Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. syzkaller login: [ 38.401382] IPVS: ftp: loaded support on port[0] = 21 executing program [ 38.523318] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 38.534174] audit: type=1800 audit(1672726702.433:2): pid=7976 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor125" name="bus" dev="loop0" ino=1357 res=0 [ 38.534272] ====================================================== [ 38.534272] WARNING: the mand mount option is being deprecated and [ 38.534272] will be removed in v5.15! [ 38.534272] ====================================================== [ 38.621042] ================================================================== [ 38.628510] BUG: KASAN: use-after-free in crc_itu_t+0xab/0xc0 [ 38.634379] Read of size 1 at addr ffff88808b104000 by task syz-executor125/7976 [ 38.641892] [ 38.643527] CPU: 0 PID: 7976 Comm: syz-executor125 Not tainted 4.14.302-syzkaller #0 [ 38.651400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 38.660730] Call Trace: [ 38.663298] dump_stack+0x1b2/0x281 [ 38.666904] print_address_description.cold+0x54/0x1d3 [ 38.672159] kasan_report_error.cold+0x8a/0x191 [ 38.676804] ? crc_itu_t+0xab/0xc0 [ 38.680321] __asan_report_load1_noabort+0x68/0x70 [ 38.685227] ? crc_itu_t+0xab/0xc0 [ 38.688742] crc_itu_t+0xab/0xc0 [ 38.692088] udf_close_lvid.isra.0+0x40a/0x630 [ 38.696645] ? init_once+0x40/0x40 [ 38.700165] ? dispose_list+0x1e0/0x1e0 [ 38.704118] udf_put_super+0x211/0x2a0 [ 38.707983] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 38.713410] generic_shutdown_super+0x144/0x370 [ 38.718060] kill_block_super+0x95/0xe0 [ 38.722011] deactivate_locked_super+0x6c/0xd0 [ 38.726569] deactivate_super+0x7f/0xa0 [ 38.730520] cleanup_mnt+0x186/0x2c0 [ 38.734217] task_work_run+0x11f/0x190 [ 38.738083] do_exit+0xa44/0x2850 [ 38.741521] ? __do_page_fault+0x571/0xad0 [ 38.745733] ? mm_update_next_owner+0x5b0/0x5b0 [ 38.750381] ? lock_downgrade+0x740/0x740 [ 38.754510] do_group_exit+0x100/0x2e0 [ 38.758384] SyS_exit_group+0x19/0x20 [ 38.762160] ? do_group_exit+0x2e0/0x2e0 [ 38.766196] do_syscall_64+0x1d5/0x640 [ 38.770063] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 38.775228] RIP: 0033:0x7f7df3116af9 [ 38.778915] RSP: 002b:00007ffe5e4139d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 38.786603] RAX: ffffffffffffffda RBX: 00007f7df318c350 RCX: 00007f7df3116af9 [ 38.793845] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 38.801134] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f7df3186e40 [ 38.808380] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f7df318c350 [ 38.815626] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 38.822877] [ 38.824479] The buggy address belongs to the page: [ 38.829386] page:ffffea00022c4100 count:0 mapcount:0 mapping: (null) index:0x1 [ 38.837503] flags: 0xfff00000000000() [ 38.841280] raw: 00fff00000000000 0000000000000000 0000000000000001 00000000ffffffff [ 38.849138] raw: ffffea00022c3820 ffffea000243e560 0000000000000000 0000000000000000 [ 38.856990] page dumped because: kasan: bad access detected [ 38.862670] [ 38.864269] Memory state around the buggy address: [ 38.869174] ffff88808b103f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.876513] ffff88808b103f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.883851] >ffff88808b104000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.891186] ^ [ 38.894526] ffff88808b104080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.901858] ffff88808b104100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.909194] ================================================================== [ 38.916523] Disabling lock debugging due to kernel taint [ 38.925016] Kernel panic - not syncing: panic_on_warn set ... [ 38.925016] [ 38.932385] CPU: 1 PID: 7976 Comm: syz-executor125 Tainted: G B 4.14.302-syzkaller #0 [ 38.941460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 38.950784] Call Trace: [ 38.953347] dump_stack+0x1b2/0x281 [ 38.956948] panic+0x1f9/0x42d [ 38.960112] ? add_taint.cold+0x16/0x16 [ 38.964057] ? ___preempt_schedule+0x16/0x18 [ 38.968454] kasan_end_report+0x43/0x49 [ 38.972399] kasan_report_error.cold+0xa7/0x191 [ 38.977038] ? crc_itu_t+0xab/0xc0 [ 38.980548] __asan_report_load1_noabort+0x68/0x70 [ 38.985455] ? crc_itu_t+0xab/0xc0 [ 38.988967] crc_itu_t+0xab/0xc0 [ 38.992307] udf_close_lvid.isra.0+0x40a/0x630 [ 38.996860] ? init_once+0x40/0x40 [ 39.000373] ? dispose_list+0x1e0/0x1e0 [ 39.004317] udf_put_super+0x211/0x2a0 [ 39.008176] ? udf_sb_free_partitions.isra.0+0xaf0/0xaf0 [ 39.013598] generic_shutdown_super+0x144/0x370 [ 39.018240] kill_block_super+0x95/0xe0 [ 39.022187] deactivate_locked_super+0x6c/0xd0 [ 39.026736] deactivate_super+0x7f/0xa0 [ 39.030682] cleanup_mnt+0x186/0x2c0 [ 39.034380] task_work_run+0x11f/0x190 [ 39.038247] do_exit+0xa44/0x2850 [ 39.041676] ? __do_page_fault+0x571/0xad0 [ 39.045889] ? mm_update_next_owner+0x5b0/0x5b0 [ 39.050537] ? lock_downgrade+0x740/0x740 [ 39.054663] do_group_exit+0x100/0x2e0 [ 39.058527] SyS_exit_group+0x19/0x20 [ 39.062298] ? do_group_exit+0x2e0/0x2e0 [ 39.066330] do_syscall_64+0x1d5/0x640 [ 39.070192] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 39.075361] RIP: 0033:0x7f7df3116af9 [ 39.079046] RSP: 002b:00007ffe5e4139d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.086722] RAX: ffffffffffffffda RBX: 00007f7df318c350 RCX: 00007f7df3116af9 [ 39.093966] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 39.101209] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f7df3186e40 [ 39.108802] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007f7df318c350 [ 39.116048] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 39.123464] Kernel Offset: disabled [ 39.127067] Rebooting in 86400 seconds..