* [syzbot] kernel BUG in ext4_ind_remove_space @ 2022-02-14 1:58 syzbot 2022-03-15 15:14 ` syzbot 2022-05-09 16:41 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot 0 siblings, 2 replies; 9+ messages in thread From: syzbot @ 2022-02-14 1:58 UTC (permalink / raw) To: adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs, tytso Hello, syzbot found the following issue on: HEAD commit: ef6b35306dd8 Add linux-next specific files for 20220204 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1602d71c700000 kernel config: https://syzkaller.appspot.com/x/.config?x=e0431e0b00810b4f dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d31674700000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+fcc629d1a1ae8d3fe8a5@syzkaller.appspotmail.com EXT4-fs warning (device sda1): ext4_block_to_path:105: block 1074791436 > max in inode 1187 ------------[ cut here ]------------ kernel BUG at fs/ext4/indirect.c:1244! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 3853 Comm: syz-executor.0 Not tainted 5.17.0-rc2-next-20220204-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 6c bb ff ff e9 02 f6 ff ff e8 12 c3 5f ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 01 c3 5f ff 48 8b 7c 24 10 RSP: 0018:ffffc90003647ab8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff88807acdba80 RSI: ffffffff8218e5de RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: ffffffff8218d85a R11: 0000000000000000 R12: 0000000000001000 R13: ffffc90003647b68 R14: ffffc90003647b88 R15: ffff88806ccc2a80 FS: 00007f2b2de3d700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2961b6f090 CR3: 000000006d02e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ext4_punch_hole+0xf3e/0x1110 fs/ext4/inode.c:4044 ext4_fallocate+0x1194/0x3ed0 fs/ext4/extents.c:4694 vfs_fallocate+0x48d/0xe10 fs/open.c:310 ksys_fallocate fs/open.c:333 [inline] __do_sys_fallocate fs/open.c:341 [inline] __se_sys_fallocate fs/open.c:339 [inline] __x64_sys_fallocate+0xcf/0x140 fs/open.c:339 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f2b2e6c8059 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2b2de3d168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 00007f2b2e7daf60 RCX: 00007f2b2e6c8059 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005 RBP: 00007f2b2e72208d R08: 0000000000000000 R09: 0000000000000000 R10: 00000ffeffeff000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffcd330bbaf R14: 00007f2b2de3d300 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 6c bb ff ff e9 02 f6 ff ff e8 12 c3 5f ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 01 c3 5f ff 48 8b 7c 24 10 RSP: 0018:ffffc90003647ab8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff88807acdba80 RSI: ffffffff8218e5de RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: ffffffff8218d85a R11: 0000000000000000 R12: 0000000000001000 R13: ffffc90003647b68 R14: ffffc90003647b88 R15: ffff88806ccc2a80 FS: 00007f2b2de3d700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020200000 CR3: 000000006d02e000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] kernel BUG in ext4_ind_remove_space 2022-02-14 1:58 [syzbot] kernel BUG in ext4_ind_remove_space syzbot @ 2022-03-15 15:14 ` syzbot 2022-03-15 19:21 ` Tadeusz Struk 2022-03-15 21:38 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Tadeusz Struk 2022-05-09 16:41 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot 1 sibling, 2 replies; 9+ messages in thread From: syzbot @ 2022-03-15 15:14 UTC (permalink / raw) To: adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs, tytso syzbot has found a reproducer for the following issue on: HEAD commit: 09688c0166e7 Linux 5.17-rc8 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11a8bd61700000 kernel config: https://syzkaller.appspot.com/x/.config?x=d35f9bc6884af6c9 dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1205b189700000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dda4fe700000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+fcc629d1a1ae8d3fe8a5@syzkaller.appspotmail.com EXT4-fs warning (device sda1): ext4_block_to_path:105: block 1074791436 > max in inode 1137 ------------[ cut here ]------------ kernel BUG at fs/ext4/indirect.c:1244! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 3590 Comm: syz-executor391 Not tainted 5.17.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 3c bb ff ff e9 02 f6 ff ff e8 c2 26 66 ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 b1 26 66 ff 48 8b 7c 24 10 RSP: 0018:ffffc90001adfab8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff888021523a00 RSI: ffffffff8212996e RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: ffffffff82128bea R11: 0000000000000000 R12: 0000000000001000 R13: ffffc90001adfb68 R14: ffffc90001adfb88 R15: ffff8880751fa088 FS: 00007f69922ff700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000021605000 CR4: 0000000000350ef0 Call Trace: <TASK> ext4_punch_hole+0xfe8/0x11d0 fs/ext4/inode.c:4044 ext4_fallocate+0x1194/0x3ed0 fs/ext4/extents.c:4694 vfs_fallocate+0x48d/0xe10 fs/open.c:308 ksys_fallocate fs/open.c:331 [inline] __do_sys_fallocate fs/open.c:339 [inline] __se_sys_fallocate fs/open.c:337 [inline] __x64_sys_fallocate+0xcf/0x140 fs/open.c:337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f699234cdf9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f69922ff308 EFLAGS: 00000246 ORIG_RAX: 000000000000011d RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00007f699234cdf9 RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005 RBP: 00007f69923d5408 R08: 0000000000000000 R09: 0000000000000000 R10: 00000ffeffeff000 R11: 0000000000000246 R12: 00000ffeffeff000 R13: 00007f69923d5400 R14: 00007f69923a3004 R15: 0000000000022000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 3c bb ff ff e9 02 f6 ff ff e8 c2 26 66 ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 b1 26 66 ff 48 8b 7c 24 10 RSP: 0018:ffffc90001adfab8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: ffff888021523a00 RSI: ffffffff8212996e RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: ffffffff82128bea R11: 0000000000000000 R12: 0000000000001000 R13: ffffc90001adfb68 R14: ffffc90001adfb88 R15: ffff8880751fa088 FS: 00007f69922ff700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000021605000 CR4: 0000000000350ef0 ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] kernel BUG in ext4_ind_remove_space 2022-03-15 15:14 ` syzbot @ 2022-03-15 19:21 ` Tadeusz Struk 2022-03-15 20:22 ` syzbot 2022-03-15 21:38 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Tadeusz Struk 1 sibling, 1 reply; 9+ messages in thread From: Tadeusz Struk @ 2022-03-15 19:21 UTC (permalink / raw) To: syzbot, linux-ext4, linux-kernel, syzkaller-bugs; +Cc: tytso, adilger.kernel On 3/15/22 08:14, syzbot wrote: > syzbot has found a reproducer for the following issue on: > > HEAD commit: 09688c0166e7 Linux 5.17-rc8 > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=11a8bd61700000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d35f9bc6884af6c9 > dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1205b189700000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dda4fe700000 > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+fcc629d1a1ae8d3fe8a5@syzkaller.appspotmail.com > > EXT4-fs warning (device sda1): ext4_block_to_path:105: block 1074791436 > max in inode 1137 > ------------[ cut here ]------------ > kernel BUG at fs/ext4/indirect.c:1244! > invalid opcode: 0000 [#1] PREEMPT SMP KASAN > CPU: 0 PID: 3590 Comm: syz-executor391 Not tainted 5.17.0-rc8-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 > Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 3c bb ff ff e9 02 f6 ff ff e8 c2 26 66 ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 b1 26 66 ff 48 8b 7c 24 10 > RSP: 0018:ffffc90001adfab8 EFLAGS: 00010293 > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 > RDX: ffff888021523a00 RSI: ffffffff8212996e RDI: 0000000000000003 > RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 > R10: ffffffff82128bea R11: 0000000000000000 R12: 0000000000001000 > R13: ffffc90001adfb68 R14: ffffc90001adfb88 R15: ffff8880751fa088 > FS: 00007f69922ff700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000020000080 CR3: 0000000021605000 CR4: 0000000000350ef0 > Call Trace: > <TASK> > ext4_punch_hole+0xfe8/0x11d0 fs/ext4/inode.c:4044 > ext4_fallocate+0x1194/0x3ed0 fs/ext4/extents.c:4694 > vfs_fallocate+0x48d/0xe10 fs/open.c:308 > ksys_fallocate fs/open.c:331 [inline] > __do_sys_fallocate fs/open.c:339 [inline] > __se_sys_fallocate fs/open.c:337 [inline] > __x64_sys_fallocate+0xcf/0x140 fs/open.c:337 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x44/0xae > RIP: 0033:0x7f699234cdf9 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007f69922ff308 EFLAGS: 00000246 ORIG_RAX: 000000000000011d > RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00007f699234cdf9 > RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005 > RBP: 00007f69923d5408 R08: 0000000000000000 R09: 0000000000000000 > R10: 00000ffeffeff000 R11: 0000000000000246 R12: 00000ffeffeff000 > R13: 00007f69923d5400 R14: 00007f69923a3004 R15: 0000000000022000 > </TASK> > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:ext4_ind_remove_space+0xfde/0x1400 fs/ext4/indirect.c:1244 > Code: 00 0f 85 36 03 00 00 48 8b 0b 4c 89 fe 44 8b 4c 24 20 48 8b 7c 24 10 48 83 c1 04 e8 3c bb ff ff e9 02 f6 ff ff e8 c2 26 66 ff <0f> 0b 4c 8b 7c 24 50 e9 8e f9 ff ff e8 b1 26 66 ff 48 8b 7c 24 10 > RSP: 0018:ffffc90001adfab8 EFLAGS: 00010293 > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 > RDX: ffff888021523a00 RSI: ffffffff8212996e RDI: 0000000000000003 > RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 > R10: ffffffff82128bea R11: 0000000000000000 R12: 0000000000001000 > R13: ffffc90001adfb68 R14: ffffc90001adfb88 R15: ffff8880751fa088 > FS: 00007f69922ff700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000020000080 CR3: 0000000021605000 CR4: 0000000000350ef0 > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master =========================== diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 01c9e4f743ba..dd9c35113efe 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) struct super_block *sb = inode->i_sb; ext4_lblk_t first_block, stop_block; struct address_space *mapping = inode->i_mapping; - loff_t first_block_offset, last_block_offset; + loff_t first_block_offset, last_block_offset, max_length; + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); handle_t *handle; unsigned int credits; int ret = 0, ret2 = 0; @@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) offset; } + /* + * For punch hole the length + offset needs to be at least within + * one block before last + */ + max_length = sbi->s_bitmap_maxbytes - sbi->s_blocksize; + if (offset + length >= max_length) { + ret = -ENOSPC; + goto out_mutex; + } + if (offset & (sb->s_blocksize - 1) || (offset + length) & (sb->s_blocksize - 1)) { /* -- Thanks, Tadeusz ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [syzbot] kernel BUG in ext4_ind_remove_space 2022-03-15 19:21 ` Tadeusz Struk @ 2022-03-15 20:22 ` syzbot 0 siblings, 0 replies; 9+ messages in thread From: syzbot @ 2022-03-15 20:22 UTC (permalink / raw) To: adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs, tadeusz.struk, tytso Hello, syzbot tried to test the proposed patch but the build/boot failed: failed to apply patch: checking file fs/ext4/inode.c patch: **** unexpected end of file in patch Tested on: commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio.. git tree: upstream dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 compiler: patch: https://syzkaller.appspot.com/x/patch.diff?x=14bf8361700000 ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2] ext4: check if offset+length is within valid fallocate 2022-03-15 15:14 ` syzbot 2022-03-15 19:21 ` Tadeusz Struk @ 2022-03-15 21:38 ` Tadeusz Struk 2022-03-15 21:48 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot 2022-04-28 14:02 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Jan Kara 1 sibling, 2 replies; 9+ messages in thread From: Tadeusz Struk @ 2022-03-15 21:38 UTC (permalink / raw) To: syzbot+fcc629d1a1ae8d3fe8a5 Cc: syzkaller-bugs, adilger.kernel, linux-ext4, tytso, Tadeusz Struk #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master ============================================== diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 01c9e4f743ba..355384007d11 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) struct super_block *sb = inode->i_sb; ext4_lblk_t first_block, stop_block; struct address_space *mapping = inode->i_mapping; - loff_t first_block_offset, last_block_offset; + loff_t first_block_offset, last_block_offset, max_length; + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); handle_t *handle; unsigned int credits; int ret = 0, ret2 = 0; @@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) offset; } + /* + * For punch hole the length + offset needs to be at least within + * one block before last + */ + max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; + if (offset + length >= max_length) { + ret = -ENOSPC; + goto out_mutex; + } + if (offset & (sb->s_blocksize - 1) || (offset + length) & (sb->s_blocksize - 1)) { /* -- 2.35.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [syzbot] kernel BUG in ext4_ind_remove_space 2022-03-15 21:38 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Tadeusz Struk @ 2022-03-15 21:48 ` syzbot 2022-04-28 14:02 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Jan Kara 1 sibling, 0 replies; 9+ messages in thread From: syzbot @ 2022-03-15 21:48 UTC (permalink / raw) To: adilger.kernel, linux-ext4, syzkaller-bugs, tadeusz.struk, tytso Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+fcc629d1a1ae8d3fe8a5@syzkaller.appspotmail.com Tested on: commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d35f9bc6884af6c9 dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=1131f2c5700000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] ext4: check if offset+length is within valid fallocate 2022-03-15 21:38 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Tadeusz Struk 2022-03-15 21:48 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot @ 2022-04-28 14:02 ` Jan Kara 2022-05-04 14:08 ` Tadeusz Struk 1 sibling, 1 reply; 9+ messages in thread From: Jan Kara @ 2022-04-28 14:02 UTC (permalink / raw) To: Tadeusz Struk Cc: syzbot+fcc629d1a1ae8d3fe8a5, syzkaller-bugs, adilger.kernel, linux-ext4, tytso On Tue 15-03-22 14:38:57, Tadeusz Struk wrote: > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master Did this fix fall through the cracks? Tadeusz, can you do a proper patch submission with your Signed-off-by etc.? Thanks! Honza > > ============================================== > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c > index 01c9e4f743ba..355384007d11 100644 > --- a/fs/ext4/inode.c > +++ b/fs/ext4/inode.c > @@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) > struct super_block *sb = inode->i_sb; > ext4_lblk_t first_block, stop_block; > struct address_space *mapping = inode->i_mapping; > - loff_t first_block_offset, last_block_offset; > + loff_t first_block_offset, last_block_offset, max_length; > + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); > handle_t *handle; > unsigned int credits; > int ret = 0, ret2 = 0; > @@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) > offset; > } > > + /* > + * For punch hole the length + offset needs to be at least within > + * one block before last > + */ > + max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; > + if (offset + length >= max_length) { > + ret = -ENOSPC; > + goto out_mutex; > + } > + > if (offset & (sb->s_blocksize - 1) || > (offset + length) & (sb->s_blocksize - 1)) { > /* > -- > 2.35.1 > -- Jan Kara <jack@suse.com> SUSE Labs, CR ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2] ext4: check if offset+length is within valid fallocate 2022-04-28 14:02 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Jan Kara @ 2022-05-04 14:08 ` Tadeusz Struk 0 siblings, 0 replies; 9+ messages in thread From: Tadeusz Struk @ 2022-05-04 14:08 UTC (permalink / raw) To: Jan Kara Cc: syzbot+fcc629d1a1ae8d3fe8a5, syzkaller-bugs, adilger.kernel, linux-ext4, tytso On 4/28/22 07:02, Jan Kara wrote: > On Tue 15-03-22 14:38:57, Tadeusz Struk wrote: >> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > Did this fix fall through the cracks? Tadeusz, can you do a proper patch > submission with your Signed-off-by etc.? Thanks! I'm still working on it. -- Thanks, Tadeusz ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] kernel BUG in ext4_ind_remove_space 2022-02-14 1:58 [syzbot] kernel BUG in ext4_ind_remove_space syzbot 2022-03-15 15:14 ` syzbot @ 2022-05-09 16:41 ` syzbot 1 sibling, 0 replies; 9+ messages in thread From: syzbot @ 2022-05-09 16:41 UTC (permalink / raw) To: adilger.kernel, jack, linux-ext4, linux-kernel, syzkaller-bugs, tadeusz.struk, tytso syzbot suspects this issue was fixed by commit: commit 2da376228a2427501feb9d15815a45dbdbdd753e Author: Tadeusz Struk <tadeusz.struk@linaro.org> Date: Thu Mar 31 20:05:15 2022 +0000 ext4: limit length to bitmap_maxbytes - blocksize in punch_hole bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=100ac712f00000 start commit: 09688c0166e7 Linux 5.17-rc8 git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d35f9bc6884af6c9 dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1205b189700000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dda4fe700000 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: ext4: limit length to bitmap_maxbytes - blocksize in punch_hole For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-05-09 16:41 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-02-14 1:58 [syzbot] kernel BUG in ext4_ind_remove_space syzbot 2022-03-15 15:14 ` syzbot 2022-03-15 19:21 ` Tadeusz Struk 2022-03-15 20:22 ` syzbot 2022-03-15 21:38 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Tadeusz Struk 2022-03-15 21:48 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot 2022-04-28 14:02 ` [PATCH v2] ext4: check if offset+length is within valid fallocate Jan Kara 2022-05-04 14:08 ` Tadeusz Struk 2022-05-09 16:41 ` [syzbot] kernel BUG in ext4_ind_remove_space syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).