Re: [syzbot] [nilfs?] general protection fault in touch_buffer
From: Ryusuke Konishi
Date: Fri Nov 01 2024 - 20:12:58 EST
The cause of this problem seems to be that bh->b_bdev is not set when
touch_buffer() is called (it is set later by the calling functions).
This causes a general protection fault when the trace point
trace_block_touch_buffer() in touch_buffer() references
bh->b_bdev->bd_dev.
touch_buffer() mark the folio owned by the buffer as accessed by
calling folio_mark_accessed(), but nilfs_grab_buffer(), the only
caller of __nilfs_get_folio_block(), acquires the folio through
filemap_grab_folio(), which sets the folio as accessed by specifying
the FGP_ACCESSED flag, so there is not need to call touch_buffer() in
the first place.
Once I have confirmed that there is not problem, including the past
history, I will turn this into a formal bug fix patch.
Ryusuke Konishi
#syz test
diff --git a/fs/nilfs2/page.c b/fs/nilfs2/page.c
index 10def4b55995..296dbf9cca22 100644
--- a/fs/nilfs2/page.c
+++ b/fs/nilfs2/page.c
@@ -39,7 +39,6 @@ static struct buffer_head *__nilfs_get_folio_block(struct folio *folio,
first_block = (unsigned long)index << (PAGE_SHIFT - blkbits);
bh = get_nth_bh(bh, block - first_block);
- touch_buffer(bh);
wait_on_buffer(bh);
return bh;
}
--
2.43.0