lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 29 Jun 2024 16:30:53 +0900
From: Ryusuke Konishi <konishi.ryusuke@...il.com>
To: syzbot <syzbot+026119922c20a8915631@...kaller.appspotmail.com>
Cc: linux-nilfs@...r.kernel.org, syzkaller-bugs@...glegroups.com, 
	brauner@...nel.org, clm@...com, dsterba@...e.com, jack@...e.cz, 
	josef@...icpanda.com, linux-btrfs@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	viro@...iv.linux.org.uk
Subject: Re: [syzbot] [nilfs?] [btrfs?] WARNING in filemap_unaccount_folio

On Wed, May 22, 2024 at 11:55 AM syzbot
<syzbot+026119922c20a8915631@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    b6394d6f7159 Merge tag 'pull-misc' of git://git.kernel.org..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=142a7cb2980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=713476114e57eef3
> dashboard link: https://syzkaller.appspot.com/bug?extid=026119922c20a8915631
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14d43f84980000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11d4fadc980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/e8e1377d4772/disk-b6394d6f.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/19fbbb3b6dd5/vmlinux-b6394d6f.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/4dcce16af95d/bzImage-b6394d6f.xz
> mounted in repro #1: https://storage.googleapis.com/syzbot-assets/e197bb1019a1/mount_0.gz
> mounted in repro #2: https://storage.googleapis.com/syzbot-assets/1c62d475ecf4/mount_2.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+026119922c20a8915631@...kaller.appspotmail.com
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5096 at mm/filemap.c:217 filemap_unaccount_folio+0x6be/0xe40 mm/filemap.c:216
> Modules linked in:
> CPU: 1 PID: 5096 Comm: syz-executor306 Not tainted 6.9.0-syzkaller-10729-gb6394d6f7159 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
> RIP: 0010:filemap_unaccount_folio+0x6be/0xe40 mm/filemap.c:216
> Code: 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 e5 00 00 00 8b 6d 00 ff c5 e9 45 fa ff ff e8 c3 66 ca ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 74 0a 48 8b
> RSP: 0018:ffffc9000382f1f8 EFLAGS: 00010093
> RAX: ffffffff81cbd3ad RBX: ffff888079ef0380 RCX: ffff88802d4f5a00
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
> RBP: 0000000000000003 R08: ffffffff81cbd2c9 R09: 1ffffd40000c1ec8
> R10: dffffc0000000000 R11: fffff940000c1ec9 R12: 1ffffd40000c1ec8
> R13: ffffea000060f640 R14: 1ffff1100f3de070 R15: ffffea000060f648
> FS:  00007f13ab0c76c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000002ca92000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <TASK>
>  delete_from_page_cache_batch+0x173/0xc70 mm/filemap.c:341
>  truncate_inode_pages_range+0x364/0xfc0 mm/truncate.c:359
>  truncate_inode_pages mm/truncate.c:439 [inline]
>  truncate_pagecache mm/truncate.c:732 [inline]
>  truncate_setsize+0xcf/0xf0 mm/truncate.c:757
>  simple_setattr+0xbe/0x110 fs/libfs.c:886
>  notify_change+0xbb4/0xe70 fs/attr.c:499
>  do_truncate+0x220/0x310 fs/open.c:65
>  handle_truncate fs/namei.c:3308 [inline]
>  do_open fs/namei.c:3654 [inline]
>  path_openat+0x2a3d/0x3280 fs/namei.c:3807
>  do_filp_open+0x235/0x490 fs/namei.c:3834
>  do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
>  do_sys_open fs/open.c:1420 [inline]
>  __do_sys_creat fs/open.c:1496 [inline]
>  __se_sys_creat fs/open.c:1490 [inline]
>  __x64_sys_creat+0x123/0x170 fs/open.c:1490
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f13ab131c99
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007f13ab0c7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
> RAX: ffffffffffffffda RBX: 00007f13ab1bf6d8 RCX: 00007f13ab131c99
> RDX: 00007f13ab131c99 RSI: 0000000000000000 RDI: 00000000200001c0
> RBP: 00007f13ab1bf6d0 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13ab18c160
> R13: 000000000000006e R14: 0030656c69662f2e R15: 00007f13ab186bc0
>  </TASK>
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup

#syz fix: nilfs2: add missing check for inode numbers on directory entries

I have confirmed that this issue will be fixed by the above commit,
which is in the process of being sent upstream.

This was one of the issues caused by an internal inode being exposed
in the namespace in a corrupted filesystem image.

Ryusuke Konishi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ