lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 11 Apr 2024 16:13:58 +0800
From: Sam Sun <samsun1006219@...il.com>
To: linux-kernel@...r.kernel.org, shaggy@...nel.org, brauner@...nel.org, 
	jlayton@...nel.org, liushixin2@...wei.com, jack@...e.cz, 
	ghandatmanas@...il.com, eadavis@...com, jfs-discussion@...ts.sourceforge.net
Cc: syzkaller-bugs@...glegroups.com, xrivendell7@...il.com
Subject: [Linux kernel bug] UBSAN: array-index-out-of-bounds in diFree

Dear developers and maintainers,

We encountered an array-index-out-of-bounds bug while using our
modified Syzkaller. It is tested against the latest upstream linux
(6.9-rc3, commit e8c39d0f57f358950356a8e44ee5159f57f86ec5). Kernel
config and C repro are attached to this email. The UBSAN report is
listed below.
```
================================================================================
UBSAN: array-index-out-of-bounds in
/home/sy/linux-original/fs/jfs/jfs_imap.c:886:2
index 33554432 is out of range for type 'mutex [128]'
CPU: 0 PID: 116 Comm: jfsCommit Not tainted 6.7.0-rc7 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x136/0x150 lib/dump_stack.c:106
 ubsan_epilogue lib/ubsan.c:217 [inline]
 __ubsan_handle_out_of_bounds+0xd5/0x130 lib/ubsan.c:348
 diFree+0x2158/0x26e0 fs/jfs/jfs_imap.c:886
 jfs_evict_inode+0x3d4/0x4b0 fs/jfs/inode.c:156
 evict+0x2ed/0x6b0 fs/inode.c:666
 iput_final fs/inode.c:1777 [inline]
 iput.part.0+0x511/0x720 fs/inode.c:1803
 iput+0x5c/0x80 fs/inode.c:1793
 txUpdateMap+0xaae/0xcd0 fs/jfs/jfs_txnmgr.c:2367
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x5d4/0xb10 fs/jfs/jfs_txnmgr.c:2732
 kthread+0x2cc/0x3b0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>
================================================================================
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 0 PID: 116 Comm: jfsCommit Not tainted 6.7.0-rc7 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 panic+0x6b9/0x760 kernel/panic.c:344
 check_panic_on_warn+0xb1/0xc0 kernel/panic.c:237
 ubsan_epilogue lib/ubsan.c:223 [inline]
 __ubsan_handle_out_of_bounds+0xfd/0x130 lib/ubsan.c:348
 diFree+0x2158/0x26e0 fs/jfs/jfs_imap.c:886
 jfs_evict_inode+0x3d4/0x4b0 fs/jfs/inode.c:156
 evict+0x2ed/0x6b0 fs/inode.c:666
 iput_final fs/inode.c:1777 [inline]
 iput.part.0+0x511/0x720 fs/inode.c:1803
 iput+0x5c/0x80 fs/inode.c:1793
 txUpdateMap+0xaae/0xcd0 fs/jfs/jfs_txnmgr.c:2367
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x5d4/0xb10 fs/jfs/jfs_txnmgr.c:2732
 kthread+0x2cc/0x3b0 kernel/kthread.c:388
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
 </TASK>
```
If you have any questions, please contact us.
Reported by: Yue Sun <samsun1006219@...il.com>
Reported by: xingwei lee <xrivendell7@...il.com>

Best Regards,
Yue

View attachment "diFree.c" of type "text/x-csrc" (126551 bytes)

Download attachment "config" of type "application/octet-stream" (247916 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ