| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-200069-13602-TSO1ghqEWh@https.bugzilla.kernel.org/> Date: Thu, 14 Jun 2018 03:12:06 +0000 From: bugzilla-daemon@...zilla.kernel.org To: linux-ext4@...nel.org Subject: [Bug 200069] BUG() triggered in start_this_handle() (jbd2/transaction.c) when operating and umounting a crafted ext4 image https://bugzilla.kernel.org/show_bug.cgi?id=200069 --- Comment #2 from Wen Xu (wen.xu@...ech.edu) --- I paste log on 4.16 above, here is the log from latest 4.17 [ 200.967406] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 201.036729] EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null) [ 206.253988] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 46: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=90, rec_len=0, name_len=0 [ 206.289919] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 47: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=90, rec_len=0, name_len=0 [ 206.318461] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 48: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=0, rec_len=0, name_len=0 [ 206.350065] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 50: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=0, rec_len=0, name_len=0 [ 206.380015] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 57: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=0, rec_len=3, name_len=0 [ 206.403864] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 58: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=2553887680, rec_len=0, name_len=0 [ 206.433522] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 59: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=2553887680, rec_len=0, name_len=0 [ 206.465441] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 60: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=524287, rec_len=0, name_len=0 [ 206.495732] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 61: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=10, rec_len=11, name_len=0 [ 206.525387] EXT4-fs error (device loop0): ext4_readdir:239: inode #2: block 62: comm a.out: path /home/test/mnt: bad entry in directory: rec_len is smaller than minimal - offset=0(0), inode=0, rec_len=0, name_len=0 [ 210.529765] ------------[ cut here ]------------ [ 210.529770] kernel BUG at fs/jbd2/transaction.c:319! [ 210.531101] invalid opcode: 0000 [#1] SMP PTI [ 210.531963] CPU: 0 PID: 1355 Comm: umount Not tainted 4.17.0+ #1 [ 210.533155] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 210.534996] RIP: 0010:start_this_handle+0x1ef/0x400 [ 210.535952] Code: 4c 89 e7 e8 43 8c 78 00 48 83 7b 50 00 0f 84 f0 00 00 00 c6 43 24 00 4c 89 e7 e8 7c 8c 78 00 48 8b 03 a8 01 0f 84 c7 fe ff ff <0f> 0b b8 00 fe ff ff f0 41 0f c1 04 24 e8 5f 3b 78 00 8b 4b 2c 85 [ 210.539619] RSP: 0018:ffffae23c1253bd8 EFLAGS: 00010202 [ 210.540650] RAX: 0000000000000039 RBX: ffff982eb4924000 RCX: 0000000000000000 [ 210.542031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff982eb4924024 [ 210.543415] RBP: ffffae23c1253c58 R08: ffff982ebfc28d40 R09: ffff982eaeeee800 [ 210.544810] R10: fffffffffffffff4 R11: 0000000000000300 R12: ffff982eb4924024 [ 210.546194] R13: ffff982eaeeed060 R14: 0000000000000100 R15: 0000000000000000 [ 210.547578] FS: 00007feed2341840(0000) GS:ffff982ebfc00000(0000) knlGS:0000000000000000 [ 210.549267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.550391] CR2: 00000000011c6368 CR3: 000000022e286000 CR4: 00000000000006f0 [ 210.551782] Call Trace: [ 210.552284] ? schedule+0x36/0x80 [ 210.552955] ? _cond_resched+0x1a/0x50 [ 210.553694] ? kmem_cache_alloc+0x16b/0x1e0 [ 210.554518] jbd2__journal_start+0xdb/0x1f0 [ 210.555342] ? ext4_evict_inode+0x213/0x5d0 [ 210.556165] __ext4_journal_start_sb+0x6d/0x120 [ 210.557067] ext4_evict_inode+0x213/0x5d0 [ 210.557862] evict+0xca/0x1a0 [ 210.558458] iput+0x1ba/0x210 [ 210.559053] jbd2_journal_destroy+0x1c4/0x280 [ 210.559915] ? put_pwq+0x35/0x40 [ 210.560570] ? put_pwq_unlocked+0x22/0x40 [ 210.561365] ext4_put_super+0x6b/0x3d0 [ 210.562110] generic_shutdown_super+0x72/0x120 [ 210.562986] kill_block_super+0x27/0x50 [ 210.563747] deactivate_locked_super+0x48/0x80 [ 210.564633] deactivate_super+0x5a/0x60 [ 210.565395] cleanup_mnt+0x3f/0x80 [ 210.566073] __cleanup_mnt+0x12/0x20 [ 210.566786] task_work_run+0x8a/0xb0 [ 210.567500] exit_to_usermode_loop+0xf0/0x100 [ 210.568362] do_syscall_64+0xda/0x110 [ 210.569103] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 210.570091] RIP: 0033:0x7feed1c21487 [ 210.570795] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 c9 2b 00 f7 d8 64 89 01 48 [ 210.574459] RSP: 002b:00007fff1807bab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 210.575925] RAX: 0000000000000000 RBX: 00000000011bd030 RCX: 00007feed1c21487 [ 210.577323] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 00000000011c41e0 [ 210.578712] RBP: 00000000011c41e0 R08: 0000000000000000 R09: 0000000000000014 [ 210.580101] R10: 00000000000006b2 R11: 0000000000000246 R12: 00007feed212a83c [ 210.581497] R13: 0000000000000000 R14: 00000000011bd210 R15: 00007fff1807bd40 [ 210.582884] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd soundcore i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul qxl 8139too drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops aesni_intel ttm drm aes_x86_64 crypto_simd cryptd glue_helper floppy pata_acpi 8139cp mii [ 210.592154] ---[ end trace c0f20d44c9d2c2d4 ]--- [ 210.593086] RIP: 0010:start_this_handle+0x1ef/0x400 [ 210.594069] Code: 4c 89 e7 e8 43 8c 78 00 48 83 7b 50 00 0f 84 f0 00 00 00 c6 43 24 00 4c 89 e7 e8 7c 8c 78 00 48 8b 03 a8 01 0f 84 c7 fe ff ff <0f> 0b b8 00 fe ff ff f0 41 0f c1 04 24 e8 5f 3b 78 00 8b 4b 2c 85 [ 210.597759] RSP: 0018:ffffae23c1253bd8 EFLAGS: 00010202 [ 210.598782] RAX: 0000000000000039 RBX: ffff982eb4924000 RCX: 0000000000000000 [ 210.600159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff982eb4924024 [ 210.601553] RBP: ffffae23c1253c58 R08: ffff982ebfc28d40 R09: ffff982eaeeee800 [ 210.602957] R10: fffffffffffffff4 R11: 0000000000000300 R12: ffff982eb4924024 [ 210.604346] R13: ffff982eaeeed060 R14: 0000000000000100 R15: 0000000000000000 [ 210.605766] FS: 00007feed2341840(0000) GS:ffff982ebfc00000(0000) knlGS:0000000000000000 [ 210.607338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.608451] CR2: 00000000011c6368 CR3: 000000022e286000 CR4: 00000000000006f0 -- You are receiving this mail because: You are watching the assignee of the bug.
Powered by blists - more mailing lists