Bug 215225
Summary: | FUZZ: Page fault and infinite loop after mount and operate on crafted image | ||
---|---|---|---|
Product: | File System | Reporter: | Theodore Tso (tytso) |
Component: | ext4 | Assignee: | fs_ext4 (fs_ext4) |
Status: | NEW --- | ||
Severity: | normal | CC: | qhjin_dev, wenqingliu0120 |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 5.16.0-rc3 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: |
tmp38.zip
POC_script |
Description
Theodore Tso
2021-12-05 20:36:10 UTC
It seems that the tmp38.img is corrupt. Could you please send a correct one? $ e2fsck tmp38.img e2fsck 1.45.7 (28-Jan-2021) ext2fs_open2: The ext2 superblock is corrupt e2fsck: Superblock invalid, trying backup blocks... tmp38.img contains a file system with errors, check forced. Resize inode not valid. Recreate<y>? yes Pass 1: Checking inodes, blocks, and sizes Root inode has dtime set (probably due to old mke2fs). Fix<y>? yes Inode 13 has an invalid extent (logical block 0, invalid physical block 8332801, len 1) Clear<y>? yes Inode 13 has an invalid extent (logical block 0, invalid physical block 64344, len 1) Clear<y>? yes Thanks, Qinghua Jin Created attachment 300157 [details]
POC_script
The bug is triggered when mount and operate on the corrupted image. I can still reproduce it on 5.16.0-rc6 when run $unzip tmp38.zip $su #./single.sh ext4 38 |