lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <IA1PR07MB9830528DCB1AAE0C50DBDE0CABA09@IA1PR07MB9830.namprd07.prod.outlook.com>
Date:   Thu, 16 Feb 2023 21:44:39 +0000
From:   Sanan Hasanov <sanan.hasanov@...ghts.ucf.edu>
To:     "jaegeuk@...nel.org" <jaegeuk@...nel.org>,
        "chao@...nel.org" <chao@...nel.org>,
        "terrelln@...com" <terrelln@...com>,
        "linux-f2fs-devel@...ts.sourceforge.net" 
        <linux-f2fs-devel@...ts.sourceforge.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC:     "syzkaller@...glegroups.com" <syzkaller@...glegroups.com>,
        "contact@...zz.com" <contact@...zz.com>
Subject: UBSAN: array-index-out-of-bounds in f2fs_iget

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel Branch: 6.2.0-rc7-next-20230206
Kernel config: https://drive.google.com/file/d/16AAzfA1DqiaTS8ohH7X80kud8QTCKBB6/view?usp=share_link
C Reproducer: https://drive.google.com/file/d/1mWS9BHAKuQcf9R1BiMX17-h9GQ9OI_v9/view?usp=share_link

Thank you!

Best regards,
Sanan Hasanov

================================================================================
UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3272:29
index 1409 is out of range for type '__le32 [923]'
CPU: 6 PID: 27613 Comm: syz-executor.5 Not tainted 6.2.0-rc7-next-20230206+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
 inline_data_addr fs/f2fs/f2fs.h:3272 [inline]
 __recover_inline_status fs/f2fs/inode.c:111 [inline]
 do_read_inode fs/f2fs/inode.c:418 [inline]
 f2fs_iget+0x5300/0x5620 fs/f2fs/inode.c:536
 f2fs_fill_super+0x3c09/0x8a10 fs/f2fs/super.c:4363
 mount_bdev+0x351/0x410 fs/super.c:1372
 legacy_get_tree+0x109/0x220 fs/fs_context.c:610
 vfs_get_tree+0x8d/0x350 fs/super.c:1502
 do_new_mount fs/namespace.c:3042 [inline]
 path_mount+0x675/0x1e30 fs/namespace.c:3372
 do_mount fs/namespace.c:3385 [inline]
 __do_sys_mount fs/namespace.c:3594 [inline]
 __se_sys_mount fs/namespace.c:3571 [inline]
 __x64_sys_mount+0x283/0x300 fs/namespace.c:3571
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7c3449176e
Code: 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7c35569a08 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f7c3449176e
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f7c35569a60
RBP: 00007f7c35569aa0 R08: 00007f7c35569aa0 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f7c35569a60 R15: 0000000020011c40
 </TASK>
================================================================================
F2FS-fs (loop5): sanity_check_inode: inode (ino=3) is with extra_attr, but extra_attr feature is off
F2FS-fs (loop5): Failed to read root inode

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ