[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKFNMokpj+TkVwrYZ=mYmHKxx4eaKDEUyy_y+zqC+z0o2UmgBQ@mail.gmail.com>
Date: Sat, 29 Jun 2024 16:30:53 +0900
From: Ryusuke Konishi <konishi.ryusuke@...il.com>
To: syzbot <syzbot+026119922c20a8915631@...kaller.appspotmail.com>
Cc: linux-nilfs@...r.kernel.org, syzkaller-bugs@...glegroups.com,
brauner@...nel.org, clm@...com, dsterba@...e.com, jack@...e.cz,
josef@...icpanda.com, linux-btrfs@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
viro@...iv.linux.org.uk
Subject: Re: [syzbot] [nilfs?] [btrfs?] WARNING in filemap_unaccount_folio
On Wed, May 22, 2024 at 11:55 AM syzbot
<syzbot+026119922c20a8915631@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: b6394d6f7159 Merge tag 'pull-misc' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=142a7cb2980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=713476114e57eef3
> dashboard link: https://syzkaller.appspot.com/bug?extid=026119922c20a8915631
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d43f84980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11d4fadc980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/e8e1377d4772/disk-b6394d6f.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/19fbbb3b6dd5/vmlinux-b6394d6f.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/4dcce16af95d/bzImage-b6394d6f.xz
> mounted in repro #1: https://storage.googleapis.com/syzbot-assets/e197bb1019a1/mount_0.gz
> mounted in repro #2: https://storage.googleapis.com/syzbot-assets/1c62d475ecf4/mount_2.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+026119922c20a8915631@...kaller.appspotmail.com
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5096 at mm/filemap.c:217 filemap_unaccount_folio+0x6be/0xe40 mm/filemap.c:216
> Modules linked in:
> CPU: 1 PID: 5096 Comm: syz-executor306 Not tainted 6.9.0-syzkaller-10729-gb6394d6f7159 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
> RIP: 0010:filemap_unaccount_folio+0x6be/0xe40 mm/filemap.c:216
> Code: 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85 e5 00 00 00 8b 6d 00 ff c5 e9 45 fa ff ff e8 c3 66 ca ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 74 0a 48 8b
> RSP: 0018:ffffc9000382f1f8 EFLAGS: 00010093
> RAX: ffffffff81cbd3ad RBX: ffff888079ef0380 RCX: ffff88802d4f5a00
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
> RBP: 0000000000000003 R08: ffffffff81cbd2c9 R09: 1ffffd40000c1ec8
> R10: dffffc0000000000 R11: fffff940000c1ec9 R12: 1ffffd40000c1ec8
> R13: ffffea000060f640 R14: 1ffff1100f3de070 R15: ffffea000060f648
> FS: 00007f13ab0c76c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000002ca92000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> delete_from_page_cache_batch+0x173/0xc70 mm/filemap.c:341
> truncate_inode_pages_range+0x364/0xfc0 mm/truncate.c:359
> truncate_inode_pages mm/truncate.c:439 [inline]
> truncate_pagecache mm/truncate.c:732 [inline]
> truncate_setsize+0xcf/0xf0 mm/truncate.c:757
> simple_setattr+0xbe/0x110 fs/libfs.c:886
> notify_change+0xbb4/0xe70 fs/attr.c:499
> do_truncate+0x220/0x310 fs/open.c:65
> handle_truncate fs/namei.c:3308 [inline]
> do_open fs/namei.c:3654 [inline]
> path_openat+0x2a3d/0x3280 fs/namei.c:3807
> do_filp_open+0x235/0x490 fs/namei.c:3834
> do_sys_openat2+0x13e/0x1d0 fs/open.c:1405
> do_sys_open fs/open.c:1420 [inline]
> __do_sys_creat fs/open.c:1496 [inline]
> __se_sys_creat fs/open.c:1490 [inline]
> __x64_sys_creat+0x123/0x170 fs/open.c:1490
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f13ab131c99
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007f13ab0c7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
> RAX: ffffffffffffffda RBX: 00007f13ab1bf6d8 RCX: 00007f13ab131c99
> RDX: 00007f13ab131c99 RSI: 0000000000000000 RDI: 00000000200001c0
> RBP: 00007f13ab1bf6d0 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13ab18c160
> R13: 000000000000006e R14: 0030656c69662f2e R15: 00007f13ab186bc0
> </TASK>
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
>
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
>
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
>
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
>
> If you want to undo deduplication, reply with:
> #syz undup
#syz fix: nilfs2: add missing check for inode numbers on directory entries
I have confirmed that this issue will be fixed by the above commit,
which is in the process of being sent upstream.
This was one of the issues caused by an internal inode being exposed
in the namespace in a corrupted filesystem image.
Ryusuke Konishi
Powered by blists - more mailing lists