Hi Dongliang,
On 3/9/22 11:30, Dongliang Mu wrote:
Now I am checking the log and trying to find error injection in the
log file, as said by Pavel.
Attached is the report and log file.
@Pavel Skripkin I don't find any useful error injection in the log file.
In case I made some mistakes, I will clean up my local crash reports,
update to the latest upstream kernel and restart the syzkaller. Let's
see if the crash still occurs.
The execution path is clear from the logs. Quick grep for nilfs shows
these lines
[ 886.701044][T25972] NILFS (loop2): broken superblock, retrying with
spare superblock (blocksize = 1024)
[ 886.703251][T25972] NILFS (loop2): broken superblock, retrying with
spare superblock (blocksize = 4096)
[ 886.706454][T25972] NILFS (loop2): error -4 creating segctord thread
So here is calltrace:
nilfs_fill_super
nilfs_attach_log_writer
nilfs_segctor_start_thread <- failed
In case of nilfs_attach_log_writer() error code jumps to
failed_checkpoint label and calls destroy_nilfs() which should call
nilfs_sysfs_delete_device_group().
So I can really see how this leak is possible on top of current Linus' HEAD.
Also in the log there are onlyh 4 syz_mount_image$nilfs2 programs, so
only one of them may be a reproducer. If you have spare time you can try
to execute them using syz-execprog and see if it works :))
With regards,
Pavel Skripkin