Bug report: some new bugs found by fuzzing

Bug report: some new bugs found by fuzzing

[Xu, Wen]

Dear F2FS developers,

By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,

200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
https://bugzilla.kernel.org/show_bug.cgi?id=200419

200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
https://bugzilla.kernel.org/show_bug.cgi?id=200421

200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
https://bugzilla.kernel.org/show_bug.cgi?id=200423

200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
https://bugzilla.kernel.org/show_bug.cgi?id=200425

Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!

-Wen
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

Hi Wen,

On 2018/7/6 3:19, Xu, Wen wrote:
> Dear F2FS developers,
> 
> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
> 
> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
> https://bugzilla.kernel.org/show_bug.cgi?id=200419
> 
> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
> https://bugzilla.kernel.org/show_bug.cgi?id=200421
> 
> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
> https://bugzilla.kernel.org/show_bug.cgi?id=200423
> 
> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
> https://bugzilla.kernel.org/show_bug.cgi?id=200425
> 
> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!

Alright, I will dig into these issues in these days, once I have solution, will
let you know.

Thanks,

> 
> -Wen
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Xu, Wen]

Thanks very much! I would like to provide any further help or testing.

-Wen

> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
> 
> Hi Wen,
> 
> On 2018/7/6 3:19, Xu, Wen wrote:
>> Dear F2FS developers,
>> 
>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>> 
>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>> 
>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>> 
>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>> 
>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>> 
>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
> 
> Alright, I will dig into these issues in these days, once I have solution, will
> let you know.
> 
> Thanks,
> 
>> 
>> -Wen

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

Hi Wen

On 2018/7/6 9:30, Xu, Wen wrote:
> Thanks very much! I would like to provide any further help or testing.

I found something interesting, our key metadata in checkpoint pack has already
been protected by checksum, in image you attached, the value of checksum is
correct, but still some key metadata's value are corrupted, so I guess fuzzing
will inject error data in tools like mkfs.f2fs, is that correct?

Thanks,

> 
> -Wen
> 
>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>
>> Hi Wen,
>>
>> On 2018/7/6 3:19, Xu, Wen wrote:
>>> Dear F2FS developers,
>>>
>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>
>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>>
>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>>
>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>
>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>>
>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>
>> Alright, I will dig into these issues in these days, once I have solution, will
>> let you know.
>>
>> Thanks,
>>
>>>
>>> -Wen
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Xu, Wen]

My fuzzer still randomly fuzzes the bytes in the image, but whatever it writes,
it will fix the checksum in CP blocks afterwards. F2FS only has CRC check in CP, so
it is not very hard for me to study the existed code and do this. I just want to touch more
code by passing CRC checks.

Thanks,
Wen

> On Jul 6, 2018, at 3:00 AM, Chao Yu <yuchao0@huawei.com> wrote:
> 
> Hi Wen
> 
> On 2018/7/6 9:30, Xu, Wen wrote:
>> Thanks very much! I would like to provide any further help or testing.
> 
> I found something interesting, our key metadata in checkpoint pack has already
> been protected by checksum, in image you attached, the value of checksum is
> correct, but still some key metadata's value are corrupted, so I guess fuzzing
> will inject error data in tools like mkfs.f2fs, is that correct?
> 
> Thanks,
> 
>> 
>> -Wen
>> 
>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>> 
>>> Hi Wen,
>>> 
>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>> Dear F2FS developers,
>>>> 
>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>> 
>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>>> 
>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>>> 
>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>> 
>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>>> 
>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>> 
>>> Alright, I will dig into these issues in these days, once I have solution, will
>>> let you know.
>>> 
>>> Thanks,
>>> 
>>>> 
>>>> -Wen
>> 
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

Hi Wen,

I've update two patches today for these issues, could you please test them?

On 2018/7/6 9:30, Xu, Wen wrote:
> Thanks very much! I would like to provide any further help or testing.
> 
> -Wen
> 
>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>
>> Hi Wen,
>>
>> On 2018/7/6 3:19, Xu, Wen wrote:
>>> Dear F2FS developers,
>>>
>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>
>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419

https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78

>>>
>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421

https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb

>>>
>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>
>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425

Fixes this issue with above commit.

Thanks,

>>>
>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>
>> Alright, I will dig into these issues in these days, once I have solution, will
>> let you know.
>>
>> Thanks,
>>
>>>
>>> -Wen
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Xu, Wen]

Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?

Thanks
-Wen

> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
> 
> Hi Wen,
> 
> I've update two patches today for these issues, could you please test them?
> 
> On 2018/7/6 9:30, Xu, Wen wrote:
>> Thanks very much! I would like to provide any further help or testing.
>> 
>> -Wen
>> 
>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>> 
>>> Hi Wen,
>>> 
>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>> Dear F2FS developers,
>>>> 
>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>> 
>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
> 
>>>> 
>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
> 
>>>> 
>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>> 
>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
> 
> Fixes this issue with above commit.
> 
> Thanks,
> 
>>>> 
>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>> 
>>> Alright, I will dig into these issues in these days, once I have solution, will
>>> let you know.
>>> 
>>> Thanks,
>>> 
>>>> 
>>>> -Wen
>> 
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Linux-f2fs-devel mailing list
>> Linux-f2fs-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

On 2018/7/7 23:48, Xu, Wen wrote:
> Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?

Yes, let me figure out the problem.

https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78

Above commit seems breaking normal case, let me update it.

Thanks,

> 
> Thanks
> -Wen
> 
>> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
>>
>> Hi Wen,
>>
>> I've update two patches today for these issues, could you please test them?
>>
>> On 2018/7/6 9:30, Xu, Wen wrote:
>>> Thanks very much! I would like to provide any further help or testing.
>>>
>>> -Wen
>>>
>>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>>>
>>>> Hi Wen,
>>>>
>>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>>> Dear F2FS developers,
>>>>>
>>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>>>
>>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>
>>>>>
>>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
>>
>>>>>
>>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>>>
>>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>
>> Fixes this issue with above commit.
>>
>> Thanks,
>>
>>>>>
>>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>>>
>>>> Alright, I will dig into these issues in these days, once I have solution, will
>>>> let you know.
>>>>
>>>> Thanks,
>>>>
>>>>>
>>>>> -Wen
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Linux-f2fs-devel mailing list
>>> Linux-f2fs-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Xu, Wen]

It is already fixed by the latest commit in your git tree?

Thanks,
Wen

> On Jul 7, 2018, at 12:32 PM, Chao Yu <chao@kernel.org> wrote:
> 
> On 2018/7/7 23:48, Xu, Wen wrote:
>> Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?
> 
> Yes, let me figure out the problem.
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
> 
> Above commit seems breaking normal case, let me update it.
> 
> Thanks,
> 
>> 
>> Thanks
>> -Wen
>> 
>>> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
>>> 
>>> Hi Wen,
>>> 
>>> I've update two patches today for these issues, could you please test them?
>>> 
>>> On 2018/7/6 9:30, Xu, Wen wrote:
>>>> Thanks very much! I would like to provide any further help or testing.
>>>> 
>>>> -Wen
>>>> 
>>>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>>>> 
>>>>> Hi Wen,
>>>>> 
>>>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>>>> Dear F2FS developers,
>>>>>> 
>>>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>>>> 
>>>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>> 
>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>> 
>>>>>> 
>>>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>> 
>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
>>> 
>>>>>> 
>>>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>>>> 
>>>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>> 
>>> Fixes this issue with above commit.
>>> 
>>> Thanks,
>>> 
>>>>>> 
>>>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>>>> 
>>>>> Alright, I will dig into these issues in these days, once I have solution, will
>>>>> let you know.
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>>> 
>>>>>> -Wen
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Linux-f2fs-devel mailing list
>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>> 
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Linux-f2fs-devel mailing list
>> Linux-f2fs-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

I updated a commit, could you have a try with last f2fs-dev?

On 2018/7/8 10:43, Xu, Wen wrote:
> It is already fixed by the latest commit in your git tree?
> 
> Thanks,
> Wen
> 
>> On Jul 7, 2018, at 12:32 PM, Chao Yu <chao@kernel.org> wrote:
>>
>> On 2018/7/7 23:48, Xu, Wen wrote:
>>> Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?
>>
>> Yes, let me figure out the problem.
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>
>> Above commit seems breaking normal case, let me update it.
>>
>> Thanks,
>>
>>>
>>> Thanks
>>> -Wen
>>>
>>>> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
>>>>
>>>> Hi Wen,
>>>>
>>>> I've update two patches today for these issues, could you please test them?
>>>>
>>>> On 2018/7/6 9:30, Xu, Wen wrote:
>>>>> Thanks very much! I would like to provide any further help or testing.
>>>>>
>>>>> -Wen
>>>>>
>>>>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>>>>>
>>>>>> Hi Wen,
>>>>>>
>>>>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>>>>> Dear F2FS developers,
>>>>>>>
>>>>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>>>>>
>>>>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>>>
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>>>
>>>>>>>
>>>>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>>>
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
>>>>
>>>>>>>
>>>>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>>>>>
>>>>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>>>
>>>> Fixes this issue with above commit.
>>>>
>>>> Thanks,
>>>>
>>>>>>>
>>>>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>>>>>
>>>>>> Alright, I will dig into these issues in these days, once I have solution, will
>>>>>> let you know.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>>
>>>>>>> -Wen
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> Linux-f2fs-devel mailing list
>>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Linux-f2fs-devel mailing list
>>> Linux-f2fs-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Chao Yu]

I guess, could you please test it?

Thanks,

On 2018/7/8 10:43, Xu, Wen wrote:
> It is already fixed by the latest commit in your git tree?
> 
> Thanks,
> Wen
> 
>> On Jul 7, 2018, at 12:32 PM, Chao Yu <chao@kernel.org> wrote:
>>
>> On 2018/7/7 23:48, Xu, Wen wrote:
>>> Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?
>>
>> Yes, let me figure out the problem.
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>
>> Above commit seems breaking normal case, let me update it.
>>
>> Thanks,
>>
>>>
>>> Thanks
>>> -Wen
>>>
>>>> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
>>>>
>>>> Hi Wen,
>>>>
>>>> I've update two patches today for these issues, could you please test them?
>>>>
>>>> On 2018/7/6 9:30, Xu, Wen wrote:
>>>>> Thanks very much! I would like to provide any further help or testing.
>>>>>
>>>>> -Wen
>>>>>
>>>>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>>>>>
>>>>>> Hi Wen,
>>>>>>
>>>>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>>>>> Dear F2FS developers,
>>>>>>>
>>>>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>>>>>
>>>>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>>>
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>>>
>>>>>>>
>>>>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>>>
>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
>>>>
>>>>>>>
>>>>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>>>>>
>>>>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>>>
>>>> Fixes this issue with above commit.
>>>>
>>>> Thanks,
>>>>
>>>>>>>
>>>>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>>>>>
>>>>>> Alright, I will dig into these issues in these days, once I have solution, will
>>>>>> let you know.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>>
>>>>>>> -Wen
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> Linux-f2fs-devel mailing list
>>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Linux-f2fs-devel mailing list
>>> Linux-f2fs-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Linux-f2fs-devel mailing list
> Linux-f2fs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: Bug report: some new bugs found by fuzzing

[Xu, Wen]

Yeah, the issues are all fixed by your commits regarding my tests.

Thanks,
Wen

> On Jul 9, 2018, at 11:10 AM, Chao Yu <chao@kernel.org> wrote:
> 
> I guess, could you please test it?
> 
> Thanks,
> 
> On 2018/7/8 10:43, Xu, Wen wrote:
>> It is already fixed by the latest commit in your git tree?
>> 
>> Thanks,
>> Wen
>> 
>>> On Jul 7, 2018, at 12:32 PM, Chao Yu <chao@kernel.org> wrote:
>>> 
>>> On 2018/7/7 23:48, Xu, Wen wrote:
>>>> Sure I will do it. So you are still willing to fix the issues even it may be affected by CHECK_FS config?
>>> 
>>> Yes, let me figure out the problem.
>>> 
>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>> 
>>> Above commit seems breaking normal case, let me update it.
>>> 
>>> Thanks,
>>> 
>>>> 
>>>> Thanks
>>>> -Wen
>>>> 
>>>>> On Jul 6, 2018, at 12:22 PM, Chao Yu <chao@kernel.org> wrote:
>>>>> 
>>>>> Hi Wen,
>>>>> 
>>>>> I've update two patches today for these issues, could you please test them?
>>>>> 
>>>>> On 2018/7/6 9:30, Xu, Wen wrote:
>>>>>> Thanks very much! I would like to provide any further help or testing.
>>>>>> 
>>>>>> -Wen
>>>>>> 
>>>>>>> On Jul 5, 2018, at 9:13 PM, Chao Yu <yuchao0@huawei.com> wrote:
>>>>>>> 
>>>>>>> Hi Wen,
>>>>>>> 
>>>>>>> On 2018/7/6 3:19, Xu, Wen wrote:
>>>>>>>> Dear F2FS developers,
>>>>>>>> 
>>>>>>>> By fuzzing, I find some new issues in Linux f2fs kernel module. Here are the links on Bugzilla,
>>>>>>>> 
>>>>>>>> 200419	NULL pointer dereference in __remove_dirty_segment() when mounting an f2fs image
>>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200419
>>>>> 
>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ccf5e1525e92010dd2cb8ff5a820283f9bff5c78
>>>>> 
>>>>>>>> 
>>>>>>>> 200421	Buffer overrun in f2fs_truncate_inline_inode() when umounting an f2fs image
>>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200421
>>>>> 
>>>>> https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=ea08202ee4ca67b31b3510591f2a8032ec3ac4cb
>>>>> 
>>>>>>>> 
>>>>>>>> 200423	Out-of-bound access in f2fs_get_dnode_of_data() when operating file on an f2fs image
>>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200423
>>>>>>>> 
>>>>>>>> 200425	Invalid memory access in f2fs_find_target_dentry() when operating files on an f2fs image
>>>>>>>> https://bugzilla.kernel.org/show_bug.cgi?id=200425
>>>>> 
>>>>> Fixes this issue with above commit.
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>>>>> 
>>>>>>>> Regarding my testing, they can all be reproduced w/ Chao’s f2fs-dev branch. Thanks!
>>>>>>> 
>>>>>>> Alright, I will dig into these issues in these days, once I have solution, will
>>>>>>> let you know.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> 
>>>>>>>> 
>>>>>>>> -Wen
>>>>>> 
>>>>>> ------------------------------------------------------------------------------
>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>>> _______________________________________________
>>>>>> Linux-f2fs-devel mailing list
>>>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>> 
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Linux-f2fs-devel mailing list
>>>> Linux-f2fs-devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>>>> 
>> 
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Linux-f2fs-devel mailing list
>> Linux-f2fs-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
>> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel