Commit 4ac577a
ocfs2: check tl_used after reading it from trancate log inode
The fuzz image has a truncate log inode whose tl_used is bigger than
tl_count so it triggers the BUG in ocfs2_truncate_log_needs_flush() [1].
As what the check in ocfs2_truncate_log_needs_flush() does, just do same
check into ocfs2_get_truncate_log_info() when truncate log inode is
reading in so we can bail out earlier.
[1]
(syz.0.17,5491,0):ocfs2_truncate_log_needs_flush:5830 ERROR: bug expression: le16_to_cpu(tl->tl_used) > le16_to_cpu(tl->tl_count)
kernel BUG at fs/ocfs2/alloc.c:5830!
RIP: 0010:ocfs2_truncate_log_needs_flush fs/ocfs2/alloc.c:5827 [inline]
Call Trace:
ocfs2_commit_truncate+0xb64/0x21d0 fs/ocfs2/alloc.c:7372
ocfs2_truncate_file+0xca2/0x1420 fs/ocfs2/file.c:509
ocfs2_setattr+0x1520/0x1b40 fs/ocfs2/file.c:1212
notify_change+0xc1a/0xf40 fs/attr.c:546
do_truncate+0x1a4/0x220 fs/open.c:68
Link: https://lkml.kernel.org/r/tencent_B24B1C1BE225DCBA44BB6933AB9E1B1B0708@qq.com
Reported-by: syzbot+f82afc4d4e74d0ef7a89@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f82afc4d4e74d0ef7a89
Tested-by: syzbot+f82afc4d4e74d0ef7a89@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>1 parent b2135d1 commit 4ac577a
1 file changed
Lines changed: 4 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
6164 | 6164 | | |
6165 | 6165 | | |
6166 | 6166 | | |
6167 | | - | |
| 6167 | + | |
6168 | 6168 | | |
6169 | 6169 | | |
6170 | 6170 | | |
| |||
6185 | 6185 | | |
6186 | 6186 | | |
6187 | 6187 | | |
| 6188 | + | |
6188 | 6189 | | |
6189 | | - | |
| 6190 | + | |
| 6191 | + | |
6190 | 6192 | | |
6191 | 6193 | | |
6192 | 6194 | | |
| |||
0 commit comments