| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJnJ2jnFdu9V-j1Z@infradead.org> Date: Mon, 11 Aug 2025 03:45:46 -0700 From: Christoph Hellwig <hch@...radead.org> To: cen zhang <zzzccc427@...il.com> Cc: cem@...nel.org, linux-kernel@...r.kernel.org, baijiaju1990@...il.com, zhenghaoran154@...il.com, r33s3n6@...il.com, gality365@...il.com, linux-xfs@...r.kernel.org Subject: Re: [BUG] xfs: Assertion failure in dio_write( flags & IOMAP_DIO_OVERWRITE_ONLY) with a UAF On Wed, Aug 06, 2025 at 07:40:19PM +0800, cen zhang wrote: > Hello maintainers, > > I would like to report a kernel panic found using syzkaller on a 6.16.0-rc6. > > The kernel log shows two distinct but closely timed crash reports, > which I guess are related. > > 1. An XFS assertion failure: Assertion failed: flags & > IOMAP_DIO_OVERWRITE_ONLY, file: fs/xfs/xfs_file.c, line: 876 triggered > by a write() system call in xfs_file_dio_write_unaligned. > > 2. A KASAN use-after-free report on a task_struct object, triggered > during an ioctl() call (likely FICLONE or FIDEDUPERANGE). The crash > occurs in rwsem_down_write_slowpath when trying to lock an inode via > xfs_reflink_remap_prep. > > Unfortunately, I have not been able to create a standalone C > reproducer, and attempts to use syzkaller's repro tool on the syz-prog > have not reliably triggered the bug again. Thanks for the report, but it will be really hard to do anything without a reproducer. I case you are still trying to create one it would be great to hear if you have one!
Powered by blists - more mailing lists