Re: Use-after-free read in udf_add_fid_counter
From: Kun Hu
Date: Tue Jan 07 2025 - 03:47:45 EST
> 2025年1月6日 21:55,Jan Kara <jack@xxxxxxx> 写道:
>
> Hello!
>
> On Tue 24-12-24 16:15:00, kun wrote:
>> When using fuzzer tool to fuzz the latest Linux kernel, the following crash
>> was triggered.
>>
>> HEAD commit: 78d4f34e2115b517bcbfe7ec0d018bbbb6f9b0b8
>> git tree: upstream
>> Console output:
>> https://drive.google.com/file/d/1ehAmTGzOEnJi1DBbX2g9TMMQjVHeJpIY/view?usp=sharing
>> Kernel config:
>> https://drive.google.com/file/d/1RhT5dFTs6Vx1U71PbpenN7TPtnPoa3NI/view?usp=sharing
>> C reproducer:
>> https://drive.google.com/file/d/1_1e3UBDrx_Q0vAIQtQg2RDT2FerBc6ar/view?usp=sharing
>> Syzlang reproducer:
>> https://drive.google.com/file/d/1WEhTD0nI5YfX9zcaa8mYMC_G7Nv_4iZv/view?usp=sharing
>> Similar report: https://lkml.org/lkml/2023/5/8/1159
>
> Similarly as in the case of another UDF report, please make sure
> CONFIG_BLK_DEV_WRITE_MOUNTED is disabled in the kernel used for fuzzing.
> Thanks!
>
> Honza
> --
> Jan Kara <jack@xxxxxxxx>
> SUSE Labs, CR
Again. This crash has not been reproduced after disable CONFIG_BLK_DEV_WRITE_MOUNTED.
——
Thanks,
Kun Hu