Re: [syzbot] [netfs?] kernel BUG in folio_unlock (3)

From: David Howells
Date: Wed Feb 26 2025 - 03:42:24 EST

Next message: Mika Westerberg: "Re: diagnosing resume failures after disconnected USB4 drives (Was: Re: PCI/ASPM: Fix L1SS saving (linus/master commit 7507eb3e7bfac))"
Previous message: Kevin Brodsky: "Re: [PATCH v2 3/6] mm: pgtable: convert some architectures to use tlb_remove_ptdesc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

syzbot <syzbot+c0dc46208750f063d0e0@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141b4ba4580000

I'm not sure how this would even work.

memcpy((void*)0x4000000001c0, "syz\000", 4);
memcpy((void*)0x400000000480, "./file0\000", 8);
memcpy((void*)0x4000000004c0, "9p\000", 3);
memcpy((void*)0x400000000c00,
"\x56\xc7\x8e\x3c\x73\x3d\x76\x69\x72\x74\x69\x6f\x2c\x6e\x6f\x65\x78"
"\x74\x65\x6e\x64\x2c\x61\x63\x63\x81\x73\x73\x3d\x61\x6e\x79\x2c\x63"
"\x61\x63\x68\x65\x3d\x66\x73\x63\x61\x63\x68\x65\x2c\x76\x65\x72\x73"
"\x69\x6f\x6e\x3d\x39\x70\x32\x30\x30\x30\x2e\x75",
63);
syscall(__NR_mount, /*src=*/0x4000000001c0ul, /*dst=*/0x400000000480ul,
/*type=*/0x4000000004c0ul, /*flags=*/0ul, /*opts=*/0x400000000c00ul);

The options string is rubbish:

[pid 8084] mount("syz", "./file0", "9p", 0, "V\307\216<s=virtio,noextend,acc\201ss=any,cache=fscache,version=9p2000.u") = -1 EINVAL (Invalid argument)

David

Next message: Mika Westerberg: "Re: diagnosing resume failures after disconnected USB4 drives (Was: Re: PCI/ASPM: Fix L1SS saving (linus/master commit 7507eb3e7bfac))"
Previous message: Kevin Brodsky: "Re: [PATCH v2 3/6] mm: pgtable: convert some architectures to use tlb_remove_ptdesc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]