lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKYAXd_ebG4L_mRwCqoGgt9kQ6BxcCf6M5UUJ1djnbMkBLUbgg@mail.gmail.com>
Date: Thu, 23 Jan 2025 08:49:04 +0900
From: Namjae Jeon <linkinjeon@...nel.org>
To: Kun Hu <huk23@...udan.edu.cn>
Cc: Sungjong Seo <sj1557.seo@...sung.com>, "Yuezhang.Mo" <yuezhang.mo@...y.com>, 
	linux-fsdevel <linux-fsdevel@...r.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, jjtan24@...udan.edu.cn
Subject: Re: Bug: soft lockup in exfat_clear_bitmap

On Wed, Jan 15, 2025 at 10:16 PM Kun Hu <huk23@...udan.edu.cn> wrote:
>
>
> > This is an already known issue and the relevant patch has been applied.
> > Please make sure that the following patch is applied to the kernel you
tested.
> >
> > a5324b3a488d exfat: fix the infinite loop in __exfat_free_cluster()
> >
> > or try to reproduce it with linux-6.13-rc7.
>
> Hi Namjae,
Hi Kun,
>
> We still successfully reproduced it on the v6.13-rc7. Firstly, I
apologize for taking up your time, I’m not sure if this is a significant
issue since from the reproducer it kind of looks like it’s caused via fault
injection.
>
>
> The syz_mount_image in the syscall reproducer mounts a randomly generated
image and also has the potential to trigger an abnormal path to the file
system. Specifically, the . /file0 file is crafted to contain invalid FAT
table or bitmap information, it is possible to cause abnormal cyclic
behavior in __exfat_free_cluster.
>
> Because p_chain->size is artificially constructed, if it has a large
value, then exfat_clear_bitmap will be called frequently. As the call stack
shows, the program eventually deadlocks in the loop in __exfat_free_cluster.
>
> This link is a link to our crash log in the rc7 kernel tree:
>
> Link:
https://github.com/pghk13/Kernel-Bug/blob/main/0103_6.13rc5_%E6%9C%AA%E6%8A%A5%E5%91%8A/%E6%9C%89%E7%9B%B8%E4%BC%BC%E6%A3%80%E7%B4%A2%E8%AE%B0%E5%BD%95/39-BUG_%20soft%20lockup%20in%20sys_unlink/crashlog0115_rc7.txt
>
> As I said earlier, I'm still consistently reporting the crash I found to
you guys now because I'm not sure if this issue is useful to you. If it is
not useful, please ignore it. I hope it doesn't take up too much of your
time.
Can you check an attached patch ?

Thanks.
>
> ———
> Kun Hu
>
>

Content of type "text/html" skipped

Download attachment "0001-exfat-fix-infinite-loop.patch" of type "application/x-patch" (3604 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ