From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FC62C433F5 for ; Mon, 10 Oct 2022 16:19:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 79ED86B0071; Mon, 10 Oct 2022 12:19:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 74E6D6B0073; Mon, 10 Oct 2022 12:19:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5EF446B0074; Mon, 10 Oct 2022 12:19:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4DE736B0071 for ; Mon, 10 Oct 2022 12:19:47 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 064FF140EB9 for ; Mon, 10 Oct 2022 16:19:46 +0000 (UTC) X-FDA: 80005550814.02.934E381 Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com [209.85.219.169]) by imf15.hostedemail.com (Postfix) with ESMTP id 96451A001B for ; Mon, 10 Oct 2022 16:19:45 +0000 (UTC) Received: by mail-yb1-f169.google.com with SMTP id d67so10917463ybf.5 for ; Mon, 10 Oct 2022 09:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=urVf0v/te+deuki+GBGLO2FUpbQzib8pEKK61bqpa2U=; b=d+QFBncCDIQFCGRHGmJYmHcTDaN6xcG1y5j9sTl4/bWizDCd5e5zN4Sm/OjH14KWfE 8f46cq4pDL0cvCn5zmjRvSNCl/OLtaj4cyuKa0+eLNbjqdLh3bl2oFN9oQOymI11TI4w 2MCBLQYKYKI2+nxkiW9lbQQb6O/uOJxKtLj345ysknabTkMATifdnlQwSw11if2kgtFd OUfTLZkivgpMjH4UKlk/FpLAP7TkqSsolu0yMNlTxtk3Sq1nGIHdbh+ZhYetEKqB90HA kBr4YK79XtRRJSSmp8eWhw7O0WzK/mGp3qAIDJU/tO/E4R5QMCfIGaMfEa50NJPNDLvX f6cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=urVf0v/te+deuki+GBGLO2FUpbQzib8pEKK61bqpa2U=; b=fxlYbgsAVnc/77MJOdhsgLcKo3Nhrirt/awp6zMFhQmYHITiHq2gAVS8+rxQLa0o23 +KvZZ/cVyUMBvt+g1blfV5/K5BO+IAlAjLuUMTgdQgnEn4mC7reeKQp7HGmzVN2tfCDE vc/0j9+QUwtKO+7lBfObODvvcjiW95QK2HIjRoDSnAg4lRNaKrEbhhPx/q/0GITlH2s3 tn5qfLTGdBoN+qeSNDSz43XdIFoQN9GisdzOnoTsr9cSEWafkiaXLWTbgc616+ExlC18 JJ/HJWIgYD7MyI8H4n2S8eiPBQFMtU58nCaZ7jLOIZ+DEQq6calwIkyaS8nE0zpV2Ygi BWTg== X-Gm-Message-State: ACrzQf2+mgKrTvks0SCCHVRTeL2IEMJgXQP39MH/FOTCQOWzD9XtFDDG G7KXn4L1l5zVuQRB0TSy8zJ7dvuRsdKCNa9aPg4AS11d X-Google-Smtp-Source: AMsMyM6smWOmH7N3cXuHH7A05vBbbJR+sVGjp3pKL1q0CCVm4rSheNFxwnOBvmKu5WOm+NHCmtvIKkPCluKDjmrgEag= X-Received: by 2002:a25:6f83:0:b0:6be:37fe:4d91 with SMTP id k125-20020a256f83000000b006be37fe4d91mr17167664ybc.562.1665418784697; Mon, 10 Oct 2022 09:19:44 -0700 (PDT) MIME-Version: 1.0 References: <000000000000117c7505e7927cb4@google.com> <20220901162459.431c49b3925e99ddb448e1b3@linux-foundation.org> In-Reply-To: From: Vishal Moola Date: Mon, 10 Oct 2022 09:19:33 -0700 Message-ID: Subject: Re: [syzbot] UBSAN: array-index-out-of-bounds in truncate_inode_pages_range To: Matthew Wilcox Cc: Andrew Morton , syzbot , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1665418785; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=urVf0v/te+deuki+GBGLO2FUpbQzib8pEKK61bqpa2U=; b=tNpLm7fYY19+RKBfvXZ91BMzmQdHsQZcJrDqakUO/yT21B7EzUi76mL0kA2WjU3v+KwpMW zSvlRwEI8ZrCvr9RnYEStuR2oYU2wohBsLT58jsm6lI1Xuavs5uqFxjXQAf0svQUOYBzOF I/QbC0d6VEATzpGMCcp9KBI6a1EZcYw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=d+QFBncC; spf=pass (imf15.hostedemail.com: domain of vishal.moola@gmail.com designates 209.85.219.169 as permitted sender) smtp.mailfrom=vishal.moola@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1665418785; a=rsa-sha256; cv=none; b=nNmM1b1lEY1lFhuI3D/nHuV6V9Q14nb1lV3IfYxG3NeIFGFHNp0231s2EocJqaiIZkTrSJ uAwGRjdyAy7pzCk7laaW80eGYt114j2uWSeImDtSdYgi914JZ0FoGtm1kOkk6g38LivXWf f1xfCaoQCKIhgFCJO4WYf3FoKp2Savo= X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 96451A001B X-Stat-Signature: 6hgcwrmb5u5qanacsxzmm739wxuhjbku Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=d+QFBncC; spf=pass (imf15.hostedemail.com: domain of vishal.moola@gmail.com designates 209.85.219.169 as permitted sender) smtp.mailfrom=vishal.moola@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-HE-Tag: 1665418785-783785 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, Oct 8, 2022 at 12:12 PM Matthew Wilcox wrote: > > On Thu, Sep 01, 2022 at 04:24:59PM -0700, Andrew Morton wrote: > > On Wed, 31 Aug 2022 17:13:36 -0700 syzbot wrote: > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 89b749d8552d Merge tag 'fbdev-for-6.0-rc3' of git://git.ke.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=14b9661b080000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=911efaff115942bb > > > dashboard link: https://syzkaller.appspot.com/bug?extid=5867885efe39089b339b > > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > userspace arch: i386 > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+5867885efe39089b339b@syzkaller.appspotmail.com > > > > > > ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) > > > ntfs3: loop0: RAW NTFS volume: Filesystem size 0.00 Gb > volume size 0.00 Gb. Mount in read-only > > > ================================================================================ > > > UBSAN: array-index-out-of-bounds in mm/truncate.c:366:18 > > > index 254 is out of range for type 'long unsigned int [15]' > > > > That's > > > > index = indices[folio_batch_count(&fbatch) - 1] + 1; > > > > I looked. I see no way in which fbatch.nr got a value of 255. > > NTFS is involved. I stopped looking at that point; it seems to be > riddled with buffer overflows. > > > I must say, the the code looks rather hacky. Isn't there a more > > type-friendly way of doing this? > > Looking at the three callers, they all want to advance index. We > should probably pass &index instead of index and have find_lock_entries > advance it for them. > > Vishal, want to take this on? Yup! I'll do that.