From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E22C8ECAAD3 for ; Thu, 1 Sep 2022 23:25:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F77580080; Thu, 1 Sep 2022 19:25:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A6908000D; Thu, 1 Sep 2022 19:25:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3952E80080; Thu, 1 Sep 2022 19:25:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 2A89C8000D for ; Thu, 1 Sep 2022 19:25:04 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 00EF8AB3A8 for ; Thu, 1 Sep 2022 23:25:03 +0000 (UTC) X-FDA: 79865099286.30.8FAD949 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf27.hostedemail.com (Postfix) with ESMTP id 8D10240086 for ; Thu, 1 Sep 2022 23:25:03 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E7648B825DB; Thu, 1 Sep 2022 23:25:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7CDA6C433D6; Thu, 1 Sep 2022 23:25:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1662074700; bh=3Ei2pJxNHEj7Ms4tUmMY4vQ3bWZICi1bGNA88E3kO3U=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=zNHLDPV6huB6ldajXdDKZJKTucg41vNQy1eDgNGzo6nSdipYamio1gvgjT2LJMsIL 81HbuA8Ueqo5zDQi71TpbbiUn6wi2SPV5NXXmeo6T6uDk27V0YTO5S+YXmw98mBTsL +70Eq5tndj9TjEClRfrdME66CqB9ha620mnml22c= Date: Thu, 1 Sep 2022 16:24:59 -0700 From: Andrew Morton To: syzbot Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, willy@infradead.org Subject: Re: [syzbot] UBSAN: array-index-out-of-bounds in truncate_inode_pages_range Message-Id: <20220901162459.431c49b3925e99ddb448e1b3@linux-foundation.org> In-Reply-To: <000000000000117c7505e7927cb4@google.com> References: <000000000000117c7505e7927cb4@google.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1662074703; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4AQjMDhs1vvNxaDPxmHuFEdTrZBAeVFSLLa2eQlTql0=; b=PfGDtz82C23g2X+DN4G7dkaHJce9vL/x4Uuc0yr0PqeUSfPFA8qci6dydXs1qjH+ajbRfx xQ57knkJtBfib49DMlrwpu2I6uwB8tCJEDh3P93OZtdRmp9otOnO9YAxWnRWJedADiRSDC U/wunVwgk4jeIAmX8bZqe9moZ+5yW+k= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=zNHLDPV6; spf=pass (imf27.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1662074703; a=rsa-sha256; cv=none; b=5AHLyfnKOA9qhn2teDlFddaQYl867ogLwlfA4TaBcfFbWmJFR0ggJo9AfIdYHWJbQsIB1j urj6O42PkbM2zJU0PAjHJPlnz6E5lPM/rYfflZutIoEivjRJb9FMtU/1W9jQVFDumoCFTq 7l3p98ujjJ/glpdiMhpTO1H8cdJq1sw= X-Stat-Signature: xcbjbtyqxfnauundq3egi3nesshiywmy X-Rspamd-Queue-Id: 8D10240086 Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=zNHLDPV6; spf=pass (imf27.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Rspamd-Server: rspam12 X-Rspam-User: X-HE-Tag: 1662074703-167716 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 31 Aug 2022 17:13:36 -0700 syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 89b749d8552d Merge tag 'fbdev-for-6.0-rc3' of git://git.ke.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=14b9661b080000 > kernel config: https://syzkaller.appspot.com/x/.config?x=911efaff115942bb > dashboard link: https://syzkaller.appspot.com/bug?extid=5867885efe39089b339b > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > userspace arch: i386 > > Unfortunately, I don't have any reproducer for this issue yet. > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+5867885efe39089b339b@syzkaller.appspotmail.com > > ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) > ntfs3: loop0: RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only > ================================================================================ > UBSAN: array-index-out-of-bounds in mm/truncate.c:366:18 > index 254 is out of range for type 'long unsigned int [15]' That's index = indices[folio_batch_count(&fbatch) - 1] + 1; I looked. I see no way in which fbatch.nr got a value of 255. I must say, the the code looks rather hacky. Isn't there a more type-friendly way of doing this?