lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 28 Dec 2022 18:15:09 -0500
From:   "Theodore Ts'o" <>
To:     syzbot <>
Subject: Re: [syzbot] [ext4?] kernel panic: EXT4-fs (device loop0): panic
 forced after error (2)

On Wed, Dec 28, 2022 at 12:16:41PM -0800, syzbot wrote:
> Hello,
> syzbot found the following issue on:
> HEAD commit:    72a85e2b0a1e Merge tag 'spi-fix-v6.2-rc1' of git://git.ker..
> git tree:       upstream
> console+strace:
> kernel config:
> dashboard link:
> compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:
> C reproducer:
> Downloadable assets:
> disk image:
> vmlinux:
> kernel image:
> mounted in repro:
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by:
> loop0: detected capacity change from 0 to 512
> EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 2: comm syz-executor170: lblock 0 mapped to illegal pblock 2 (length 1)
> Kernel panic - not syncing: EXT4-fs (device loop0): panic forced after error

So this is a totally bogus Syzbot report.  If you use the mount option
"errors=panic", and you feed ext4 a corrupted file system, then it
*will* issue an "Ext4-fs error" message, and if you tell it to panic,
it will panic.

So *please* let's not have some crazy Red Hat principal engineer try
to file this as a high severity CVE....

This is Working As Intended.  And it is Not A Bug.

     		   	      	     	- Ted

Powered by blists - more mailing lists