From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3A25C2D0CD for ; Thu, 15 May 2025 11:22:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 163506B0092; Thu, 15 May 2025 07:22:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0ED576B0095; Thu, 15 May 2025 07:22:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ECDAA6B0096; Thu, 15 May 2025 07:22:43 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id CAE436B0092 for ; Thu, 15 May 2025 07:22:43 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 5076CBF28D for ; Thu, 15 May 2025 11:22:44 +0000 (UTC) X-FDA: 83444904648.21.98C2CD0 Received: from mail-yb1-f196.google.com (mail-yb1-f196.google.com [209.85.219.196]) by imf05.hostedemail.com (Postfix) with ESMTP id 8A5D2100003 for ; Thu, 15 May 2025 11:22:42 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Dc0D+g7G; spf=pass (imf05.hostedemail.com: domain of y04609127@gmail.com designates 209.85.219.196 as permitted sender) smtp.mailfrom=y04609127@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747308162; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=aD3ahMdolvWSBfNxRmKfoKUY31bsCsh0KD6krUWX7Ag=; b=Zvcf3ksuqJkpK6B64L9C8Kv7c857LMtkd5ckYgYPEnC7z5G6JMOvPRq9O0FpI7m60FfsME r3Oq6BtayXe8Mcy1HJm/lZpro669ETiuK8X1HR5plpsryMxem4OwwwRPIWDh1x2n79AVQD 1gnc+uY7Rm4MEtOZV6LJuK13f9C1SbY= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=Dc0D+g7G; spf=pass (imf05.hostedemail.com: domain of y04609127@gmail.com designates 209.85.219.196 as permitted sender) smtp.mailfrom=y04609127@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747308162; a=rsa-sha256; cv=none; b=3lbtj7uZTu8ZwZ6ZHjthGMWwspz5yEks4GaTRz0mUk6DSraojfnabtvennNbG9HE37KGOl uHFM44uOImIplkXo9kmUOh0xTZXMVtkB6YKYff0xB6iXsK/J7k4Us88rLM2WsE8XFg6w4A v1NsLtbMxRizawDLWrHxKq78qsIlQ2s= Received: by mail-yb1-f196.google.com with SMTP id 3f1490d57ef6-e733cd55f9eso812067276.1 for ; Thu, 15 May 2025 04:22:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747308161; x=1747912961; darn=kvack.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=aD3ahMdolvWSBfNxRmKfoKUY31bsCsh0KD6krUWX7Ag=; b=Dc0D+g7GL7/lRlFsgOQVY0RAdnKv+NtSTRh6/I9RpROBePR9XnuvK9LAZl9Rad93Mm hPH2WiWMXF8C4iq9RijEOcXDi+F0D7voDElg/NuYe6T5VsmAHH8wIBJdrtIVrY4Bcqsa fgHQt7uBsyhFY1l1I04HPgLwnTJ/kOMx0lD+g4ZqqzCaX4rgZQ3UdAJR/24BY0fbxum/ YXbIjl0OUxICn9FF9pYOJtFpFnCbGVyPL0dcsbK0uR5szbtIuVUanOFvXyCf1sCxClyq upxMz0pe68WxgF4tVBALpwcSEbTXCtZFrf2dAP7NBCNsbcegwV30eYvX5j9upVZ21AUT NeqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747308161; x=1747912961; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=aD3ahMdolvWSBfNxRmKfoKUY31bsCsh0KD6krUWX7Ag=; b=UcEq2u9Xg8VdmaX+C/71TEq1Er0ku2IdfCvRbVdTiAumVyAnSSTO822+ctBGF4i1EN m5nPeyMRKnK6hQ6X58QhY9Vyzi61kW9AXfREG5CjpBzySJLvXgRDm5ZFDlWeMk4DPLkP LOGuM7saLjOolJFuRuC4X4fLs3RzwPVho3132WUmbE6jteUx3RKzV1jYBYRxmfOafkUc UN3DAOysCA9d0uYG5c816lKAxnqh8hw8ZwVwBBgmnlX0U5YqbMdGDittHYBlaf9Gm9a6 uzEzwOjj65Oeiwc+86v7WVnvbTVwg/OdW+A/HXNKQjjq65iLZGnsZmz7pz8HjV2pb0mN tRuQ== X-Forwarded-Encrypted: i=1; AJvYcCU9yS/kwhNa2kFfWsJatx2W4Gh15fEEkcebwPlCU3YTAeG26bWh2tJmWHusjZ3OxR//lI28/+l5fw==@kvack.org X-Gm-Message-State: AOJu0Yyurle/arFZO7DIrqK0jLuekSADoq0Gz9/DdmJpMCc5ShtVYm4N e/yB0rDMTGfzAGSC0p20nZLFo0BxcGG65jG4QBbAtXdpP33o3rzaxwCH3Yx48lRIdhPyEULPC7L QIwWSt85dUSK4ZyzjUnvJPxkTXE8= X-Gm-Gg: ASbGncvha8+p20cdjERjuS585Vg8LTxcKsGjZrOIybqjmXhALl82p9UPJgz2BN6GdpI PRnp1/dkADG5TAsBAM83BByq9F01ei3nEvGZuhsNTNICwwTl0Y66K/LUx76N+a3zw4fOmjtM332 65J+YriQtje1oCAcEZgqcgRUcj29HkoBxZ9zk= X-Google-Smtp-Source: AGHT+IGP/+LBlcc23jMwqW/NJ4FYcUvDfJY2pcx8vBqn5G6aFGwZBIfWCXs72GRRPNMS+RTfDkjJLxPVM0I1e4u18G8= X-Received: by 2002:a05:6902:2209:b0:e60:7d3b:1e18 with SMTP id 3f1490d57ef6-e7b3d5ea594mr9048063276.40.1747308161553; Thu, 15 May 2025 04:22:41 -0700 (PDT) MIME-Version: 1.0 From: Guoyu Yin Date: Thu, 15 May 2025 19:22:31 +0800 X-Gm-Features: AX0GCFul1A7P1pX1Lgbzfc0_kbfLhE42bIm4x3Nnaj9FBUBaQ0CHRUfbX72ehyw Message-ID: Subject: [BUG] WARNING in gup_vma_lookup To: akpm@linux-foundation.org Cc: tytso@mit.edu, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Queue-Id: 8A5D2100003 X-Rspamd-Server: rspam09 X-Stat-Signature: c1t6azi8s568xz93pp7rdobpeqfhi4id X-HE-Tag: 1747308162-673451 X-HE-Meta: U2FsdGVkX1+GY7JeSWL3Q3wCFA5I8h9n5YTBoHIcvx8UKuRY4MALyrI9wuu3A9oGLRLf1TIceHJClkR+9zFmmlLpoYVX30l6FU8msAVvI6yEDE9mLDR73Q9VnDV9MJnxL9cPamczwwrgRUwaA0mAMtLZFfXdwmXc7WoK0ZdYDmYxywnjPDt81U2uFL+6YSmESGIrYsn+5MsUS7I1H16zFa6iL++ge4GcbyGI7H8WM1xqr+ynzchjJ4Td/ALSEIw2Ff2yUAfWnsDPMLCe2c1ok2lB3AF/T227Z6FZYy06QqQ2JkLz18kMym+fwHw+5P4gYCB4iFQ867UA4PBUu6Imj9HKD3P5oN0ss1J/sp3sBtvkY4l8dYbpsWmMLd1Mrn8NeXaS1FhCjTRvW2xiUw1I6ToSatoyMnurVM6DskvX075FH68CNLVle4K/ypU5hPY+wmZIbuJGTJBEMwyouS0ffyMKPX+Ip1uLEWYkef/Yw305g3ikUqC3uvqLOSVMRxDgsRpn7vN9NCPT0hwMR+AqO/xu7IrmFtrpVWpppb+ujugZ5Wy4J7h8LqpKgcEsr3wqy57hC6fwbsd2qEAVIZcMlVYWJsWS91XS1H2Ms21HbXK+t8uY63Z3eEAZ8Q/GvP4bBQY+xZE5iLcxu15hoDiVbkYLIRDV1SfdhWmt/Ss6bTvs82+BHE3cefNtM3+q9EqYjka4kr5pGAs5Qix05/iuxN+b1qMbvf7Q3ag0vCh61cb2UiyHZH4czFyC36RFX34ICCqx+zNupCRwAQXC/CGD6AfgzW4nk3S38iSDFi/08uiXr8SXplNl9eLkN8eV630vtGiUBp+pvawv+BuqsCk4YIyiFohS+uMq276A7TMLywMKEIZSmrHHCef/OMclYSRLSxG06J3FkpkZ468regbZaBkzP2+rBX8oQyiG07m1sP2pWlYilhnMpxon7sSG20zPzIUvn8ChCSR67p5UQIq Pq/x6wxB hP9xSTVGQfvJFftluEBCW4JiehvbJmX+9paCzmFhnZozfU/bK2YuovIIAfBpyUYktb3UHCfGwGS4PGxsTn8yctneSY8dfKyw6I07k2U6QZ41U4og+2hJztD2ZxazT7HJsbdq1qy9QZ5U+w+KWFq02SdmY0i3T2Cexgj8LBW8pw/Ba0Ctboe5Ys/zERQRRx7O7VyRYEW2i+t8KY+Eus8usWl4xbLr2iqbu8SWIrs9ezKmwAaezQ0NX4jpinK3U7snha5oXiGlB69JeZvqWr8SZUF/oCXhDv0b/P0os8g8BcyfJaiXDGA5edL/hX7S6Z++Dl5/ai92yNtSogy4ohWBea7o09rN+7XGyVEuHgHo5oYX2coAPZPxSpBa7Bo04bYD4krYj X-Bogosity: Ham, tests=bogofilter, spamicity=0.004890, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, This crash occurs due to a mismatched symlink length validation in ext4 when handling corrupted inode data, combined with improper stack expansion handling in GUP. The crash can be reproduced through syzkaller's filesystem stress tests involving symlink operations and direct I/O writes. The key issues are: 1. In __ext4_iget() at fs/ext4/inode.c:5012: inode_set_cached_link() triggers a warning when detecting a symlink with actual length 39 bytes while expecting 29 bytes. This indicates either disk corruption or a kernel bug in symlink length handling. The problem likely stems from improper validation of i_extra_isize and fast symlink storage in ext4_inode. 2. In gup_vma_lookup() at mm/gup.c:1362: The warning "GUP no longer grows the stack" appears when handling VMA lookups for addresses below the stack region. This occurs during direct I/O writes (ext4_dio_write_iter) when pin_user_pages_fast() attempts to access user memory near stack boundaries, but the kernel refuses to expand the stack automatically. Suggested fixes: 1. For ext4: Add stronger validation of i_extra_isize and inline data size before calling inode_set_cached_link() in __ext4_iget 2. For GUP: Re-examine the stack growth policy when handling direct I/O operations near stack boundaries to avoid filesystem corruption cascades This can be reproduced on: HEAD commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 report: https://pastebin.com/raw/wDUgDsV0 console output : https://pastebin.com/raw/HndaBU1E kernel config : https://pastebin.com/raw/u0Efyj5P C reproducer : part1: https://pastebin.com/raw/3AA1ZHUd part2: https://pastebin.com/raw/0LaFkaAd