Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp1014429rdb; Wed, 24 Jan 2024 02:03:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IHVdkIz9EYkpbeC4jAhaYDh0HQBI3lqSPonfnrU4l8tA6Ep4SqQZXUbOl+r4Hz2KDNDpFNh X-Received: by 2002:a17:90a:31c7:b0:28e:7e9d:1f04 with SMTP id j7-20020a17090a31c700b0028e7e9d1f04mr3450500pjf.84.1706090611853; Wed, 24 Jan 2024 02:03:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706090611; cv=pass; d=google.com; s=arc-20160816; b=BfPjo7mM3QCEYOjpZ2toYq+UVDuRjAgwC4vuF3VTI0X3fZVXef4iU69t/lJ+frzEym m6SoHpi2WyHsXy3ftuhh/8J5BbpDr1es4ZqOjtfNDderUScC4FwxyPCydPLedSxjtg3W 6SXzyBNiaxcaJsM8QOthX0K03TuCYYpfhwA6AL+6obqMcui3DY8ITYoBvaCKZIVntLnh yB2IjV+pKlJNWb2DV5uqfv6kE5RSycrUFRYdEdp8GErysjkAyMo3rsWWwU/R6iaX8m0I PU/41GSlaIkMCytHyZ4ylJOkBWRfMOuvUPWS4rjkPhcOCBJr7rWQi7o6LqdWdNb/Pd98 Fbwg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature:dkim-signature :dkim-signature; bh=5GbOmVt6oFKgK+k7wbfOq9ydRZzfYO9V5/Y2eqOkhTw=; fh=1SpKBh5yIOm80W+FaD9hsPmRrxaOd0g1aFbQHxOOc0E=; b=h1Q+51BOqrpJ5D5sNamOh58+/BEBwEL1Elyqqc/rM6R/IjopnNq1gslDWVipTLG9Ps l/K0kNg2MYETJORh5Uai3t2gP+sXo4VEi658e5EimVZMbW8s4Ey86yfO7KOqehwWhq1Y NWXHQzSsmPYXnUl3odMxocovlsh62iYuLJqQaiMb0FfK7B1rNmKw8/mvvOmc5Mg/gBWE 2h06q68H5fHH/wJa7Ezpb+X9abl5qdc4VkrO8W/XRJupBg1N9dROcd8UxK43Chi/gZnZ gT0zJ7BGz45Qz89s76WFU7ofw6nNcZJ28fj3z8L3IA8MSkWqz6zyKhfdZisIM+SVOlb5 gdDQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=aiLQxVbu; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YSCKWoDg; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.cz dkim=pass dkdomain=suse.cz dkim=pass dkdomain=suse.cz); spf=pass (google.com: domain of linux-kernel+bounces-36767-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36767-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id b23-20020a17090a10d700b0028ffc454251si11332257pje.177.2024.01.24.02.03.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 02:03:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-36767-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=aiLQxVbu; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b=YSCKWoDg; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519; arc=pass (i=1 spf=pass spfdomain=suse.cz dkim=pass dkdomain=suse.cz dkim=pass dkdomain=suse.cz); spf=pass (google.com: domain of linux-kernel+bounces-36767-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-36767-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 46E9E285AFE for ; Wed, 24 Jan 2024 10:02:17 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 07A2518EB2; Wed, 24 Jan 2024 10:01:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="aiLQxVbu"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="O8A5wySg"; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b="YSCKWoDg"; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b="k0PF6S6B" Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40F6B18E0C; Wed, 24 Jan 2024 10:01:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706090487; cv=none; b=EhhgTqqw5dE8EaXaWftf8KqVm3UVVYdhah2yk2FXCT1DnmYFbOREDBvCqZWcrh65S+iX7S++AXzEaOofLEyBE+qsSV7zsoiaOKOSJznoYZdRZnkywRLlaUt/Ak60WbSuTdAY8qtUGaBemlMYpP8qKGO6B0sUyK+nhJnwIiQTeB4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706090487; c=relaxed/simple; bh=6RdrlxDSG8hsAc72E55qkn9THWxTOLO7Jy0CRSHrLnE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=nz6RASxmTjHR8TWbRol9C+jZO6/1bgusaF1UaGwtVUkQq7m8o+GhAzE3rxqew+ODcH0qNoXC1NMXd04+LDA82Z7NGm2nwGmf63lcDEptI5cqdlN/4Hbvua7DXb4+zRChs14oOC9u51aWE4Mlh/DjQY8ZW4JxR0IrovF5fMOnRNI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz; spf=pass smtp.mailfrom=suse.cz; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=aiLQxVbu; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=O8A5wySg; dkim=pass (1024-bit key) header.d=suse.cz header.i=@suse.cz header.b=YSCKWoDg; dkim=permerror (0-bit key) header.d=suse.cz header.i=@suse.cz header.b=k0PF6S6B; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=suse.cz Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.cz Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 4AAA321FE0; Wed, 24 Jan 2024 10:01:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1706090482; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5GbOmVt6oFKgK+k7wbfOq9ydRZzfYO9V5/Y2eqOkhTw=; b=aiLQxVbuM4h8WeFZzWlEy6ymisyOydc25AD9QvcYPr6+al3UNEEJTAcFCh0tfrhVKuYFu6 9d0nmBE0mSvPqS3ER2KSYyptEH0qCQNulIbP8GBTDufT+sLCMxN+jyKkBeXEQuphJc+CJg VDy/QVsl+CgKbiVjX9jlVpmUuv1x7rM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1706090482; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5GbOmVt6oFKgK+k7wbfOq9ydRZzfYO9V5/Y2eqOkhTw=; b=O8A5wySg8/1PFTSGWC0kFH8FK1sOeMd6t15ot7TyqRmlKbKqL7/CnGX5ImKTwCyDw+oS6M xNTPwuU5nOLZ9aDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1706090481; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5GbOmVt6oFKgK+k7wbfOq9ydRZzfYO9V5/Y2eqOkhTw=; b=YSCKWoDgns404OGWP7Dr8/4KblkejC/L5rV6mNaptJ3f6nzuL8Erm0fZ9XTtxluG6UnrJZ Bgr5bZyz5n8yDHJinxhKqSSLU6iNfYgQ1wDSbU+mu9bsmk7unSCdL9+ORaZF3cfA5H9QzW yzWGKHHM8WbKABcF17q3qq8FuTgoHL8= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1706090481; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5GbOmVt6oFKgK+k7wbfOq9ydRZzfYO9V5/Y2eqOkhTw=; b=k0PF6S6B91e8zCjslnl5MkSwU/Fb5Ax1xfl+/aMmL2DE6yOKFT3a49dpCWyDICamg9m6Py /PopjBYF6gklrbCQ== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3D5781333E; Wed, 24 Jan 2024 10:01:21 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id zvn2DvHfsGVlAgAAD6G6ig (envelope-from ); Wed, 24 Jan 2024 10:01:21 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id C3042A0808; Wed, 24 Jan 2024 11:01:20 +0100 (CET) Date: Wed, 24 Jan 2024 11:01:20 +0100 From: Jan Kara To: syzbot Cc: axboe@kernel.dk, brauner@kernel.org, chandan.babu@oracle.com, dchinner@redhat.com, djwong@kernel.org, jack@suse.cz, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [xfs?] KASAN: null-ptr-deref Write in xfs_filestream_select_ag Message-ID: <20240124100120.x3mwjbj7epfw3ffo@quack3> References: <000000000000d207ef05f7790759@google.com> <00000000000084a9da060fad26bf@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00000000000084a9da060fad26bf@google.com> X-Spam-Level: * X-Spamd-Bar: + Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=YSCKWoDg; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=k0PF6S6B X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Spamd-Result: default: False [1.49 / 50.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; SPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[]; DKIM_TRACE(0.00)[suse.cz:+]; RCPT_COUNT_SEVEN(0.00)[11]; NEURAL_HAM_SHORT(-0.20)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; BAYES_HAM(-0.00)[20.22%]; SUBJECT_HAS_QUESTION(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; URI_HIDDEN_PATH(1.00)[https://syzkaller.appspot.com/x/.config?x=d40f6d44826f6cf7]; TAGGED_RCPT(0.00)[87466712bb342796810a]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; DKIM_SIGNED(0.00)[suse.cz:s=susede2_rsa,suse.cz:s=susede2_ed25519]; DBL_BLOCKED_OPENRESOLVER(0.00)[syzkaller.appspot.com:url,suse.cz:dkim,suse.cz:email,suse.com:email]; FUZZY_BLOCKED(0.00)[rspamd.com]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-Spam-Score: 1.49 X-Rspamd-Queue-Id: 4AAA321FE0 X-Spam-Flag: NO On Wed 24-01-24 00:50:10, syzbot wrote: > syzbot suspects this issue was fixed by commit: > > commit 6f861765464f43a71462d52026fbddfc858239a5 > Author: Jan Kara > Date: Wed Nov 1 17:43:10 2023 +0000 > > fs: Block writes to mounted block devices > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=119af36be80000 > start commit: 17214b70a159 Merge tag 'fsverity-for-linus' of git://git.k.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=d40f6d44826f6cf7 > dashboard link: https://syzkaller.appspot.com/bug?extid=87466712bb342796810a > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1492946ac80000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12e45ad6c80000 So this surprises me a bit because XFS isn't using block device buffer cache and thus syzbot has no way of corrupting cached metadata even before these changes. The reproducer tries to mount the loop device again after mounting the XFS image so I can imagine something bad happens but it isn't all that clear what. So I'll defer to XFS maintainers whether they want to mark this bug as fixed or investigate further. Honza -- Jan Kara SUSE Labs, CR