Hello! On Mon 06-01-25 15:23:06, Kun Hu wrote: > When using our customized fuzzer tool to fuzz the latest Linux kernel, > the following crash was triggered. > > HEAD commit: fc033cf25e612e840e545f8d5ad2edd6ba613ed5 > git tree: upstream > Console output: https://drive.google.com/file/d/1-YGytaKuh9M4hI6x27YjsE0vSyRFngf5/view?usp=sharing > Kernel config: https://drive.google.com/file/d/1n2sLNg-YcIgZqhhQqyMPTDWM_N1Pqz73/view?usp=sharing > C reproducer: / > Syzlang reproducer: / > > We found an issue in the __bh_read function at line 3086, where a > slab-out-of-bounds error was reported. While the BUG_ON check ensures > that bh is locked, I suspect it’s possible that bh might have been > released prior to the call to __bh_read. This could result in accessing > invalid memory, ultimately triggering the reported issue. Well, most likely the bh pointer has already been corrupted. Again, nobody is likely to be able to debug this unless we have a reliable way to reproduce this problem. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
