From: Vegard Nossum <vegard.nossum@oracle.com>
To: linux-ext4@vger.kernel.org
Subject: open bugs found by fuzzing
Date: Thu, 14 Jul 2016 23:10:18 +0200 [thread overview]
Message-ID: <5787FFBA.70406@oracle.com> (raw)
Hi all,
I've been doing some ext4 fuzzing with AFL lately and run into a number
of crashes/warnings. Below is a list of these present in a 100% vanilla
mainline kernel. I will keep debugging and submitting patches until the
list is empty. In the meantime, the list is a useful way to keep track
of each bug and gauge the overall progress.
If anybody thinks they know what causes a particular bug, I'm happy to
test patches or provide more info. The only thing I can't do is to post
full-blown disk images or reproducers. Also note that several of these
may actually be the same underlying bug.
1. kasan: GPF could be caused by NULL-ptr deref or user memory
accessgeneral protection fault: 0000 [#1] KASAN
http://139.162.151.198/f/ext4/57be666646a37e9821d52bc64846a3b3b785ee7a
2. kernel BUG at fs/buffer.c:2994!
http://139.162.151.198/f/ext4/7df880da89c82579c15ca8bc786a3467ca9c47f7
3. kernel BUG at fs/ext4/inode.c:3709!
http://139.162.151.198/f/ext4/5bdefda69f39b2f2c56d9b67d5b7d9e2cc8dfd5f
4. kernel BUG at fs/ext4/mballoc.c:3188!
http://139.162.151.198/f/ext4/34284738d67f0405325b2c43211c56020b9d0211
5. kernel BUG at fs/ext4/mballoc.c:3518!
http://139.162.151.198/f/ext4/0f702e84173b87861c4ce226cc2e82f600ad9d0c
6. kernel BUG at fs/jbd2/commit.c:825!
http://139.162.151.198/f/ext4/3143febf7925bd1ea398bd1a775551133bd69ffd
7. WARNING: CPU: 0 PID: 58 at fs/ext4/ext4.h:2807
ext4_block_bitmap_csum_set+0x358/0x600
http://139.162.151.198/f/ext4/9628c19aff0bbaaae4149a03486305c7f6cd7523
8. WARNING: CPU: 0 PID: 58 at fs/ext4/mballoc.c:3987
ext4_discard_preallocations+0x6cb/0x8b0
http://139.162.151.198/f/ext4/0181e37a689dfcb8565695d93172e790a34a3d14
9. WARNING: CPU: 0 PID: 58 at fs/jbd2/transaction.c:293
start_this_handle+0xab6/0xcf0
http://139.162.151.198/f/ext4/55c691ba260963ffe20b365298e1f79f3b81968a
10. WARNING: CPU: 0 PID: 58 at kernel/locking/mutex-debug.c:78
debug_mutex_unlock+0x214/0x520
http://139.162.151.198/f/ext4/000ac1bce9ae7640565328ddcceb31a675e3052a
11. WARNING: CPU: 0 PID: 58 at lib/idr.c:401 idr_preload+0xec/0x110
http://139.162.151.198/f/ext4/7eace56beb912159fba1776ede9c2566f35f95ca
12. WARNING: CPU: 0 PID: 58 at lib/list_debug.c:36 __list_add+0x169/0x1c0
http://139.162.151.198/f/ext4/488a8e50b5137e01d1dd54e30e0e2fe34d8f0b27
13. WARNING: CPU: 0 PID: 58 at lib/list_debug.c:56
__list_del_entry+0x135/0x1d0
http://139.162.151.198/f/ext4/2e2c6122422aa6007cec500846fe8f891e954fee
14. WARNING: CPU: 0 PID: 58 at lib/list_debug.c:59
__list_del_entry+0x14f/0x1d0
http://139.162.151.198/f/ext4/1ac079bb08a23c32500cf5d4c29a29ca615f9295
15. WARNING: CPU: 0 PID: 58 at mm/slab_common.c:861 kmalloc_slab+0x8a/0x90
http://139.162.151.198/f/ext4/53b3aab7ddab0fb156047ea5cf72c359511f2726
Vegard
next reply other threads:[~2016-07-14 21:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-14 21:10 Vegard Nossum [this message]
2016-07-15 13:39 ` kernel BUG at fs/ext4/inode.c:3709! (Re: open bugs found by fuzzing) Vegard Nossum
2016-07-15 17:24 ` Theodore Ts'o
2016-07-15 17:57 ` Vegard Nossum
2016-07-15 19:49 ` Theodore Ts'o
2016-07-16 16:15 ` Vegard Nossum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5787FFBA.70406@oracle.com \
--to=vegard.nossum@oracle.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.