[v6.1] KASAN: slab-out-of-bounds Read in xfs_btree_lookup_get_block
1 view
Skip to first unread message
syzbot
May 21, 2023, 8:17:48 AM5/21/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=117fdef9280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
dashboard link: https://syzkaller.appspot.com/bug?extid=243d578c4c2ac24d98fb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f6256a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1049f96a280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/53e4da6b145c/disk-fa74641f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/adeb1a2cfa86/vmlinux-fa74641f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c976f1155d08/Image-fa74641f.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7216e639f73f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+243d57...@syzkaller.appspotmail.com
XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200.
XFS (loop0): Starting recovery (logdev: internal)
==================================================================
BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x180/0x66c fs/xfs/libxfs/xfs_btree.c:1813
Read of size 8 at addr ffff0000c3624128 by task syz-executor154/4217
CPU: 0 PID: 4217 Comm: syz-executor154 Not tainted 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351
xfs_btree_lookup_get_block+0x180/0x66c fs/xfs/libxfs/xfs_btree.c:1813
xfs_btree_lookup+0x388/0x117c fs/xfs/libxfs/xfs_btree.c:1913
xfs_btree_simple_query_range+0xd4/0x5c4 fs/xfs/libxfs/xfs_btree.c:4713
xfs_btree_query_range+0x2b4/0x348 fs/xfs/libxfs/xfs_btree.c:4953
xfs_refcount_recover_cow_leftovers+0x2c4/0xbdc fs/xfs/libxfs/xfs_refcount.c:1832
xfs_reflink_recover_cow+0x88/0x190 fs/xfs/xfs_reflink.c:930
xlog_recover_finish+0x708/0x7ec fs/xfs/xfs_log_recover.c:3493
xfs_log_mount_finish+0x1b8/0x3f4 fs/xfs/xfs_log.c:827
xfs_mountfs+0x103c/0x18fc fs/xfs/xfs_mount.c:919
xfs_fs_fill_super+0xd38/0xf50 fs/xfs/xfs_super.c:1666
get_tree_bdev+0x360/0x54c fs/super.c:1346
xfs_fs_get_tree+0x28/0x38 fs/xfs/xfs_super.c:1713
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
The buggy address belongs to the object at ffff0000c3624108
which belongs to the cache xfs_refcbt_cur of size 200
The buggy address is located 32 bytes inside of
200-byte region [ffff0000c3624108, ffff0000c36241d0)
The buggy address belongs to the physical page:
page:00000000bb3715e9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103624
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c4e94300
raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000c3624000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0000c3624080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
>ffff0000c3624100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000c3624180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000c3624200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x444/0x66c fs/xfs/libxfs/xfs_btree.c:1846, xfs_refcountbt block 0x18
XFS (loop0): Unmount and run xfs_repair
Unable to handle kernel paging request at virtual address e0c100530000024d
KASAN: maybe wild-memory-access in range [0x060c029800001268-0x060c02980000126f]
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[e0c100530000024d] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4217 Comm: syz-executor154 Tainted: G B 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfs_trans_brelse+0x34/0x4e0 fs/xfs/xfs_trans_buf.c:349
lr : xfs_trans_brelse+0x2c/0x4e0 fs/xfs/xfs_trans_buf.c:348
sp : ffff80001d7a7340
x29: ffff80001d7a7340 x28: 00000000ffffff8b x27: 1fffe000186c4800
x26: 0000000000000007 x25: 00000000000000c8 x24: 1fffe000186c4809
x23: dfff800000000000 x22: 060c029800001079 x21: 060c029800001269
x20: ffff0000d3c0a000 x19: 060c029800001079 x18: 1fffe000368b6376
x17: 0000000000000000 x16: ffff8000120eb394 x15: ffff800008ac7c64
x14: ffff800008ac4a08 x13: ffff800008061eec x12: 0000000000000001
x11: ff80800009c8eb44 x10: 0000000000000000 x9 : ffff800009c8eb44
x8 : 00c180530000024d x7 : ffff800008061eec x6 : ffff8000080620fc
x5 : ffff0000d9d0eab0 x4 : ffff80001d7a6a78 x3 : ffff800009aa3ccc
x2 : 0000000000000000 x1 : 060c029800001079 x0 : ffff0000d3c0a000
Call trace:
xfs_trans_brelse+0x34/0x4e0 fs/xfs/xfs_trans_buf.c:349
xfs_btree_del_cursor+0xb8/0x24c fs/xfs/libxfs/xfs_btree.c:440
xfs_refcount_recover_cow_leftovers+0x2d4/0xbdc fs/xfs/libxfs/xfs_refcount.c:1834
xfs_reflink_recover_cow+0x88/0x190 fs/xfs/xfs_reflink.c:930
xlog_recover_finish+0x708/0x7ec fs/xfs/xfs_log_recover.c:3493
xfs_log_mount_finish+0x1b8/0x3f4 fs/xfs/xfs_log.c:827
xfs_mountfs+0x103c/0x18fc fs/xfs/xfs_mount.c:919
xfs_fs_fill_super+0xd38/0xf50 fs/xfs/xfs_super.c:1666
get_tree_bdev+0x360/0x54c fs/super.c:1346
xfs_fs_get_tree+0x28/0x38 fs/xfs/xfs_super.c:1713
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: f2fbfff7 97a1b118 9107c275 d343fea8 (38776908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: f2fbfff7 movk x23, #0xdfff, lsl #48
4: 97a1b118 bl 0xfffffffffe86c464
8: 9107c275 add x21, x19, #0x1f0
c: d343fea8 lsr x8, x21, #3
* 10: 38776908 ldrb w8, [x8, x23] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=117fdef9280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
dashboard link: https://syzkaller.appspot.com/bug?extid=243d578c4c2ac24d98fb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f6256a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1049f96a280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/53e4da6b145c/disk-fa74641f.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/adeb1a2cfa86/vmlinux-fa74641f.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c976f1155d08/Image-fa74641f.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7216e639f73f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+243d57...@syzkaller.appspotmail.com
XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200.
XFS (loop0): Starting recovery (logdev: internal)
==================================================================
BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x180/0x66c fs/xfs/libxfs/xfs_btree.c:1813
Read of size 8 at addr ffff0000c3624128 by task syz-executor154/4217
CPU: 0 PID: 4217 Comm: syz-executor154 Not tainted 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load8_noabort+0x2c/0x38 mm/kasan/report_generic.c:351
xfs_btree_lookup_get_block+0x180/0x66c fs/xfs/libxfs/xfs_btree.c:1813
xfs_btree_lookup+0x388/0x117c fs/xfs/libxfs/xfs_btree.c:1913
xfs_btree_simple_query_range+0xd4/0x5c4 fs/xfs/libxfs/xfs_btree.c:4713
xfs_btree_query_range+0x2b4/0x348 fs/xfs/libxfs/xfs_btree.c:4953
xfs_refcount_recover_cow_leftovers+0x2c4/0xbdc fs/xfs/libxfs/xfs_refcount.c:1832
xfs_reflink_recover_cow+0x88/0x190 fs/xfs/xfs_reflink.c:930
xlog_recover_finish+0x708/0x7ec fs/xfs/xfs_log_recover.c:3493
xfs_log_mount_finish+0x1b8/0x3f4 fs/xfs/xfs_log.c:827
xfs_mountfs+0x103c/0x18fc fs/xfs/xfs_mount.c:919
xfs_fs_fill_super+0xd38/0xf50 fs/xfs/xfs_super.c:1666
get_tree_bdev+0x360/0x54c fs/super.c:1346
xfs_fs_get_tree+0x28/0x38 fs/xfs/xfs_super.c:1713
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
The buggy address belongs to the object at ffff0000c3624108
which belongs to the cache xfs_refcbt_cur of size 200
The buggy address is located 32 bytes inside of
200-byte region [ffff0000c3624108, ffff0000c36241d0)
The buggy address belongs to the physical page:
page:00000000bb3715e9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103624
flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000000200 0000000000000000 dead000000000122 ffff0000c4e94300
raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000c3624000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0000c3624080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
>ffff0000c3624100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000c3624180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000c3624200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x444/0x66c fs/xfs/libxfs/xfs_btree.c:1846, xfs_refcountbt block 0x18
XFS (loop0): Unmount and run xfs_repair
Unable to handle kernel paging request at virtual address e0c100530000024d
KASAN: maybe wild-memory-access in range [0x060c029800001268-0x060c02980000126f]
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[e0c100530000024d] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4217 Comm: syz-executor154 Tainted: G B 6.1.29-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : xfs_trans_brelse+0x34/0x4e0 fs/xfs/xfs_trans_buf.c:349
lr : xfs_trans_brelse+0x2c/0x4e0 fs/xfs/xfs_trans_buf.c:348
sp : ffff80001d7a7340
x29: ffff80001d7a7340 x28: 00000000ffffff8b x27: 1fffe000186c4800
x26: 0000000000000007 x25: 00000000000000c8 x24: 1fffe000186c4809
x23: dfff800000000000 x22: 060c029800001079 x21: 060c029800001269
x20: ffff0000d3c0a000 x19: 060c029800001079 x18: 1fffe000368b6376
x17: 0000000000000000 x16: ffff8000120eb394 x15: ffff800008ac7c64
x14: ffff800008ac4a08 x13: ffff800008061eec x12: 0000000000000001
x11: ff80800009c8eb44 x10: 0000000000000000 x9 : ffff800009c8eb44
x8 : 00c180530000024d x7 : ffff800008061eec x6 : ffff8000080620fc
x5 : ffff0000d9d0eab0 x4 : ffff80001d7a6a78 x3 : ffff800009aa3ccc
x2 : 0000000000000000 x1 : 060c029800001079 x0 : ffff0000d3c0a000
Call trace:
xfs_trans_brelse+0x34/0x4e0 fs/xfs/xfs_trans_buf.c:349
xfs_btree_del_cursor+0xb8/0x24c fs/xfs/libxfs/xfs_btree.c:440
xfs_refcount_recover_cow_leftovers+0x2d4/0xbdc fs/xfs/libxfs/xfs_refcount.c:1834
xfs_reflink_recover_cow+0x88/0x190 fs/xfs/xfs_reflink.c:930
xlog_recover_finish+0x708/0x7ec fs/xfs/xfs_log_recover.c:3493
xfs_log_mount_finish+0x1b8/0x3f4 fs/xfs/xfs_log.c:827
xfs_mountfs+0x103c/0x18fc fs/xfs/xfs_mount.c:919
xfs_fs_fill_super+0xd38/0xf50 fs/xfs/xfs_super.c:1666
get_tree_bdev+0x360/0x54c fs/super.c:1346
xfs_fs_get_tree+0x28/0x38 fs/xfs/xfs_super.c:1713
vfs_get_tree+0x90/0x274 fs/super.c:1553
do_new_mount+0x25c/0x8c8 fs/namespace.c:3040
path_mount+0x590/0xe58 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Code: f2fbfff7 97a1b118 9107c275 d343fea8 (38776908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: f2fbfff7 movk x23, #0xdfff, lsl #48
4: 97a1b118 bl 0xfffffffffe86c464
8: 9107c275 add x21, x19, #0x1f0
c: d343fea8 lsr x8, x21, #3
* 10: 38776908 ldrb w8, [x8, x23] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 21, 2023, 1:32:28 AM6/21/23
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit a2961463d74f5c86a8dda3b41c484c28ccc4c289
Author: Darrick J. Wong <djw...@kernel.org>
Date: Wed Apr 12 05:49:23 2023 +0000
xfs: verify buffer contents when we skip log replay
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10f91f40a80000
start commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
#syz fix: xfs: verify buffer contents when we skip log replay
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit a2961463d74f5c86a8dda3b41c484c28ccc4c289
Author: Darrick J. Wong <djw...@kernel.org>
Date: Wed Apr 12 05:49:23 2023 +0000
xfs: verify buffer contents when we skip log replay
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10f91f40a80000
start commit: fa74641fb6b9 Linux 6.1.29
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=7454aa89ac475d7b
dashboard link: https://syzkaller.appspot.com/bug?extid=243d578c4c2ac24d98fb
dashboard link: https://syzkaller.appspot.com/bug?extid=243d578c4c2ac24d98fb
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f6256a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1049f96a280000
If the result looks correct, please mark the issue as fixed by replying with:
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f6256a280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1049f96a280000
#syz fix: xfs: verify buffer contents when we skip log replay
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages