[syzbot] WARNING in inc_nlink (2)

[syzbot] WARNING in inc_nlink (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    57fbdb15 Merge tag 'scsi-fixes' of git://git.kernel.org/pu..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11e2ccfcd00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=71a75beb62b62a34
dashboard link: https://syzkaller.appspot.com/bug?extid=1c8034b9f0e640f9ba45
compiler:       Debian clang version 11.0.1-2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11bfd511d00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17ff8c5ed00000

Bisection is inconclusive: the issue happens on the oldest tested release.

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=12b82fbed00000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=11b82fbed00000
console output: https://syzkaller.appspot.com/x/log.txt?x=16b82fbed00000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1c8034b9f0e640f9ba45@syzkaller.appspotmail.com

loop0: detected capacity change from 0 to 4
VFS: Found a V7 FS (block size = 512) on device loop0
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8352 at fs/inode.c:362 inc_nlink+0x11e/0x130 fs/inode.c:362
Modules linked in:
CPU: 1 PID: 8352 Comm: syz-executor549 Not tainted 5.12.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:inc_nlink+0x11e/0x130 fs/inode.c:362
Code: ef ff e9 38 ff ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 49 ff ff ff 4c 89 ef e8 fc 3f ef ff e9 3c ff ff ff e8 42 59 ab ff <0f> 0b eb 80 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 57 41 56
RSP: 0018:ffffc9000178fdf8 EFLAGS: 00010293
RAX: ffffffff81cdbf6e RBX: 1ffff110064a6810 RCX: ffff888015279c40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81cdbee8 R09: ffffc9000178fdc8
R10: fffff520002f1fbd R11: 0000000000000000 R12: dffffc0000000000
R13: ffff888032534080 R14: ffff888032534038 R15: 0000000000000000
FS:  0000000000ba9300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb76c03c0e8 CR3: 0000000011cf3000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 inode_inc_link_count include/linux/fs.h:2297 [inline]
 sysv_mkdir+0x1d/0x120 fs/sysv/namei.c:119
 vfs_mkdir+0x45b/0x640 fs/namei.c:3817
 do_mkdirat+0x209/0x370 fs/namei.c:3842
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x443c29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff53c97208 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443c29
RDX: 00000000004021f3 RSI: 0000000000000023 RDI: 0000000020000080
RBP: 00000000004034c0 R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff53c970d0 R11: 0000000000000246 R12: 0000000000403550
R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Re: [syzbot] WARNING in inc_nlink (2)

[syzbot]

syzbot suspects this issue was fixed by commit:

commit 97f044f690bac2b094bfb7fb2d177ef946c85880
Author: Miklos Szeredi <mszeredi@redhat.com>
Date:   Fri Oct 22 15:03:02 2021 +0000

    fuse: don't increment nlink in link()

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10563ac9b00000
start commit:   1da38549dd64 Merge tag 'nfsd-5.15-3' of git://git.kernel.o..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=e2ffb281e6323643
dashboard link: https://syzkaller.appspot.com/bug?extid=1c8034b9f0e640f9ba45
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11f16d57300000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15758d57300000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: fuse: don't increment nlink in link()

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: [syzbot] WARNING in inc_nlink (2)

[Miklos Szeredi]

On Wed, 17 Nov 2021 at 06:32, syzbot
<syzbot+1c8034b9f0e640f9ba45@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this issue was fixed by commit:
>
> commit 97f044f690bac2b094bfb7fb2d177ef946c85880
> Author: Miklos Szeredi <mszeredi@redhat.com>
> Date:   Fri Oct 22 15:03:02 2021 +0000
>
>     fuse: don't increment nlink in link()
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10563ac9b00000
> start commit:   1da38549dd64 Merge tag 'nfsd-5.15-3' of git://git.kernel.o..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=e2ffb281e6323643
> dashboard link: https://syzkaller.appspot.com/bug?extid=1c8034b9f0e640f9ba45
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11f16d57300000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15758d57300000
>
> If the result looks correct, please mark the issue as fixed by replying with:

Highly unlikely: the original report was for sysvfs and the fix is for fuse.

Thanks,
Miklos

Re: [syzbot] WARNING in inc_nlink (2)

[Dmitry Vyukov]

On Wed, 17 Nov 2021 at 08:25, Miklos Szeredi <miklos@szeredi.hu> wrote:
>
> On Wed, 17 Nov 2021 at 06:32, syzbot
> <syzbot+1c8034b9f0e640f9ba45@syzkaller.appspotmail.com> wrote:
> >
> > syzbot suspects this issue was fixed by commit:
> >
> > commit 97f044f690bac2b094bfb7fb2d177ef946c85880
> > Author: Miklos Szeredi <mszeredi@redhat.com>
> > Date:   Fri Oct 22 15:03:02 2021 +0000
> >
> >     fuse: don't increment nlink in link()
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10563ac9b00000
> > start commit:   1da38549dd64 Merge tag 'nfsd-5.15-3' of git://git.kernel.o..
> > git tree:       upstream
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=e2ffb281e6323643
> > dashboard link: https://syzkaller.appspot.com/bug?extid=1c8034b9f0e640f9ba45
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11f16d57300000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15758d57300000
> >
> > If the result looks correct, please mark the issue as fixed by replying with:
>
> Highly unlikely: the original report was for sysvfs and the fix is for fuse.

Hi Miklos,

The fuse bug was folded into this report (on the dashboard you can see
examples of reports in fuse).
This is unavoidable for bugs that are left unaddressed for long. They
become piles of assorted stuff.

Now the best course of action is to mark it as fixed. Or we will
exacerbate the problem even more: it will be a bug about sysvfs, this
fuse bug, and the next similar bug in fuse and bugs in other file
systems.

#syz fix: fuse: don't increment nlink in link()