KASAN: use-after-free Write in __ext4_expand_extra

Title	Replies (including bot)	Last reply
[PATCH 4.4 00/76] 4.4.211-stable review	81 (81)	2020/01/22 20:52
[PATCH 4.9 00/97] 4.9.211-stable review	102 (102)	2020/01/22 20:52
[PATCH 4.19 000/105] 4.19.45-stable review	131 (131)	2019/05/23 09:18
[PATCH 5.0 000/123] 5.0.18-stable review	130 (130)	2019/05/23 05:41
[PATCH 5.1 000/128] 5.1.4-stable review	136 (136)	2019/05/22 05:35
[PATCH 4.14 00/63] 4.14.121-stable review	68 (68)	2019/05/21 21:35
[PATCH] ext4: fix use-after-free race with debug_want_extra_isize	5 (5)	2019/04/25 15:57
KASAN: use-after-free Write in __ext4_expand_extra_isize	0 (1)	2018/04/02 17:01

Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.14	KASAN: use-after-free Write in __ext4_expand_extra_isize	11	1617d	1729d	0/1	auto-closed as invalid on 2020/03/10 14:13
linux-4.19	KASAN: use-after-free Write in __ext4_expand_extra_isize	7	1605d	1667d	0/1	auto-closed as invalid on 2020/03/22 21:28
upstream	KASAN: use-after-free Write in __ext4_expand_extra_isize (2) ext4	14	1621d	1639d	15/26	fixed on 2019/12/13 00:31
android-414	KASAN: use-after-free Write in __ext4_expand_extra_isize	65	1597d	1830d	0/1	auto-closed as invalid on 2020/03/31 02:59

linux-4.14

KASAN: use-after-free Write in __ext4_expand_extra_isize

1617d

1729d

0/1

auto-closed as invalid on 2020/03/10 14:13

linux-4.19

KASAN: use-after-free Write in __ext4_expand_extra_isize

1605d

1667d

0/1

auto-closed as invalid on 2020/03/22 21:28

upstream

KASAN: use-after-free Write in __ext4_expand_extra_isize (2) ext4

1621d

1639d

15/26

fixed on 2019/12/13 00:31

android-414

KASAN: use-after-free Write in __ext4_expand_extra_isize

1597d

1830d

0/1

auto-closed as invalid on 2020/03/31 02:59

EXT4-fs (sda1): re-mounted. Opts: debug_want_extra_isize=64648 EXT4-fs (sda1): re-mounted. Opts: debug_want_extra_isize=64648 EXT4-fs (sda1): re-mounted. Opts: debug_want_extra_isize=64648 EXT4-fs (sda1): re-mounted. Opts: debug_want_extra_isize=64648 ================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:330 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize+0x178/0x240 fs/ext4/inode.c:5789 Write of size 64616 at addr ffff8801c3a660a0 by task syz-executor956/4449 CPU: 0 PID: 4449 Comm: syz-executor956 Not tainted 4.17.0-rc7+ #80 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memset+0x23/0x40 mm/kasan/kasan.c:285 memset include/linux/string.h:330 [inline] __ext4_expand_extra_isize+0x178/0x240 fs/ext4/inode.c:5789 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5841 [inline] ext4_mark_inode_dirty+0x72f/0xb20 fs/ext4/inode.c:5917 ext4_dirty_inode+0x97/0xc0 fs/ext4/inode.c:5951 __mark_inode_dirty+0x811/0x1530 fs/fs-writeback.c:2129 generic_update_time+0x255/0x420 fs/inode.c:1657 update_time fs/inode.c:1673 [inline] touch_atime+0x292/0x310 fs/inode.c:1745 file_accessed include/linux/fs.h:2063 [inline] iterate_dir+0x394/0x5d0 fs/readdir.c:56 __do_sys_getdents fs/readdir.c:231 [inline] __se_sys_getdents fs/readdir.c:212 [inline] __x64_sys_getdents+0x293/0x4e0 fs/readdir.c:212 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x445ceb RSP: 002b:00007ffd5d921990 EFLAGS: 00000206 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 0000000002672990 RCX: 0000000000445ceb RDX: 0000000000008000 RSI: 0000000002672990 RDI: 0000000000000003 RBP: 0000000002672990 R08: 0000000000001161 R09: 0000000002671940 R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffffd4 R13: 0000000000000016 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea00070e9980 count:2 mapcount:0 mapping:ffff8801ce85e660 index:0x4a8 flags: 0x2fffc0000001064(referenced|lru|active|private) raw: 02fffc0000001064 ffff8801ce85e660 00000000000004a8 00000002ffffffff raw: ffffea00070e9960 ffffea00070e99e0 ffff8801aee00348 ffff8801d9a42c80 page dumped because: kasan: bad access detected page->mem_cgroup:ffff8801d9a42c80 Memory state around the buggy address: ffff8801c3a6cf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801c3a6cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff8801c3a6d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801c3a6d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801c3a6d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================

Crashes (95):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2018/06/03 10:24	upstream	918fe1b31579	2f93b54f	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/05/05 20:12	upstream	c1c07416cdd4	6a0382b5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/04/09 05:19	upstream	3fd14cdcc05a	77bd5117	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2018/04/02 11:09	upstream	0adb32858b0b	dc889257	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/04/28 23:13	upstream	9520b5324b0e	b617407b	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/04/28 13:23	upstream	037904a22bf8	b617407b	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/04/24 15:55	upstream	ba25b50d582f	8e3c52b1	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/16 11:42	upstream	5512320c9f6f	505ab413	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/04/15 15:18	upstream	dc4060a5dc25	505ab413	.config	console log	report			ci-upstream-kasan-gce-root
2019/04/12 04:49	upstream	2d06b235815e	13030ef8	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/04/09 20:41	upstream	869e3305f23d	995065ff	.config	console log	report			ci-upstream-kasan-gce-root
2019/04/02 17:01	upstream	5e7a8ca31926	dfd3394d	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/03/14 16:15	upstream	fa3d493f7a57	d09a902e	.config	console log	report			ci-upstream-kasan-gce-root
2019/03/10 09:37	upstream	6cdc577a18a6	12365b99	.config	console log	report			ci-upstream-kasan-gce-root
2019/02/16 07:10	upstream	5ded5871030e	f42dee6d	.config	console log	report			ci-upstream-kasan-gce-root
2019/02/08 10:17	upstream	d47e3da17592	aa4feb03	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/01/30 12:38	upstream	62967898789d	aa432daf	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/01/25 16:51	upstream	d73aba1115cf	b5d78bce	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/24 07:54	upstream	30bac164aca7	56558f63	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/23 15:26	upstream	333478a7eb21	7cf3249c	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/21 22:52	upstream	49a57857aeea	badbbeee	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/21 14:21	upstream	49a57857aeea	badbbeee	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/01/18 21:51	upstream	d7393226d15a	2103a236	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/01/18 08:54	upstream	a3a80255d58d	5bf17c30	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/16 23:08	upstream	47bfa6d9dc8c	d538790b	.config	console log	report			ci-upstream-kasan-gce-root
2019/01/05 02:34	upstream	96d4f267e40f	0127e3ba	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/30 18:39	upstream	195303136f19	9942de5f	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/21 05:15	upstream	9097a058d49e	2b497001	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/19 13:14	upstream	62393dbcbe0f	fe2dc057	.config	console log	report			ci-upstream-kasan-gce-smack-root
2018/12/17 04:07	upstream	7566ec393f41	def91db3	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/16 12:36	upstream	6531e115b7ab	def91db3	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/15 05:06	upstream	eb6cf9f8cb9d	7624ddd6	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/14 02:31	upstream	65e08c5e8631	fe7127be	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/13 17:09	upstream	f5d582777bcb	f3d9d594	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/03 06:55	upstream	6a512726090a	7dcaeaf3	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2018/12/02 14:17	upstream	4b78317679c4	e0d8c853	.config	console log	report			ci-upstream-kasan-gce-root
2018/12/01 12:23	upstream	b6839ef26e54	d8988561	.config	console log	report			ci-upstream-kasan-gce-smack-root
2018/11/25 13:02	upstream	e195ca6cb6f2	3d3ec907	.config	console log	report			ci-upstream-kasan-gce-root
2018/11/16 00:36	upstream	da5322e65940	3a41052e	.config	console log	report			ci-upstream-kasan-gce-smack-root
2018/11/13 16:49	upstream	ccda4af0f4b9	5f5f6d14	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/03/22 10:22	linux-next	32a217bae32c	dce6e62f	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/15 05:59	linux-next	cf08baa29613	d72db19b	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/11 11:52	linux-next	cf08baa29613	12365b99	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/07 06:04	linux-next	cf08baa29613	18215b8d	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/03/03 03:36	linux-next	c63e9e91a254	1c0e457a	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/02/24 16:18	linux-next	94a47529a645	7a06e792	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/02/13 23:39	linux-next	c4f3ef3eb53f	0a49c954	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/02/08 02:33	linux-next	1bd831d68d55	aa4feb03	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2019/01/02 05:20	linux-next	6a1d293238c1	3d85f48c	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2018/12/04 03:40	linux-next	442b8cea2477	03f94a45	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2018/12/03 05:30	linux-next	442b8cea2477	7dcaeaf3	.config	console log	report			ci-upstream-linux-next-kasan-gce-root
2018/11/11 23:56	linux-next	442b8cea2477	7b5f8621	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

Crashes (95):

Assets (help?)

2018/06/03 10:24

upstream