d927dc3f9670/bzImage-8a7f2a5c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5f690434ec31/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+325e6b...@syzkaller.appspotmail.com
NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3505 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x248/0x2a0
Modules linked in:
CPU: 0 PID: 3505 Comm: syz-executor159 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:nilfs_dat_prepare_end+0x248/0x2a0 fs/nilfs2/dat.c:158
Code: 12 5c fe 89 eb 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 27 12 5c fe e8 82 ba dc fd e9 5a ff ff ff e8 18 12 5c fe <0f> 0b bb fe ff ff ff eb d2 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc900020cf1f8 EFLAGS: 00010293
RAX: ffffffff8323cc68 RBX: 00000000fffffffe RCX: ffff88807397ba00
RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe
RBP: 1ffff92000419e54 R08: ffffffff8323cbe1 R09: ffffffff8321fd60
R10: 0000000000000002 R11: ffff88807397ba00 R12: ffffc900020cf2a0
R13: ffff888073e80158 R14: ffffc900020cf2b8 R15: dffffc0000000000
FS: 0000555555ea7300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f521a1c318 CR3: 0000000075077000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_direct_delete+0x17b/0x300 fs/nilfs2/direct.c:155
nilfs_truncate_bmap+0x203/0x3c0 fs/nilfs2/inode.c:850
nilfs_truncate+0x28b/0x500 fs/nilfs2/inode.c:880
nilfs_setattr+0x216/0x2c0 fs/nilfs2/inode.c:976
notify_change+0xd4d/0x1000 fs/attr.c:488
do_truncate+0x21c/0x300 fs/open.c:65
handle_truncate fs/namei.c:3195 [inline]
do_open fs/namei.c:3542 [inline]
path_openat+0x28a0/0x2f20 fs/namei.c:3672
do_filp_open+0x21c/0x460 fs/namei.c:3699
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_creat fs/open.c:1301 [inline]
__se_sys_creat fs/open.c:1295 [inline]
__x64_sys_creat+0x11f/0x160 fs/open.c:1295
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f50ff06bb39
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdfc1e9e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f50ff06bb39
RDX: 00007f50ff029f23 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f50ff02b140 R08: 0000000000000f4a R09: 0000000000000000
R10: 00007ffdfc1e9cd0 R11: 0000000000000246 R12: 00007f50ff02b1d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
HEAD commit: 8a7f2a5c5aa1 Linux 5.15.110
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=146daaa8280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
dashboard link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120c1f04280000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166f8014280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fc04f54c047f/disk-8a7f2a5c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6b4ba4cb1191/vmlinux-8a7f2a5c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d927dc3f9670/bzImage-8a7f2a5c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5f690434ec31/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+325e6b...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3505 at fs/nilfs2/dat.c:158 nilfs_dat_prepare_end+0x248/0x2a0
Modules linked in:
CPU: 0 PID: 3505 Comm: syz-executor159 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:nilfs_dat_prepare_end+0x248/0x2a0 fs/nilfs2/dat.c:158
Code: 12 5c fe 89 eb 89 d8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 27 12 5c fe e8 82 ba dc fd e9 5a ff ff ff e8 18 12 5c fe <0f> 0b bb fe ff ff ff eb d2 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc900020cf1f8 EFLAGS: 00010293
RAX: ffffffff8323cc68 RBX: 00000000fffffffe RCX: ffff88807397ba00
RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 00000000fffffffe
RBP: 1ffff92000419e54 R08: ffffffff8323cbe1 R09: ffffffff8321fd60
R10: 0000000000000002 R11: ffff88807397ba00 R12: ffffc900020cf2a0
R13: ffff888073e80158 R14: ffffc900020cf2b8 R15: dffffc0000000000
FS: 0000555555ea7300(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f521a1c318 CR3: 0000000075077000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
nilfs_bmap_prepare_end_ptr fs/nilfs2/bmap.h:211 [inline]
nilfs_direct_delete+0x17b/0x300 fs/nilfs2/direct.c:155
nilfs_bmap_do_delete fs/nilfs2/bmap.c:176 [inline]
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_bmap_truncate+0x2fc/0x560 fs/nilfs2/bmap.c:297
nilfs_bmap_do_truncate fs/nilfs2/bmap.c:264 [inline]
nilfs_truncate_bmap+0x203/0x3c0 fs/nilfs2/inode.c:850
nilfs_truncate+0x28b/0x500 fs/nilfs2/inode.c:880
nilfs_setattr+0x216/0x2c0 fs/nilfs2/inode.c:976
notify_change+0xd4d/0x1000 fs/attr.c:488
do_truncate+0x21c/0x300 fs/open.c:65
handle_truncate fs/namei.c:3195 [inline]
do_open fs/namei.c:3542 [inline]
path_openat+0x28a0/0x2f20 fs/namei.c:3672
do_filp_open+0x21c/0x460 fs/namei.c:3699
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_creat fs/open.c:1301 [inline]
__se_sys_creat fs/open.c:1295 [inline]
__x64_sys_creat+0x11f/0x160 fs/open.c:1295
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f50ff06bb39
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdfc1e9e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f50ff06bb39
RDX: 00007f50ff029f23 RSI: 0000000000000000 RDI: 0000000020000040
RBP: 00007f50ff02b140 R08: 0000000000000f4a R09: 0000000000000000
R10: 00007ffdfc1e9cd0 R11: 0000000000000246 R12: 00007f50ff02b1d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
syzbot
Nov 28, 2023, 2:51:06 PM11/28/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 5124a0a549857c4b87173280e192eea24dea72ad
git tree: upstream
Author: Ryusuke Konishi <konishi...@gmail.com>
Date: Thu Jan 26 16:41:14 2023 +0000
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11754a64e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=195b6ef285251409
dashboard link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c5b502680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1201b628680000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 5124a0a549857c4b87173280e192eea24dea72ad
git tree: upstream
Author: Ryusuke Konishi <konishi...@gmail.com>
Date: Thu Jan 26 16:41:14 2023 +0000
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11754a64e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=195b6ef285251409
dashboard link: https://syzkaller.appspot.com/bug?extid=bebf30d67ea2569f0fd3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c5b502680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1201b628680000
Please keep in mind that other backports might be required as well.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Dec 9, 2023, 4:26:07 AM12/9/23
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 5124a0a549857c4b87173280e192eea24dea72ad
git tree: upstream
Author: Ryusuke Konishi <konishi...@gmail.com>
Date: Thu Jan 26 16:41:14 2023 +0000
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15b2124ce80000
commit 5124a0a549857c4b87173280e192eea24dea72ad
git tree: upstream
Author: Ryusuke Konishi <konishi...@gmail.com>
Date: Thu Jan 26 16:41:14 2023 +0000
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
kernel config: https://syzkaller.appspot.com/x/.config?x=ba8d5c9d6c5289f
dashboard link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
dashboard link: https://syzkaller.appspot.com/bug?extid=325e6b0a1e7cf9035cc0
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=120c1f04280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166f8014280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166f8014280000
Reply all
Reply to author
Forward
0 new messages