| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAE5jQCdGVxnmDYhdEfLpMfeZRNQk19TAX=u9MFmobZ1RFx3z4A@mail.gmail.com> Date: Fri, 1 Jun 2018 12:45:14 +0300 From: Anatoly Trosinenko <anatoly.trosinenko@...il.com> To: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp> Cc: linux-kernel@...r.kernel.org Subject: PROBLEM: [kernel BUG at fs/fat/inode.c:162] when writing to a broken VFAT Description: Writing to some file on a broken VFAT partition causes kernel bug Kernel version: v4.17-rc7 How to reproduce: 1. Compile kernel v4.17-rc7 with config attached 2. Unpack the vfat.img and mount it as vfat (suppose /mnt is the mount point) 3. Run `echo > /mnt/xyz` What happens: [ 1.538155] ------------[ cut here ]------------ [ 1.538274] kernel BUG at fs/fat/inode.c:162! [ 1.538693] invalid opcode: 0000 [#1] SMP NOPTI [ 1.538796] Modules linked in: [ 1.538996] CPU: 0 PID: 991 Comm: sh Not tainted 4.17.0-rc7 #2 [ 1.539094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 1.539266] RIP: 0010:fat_get_block+0x200/0x230 [ 1.539334] RSP: 0018:ffff906900a2fb78 EFLAGS: 00000246 [ 1.539419] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff906900a2fb88 [ 1.539509] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 1.539600] RBP: ffff8a379db508f8 R08: ffff906900a2fb90 R09: 0000000000000200 [ 1.539690] R10: 0000000000000000 R11: ffff8a379db10958 R12: ffff8a379db10958 [ 1.539781] R13: ffff8a379d590000 R14: 0000000000000001 R15: 0000000000000000 [ 1.539904] FS: 0000000000fd38c0(0000) GS:ffff8a379f800000(0000) knlGS:0000000000000000 [ 1.540006] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1.540082] CR2: 000000000056789c CR3: 000000001d598000 CR4: 00000000000006f0 [ 1.540221] Call Trace: [ 1.540710] __block_write_begin_int+0x134/0x550 [ 1.540806] ? fat_add_cluster+0x80/0x80 [ 1.540869] ? notify_change+0x383/0x400 [ 1.540927] ? fat_add_cluster+0x80/0x80 [ 1.540982] block_write_begin+0x3f/0xa0 [ 1.541036] ? do_truncate+0x84/0xc0 [ 1.541088] cont_write_begin+0x232/0x330 [ 1.541146] ? fat_add_cluster+0x80/0x80 [ 1.541200] ? path_openat+0x5f7/0x1620 [ 1.541255] fat_write_begin+0x2d/0x60 [ 1.541310] ? fat_add_cluster+0x80/0x80 [ 1.541367] generic_perform_write+0xb1/0x1b0 [ 1.541431] __generic_file_write_iter+0xfd/0x190 [ 1.541497] generic_file_write_iter+0xe1/0x1e0 [ 1.541560] __vfs_write+0xfc/0x160 [ 1.541616] vfs_write+0xa8/0x190 [ 1.541667] ksys_write+0x4d/0xb0 [ 1.541718] do_syscall_64+0x43/0xf0 [ 1.541772] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1.541936] RIP: 0033:0x486804 [ 1.541981] RSP: 002b:00007ffd17e241f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1.542081] RAX: ffffffffffffffda RBX: 0000000000fd38a0 RCX: 0000000000486804 [ 1.542199] RDX: 0000000000000001 RSI: 0000000000fd6fc0 RDI: 0000000000000001 [ 1.542283] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000fd6fc0 [ 1.542367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000fd6fc0 [ 1.542450] R13: 0000000000000001 R14: 0000000000000001 R15: 00007ffd17e24260 [ 1.542573] Code: d0 00 00 00 49 89 44 24 18 49 89 54 24 30 49 8b 45 18 49 89 44 24 20 41 0f b6 45 14 e9 b9 fe ff ff 41 89 c2 e9 bb fe ff ff 0f 0b <0f> 0b e8 79 87 dc ff 48 8b 4d b0 48 c7 c2 c8 bc 9f 91 be 01 00 [ 1.542995] RIP: fat_get_block+0x200/0x230 RSP: ffff906900a2fb78 [ 1.543289] ---[ end trace 0266ed39a6ec740a ]--- (full kernel log is attached) -- Anatoly View attachment "serial-log.txt" of type "text/plain" (22175 bytes) Download attachment "config_v4.17-rc7" of type "application/octet-stream" (113927 bytes) Download attachment "vfat.img.bz2" of type "application/octet-stream" (372 bytes)
Powered by blists - more mailing lists