KASAN: out-of-bounds Write in udf_write

Date	Name	Commit	Repro	Result
2023/10/20	linux-5.15.y (ToT)	00c03985402e	C	[report] KASAN: null-ptr-deref Write in udf_write_fi
2023/10/20	upstream (ToT)	ce55c22ec8b2	C	Didn't crash

Date

Name

Commit

Repro

Result

2023/10/20

linux-5.15.y (ToT)

00c03985402e

[report] KASAN: null-ptr-deref Write in udf_write_fi

2023/10/20

upstream (ToT)

ce55c22ec8b2

Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	KASAN: null-ptr-deref Write in udf_write_fi origin:lts-only	C		inconclusive	20	1h14m	338d	0/3	upstream: reported C repro on 2023/05/29 04:55
linux-4.19	KASAN: out-of-bounds Write in udf_write_fi udf	C		error	9	434d	815d	0/1	upstream: reported C repro on 2022/02/06 00:22
linux-4.14	KASAN: out-of-bounds Write in udf_write_fi	C			1	433d	433d	0/1	upstream: reported C repro on 2023/02/23 05:38
upstream	KASAN: null-ptr-deref Write in udf_write_fi udf	C	inconclusive	done	51	459d	582d	22/26	fixed on 2023/06/08 14:41

Created	Duration	User	Patch	Repo	Result
2023/10/23 14:14	5h08m	fix candidate		upstream	job log (1)
2023/10/20 05:32	58m	bisect fix		linux-5.15.y	job log (0) log

Created

Duration

User

Patch

Repo

Result

2023/10/23 14:14

5h08m

fix candidate

upstream

job log (1)

2023/10/20 05:32

58m

bisect fix

linux-5.15.y

job log (0) log

loop0: detected capacity change from 0 to 2048 UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 PID: 3499 Comm: syz-executor278 Not tainted 5.15.157-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:crc_itu_t+0xfb/0x2a0 lib/crc-itu-t.c:60 Code: e9 75 01 00 00 48 be 00 00 00 00 00 fc ff df b8 02 00 00 00 48 29 e8 48 89 44 24 08 48 8b 14 24 49 89 d7 4c 89 f8 48 c1 e8 03 <0f> b6 04 30 84 c0 0f 85 b1 00 00 00 42 0f b6 44 22 ff 41 0f b7 ce RSP: 0018:ffffc90002d77790 EFLAGS: 00010203 RAX: 0000000000000004 RBX: 0000000000000096 RCX: ffff888071f49dc0 RDX: 0000000000000026 RSI: dffffc0000000000 RDI: 0000000000000001 RBP: 0000000000000096 R08: ffffffff840dde06 R09: ffff88807acf6c67 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 R13: ffffffffffffff44 R14: 0000000000004d58 R15: 0000000000000026 FS: 000055555598d380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055967025f478 CR3: 00000000753a0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> udf_write_fi+0x6b9/0xb70 fs/udf/namei.c:113 udf_delete_entry fs/udf/namei.c:577 [inline] udf_rename+0x8b3/0x14d0 fs/udf/namei.c:1173 vfs_rename+0xd32/0x10f0 fs/namei.c:4832 do_renameat2+0xe0f/0x1700 fs/namei.c:4985 __do_sys_rename fs/namei.c:5031 [inline] __se_sys_rename fs/namei.c:5029 [inline] __x64_sys_rename+0x82/0x90 fs/namei.c:5029 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x66/0xd0 RIP: 0033:0x7f4687ecf9f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffda2ffee78 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f4687ecf9f9 RDX: 00007f4687ecf9f9 RSI: 00000000200002c0 RDI: 0000000020000080 RBP: 00007f4687f43610 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000c27 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffda2fff048 R14: 0000000000000001 R15: 0000000000000001 </TASK> Modules linked in: ---[ end trace d88d40663a00575a ]--- RIP: 0010:crc_itu_t+0xfb/0x2a0 lib/crc-itu-t.c:60 Code: e9 75 01 00 00 48 be 00 00 00 00 00 fc ff df b8 02 00 00 00 48 29 e8 48 89 44 24 08 48 8b 14 24 49 89 d7 4c 89 f8 48 c1 e8 03 <0f> b6 04 30 84 c0 0f 85 b1 00 00 00 42 0f b6 44 22 ff 41 0f b7 ce RSP: 0018:ffffc90002d77790 EFLAGS: 00010203 RAX: 0000000000000004 RBX: 0000000000000096 RCX: ffff888071f49dc0 RDX: 0000000000000026 RSI: dffffc0000000000 RDI: 0000000000000001 RBP: 0000000000000096 R08: ffffffff840dde06 R09: ffff88807acf6c67 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 R13: ffffffffffffff44 R14: 0000000000004d58 R15: 0000000000000026 FS: 000055555598d380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055967025f478 CR3: 00000000753a0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: e9 75 01 00 00 jmp 0x17a 5: 48 be 00 00 00 00 00 movabs $0xdffffc0000000000,%rsi c: fc ff df f: b8 02 00 00 00 mov $0x2,%eax 14: 48 29 e8 sub %rbp,%rax 17: 48 89 44 24 08 mov %rax,0x8(%rsp) 1c: 48 8b 14 24 mov (%rsp),%rdx 20: 49 89 d7 mov %rdx,%r15 23: 4c 89 f8 mov %r15,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 0f b6 04 30 movzbl (%rax,%rsi,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 0f 85 b1 00 00 00 jne 0xe7 36: 42 0f b6 44 22 ff movzbl -0x1(%rdx,%r12,1),%eax 3c: 41 0f b7 ce movzwl %r14w,%ecx

Crashes (21):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/04/28 19:24	linux-5.15.y	b925f60c6ee7	07b455f9	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/12/07 01:11	linux-5.15.y	9b91d36ba301	e3299f55	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/06/23 09:39	linux-5.15.y	f67653019430	79782afc	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Write in udf_write_fi
2023/05/29 11:43	linux-5.15.y	1fe619a7d252	cf184559	.config	console log	report	syz	C		[disk image] [vmlinux] [kernel image] [mounted in repro]	ci2-linux-5-15-kasan-arm64	KASAN: null-ptr-deref Write in udf_write_fi
2023/05/04 18:16	linux-5.15.y	8a7f2a5c5aa1	518a39a6	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: out-of-bounds Write in udf_write_fi
2023/05/03 18:26	linux-5.15.y	8a7f2a5c5aa1	b5918830	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: out-of-bounds Write in udf_write_fi
2023/04/03 11:46	linux-5.15.y	c957cbb87315	41147e3e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: out-of-bounds Write in udf_write_fi
2023/07/28 03:50	linux-5.15.y	09996673e313	92476829	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: out-of-bounds Write in udf_write_fi
2023/06/25 21:33	linux-5.15.y	f67653019430	79782afc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: out-of-bounds Write in udf_write_fi
2023/06/25 05:52	linux-5.15.y	f67653019430	79782afc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: out-of-bounds Write in udf_write_fi
2024/05/01 06:17	linux-5.15.y	b925f60c6ee7	3ba885bc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2024/04/28 18:32	linux-5.15.y	b925f60c6ee7	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2024/04/28 18:24	linux-5.15.y	b925f60c6ee7	07b455f9	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/12/06 23:01	linux-5.15.y	9b91d36ba301	e3299f55	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/09/19 22:02	linux-5.15.y	35ecaa3632bf	0b6a67ac	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Write in udf_write_fi
2023/07/12 19:28	linux-5.15.y	d54cfc420586	979d5fe2	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/07/07 03:47	linux-5.15.y	d54cfc420586	22ae5830	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/06/18 15:04	linux-5.15.y	471e639e59d1	f3921d4d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/06/18 14:56	linux-5.15.y	471e639e59d1	f3921d4d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in udf_write_fi
2023/04/23 03:58	linux-5.15.y	3299fb36854f	2b32bd34	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	KASAN: null-ptr-deref Write in udf_write_fi
2023/06/09 03:28	linux-5.15.y	d7af3e5ba454	058b3a5a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	KASAN: null-ptr-deref Write in udf_write_fi

Crashes (21):

Assets (help?)

2024/04/28 19:24

linux-5.15.y