lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CADCV8sqCCh49837dk4N8d8JHOWkUCVXz-Mx-ZC+51Q=ch73mLA@mail.gmail.com>
Date: Wed, 15 Jan 2025 13:48:00 +0800
From: Liebes Wang <wanghaichi0403@...il.com>
To: mark@...heh.com, jlbec@...lplan.org, 
	Joseph Qi <joseph.qi@...ux.alibaba.com>, ocfs2-devel@...ts.linux.dev, 
	linux-kernel@...r.kernel.org
Cc: syzkaller@...glegroups.com
Subject: kernel BUG in ocfs2_iget

Dear Linux maintainers and reviewers:

We are reporting a Linux kernel bug titled **kernel BUG in ocfs2_iget**,
discovered using a modified version of Syzkaller.

Linux version: 2144da25584eb10b84252230319b5783f6a83041 (6.13-rc6)

The bisection log shows the first introduced commit is
7569d3c754e452769a5747eeeba488179e38a5da:
7569d3c754e4 ocfs2: load global_inode_alloc

The test case, kernel config and full bisection log are attached.

The report is (The full report is attached):
kernel BUG at fs/ocfs2/inode.c:533!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 7331 Comm: syz.0.316 Not tainted 6.12.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:ocfs2_read_locked_inode+0x11ad/0x1280 fs/ocfs2/inode.c:533
Code: 4c 89 64 24 68 80 3c 02 00 75 75 4c 8b 03 ba 15 02 00 00 48 89 ef 48
c7 c1 c0 a0 4c 86 48 c7 c6 40 a7 4c 86 e8 64 34 15 00 90 <0f> 0b 48 c7 c7
28 c5 13 88 e8 25 9d 01 ff e9 83 f4 ff ff 4c 89 f7
RSP: 0018:ff11000127247748 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ff11000127247880 RCX: ffa0000001aa6000
RDX: 0000000000040000 RSI: ffffffff82b7bd73 RDI: 0000000000000001
RBP: ff110001272477b0 R08: 0000000000000001 R09: ffe21c0024e48e78
R10: 0000000000000001 R11: 0000000000000000 R12: 1000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: ff110001345e0000
FS:  00007f57928ff700(0000) GS:ff110004ca800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbfb138d2f0 CR3: 00000001397ea001 CR4: 0000000000771ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 80000000
Call Trace:
 <TASK>
 ocfs2_iget+0x905/0xab0 fs/ocfs2/inode.c:159
 _ocfs2_get_system_file_inode fs/ocfs2/sysfile.c:142 [inline]
 ocfs2_get_system_file_inode+0x390/0x7f0 fs/ocfs2/sysfile.c:112
 ocfs2_init_local_system_inodes fs/ocfs2/super.c:487 [inline]
 ocfs2_mount_volume fs/ocfs2/super.c:1811 [inline]
 ocfs2_fill_super+0x16bf/0x4170 fs/ocfs2/super.c:1084
 mount_bdev+0x1e6/0x2d0 fs/super.c:1693
 legacy_get_tree+0x107/0x220 fs/fs_context.c:662
 vfs_get_tree+0x94/0x380 fs/super.c:1814
 do_new_mount fs/namespace.c:3507 [inline]
 path_mount+0x6b2/0x1eb0 fs/namespace.c:3834
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount fs/namespace.c:4034 [inline]
 __x64_sys_mount+0x283/0x300 fs/namespace.c:4034
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xc1/0x1d0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Content of type "text/html" skipped

Download attachment "report4" of type "application/octet-stream" (4494 bytes)

Download attachment "kconfig" of type "application/octet-stream" (149021 bytes)

Download attachment "bisect.log" of type "application/octet-stream" (19750 bytes)

Download attachment "repro.cprog" of type "application/octet-stream" (94513 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ