* [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing
@ 2018-06-25 1:54 Xu, Wen
2018-06-29 12:22 ` Bob Peterson
0 siblings, 1 reply; 4+ messages in thread
From: Xu, Wen @ 2018-06-25 1:54 UTC (permalink / raw)
To: cluster-devel.redhat.com
Dear GFS2 developers,
Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local fuzzing test, please check the followings:
200265 BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file system
https://bugzilla.kernel.org/show_bug.cgi?id=200265
200263 Invalid function pointer invoked when writing to a file on corrupted gfs2 filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=200263
200261 BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200261
200259 Invalid function pointer called when writing to a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200259
200257 Kernel panic when invoking setxattr on a file in the corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200257
200253 Uninitialized stack variable misused in rgblk_free()
https://bugzilla.kernel.org/show_bug.cgi?id=200253
200251 BUG() triggered in gfs2_write_calc_reserv() when mounting and un-mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200251
200249 NULL pointer dereference in gfs2_evict_inode() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200249
200245 Kernel panic in fillup_metapath() when calling stat() on the file in a corrupted gfs2 file system
https://bugzilla.kernel.org/show_bug.cgi?id=200245
200247 Invalid function pointer invoked when calling mmap() on a file in the corrupted gfs2 file system
https://bugzilla.kernel.org/show_bug.cgi?id=200247
200237 BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200237
200235 Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200235
200233 NULL pointer dereference in set_rgrp_preferences() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200233
200231 stack overflow in gfs2_block_map() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200231
You can find the corrupt image leading to kernel panic and related kernel message in the Bugzilla links.
Among them, 200263, 200259 and 200247 may have the same root cause, but I am not sure.
I would like to provide any further help to debug and fix the bugs. I am also willing to test the patch.
Thanks,
Wen
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing
2018-06-25 1:54 [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing Xu, Wen
@ 2018-06-29 12:22 ` Bob Peterson
2018-07-18 21:02 ` Xu, Wen
0 siblings, 1 reply; 4+ messages in thread
From: Bob Peterson @ 2018-06-29 12:22 UTC (permalink / raw)
To: cluster-devel.redhat.com
----- Original Message -----
> Dear GFS2 developers,
>
> Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local
> fuzzing test, please check the followings:
>
> 200265 BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file
> system
> https://bugzilla.kernel.org/show_bug.cgi?id=200265
>
> 200263 Invalid function pointer invoked when writing to a file on corrupted
> gfs2 filesystem
> https://bugzilla.kernel.org/show_bug.cgi?id=200263
>
> 200261 BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
> https://bugzilla.kernel.org/show_bug.cgi?id=200261
>
> 200259 Invalid function pointer called when writing to a corrupted gfs2 image
> https://bugzilla.kernel.org/show_bug.cgi?id=200259
>
> 200257 Kernel panic when invoking setxattr on a file in the corrupted gfs2
> image
> https://bugzilla.kernel.org/show_bug.cgi?id=200257
>
> 200253 Uninitialized stack variable misused in rgblk_free()
> https://bugzilla.kernel.org/show_bug.cgi?id=200253
>
> 200251 BUG() triggered in gfs2_write_calc_reserv() when mounting and
> un-mounting a corrupted gfs2 image
> https://bugzilla.kernel.org/show_bug.cgi?id=200251
>
> 200249 NULL pointer dereference in gfs2_evict_inode() when mounting a
> corrupted gfs2 image
> https://bugzilla.kernel.org/show_bug.cgi?id=200249
>
> 200245 Kernel panic in fillup_metapath() when calling stat() on the file in a
> corrupted gfs2 file system
> https://bugzilla.kernel.org/show_bug.cgi?id=200245
>
> 200247 Invalid function pointer invoked when calling mmap() on a file in the
> corrupted gfs2 file system
> https://bugzilla.kernel.org/show_bug.cgi?id=200247
>
> 200237 BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2
> image
> https://bugzilla.kernel.org/show_bug.cgi?id=200237
>
> 200235 Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2
> image
> https://bugzilla.kernel.org/show_bug.cgi?id=200235
>
> 200233 NULL pointer dereference in set_rgrp_preferences() when mounting a
> corrupted gfs2 image
> https://bugzilla.kernel.org/show_bug.cgi?id=200233
>
> 200231 stack overflow in gfs2_block_map() when mounting a corrupted gfs2
> image
> https://bugzilla.kernel.org/show_bug.cgi?id=200231
>
> You can find the corrupt image leading to kernel panic and related kernel
> message in the Bugzilla links.
> Among them, 200263, 200259 and 200247 may have the same root cause, but I am
> not sure.
> I would like to provide any further help to debug and fix the bugs. I am also
> willing to test the patch.
>
> Thanks,
> Wen
Hi,
Thanks, Wen. Andy Price is doing most of the work on gfs2-utils and fsck.gfs2
these days. Adding him.
Regards,
Bob Peterson
Red Hat File Systems
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing
2018-06-29 12:22 ` Bob Peterson
@ 2018-07-18 21:02 ` Xu, Wen
2018-07-19 10:20 ` Andrew Price
0 siblings, 1 reply; 4+ messages in thread
From: Xu, Wen @ 2018-07-18 21:02 UTC (permalink / raw)
To: cluster-devel.redhat.com
Dear GFS2 developers,
I would like to know if there is any update on these issues?
Thanks,
Wen
> On Jun 29, 2018, at 8:22 AM, Bob Peterson <rpeterso@redhat.com> wrote:
>
> ----- Original Message -----
>> Dear GFS2 developers,
>>
>> Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local
>> fuzzing test, please check the followings:
>>
>> 200265 BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file
>> system
>> https://bugzilla.kernel.org/show_bug.cgi?id=200265
>>
>> 200263 Invalid function pointer invoked when writing to a file on corrupted
>> gfs2 filesystem
>> https://bugzilla.kernel.org/show_bug.cgi?id=200263
>>
>> 200261 BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200261
>>
>> 200259 Invalid function pointer called when writing to a corrupted gfs2 image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200259
>>
>> 200257 Kernel panic when invoking setxattr on a file in the corrupted gfs2
>> image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200257
>>
>> 200253 Uninitialized stack variable misused in rgblk_free()
>> https://bugzilla.kernel.org/show_bug.cgi?id=200253
>>
>> 200251 BUG() triggered in gfs2_write_calc_reserv() when mounting and
>> un-mounting a corrupted gfs2 image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200251
>>
>> 200249 NULL pointer dereference in gfs2_evict_inode() when mounting a
>> corrupted gfs2 image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200249
>>
>> 200245 Kernel panic in fillup_metapath() when calling stat() on the file in a
>> corrupted gfs2 file system
>> https://bugzilla.kernel.org/show_bug.cgi?id=200245
>>
>> 200247 Invalid function pointer invoked when calling mmap() on a file in the
>> corrupted gfs2 file system
>> https://bugzilla.kernel.org/show_bug.cgi?id=200247
>>
>> 200237 BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2
>> image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200237
>>
>> 200235 Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2
>> image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200235
>>
>> 200233 NULL pointer dereference in set_rgrp_preferences() when mounting a
>> corrupted gfs2 image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200233
>>
>> 200231 stack overflow in gfs2_block_map() when mounting a corrupted gfs2
>> image
>> https://bugzilla.kernel.org/show_bug.cgi?id=200231
>>
>> You can find the corrupt image leading to kernel panic and related kernel
>> message in the Bugzilla links.
>> Among them, 200263, 200259 and 200247 may have the same root cause, but I am
>> not sure.
>> I would like to provide any further help to debug and fix the bugs. I am also
>> willing to test the patch.
>>
>> Thanks,
>> Wen
> Hi,
>
> Thanks, Wen. Andy Price is doing most of the work on gfs2-utils and fsck.gfs2
> these days. Adding him.
>
> Regards,
>
> Bob Peterson
> Red Hat File Systems
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing
2018-07-18 21:02 ` Xu, Wen
@ 2018-07-19 10:20 ` Andrew Price
0 siblings, 0 replies; 4+ messages in thread
From: Andrew Price @ 2018-07-19 10:20 UTC (permalink / raw)
To: cluster-devel.redhat.com
Hi,
On 18/07/18 22:02, Xu, Wen wrote:
> Dear GFS2 developers,
>
> I would like to know if there is any update on these issues?
No updates I'm afraid. There are only a small number of gfs2 developers
and we have to prioritise work, and bugs discovered by fuzzers tend to
be ones that are difficult to encounter during normal usage.
gfs2 development is really fun though, so if you know any bored Linux
programmers then suggest gfs2 bug fixing to them :)
Andy
>
> Thanks,
> Wen
>
>> On Jun 29, 2018, at 8:22 AM, Bob Peterson <rpeterso@redhat.com> wrote:
>>
>> ----- Original Message -----
>>> Dear GFS2 developers,
>>>
>>> Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local
>>> fuzzing test, please check the followings:
>>>
>>> 200265 BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file
>>> system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200265
>>>
>>> 200263 Invalid function pointer invoked when writing to a file on corrupted
>>> gfs2 filesystem
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200263
>>>
>>> 200261 BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200261
>>>
>>> 200259 Invalid function pointer called when writing to a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200259
>>>
>>> 200257 Kernel panic when invoking setxattr on a file in the corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200257
>>>
>>> 200253 Uninitialized stack variable misused in rgblk_free()
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200253
>>>
>>> 200251 BUG() triggered in gfs2_write_calc_reserv() when mounting and
>>> un-mounting a corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200251
>>>
>>> 200249 NULL pointer dereference in gfs2_evict_inode() when mounting a
>>> corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200249
>>>
>>> 200245 Kernel panic in fillup_metapath() when calling stat() on the file in a
>>> corrupted gfs2 file system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200245
>>>
>>> 200247 Invalid function pointer invoked when calling mmap() on a file in the
>>> corrupted gfs2 file system
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200247
>>>
>>> 200237 BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200237
>>>
>>> 200235 Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200235
>>>
>>> 200233 NULL pointer dereference in set_rgrp_preferences() when mounting a
>>> corrupted gfs2 image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200233
>>>
>>> 200231 stack overflow in gfs2_block_map() when mounting a corrupted gfs2
>>> image
>>> https://bugzilla.kernel.org/show_bug.cgi?id=200231
>>>
>>> You can find the corrupt image leading to kernel panic and related kernel
>>> message in the Bugzilla links.
>>> Among them, 200263, 200259 and 200247 may have the same root cause, but I am
>>> not sure.
>>> I would like to provide any further help to debug and fix the bugs. I am also
>>> willing to test the patch.
>>>
>>> Thanks,
>>> Wen
>> Hi,
>>
>> Thanks, Wen. Andy Price is doing most of the work on gfs2-utils and fsck.gfs2
>> these days. Adding him.
>>
>> Regards,
>>
>> Bob Peterson
>> Red Hat File Systems
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-19 10:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-25 1:54 [Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing Xu, Wen
2018-06-29 12:22 ` Bob Peterson
2018-07-18 21:02 ` Xu, Wen
2018-07-19 10:20 ` Andrew Price
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.