Title | Replies (including bot) | Last reply |
---|---|---|
[PATCH v2] ext4: Fix possible use-after-free in ext4_find_extent | 6 (6) | 2023/01/02 05:41 |
[PATCH] ext4: Fix possible use-after-free in ext4_find_extent | 2 (2) | 2022/12/29 22:40 |
syzbot |
sign-in | mailing list | source | docs |
Title | Replies (including bot) | Last reply |
---|---|---|
[PATCH v2] ext4: Fix possible use-after-free in ext4_find_extent | 6 (6) | 2023/01/02 05:41 |
[PATCH] ext4: Fix possible use-after-free in ext4_find_extent | 2 (2) | 2022/12/29 22:40 |
Date | Name | Commit | Repro | Result |
---|---|---|---|---|
2023/09/22 | lts (merge base) | aff03380bda4 | C | [report] kernel BUG in ext4_writepages |
2023/09/22 | upstream (ToT) | 27bbf45eae9c | C | Didn't crash |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2025/04/14 17:34 | 6m | retest repro | android13-5.15-lts | report log | |
2025/03/31 12:28 | 6m | retest repro | android13-5.15-lts | report log | |
2025/03/16 14:20 | 5m | retest repro | android13-5.15-lts | report log | |
2025/03/16 14:20 | 1h04m | retest repro | android13-5.15-lts | report log | |
2025/03/16 14:20 | 5m | retest repro | android13-5.15-lts | report log | |
2025/03/16 14:20 | 6m | retest repro | android13-5.15-lts | report log | |
2025/03/01 03:20 | 20m | retest repro | android13-5.15-lts | report log | |
2025/02/14 10:12 | 5m | retest repro | android13-5.15-lts | report log | |
2022/12/28 14:25 | 13m | tudor.ambarus@linaro.org | https://github.com/ambarus/linux.git 5ee4e1b578324fdfde35eaf5ceb30a19336c97f6 | OK log | |
2022/12/28 13:48 | 7m | tudor.ambarus@linaro.org | upstream | report log | |
2022/12/28 13:47 | 13m | tudor.ambarus@linaro.org | https://github.com/ambarus/linux.git f3c76c42a554367d313d2e315676b19535089ac3 | OK log |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2024/05/16 00:06 | 40m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/10/23 19:44 | 42m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/07/31 02:16 | 55m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/06/01 08:00 | 16m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/05/01 12:38 | 18m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/03/04 00:47 | 18m | bisect fix | android13-5.15-lts | OK (0) job log log | |
2023/02/01 21:22 | 28m | bisect fix | android13-5.15-lts | OK (0) job log log |
================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch fs/ext4/extents.c:827 [inline] BUG: KASAN: use-after-free in ext4_find_extent+0xbea/0xe30 fs/ext4/extents.c:946 Read of size 4 at addr ffff88812324ec14 by task kworker/u4:0/8 CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.178-syzkaller-00034-g5e1b899f19c3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Workqueue: writeback wb_workfn (flush-7:4) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106 print_address_description+0x87/0x3b0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:427 [inline] kasan_report+0x179/0x1c0 mm/kasan/report.c:444 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report_generic.c:308 ext4_ext_binsearch fs/ext4/extents.c:827 [inline] ext4_find_extent+0xbea/0xe30 fs/ext4/extents.c:946 ext4_ext_map_blocks+0x269/0x7450 fs/ext4/extents.c:4165 ext4_map_blocks+0xa60/0x1c70 fs/ext4/inode.c:673 mpage_map_one_extent fs/ext4/inode.c:2420 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2473 [inline] ext4_writepages+0x1628/0x4000 fs/ext4/inode.c:2841 do_writepages+0x40e/0x670 mm/page-writeback.c:2388 __writeback_single_inode+0xdf/0xa70 fs/fs-writeback.c:1647 writeback_sb_inodes+0xb2a/0x1920 fs/fs-writeback.c:1930 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:2001 wb_writeback+0x3da/0x9f0 fs/fs-writeback.c:2108 wb_check_background_flush fs/fs-writeback.c:2178 [inline] wb_do_writeback fs/fs-writeback.c:2266 [inline] wb_workfn+0xc12/0x1110 fs/fs-writeback.c:2294 process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325 worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472 kthread+0x421/0x510 kernel/kthread.c:337 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 </TASK> The buggy address belongs to the page: page:ffffea00048c9380 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12324e flags: 0x4000000000000000(zone=1) raw: 4000000000000000 ffffea00048c93c8 ffffea00048c9348 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 0, migratetype Movable, gfp_mask 0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), pid 538, ts 30453639745, free_ts 30574608672 set_page_owner include/linux/page_owner.h:33 [inline] post_alloc_hook+0x1a3/0x1b0 mm/page_alloc.c:2605 prep_new_page+0x1b/0x110 mm/page_alloc.c:2611 get_page_from_freelist+0x3550/0x35d0 mm/page_alloc.c:4485 __alloc_pages+0x27e/0x8f0 mm/page_alloc.c:5780 __alloc_pages_node include/linux/gfp.h:591 [inline] alloc_pages_node include/linux/gfp.h:605 [inline] alloc_pages include/linux/gfp.h:618 [inline] __page_cache_alloc include/linux/pagemap.h:305 [inline] pagecache_get_page+0xb18/0xeb0 mm/filemap.c:1946 grab_cache_page_write_begin+0x5d/0xa0 mm/filemap.c:3811 ext4_da_write_begin+0x5ae/0xc30 fs/ext4/inode.c:3014 generic_perform_write+0x2de/0x750 mm/filemap.c:3857 ext4_buffered_write_iter+0x48a/0x610 fs/ext4/file.c:270 ext4_file_write_iter+0x454/0x1660 fs/ext4/file.c:-1 call_write_iter include/linux/fs.h:2204 [inline] new_sync_write fs/read_write.c:507 [inline] vfs_write+0xd5d/0x1110 fs/read_write.c:594 ksys_write+0x199/0x2c0 fs/read_write.c:647 __do_sys_write fs/read_write.c:659 [inline] __se_sys_write fs/read_write.c:656 [inline] __x64_sys_write+0x7b/0x90 fs/read_write.c:656 x64_sys_call+0x2f/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:2 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 page last free stack trace: reset_page_owner include/linux/page_owner.h:26 [inline] free_pages_prepare mm/page_alloc.c:1472 [inline] free_pcp_prepare mm/page_alloc.c:1544 [inline] free_unref_page_prepare+0x7c8/0x7d0 mm/page_alloc.c:3534 free_unref_page_list+0x14b/0xa60 mm/page_alloc.c:3671 release_pages+0x1310/0x1370 mm/swap.c:1009 __pagevec_release+0x84/0x100 mm/swap.c:1029 pagevec_release include/linux/pagevec.h:81 [inline] truncate_inode_pages_range+0x482/0x1160 mm/truncate.c:329 truncate_inode_pages mm/truncate.c:425 [inline] truncate_pagecache+0x6c/0x90 mm/truncate.c:735 ext4_setattr+0xe4a/0x1940 fs/ext4/inode.c:5578 notify_change+0xc7a/0xf30 fs/attr.c:505 do_truncate+0x21c/0x300 fs/open.c:66 handle_truncate fs/namei.c:3265 [inline] do_open fs/namei.c:3612 [inline] path_openat+0x28ed/0x2f40 fs/namei.c:3742 do_filp_open+0x21c/0x460 fs/namei.c:3769 do_sys_openat2+0x13f/0x820 fs/open.c:1234 do_sys_open fs/open.c:1250 [inline] __do_sys_openat fs/open.c:1266 [inline] __se_sys_openat fs/open.c:1261 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1261 x64_sys_call+0x6bf/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:258 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 Memory state around the buggy address: ffff88812324eb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812324eb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88812324ec00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88812324ec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88812324ed00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2025/03/31 16:29 | android13-5.15-lts | 5e1b899f19c3 | d3999433 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2023/09/22 15:16 | android13-5.15-lts | ea586874d2f9 | 0b6a67ac | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2023/06/16 06:36 | android13-5.15-lts | 19c0ed55a470 | f3921d4d | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2023/04/01 06:28 | android13-5.15-lts | 7364b7abbafb | f325deb0 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2023/03/19 02:20 | android13-5.15-lts | 5448b2fda85f | 7939252e | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2022/12/14 02:48 | android13-5.15-lts | 7048384c9872 | f6511626 | .config | strace log | report | syz | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | ||
2022/12/12 18:12 | android13-5.15-lts | 7048384c9872 | 67be1ae7 | .config | strace log | report | syz | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | ||
2022/12/04 17:22 | android13-5.15-lts | 92f701cae0bc | e080de16 | .config | strace log | report | syz | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | ||
2022/12/26 07:49 | android13-5.15-lts | c73b4619ad86 | 9da18ae8 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | |
2025/03/31 14:49 | android13-5.15-lts | 5e1b899f19c3 | d3999433 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent | ||
2023/06/17 10:21 | android13-5.15-lts | 36f4f6fb72d5 | f3921d4d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-android-5-15 | KASAN: use-after-free Read in ext4_find_extent |