| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAE5jQCeD-dXDSGK=CZcwYP1_cFd4TB2nprC80-kpSXMEJ+8_oQ@mail.gmail.com> Date: Sun, 3 Jun 2018 19:26:41 +0300 From: Anatoly Trosinenko <anatoly.trosinenko@...il.com> To: Jan Kara <jack@...e.com> Cc: linux-kernel@...r.kernel.org Subject: Page fault in UDF FS driver When mounting corrupted UDF file system and performing specific actions, [BUG: unable to handle kernel paging request at ffffa136c7fe0000] occurs. How to reproduce: 1. Compile the v4.17-rc7 kernel with the attached config 2. Unpack and mount attached FS as udf (supposing, mount point in /mnt) 3. Execute $ echo >> /mnt/1111111111111111111111111111111111111111111111111111111111111111111111111 $ ln -s /mnt/. /mnt/foo [ 2.296245] BUG: unable to handle kernel paging request at ffffa394c7fe0000 [ 2.296613] PGD 573e067 P4D 573e067 PUD 573f067 PMD 5742067 PTE 0 [ 2.296895] Oops: 0000 [#1] SMP NOPTI [ 2.297062] Modules linked in: [ 2.297298] CPU: 0 PID: 991 Comm: init Not tainted 4.17.0-rc7+ #1 [ 2.297403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 [ 2.297899] RIP: 0010:crc_itu_t+0x1b/0x30 [ 2.297974] RSP: 0018:ffffbfb6c08d7a28 EFLAGS: 00000a86 [ 2.298088] RAX: 000000009d2ad400 RBX: ffffa394c4ff1400 RCX: 000000000000002a [ 2.298203] RDX: ffffa394f6304549 RSI: ffffa394c7fe0001 RDI: ffffffff9444a2c0 [ 2.298307] RBP: ffffa394c6750098 R08: 0000000000000001 R09: 0000000000000001 [ 2.298409] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 2.298509] R13: 0000000000000010 R14: 0000000000000002 R15: 0000000000000000 [ 2.298647] FS: 0000000000ba08c0(0000) GS:ffffa394c7800000(0000) knlGS:0000000000000000 [ 2.298764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2.298856] CR2: ffffa394c7fe0000 CR3: 0000000005c2e000 CR4: 00000000000006f0 [ 2.299015] Call Trace: [ 2.299478] udf_update_tag+0x19/0x40 [ 2.299653] udf_write_aext+0xa8/0x120 [ 2.299739] inode_getblk+0xa90/0x12f0 [ 2.299822] ? __wake_up_common_lock+0x84/0xb0 [ 2.299905] ? __lookup_slow+0x92/0x150 [ 2.299972] udf_get_block+0xc0/0x140 [ 2.300035] udf_getblk+0x39/0xf0 [ 2.300112] ? _cond_resched+0x10/0x40 [ 2.300178] ? __getblk_gfp+0x27/0x2a0 [ 2.300244] ? inode_bmap+0x10a/0x1c0 [ 2.300307] udf_bread+0x26/0xa0 [ 2.300364] udf_add_entry+0x3ac/0xa10 [ 2.300434] udf_add_nondir+0x50/0x150 [ 2.300541] ? udf_symlink+0x34f/0x4d0 [ 2.300605] udf_symlink+0x34f/0x4d0 [ 2.300668] vfs_symlink+0xbb/0x140 [ 2.300729] do_symlinkat+0x76/0xd0 [ 2.300792] do_syscall_64+0x43/0xf0 [ 2.300856] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2.301058] RIP: 0033:0x487a07 [ 2.301114] RSP: 002b:00007ffcab237978 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 2.301234] RAX: ffffffffffffffda RBX: 0000000000ba32e0 RCX: 0000000000487a07 [ 2.301336] RDX: 0000000000000000 RSI: 0000000000ba32a8 RDI: 0000000000ba3290 [ 2.301436] RBP: 0000000000ba32a8 R08: 0000000000000000 R09: 0000000000000000 [ 2.301536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2.301636] R13: 0000000000ba32a8 R14: 0000000000000000 R15: 0000000000000000 [ 2.301776] Code: b6 c9 66 33 04 4f 48 39 d6 75 e6 f3 c3 89 f8 c3 48 85 d2 74 27 89 f8 48 01 f2 48 c7 c7 c0 a2 44 94 48 83 c6 01 0f b6 cc c1 e0 08 <32> 4e ff 0f b6 c9 66 33 04 4f 48 39 d6 75 e7 f3 c3 89 f8 c3 90 [ 2.302793] RIP: crc_itu_t+0x1b/0x30 RSP: ffffbfb6c08d7a28 [ 2.302914] CR2: ffffa394c7fe0000 [ 2.303173] ---[ end trace fcae3e3ff19df0fb ]--- Thanks, Anatoly View attachment "serial-log.txt" of type "text/plain" (22298 bytes) Download attachment "config_v4.17-rc7" of type "application/octet-stream" (113927 bytes) Download attachment "udf_1mb.img.bz2" of type "application/octet-stream" (1359 bytes)
Powered by blists - more mailing lists