[BUG] fs/udf: potential metadata validation issue during mount

Next message: Peter Zijlstra: "Re: [Patch v5 07/19] perf: Add sampling support for SIMD registers"
Previous message: Dan Carpenter: "[PATCH next] drm/xe/xe_sriov_vfio: Fix return value in xe_sriov_vfio_migration_supported()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiakai Xu

Date: Fri Dec 05 2025 - 06:39:40 EST

Hi Jan,

I have identified a potential issue in the UDF filesystem
while fuzz-testing the mainline kernel (v6.18).

It appears that the UDF mount code may perform
insufficient validation of user-provided filesystem data.
When the image contains malformed or random data, the
mount can succeed, but internal UDF metadata structures
may become inconsistent.

Subsequent file extension operations (e.g., truncate())
trigger the following warning in __udf_add_aext():

WARNING: CPU: ... at fs/udf/inode.c:2083 __udf_add_aext()

While this warning does not panic the kernel, it is
unclear whether the corrupted metadata could later lead
to serious memory-safety issues.

I may be misinterpreting the behavior, but if this
represents a potential bug, I would be glad to assist
with further analysis or a fix.

Detailed analysis, reproducer, kernel configuration,
and logs are available here:
https://github.com/j1akai/temp/tree/main/20251205

Best regards,
Jiakai