From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bob Peterson Date: Fri, 29 Jun 2018 08:22:45 -0400 (EDT) Subject: [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing In-Reply-To: <2BFC4F79-6E94-4B4C-B371-867623F63366@gatech.edu> References: <2BFC4F79-6E94-4B4C-B371-867623F63366@gatech.edu> Message-ID: <904328755.46934234.1530274965236.JavaMail.zimbra@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ----- Original Message ----- > Dear GFS2 developers, > > Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local > fuzzing test, please check the followings: > > 200265 BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file > system > https://bugzilla.kernel.org/show_bug.cgi?id=200265 > > 200263 Invalid function pointer invoked when writing to a file on corrupted > gfs2 filesystem > https://bugzilla.kernel.org/show_bug.cgi?id=200263 > > 200261 BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image > https://bugzilla.kernel.org/show_bug.cgi?id=200261 > > 200259 Invalid function pointer called when writing to a corrupted gfs2 image > https://bugzilla.kernel.org/show_bug.cgi?id=200259 > > 200257 Kernel panic when invoking setxattr on a file in the corrupted gfs2 > image > https://bugzilla.kernel.org/show_bug.cgi?id=200257 > > 200253 Uninitialized stack variable misused in rgblk_free() > https://bugzilla.kernel.org/show_bug.cgi?id=200253 > > 200251 BUG() triggered in gfs2_write_calc_reserv() when mounting and > un-mounting a corrupted gfs2 image > https://bugzilla.kernel.org/show_bug.cgi?id=200251 > > 200249 NULL pointer dereference in gfs2_evict_inode() when mounting a > corrupted gfs2 image > https://bugzilla.kernel.org/show_bug.cgi?id=200249 > > 200245 Kernel panic in fillup_metapath() when calling stat() on the file in a > corrupted gfs2 file system > https://bugzilla.kernel.org/show_bug.cgi?id=200245 > > 200247 Invalid function pointer invoked when calling mmap() on a file in the > corrupted gfs2 file system > https://bugzilla.kernel.org/show_bug.cgi?id=200247 > > 200237 BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2 > image > https://bugzilla.kernel.org/show_bug.cgi?id=200237 > > 200235 Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2 > image > https://bugzilla.kernel.org/show_bug.cgi?id=200235 > > 200233 NULL pointer dereference in set_rgrp_preferences() when mounting a > corrupted gfs2 image > https://bugzilla.kernel.org/show_bug.cgi?id=200233 > > 200231 stack overflow in gfs2_block_map() when mounting a corrupted gfs2 > image > https://bugzilla.kernel.org/show_bug.cgi?id=200231 > > You can find the corrupt image leading to kernel panic and related kernel > message in the Bugzilla links. > Among them, 200263, 200259 and 200247 may have the same root cause, but I am > not sure. > I would like to provide any further help to debug and fix the bugs. I am also > willing to test the patch. > > Thanks, > Wen Hi, Thanks, Wen. Andy Price is doing most of the work on gfs2-utils and fsck.gfs2 these days. Adding him. Regards, Bob Peterson Red Hat File Systems