|
From: Dave K. <dav...@or...> - 2025-12-01 22:36:45
|
On 12/1/25 7:20AM, Jori Koolstra wrote: > Below syzbot bug has not been fixed yet. If anyone has time I would > greatly appreciate a review of my patch, so it can be moved along. > It has been sitting for quite a few weeks. I've been busy with some other work as well as being out on vacation lately. I have several patches to review, but have not forgotten this. I'll try to get to it later this week. Thanks, Shaggy > > Thanks, > Jori. > >> Op 29-10-2025 00:23 CET schreef Jori Koolstra <jko...@xs...>: >> >> >> Syzbot reported a general protection fault in inode_set_ctime_current. >> This resulted from the following circumstances: when creating a new file >> via dtInsert, BT_GETSEARCH may yield a pointer to a dtroot which is >> embedded directly in the jfs_inode_info. When finally dtInsertEntry is >> called, if the freelist field or any next field of a slot of the dtpage >> is corrupted, this may result in memory corruption of the parent >> directory inode. >> >> In this case the i_sb field was corrupted, which raised the gpf when >> in inode_set_ctime_current i_sb was dereferenced to access s_time_gran. >> >> I tested the patch using the syzbot reproducer and doing some basic >> filesystem operations on a fresh jfs fs, such as "cp -r /usr/include/ >> /mnt/jfs/" and "rm -r /mnt/jfs/include/n*" >> >> Signed-off-by: Jori Koolstra <jko...@xs...> >> Reported-by: syz...@sy... >> Closes: https://syzbot.org/bug?extid=cd7590567cc388f064f3 |
