On Wed, Jul 09, 2025 at 10:30:12AM +0200, Jan Kara wrote: > Hi! > > On Tue 08-07-25 10:51:27, syzbot wrote: > > syzbot found the following issue on: > > > > HEAD commit: d7b8f8e20813 Linux 6.16-rc5 > > git tree: upstream > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=107e728c580000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=72aa0474e3c3b9ac > > dashboard link: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d > > compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11305582580000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10952bd4580000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/605b3edeb031/disk-d7b8f8e2.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/a3cb6f3ea4a9/vmlinux-d7b8f8e2.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/cd9e0c6a9926/bzImage-d7b8f8e2.xz > > mounted in repro: https://storage.googleapis.com/syzbot-assets/2a7ab270a8da/mount_0.gz > > > > The issue was bisected to: > > > > commit af153bb63a336a7ca0d9c8ef4ca98119c5020030 > > Author: Mateusz Guzik <mjguzik@xxxxxxxxx> > > Date: Sun Feb 9 18:55:21 2025 +0000 > > > > vfs: catch invalid modes in may_open() > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17f94a8c580000 > > final oops: https://syzkaller.appspot.com/x/report.txt?x=14054a8c580000 > > console output: https://syzkaller.appspot.com/x/log.txt?x=10054a8c580000 > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+895c23f6917da440ed0d@xxxxxxxxxxxxxxxxxxxxxxxxx > > Fixes: af153bb63a33 ("vfs: catch invalid modes in may_open()") > > > > VFS_BUG_ON_INODE(!IS_ANON_FILE(inode)) encountered for inode ffff8880724735b8 > > FWIW the reproducer just mounts a filesystem image and opens a file there > which crashes because the inode type is invalid. Which suggests there's > insufficient validation of inode metadata (in particular the inode mode) > being loaded from the disk... There are reproducers in the syzbot dashboard > for nilfs2, ntfs3, isofs, jfs. I'll take care of isofs, added other > filesystem maintainers to CC. I'm certainly happy to have added that assert.
