[PATCH] xfs: reject CRC validation when the log header cannot be retrieved

Next message: Martin K. Petersen: "Re: [PATCH v10 01/13] scsi: aacraid: use block layer helpers to calculate num of queues"
Previous message: Ming Lei: "Re: [PATCH v9 10/13] blk-mq: use hk cpus only when isolcpus=io_queue is enabled"
In reply to: syzbot: "[syzbot] [xfs?] KMSAN: uninit-value in xlog_verify_head"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edward Adam Davis

Date: Thu Apr 02 2026 - 21:44:29 EST

When the traditional algorithm fails to locate the log header, it triggers
the uninitialized-value issue regarding tmp_rhead_blk reported in [1],
continuing with the subsequent CRC verification traversal in such a
scenario is futile.

A check has been added to detect the absence of the log header and prevent
the execution of the subsequent CRC verification traversal.

[1]
BUG: KMSAN: uninit-value in xlog_verify_head+0x6c3/0x910 fs/xfs/xfs_log_recover.c:1058
xlog_verify_head+0x6c3/0x910 fs/xfs/xfs_log_recover.c:1058
xlog_find_tail+0xc2e/0x1a50 fs/xfs/xfs_log_recover.c:1315
xlog_recover+0x6d/0x800 fs/xfs/xfs_log_recover.c:3426
xfs_log_mount+0x4da/0x880 fs/xfs/xfs_log.c:617

Local variable tmp_rhead_blk created at:
xlog_verify_head+0x81/0x910 fs/xfs/xfs_log_recover.c:1032

Reported-by: syzbot+b7dfbed0c6c2b5e9fd34@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=b7dfbed0c6c2b5e9fd34
Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
---
fs/xfs/xfs_log_recover.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c
index 09e6678ca487..0d1b4bddd193 100644
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -1050,6 +1050,9 @@ xlog_verify_head(
if (error < 0)
return error;

+ if (!error)
+ return -EIO;
+
/*
* Now run a CRC verification pass over the records starting at the
* block found above to the current head. If a CRC failure occurs, the
--
2.43.0