Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.205389] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 32.219383] ================================================================== [ 32.226844] BUG: KASAN: use-after-free in udf_get_filelongad+0x134/0x140 [ 32.233683] Read of size 4 at addr ffff8880b0c4c298 by task syz-executor355/8085 [ 32.241211] [ 32.242839] CPU: 1 PID: 8085 Comm: syz-executor355 Not tainted 4.19.211-syzkaller #0 [ 32.250715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.260063] Call Trace: [ 32.262640] dump_stack+0x1fc/0x2ef [ 32.266250] print_address_description.cold+0x54/0x219 [ 32.271506] kasan_report_error.cold+0x8a/0x1b9 [ 32.276153] ? udf_get_filelongad+0x134/0x140 [ 32.280633] __asan_report_load_n_noabort+0x8b/0xa0 [ 32.285631] ? udf_get_filelongad+0x134/0x140 [ 32.290127] udf_get_filelongad+0x134/0x140 [ 32.294433] udf_current_aext+0x198/0x900 [ 32.298564] udf_next_aext+0x200/0x3a0 [ 32.302432] udf_setsize+0x7ca/0x1030 [ 32.306216] ? inode_bmap+0x750/0x750 [ 32.309997] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 32.315172] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.319731] ? ktime_get_coarse_real_ts64+0x1a1/0x290 [ 32.324902] ? inode_newsize_ok+0x121/0x1e0 [ 32.329203] ? setattr_prepare+0x135/0x7e0 [ 32.333417] udf_setattr+0x33d/0x430 [ 32.337123] ? udf_file_write_iter+0x4e0/0x4e0 [ 32.341683] notify_change+0x70b/0xfc0 [ 32.345550] do_truncate+0x134/0x1f0 [ 32.349242] ? dentry_open+0x1d0/0x1d0 [ 32.353110] ? apparmor_path_truncate+0x183/0x200 [ 32.357935] do_sys_ftruncate+0x492/0x560 [ 32.362065] do_syscall_64+0xf9/0x620 [ 32.365852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.371025] RIP: 0033:0x7eff30b16939 [ 32.374734] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.393618] RSP: 002b:00007ffe899f6d58 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 32.401304] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff30b16939 [ 32.408554] RDX: 00007eff30b16939 RSI: 0100000000000000 RDI: 0000000000000005 [ 32.415801] RBP: 00007eff30ad61d0 R08: 0000000000000000 R09: 0000000000000000 [ 32.423045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff30ad6260 [ 32.430293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.437547] [ 32.439152] Allocated by task 4698: [ 32.442760] __kmalloc_node_track_caller+0x4c/0x70 [ 32.447668] __alloc_skb+0xae/0x560 [ 32.451271] netlink_sendmsg+0x9f6/0xc50 [ 32.455309] sock_sendmsg+0xc3/0x120 [ 32.458997] ___sys_sendmsg+0x7bb/0x8e0 [ 32.462947] __x64_sys_sendmsg+0x132/0x220 [ 32.467160] do_syscall_64+0xf9/0x620 [ 32.470938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.476101] [ 32.477707] Freed by task 6439: [ 32.480963] kfree+0xcc/0x210 [ 32.484051] skb_release_data+0x6de/0x920 [ 32.488174] consume_skb+0x113/0x3d0 [ 32.491866] skb_free_datagram+0x16/0xf0 [ 32.495903] netlink_recvmsg+0x627/0xea0 [ 32.499943] sock_recvmsg+0xca/0x110 [ 32.503630] ___sys_recvmsg+0x255/0x570 [ 32.507582] __x64_sys_recvmsg+0x12f/0x220 [ 32.511798] do_syscall_64+0xf9/0x620 [ 32.515579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.520740] [ 32.522345] The buggy address belongs to the object at ffff8880b0c4c0c0 [ 32.522345] which belongs to the cache kmalloc-512 of size 512 [ 32.534978] The buggy address is located 472 bytes inside of [ 32.534978] 512-byte region [ffff8880b0c4c0c0, ffff8880b0c4c2c0) [ 32.546830] The buggy address belongs to the page: [ 32.551736] page:ffffea0002c31300 count:1 mapcount:0 mapping:ffff88813bff0940 index:0xffff8880b0c4c0c0 [ 32.561154] flags: 0xfff00000000100(slab) [ 32.565283] raw: 00fff00000000100 ffffea0002605608 ffffea0002c31388 ffff88813bff0940 [ 32.573151] raw: ffff8880b0c4c0c0 ffff8880b0c4c0c0 0000000100000005 0000000000000000 [ 32.581016] page dumped because: kasan: bad access detected [ 32.586832] [ 32.588435] Memory state around the buggy address: [ 32.593340] ffff8880b0c4c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.600678] ffff8880b0c4c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.608013] >ffff8880b0c4c280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.615359] ^ [ 32.619483] ffff8880b0c4c300: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 32.626823] ffff8880b0c4c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.634153] ================================================================== [ 32.641485] Disabling lock debugging due to kernel taint [ 32.650981] Kernel panic - not syncing: panic_on_warn set ... [ 32.650981] [ 32.650996] CPU: 0 PID: 8085 Comm: syz-executor355 Tainted: G B 4.19.211-syzkaller #0 [ 32.651003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 32.651007] Call Trace: [ 32.651025] dump_stack+0x1fc/0x2ef [ 32.651040] panic+0x26a/0x50e [ 32.651051] ? __warn_printk+0xf3/0xf3 [ 32.651069] ? preempt_schedule_common+0x45/0xc0 [ 32.694913] ? ___preempt_schedule+0x16/0x18 [ 32.699303] ? trace_hardirqs_on+0x55/0x210 [ 32.703606] kasan_end_report+0x43/0x49 [ 32.707557] kasan_report_error.cold+0xa7/0x1b9 [ 32.712206] ? udf_get_filelongad+0x134/0x140 [ 32.716678] __asan_report_load_n_noabort+0x8b/0xa0 [ 32.721670] ? udf_get_filelongad+0x134/0x140 [ 32.726142] udf_get_filelongad+0x134/0x140 [ 32.730442] udf_current_aext+0x198/0x900 [ 32.734571] udf_next_aext+0x200/0x3a0 [ 32.738436] udf_setsize+0x7ca/0x1030 [ 32.742216] ? inode_bmap+0x750/0x750 [ 32.746003] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 32.751170] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 32.755727] ? ktime_get_coarse_real_ts64+0x1a1/0x290 [ 32.760893] ? inode_newsize_ok+0x121/0x1e0 [ 32.765193] ? setattr_prepare+0x135/0x7e0 [ 32.769407] udf_setattr+0x33d/0x430 [ 32.773099] ? udf_file_write_iter+0x4e0/0x4e0 [ 32.777658] notify_change+0x70b/0xfc0 [ 32.781524] do_truncate+0x134/0x1f0 [ 32.785212] ? dentry_open+0x1d0/0x1d0 [ 32.789075] ? apparmor_path_truncate+0x183/0x200 [ 32.793897] do_sys_ftruncate+0x492/0x560 [ 32.798024] do_syscall_64+0xf9/0x620 [ 32.801805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.806973] RIP: 0033:0x7eff30b16939 [ 32.810665] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.829543] RSP: 002b:00007ffe899f6d58 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 32.837226] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff30b16939 [ 32.844474] RDX: 00007eff30b16939 RSI: 0100000000000000 RDI: 0000000000000005 [ 32.851811] RBP: 00007eff30ad61d0 R08: 0000000000000000 R09: 0000000000000000 [ 32.859069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff30ad6260 [ 32.866321] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.873742] Kernel Offset: disabled [ 32.877351] Rebooting in 86400 seconds..