Bug 219356
| Summary: | 6.11.{0,1,2} btrfs send broken - strcpy: detected buffer overflow: 5 byte write of buffer size 4 | ||
|---|---|---|---|
| Product: | File System | Reporter: | Fabio Scaccabarozzi (fsvm88) |
| Component: | btrfs | Assignee: | BTRFS virtual assignee (fs_btrfs) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | dsterba, fdmanana |
| Priority: | P3 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | Subsystem: | ||
| Regression: | No | Bisected commit-id: | |
| Attachments: | 6.11 dmesg panics + 6.11 config | ||
Forgot to add: the kernel has Gentoo patches applied, of which perhaps the only relevant one is compiling with -march=native. Still, it happens on 1x Intel and 1x AMD CPU just the same. This is already fixed in the 6.11.3 kernel released just today: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.11.3&id=843738ede6cb8b959fb22591fcbabe8b456d7216 From your logs, you are using 6.11.2. Well, yes, I opened the bug 4 days ago when 6.11.3 was not released yet :) I noticed this bug went unreported and unfixed for two patch releases, so I thought to raise it (unfortunately the mailing lists are not that searchable from a search engine, esp. the more recent content). Also considering that this bug broke send, which is normally used for backups, was a little worrying. Thank you for the fix! You can close the bug from my point of view :) The lore archives are searchable, it finds the reports and patches using the phrase from the report: https://lore.kernel.org/linux-btrfs/?q=b%3A%22detected+buffer+overflow%22 (b:"to be found in the mail body") Anyway, it's sorted out, thanks for the report and for the quick fix. Closing. |
Created attachment 306979 [details] 6.11 dmesg panics + 6.11 config Gentoo system, building kernel with Clang 18 + LLD 18 ThinLTO. After attempting to upgrade to 6.11.0, btrfs send breaks and panics the kernel. Any 6.11 version if broken. All 6.10 released so far (including 6.10.13) do not have this issue. Attached kernel panics captured via pstore and 6.11 config used for compiling the kernel. This is 100% reproducible: as soon as I start a btrfs send, I get the same error every time. I can reproduce on 2 different machines with 2 different CPUs (both x86_64). It does not matter the state of snapshots: I can remove all snapshots, create one, send, and get the panic. I have existing snapshots and create new ones, and it breaks as well.