lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Apr 2018 00:45:25 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     syzbot <syzbot+06c885be0edcdaeab40c@...kaller.appspotmail.com>
Cc:     adilger.kernel@...ger.ca, linux-ext4@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: kernel BUG at fs/ext4/extents.c:LINE!

Here's a simplified reproducer.  Run this script with the current
directory in an ext4 directory.  Then unmount the file sytsem, and run
fsck on it.  The file system corruption is.... impressive.

I'm pretty sure the problem is being caused by bad/missing
error/sanity checking in handling of FALLOC_FL_INSERT_RANGE.

						- Ted
						
---------------- repro.c
#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>

int main()
{
  int fd = 0;

  fd = open("bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME, 0x644);
  fallocate(fd, 0, 0, 4);
  fallocate(fd, FALLOC_FL_KEEP_SIZE, 0x200002, 0x10000101);
  fallocate(fd, FALLOC_FL_INSERT_RANGE, 0, 0xfffffeff000);
  close(fd);
  return 0;
}
----------------- fsck output

e2fsck 1.44.0 (7-Mar-2018)
Pass 1: Checking inodes, blocks, and sizes
Inode 12 has out of order extents
	(invalid logical block 255, physical block 33921, len 30208)
Clear? yes

Failed to iterate extents in inode 12
	(op ext2fs_extent_fix_parents, blk 33921, lblk 255): Extent not found
Clear inode? yes

Inode 12, i_size is 17592184991748, should be 17592184995840.  Fix? yes

Restarting e2fsck from the beginning...
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry 'bus' in / (2) has deleted/unused inode 12.  Clear? yes

Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Block bitmap differences:  -33409 -(33920--64128) -(65536--98303) -(100352--102912)
Fix? yes

Free blocks count wrong for group #1 (1917, counted=32127).
Fix? yes

Free blocks count wrong for group #2 (0, counted=32768).
Fix? yes

Free blocks count wrong for group #3 (29566, counted=32127).
Fix? yes

Free blocks count wrong (1203103, counted=1268642).
Fix? yes

Inode bitmap differences:  -12
Fix? yes

Free inodes count wrong for group #0 (8180, counted=8181).
Fix? yes

Free inodes count wrong (327668, counted=327669).
Fix? yes


/dev/vdc: ***** FILE SYSTEM WAS MODIFIED *****
/dev/vdc: 11/327680 files (0.0% non-contiguous), 42078/1310720 blocks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ