| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADCV8srPzY4PpwP__oLYjfZiaYLeMyVi4Nb7OJizp2wyyr=5fA@mail.gmail.com> Date: Sun, 9 Feb 2025 18:02:31 +0800 From: Liebes Wang <wanghaichi0403@...il.com> To: shaggy@...nel.org, peili.dev@...il.com, eadavis@...com, Ghanshyam Agrawal <ghanshyam1898@...il.com>, rbrasga@....edu, Nihar Chaithanya <niharchaithanya@...il.com>, aha310510@...il.com, jfs-discussion@...ts.sourceforge.net, linux-kernel@...r.kernel.org Cc: syzkaller@...glegroups.com Subject: kernel bug report: general protection fault in dbDiscardAG Dear Linux maintainers and reviewers: We are reporting a Linux kernel bug titled **general protection fault in dbDiscardAG**, discovered using a modified version of Syzkaller. Linux version: 2144da25584eb10b84252230319b5783f6a83041 The bisection log shows the first introduced commit is 2b9ac22b12a266eb4fec246a07b504dd4983b16b 2b9ac22b12a2 loop: Fix missing discard support when using LOOP_CONFIGURE The test case, kernel config and full bisection log are attached. The report is (The full report is attached): ERROR: (device loop3): dbAllocAG: allocation request is larger than the allocation group size ERROR: (device loop3): dbDiscardAG: -EIO Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 0 UID: 0 PID: 6061 Comm: syz.3.268 Not tainted 6.13.0-rc6-g2144da25584e #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:dbDiscardAG+0x2e0/0x740 -new/fs/jfs/jfs_dmap.c:1644 Code: 0f 85 9e 02 00 00 e8 8f ff 0b ff 48 8b 7c 24 40 e8 a5 9d e8 fe 48 8d 7b 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 79 03 00 00 48 8b 44 24 18 48 c7 43 08 00 00 00 RSP: 0018:ff110001722e7cd0 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000010 RCX: ffffffff812f1af5 RDX: 0000000000000003 RSI: 0000000000000008 RDI: 0000000000000018 RBP: ffffffffffffffff R08: 0000000000000001 R09: ffe21c0026377dc9 R10: ff11000131bbee4f R11: 0000000000000000 R12: ff1100012c373000 R13: 0000000000000001 R14: 0000000000000001 R15: ff11000131bb9670 FS: 00007f907c8b1700(0000) GS:ff110004ca800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff270e6a000 CR3: 0000000126d7a001 CR4: 0000000000771ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 80000000 Call Trace: <TASK> jfs_ioc_trim+0x392/0x530 -new/fs/jfs/jfs_discard.c:105 jfs_ioctl+0x2c4/0x390 -new/fs/jfs/ioctl.c:131 vfs_ioctl -new/fs/ioctl.c:51 [inline] __do_sys_ioctl -new/fs/ioctl.c:906 [inline] __se_sys_ioctl -new/fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x1a4/0x210 -new/fs/ioctl.c:892 do_syscall_x64 -new/arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc1/0x1d0 -new/arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Content of type "text/html" skipped Download attachment "report4" of type "application/octet-stream" (9479 bytes) Download attachment "bisect.log" of type "application/octet-stream" (26267 bytes) Download attachment "repro.cprog" of type "application/octet-stream" (96755 bytes) Download attachment "kconfig" of type "application/octet-stream" (149021 bytes)
Powered by blists - more mailing lists