| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|
| KASAN: use-after-free Write in ext4_mark_inode_dirty ext4 | 5 | 1629d | 1603d | 0/26 | closed as dup on 2019/11/29 12:55 |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [979] ≡ Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] ⬇ Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|
| KASAN: use-after-free Write in ext4_mark_inode_dirty ext4 | 5 | 1629d | 1603d | 0/26 | closed as dup on 2019/11/29 12:55 |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [PATCH 4.19 000/321] 4.19.88-stable review | 352 (352) | 2020/02/09 12:41 |
| [PATCH 4.4 00/76] 4.4.211-stable review | 81 (81) | 2020/01/22 20:52 |
| [PATCH 4.9 00/97] 4.9.211-stable review | 102 (102) | 2020/01/22 20:52 |
| [PATCH 3.16 00/63] 3.16.81-rc1 review | 68 (68) | 2020/01/10 16:01 |
| [PATCH 4.14 000/209] 4.14.158-stable review | 223 (223) | 2019/12/10 00:52 |
| [PATCH 5.4 00/46] 5.4.2-stable review | 58 (58) | 2019/12/06 13:05 |
| [PATCH 5.3 000/135] 5.3.15-stable review | 140 (140) | 2019/12/04 19:13 |
| [PATCH] ext4: add more paranoia checking in ext4_expand_extra_isize handling | 6 (6) | 2019/11/19 04:36 |
| KASAN: use-after-free Write in __ext4_expand_extra_isize (2) | 0 (1) | 2019/10/21 05:23 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-4.14 | KASAN: use-after-free Write in __ext4_expand_extra_isize | 11 | 1620d | 1732d | 0/1 | auto-closed as invalid on 2020/03/10 14:13 | |||
| upstream | KASAN: use-after-free Write in __ext4_expand_extra_isize ext4 | C | 95 | 1817d | 2208d | 12/26 | fixed on 2019/06/14 18:22 | ||
| linux-4.19 | KASAN: use-after-free Write in __ext4_expand_extra_isize | 7 | 1608d | 1670d | 0/1 | auto-closed as invalid on 2020/03/22 21:28 | |||
| android-414 | KASAN: use-after-free Write in __ext4_expand_extra_isize | 65 | 1600d | 1833d | 0/1 | auto-closed as invalid on 2020/03/31 02:59 |
================================================================== BUG: KASAN: use-after-free in memset include/linux/string.h:363 [inline] BUG: KASAN: use-after-free in __ext4_expand_extra_isize+0x1ab/0x290 fs/ext4/inode.c:5924 Write of size 4063 at addr ffff8880554ff0a0 by task syz-executor.0/9247 CPU: 0 PID: 9247 Comm: syz-executor.0 Not tainted 5.4.0-rc5+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:634 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 memset+0x24/0x40 mm/kasan/common.c:105 memset include/linux/string.h:363 [inline] __ext4_expand_extra_isize+0x1ab/0x290 fs/ext4/inode.c:5924 ext4_try_to_expand_extra_isize fs/ext4/inode.c:5976 [inline] ext4_mark_inode_dirty+0x74e/0x9b0 fs/ext4/inode.c:6052 ext4_unlink fs/ext4/namei.c:3195 [inline] ext4_unlink+0xce6/0x10e0 fs/ext4/namei.c:3140 vfs_unlink+0x2d7/0x620 fs/namei.c:3991 do_unlinkat+0x3f7/0x6d0 fs/namei.c:4055 __do_sys_unlink fs/namei.c:4102 [inline] __se_sys_unlink fs/namei.c:4100 [inline] __x64_sys_unlink+0x42/0x50 fs/namei.c:4100 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459c97 Code: 00 66 90 b8 58 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd984b5b18 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000459c97 RDX: 00007ffd984b5b30 RSI: 00007ffd984b5b30 RDI: 00007ffd984b5bc0 RBP: 0000000000000b2b R08: 0000000000000000 R09: 0000000000000010 R10: 000000000000000a R11: 0000000000000246 R12: 00007ffd984b6c50 R13: 0000000002228940 R14: 0000000000000000 R15: 00007ffd984b6c50 The buggy address belongs to the page: page:ffffea0001553fc0 refcount:2 mapcount:0 mapping:ffff888219f11ae0 index:0x42e def_blk_aops flags: 0x1fffc000000203a(referenced|dirty|lru|active|private) raw: 01fffc000000203a ffffea00018288c8 ffffea0001554a48 ffff888219f11ae0 raw: 000000000000042e ffff8880aa09fe70 00000002ffffffff ffff888057a32000 page dumped because: kasan: bad access detected page->mem_cgroup:ffff888057a32000 Memory state around the buggy address: ffff8880554fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880554fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888055500000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888055500080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888055500100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2019/11/03 07:23 | upstream | 9d2345057538 | a41ca8fa | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/10/29 09:51 | upstream | 8005803a2ca0 | 5ea87a66 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/10/28 22:05 | upstream | 9e5eefba3d09 | 439d7b14 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/10/05 08:19 | upstream | b145b0eb2031 | f3f7d9c8 | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/09/26 00:21 | upstream | f41def397161 | a3355dba | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/09/08 21:03 | upstream | 950b07c14e8c | a60cb4cd | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/08/27 16:12 | upstream | a55aa89aab90 | d21c5d9d | .config | console log | report | ci-upstream-kasan-gce-selinux-root | |||||
| 2019/08/16 18:00 | upstream | a69e90512d9d | 8fd428a1 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/06/21 00:37 | upstream | abf02e2964b3 | 34bf9440 | .config | console log | report | ci-upstream-kasan-gce-root | |||||
| 2019/11/07 11:08 | linux-next | c68c5373c504 | d797d201 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2019/10/05 08:45 | linux-next | 311ef88adfa3 | f3f7d9c8 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2019/09/23 05:27 | linux-next | b5b3bd898ba9 | d96e88f3 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2019/09/10 05:32 | linux-next | 6d028043b55e | a60cb4cd | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2019/06/15 08:09 | linux-next | f4788d37bc84 | 442206d7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |