* [syzbot] [jfs?] WARNING in jfs_rename
@ 2025-05-09 4:43 syzbot
2025-10-12 16:19 ` Forwarded: syzbot
2025-10-12 17:45 ` Forwarded: syzbot
0 siblings, 2 replies; 81+ messages in thread
From: syzbot @ 2025-05-09 4:43 UTC (permalink / raw)
To: jfs-discussion, linux-kernel, shaggy, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: 14c55b7bb0a8 Merge tag 'perf-tools-fixes-for-v6.15-2025-05..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=178078d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a42a9d552788177b
dashboard link: https://syzkaller.appspot.com/bug?extid=9131ddfd7870623b719f
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16845a70580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1681d0f4580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3edd34cd2f74/disk-14c55b7b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a6d9796beefe/vmlinux-14c55b7b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/90e0c0a88995/bzImage-14c55b7b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cb4a6659212d/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=167008f4580000)
Bisection is inconclusive: the issue happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14935a70580000
final oops: https://syzkaller.appspot.com/x/report.txt?x=16935a70580000
console output: https://syzkaller.appspot.com/x/log.txt?x=12935a70580000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9131ddfd7870623b719f@syzkaller.appspotmail.com
loop0: detected capacity change from 0 to 32768
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5815 at fs/inode.c:417 drop_nlink+0xc5/0x110 fs/inode.c:417
Modules linked in:
CPU: 0 UID: 0 PID: 5815 Comm: syz-executor240 Not tainted 6.15.0-rc4-syzkaller-00319-g14c55b7bb0a8 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
RIP: 0010:drop_nlink+0xc5/0x110 fs/inode.c:417
Code: 70 07 00 00 be 08 00 00 00 e8 b7 84 e8 ff f0 48 ff 83 70 07 00 00 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc e8 0c b3 88 ff 90 <0f> 0b 90 eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5b ff ff ff
RSP: 0018:ffffc9000403f8b0 EFLAGS: 00010293
RAX: ffffffff82371c54 RBX: ffff88807ab92910 RCX: ffff888068d38000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffea0001ebfef7 R09: 1ffffd40003d7fde
R10: dffffc0000000000 R11: fffff940003d7fdf R12: 1ffff1100f57252b
R13: 1ffff92000807f28 R14: ffff88807ab92958 R15: dffffc0000000000
FS: 0000555585560380(0000) GS:ffff8881260fd000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 000000007eb1a000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
jfs_rename+0xbb3/0x1610 fs/jfs/namei.c:1247
vfs_rename+0xb99/0xec0 fs/namei.c:5121
do_renameat2+0x878/0xc50 fs/namei.c:5270
__do_sys_rename fs/namei.c:5317 [inline]
__se_sys_rename fs/namei.c:5315 [inline]
__x64_sys_rename+0x82/0x90 fs/namei.c:5315
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff16a8d0639
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc9b984ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
RAX: ffffffffffffffda RBX: 00007ffc9b984c98 RCX: 00007ff16a8d0639
RDX: 0000000000000000 RSI: 0000200000000780 RDI: 00002000000003c0
RBP: 00007ff16a949610 R08: 0000000000006221 R09: 0000000000000000
R10: 00007ffc9b984980 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc9b984c88 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-14 17:53 [syzbot] [gfs2?] UBSAN: shift-out-of-bounds in gfs2_dir_read (2) syzbot
@ 2025-07-15 14:15 ` syzbot
2025-07-15 14:29 ` Forwarded: syzbot
2025-07-16 6:28 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-15 14:15 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-14 17:53 [syzbot] [gfs2?] UBSAN: shift-out-of-bounds in gfs2_dir_read (2) syzbot
2025-07-15 14:15 ` Forwarded: syzbot
@ 2025-07-15 14:29 ` syzbot
2025-07-16 6:28 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-15 14:29 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-14 17:53 [syzbot] [gfs2?] UBSAN: shift-out-of-bounds in gfs2_dir_read (2) syzbot
2025-07-15 14:15 ` Forwarded: syzbot
2025-07-15 14:29 ` Forwarded: syzbot
@ 2025-07-16 6:28 ` syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-16 6:28 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-17 19:14 [syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea syzbot
@ 2025-07-19 7:57 ` syzbot
2025-07-20 6:54 ` Forwarded: syzbot
2025-07-20 7:29 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-19 7:57 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz-test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-17 3:31 [syzbot] [arm?] [crypto?] [bcachefs?] KASAN: slab-use-after-free Read in neon_poly1305_update syzbot
@ 2025-07-19 22:01 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-19 22:01 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Move bset size check before csum check
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-11-29 12:12 [syzbot] [bcachefs?] kernel BUG in bch2_btree_path_peek_slot syzbot
@ 2025-07-19 22:03 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-19 22:03 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: fix assert in bch2_btree_path_traverse_cached()
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-06 21:30 [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in __bch2_alloc_to_v4 syzbot
@ 2025-07-19 22:04 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-19 22:04 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Fix __bch2_alloc_to_v4 copy
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-14 10:38 [syzbot] [bcachefs?] WARNING in bch2_printbuf_make_room syzbot
@ 2025-07-19 23:27 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-19 23:27 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: fix the memory leak in exception case
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-02-04 14:07 [syzbot] [net?] general protection fault in ip6_pol_route (3) syzbot
@ 2025-07-20 4:02 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 4:02 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: net
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-03-16 18:05 [syzbot] [mm?] [bcachefs?] general protection fault in xas_create syzbot
@ 2025-07-20 4:03 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 4:03 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: mm
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-02-14 19:59 [syzbot] [mm?] [bcachefs?] KASAN: slab-out-of-bounds Read in folio_try_get syzbot
@ 2025-07-20 4:04 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 4:04 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: mm
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-02-06 17:01 [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in xas_reload syzbot
@ 2025-07-20 4:05 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 4:05 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: mm
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-10 19:15 [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text syzbot
@ 2025-07-20 4:06 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 4:06 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Don't trust sb->nr_devices in members_to_text()
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-17 19:14 [syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea syzbot
2025-07-19 7:57 ` Forwarded: syzbot
@ 2025-07-20 6:54 ` syzbot
2025-07-20 7:29 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 6:54 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz-test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-17 19:14 [syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea syzbot
2025-07-19 7:57 ` Forwarded: syzbot
2025-07-20 6:54 ` Forwarded: syzbot
@ 2025-07-20 7:29 ` syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 7:29 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: purvayeshi550@gmail.com
#syz-test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-03-25 5:16 [syzbot] [bcachefs?] INFO: task hung in __bch2_fsck_err syzbot
@ 2025-07-20 14:42 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 14:42 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Fix possible console lock involved deadlock
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-24 1:52 [syzbot] [block?] [bcachefs?] kernel BUG in blk_mq_end_request syzbot
@ 2025-07-20 14:44 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 14:44 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: block
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-11-25 13:27 [syzbot] [bcachefs?] KASAN: use-after-free Read in bch2_btree_node_read_done syzbot
@ 2025-07-20 14:54 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 14:54 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Move bset size check before csum check
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-11 12:57 [syzbot] [bcachefs?] KASAN: use-after-free Read in bch2_checksum syzbot
@ 2025-07-20 14:55 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 14:55 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Move bset size check before csum check
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-31 18:28 [syzbot] [bcachefs?] WARNING in bch2_fs_journal_start syzbot
@ 2025-07-20 17:30 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 17:30 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Don't allow mounting with crazy numbers of dirty journal entries
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-14 17:09 [syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work syzbot
@ 2025-07-20 17:34 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-20 17:34 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: bluetooth
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-07-18 1:20 [syzbot] [bcachefs?] BUG: unable to handle kernel paging request in bch2_dirent_to_text syzbot
@ 2025-07-21 17:30 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-21 17:30 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Add missing validation for superblock section clean
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-02-12 11:52 [syzbot] [bcachefs?] kernel BUG in bch2_journal_keys_peek_max syzbot
@ 2025-07-21 17:37 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-21 17:37 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: btree_iter: fix updates, journal overlay
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-11-29 8:43 [syzbot] [bcachefs?] general protection fault in bch2_prt_vprintf syzbot
@ 2025-07-22 16:18 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-22 16:18 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: journal_entry_btree_keys_to_text() is more careful
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-04-19 8:36 [syzbot] [block?] [bcachefs?] kernel panic: KASAN: panic_on_warn set syzbot
@ 2025-07-22 17:56 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-22 17:56 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: block fs
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-12 20:55 [syzbot] [bcachefs?] possible deadlock in __bch2_folio_reservation_get (2) syzbot
@ 2025-07-22 18:22 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-22 18:22 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Fix possible console lock involved deadlock
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-01-20 2:27 [syzbot] [bcachefs?] possible deadlock in bch2_trans_begin syzbot
@ 2025-07-22 18:23 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-22 18:23 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Fix possible console lock involved deadlock
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-13 10:19 [syzbot] BUG: Bad rss-counter state (5) syzbot
@ 2025-07-22 18:31 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-22 18:31 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: mm: memory: extend finish_fault() to support large folio
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-31 8:43 [syzbot] [bcachefs?] INFO: task hung in bch2_copygc_stop syzbot
@ 2025-07-23 1:17 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-23 1:17 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Increase BCH_MIN_NR_NBUCKETS
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-03 17:32 [syzbot] [bcachefs?] INFO: task hung in __closure_sync syzbot
@ 2025-07-23 1:18 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-23 1:18 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Increase BCH_MIN_NR_NBUCKETS
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-04 7:58 [syzbot] [bcachefs?] WARNING in bchfs_truncate syzbot
@ 2025-07-23 1:21 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-23 1:21 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Increase BCH_MIN_NR_NBUCKETS
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-06-15 9:58 [syzbot] [bcachefs?] INFO: task hung in __bch2_fs_stop syzbot
@ 2025-07-23 1:56 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-23 1:56 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Increase BCH_MIN_NR_NBUCKETS
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-04-16 17:47 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_alloc_sectors_start_trans (2) syzbot
@ 2025-07-23 10:59 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-23 10:59 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Add missing ei_last_dirtied update
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-03-30 8:27 [syzbot] [afs?] WARNING: ODEBUG bug in delete_node (3) syzbot
@ 2025-07-24 15:32 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-07-24 15:32 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz set subsystems: afs
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-31 9:11 [syzbot] [bcachefs?] kernel BUG in bch2_btree_repair_topology_recurse syzbot
@ 2025-08-01 23:03 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-01 23:03 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: btree_check_root_boundaries()
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-30 21:21 [syzbot] [bcachefs?] kernel panic: in transaction restart: transaction_restart_relock, last restarted by syzbot
@ 2025-08-03 18:30 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-03 18:30 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Fix incorrect transaction handling
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-04 7:18 [syzbot] [bcachefs?] UBSAN: array-index-out-of-bounds in bch2_accounting_validate syzbot
@ 2025-08-04 22:56 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-04 22:56 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Ignore accounting key type larger than BCH_DISK_ACCOUNTING_TYPE_NR
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-09-29 7:31 [syzbot] [bcachefs?] possible deadlock in bch2_symlink syzbot
@ 2025-08-04 23:12 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-04 23:12 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: kent.overstreet@linux.dev
#syz fix: bcachefs: Don't lock inode around page_symlink
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-16 3:08 [syzbot] [usb?] UBSAN: shift-out-of-bounds in ax88772_bind syzbot
@ 2025-08-17 19:42 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-17 19:42 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: abinashsinghlalotra@gmail.com
#syz test
--- a/drivers/net/usb/asix_devices.c
+++ b/drivers/net/usb/asix_devices.c
@@ -872,6 +872,11 @@ static int ax88772_bind(struct usbnet *dev, struct
usb_interface *intf)
if (ret < 0)
return ret;
+ if (ret >= 32) {
+ netdev_warn(dev->net, "Invalid PHY address %d, clamping\n", ret);
+ return -EINVAL;
+ }
+
priv->phy_addr = ret;
priv->embd_phy = ((priv->phy_addr & 0x1f) == AX_EMBD_PHY_ADDR);
--
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-16 3:08 [syzbot] [overlayfs?] WARNING in shmem_unlink syzbot
@ 2025-08-17 19:52 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-08-17 19:52 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: abinashsinghlalotra@gmail.com
#syz test
--- a/fs/overlayfs/dir.c
+++ b/fs/overlayfs/dir.c
@@ -33,6 +33,12 @@ static int ovl_cleanup_locked(struct dentry *workdir,
struct dentry *dentry)
struct inode *dir = d_inode(workdir);
struct inode *inode = d_inode(dentry);
+ /* Avoid unlinking an already unlinked inode */
+ if (inode && inode->i_nlink == 0) {
+ d_drop(dentry);
+ return 0;
+ }
+
if (ovl_is_whiteout(dentry))
return ovl_remove_and_whiteout(workdir, dentry, true);
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-13 8:00 [syzbot] [sound?] linux-next test error: general protection fault in snd_seq_oss_midi_check_new_port syzbot
@ 2025-09-01 8:48 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-01 8:48 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: nogikh@google.com
No longer relevant
#syz invalid
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-07-01 12:30 [syzbot] [fs?] linux-next test error: WARNING: suspicious RCU usage in proc_sys_compare syzbot
@ 2025-09-01 8:49 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-01 8:49 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: nogikh@google.com
no longer relevant
#syz invalid
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-01 7:54 [syzbot] [dri?] upstream test error: WARNING in __ww_mutex_wound syzbot
@ 2025-09-01 8:51 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-01 8:51 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: nogikh@google.com
#syz invalid
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-08-07 17:05 [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_dev_up (2) syzbot
@ 2025-09-17 10:45 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-17 10:45 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: deepak.takumi.120@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-05-09 14:45 [syzbot] [gfs2?] WARNING in gfs2_ri_update (2) syzbot
@ 2025-09-18 19:46 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-18 19:46 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: kriish.sharma2006@gmail.com
#syz test
diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c
index 26d6c1eea559..a879e8030568 100644
--- a/fs/gfs2/rgrp.c
+++ b/fs/gfs2/rgrp.c
@@ -760,7 +760,7 @@ static int compute_bitstructs(struct gfs2_rgrpd *rgd)
u32 bytes_left, bytes;
int x;
- if (!length)
+ if (!length || length > KMALLOC_MAX_SIZE / sizeof(struct
gfs2_bitmap))
return -EINVAL;
rgd->rd_bits = kcalloc(length, sizeof(struct gfs2_bitmap),
GFP_NOFS);
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-09-03 17:36 [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in change_page_attr_set_clr syzbot
@ 2025-09-29 7:50 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-09-29 7:50 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: nooraineqbal@gmail.com
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
Resending this patch in the existing thread with a '#syz test:' directive
so syzbot can test it.
From 1bb35c6722b8fb03e9262f6e6530d240629a44df Mon Sep 17 00:00:00 2001
From: neqbal <nooraineqbal@gmail.com>
Date: Sun, 28 Sep 2025 03:52:44 +0530
Subject: [PATCH] x86/mm: Fix off-by-one error in set_memory
Correct end page calculation by subtracting 1 to prevent
out-of-bounds access.
Reported-by: syzbot+e34177f6091df113ef20@syzkaller.appspotmail.com
Signed-off-by: neqbal <nooraineqbal@gmail.com>
---
arch/x86/mm/pat/set_memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index d2d54b8c4dbb..daefc96403f1 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -446,7 +446,7 @@ static void cpa_flush(struct cpa_data *cpa, int cache)
}
start = fix_addr(__cpa_addr(cpa, 0));
- end = fix_addr(__cpa_addr(cpa, cpa->numpages));
+ end = fix_addr(__cpa_addr(cpa, cpa->numpages - 1));
if (cpa->force_flush_all)
end = TLB_FLUSH_ALL;
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-05 23:30 [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer (3) syzbot
@ 2025-10-07 21:52 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-07 21:52 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
fs/ntfs3/index.c | 10 +++++-----
fs/ntfs3/ntfs.h | 5 ++++-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c
index 6d1bf890929d..2e512abc7000 100644
--- a/fs/ntfs3/index.c
+++ b/fs/ntfs3/index.c
@@ -1808,7 +1808,7 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
CLST new_vbn;
__le64 t_vbn, *sub_vbn;
u16 sp_size;
- void *hdr1_saved = NULL;
+ void *blk1_saved = NULL;
/* Try the most easy case. */
e = fnd->level - 1 == level ? fnd->de[level] : NULL;
@@ -1842,8 +1842,8 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
memcpy(up_e, sp, sp_size);
used1 = le32_to_cpu(hdr1->used);
- hdr1_saved = kmemdup(hdr1, used1, GFP_NOFS);
- if (!hdr1_saved) {
+ blk1_saved = kmemdup(&n1->index->blk, used1, GFP_NOFS);
+ if (!blk1_saved) {
err = -ENOMEM;
goto out;
}
@@ -1924,13 +1924,13 @@ indx_insert_into_buffer(struct ntfs_index *indx, struct ntfs_inode *ni,
* Undo critical operations.
*/
indx_mark_free(indx, ni, new_vbn >> indx->idx2vbn_bits);
- memcpy(hdr1, hdr1_saved, used1);
+ memcpy(&n1->index->blk, blk1_saved, used1);
indx_write(indx, ni, n1, 0);
}
out:
kfree(up_e);
- kfree(hdr1_saved);
+ kfree(blk1_saved);
return err;
}
diff --git a/fs/ntfs3/ntfs.h b/fs/ntfs3/ntfs.h
index 552b97905813..d5e2b22eacd7 100644
--- a/fs/ntfs3/ntfs.h
+++ b/fs/ntfs3/ntfs.h
@@ -754,7 +754,10 @@ static inline bool hdr_has_subnode(const struct INDEX_HDR *hdr)
struct INDEX_BUFFER {
struct NTFS_RECORD_HEADER rhdr; // 'INDX'
__le64 vbn; // 0x10: vcn if index >= cluster or vsn id index < cluster
- struct INDEX_HDR ihdr; // 0x18:
+ struct_group(blk,
+ struct INDEX_HDR ihdr; // 0x18:
+ u8 data[]; // NTFS_DE entries
+ );
};
static_assert(sizeof(struct INDEX_BUFFER) == 0x28);
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-09 4:43 [syzbot] [jfs?] WARNING in jfs_rename syzbot
@ 2025-10-12 16:19 ` syzbot
2025-10-12 17:45 ` Forwarded: syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-12 16:19 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/jfs/namei.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 65a218eba8fa..37cd16a423c5 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -1228,7 +1228,7 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
jfs_err("jfs_rename: dtInsert returned -EIO");
goto out_tx;
}
- if (S_ISDIR(old_ip->i_mode))
+ if (S_ISDIR(old_ip->i_mode) && old_dir != new_dir)
inc_nlink(new_dir);
}
/*
@@ -1244,8 +1244,9 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
goto out_tx;
}
if (S_ISDIR(old_ip->i_mode)) {
- drop_nlink(old_dir);
if (old_dir != new_dir) {
+ drop_nlink(old_dir);
+
/*
* Change inode number of parent for moved directory
*/
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-05-09 4:43 [syzbot] [jfs?] WARNING in jfs_rename syzbot
2025-10-12 16:19 ` Forwarded: syzbot
@ 2025-10-12 17:45 ` syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-12 17:45 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/jfs/namei.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 65a218eba8fa..7879c049632b 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -1228,7 +1228,7 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
jfs_err("jfs_rename: dtInsert returned -EIO");
goto out_tx;
}
- if (S_ISDIR(old_ip->i_mode))
+ if (S_ISDIR(old_ip->i_mode) && old_dir != new_dir)
inc_nlink(new_dir);
}
/*
@@ -1244,7 +1244,9 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir,
goto out_tx;
}
if (S_ISDIR(old_ip->i_mode)) {
- drop_nlink(old_dir);
+ if (new_ip || old_dir != new_dir)
+ drop_nlink(old_dir);
+
if (old_dir != new_dir) {
/*
* Change inode number of parent for moved directory
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
@ 2025-10-13 13:38 ` syzbot
2025-10-14 15:24 ` Forwarded: syzbot
` (4 subsequent siblings)
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-13 13:38 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/minix/namei.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..86779a6ec1a7 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -224,7 +224,7 @@ static int minix_rename(struct mnt_idmap *idmap,
err = minix_add_link(new_dentry, old_inode);
if (err)
goto out_dir;
- if (dir_de)
+ if (dir_de && old_dir != new_dir)
inode_inc_link_count(new_dir);
}
@@ -236,7 +236,7 @@ static int minix_rename(struct mnt_idmap *idmap,
if (dir_de) {
err = minix_set_link(dir_de, dir_folio, new_dir);
- if (!err)
+ if (!err && (new_inode || old_dir != new_dir))
inode_dec_link_count(old_dir);
}
out_dir:
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-01-08 12:17 [syzbot] [fs?] WARNING in minix_rmdir syzbot
@ 2025-10-14 13:36 ` syzbot
2025-11-02 12:47 ` Forwarded: syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-14 13:36 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/minix/inode.c | 14 ++++++++++++++
fs/minix/namei.c | 22 ++++++++++++++--------
2 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index f007e389d5d2..e27907fc9bf2 100644
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -517,6 +517,13 @@ static struct inode *V1_minix_iget(struct inode *inode)
iget_failed(inode);
return ERR_PTR(-ESTALE);
}
+ if (S_ISDIR(raw_inode->i_mode) && raw_inode->i_nlinks == 1) {
+ printk("MINIX-fs: directory inode (%lu) has single i_nlink\n",
+ inode->i_ino);
+ brelse(bh);
+ iget_failed(inode);
+ return ERR_PTR(-EIO);
+ }
inode->i_mode = raw_inode->i_mode;
i_uid_write(inode, raw_inode->i_uid);
i_gid_write(inode, raw_inode->i_gid);
@@ -555,6 +562,13 @@ static struct inode *V2_minix_iget(struct inode *inode)
iget_failed(inode);
return ERR_PTR(-ESTALE);
}
+ if (S_ISDIR(raw_inode->i_mode) && raw_inode->i_nlinks == 1) {
+ printk("MINIX-fs: directory inode (%lu) has single i_nlink\n",
+ inode->i_ino);
+ brelse(bh);
+ iget_failed(inode);
+ return ERR_PTR(-EIO);
+ }
inode->i_mode = raw_inode->i_mode;
i_uid_write(inode, raw_inode->i_uid);
i_gid_write(inode, raw_inode->i_gid);
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..8297ee6651a1 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -161,15 +161,21 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
static int minix_rmdir(struct inode * dir, struct dentry *dentry)
{
struct inode * inode = d_inode(dentry);
- int err = -ENOTEMPTY;
-
- if (minix_empty_dir(inode)) {
- err = minix_unlink(dir, dentry);
- if (!err) {
- inode_dec_link_count(dir);
- inode_dec_link_count(inode);
- }
+ int err = -EIO;
+
+ if (dir->i_nlink <= 2)
+ goto out;
+
+ err = -ENOTEMPTY;
+ if (!minix_empty_dir(inode))
+ goto out;
+
+ err = minix_unlink(dir, dentry);
+ if (!err) {
+ inode_dec_link_count(dir);
+ inode_dec_link_count(inode);
}
+out:
return err;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
2025-10-13 13:38 ` Forwarded: syzbot
@ 2025-10-14 15:24 ` syzbot
2025-11-02 14:41 ` Forwarded: syzbot
` (3 subsequent siblings)
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-14 15:24 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/minix/inode.c | 14 ++++++++++++++
fs/minix/namei.c | 22 ++++++++++++++--------
2 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index f007e389d5d2..e27907fc9bf2 100644
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -517,6 +517,13 @@ static struct inode *V1_minix_iget(struct inode *inode)
iget_failed(inode);
return ERR_PTR(-ESTALE);
}
+ if (S_ISDIR(raw_inode->i_mode) && raw_inode->i_nlinks == 1) {
+ printk("MINIX-fs: directory inode (%lu) has single i_nlink\n",
+ inode->i_ino);
+ brelse(bh);
+ iget_failed(inode);
+ return ERR_PTR(-EIO);
+ }
inode->i_mode = raw_inode->i_mode;
i_uid_write(inode, raw_inode->i_uid);
i_gid_write(inode, raw_inode->i_gid);
@@ -555,6 +562,13 @@ static struct inode *V2_minix_iget(struct inode *inode)
iget_failed(inode);
return ERR_PTR(-ESTALE);
}
+ if (S_ISDIR(raw_inode->i_mode) && raw_inode->i_nlinks == 1) {
+ printk("MINIX-fs: directory inode (%lu) has single i_nlink\n",
+ inode->i_ino);
+ brelse(bh);
+ iget_failed(inode);
+ return ERR_PTR(-EIO);
+ }
inode->i_mode = raw_inode->i_mode;
i_uid_write(inode, raw_inode->i_uid);
i_gid_write(inode, raw_inode->i_gid);
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..8297ee6651a1 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -161,15 +161,21 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
static int minix_rmdir(struct inode * dir, struct dentry *dentry)
{
struct inode * inode = d_inode(dentry);
- int err = -ENOTEMPTY;
-
- if (minix_empty_dir(inode)) {
- err = minix_unlink(dir, dentry);
- if (!err) {
- inode_dec_link_count(dir);
- inode_dec_link_count(inode);
- }
+ int err = -EIO;
+
+ if (dir->i_nlink <= 2)
+ goto out;
+
+ err = -ENOTEMPTY;
+ if (!minix_empty_dir(inode))
+ goto out;
+
+ err = minix_unlink(dir, dentry);
+ if (!err) {
+ inode_dec_link_count(dir);
+ inode_dec_link_count(inode);
}
+out:
return err;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-17 5:53 [syzbot] [net?] kernel BUG in set_ipsecrequest syzbot
@ 2025-10-20 11:19 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-20 11:19 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: clf700383@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
From 6dc2deb09faf7d53707cc9e75e175b09644fd181 Mon Sep 17 00:00:00 2001
From: clingfei <clf700383@gmail.com>
Date: Mon, 20 Oct 2025 13:48:54 +0800
Subject: [PATCH] fix integer overflow in set_ipsecrequest
syzbot reported a kernel BUG in set_ipsecrequest() due to an skb_over_panic.
The mp->new_family and mp->old_family is u16, while set_ipsecrequest receives
family as uint8_t, causing a integer overflow and the later size_req calculation
error, which exceeds the size used in alloc_skb, and ultimately triggered the
kernel bug in skb_put.
Reported-by: syzbot+be97dd4da14ae88b6ba4@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=be97dd4da14ae88b6ba4
Signed-off-by: Cheng Lingfei <clf700383@gmail.com>
---
net/key/af_key.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 2ebde0352245..08f4cde01994 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3518,7 +3518,7 @@ static int set_sadb_kmaddress(struct sk_buff *skb, const struct xfrm_kmaddress *
static int set_ipsecrequest(struct sk_buff *skb,
uint8_t proto, uint8_t mode, int level,
- uint32_t reqid, uint8_t family,
+ uint32_t reqid, uint16_t family,
const xfrm_address_t *src, const xfrm_address_t *dst)
{
struct sadb_x_ipsecrequest *rq;
--
2.34.1
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-09-17 22:54 [syzbot] [bfs?] INFO: task hung in bfs_lookup (6) syzbot
@ 2025-10-20 18:09 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-20 18:09 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: zlatistiv@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-09-17 22:55 [syzbot] [ntfs3?] KMSAN: uninit-value in ntfs_read_hdr (3) syzbot
@ 2025-10-26 15:54 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-26 15:54 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: kubik.bartlomiej@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-24 23:10 [syzbot] [jfs?] general protection fault in inode_set_ctime_current syzbot
@ 2025-10-27 23:06 ` syzbot
2025-10-28 17:25 ` Forwarded: syzbot
2025-10-28 20:53 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-27 23:06 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index 0ab83bb7bbdf..07dd01c79ca2 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -170,8 +170,8 @@ static void dtGetKey(dtpage_t * p, int i, struct component_name * key,
static int ciGetLeafPrefixKey(dtpage_t * lp, int li, dtpage_t * rp,
int ri, struct component_name * key, int flag);
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
- ddata_t * data, struct dt_lock **);
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+ ddata_t * data, struct dt_lock **);
static void dtMoveEntry(dtpage_t * sp, int si, dtpage_t * dp,
struct dt_lock ** sdtlock, struct dt_lock ** ddtlock,
@@ -891,7 +891,8 @@ int dtInsert(tid_t tid, struct inode *ip,
lv->length = 1;
dtlck->index++;
- dtInsertEntry(p, index, name, &data, &dtlck);
+ if (!(rc = dtInsertEntry(p, index, name, &data, &dtlck)))
+ return rc;
/* linelock stbl of non-root leaf page */
if (!(p->header.flag & BT_ROOT)) {
@@ -3627,7 +3628,7 @@ static void dtGetKey(dtpage_t * p, int i, /* entry index */
*
* return: entry slot index
*/
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
ddata_t * data, struct dt_lock ** dtlock)
{
struct dtslot *h, *t;
@@ -3649,6 +3650,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* allocate a free slot */
hsi = fsi = p->header.freelist;
+ if (fsi >= p->header.maxslot) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
h = &p->slot[fsi];
p->header.freelist = h->next;
--p->header.freecnt;
@@ -3697,6 +3702,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
while (klen) {
/* get free slot */
fsi = p->header.freelist;
+ if (fsi >= p->header.maxslot) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
t = &p->slot[fsi];
p->header.freelist = t->next;
--p->header.freecnt;
@@ -3774,6 +3783,8 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* advance next available entry index of stbl */
++p->header.nextindex;
+
+ return 0;
}
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-24 23:10 [syzbot] [jfs?] general protection fault in inode_set_ctime_current syzbot
2025-10-27 23:06 ` Forwarded: syzbot
@ 2025-10-28 17:25 ` syzbot
2025-10-28 18:02 ` Forwarded: Al Viro
2025-10-28 20:53 ` Forwarded: syzbot
2 siblings, 1 reply; 81+ messages in thread
From: syzbot @ 2025-10-28 17:25 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/jfs/jfs_dtree.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index 0ab83bb7bbdf..e919de01c42a 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -170,8 +170,8 @@ static void dtGetKey(dtpage_t * p, int i, struct component_name * key,
static int ciGetLeafPrefixKey(dtpage_t * lp, int li, dtpage_t * rp,
int ri, struct component_name * key, int flag);
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
- ddata_t * data, struct dt_lock **);
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+ ddata_t * data, struct dt_lock **);
static void dtMoveEntry(dtpage_t * sp, int si, dtpage_t * dp,
struct dt_lock ** sdtlock, struct dt_lock ** ddtlock,
@@ -891,7 +891,8 @@ int dtInsert(tid_t tid, struct inode *ip,
lv->length = 1;
dtlck->index++;
- dtInsertEntry(p, index, name, &data, &dtlck);
+ if (!(rc = dtInsertEntry(p, index, name, &data, &dtlck)))
+ return rc;
/* linelock stbl of non-root leaf page */
if (!(p->header.flag & BT_ROOT)) {
@@ -3625,9 +3626,10 @@ static void dtGetKey(dtpage_t * p, int i, /* entry index */
* function: allocate free slot(s) and
* write a leaf/internal entry
*
- * return: entry slot index
+ * * return: 0 - success;
+ * errno - failure;
*/
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
ddata_t * data, struct dt_lock ** dtlock)
{
struct dtslot *h, *t;
@@ -3649,6 +3651,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* allocate a free slot */
hsi = fsi = p->header.freelist;
+ if (fsi >= ((p->header.flag & BT_ROOT) ? DTROOTMAXSLOT : p->header.maxslot)) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
h = &p->slot[fsi];
p->header.freelist = h->next;
--p->header.freecnt;
@@ -3697,6 +3703,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
while (klen) {
/* get free slot */
fsi = p->header.freelist;
+ if (fsi >= ((p->header.flag & BT_ROOT) ? DTROOTMAXSLOT : p->header.maxslot)) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
t = &p->slot[fsi];
p->header.freelist = t->next;
--p->header.freecnt;
@@ -3774,6 +3784,8 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* advance next available entry index of stbl */
++p->header.nextindex;
+
+ return 0;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Re: Forwarded:
2025-10-28 17:25 ` Forwarded: syzbot
@ 2025-10-28 18:02 ` Al Viro
0 siblings, 0 replies; 81+ messages in thread
From: Al Viro @ 2025-10-28 18:02 UTC (permalink / raw)
To: syzbot; +Cc: linux-kernel
On Tue, Oct 28, 2025 at 10:25:20AM -0700, syzbot wrote:
> For archival purposes, forwarding an incoming command email to
> linux-kernel@vger.kernel.org.
For fuck sake, either generate a more useful subject, or take
that to a separate list just for syzbot use.
Do you really intend to end up in a bunch of .procmailrc?
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-24 23:10 [syzbot] [jfs?] general protection fault in inode_set_ctime_current syzbot
2025-10-27 23:06 ` Forwarded: syzbot
2025-10-28 17:25 ` Forwarded: syzbot
@ 2025-10-28 20:53 ` syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-10-28 20:53 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/jfs/jfs_dtree.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/fs/jfs/jfs_dtree.c b/fs/jfs/jfs_dtree.c
index 0ab83bb7bbdf..e919de01c42a 100644
--- a/fs/jfs/jfs_dtree.c
+++ b/fs/jfs/jfs_dtree.c
@@ -170,8 +170,8 @@ static void dtGetKey(dtpage_t * p, int i, struct component_name * key,
static int ciGetLeafPrefixKey(dtpage_t * lp, int li, dtpage_t * rp,
int ri, struct component_name * key, int flag);
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
- ddata_t * data, struct dt_lock **);
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+ ddata_t * data, struct dt_lock **);
static void dtMoveEntry(dtpage_t * sp, int si, dtpage_t * dp,
struct dt_lock ** sdtlock, struct dt_lock ** ddtlock,
@@ -891,7 +891,8 @@ int dtInsert(tid_t tid, struct inode *ip,
lv->length = 1;
dtlck->index++;
- dtInsertEntry(p, index, name, &data, &dtlck);
+ if (!(rc = dtInsertEntry(p, index, name, &data, &dtlck)))
+ return rc;
/* linelock stbl of non-root leaf page */
if (!(p->header.flag & BT_ROOT)) {
@@ -3625,9 +3626,10 @@ static void dtGetKey(dtpage_t * p, int i, /* entry index */
* function: allocate free slot(s) and
* write a leaf/internal entry
*
- * return: entry slot index
+ * * return: 0 - success;
+ * errno - failure;
*/
-static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
+static int dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
ddata_t * data, struct dt_lock ** dtlock)
{
struct dtslot *h, *t;
@@ -3649,6 +3651,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* allocate a free slot */
hsi = fsi = p->header.freelist;
+ if (fsi >= ((p->header.flag & BT_ROOT) ? DTROOTMAXSLOT : p->header.maxslot)) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
h = &p->slot[fsi];
p->header.freelist = h->next;
--p->header.freecnt;
@@ -3697,6 +3703,10 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
while (klen) {
/* get free slot */
fsi = p->header.freelist;
+ if (fsi >= ((p->header.flag & BT_ROOT) ? DTROOTMAXSLOT : p->header.maxslot)) {
+ jfs_err("Encountered corrupted dtpage before insert");
+ return -EIO;
+ }
t = &p->slot[fsi];
p->header.freelist = t->next;
--p->header.freecnt;
@@ -3774,6 +3784,8 @@ static void dtInsertEntry(dtpage_t * p, int index, struct component_name * key,
/* advance next available entry index of stbl */
++p->header.nextindex;
+
+ return 0;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-01-08 12:17 [syzbot] [fs?] WARNING in minix_rmdir syzbot
2025-10-14 13:36 ` Forwarded: syzbot
@ 2025-11-02 12:47 ` syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 12:47 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/minix/minix.h | 2 ++
fs/minix/namei.c | 26 ++++++++++++++++++--------
2 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/fs/minix/minix.h b/fs/minix/minix.h
index d54273c3c9ff..ce62cb61186d 100644
--- a/fs/minix/minix.h
+++ b/fs/minix/minix.h
@@ -168,4 +168,6 @@ static inline int minix_test_bit(int nr, const void *vaddr)
#endif
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif /* FS_MINIX_H */
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..a8d5a7e22b7b 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -161,15 +161,25 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
static int minix_rmdir(struct inode * dir, struct dentry *dentry)
{
struct inode * inode = d_inode(dentry);
- int err = -ENOTEMPTY;
-
- if (minix_empty_dir(inode)) {
- err = minix_unlink(dir, dentry);
- if (!err) {
- inode_dec_link_count(dir);
- inode_dec_link_count(inode);
- }
+ int err = -EFSCORRUPTED;
+
+ if (dir->i_nlink <= 2) {
+ printk(KERN_CRIT "minix-fs error: directory inode has "
+ "corrupted nlink");
+ goto out;
}
+
+ err = -ENOTEMPTY;
+ if (!minix_empty_dir(inode))
+ goto out;
+
+ err = minix_unlink(dir, dentry);
+ if (!err) {
+ inode_dec_link_count(dir);
+ inode_dec_link_count(inode);
+ }
+
+out:
return err;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
2025-10-13 13:38 ` Forwarded: syzbot
2025-10-14 15:24 ` Forwarded: syzbot
@ 2025-11-02 14:41 ` syzbot
2025-11-02 14:56 ` Forwarded: syzbot
` (2 subsequent siblings)
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 14:41 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index a8d5a7e22b7b..8648d860ef0c 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -218,6 +218,13 @@ static int minix_rename(struct mnt_idmap *idmap,
if (dir_de && !minix_empty_dir(new_inode))
goto out_dir;
+ err = -EFSCORRUPTED;
+ if (dir_de && new_inode->i_nlink != 2) {
+ printk(KERN_CRIT "minix-fs error: directory inode has "
+ "corrupted nlink");
+ goto out_dir;
+ }
+
err = -ENOENT;
new_de = minix_find_entry(new_dentry, &new_folio);
if (!new_de)
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
` (2 preceding siblings ...)
2025-11-02 14:41 ` Forwarded: syzbot
@ 2025-11-02 14:56 ` syzbot
2025-11-02 15:50 ` Forwarded: syzbot
2025-11-02 16:58 ` Forwarded: syzbot
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 14:56 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/minix/minix.h b/fs/minix/minix.h
index d54273c3c9ff..ce62cb61186d 100644
--- a/fs/minix/minix.h
+++ b/fs/minix/minix.h
@@ -168,4 +168,6 @@ static inline int minix_test_bit(int nr, const void *vaddr)
#endif
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif /* FS_MINIX_H */
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index a8d5a7e22b7b..8648d860ef0c 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -218,6 +218,13 @@ static int minix_rename(struct mnt_idmap *idmap,
if (dir_de && !minix_empty_dir(new_inode))
goto out_dir;
+ err = -EFSCORRUPTED;
+ if (dir_de && new_inode->i_nlink != 2) {
+ printk(KERN_CRIT "minix-fs error: directory inode has "
+ "corrupted nlink");
+ goto out_dir;
+ }
+
err = -ENOENT;
new_de = minix_find_entry(new_dentry, &new_folio);
if (!new_de)
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
` (3 preceding siblings ...)
2025-11-02 14:56 ` Forwarded: syzbot
@ 2025-11-02 15:50 ` syzbot
2025-11-02 16:58 ` Forwarded: syzbot
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 15:50 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/minix/minix.h b/fs/minix/minix.h
index d54273c3c9ff..ce62cb61186d 100644
--- a/fs/minix/minix.h
+++ b/fs/minix/minix.h
@@ -168,4 +168,6 @@ static inline int minix_test_bit(int nr, const void *vaddr)
#endif
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif /* FS_MINIX_H */
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..493a75eff2c9 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -208,6 +218,13 @@ static int minix_rename(struct mnt_idmap *idmap,
if (dir_de && !minix_empty_dir(new_inode))
goto out_dir;
+ err = -EFSCORRUPTED;
+ if (new_inode->i_nlink == 0 || (dir_de && new_inode->i_nlink != 2)) {
+ printk(KERN_CRIT "minix-fs error: inode (ino: %ld) "
+ "has corrupted nlink", new_inode->i_ino);
+ goto out_dir;
+ }
+
err = -ENOENT;
new_de = minix_find_entry(new_dentry, &new_folio);
if (!new_de)
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-29 0:12 [syzbot] [ntfs3?] WARNING in ntfs_fill_super (2) syzbot
@ 2025-11-02 16:40 ` syzbot
2025-11-03 13:28 ` Forwarded: syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 16:40 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c
index aae1f32f4dab..f193912d8632 100644
--- a/fs/ntfs3/super.c
+++ b/fs/ntfs3/super.c
@@ -704,8 +704,8 @@ static void ntfs_put_super(struct super_block *sb)
ntfs_set_state(sbi, NTFS_DIRTY_CLEAR);
if (sbi->options) {
+ kfree(sbi->options->nls_name);
unload_nls(sbi->options->nls);
- kfree(sbi->options->nls);
kfree(sbi->options);
sbi->options = NULL;
}
@@ -1670,8 +1670,8 @@ static int ntfs_fill_super(struct super_block *sb, struct fs_context *fc)
iput(inode);
out:
if (sbi && sbi->options) {
+ kfree(sbi->options->nls_name);
unload_nls(sbi->options->nls);
- kfree(sbi->options->nls);
kfree(sbi->options);
sbi->options = NULL;
}
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
` (4 preceding siblings ...)
2025-11-02 15:50 ` Forwarded: syzbot
@ 2025-11-02 16:58 ` syzbot
5 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 16:58 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/minix/minix.h b/fs/minix/minix.h
index d54273c3c9ff..ce62cb61186d 100644
--- a/fs/minix/minix.h
+++ b/fs/minix/minix.h
@@ -168,4 +168,6 @@ static inline int minix_test_bit(int nr, const void *vaddr)
#endif
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif /* FS_MINIX_H */
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index a8d5a7e22b7b..f18f7474aca4 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -145,6 +145,12 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
struct minix_dir_entry * de;
int err;
+ if (inode->i_nlink < 1) {
+ printk(KERN_CRIT "minix-fs error: inode (ino: %ld) "
+ "has corrupted nlink", inode->i_ino);
+ return -EFSCORRUPTED;
+ }
+
de = minix_find_entry(dentry, &folio);
if (!de)
return -ENOENT;
@@ -218,6 +224,13 @@ static int minix_rename(struct mnt_idmap *idmap,
if (dir_de && !minix_empty_dir(new_inode))
goto out_dir;
+ err = -EFSCORRUPTED;
+ if (new_inode->i_nlink == 0 || (dir_de && new_inode->i_nlink != 2)) {
+ printk(KERN_CRIT "minix-fs error: inode (ino: %ld) "
+ "has corrupted nlink", new_inode->i_ino);
+ goto out_dir;
+ }
+
err = -ENOENT;
new_de = minix_find_entry(new_dentry, &new_folio);
if (!new_de)
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-23 5:35 [syzbot] [hfs?] kernel BUG in hfs_new_inode syzbot
@ 2025-11-02 18:07 ` syzbot
2025-11-02 19:22 ` Forwarded: syzbot
2025-11-03 12:27 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 18:07 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c
index 86a6b317b474..ee1760305380 100644
--- a/fs/hfs/dir.c
+++ b/fs/hfs/dir.c
@@ -196,8 +196,8 @@ static int hfs_create(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, mode);
- if (!inode)
- return -ENOMEM;
+ if (IS_ERR(inode))
+ return PTR_ERR(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
@@ -226,8 +226,8 @@ static struct dentry *hfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, S_IFDIR | mode);
- if (!inode)
- return ERR_PTR(-ENOMEM);
+ if (IS_ERR(inode))
+ return ERR_CAST(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
diff --git a/fs/hfs/hfs_fs.h b/fs/hfs/hfs_fs.h
index fff149af89da..6808b1316b60 100644
--- a/fs/hfs/hfs_fs.h
+++ b/fs/hfs/hfs_fs.h
@@ -273,4 +273,6 @@ static inline void hfs_bitmap_dirty(struct super_block *sb)
__bh; \
})
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 9cd449913dc8..ef46a2d29d6a 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -188,7 +188,7 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
s64 folder_count;
if (!inode)
- return NULL;
+ return ERR_PTR(-ENOMEM);
mutex_init(&HFS_I(inode)->extents_lock);
INIT_LIST_HEAD(&HFS_I(inode)->open_dir_list);
@@ -209,7 +209,10 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
if (S_ISDIR(mode)) {
inode->i_size = 2;
folder_count = atomic64_inc_return(&HFS_SB(sb)->folder_count);
- BUG_ON(folder_count > U32_MAX);
+ if (folder_count > U32_MAX) {
+ printk(KERN_CRIT "hfs error: folder count on super block is corrupt");
+ return ERR_PTR(-EFSCORRUPTED);
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_dirs++;
inode->i_op = &hfs_dir_inode_operations;
@@ -219,7 +222,10 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
} else if (S_ISREG(mode)) {
HFS_I(inode)->clump_blocks = HFS_SB(sb)->clumpablks;
file_count = atomic64_inc_return(&HFS_SB(sb)->file_count);
- BUG_ON(file_count > U32_MAX);
+ if (file_count > U32_MAX) {
+ printk(KERN_CRIT "hfs error: file count on super block is corrupt");
+ return ERR_PTR(-EFSCORRUPTED);
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_files++;
inode->i_op = &hfs_file_inode_operations;
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-23 5:35 [syzbot] [hfs?] kernel BUG in hfs_new_inode syzbot
2025-11-02 18:07 ` Forwarded: syzbot
@ 2025-11-02 19:22 ` syzbot
2025-11-03 12:27 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-02 19:22 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c
index 86a6b317b474..ee1760305380 100644
--- a/fs/hfs/dir.c
+++ b/fs/hfs/dir.c
@@ -196,8 +196,8 @@ static int hfs_create(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, mode);
- if (!inode)
- return -ENOMEM;
+ if (IS_ERR(inode))
+ return PTR_ERR(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
@@ -226,8 +226,8 @@ static struct dentry *hfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, S_IFDIR | mode);
- if (!inode)
- return ERR_PTR(-ENOMEM);
+ if (IS_ERR(inode))
+ return ERR_CAST(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
diff --git a/fs/hfs/hfs_fs.h b/fs/hfs/hfs_fs.h
index fff149af89da..6808b1316b60 100644
--- a/fs/hfs/hfs_fs.h
+++ b/fs/hfs/hfs_fs.h
@@ -273,4 +273,6 @@ static inline void hfs_bitmap_dirty(struct super_block *sb)
__bh; \
})
+#define EFSCORRUPTED EUCLEAN /* Filesystem is corrupted */
+
#endif
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 9cd449913dc8..cb74904994cc 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -186,16 +186,22 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
s64 next_id;
s64 file_count;
s64 folder_count;
+ int err = -ENOMEM;
if (!inode)
- return NULL;
+ goto out_err;
+
+ err = -EFSCORRUPTED;
mutex_init(&HFS_I(inode)->extents_lock);
INIT_LIST_HEAD(&HFS_I(inode)->open_dir_list);
spin_lock_init(&HFS_I(inode)->open_dir_lock);
hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name);
next_id = atomic64_inc_return(&HFS_SB(sb)->next_id);
- BUG_ON(next_id > U32_MAX);
+ if (next_id > U32_MAX) {
+ printk(KERN_CRIT "hfs error: next file id on super block is corrupt");
+ goto out_discard;
+ }
inode->i_ino = (u32)next_id;
inode->i_mode = mode;
inode->i_uid = current_fsuid();
@@ -209,7 +215,10 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
if (S_ISDIR(mode)) {
inode->i_size = 2;
folder_count = atomic64_inc_return(&HFS_SB(sb)->folder_count);
- BUG_ON(folder_count > U32_MAX);
+ if (folder_count > U32_MAX) {
+ printk(KERN_CRIT "hfs error: folder count on super block is corrupt");
+ goto out_discard;
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_dirs++;
inode->i_op = &hfs_dir_inode_operations;
@@ -219,7 +228,10 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
} else if (S_ISREG(mode)) {
HFS_I(inode)->clump_blocks = HFS_SB(sb)->clumpablks;
file_count = atomic64_inc_return(&HFS_SB(sb)->file_count);
- BUG_ON(file_count > U32_MAX);
+ if (file_count > U32_MAX) {
+ printk(KERN_CRIT "hfs error: file count on super block is corrupt");
+ goto out_discard;
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_files++;
inode->i_op = &hfs_file_inode_operations;
@@ -243,6 +255,11 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
hfs_mark_mdb_dirty(sb);
return inode;
+
+ out_discard:
+ iput(inode);
+ out_err:
+ return ERR_PTR(err);
}
void hfs_delete_inode(struct inode *inode)
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-23 5:35 [syzbot] [hfs?] kernel BUG in hfs_new_inode syzbot
2025-11-02 18:07 ` Forwarded: syzbot
2025-11-02 19:22 ` Forwarded: syzbot
@ 2025-11-03 12:27 ` syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-03 12:27 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
diff --git a/fs/hfs/dir.c b/fs/hfs/dir.c
index 86a6b317b474..ee1760305380 100644
--- a/fs/hfs/dir.c
+++ b/fs/hfs/dir.c
@@ -196,8 +196,8 @@ static int hfs_create(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, mode);
- if (!inode)
- return -ENOMEM;
+ if (IS_ERR(inode))
+ return PTR_ERR(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
@@ -226,8 +226,8 @@ static struct dentry *hfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
int res;
inode = hfs_new_inode(dir, &dentry->d_name, S_IFDIR | mode);
- if (!inode)
- return ERR_PTR(-ENOMEM);
+ if (IS_ERR(inode))
+ return ERR_CAST(inode);
res = hfs_cat_create(inode->i_ino, dir, &dentry->d_name, inode);
if (res) {
diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 9cd449913dc8..beec6fe7e801 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -186,16 +186,23 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
s64 next_id;
s64 file_count;
s64 folder_count;
+ int err = -ENOMEM;
if (!inode)
- return NULL;
+ goto out_err;
+
+ err = -ENOSPC;
mutex_init(&HFS_I(inode)->extents_lock);
INIT_LIST_HEAD(&HFS_I(inode)->open_dir_list);
spin_lock_init(&HFS_I(inode)->open_dir_lock);
hfs_cat_build_key(sb, (btree_key *)&HFS_I(inode)->cat_key, dir->i_ino, name);
next_id = atomic64_inc_return(&HFS_SB(sb)->next_id);
- BUG_ON(next_id > U32_MAX);
+ if (next_id > U32_MAX) {
+ pr_err("hfs: next file ID exceeds 32-bit limit — possible "
+ "superblock corruption");
+ goto out_discard;
+ }
inode->i_ino = (u32)next_id;
inode->i_mode = mode;
inode->i_uid = current_fsuid();
@@ -209,7 +216,11 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
if (S_ISDIR(mode)) {
inode->i_size = 2;
folder_count = atomic64_inc_return(&HFS_SB(sb)->folder_count);
- BUG_ON(folder_count > U32_MAX);
+ if (folder_count > U32_MAX) {
+ pr_err("hfs: folder count exceeds 32-bit limit — possible "
+ "superblock corruption");
+ goto out_discard;
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_dirs++;
inode->i_op = &hfs_dir_inode_operations;
@@ -219,7 +230,11 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
} else if (S_ISREG(mode)) {
HFS_I(inode)->clump_blocks = HFS_SB(sb)->clumpablks;
file_count = atomic64_inc_return(&HFS_SB(sb)->file_count);
- BUG_ON(file_count > U32_MAX);
+ if (file_count > U32_MAX) {
+ pr_err("hfs: file count exceeds 32-bit limit — possible "
+ "superblock corruption");
+ goto out_discard;
+ }
if (dir->i_ino == HFS_ROOT_CNID)
HFS_SB(sb)->root_files++;
inode->i_op = &hfs_file_inode_operations;
@@ -243,6 +258,11 @@ struct inode *hfs_new_inode(struct inode *dir, const struct qstr *name, umode_t
hfs_mark_mdb_dirty(sb);
return inode;
+
+ out_discard:
+ iput(inode);
+ out_err:
+ return ERR_PTR(err);
}
void hfs_delete_inode(struct inode *inode)
@@ -251,7 +271,6 @@ void hfs_delete_inode(struct inode *inode)
hfs_dbg("ino %lu\n", inode->i_ino);
if (S_ISDIR(inode->i_mode)) {
- BUG_ON(atomic64_read(&HFS_SB(sb)->folder_count) > U32_MAX);
atomic64_dec(&HFS_SB(sb)->folder_count);
if (HFS_I(inode)->cat_key.ParID == cpu_to_be32(HFS_ROOT_CNID))
HFS_SB(sb)->root_dirs--;
@@ -260,7 +279,6 @@ void hfs_delete_inode(struct inode *inode)
return;
}
- BUG_ON(atomic64_read(&HFS_SB(sb)->file_count) > U32_MAX);
atomic64_dec(&HFS_SB(sb)->file_count);
if (HFS_I(inode)->cat_key.ParID == cpu_to_be32(HFS_ROOT_CNID))
HFS_SB(sb)->root_files--;
diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c
index 53f3fae60217..1c3fb631cc8e 100644
--- a/fs/hfs/mdb.c
+++ b/fs/hfs/mdb.c
@@ -273,15 +273,12 @@ void hfs_mdb_commit(struct super_block *sb)
/* These parameters may have been modified, so write them back */
mdb->drLsMod = hfs_mtime();
mdb->drFreeBks = cpu_to_be16(HFS_SB(sb)->free_ablocks);
- BUG_ON(atomic64_read(&HFS_SB(sb)->next_id) > U32_MAX);
mdb->drNxtCNID =
cpu_to_be32((u32)atomic64_read(&HFS_SB(sb)->next_id));
mdb->drNmFls = cpu_to_be16(HFS_SB(sb)->root_files);
mdb->drNmRtDirs = cpu_to_be16(HFS_SB(sb)->root_dirs);
- BUG_ON(atomic64_read(&HFS_SB(sb)->file_count) > U32_MAX);
mdb->drFilCnt =
cpu_to_be32((u32)atomic64_read(&HFS_SB(sb)->file_count));
- BUG_ON(atomic64_read(&HFS_SB(sb)->folder_count) > U32_MAX);
mdb->drDirCnt =
cpu_to_be32((u32)atomic64_read(&HFS_SB(sb)->folder_count));
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-10-29 0:12 [syzbot] [ntfs3?] WARNING in ntfs_fill_super (2) syzbot
2025-11-02 16:40 ` Forwarded: syzbot
@ 2025-11-03 13:28 ` syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-03 13:28 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz dup: WARNING in ntfs_put_super
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-02 23:48 [syzbot] [nbd?] KASAN: slab-use-after-free Write in recv_work (3) syzbot
@ 2025-11-05 14:40 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-05 14:40 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-13 4:26 [syzbot] [kernel?] memory leak in do_timer_create syzbot
@ 2025-11-14 1:20 ` syzbot
2025-11-14 3:54 ` Forwarded: syzbot
2025-11-14 4:17 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-14 1:20 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-13 4:26 [syzbot] [kernel?] memory leak in do_timer_create syzbot
2025-11-14 1:20 ` Forwarded: syzbot
@ 2025-11-14 3:54 ` syzbot
2025-11-14 4:17 ` Forwarded: syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-14 3:54 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-13 4:26 [syzbot] [kernel?] memory leak in do_timer_create syzbot
2025-11-14 1:20 ` Forwarded: syzbot
2025-11-14 3:54 ` Forwarded: syzbot
@ 2025-11-14 4:17 ` syzbot
2 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-14 4:17 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-13 4:38 [syzbot] [input?] [usb?] memory leak in dualshock4_get_calibration_data syzbot
@ 2025-11-15 1:12 ` syzbot
2025-11-15 1:44 ` Forwarded: syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-15 1:12 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-13 4:38 [syzbot] [input?] [usb?] memory leak in dualshock4_get_calibration_data syzbot
2025-11-15 1:12 ` Forwarded: syzbot
@ 2025-11-15 1:44 ` syzbot
1 sibling, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-15 1:44 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: eslam.medhat1993@gmail.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2021-12-13 7:17 [syzbot] UBSAN: shift-out-of-bounds in minix_statfs syzbot
@ 2025-11-17 18:53 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-11-17 18:53 UTC (permalink / raw)
To: linux-kernel
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org.
***
Subject:
Author: jkoolstra@xs4all.nl
#syz test
---
fs/minix/inode.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index 7897f5123b3d..bee191c50010 100644
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -171,7 +171,15 @@ static bool minix_check_superblock(struct super_block *sb)
{
struct minix_sb_info *sbi = minix_sb(sb);
- if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
+ if (sbi->s_log_zone_size != 0) {
+ printk("minix-fs error: zone size must equal block size. "
+ "s_log_zone_size > 0 is not supported.\n");
+ return false;
+ }
+
+ if (sbi->s_imap_blocks < 1 || sbi->s_zmap_blocks < 1 ||
+ sbi->s_ninodes < 1 || sbi->s_firstdatazone <= 4 ||
+ sbi->s_firstdatazone >= sbi->s_nzones)
return false;
/*
--
2.51.2
^ permalink raw reply related [flat|nested] 81+ messages in thread
* Forwarded:
2025-12-07 6:24 [syzbot] [block?] kernel BUG in bio_chain syzbot
@ 2025-12-12 12:17 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-12-12 12:17 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: agruenba@redhat.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2.git
4daba9379bbd702c63459f54ef448746bfeab42d
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2025-11-04 9:17 [syzbot] linux-next build error (24) syzbot
@ 2025-12-17 13:51 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2025-12-17 13:51 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: pimyn@google.com
#syz invalid
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2022-11-25 9:45 [syzbot] kernel BUG in hfs_write_inode syzbot
@ 2026-03-09 23:04 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2026-03-09 23:04 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: contact@gvernon.com
#syz test
^ permalink raw reply [flat|nested] 81+ messages in thread
* Forwarded:
2024-11-21 15:03 [syzbot] [kvm?] WARNING: locking bug in kvm_xen_set_evtchn_fast syzbot
@ 2026-03-15 13:58 ` syzbot
0 siblings, 0 replies; 81+ messages in thread
From: syzbot @ 2026-03-15 13:58 UTC (permalink / raw)
To: linux-kernel, syzkaller-bugs
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject:
Author: klnm1908v@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
master
diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index 91fd3673c09a..e588a188f50a 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -126,23 +126,10 @@ static enum hrtimer_restart
xen_timer_callback(struct hrtimer *timer)
{
struct kvm_vcpu *vcpu = container_of(timer, struct kvm_vcpu,
arch.xen.timer);
- struct kvm_xen_evtchn e;
- int rc;
if (atomic_read(&vcpu->arch.xen.timer_pending))
return HRTIMER_NORESTART;
- e.vcpu_id = vcpu->vcpu_id;
- e.vcpu_idx = vcpu->vcpu_idx;
- e.port = vcpu->arch.xen.timer_virq;
- e.priority = KVM_IRQ_ROUTING_XEN_EVTCHN_PRIO_2LEVEL;
-
- rc = kvm_xen_set_evtchn_fast(&e, vcpu->kvm);
- if (rc != -EWOULDBLOCK) {
- vcpu->arch.xen.timer_expires = 0;
- return HRTIMER_NORESTART;
- }
-
atomic_inc(&vcpu->arch.xen.timer_pending);
kvm_make_request(KVM_REQ_UNBLOCK, vcpu);
kvm_vcpu_kick(vcpu);
^ permalink raw reply related [flat|nested] 81+ messages in thread
end of thread, other threads:[~2026-03-15 13:58 UTC | newest]
Thread overview: 81+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-09 4:43 [syzbot] [jfs?] WARNING in jfs_rename syzbot
2025-10-12 16:19 ` Forwarded: syzbot
2025-10-12 17:45 ` Forwarded: syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-12-07 6:24 [syzbot] [block?] kernel BUG in bio_chain syzbot
2025-12-12 12:17 ` Forwarded: syzbot
2025-11-13 4:38 [syzbot] [input?] [usb?] memory leak in dualshock4_get_calibration_data syzbot
2025-11-15 1:12 ` Forwarded: syzbot
2025-11-15 1:44 ` Forwarded: syzbot
2025-11-13 4:26 [syzbot] [kernel?] memory leak in do_timer_create syzbot
2025-11-14 1:20 ` Forwarded: syzbot
2025-11-14 3:54 ` Forwarded: syzbot
2025-11-14 4:17 ` Forwarded: syzbot
2025-11-04 9:17 [syzbot] linux-next build error (24) syzbot
2025-12-17 13:51 ` Forwarded: syzbot
2025-11-02 23:48 [syzbot] [nbd?] KASAN: slab-use-after-free Write in recv_work (3) syzbot
2025-11-05 14:40 ` Forwarded: syzbot
2025-10-29 0:12 [syzbot] [ntfs3?] WARNING in ntfs_fill_super (2) syzbot
2025-11-02 16:40 ` Forwarded: syzbot
2025-11-03 13:28 ` Forwarded: syzbot
2025-10-24 23:10 [syzbot] [jfs?] general protection fault in inode_set_ctime_current syzbot
2025-10-27 23:06 ` Forwarded: syzbot
2025-10-28 17:25 ` Forwarded: syzbot
2025-10-28 18:02 ` Forwarded: Al Viro
2025-10-28 20:53 ` Forwarded: syzbot
2025-10-23 5:35 [syzbot] [hfs?] kernel BUG in hfs_new_inode syzbot
2025-11-02 18:07 ` Forwarded: syzbot
2025-11-02 19:22 ` Forwarded: syzbot
2025-11-03 12:27 ` Forwarded: syzbot
2025-10-17 5:53 [syzbot] [net?] kernel BUG in set_ipsecrequest syzbot
2025-10-20 11:19 ` Forwarded: syzbot
2025-10-05 23:30 [syzbot] [ntfs3?] WARNING in indx_insert_into_buffer (3) syzbot
2025-10-07 21:52 ` Forwarded: syzbot
2025-09-17 22:55 [syzbot] [ntfs3?] KMSAN: uninit-value in ntfs_read_hdr (3) syzbot
2025-10-26 15:54 ` Forwarded: syzbot
2025-09-17 22:54 [syzbot] [bfs?] INFO: task hung in bfs_lookup (6) syzbot
2025-10-20 18:09 ` Forwarded: syzbot
2025-09-03 17:36 [syzbot] [kernel?] KASAN: slab-out-of-bounds Read in change_page_attr_set_clr syzbot
2025-09-29 7:50 ` Forwarded: syzbot
2025-08-16 3:08 [syzbot] [usb?] UBSAN: shift-out-of-bounds in ax88772_bind syzbot
2025-08-17 19:42 ` Forwarded: syzbot
2025-08-16 3:08 [syzbot] [overlayfs?] WARNING in shmem_unlink syzbot
2025-08-17 19:52 ` Forwarded: syzbot
2025-08-13 8:00 [syzbot] [sound?] linux-next test error: general protection fault in snd_seq_oss_midi_check_new_port syzbot
2025-09-01 8:48 ` Forwarded: syzbot
2025-08-07 17:05 [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_dev_up (2) syzbot
2025-09-17 10:45 ` Forwarded: syzbot
2025-08-04 7:18 [syzbot] [bcachefs?] UBSAN: array-index-out-of-bounds in bch2_accounting_validate syzbot
2025-08-04 22:56 ` Forwarded: syzbot
2025-08-01 7:54 [syzbot] [dri?] upstream test error: WARNING in __ww_mutex_wound syzbot
2025-09-01 8:51 ` Forwarded: syzbot
2025-07-31 9:11 [syzbot] [bcachefs?] kernel BUG in bch2_btree_repair_topology_recurse syzbot
2025-08-01 23:03 ` Forwarded: syzbot
2025-07-30 21:21 [syzbot] [bcachefs?] kernel panic: in transaction restart: transaction_restart_relock, last restarted by syzbot
2025-08-03 18:30 ` Forwarded: syzbot
2025-07-17 19:14 [syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea syzbot
2025-07-19 7:57 ` Forwarded: syzbot
2025-07-20 6:54 ` Forwarded: syzbot
2025-07-20 7:29 ` Forwarded: syzbot
2025-07-14 17:53 [syzbot] [gfs2?] UBSAN: shift-out-of-bounds in gfs2_dir_read (2) syzbot
2025-07-15 14:15 ` Forwarded: syzbot
2025-07-15 14:29 ` Forwarded: syzbot
2025-07-16 6:28 ` Forwarded: syzbot
2025-07-14 17:09 [syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work syzbot
2025-07-20 17:34 ` Forwarded: syzbot
2025-07-06 21:30 [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in __bch2_alloc_to_v4 syzbot
2025-07-19 22:04 ` Forwarded: syzbot
2025-07-01 12:30 [syzbot] [fs?] linux-next test error: WARNING: suspicious RCU usage in proc_sys_compare syzbot
2025-09-01 8:49 ` Forwarded: syzbot
2025-06-24 17:02 [syzbot] [fs?] WARNING in minix_rename syzbot
2025-10-13 13:38 ` Forwarded: syzbot
2025-10-14 15:24 ` Forwarded: syzbot
2025-11-02 14:41 ` Forwarded: syzbot
2025-11-02 14:56 ` Forwarded: syzbot
2025-11-02 15:50 ` Forwarded: syzbot
2025-11-02 16:58 ` Forwarded: syzbot
2025-06-10 19:15 [syzbot] [bcachefs?] KASAN: slab-out-of-bounds Read in bch2_sb_members_v1_to_text syzbot
2025-07-20 4:06 ` Forwarded: syzbot
2025-05-31 18:28 [syzbot] [bcachefs?] WARNING in bch2_fs_journal_start syzbot
2025-07-20 17:30 ` Forwarded: syzbot
2025-05-24 1:52 [syzbot] [block?] [bcachefs?] kernel BUG in blk_mq_end_request syzbot
2025-07-20 14:44 ` Forwarded: syzbot
2025-05-12 20:55 [syzbot] [bcachefs?] possible deadlock in __bch2_folio_reservation_get (2) syzbot
2025-07-22 18:22 ` Forwarded: syzbot
2025-05-11 12:57 [syzbot] [bcachefs?] KASAN: use-after-free Read in bch2_checksum syzbot
2025-07-20 14:55 ` Forwarded: syzbot
2025-04-19 8:36 [syzbot] [block?] [bcachefs?] kernel panic: KASAN: panic_on_warn set syzbot
2025-07-22 17:56 ` Forwarded: syzbot
2025-04-16 17:47 [syzbot] [bcachefs?] KMSAN: uninit-value in bch2_alloc_sectors_start_trans (2) syzbot
2025-07-23 10:59 ` Forwarded: syzbot
2025-03-30 8:27 [syzbot] [afs?] WARNING: ODEBUG bug in delete_node (3) syzbot
2025-07-24 15:32 ` Forwarded: syzbot
2025-03-25 5:16 [syzbot] [bcachefs?] INFO: task hung in __bch2_fsck_err syzbot
2025-07-20 14:42 ` Forwarded: syzbot
2025-03-16 18:05 [syzbot] [mm?] [bcachefs?] general protection fault in xas_create syzbot
2025-07-20 4:03 ` Forwarded: syzbot
2025-02-14 19:59 [syzbot] [mm?] [bcachefs?] KASAN: slab-out-of-bounds Read in folio_try_get syzbot
2025-07-20 4:04 ` Forwarded: syzbot
2025-02-12 11:52 [syzbot] [bcachefs?] kernel BUG in bch2_journal_keys_peek_max syzbot
2025-07-21 17:37 ` Forwarded: syzbot
2025-02-06 17:01 [syzbot] [mm?] [bcachefs?] UBSAN: shift-out-of-bounds in xas_reload syzbot
2025-07-20 4:05 ` Forwarded: syzbot
2025-02-04 14:07 [syzbot] [net?] general protection fault in ip6_pol_route (3) syzbot
2025-07-20 4:02 ` Forwarded: syzbot
2025-01-20 2:27 [syzbot] [bcachefs?] possible deadlock in bch2_trans_begin syzbot
2025-07-22 18:23 ` Forwarded: syzbot
2025-01-08 12:17 [syzbot] [fs?] WARNING in minix_rmdir syzbot
2025-10-14 13:36 ` Forwarded: syzbot
2025-11-02 12:47 ` Forwarded: syzbot
2024-11-29 12:12 [syzbot] [bcachefs?] kernel BUG in bch2_btree_path_peek_slot syzbot
2025-07-19 22:03 ` Forwarded: syzbot
2024-11-29 8:43 [syzbot] [bcachefs?] general protection fault in bch2_prt_vprintf syzbot
2025-07-22 16:18 ` Forwarded: syzbot
2024-11-25 13:27 [syzbot] [bcachefs?] KASAN: use-after-free Read in bch2_btree_node_read_done syzbot
2025-07-20 14:54 ` Forwarded: syzbot
2024-11-21 15:03 [syzbot] [kvm?] WARNING: locking bug in kvm_xen_set_evtchn_fast syzbot
2026-03-15 13:58 ` Forwarded: syzbot
2024-09-29 7:31 [syzbot] [bcachefs?] possible deadlock in bch2_symlink syzbot
2025-08-04 23:12 ` Forwarded: syzbot
2024-07-18 1:20 [syzbot] [bcachefs?] BUG: unable to handle kernel paging request in bch2_dirent_to_text syzbot
2025-07-21 17:30 ` Forwarded: syzbot
2024-06-15 9:58 [syzbot] [bcachefs?] INFO: task hung in __bch2_fs_stop syzbot
2025-07-23 1:56 ` Forwarded: syzbot
2024-05-31 8:43 [syzbot] [bcachefs?] INFO: task hung in bch2_copygc_stop syzbot
2025-07-23 1:17 ` Forwarded: syzbot
2024-05-17 3:31 [syzbot] [arm?] [crypto?] [bcachefs?] KASAN: slab-use-after-free Read in neon_poly1305_update syzbot
2025-07-19 22:01 ` Forwarded: syzbot
2024-05-14 10:38 [syzbot] [bcachefs?] WARNING in bch2_printbuf_make_room syzbot
2025-07-19 23:27 ` Forwarded: syzbot
2024-05-13 10:19 [syzbot] BUG: Bad rss-counter state (5) syzbot
2025-07-22 18:31 ` Forwarded: syzbot
2024-05-09 14:45 [syzbot] [gfs2?] WARNING in gfs2_ri_update (2) syzbot
2025-09-18 19:46 ` Forwarded: syzbot
2024-05-04 7:58 [syzbot] [bcachefs?] WARNING in bchfs_truncate syzbot
2025-07-23 1:21 ` Forwarded: syzbot
2024-05-03 17:32 [syzbot] [bcachefs?] INFO: task hung in __closure_sync syzbot
2025-07-23 1:18 ` Forwarded: syzbot
2022-11-25 9:45 [syzbot] kernel BUG in hfs_write_inode syzbot
2026-03-09 23:04 ` Forwarded: syzbot
2021-12-13 7:17 [syzbot] UBSAN: shift-out-of-bounds in minix_statfs syzbot
2025-11-17 18:53 ` Forwarded: syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox