Re: [syzbot] [xfs?] KASAN: null-ptr-deref Write in xfs_filestream_select_ag
From: Jan Kara
Date: Wed Jan 24 2024 - 05:02:14 EST
On Wed 24-01-24 00:50:10, syzbot wrote:
> syzbot suspects this issue was fixed by commit:
>
> commit 6f861765464f43a71462d52026fbddfc858239a5
> Author: Jan Kara <jack@xxxxxxx>
> Date: Wed Nov 1 17:43:10 2023 +0000
>
> fs: Block writes to mounted block devices
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119af36be80000
> start commit: 17214b70a159 Merge tag 'fsverity-for-linus' of git://git.k..
> git tree: upstream
> kernel config: https://syzkaller.appspot.com/x/.config?x=d40f6d44826f6cf7
> dashboard link: https://syzkaller.appspot.com/bug?extid=87466712bb342796810a
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1492946ac80000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12e45ad6c80000
So this surprises me a bit because XFS isn't using block device buffer
cache and thus syzbot has no way of corrupting cached metadata even before
these changes. The reproducer tries to mount the loop device again after
mounting the XFS image so I can imagine something bad happens but it isn't
all that clear what. So I'll defer to XFS maintainers whether they want to
mark this bug as fixed or investigate further.
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR