| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADCV8sr1ConH1h4N7-Q8M2G4JdRxjosQLPD2dGftB8p1ZHtA8w@mail.gmail.com> Date: Fri, 3 Jan 2025 14:45:39 +0800 From: Liebes Wang <wanghaichi0403@...il.com> To: kent.overstreet@...ux.dev, linux-bcachefs@...r.kernel.org, linux-kernel@...r.kernel.org Cc: syzkaller@...glegroups.com Subject: general protection fault in bch2_run_recovery_pass Dear Linux maintainers and reviewers: We are reporting a Linux kernel bug titled **general protection fault in bch2_run_recovery_pass**, discovered using a modified version of Syzkaller. Linux version: v6.12-rc6:59b723cd2adbac2a34fc8e12c74ae26ae45bf230 (crash is also reproduced in the latest kernel version) The test case and kernel config is in attach. The KASAN report is (The full report is attached): bcachefs (loop1): check_alloc_info... done bcachefs (loop1): check_lrus... done bcachefs (loop1): check_extents_to_backpointers... loop6: detected capacity change from 0 to 1024 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000013: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000098-0x000000000000009f] CPU: 1 UID: 0 PID: 9172 Comm: syz.1.548 Not tainted 6.12.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:check_btree_root_to_backpointers+0x138/0x4a0 fs/bcachefs/backpointers.c:703 Code: df 48 c1 e8 03 80 3c 08 00 0f 85 25 03 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b 1b 48 8d bb 98 00 00 00 48 89 f8 48 c1 e8 03 <0f> b6 04 08 84 c0 74 06 0f 8e f2 02 00 00 48 83 ec 18 45 31 c9 31 RSP: 0018:ff1100013d0e71e8 EFLAGS: 00010202 RAX: 0000000000000013 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: ff1100014aac2240 RSI: ffffffff83176a52 RDI: 0000000000000098 RBP: ff1100013d0e7338 R08: 0000000000000021 R09: fffffbfff14467ed R10: 0000000000000008 R11: 0000000000000000 R12: 0000000000000021 R13: 0000000000000008 R14: ff1100013d0e7268 R15: ff11000104880000 FS: 00007fed67f73700(0000) GS:ff110004ca900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2383bb0018 CR3: 0000000107678006 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 80000000 Call Trace: <TASK> bch2_check_extents_to_backpointers_pass+0x1db/0x810 fs/bcachefs/backpointers.c:868 bch2_check_extents_to_backpointers+0x152/0x760 fs/bcachefs/backpointers.c:932 bch2_run_recovery_pass+0x91/0x190 fs/bcachefs/recovery_passes.c:185 bch2_run_recovery_passes+0x3a3/0x730 fs/bcachefs/recovery_passes.c:232 bch2_fs_recovery+0x1f89/0x3c60 fs/bcachefs/recovery.c:861 bch2_fs_start+0x2d8/0x610 fs/bcachefs/super.c:1036 bch2_fs_get_tree+0xfda/0x15d0 fs/bcachefs/fs.c:2170 vfs_get_tree+0x94/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3507 [inline] path_mount+0x6b2/0x1eb0 fs/namespace.c:3834 do_mount fs/namespace.c:3847 [inline] __do_sys_mount fs/namespace.c:4057 [inline] __se_sys_mount fs/namespace.c:4034 [inline] __x64_sys_mount+0x283/0x300 fs/namespace.c:4034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Content of type "text/html" skipped Download attachment "report0" of type "application/octet-stream" (5357 bytes) Download attachment "repro.c" of type "application/octet-stream" (303078 bytes) Download attachment "config" of type "application/octet-stream" (148405 bytes)
Powered by blists - more mailing lists