KASAN: use-after-free Read in ext4_xattr_set

Title	Replies (including bot)	Last reply
[PATCH 4.19 00/70] 4.19.102-stable review	77 (77)	2020/02/05 14:42
[PATCH 4.14 00/89] 4.14.170-stable review	93 (93)	2020/02/04 17:19
[PATCH 5.4 000/434] 5.4.7-stable review	465 (465)	2020/01/03 16:53
KASAN: use-after-free Read in ext4_xattr_set_entry (2)	2 (6)	2019/12/16 08:09

Title

Replies (including bot)

Last reply

[PATCH 4.19 00/70] 4.19.102-stable review

77 (77)

2020/02/05 14:42

[PATCH 4.14 00/89] 4.14.170-stable review

93 (93)

2020/02/04 17:19

[PATCH 5.4 000/434] 5.4.7-stable review

465 (465)

2020/01/03 16:53

KASAN: use-after-free Read in ext4_xattr_set_entry (2)

2 (6)

2019/12/16 08:09

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.14	KASAN: use-after-free Read in ext4_xattr_set_entry (3)	C		error	1	791d	1276d	0/1	upstream: reported C repro on 2020/10/28 15:08
android-414	KASAN: use-after-free Read in ext4_xattr_set_entry (2)				6	1639d	1695d	0/1	auto-closed as invalid on 2020/02/28 13:35
linux-4.14	KASAN: use-after-free Read in ext4_xattr_set_entry (2)				1	1495d	1495d	0/1	auto-closed as invalid on 2020/07/21 03:20
linux-4.19	KASAN: use-after-free Read in ext4_xattr_set_entry (2)	C		done	7	957d	1415d	1/1	fixed on 2021/10/13 07:23
upstream	KASAN: use-after-free Read in ext4_xattr_set_entry ext4				1	2100d	2100d	0/26	closed as invalid on 2018/07/29 11:55
android-414	KASAN: use-after-free Read in ext4_xattr_set_entry				4	1947d	1840d	0/1	auto-closed as invalid on 2019/06/26 01:15
upstream	KASAN: use-after-free Read in ext4_xattr_set_entry (5) ext4				2	641d	699d	0/26	auto-obsoleted due to no activity on 2022/11/22 17:19
upstream	KASAN: use-after-free Read in ext4_xattr_set_entry (3) ext4				4	1391d	1509d	0/26	auto-closed as invalid on 2020/11/02 08:32
linux-4.19	KASAN: use-after-free Read in ext4_xattr_set_entry	syz		done	10	1519d	1767d	1/1	fixed on 2020/03/30 09:03
upstream	KASAN: use-after-free Read in ext4_xattr_set_entry (4) ext4	C	error	done	21	795d	1182d	20/26	fixed on 2022/03/28 10:17
android-54	KASAN: use-after-free Read in ext4_xattr_set_entry				6	1359d	1540d	0/2	auto-closed as invalid on 2020/12/04 21:44
linux-4.14	KASAN: use-after-free Read in ext4_xattr_set_entry	C		done	9	1547d	1639d	1/1	fixed on 2020/03/01 21:06

Created	Duration	User	Patch	Repo	Result
2019/12/15 06:30	18m	tytso@mit.edu	patch	https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git master	OK

Created

Duration

User

Patch

Repo

Result

2019/12/15 06:30

18m

tytso@mit.edu

patch

https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git master

================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x35de/0x3770 fs/ext4/xattr.c:1580 Read of size 4 at addr ffff888082265183 by task syz-executor968/9741 CPU: 1 PID: 9741 Comm: syz-executor968 Not tainted 5.5.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:639 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:134 ext4_xattr_set_entry+0x35de/0x3770 fs/ext4/xattr.c:1580 ext4_xattr_ibody_set+0x80/0x2d0 fs/ext4/xattr.c:2216 ext4_xattr_set_handle+0x933/0x1200 fs/ext4/xattr.c:2372 ext4_initxattrs+0xc0/0x130 fs/ext4/xattr_security.c:43 security_inode_init_security security/security.c:996 [inline] security_inode_init_security+0x2c8/0x3b0 security/security.c:969 ext4_init_security+0x34/0x40 fs/ext4/xattr_security.c:57 __ext4_new_inode+0x4288/0x4f30 fs/ext4/ialloc.c:1155 ext4_mkdir+0x3d5/0xe20 fs/ext4/namei.c:2774 vfs_mkdir+0x42e/0x670 fs/namei.c:3819 do_mkdirat+0x234/0x2a0 fs/namei.c:3842 __do_sys_mkdir fs/namei.c:3858 [inline] __se_sys_mkdir fs/namei.c:3856 [inline] __x64_sys_mkdir+0x5c/0x80 fs/namei.c:3856 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x44c637 Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d d6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffedabe5578 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 000000000001632d RCX: 000000000044c637 RDX: 00007ffedabe55e3 RSI: 00000000000001ff RDI: 00007ffedabe55e0 RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000001 R13: 000000000040a180 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea0002089940 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 raw: 00fffe0000000000 ffffea0002082c88 ffffea0002089908 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888082265080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888082265100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888082265180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888082265200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888082265280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================

Crashes (19):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/12/16 14:14	upstream	07c4b9e9f71a	eef6e580	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/12/13 18:20	upstream	ae4b064e2a61	08003f64	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/12/04 02:31	upstream	76bb8b05960c	ae13a849	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/11/17 14:57	upstream	fe30021c36fb	d5696d51	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/11/05 05:54	upstream	a99d8080aaf3	76630fc9	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/09/29 18:43	upstream	02dc96ef6c25	c1ad5441	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/08/30 20:52	upstream	6525771f58cb	fd37b39e	.config	console log	report			ci-upstream-kasan-gce-root
2019/08/09 16:51	upstream	b678c568c561	ede31a9b	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/06/30 18:31	upstream	6fbc7275c7a9	7509bf36	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/04/28 13:18	upstream	037904a22bf8	b617407b	.config	console log	report			ci-upstream-kasan-gce-root
2019/04/17 10:55	upstream	444fe9913539	b0e8efcb	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/03/04 23:58	upstream	736706bee329	7c693b52	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/01/05 20:03	upstream	3fed6ae4b027	53be0a37	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/05 15:07	upstream	3fed6ae4b027	53be0a37	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/01/04 08:59	upstream	645ff1e8e704	7da23925	.config	console log	report			ci-upstream-kasan-gce-smack-root
2018/11/16 00:41	upstream	da5322e65940	3a41052e	.config	console log	report			ci-upstream-kasan-gce-root
2018/11/01 09:35	upstream	59fc453b21f7	1f38e9ae	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/10/07 22:54	upstream	fb1c592cf4c9	8b311eaf	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/28 19:52	linux-next	3ddfa8af5dc9	b617407b	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (19):

Assets (help?)

2019/12/16 14:14

upstream