From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7EEBC43334 for ; Tue, 14 Jun 2022 08:50:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7A2DC8D0235; Tue, 14 Jun 2022 04:50:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 752428D0229; Tue, 14 Jun 2022 04:50:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F3088D0235; Tue, 14 Jun 2022 04:50:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 4E23D8D0229 for ; Tue, 14 Jun 2022 04:50:37 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 211B235858 for ; Tue, 14 Jun 2022 08:50:37 +0000 (UTC) X-FDA: 79576220514.18.C31F284 Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by imf27.hostedemail.com (Postfix) with ESMTP id 61F5C40098 for ; Tue, 14 Jun 2022 08:50:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1655196631; bh=SSwUJf2qwRRbaZd++lZS60kPIH49wvQPY3CwMrUjTd4=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=KXdh+hAyaXHpmvpx6xkz9KNcxpWJY6vO2/DbaJhl4A4a5wx1yIK2KNHAIktncIdfq 4m4P11upDW54wU1wtvxPmRRdQHZ7RwD1BzeMgAuTA5hYCpOWGHLUUQvUV5KfgMSXT+ CIQSinCvmCpk7DJfB7yZxYnXnCVWv6fPgroAfsVE= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [0.0.0.0] ([149.28.201.231]) by mail.gmx.net (mrgmx105 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MfYPY-1nUBPJ3uJs-00fzXd; Tue, 14 Jun 2022 10:50:30 +0200 Message-ID: <2cc67037-cf90-cca2-1655-46b92b43eba8@gmx.com> Date: Tue, 14 Jun 2022 16:50:22 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 Subject: Re: [syzbot] KASAN: use-after-free Read in copy_page_from_iter_atomic (2) Content-Language: en-US To: Christoph Hellwig , dsterba@suse.cz, syzbot , akpm@linux-foundation.org, clm@fb.com, dsterba@suse.com, josef@toxicpanda.com, linux-btrfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, willy@infradead.org References: <0000000000003ce9d105e0db53c8@google.com> <00000000000085068105e112a117@google.com> <20220613193912.GI20633@twin.jikos.cz> <20220614071757.GA1207@lst.de> From: Qu Wenruo In-Reply-To: <20220614071757.GA1207@lst.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:i8aMBCfBMPWuzbC1vKjvmN0BZxwNkVC5GuImuj/IaO48QbbgqQZ rRQUgAI0L+Es+alusDJ4kSYGqc9EoZZMJg0Vrm2aeqjxSCqdWPxEHIGC3/+qHJ4+hzQVnjg lO9zc7BI2hfBqFS84n10onGbzULt81Tdoryq48GgWon+x3+NwmSyyVG7QS0o+Ij2y3g0nkf gbnozN+NduFMqSy8f0icw== X-UI-Out-Filterresults: notjunk:1;V03:K0:tl/jVn197pY=:7sRfFjthlxd0bqcIzmCQXu CzQwRPhxWErHfYPAcPR8YYj8WMjpe4pqCvMiWnkoI83ZfmT+Wy74o5/UklfG0Eb/5D80slsoe 2a3q0tL5PgolRGX6kxDI7Jy7mHjE7QiGKxbU1o6tk+TGaDl8WfwZtxAchTEoIz646ZeVlMjeW VA04gq8yLWn0lSUfdm3SCrL78YiHSJAttrNQIJtFDAtCgFGdQ0KvTOK1L1X1QQfQOFsW3vlhd 3XC0bJ2CqAuMF0XaiRLDzhC3S6GM9tSwPW+2GZFmbXJBhp92XAiosRTtpbwlK7+MqcxjyBAoZ kaiACgDE/4vYE4CuDl9qe/CgpsU9lFf7IErLAN/eNPdiNtLbfZujqrB+6lk8HDoXQEXeZrvpC OjiXBpQLSeEYsi7nt+Yq8ZT8vlX91kowuRO+Q2OYrcxmEdEclA7F+7X8nfD5WjxLGRJggzOsA 5JEBdYwmxKPv0rqAB6sg8zU0M1W5OMONxXFZZoRIVoVUZvCRVvBOG6QUUUdwYtW8gH55Nh2Mw vOGEsFHIKrYgLeIMHPVvsTtFcsn+icszSlr6/9eQX16+Gjf/jwv+Om6+hvX3+0KgEJP4hkI5Z fB81sd1BHZWJVoBWeFQ5b1UscrAtvYS8e3+xS8t5vXj9QFQtzeVmZbAgwWLbp+btRF5yRuVZ7 TjZhVqiFfoJi/RXJRi5vrJHnSZfoNEmwjT7WSb/G9wpSfJrchorQ/F9Np7KsM8S1ZarT4mq0n JVG1ubjt1pct2tH9t3rEfGBWSuuYq10wWMc+urg9lqRvFgSx3x0nTEvL5t4/9KMfoz1z6TGEu qnCi47NDXx1eYSkpd1Djl2ZleeEhupt2BssVNVHDImpNrEF/qzDwmUHYO/r1WTm5RSsSxxKr8 nOJKOnnsRuip2bf7yHDkHH9PzGfrJgSeqdeRduLvSYgUfgaOhAs108m8x3edj5TibjP8IDb6A np2hZT8/39iCXlXiZlryfFoZS38wzYov5ea1YmYQByPPH7NlFp3oXw8+9NN4wF592ns+sgqM5 DYwcNg5K+MoelRSnnfW6quR+lEiLQGq+XMLRDXWxfTRqFpGcWenfbfdYKTssx7yhgbwE5VlWT WRUmPaMYy+jrvc9z6fkPKVDJYUevWWtK9V6MZop8t7sodSjorFYUcM0yQ== ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=KXdh+hAy; dmarc=pass (policy=none) header.from=gmx.com; spf=pass (imf27.hostedemail.com: domain of quwenruo.btrfs@gmx.com designates 212.227.17.21 as permitted sender) smtp.mailfrom=quwenruo.btrfs@gmx.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1655196636; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ylrK1BMlXplVadaK4hb1xqfRzhCYV4gBKAU+Io83x/4=; b=B+8QXmf/BopW9kXCXi7Vjv9WpWGYSYsyQJDwWl5WdxTWYx4JFgO7FEU00gnMALxdCIoq8S ed9/XdRXPTrEyLURAqj4FeqSA3VHzm/mDGegUToFY/R4HkpVY7LlRNaxUDrTMzvL/JRKAm mxIDD3Gvr8kwwCy/a2yhpH9fBhcK4EI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1655196636; a=rsa-sha256; cv=none; b=LsUi+uJXn/BQyAWOtxUJCoL7pgpBg6uTxhAZAqlvF/7bTss8lIzF8L3QGuLObZyOrIIpw8 GshFjiINugisVUvHQjZNxXbfqpx//QZb8qpV7XK3BXUFvOHyd/zzgrSluM2aS81TXd+G/s 1RevM99rFvDr+n+WDbrtK7y7fsrpM5c= X-Stat-Signature: cfnpa8mxsmgpz46ru36qy95zduuk3ae5 X-Rspamd-Queue-Id: 61F5C40098 X-Rspam-User: Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=KXdh+hAy; dmarc=pass (policy=none) header.from=gmx.com; spf=pass (imf27.hostedemail.com: domain of quwenruo.btrfs@gmx.com designates 212.227.17.21 as permitted sender) smtp.mailfrom=quwenruo.btrfs@gmx.com X-Rspamd-Server: rspam10 X-HE-Tag: 1655196636-730553 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/6/14 15:17, Christoph Hellwig wrote: > On Mon, Jun 13, 2022 at 09:39:12PM +0200, David Sterba wrote: >> On Fri, Jun 10, 2022 at 12:10:19AM -0700, syzbot wrote: >>> syzbot has bisected this issue to: >>> >>> commit 4cd4aed63125ccd4efc35162627827491c2a7be7 >>> Author: Christoph Hellwig >>> Date: Fri May 27 08:43:20 2022 +0000 >>> >>> btrfs: fold repair_io_failure into btrfs_repair_eb_io_failure >> >> Josef also reported a crash and found a bug in the patch, now added as >> fixup that'll be in for-next: > > The patch looks correct to me. Two things to note here: > > - I hadn't realized you had queued up the series. I've actually > started to merge some of my bio work with the bio split at > submission time work from Qu and after a few iterations I think > I would do the repair code a bit differently based on that. > Can you just drop the series for now? > - I find it interesting that syzbot hits btrfs metadata repair. > xfstests seems to have no coverage and I could not come up with > a good idea how to properly test it. Does anyone have a good > idea on how to intentially corrupt metadata in a deterministic > way? The same way as data? map-logical to find the location of a mirror, write 4 bytes of zero into the location, then call it a day. Although for metadata, you may want to choose a metadata that would definitely get read. Thus tree root is a good candidate. Thanks, Qu