| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000000000000824aa2060c623c6f@google.com>
Date: Wed, 13 Dec 2023 03:12:01 -0800
From: syzbot <syzbot+f4582777a19ec422b517@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] [syzbot] [ext4?] kernel BUG in ext4_write_inline_data
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data
Author: eadavis@...com
please test kernel BUG in ext4_write_inline_data
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 44c026a73be8
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 9a84a5f9fef4..2ab1ca192167 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -169,6 +169,7 @@ int ext4_find_inline_data_nolock(struct inode *inode)
(void *)ext4_raw_inode(&is.iloc));
EXT4_I(inode)->i_inline_size = EXT4_MIN_INLINE_DATA_SIZE +
le32_to_cpu(is.s.here->e_value_size);
+ printk("iis: %d, %s\n", EXT4_I(inode)->i_inline_size, __func__);
}
out:
brelse(is.iloc.bh);
@@ -232,7 +233,9 @@ static void ext4_write_inline_data(struct inode *inode, struct ext4_iloc *iloc,
return;
BUG_ON(!EXT4_I(inode)->i_inline_off);
- BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
+ printk("pos: %d, len: %d, iis: %d, %s\n", pos, len, EXT4_I(inode)->i_inline_size, __func__);
+ if (EXT4_I(inode)->i_inline_size > 0)
+ BUG_ON(pos + len > EXT4_I(inode)->i_inline_size);
raw_inode = ext4_raw_inode(iloc);
buffer += pos;
@@ -314,6 +317,7 @@ static int ext4_create_inline_data(handle_t *handle,
EXT4_I(inode)->i_inline_off = (u16)((void *)is.s.here -
(void *)ext4_raw_inode(&is.iloc));
EXT4_I(inode)->i_inline_size = len + EXT4_MIN_INLINE_DATA_SIZE;
+ printk("len: %d, iis: %d, %s\n", len, EXT4_I(inode)->i_inline_size, __func__);
ext4_clear_inode_flag(inode, EXT4_INODE_EXTENTS);
ext4_set_inode_flag(inode, EXT4_INODE_INLINE_DATA);
get_bh(is.iloc.bh);
@@ -381,6 +385,7 @@ static int ext4_update_inline_data(handle_t *handle, struct inode *inode,
(void *)ext4_raw_inode(&is.iloc));
EXT4_I(inode)->i_inline_size = EXT4_MIN_INLINE_DATA_SIZE +
le32_to_cpu(is.s.here->e_value_size);
+ printk("iis: %d, %s\n", EXT4_I(inode)->i_inline_size, __func__);
ext4_set_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
get_bh(is.iloc.bh);
error = ext4_mark_iloc_dirty(handle, inode, &is.iloc);
@@ -469,6 +474,7 @@ static int ext4_destroy_inline_data_nolock(handle_t *handle,
EXT4_I(inode)->i_inline_off = 0;
EXT4_I(inode)->i_inline_size = 0;
+ printk("iis: %d, %s\n", EXT4_I(inode)->i_inline_size, __func__);
ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
out:
brelse(is.iloc.bh);
@@ -1979,6 +1985,7 @@ int ext4_inline_data_truncate(struct inode *inode, int *has_inline)
EXT4_I(inode)->i_inline_size = i_size <
EXT4_MIN_INLINE_DATA_SIZE ?
EXT4_MIN_INLINE_DATA_SIZE : i_size;
+ printk("isize: %d, iis: %d, %s\n", i_size, EXT4_I(inode)->i_inline_size, __func__);
}
out_error:
Powered by blists - more mailing lists