lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 12 Jun 2018 16:01:15 +0200
From:   Dmitry Vyukov <>
To:     "Theodore Y. Ts'o" <>,
        Tetsuo Handa <>,
        syzbot <>,
        syzkaller-bugs <>,
        syzkaller <>,
        Andreas Dilger <>,, LKML <>
Subject: Re: kernel panic: EXT4-fs (device loop0): panic forced after error

On Mon, May 14, 2018 at 11:12 AM, Dmitry Vyukov <> wrote:
> On Sun, May 6, 2018 at 10:30 PM, Theodore Y. Ts'o <> wrote:
>> On Sun, May 06, 2018 at 11:40:10PM +0900, Tetsuo Handa wrote:
>>> > We could add a full kernel-mode fsck which gets run before mount ---
>>> > the question is how much complexity we want to add.  If SELinux is
>>> > enabled, then we have to check xattr consinsistency, etc., etc.
>>> You are thinking too complicated. I'm not asking for kernel-mode fsck.
>> That is the logical outcome of what you are asking for.  There will
>> *always* be a point after which where we can't atomically unwind the
>> mount, and we have to proceed.  And after that point, when we detect
>> an inconsistency all we can do is what the system administrator
>> requested that we do.  Sure, for this particular case, we can
>> significantly add more complexity and decrease the maintainability of
>> the code paths involved.  But there will always be another case
>> (e.g,. xattr's being read by SELinux or IMA) that will happen during
>> the mount, and are we expected to catch all of those cases?
>> We do catch a lot of cases where we refuse the mount and complain that
>> the file system is badly corrupted.  This just doesn't happen to be
>> one of them.
>>> I'm just suggesting that mount() request returns an error to the caller
>>> (and the administrator invokes fsck etc. as needed).
>>> We are fixing bugs which occur during mount operation (e.g.
>> These are different because there are kernel OOPS or warning messages.
>> This is neither a kernel OOPS or a WARN_ON or BUG_ON.
>>> And extX filesystem is different from other filesystems that it invokes
>>> error action specified by errors= parameter rather than return an error to
>>> the caller.
>> Syzkaller (or anyone else) can mount the file system with
>> errors=continue or errors=remount-ro if it wants to override the
>> requested behavior of the flag in the superblock which is manipulated
>> by tune2fs.
> Filed to always pass
> errors=remount-ro when mounting ext4.

This was fixed in syzkaller. With this commit:
syzkaller should always pass errors=continue when mounting ext2/3/4.

#syz invalid

Powered by blists - more mailing lists