On Sun, Nov 24, 2024 at 07:47:01PM +0000, Al Viro wrote: > On Sun, Nov 24, 2024 at 11:41:01AM -0800, syzbot wrote: > > Hello, > > > > syzbot has tested the proposed patch but the reproducer is still triggering an issue: > > WARNING in minix_unlink > > Predictably, since the warning has nothing to do with marking an unchanged > buffer dirty... > > What happens there is that on a badly corrupt image we have an on-disk > inode with link count below the actual number of links. And after > unlinks remove enough of those to drive the link count to 0, inode > is freed. After that point, all remaining links are pointing to a freed > on-disk inode, which is discovered when they need to decrement of link > count that is already 0. Which does deserve a warning, probably without > a stack trace. > > There's nothing the kernel can do about that, short of scanning the entire > filesystem at mount time and verifying that link counts are accurate... Theoretically we could check if there's an associated dentry at the time of decrement-to-0 and refuse to do that decrement in such case, marking the in-core inode so that no extra dentries would be associated with it from that point on. Not sure if that'd make for a good mitigation strategy, though - and it wouldn't help in case of extra links we hadn't seen by that point; they would become dangling pointers and reuse of on-disk inode would still be possible...
