lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID:
	<TYSPR06MB715874368EFB5D2A09C527B1F68D2@TYSPR06MB7158.apcprd06.prod.outlook.com>
Date: Fri, 2 May 2025 03:22:13 +0000
From: "huk23@...udan.edu.cn" <huk23@...udan.edu.cn>
To: Kent Overstreet <kent.overstreet@...ux.dev>
CC: "jjtan24@...udan.edu.cn" <jjtan24@...udan.edu.cn>,
	白烁冉 <baishuoran@...eu.edu.cn>, linux-bcachefs
	<linux-bcachefs@...r.kernel.org>, "syzkaller@...glegroups.com"
	<syzkaller@...glegroups.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>
Subject: WARNING in bch2_fs_release

Dear Maintainers,




When using our customized Syzkaller to fuzz the latest Linux kernel, the following crash (11th)was triggered.





HEAD commit: 6537cfb395f352782918d8ee7b7f10ba2cc3cbf2
git tree: upstream
Output:https:https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11call_trace.txt
Kernel config:https://github.com/pghk13/Kernel-Bug/blob/main/config.txt
C reproducer:https:https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11repro.c
Syzlang reproducer: https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11repro.txt


The error is located on line 592 of the fs/bcachefs/super.c file, in the bch2_fs_release function. Based on the error message and the call stack, the problem is that all reserved resources are not properly released when the bcachefs file system is down.
We have reproduced this issue several times on 6.15-rc1 again.






If you fix this issue, please add the following tag to the commit:
Reported-by: Kun Hu <huk23@...udan.edu.cn>, Jiaji Qin <jjtan24@...udan.edu.cn>, Shuoran Bai <baishuoran@...eu.edu.cn>

==================================================================

online_reserved not 0 at shutdown: 1
WARNING: CPU: 1 PID: 13366 at fs/bcachefs/super.c:592 bch2_fs_release+0x735/0x8b0
Modules linked in:
CPU: 1 UID: 0 PID: 13366 Comm: syz.1.45 Not tainted 6.15.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:bch2_fs_release+0x735/0x8b0
Code: 89 ef e8 be 4f d1 ff e9 86 fa ff ff e8 e4 ae 54 fd 90 0f 0b e8 dc ae 54 fd 90 48 c7 c7 a0 87 e6 8b 4c 89 e6 e8 cc 31 14 fd 90 <0f> 0b 90 90 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 10 48 c1 ea
RSP: 0018:ffffc900026c7358 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888075e00068 RCX: ffffffff817a9669
RDX: 0000000000000001 RSI: ffff88801fba4900 RDI: 0000000000000002
RBP: ffff888075e00000 R08: fffffbfff1c4bb00 R09: ffffed100fdc47ba
R10: ffffed100fdc47b9 R11: ffff88807ee23dcb R12: 0000000000000001
R13: 0000607f1491e148 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007fcb10ebf700(0000) GS:ffff8880eb36b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f93c5d4c000 CR3: 000000006c2e6000 CR4: 0000000000750ef0
PKRU: 00000000
Call Trace:
 <TASK>
 kobject_put+0x1b2/0x4c0
 bch2_fs_alloc+0xcfe/0x29b0
 bch2_fs_open+0x945/0x1160
 bch2_fs_get_tree+0x3c9/0x20c0
 vfs_get_tree+0x93/0x340
 path_mount+0x1270/0x1b90
 do_mount+0xb3/0x110
 __x64_sys_mount+0x193/0x230
 do_syscall_64+0xcf/0x260
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcb0ffaf51e
Code: ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb10ebe9b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000005905 RCX: 00007fcb0ffaf51e
RDX: 00000000200058c0 RSI: 0000000020005900 RDI: 00007fcb10ebea10
RBP: 00007fcb10ebea50 R08: 00007fcb10ebea50 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200058c0
R13: 0000000020005900 R14: 00007fcb10ebea10 R15: 00000000200001c0



thanks,
Kun Hu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ