[Cluster-devel] A list of kernel panic bugs in gfs2 linux 4.18 kernel module found by fuzzing

[Xu, Wen]

Dear GFS2 developers,

Here are a list of bugs I found in gfs2 Linux 4.18 kernel module by local 
fuzzing test, please check the followings:

200265  BUG() in gfs2_unpin() when writing to a file on a corrupted gfs2 file 
system
https://bugzilla.kernel.org/show_bug.cgi?id=200265

200263  Invalid function pointer invoked when writing to a file on corrupted 
gfs2 filesystem
https://bugzilla.kernel.org/show_bug.cgi?id=200263

200261  BUG() in __gfs2_punch_hole() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200261

200259  Invalid function pointer called when writing to a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200259

200257  Kernel panic when invoking setxattr on a file in the corrupted gfs2 
image
https://bugzilla.kernel.org/show_bug.cgi?id=200257

200253  Uninitialized stack variable misused in rgblk_free()
https://bugzilla.kernel.org/show_bug.cgi?id=200253

200251  BUG() triggered in gfs2_write_calc_reserv() when mounting and 
un-mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200251

200249  NULL pointer dereference in gfs2_evict_inode() when mounting a 
corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200249

200245  Kernel panic in fillup_metapath() when calling stat() on the file in a 
corrupted gfs2 file system
https://bugzilla.kernel.org/show_bug.cgi?id=200245

200247  Invalid function pointer invoked when calling mmap() on a file in the 
corrupted gfs2 file system
https://bugzilla.kernel.org/show_bug.cgi?id=200247

200237  BUG() triggered in gfs2_iomap_get() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200237

200235  Out-of-bound access in gfs2_read_sb() when mounting a corrupted gfs2 
image
https://bugzilla.kernel.org/show_bug.cgi?id=200235

200233  NULL pointer dereference in set_rgrp_preferences() when mounting a 
corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200233

200231  stack overflow in gfs2_block_map() when mounting a corrupted gfs2 image
https://bugzilla.kernel.org/show_bug.cgi?id=200231

You can find the corrupt image leading to kernel panic and related kernel 
message in the Bugzilla links.
Among them, 200263, 200259 and 200247 may have the same root cause, but I am 
not sure.
I would like to provide any further help to debug and fix the bugs. I am also 
willing to test the patch.

Thanks,
Wen