* [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage @ 2023-01-31 10:05 syzbot 2023-01-31 12:14 ` Jan Kara 0 siblings, 1 reply; 3+ messages in thread From: syzbot @ 2023-01-31 10:05 UTC (permalink / raw) To: almaz.alexandrovich, brauner, dchinner, hirofumi, jack, jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3, shaggy, sj1557.seo, syzkaller-bugs, willy Hello, syzbot found the following issue on: HEAD commit: e2f86c02fdc9 Add linux-next specific files for 20230127 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=156b2101480000 kernel config: https://syzkaller.appspot.com/x/.config?x=920c61956db733da dashboard link: https://syzkaller.appspot.com/bug?extid=707bba7f823c7b02fa43 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=118429cd480000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ccb1c1480000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ff04f1611fad/disk-e2f86c02.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/67928a8622d3/vmlinux-e2f86c02.xz kernel image: https://storage.googleapis.com/syzbot-assets/b444a3d78556/bzImage-e2f86c02.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/99c5e7532847/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+707bba7f823c7b02fa43@syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: CPU: 1 PID: 5085 at fs/mpage.c:570 __mpage_writepage+0x138b/0x16f0 fs/mpage.c:570 Modules linked in: CPU: 1 PID: 5085 Comm: syz-executor403 Not tainted 6.2.0-rc5-next-20230127-syzkaller-08766-ge2f86c02fdc9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 RIP: 0010:__mpage_writepage+0x138b/0x16f0 fs/mpage.c:570 Code: 00 00 48 89 ef e8 15 24 df ff 48 8b 44 24 38 f0 80 88 c0 01 00 00 02 48 c7 44 24 10 00 00 00 00 e9 3c f0 ff ff e8 c5 25 90 ff <0f> 0b 48 8b 44 24 08 48 83 c0 10 48 89 44 24 20 e9 78 ef ff ff e8 RSP: 0018:ffffc90003bff4e8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: fffffffffffe2000 RCX: 0000000000000000 RDX: ffff888021b11d40 RSI: ffffffff81f48f5b RDI: 0000000000000006 RBP: 000000000001e000 R08: 0000000000000006 R09: 0000000000000000 R10: 000000000001e000 R11: 0000000000000000 R12: 0000000000000004 R13: ffff88801b930000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f5bbe1fd700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffee627fdc0 CR3: 000000001c713000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> write_cache_pages+0x4cc/0xe70 mm/page-writeback.c:2473 mpage_writepages+0xc6/0x170 fs/mpage.c:652 do_writepages+0x1a8/0x640 mm/page-writeback.c:2551 filemap_fdatawrite_wbc mm/filemap.c:388 [inline] filemap_fdatawrite_wbc+0x147/0x1b0 mm/filemap.c:378 __filemap_fdatawrite_range+0xb8/0xf0 mm/filemap.c:421 file_write_and_wait_range+0xce/0x140 mm/filemap.c:779 hfsplus_file_fsync+0xc3/0x5d0 fs/hfsplus/inode.c:313 vfs_fsync_range+0x13e/0x230 fs/sync.c:188 generic_write_sync include/linux/fs.h:2452 [inline] generic_file_write_iter+0x25a/0x350 mm/filemap.c:3934 call_write_iter include/linux/fs.h:1851 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x9ed/0xe10 fs/read_write.c:584 ksys_write+0x12b/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5bbe258be9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f5bbe1fd2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007f5bbe2d56c0 RCX: 00007f5bbe258be9 RDX: 000000000208e280 RSI: 0000000020001980 RDI: 0000000000000004 RBP: 00007f5bbe2a2640 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5bbe2a22e0 R13: 0030656c69662f2e R14: 0073756c70736668 R15: 00007f5bbe2d56c8 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage 2023-01-31 10:05 [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage syzbot @ 2023-01-31 12:14 ` Jan Kara 2023-01-31 15:06 ` Matthew Wilcox 0 siblings, 1 reply; 3+ messages in thread From: Jan Kara @ 2023-01-31 12:14 UTC (permalink / raw) To: syzbot Cc: almaz.alexandrovich, brauner, dchinner, hirofumi, jack, jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3, shaggy, sj1557.seo, syzkaller-bugs, willy On Tue 31-01-23 02:05:58, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: e2f86c02fdc9 Add linux-next specific files for 20230127 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=156b2101480000 > kernel config: https://syzkaller.appspot.com/x/.config?x=920c61956db733da > dashboard link: https://syzkaller.appspot.com/bug?extid=707bba7f823c7b02fa43 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=118429cd480000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ccb1c1480000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/ff04f1611fad/disk-e2f86c02.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/67928a8622d3/vmlinux-e2f86c02.xz > kernel image: https://storage.googleapis.com/syzbot-assets/b444a3d78556/bzImage-e2f86c02.xz > mounted in repro: https://storage.googleapis.com/syzbot-assets/99c5e7532847/mount_0.gz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+707bba7f823c7b02fa43@syzkaller.appspotmail.com > > ------------[ cut here ]------------ > WARNING: CPU: 1 PID: 5085 at fs/mpage.c:570 __mpage_writepage+0x138b/0x16f0 fs/mpage.c:570 This is the warning Willy has added as part of "mpage: convert __mpage_writepage() to use a folio more fully" and that warning can indeed easily trigger. There's nothing that serializes writeback against racing truncate setting new i_size so it is perfectly normal to see pages beyond EOF in this place. And the traditional response to such pages is "silently do nothing" since they will be soon discarded by truncate_inode_pages(). Honza -- Jan Kara <jack@suse.com> SUSE Labs, CR ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage 2023-01-31 12:14 ` Jan Kara @ 2023-01-31 15:06 ` Matthew Wilcox 0 siblings, 0 replies; 3+ messages in thread From: Matthew Wilcox @ 2023-01-31 15:06 UTC (permalink / raw) To: Jan Kara, Andrew Morton Cc: syzbot, almaz.alexandrovich, brauner, dchinner, hirofumi, jack, jfs-discussion, linkinjeon, linux-fsdevel, linux-kernel, ntfs3, shaggy, sj1557.seo, syzkaller-bugs On Tue, Jan 31, 2023 at 01:14:23PM +0100, Jan Kara wrote: > This is the warning Willy has added as part of "mpage: convert > __mpage_writepage() to use a folio more fully" and that warning can indeed > easily trigger. There's nothing that serializes writeback against racing > truncate setting new i_size so it is perfectly normal to see pages beyond > EOF in this place. And the traditional response to such pages is "silently > do nothing" since they will be soon discarded by truncate_inode_pages(). Absolutely right. Not sure what I was thinking; I may have been confused by the label being called "confused". How about this for Andrew to squash into that commit? diff --git a/fs/mpage.c b/fs/mpage.c index 2efa393f0db7..89bcefb4553a 100644 --- a/fs/mpage.c +++ b/fs/mpage.c @@ -559,6 +559,9 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc, first_unmapped = page_block; page_is_mapped: + /* Don't bother writing beyond EOF, truncate will discard the folio */ + if (folio_pos(folio) >= i_size) + goto confused; length = folio_size(folio); if (folio_pos(folio) + length > i_size) { /* @@ -570,8 +573,6 @@ static int __mpage_writepage(struct folio *folio, struct writeback_control *wbc, * written out to the file." */ length = i_size - folio_pos(folio); - if (WARN_ON_ONCE(folio_pos(folio) >= i_size)) - goto confused; folio_zero_segment(folio, length, folio_size(folio)); } ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-01-31 15:06 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-01-31 10:05 [syzbot] [hfsplus?] [udf?] [fat?] [jfs?] [vfs?] [hfs?] [exfat?] [ntfs3?] WARNING in __mpage_writepage syzbot 2023-01-31 12:14 ` Jan Kara 2023-01-31 15:06 ` Matthew Wilcox
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).