lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CADCV8sokv-7_Rd=aBWJVNFoBD1ARDkzj2Dqbm_sHY2c0TvNEsg@mail.gmail.com>
Date: Tue, 31 Dec 2024 13:57:23 +0800
From: Liebes Wang <wanghaichi0403@...il.com>
To: mark@...heh.com, jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, 
	ocfs2-devel@...ts.linux.dev, linux-kernel@...r.kernel.org
Cc: syzkaller@...glegroups.com
Subject: kernel BUG in ocfs2_claim_suballoc_bits

Dear Linux maintainers and reviewers:

We are reporting a Linux kernel bug titled **kernel BUG in
ocfs2_claim_suballoc_bits**, discovered using a modified version of
Syzkaller.

Linux version: v6.12-rc6:59b723cd2adbac2a34fc8e12c74ae26ae45bf230 (crash is
also reproduced in the latest kernel version)
The test case and kernel config is in attach.

The KASAN report is (The full report is attached):

kernel BUG at fs/ocfs2/suballoc.c:1441!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 8262 Comm: syz.1.348 Not tainted 6.12.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:ocfs2_find_victim_chain fs/ocfs2/suballoc.c:1441 [inline]
RIP: 0010:ocfs2_claim_suballoc_bits+0x1666/0x1f90 fs/ocfs2/suballoc.c:1982
Code: ff e8 6e b3 a7 fe c6 05 74 19 67 05 01 90 48 c7 c7 60 10 4d 86 e8 8a
8f 6e fe 90 0f 0b 90 90 e9 66 f3 ff ff e8 4b b3 a7 fe 90 <0f> 0b 48 8b 5c
24 40 e8 3e b3 a7 fe 48 8b 44 24 08 48 8d 78 10 48
RSP: 0018:ff1100011680f700 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ff110001084b8480 RCX: ffffffff82aa4006
RDX: ff11000114b94480 RSI: ffffffff82aa4f35 RDI: 0000000000000003
RBP: 0000000000000002 R08: ff1100011680f8c8 R09: ff1100011680f9c0
R10: 0000000000000000 R11: 0000000000000000 R12: ff110001084b8488
R13: 0000000000000800 R14: 0000000000000000 R15: ff11000152b85400
FS:  00007f314d122700(0000) GS:ff110004ca800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb5fdf8a000 CR3: 000000013b0e8005 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 80000000
Call Trace:
 <TASK>
 ocfs2_claim_new_inode+0x2e4/0x8b0 fs/ocfs2/suballoc.c:2267
 ocfs2_mknod_locked.constprop.0+0xe6/0x290 fs/ocfs2/namei.c:633
 ocfs2_mknod+0xcf9/0x24c0 fs/ocfs2/namei.c:379
 ocfs2_create+0x167/0x420 fs/ocfs2/namei.c:672
 vfs_create fs/namei.c:3294 [inline]
 vfs_create+0x4e0/0x7a0 fs/namei.c:3278
 do_mknodat+0x3cf/0x4c0 fs/namei.c:4185
 __do_sys_mknodat fs/namei.c:4213 [inline]
 __se_sys_mknodat fs/namei.c:4210 [inline]
 __x64_sys_mknodat+0xb3/0xf0 fs/namei.c:4210
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Content of type "text/html" skipped

Download attachment "report0" of type "application/octet-stream" (8410 bytes)

Download attachment "repro.c" of type "application/octet-stream" (85620 bytes)

Download attachment "config" of type "application/octet-stream" (148405 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ