| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2023/05/29 | linux-6.1.y (ToT) | a343b0dd87b4 | C | [report] KASAN: null-ptr-deref Write in udf_write_fi |
| 2023/05/29 | upstream (ToT) | 8b817fded42d | C | Didn't crash |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [565] 🐞 Fixed [66] 🐞 Invalid [207] ⬇ Missing Backports [38] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2023/05/29 | linux-6.1.y (ToT) | a343b0dd87b4 | C | [report] KASAN: null-ptr-deref Write in udf_write_fi |
| 2023/05/29 | upstream (ToT) | 8b817fded42d | C | Didn't crash |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| linux-5.15 | KASAN: out-of-bounds Write in udf_write_fi origin:lts-only | C | done | 20 | 2d10h | 393d | 0/3 | upstream: reported C repro on 2023/04/03 11:46 | |
| linux-4.19 | KASAN: out-of-bounds Write in udf_write_fi udf | C | error | 9 | 434d | 815d | 0/1 | upstream: reported C repro on 2022/02/06 00:22 | |
| upstream | KASAN: null-ptr-deref Write in udf_write_fi udf | C | inconclusive | done | 51 | 459d | 582d | 22/26 | fixed on 2023/06/08 14:41 |
| linux-4.14 | KASAN: out-of-bounds Write in udf_write_fi | C | 1 | 432d | 432d | 0/1 | upstream: reported C repro on 2023/02/23 05:38 |
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 ================================================================== BUG: KASAN: null-ptr-deref in udf_write_fi+0x3e4/0x920 Write of size 18446744073709551572 at addr 0000000000000020 by task syz-executor239/4225 CPU: 0 PID: 4225 Comm: syz-executor239 Not tainted 6.1.30-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 Call trace: dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_report+0xe4/0x4c0 mm/kasan/report.c:398 kasan_report+0xd4/0x130 mm/kasan/report.c:495 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189 memset+0x40/0x70 mm/kasan/shadow.c:44 udf_write_fi+0x3e4/0x920 udf_delete_entry fs/udf/namei.c:577 [inline] udf_rename+0x90c/0x10b0 fs/udf/namei.c:1173 vfs_rename+0x9e0/0xe80 fs/namei.c:4779 do_renameat2+0x980/0x1040 fs/namei.c:4930 __do_sys_renameat fs/namei.c:4970 [inline] __se_sys_renameat fs/namei.c:4967 [inline] __arm64_sys_renameat+0xc8/0xe4 fs/namei.c:4967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 ================================================================== Unable to handle kernel paging request at virtual address dfff800000000003 KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 [dfff800000000003] address between user and kernel address ranges Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 4225 Comm: syz-executor239 Tainted: G B 6.1.30-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : crc_itu_t+0x5c/0x108 lib/crc-itu-t.c:60 lr : crc_itu_t+0x38/0x108 lib/crc-itu-t.c:59 sp : ffff80001da17520 x29: ffff80001da17530 x28: 0000000000000000 x27: 00000000fffffff0 x26: ffff80001da176e8 x25: 1ffff00003b42edd x24: ffff800012722200 x23: 000000000000ffd9 x22: dfff800000000000 x21: 000000000000001a x20: 000000000000001a x19: 00000000a79d5f14 x18: 1fffe000368b6176 x17: 0000000000000000 x16: ffff8000120fc834 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 x11: ff8080000aacd0e4 x10: 0000000000000000 x9 : 0000000000000002 x8 : 0000000000000003 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001da16d58 x4 : ffff800015692ac0 x3 : ffff8000081ae34c x2 : 000000000000ffda x1 : 000000000000ffda x0 : 0000000000000000 Call trace: crc_itu_t+0x5c/0x108 lib/crc-itu-t.c:60 udf_write_fi+0x4cc/0x920 fs/udf/namei.c:103 udf_delete_entry fs/udf/namei.c:577 [inline] udf_rename+0x90c/0x10b0 fs/udf/namei.c:1173 vfs_rename+0x9e0/0xe80 fs/namei.c:4779 do_renameat2+0x980/0x1040 fs/namei.c:4930 __do_sys_renameat fs/namei.c:4970 [inline] __se_sys_renameat fs/namei.c:4967 [inline] __arm64_sys_renameat+0xc8/0xe4 fs/namei.c:4967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 Code: b003e2b8 91080318 d343fea8 12000aa9 (38f66908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: b003e2b8 adrp x24, 0x7c55000 4: 91080318 add x24, x24, #0x200 8: d343fea8 lsr x8, x21, #3 c: 12000aa9 and w9, w21, #0x7 * 10: 38f66908 ldrsb w8, [x8, x22] <-- trapping instruction
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/05/29 08:01 | linux-6.1.y | a343b0dd87b4 | cf184559 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | |
| 2023/07/02 21:26 | linux-6.1.y | 0f4ac6b4c5f0 | bfc47836 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan | KASAN: null-ptr-deref Write in udf_write_fi | |
| 2024/04/28 19:39 | linux-6.1.y | f2295faba5e8 | 07b455f9 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | |
| 2023/12/07 01:27 | linux-6.1.y | c6114c845984 | e3299f55 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | |
| 2024/03/11 21:53 | linux-6.1.y | 61adba85cc40 | 6ee49f2e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2023/09/16 03:04 | linux-6.1.y | 09045dae0d90 | 0b6a67ac | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2023/08/21 12:19 | linux-6.1.y | 6c44e13dc284 | d216d8a0 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2023/08/10 07:29 | linux-6.1.y | 0a4a7855302d | 13ca4cd6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2023/06/27 22:07 | linux-6.1.y | e84a4e368abe | 4cd5bb25 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2023/05/29 04:54 | linux-6.1.y | a343b0dd87b4 | cf184559 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Write in udf_write_fi | ||
| 2024/04/28 18:37 | linux-6.1.y | f2295faba5e8 | 07b455f9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2024/04/28 18:22 | linux-6.1.y | f2295faba5e8 | 07b455f9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2023/12/23 20:22 | linux-6.1.y | 4aa6747d9352 | fb427a07 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2023/12/07 00:02 | linux-6.1.y | c6114c845984 | e3299f55 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2024/02/21 23:05 | linux-6.1.y | 8b4118fabd6e | 345111b5 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: out-of-bounds Write in udf_write_fi | ||
| 2023/07/06 17:25 | linux-6.1.y | 61fd484b2cf6 | 1a2f6297 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2023/06/18 15:09 | linux-6.1.y | ca87e77a2ef8 | f3921d4d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2023/06/18 14:54 | linux-6.1.y | ca87e77a2ef8 | f3921d4d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in udf_write_fi | ||
| 2023/08/14 23:39 | linux-6.1.y | 1321ab403b38 | 39990d51 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: out-of-bounds Write in udf_write_fi |