[Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing

[Andrew Price <anprice@redhat.com>]

Hi,

On 18/07/18 22:02, Xu, Wen wrote:
> Dear GFS2 developers,
> 
> I would like to know if there is any update on these issues?

No updates I'm afraid. There are only a small number of gfs2 developers 
and we have to prioritise work, and bugs discovered by fuzzers tend to 
be ones that are difficult to encounter during normal usage.

gfs2 development is really fun though, so if you know any bored Linux 
programmers then suggest gfs2 bug fixing to them :)

Andy

> 
> Thanks,
> Wen
> 
>> On Jun 29, 2018, at 8:22 AM, Bob Peterson <rpeterso@redhat.com> wrote:
>>
>> ----- Original Message -----
>>> Dear GFS2 developers,
>>>
>>> Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local
>>> fuzzing test, please check the followings:
>>>
>>> 200265	BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file
>>> system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200265
>>>
>>> 200263	Invalid function pointer invoked when writing to a file on corrupted
>>> gfs2 filesystem
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200263
>>>
>>> 200261	BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200261
>>>
>>> 200259	Invalid function pointer called when writing to a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200259
>>>
>>> 200257	Kernel panic when invoking setxattr on a file in the corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200257
>>>
>>> 200253	Uninitialized stack variable misused in rgblk_free()
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200253
>>>
>>> 200251	BUG() triggered in gfs2_write_calc_reserv() when mounting and
>>> un-mounting a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200251
>>>
>>> 200249	NULL pointer dereference in gfs2_evict_inode() when mounting a
>>> corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200249
>>>
>>> 200245	Kernel panic in fillup_metapath() when calling stat() on the file in a
>>> corrupted gfs2 file system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200245
>>>
>>> 200247	Invalid function pointer invoked when calling mmap() on a file in the
>>> corrupted gfs2 file system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200247
>>>
>>> 200237	BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200237
>>>
>>> 200235	Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200235
>>>
>>> 200233	NULL pointer dereference in set_rgrp_preferences() when mounting a
>>> corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200233
>>>
>>> 200231	stack overflow in gfs2_block_map() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200231
>>>
>>> You can find the corrupt image leading to kernel panic and related kernel
>>> message in the Bugzilla links.
>>> Among them, 200263, 200259 and 200247 may have the same root cause, but I am
>>> not sure.
>>> I would like to provide any further help to debug and fix the bugs. I am also
>>> willing to test the patch.
>>>
>>> Thanks,
>>> Wen
>> Hi,
>>
>> Thanks, Wen. Andy Price is doing most of the work on gfs2-utils and fsck.gfs2
>> these days. Adding him.
>>
>> Regards,
>>
>> Bob Peterson
>> Red Hat File Systems
>