KASAN: use-after-free Read in ext4_search

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
android-5-15	KASAN: slab-out-of-bounds Read in ext4_search_dir origin:upstream missing-backport	C			6	10d	370d	0/2	upstream: reported C repro on 2023/11/17 09:38
linux-5.15	KASAN: use-after-free Read in ext4_search_dir	C		done	5	46d	524d	3/3	fixed on 2024/11/08 17:20
upstream	KASAN: use-after-free Read in ext4_search_dir prio:low ext4	C	error	done	20	319d	560d	25/28	fixed on 2024/02/21 18:23
android-6-1	KASAN: use-after-free Read in ext4_search_dir origin:upstream missing-backport	C	error		26	9d18h	396d	0/2	upstream: reported C repro on 2023/10/22 16:55
android-5-10	KASAN: slab-out-of-bounds Read in ext4_search_dir	C		error	21	6d03h	370d	0/2	upstream: reported C repro on 2023/11/17 09:38
linux-6.1	KASAN: use-after-free Read in ext4_search_dir origin:upstream missing-backport	C		done	1	60d	521d	0/3	upstream: reported C repro on 2023/06/18 19:29
upstream	KASAN: use-after-free Read in ext4_search_dir (2) ext4	C			5	70d	94d	28/28	fixed on 2024/10/22 11:57

Created	Duration	User	Repo	Result
2024/10/01 06:40	6m	retest repro	android12-5.4	report log
2024/07/23 05:45	5m	retest repro	android12-5.4	report log
2024/05/14 05:06	9m	retest repro	android12-5.4	report log

Created

Duration

User

Patch

Repo

Result

2024/10/01 06:40

retest repro

android12-5.4

report log

2024/07/23 05:45

retest repro

android12-5.4

report log

2024/05/14 05:06

retest repro

android12-5.4

report log

================================================================== BUG: KASAN: use-after-free in ext4_search_dir+0xee/0x1b0 fs/ext4/namei.c:1504 Read of size 1 at addr ffff8881dcecd6e3 by task syz-executor424/362 CPU: 0 PID: 362 Comm: syz-executor424 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d8/0x241 lib/dump_stack.c:118 print_address_description+0x8c/0x600 mm/kasan/report.c:384 __kasan_report+0xf3/0x120 mm/kasan/report.c:516 kasan_report+0x30/0x60 mm/kasan/common.c:653 ext4_search_dir+0xee/0x1b0 fs/ext4/namei.c:1504 ext4_find_inline_entry+0x4b6/0x5e0 fs/ext4/inline.c:1698 __ext4_find_entry+0x2a9/0x1b50 fs/ext4/namei.c:1577 ext4_lookup_entry fs/ext4/namei.c:1730 [inline] ext4_lookup+0x3c6/0xaa0 fs/ext4/namei.c:1798 lookup_open fs/namei.c:3308 [inline] do_last fs/namei.c:3421 [inline] path_openat+0x159a/0x3480 fs/namei.c:3634 do_filp_open+0x20b/0x450 fs/namei.c:3664 do_sys_open+0x39c/0x810 fs/open.c:1113 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x5c/0xc1 The buggy address belongs to the page: page:ffffea000773b340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0x8000000000000000() raw: 8000000000000000 ffffea000773b388 ffffea000773b308 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffff8881dcecd580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881dcecd600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8881dcecd680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8881dcecd700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881dcecd780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== EXT4-fs error (device loop0): ext4_find_dest_de:2063: inode #12: block 5: comm syz-executor424: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=1375716473, rec_len=40042, size=56 fake=0

Crashes (17):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/04/15 06:45	android12-5.4	d0d34dcb02cc	c8349e48	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/30 04:03	android12-5.4	8322246edffa	34889ee3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/30 04:03	android12-5.4	8322246edffa	34889ee3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/30 04:02	android12-5.4	8322246edffa	34889ee3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/27 02:35	android12-5.4	8322246edffa	a10a183e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/27 02:35	android12-5.4	8322246edffa	a10a183e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/27 02:35	android12-5.4	8322246edffa	a10a183e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/20 21:21	android12-5.4	51cf29fc2bfc	c0f1611a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/05/15 16:54	android12-5.4	51cf29fc2bfc	94b087b1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/30 05:05	android12-5.4	2d5d8240a7cb	f10afd69	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/30 05:05	android12-5.4	2d5d8240a7cb	f10afd69	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/28 00:58	android12-5.4	2d5d8240a7cb	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/27 06:03	android12-5.4	2d5d8240a7cb	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/27 06:02	android12-5.4	2d5d8240a7cb	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/27 06:01	android12-5.4	2d5d8240a7cb	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/27 06:01	android12-5.4	2d5d8240a7cb	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir
2024/04/18 19:42	android12-5.4	2d5d8240a7cb	af24b050	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-android-5-4-kasan	KASAN: use-after-free Read in ext4_search_dir

Crashes (17):

Assets (help?)

2024/04/15 06:45

android12-5.4