Re: KASAN: slab-use-after-free Read in ext4_find_extent

From: Theodore Ts'o
Date: Fri Mar 15 2024 - 22:00:46 EST

Next message: Qu Wenruo: "Re: [PATCH] btrfs: Fix race in read_extent_buffer_pages()"
Previous message: Yosry Ahmed: "[PATCH] mm: memcg: add NULL check to obj_cgroup_put()"
In reply to: cheung wall: "KASAN: slab-use-after-free Read in ext4_find_extent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 14, 2024 at 02:58:04PM +0800, cheung wall wrote:
> Hello,
>
> when using Healer to fuzz the latest Linux Kernel, the following crash
>
> was triggered on:
>

> HEAD commit: e8f897f4afef0031fe618a8e94127a0934896aba (tag: v6.8)
>
> git tree: upstream
>
> console output: https://pastebin.com/raw/YBKrQHxW
>
> kernel config: https://pastebin.com/raw/SJFReJfc
>
> C reproducer: https://pastebin.com/raw/GUVzwEmx
>
> Syzlang reproducer: https://pastebin.com/raw/9KqQRP2e
>
> If you fix this issue, please add the following tag to the commit:
>
> Reported-by: Qiang Zhang <zzqq0103.hey@xxxxxxxxx>

This is not reproducible using the above-specified kernel version,
kernel config, and C reproducer using kvm-xfstests.

In any case, looking at the C reproducer, it looks like the reproducer
involves forcibly deactivating the loop device, which requires root
privileges, and so this is not a terribly intereseting bug report.

- Ted

Next message: Qu Wenruo: "Re: [PATCH] btrfs: Fix race in read_extent_buffer_pages()"
Previous message: Yosry Ahmed: "[PATCH] mm: memcg: add NULL check to obj_cgroup_put()"
In reply to: cheung wall: "KASAN: slab-use-after-free Read in ext4_find_extent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]