On Sat, Jul 29, 2023 at 11:45 PM syzbot <syzbot+9992306148b06272f3bb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > syzbot suspects this issue was fixed by commit: > > commit aa3dbde878961dd333cdd3c326b93e6c84a23ed4 > Author: David Howells <dhowells@xxxxxxxxxx> > Date: Mon May 22 13:49:54 2023 +0000 > > splice: Make splice from an O_DIRECT fd use copy_splice_read() > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14dc6319a80000 > start commit: 40f71e7cd3c6 Merge tag 'net-6.4-rc7' of git://git.kernel.o.. > git tree: upstream > kernel config: https://syzkaller.appspot.com/x/.config?x=7ff8f87c7ab0e04e > dashboard link: https://syzkaller.appspot.com/bug?extid=9992306148b06272f3bb > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c65e87280000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1094a78b280000 > > If the result looks correct, please mark the issue as fixed by replying with: > > #syz fix: splice: Make splice from an O_DIRECT fd use copy_splice_read() Hmm, no. It looks like this change indeed stopped that particular reproducer from triggering the bug (the commit changed the kernel code that is executed by sendfile(r0, r0, 0x0, 0x8800d00)), but the bug itself is still present. Today syzbot has found a new reproducer, see https://syzkaller.appspot.com/bug?extid=9992306148b06272f3bb > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection >
