[syzbot] [ext4?] kernel BUG in ext4_write_inline_data (2)
29 views
Skip to first unread message
syzbot
Nov 21, 2024, 4:00:27 AM11/21/24
to adilger...@dilger.ca, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot found the following issue on:
HEAD commit: 4a5df3796467 Merge tag 'mm-hotfixes-stable-2024-11-16-15-3..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=165adb5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=118eb2c0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1395f130580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5912c1b48bcf/disk-4a5df379.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e9bdeba257b7/vmlinux-4a5df379.xz
kernel image: https://storage.googleapis.com/syzbot-assets/567e5bf968eb/bzImage-4a5df379.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/94e36b599391/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:235!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 5838 Comm: syz-executor116 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:ext4_write_inline_data+0x36b/0x460 fs/ext4/inline.c:235
Code: df 41 ff e8 f7 df 41 ff 45 8d 64 2c c4 b8 3c 00 00 00 29 e8 4c 63 f0 e9 c7 fe ff ff e8 de df 41 ff 90 0f 0b e8 d6 df 41 ff 90 <0f> 0b e8 8e b8 a2 ff e9 d6 fd ff ff 4c 89 ff e8 81 b8 a2 ff e9 71
RSP: 0018:ffffc90003e078e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888074c38c98 RCX: ffffffff824b9874
RDX: ffff8880349bbc00 RSI: ffffffff824b9a7a RDI: 0000000000000006
RBP: 0000010000000005 R08: 0000000000000006 R09: 0000010000000006
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000000001
R13: ffffc90003e07980 R14: 0000010000000006 R15: ffff888074c39242
FS: 00005555714a8380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000077348000 CR4: 0000000000350ef0
Call Trace:
<TASK>
ext4_write_inline_data_end+0x278/0xc50 fs/ext4/inline.c:774
ext4_da_write_end+0x54e/0xd00 fs/ext4/inode.c:3065
generic_perform_write+0x4e8/0x920 mm/filemap.c:4069
ext4_buffered_write_iter+0x119/0x3c0 fs/ext4/file.c:299
ext4_file_write_iter+0x861/0x19d0 fs/ext4/file.c:698
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0x5b1/0x1150 fs/read_write.c:683
ksys_pwrite64 fs/read_write.c:798 [inline]
__do_sys_pwrite64 fs/read_write.c:808 [inline]
__se_sys_pwrite64 fs/read_write.c:805 [inline]
__x64_sys_pwrite64+0x200/0x260 fs/read_write.c:805
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f18e1c07679
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff5a649ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fff5a64a078 RCX: 00007f18e1c07679
RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000004
RBP: 00007f18e1c7b610 R08: 0000000000000000 R09: 00007fff5a64a078
R10: 0000010000000005 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff5a64a068 R14: 0000000000000001 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x36b/0x460 fs/ext4/inline.c:235
Code: df 41 ff e8 f7 df 41 ff 45 8d 64 2c c4 b8 3c 00 00 00 29 e8 4c 63 f0 e9 c7 fe ff ff e8 de df 41 ff 90 0f 0b e8 d6 df 41 ff 90 <0f> 0b e8 8e b8 a2 ff e9 d6 fd ff ff 4c 89 ff e8 81 b8 a2 ff e9 71
RSP: 0018:ffffc90003e078e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888074c38c98 RCX: ffffffff824b9874
RDX: ffff8880349bbc00 RSI: ffffffff824b9a7a RDI: 0000000000000006
RBP: 0000010000000005 R08: 0000000000000006 R09: 0000010000000006
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000000001
R13: ffffc90003e07980 R14: 0000010000000006 R15: ffff888074c39242
FS: 00005555714a8380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5524d17095 CR3: 0000000077348000 CR4: 0000000000350ef0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4a5df3796467 Merge tag 'mm-hotfixes-stable-2024-11-16-15-3..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=165adb5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=118eb2c0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1395f130580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5912c1b48bcf/disk-4a5df379.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e9bdeba257b7/vmlinux-4a5df379.xz
kernel image: https://storage.googleapis.com/syzbot-assets/567e5bf968eb/bzImage-4a5df379.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/94e36b599391/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
------------[ cut here ]------------
kernel BUG at fs/ext4/inline.c:235!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 5838 Comm: syz-executor116 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:ext4_write_inline_data+0x36b/0x460 fs/ext4/inline.c:235
Code: df 41 ff e8 f7 df 41 ff 45 8d 64 2c c4 b8 3c 00 00 00 29 e8 4c 63 f0 e9 c7 fe ff ff e8 de df 41 ff 90 0f 0b e8 d6 df 41 ff 90 <0f> 0b e8 8e b8 a2 ff e9 d6 fd ff ff 4c 89 ff e8 81 b8 a2 ff e9 71
RSP: 0018:ffffc90003e078e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888074c38c98 RCX: ffffffff824b9874
RDX: ffff8880349bbc00 RSI: ffffffff824b9a7a RDI: 0000000000000006
RBP: 0000010000000005 R08: 0000000000000006 R09: 0000010000000006
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000000001
R13: ffffc90003e07980 R14: 0000010000000006 R15: ffff888074c39242
FS: 00005555714a8380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000066c7e0 CR3: 0000000077348000 CR4: 0000000000350ef0
Call Trace:
<TASK>
ext4_write_inline_data_end+0x278/0xc50 fs/ext4/inline.c:774
ext4_da_write_end+0x54e/0xd00 fs/ext4/inode.c:3065
generic_perform_write+0x4e8/0x920 mm/filemap.c:4069
ext4_buffered_write_iter+0x119/0x3c0 fs/ext4/file.c:299
ext4_file_write_iter+0x861/0x19d0 fs/ext4/file.c:698
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0x5b1/0x1150 fs/read_write.c:683
ksys_pwrite64 fs/read_write.c:798 [inline]
__do_sys_pwrite64 fs/read_write.c:808 [inline]
__se_sys_pwrite64 fs/read_write.c:805 [inline]
__x64_sys_pwrite64+0x200/0x260 fs/read_write.c:805
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f18e1c07679
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff5a649ea8 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fff5a64a078 RCX: 00007f18e1c07679
RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000004
RBP: 00007f18e1c7b610 R08: 0000000000000000 R09: 00007fff5a64a078
R10: 0000010000000005 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff5a64a068 R14: 0000000000000001 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_write_inline_data+0x36b/0x460 fs/ext4/inline.c:235
Code: df 41 ff e8 f7 df 41 ff 45 8d 64 2c c4 b8 3c 00 00 00 29 e8 4c 63 f0 e9 c7 fe ff ff e8 de df 41 ff 90 0f 0b e8 d6 df 41 ff 90 <0f> 0b e8 8e b8 a2 ff e9 d6 fd ff ff 4c 89 ff e8 81 b8 a2 ff e9 71
RSP: 0018:ffffc90003e078e0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff888074c38c98 RCX: ffffffff824b9874
RDX: ffff8880349bbc00 RSI: ffffffff824b9a7a RDI: 0000000000000006
RBP: 0000010000000005 R08: 0000000000000006 R09: 0000010000000006
R10: 000000000000003c R11: 0000000000000000 R12: 0000000000000001
R13: ffffc90003e07980 R14: 0000010000000006 R15: ffff888074c39242
FS: 00005555714a8380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5524d17095 CR3: 0000000077348000 CR4: 0000000000350ef0
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 21, 2024, 7:43:47 AM11/21/24
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: kernel BUG in ext4_write_inline_data()
Author: dman...@yandex.ru
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 43fb83c17ba2d63dfb798f0be7453ed55ca3f9c2
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 74f2071189b2..759a0d69b277 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3558,6 +3558,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned len)
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec25f066a2c2 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 89aade6f45f6..9fe49571bc93 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3076,7 +3076,8 @@ static int ext4_da_write_end(struct file *file,
if (write_mode != CONVERT_INLINE_DATA &&
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) &&
- ext4_has_inline_data(inode))
+ ext4_has_inline_data(inode) &&
+ ext4_inline_possible(inode, pos, len))
return ext4_write_inline_data_end(inode, pos, len, copied,
folio);
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: kernel BUG in ext4_write_inline_data()
Author: dman...@yandex.ru
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 43fb83c17ba2d63dfb798f0be7453ed55ca3f9c2
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 74f2071189b2..759a0d69b277 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3558,6 +3558,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned len)
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec25f066a2c2 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 89aade6f45f6..9fe49571bc93 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3076,7 +3076,8 @@ static int ext4_da_write_end(struct file *file,
if (write_mode != CONVERT_INLINE_DATA &&
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) &&
- ext4_has_inline_data(inode))
+ ext4_has_inline_data(inode) &&
+ ext4_inline_possible(inode, pos, len))
return ext4_write_inline_data_end(inode, pos, len, copied,
folio);
syzbot
Nov 21, 2024, 8:10:04 AM11/21/24
to dman...@yandex.ru, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested on:
commit: 43fb83c1 Merge tag 'soc-arm-6.13' of git://git.kernel...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=12c05930580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1638cad79464dac0
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested on:
commit: 43fb83c1 Merge tag 'soc-arm-6.13' of git://git.kernel...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=12c05930580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1638cad79464dac0
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=149beb78580000
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
syzbot
Nov 22, 2024, 11:21:06 AM11/22/24
to bret...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
patch: **** malformed patch at line 8: diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
patch: https://syzkaller.appspot.com/x/patch.diff?x=10ea7ec0580000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
patch: **** malformed patch at line 8: diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
patch: https://syzkaller.appspot.com/x/patch.diff?x=10ea7ec0580000
Nicolas Bretz
Nov 22, 2024, 11:53:07 AM11/22/24
to syzbot+fe2a25...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 44b0d418143c..b9d128243286 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3562,6 +3562,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3061,7 +3061,8 @@ static int ext4_da_write_end(struct file *file,
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 44b0d418143c..b9d128243286 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3562,6 +3562,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned int len)
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec25f066a2c2 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct
address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 54bdd4884fe6..d4c0e0a42b8e 100644
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec25f066a2c2 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct
address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3061,7 +3061,8 @@ static int ext4_da_write_end(struct file *file,
Nicolas Bretz
Nov 22, 2024, 11:53:07 AM11/22/24
to syzbot+fe2a25...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test
syzbot
Nov 22, 2024, 12:13:05 PM11/22/24
to bret...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
patch: **** malformed patch at line 6: diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler:
Nicolas Bretz
Nov 22, 2024, 1:33:13 PM11/22/24
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3562,6 +3562,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned int len)
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3562,6 +3562,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned int len)
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct
address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct
address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
Aleksandr Nogikh
Nov 22, 2024, 1:36:50 PM11/22/24
to Nicolas Bretz, syzbot+fe2a25...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
Hi Nicolas,
^^ note that there are empty lines, which are treated by syzbot as the
end of the patch.
Normally git diff's output does not include any empty lines, there's
always at least a single whitespace in there. You must have somehow
lost those whitespaces while copy-pasting the patch to the email.
> - if (pos + len > ext4_get_max_inline_size(inode))
> + if (!ext4_inline_possible(inode, pos, len))
> goto convert;
>
> ret = ext4_get_inode_loc(inode, &iloc);
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 54bdd4884fe6..d4c0e0a42b8e 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -3061,7 +3061,8 @@ static int ext4_da_write_end(struct file *file,
>
> if (write_mode != CONVERT_INLINE_DATA &&
> ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) &&
> - ext4_has_inline_data(inode))
> + ext4_has_inline_data(inode) &&
> + ext4_inline_possible(inode, pos, len))
> return ext4_write_inline_data_end(inode, pos, len, copied,
> folio);
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-bugs/CAPXz4ENUgZteGDF3w3iFLA-Rdbfsm2e4XUYcfdHRgwATk5mF9Q%40mail.gmail.com.
end of the patch.
Normally git diff's output does not include any empty lines, there's
always at least a single whitespace in there. You must have somehow
lost those whitespaces while copy-pasting the patch to the email.
> - if (pos + len > ext4_get_max_inline_size(inode))
> + if (!ext4_inline_possible(inode, pos, len))
> goto convert;
>
> ret = ext4_get_inode_loc(inode, &iloc);
> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
> index 54bdd4884fe6..d4c0e0a42b8e 100644
> --- a/fs/ext4/inode.c
> +++ b/fs/ext4/inode.c
> @@ -3061,7 +3061,8 @@ static int ext4_da_write_end(struct file *file,
>
> if (write_mode != CONVERT_INLINE_DATA &&
> ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) &&
> - ext4_has_inline_data(inode))
> + ext4_has_inline_data(inode) &&
> + ext4_inline_possible(inode, pos, len))
> return ext4_write_inline_data_end(inode, pos, len, copied,
> folio);
>
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-bugs/CAPXz4ENUgZteGDF3w3iFLA-Rdbfsm2e4XUYcfdHRgwATk5mF9Q%40mail.gmail.com.
syzbot
Nov 22, 2024, 1:59:05 PM11/22/24
to bret...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
patch: **** malformed patch at line 8: @@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file fs/ext4/ext4.h
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ca2f08f822652bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler:
syzbot
Nov 22, 2024, 3:09:05 PM11/22/24
to bret...@gmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested-by: syzbot+fe2a25...@syzkaller.appspotmail.com
console output: https://syzkaller.appspot.com/x/log.txt?x=127f7ec0580000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+fe2a25...@syzkaller.appspotmail.com
Tested-by: syzbot+fe2a25...@syzkaller.appspotmail.com
kernel config: https://syzkaller.appspot.com/x/.config?x=461a3713d88227a7
dashboard link: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=12a586e8580000
Reply all
Reply to author
Forward
0 new messages