All of lore.kernel.org
 help / color / mirror / Atom feed
* [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage
@ 2023-01-31 10:05 syzbot
  2023-01-31 12:14 ` Jan Kara
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2023-01-31 10:05 UTC (permalink / raw)
  To: almaz.alexandrovich, brauner, dchinner, hirofumi, jack,
	jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3,
	shaggy, sj1557.seo, syzkaller-bugs, willy

Hello,

syzbot found the following issue on:

HEAD commit:    e2f86c02fdc9 Add linux-next specific files for 20230127
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=156b2101480000
kernel config:  https://syzkaller.appspot.com/x/.config?x=920c61956db733da
dashboard link: https://syzkaller.appspot.com/bug?extid=707bba7f823c7b02fa43
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=118429cd480000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12ccb1c1480000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ff04f1611fad/disk-e2f86c02.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/67928a8622d3/vmlinux-e2f86c02.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b444a3d78556/bzImage-e2f86c02.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/99c5e7532847/mount_0.gz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+707bba7f823c7b02fa43@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 5085 at fs/mpage.c:570 __mpage_writepage+0x138b/0x16f0 fs/mpage.c:570
Modules linked in:
CPU: 1 PID: 5085 Comm: syz-executor403 Not tainted 6.2.0-rc5-next-20230127-syzkaller-08766-ge2f86c02fdc9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
RIP: 0010:__mpage_writepage+0x138b/0x16f0 fs/mpage.c:570
Code: 00 00 48 89 ef e8 15 24 df ff 48 8b 44 24 38 f0 80 88 c0 01 00 00 02 48 c7 44 24 10 00 00 00 00 e9 3c f0 ff ff e8 c5 25 90 ff <0f> 0b 48 8b 44 24 08 48 83 c0 10 48 89 44 24 20 e9 78 ef ff ff e8
RSP: 0018:ffffc90003bff4e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: fffffffffffe2000 RCX: 0000000000000000
RDX: ffff888021b11d40 RSI: ffffffff81f48f5b RDI: 0000000000000006
RBP: 000000000001e000 R08: 0000000000000006 R09: 0000000000000000
R10: 000000000001e000 R11: 0000000000000000 R12: 0000000000000004
R13: ffff88801b930000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f5bbe1fd700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee627fdc0 CR3: 000000001c713000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_cache_pages+0x4cc/0xe70 mm/page-writeback.c:2473
 mpage_writepages+0xc6/0x170 fs/mpage.c:652
 do_writepages+0x1a8/0x640 mm/page-writeback.c:2551
 filemap_fdatawrite_wbc mm/filemap.c:388 [inline]
 filemap_fdatawrite_wbc+0x147/0x1b0 mm/filemap.c:378
 __filemap_fdatawrite_range+0xb8/0xf0 mm/filemap.c:421
 file_write_and_wait_range+0xce/0x140 mm/filemap.c:779
 hfsplus_file_fsync+0xc3/0x5d0 fs/hfsplus/inode.c:313
 vfs_fsync_range+0x13e/0x230 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2452 [inline]
 generic_file_write_iter+0x25a/0x350 mm/filemap.c:3934
 call_write_iter include/linux/fs.h:1851 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x9ed/0xe10 fs/read_write.c:584
 ksys_write+0x12b/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5bbe258be9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f5bbe1fd2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f5bbe2d56c0 RCX: 00007f5bbe258be9
RDX: 000000000208e280 RSI: 0000000020001980 RDI: 0000000000000004
RBP: 00007f5bbe2a2640 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bbe2a22e0
R13: 0030656c69662f2e R14: 0073756c70736668 R15: 00007f5bbe2d56c8
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage
  2023-01-31 10:05 [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage syzbot
@ 2023-01-31 12:14 ` Jan Kara
  2023-01-31 15:06   ` Matthew Wilcox
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Kara @ 2023-01-31 12:14 UTC (permalink / raw)
  To: syzbot
  Cc: almaz.alexandrovich, brauner, dchinner, hirofumi, jack,
	jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3,
	shaggy, sj1557.seo, syzkaller-bugs, willy

On Tue 31-01-23 02:05:58, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    e2f86c02fdc9 Add linux-next specific files for 20230127
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=156b2101480000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=920c61956db733da
> dashboard link: https://syzkaller.appspot.com/bug?extid=707bba7f823c7b02fa43
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=118429cd480000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12ccb1c1480000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ff04f1611fad/disk-e2f86c02.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/67928a8622d3/vmlinux-e2f86c02.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/b444a3d78556/bzImage-e2f86c02.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/99c5e7532847/mount_0.gz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+707bba7f823c7b02fa43@syzkaller.appspotmail.com
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5085 at fs/mpage.c:570 __mpage_writepage+0x138b/0x16f0 fs/mpage.c:570

This is the warning Willy has added as part of "mpage: convert
__mpage_writepage() to use a folio more fully" and that warning can indeed
easily trigger. There's nothing that serializes writeback against racing
truncate setting new i_size so it is perfectly normal to see pages beyond
EOF in this place. And the traditional response to such pages is "silently
do nothing" since they will be soon discarded by truncate_inode_pages().

								Honza

-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage
  2023-01-31 12:14 ` Jan Kara
@ 2023-01-31 15:06   ` Matthew Wilcox
  0 siblings, 0 replies; 3+ messages in thread
From: Matthew Wilcox @ 2023-01-31 15:06 UTC (permalink / raw)
  To: Jan Kara, Andrew Morton
  Cc: syzbot, almaz.alexandrovich, brauner, dchinner, hirofumi, jack,
	jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3,
	shaggy, sj1557.seo, syzkaller-bugs

On Tue, Jan 31, 2023 at 01:14:23PM +0100, Jan Kara wrote:
> This is the warning Willy has added as part of "mpage: convert
> __mpage_writepage() to use a folio more fully" and that warning can indeed
> easily trigger. There's nothing that serializes writeback against racing
> truncate setting new i_size so it is perfectly normal to see pages beyond
> EOF in this place. And the traditional response to such pages is "silently
> do nothing" since they will be soon discarded by truncate_inode_pages().

Absolutely right.  Not sure what I was thinking; I may have been
confused by the label being called "confused".  How about this for
Andrew to squash into that commit?

diff --git a/fs/mpage.c b/fs/mpage.c
index 2efa393f0db7..89bcefb4553a 100644
--- a/fs/mpage.c
+++ b/fs/mpage.c
@@ -559,6 +559,9 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc,
 	first_unmapped = page_block;
 
 page_is_mapped:
+	/* Don't bother writing beyond EOF, truncate will discard the folio */
+	if (folio_pos(folio) >= i_size)
+		goto confused;
 	length = folio_size(folio);
 	if (folio_pos(folio) + length > i_size) {
 		/*
@@ -570,8 +573,6 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc,
 		 * written out to the file."
 		 */
 		length = i_size - folio_pos(folio);
-		if (WARN_ON_ONCE(folio_pos(folio) >= i_size))
-			goto confused;
 		folio_zero_segment(folio, length, folio_size(folio));
 	}
 

^ permalink raw reply related	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-31 15:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-31 10:05 [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage syzbot
2023-01-31 12:14 ` Jan Kara
2023-01-31 15:06   ` Matthew Wilcox

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.