From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 505BCECAAD5 for ; Mon, 5 Sep 2022 09:47:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E2FC7801D0; Mon, 5 Sep 2022 05:47:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DDF4D8D0050; Mon, 5 Sep 2022 05:47:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CCF53801D0; Mon, 5 Sep 2022 05:47:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id BE80A8D0050 for ; Mon, 5 Sep 2022 05:47:21 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 921BB160709 for ; Mon, 5 Sep 2022 09:47:21 +0000 (UTC) X-FDA: 79877553882.07.475E45B Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180]) by imf07.hostedemail.com (Postfix) with ESMTP id 38D314004C for ; Mon, 5 Sep 2022 09:47:21 +0000 (UTC) Received: by mail-lj1-f180.google.com with SMTP id z23so8686109ljk.1 for ; Mon, 05 Sep 2022 02:47:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=vGVJH5OA7KjJlmiPWzK9scUAv0CcOHtZiCcKY3maS0o=; b=AmsIsGuuDJ2PBKP65euT43bUkExLvC4oRSQj3LyixfKfTLB/MWq8YHdHoYouDwl5Q4 j52ymo4jSKQQc0/E8fFgmISNqRiU0uPi1XwbDKHJ4G/YjOqICxOYwISDBefatmG24pgh kMBMneQhZi2DcfPncacOycMLzlcMsGw8cncOBdI/X3zqPypKNU7lSp3dHxQ7or7CF6xy SuOGX4OBVYDhJYUScTNI/dVf7DE2JPHmpM2ogBSsOQulP3JEZA/JqpVRm267O5CkfO6A mVHerWTCMhcvcyMdQLdHprK7wr795tWvuxOPyCN3WWipXYkx+09ApxuM0TjzERSfjKSS 13gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=vGVJH5OA7KjJlmiPWzK9scUAv0CcOHtZiCcKY3maS0o=; b=rVVX2ZQpwGXjaCampkubWGAXFq82l3MUxNC68oElAGxwj92s7U5oEaTw61rkiaFe8L 3VUGptnjllHjbxudw5SiGWI1wyGekUvOanFE4M/JcWm6JkcmQUnDagoo+AqR4Kwi/GFd Yaqh2aqbua9NkgkArYQFezNmYCAb9IT9PPaZlc92T3noP+OVNVUHifNyYrlH9yq7Iinw uH+nsfl0PC6CvmBrBVqPysAHzWlrfCFeGz1qf79z0E/ZCeB5ATxtnXfZY0qoG5Y1YHWs UBPC/PhMEpAsmsB4bPIFBO7fqG81QwOdZNcu0LhaY544+Dy0Y27YGNm6j5A9rPWTpj/D uSkQ== X-Gm-Message-State: ACgBeo1UOeiSwDagfmumMSNQTIbfhN4FkwOmK4V7c687DN+HPiXGIeYY YmTMEBuUBJyos/Xvu8UcU9BA2VXhF63vDeVJ2IABRg== X-Google-Smtp-Source: AA6agR4nj5jK6NuN8qOKVzACCWuYWh86kCQEIz4FXviA89UV9pQ+Zq427qL6mDztcmVf/UGagiDLy1LV8j186VrfdWc= X-Received: by 2002:a05:651c:332:b0:267:649d:1f29 with SMTP id b18-20020a05651c033200b00267649d1f29mr7586946ljp.465.1662371239208; Mon, 05 Sep 2022 02:47:19 -0700 (PDT) MIME-Version: 1.0 References: <000000000000117c7505e7927cb4@google.com> <20220901162459.431c49b3925e99ddb448e1b3@linux-foundation.org> In-Reply-To: <20220901162459.431c49b3925e99ddb448e1b3@linux-foundation.org> From: Dmitry Vyukov Date: Mon, 5 Sep 2022 11:47:07 +0200 Message-ID: Subject: Re: [syzbot] UBSAN: array-index-out-of-bounds in truncate_inode_pages_range To: Andrew Morton Cc: syzbot , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, willy@infradead.org Content-Type: text/plain; charset="UTF-8" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1662371241; a=rsa-sha256; cv=none; b=JoCY/Iw1G1D0FpOsj1vlKWw51+SIIdH7fUJjpdsg+Hgl7DzGvNpizzuVCBydLoM2MDFKk5 lhSypoLIfwMOo+pg1GNFcCZg2V2VLNU8BTgGpFFqL+fxLWnPGV7ImA1rHdSQGIxzF6XsoI qBii9tVu78zD/bTrfcaIeYD/L4L1/C0= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=AmsIsGuu; spf=pass (imf07.hostedemail.com: domain of dvyukov@google.com designates 209.85.208.180 as permitted sender) smtp.mailfrom=dvyukov@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1662371241; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vGVJH5OA7KjJlmiPWzK9scUAv0CcOHtZiCcKY3maS0o=; b=E/PRgfkkmGG4Lmv0XS9c55kKtEj5TFfsl2GXOoWI+R0jRhkG9H0y3epAFBxOQEN+atfr/P 50hQ1r3MLPOZv8VVN2YuyGOktNbsht1AzRQx7sD7gX2D60EVzy1S5j+tKVIvw7f0/hlPTT fWRSHyIgtl51NPMo15uAtk2eMVQI8iM= Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=AmsIsGuu; spf=pass (imf07.hostedemail.com: domain of dvyukov@google.com designates 209.85.208.180 as permitted sender) smtp.mailfrom=dvyukov@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: kmn7tasqmrwiguq7r96fiiri8kb3bayt X-Rspamd-Queue-Id: 38D314004C X-HE-Tag: 1662371241-400746 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 2 Sept 2022 at 01:25, Andrew Morton wrote: > > On Wed, 31 Aug 2022 17:13:36 -0700 syzbot wrote: > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 89b749d8552d Merge tag 'fbdev-for-6.0-rc3' of git://git.ke.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=14b9661b080000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=911efaff115942bb > > dashboard link: https://syzkaller.appspot.com/bug?extid=5867885efe39089b339b > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > userspace arch: i386 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+5867885efe39089b339b@syzkaller.appspotmail.com > > > > ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) > > ntfs3: loop0: RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only > > ================================================================================ > > UBSAN: array-index-out-of-bounds in mm/truncate.c:366:18 > > index 254 is out of range for type 'long unsigned int [15]' > > That's > > index = indices[folio_batch_count(&fbatch) - 1] + 1; > > I looked. I see no way in which fbatch.nr got a value of 255. > > > I must say, the the code looks rather hacky. Isn't there a more > type-friendly way of doing this? I don't see how this can happen either. Also can't reproduce. It's happened only once so far, so maybe some silent memory corruption. Let's wait for more crashes/reproducer, or otherwise syzbot will auto-close it after some time.