Received: by 2002:ab2:6486:0:b0:1ef:eae8:a797 with SMTP id de6csp130892lqb; Fri, 15 Mar 2024 19:00:43 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWz3eWa33Upm3VkLD3isv4qNqKLX2AYEviq5ktt0jAOmIUv5g2cL2sG7XQZ/wfJXnpKgez+WlrqegRyXoLCAP9Bsproq+VoyFjbcAbaWA== X-Google-Smtp-Source: AGHT+IEEtQtfJ+G1gOegslacMJ+jgCXu1Sol6+A/kub+YVzQ6n4yRWfQMMssHSvMydUuLYSif36s X-Received: by 2002:a05:6808:158b:b0:3c3:7e7b:e9cd with SMTP id t11-20020a056808158b00b003c37e7be9cdmr671572oiw.11.1710554442672; Fri, 15 Mar 2024 19:00:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710554442; cv=pass; d=google.com; s=arc-20160816; b=kbArtqU1nnv6Ae714XB6/qLR7ycn8fnnMyIqgxuuEXt3NqtpcEpClM2KNKd6tkMypA HEljqOz5/576J8bwXsUf2sNACPwf0E93leCF5FizsOvgvwIcjabyNZgFFN5c81oCRvXg qGXCNJjzaxCc3JE3GR3jlPQ4HCdQ4FcpBnLUwb+s2IR/mW+pHeIYpS7lhDVaJX1XNNEf hh4pz4htEEfioOLAvCifOP0S6468nPVBmcXw9wfuB9egZcrH2orN2rM/zdzPWnpK7Isd +snLdlCFPNASlwcw/sHMFtPvQcac36o9HNwsL0PRzkD5X0xkjcAOD6Jdg8AU3sKaIJ1Y ypMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=idgkghSz0sUzKRX7HAo4sytYQwnubKAL8qnjaAnVuC4=; fh=HDeq15xmxrbtXJJ46GTUWlDnqiei4pcYrJoF9xPkdiY=; b=jm+8ClHeVgOaNWx/QnKg256EMAu/cRBkRRb6ib2ii4T66Q/Px9SoFHzmacLOQky/SE +L48coQpdsdK4WwFuMhkzK5bXT9xXcd2YzvM8qTzTvHieWdAv5FXGXFBiAhbvZCH8Vop F56XTJkf2Kw9scF3RIchwyiU2MwAeurtpZ3L8OlfNPtW1nmRco8x8wqMxHapri45LSzK aRxh7Zr9ynLqBdhxUfLiokowoiIXcZMLq4FBKjsPIqGB1MMbFiuxHWb9bc/hfc/xiU3C RWclg6zCKhXzfiyvkxNjgJedkab28ZRZvq/oWTcbNHzZxUew0fIBYJrCCoZebgAN5Z1n +VhA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=UuPGao1x; arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu); spf=pass (google.com: domain of linux-ext4+bounces-1670-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-ext4+bounces-1670-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id u9-20020ad45aa9000000b0068c55a05ac9si4058900qvg.309.2024.03.15.19.00.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Mar 2024 19:00:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4+bounces-1670-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@mit.edu header.s=outgoing header.b=UuPGao1x; arc=pass (i=1 spf=pass spfdomain=mit.edu dkim=pass dkdomain=mit.edu dmarc=pass fromdomain=mit.edu); spf=pass (google.com: domain of linux-ext4+bounces-1670-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-ext4+bounces-1670-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 61E6C1C213AA for ; Sat, 16 Mar 2024 02:00:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5C7A91C2D; Sat, 16 Mar 2024 02:00:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b="UuPGao1x" X-Original-To: linux-ext4@vger.kernel.org Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 870431849 for ; Sat, 16 Mar 2024 02:00:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=18.9.28.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710554436; cv=none; b=mjranAdyseaBQJ7DiNNZnuQbFt+2k97wRX9dJz10P7tWqh0Eu3vJ6o25Fsnx2gkmixM7+W26qS4uXKbQCUp9amkmduC/Aaz8j3WvA5d2ZG0SbFnbB1B5pGzIOrHpmaNJQvsGPK2x6yvNj1NA+W+nSn00uk5j1GWFpel4vQAR5nI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710554436; c=relaxed/simple; bh=VG7OIJFW49Jwu6YetTg/UZGufYausVpptp7BRBu/EQs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FdczcQO5ezuqQySjmCU8S4bz4HUBN+qXZgutD7fllq/jZo/hrwbsV/luc0YnSqaXj0AOncf2Pcu+xGnvDqKAYdjhiKcvGEvR8ot/XoZUziN9MXAe/Njbm3ZB8oeCAZHedK7Q2XW6pSLx/dWkS9Bss1J9CpNxPCUGoDMtLMKTkaY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu; spf=pass smtp.mailfrom=mit.edu; dkim=pass (2048-bit key) header.d=mit.edu header.i=@mit.edu header.b=UuPGao1x; arc=none smtp.client-ip=18.9.28.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=mit.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mit.edu Received: from cwcc.thunk.org (pool-173-48-116-252.bstnma.fios.verizon.net [173.48.116.252]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 42G20L8D029621 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 15 Mar 2024 22:00:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1710554424; bh=idgkghSz0sUzKRX7HAo4sytYQwnubKAL8qnjaAnVuC4=; h=Date:From:Subject:Message-ID:MIME-Version:Content-Type; b=UuPGao1x1pxd9H+l4lkyHQpIODVYWrLNc/aA7678KMHVrpt7vJ0oh/Lgb1bZpZS/E hGDG+CAm/kj8sLsC089DEwuqQhtSOM+DXGJq6oOw9v+fChtNmS1E6ebvu3D7fGNsQu VYI+fzyaQHl9WiklcW8/RbMefw3WqRx9mDMMTJnozuhUQXo2u29UpseHh3mLvAWBNX yI97PPiQxC0yOYmSo4JwOgVko2oP3+qjvPgIG4/tTz5tPdPxZffLXCFRqKI88JDHIu u1C4PEhvykXXM3EH3wfCCoxGkF1fFbaPcC3HIElJ8XoIqcriGhE+z9nVnRrkE56cK1 7Azod1QT1BQpg== Received: by cwcc.thunk.org (Postfix, from userid 15806) id 52AD415C0C93; Fri, 15 Mar 2024 22:00:21 -0400 (EDT) Date: Fri, 15 Mar 2024 22:00:21 -0400 From: "Theodore Ts'o" To: cheung wall Cc: Andreas Dilger , linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: KASAN: slab-use-after-free Read in ext4_find_extent Message-ID: <20240316020021.GD143836@mit.edu> References: Precedence: bulk X-Mailing-List: linux-ext4@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, Mar 14, 2024 at 02:58:04PM +0800, cheung wall wrote: > Hello, > > when using Healer to fuzz the latest Linux Kernel, the following crash > > was triggered on: > > HEAD commit: e8f897f4afef0031fe618a8e94127a0934896aba (tag: v6.8) > > git tree: upstream > > console output: https://pastebin.com/raw/YBKrQHxW > > kernel config: https://pastebin.com/raw/SJFReJfc > > C reproducer: https://pastebin.com/raw/GUVzwEmx > > Syzlang reproducer: https://pastebin.com/raw/9KqQRP2e > > If you fix this issue, please add the following tag to the commit: > > Reported-by: Qiang Zhang This is not reproducible using the above-specified kernel version, kernel config, and C reproducer using kvm-xfstests. In any case, looking at the C reproducer, it looks like the reproducer involves forcibly deactivating the loop device, which requires root privileges, and so this is not a terribly intereseting bug report. - Ted